HomeSec Warns Again About Microsoft's Insecurity 497
cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."
How big a threat is this? (Score:5, Interesting)
Microsoft really did it this time.. (Score:5, Interesting)
But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.
Re:How long? (Score:5, Interesting)
Anyone want to talk to their representative or senators about that decision?
Homeland Security? Don't make me laugh... (Score:-1, Interesting)
windows at the office?? (Score:5, Interesting)
isn't this a bit irresponsible of them, now that they are declaring Windows a vulnerability?
how long has the patch been available? (Score:2, Interesting)
would every geek please walk over to their nearest 4 non-geek's MS boxes and flick 'autoupdate' on? maybe we can spare a few routers in the future?
i mean, if they insist on having those boxes, the least we can do is make sure they're patched up.
say what you will about MS - but these big exploits don't usually hit until weeks after the patch has been available.
and if you're relaxed enough with control over your box to run MS in the first place, autoupdate ain't any worse.
Re:How big a threat is this? (Score:5, Interesting)
Futures market for network insecurity (Score:1, Interesting)
Seriously, if they wanted to take bets on which national leader would get hit, couldn't they do the same for which OS will fail first/most? Or bet on how much the next big expolit will cost, to the nearest $10M?
Re:How long? (Score:5, Interesting)
Re:Microsoft really did it this time.. (Score:5, Interesting)
Shoot, this was a problem years ago leading me to never enable automatic updates after more than one Windows machine was completely FUBAR'ed after an update. We fought with security issues on Windows for a while, then dealt with the expense and hassle of IRIX (although IRIX is impressively stable), went back to Windows due to the cost and then simply migrated our servers to Apache on OS X. Safe, simple, stable, affordable and secure.
Re:How big a threat is this? (Score:3, Interesting)
Of course, the vulnerability requires that it be possible to reach the machine with an inbound connection, so firewalled networks will be protected until someone combines this with a document-based vulnerability to attack these networks from inside.
Re:How big a threat is this? (Score:4, Interesting)
If this is true, Microsoft doesn't even acknowledge [microsoft.com] that it affects Windows98. It's one thing to not release a patch for an affected OS, it's quite another to not mention that it's affected.
Re:Well engineered worms (Score:4, Interesting)
Yeah, I like the idea of changing DLLs on a system back to insecure versions and (of course) keeping the Add/Remove Programs list saying they patches have been applied. Needless to say this would be other worms/viruses would get in further making diagnosing more difficult.
If we want to see what nasty viruses do we need only look at nature. For example, AIDS (or the HIV virus if you want to be exact) attacks the immune system -- the part of the body that fights viruses. People with AIDS then die with opportunistic viruses, like pneumonia, take advantage of the situation. If you wrote a computer virus that only attacked the immune system of the net it would be quite a sight to see.
Re:Microsoft really did it this time.. (Score:3, Interesting)
One of their "updates" to Movie Maker (which I use solely to grab DV from an encoder) made the output files incompatible with other video programmes, in particular VirtualDub. Thankfully I was able to get the previous version back by doing a system restore but that's the last time I'll upgrade an MS app when the one I've got is working fine.
google is fun (Score:4, Interesting)
Re:Well engineered worms (Score:4, Interesting)
1. They made patches for this covering all the way back to NT 4.0
2. They don't charge for these patches.
3. The bloody patch doesn't work.
Unfair to public servants (Score:3, Interesting)
There are thousands of hardworking men and women serving in Coast Guard ships off our coasts, monitoring land border crossings, inspecting imported cargo containers, and serving as airport security inspectors and skymarshals, all to keep your bloody arses safe behind your monitors as you make fun of them.
Sorry for the rant, but reality check, there ARE bad people in the world that are intent upon harming the United States and a good number of Americans working at the Department of Homeland Security are intent upon preventing that from happening.
Instead of easily making fun of these institutions, how about sitting down and thinking about better ways to reduce risks cost effectively. Propose it, then make your criticisms.
Re:How big a threat is this? (Score:4, Interesting)
so that makes all "OFFICIAL" machines in corperate will be hosed as usual when these things come through... Just like the stupid policy of no virus updates from anywher but the corperate server which is always at least 4-5 behind the software companies site. (Another policy I ignore.. I keep everything at the latest DAT)
Who or what can you trust? (Score:2, Interesting)
Now why should I trust MicroSoft? They led me down the primrose path to endless updates that either show no noticeable effect, or cause my computer to act flakey.
Why should I trust HomeSec? I'm never going to feel secure so long as they keep throwing terror alerts in my face as an excuse to keep whittling away what's left of my civil rights.
And why should I trust the Linux community who's mainstay advice is "RTFM". I'm stuck using Lycoris until I can figure out how to get Wine to work under a better distro. (I'm sorry but some programs designed to run under MS Windows are just too cool to ignore.)
As far as I can tell, these so called updates could be trojans to give backdoor access to HomeSec so they can determine the efficacy of their scare tactics, and Linux is a twisted plot to make borderline-geeks like myself waste their time reading endless man pages trying to figure out how the damn thing works.
OK, so maybe I'm sounding a little frustrated, but all I really want is a nice little computer that does only what I tell it to do. Is that too much to ask?
--
Next stop: Insanity
Re:It's all right (Score:2, Interesting)
Nice world he's going to grow up in.
I don't know why this is modded "Funny". Yeah, the world turning into shit is so funny I'm in pain from laughing.
Re:Well engineered worms (Score:4, Interesting)
Re:How big a threat is this? (Score:2, Interesting)
Re:Switch campaign kick-off (Score:3, Interesting)
Maybe because their PR department was scheduled to prodce some proof for their right to exists,but they didn't have any terrorists handy ATM.
Seriously, this shouldn't be their job, in the end they will be just echoing CERT or bugtraq, while wasting a lot of money into "network security research".