xploraiswakco writes with the first Microsoft-confirmed Windows 7 zero-day vulnerability, with a demonstration exploit publicly available. The problem is in SMBv2 and SMBv1 and affects Windows 7 and Windows Server 2008 R2, but not Vista, XP, or Windows Server 2003. A maliciously crafted URI could hard-crash affected machines beyond any remedy besides pushing the white button. "Microsoft said it may patch the problem, but didn't spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of December 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall." Reader xploraiswakco adds, "As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445, too."
The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday
OK the exploit is almost a week old already. How is this "zero-day"? In the immortal words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."
In my book "zero-day" means that the vulnerability and the first practical exploit were released the same day. "Zero-day" refers to the time the dev team had to correct the bug.
Nope! It's the number of days between the release date and today.
I find little use in a definition that depends on today's date. Especially because I can read articles from saturday and they will call it 3-day, which gives me no information.
A zero-day exploit is one that is created before a fix is available. It is more severe than others because no version of the target software is safe, even if it is constantly updated. Any security expert knows the implications of this, and how to take it into account when assessing the risks.
Here's an easy, plain vanilla example for you to understand:
Firefox releases Firefox 4.0. In the patchnotes they say "- Found and fixed a bug allowing a website to catch your computer on fire.".
Some anxious teenager reads that and says "Holy shit! I bet a lot of people haven't upgraded yet. I'm off to craft up an exploit . ..". A week later he has it ready.
Millions of computers smolder in ruin. Most importantly though, the fix was available BEFORE the exploit was, and therefore it was not 0-day. End of story.
So you're saying that it can only be described as zero day on that day, and thereafter it cannot be called a zero day exploit, but a n-day exploit where n is the number of days since it was announced?
Sorry, but while you may be *lexically* correct, I think everyone with two brain cells that are on talking terms knows what is being referred to by a "zero day" exploit, even when referring to an exploit not released on that day.
I tried blaming my keyboard once. It just stared back at me knowing that it had done nothing wrong and I couldn't prove otherwise. The little bastard had me in a corner and the other people in the office were staring at me.
I always thought that zero-day referred to the time between when an exploit was being used in the wild and the amount of time admins/endusers had to patch there systems.
In the case of an exploit floating about in the wild where there has been no patch made available is a zero day because I have had zero days to patch my systems before the potential for easy exploitation.
I think he was being a little tongue in cheek there. The fact is, wikipedia is good enough in most instances. But you don't have to take wiki's word for it. Here's what dictionary.com says in regards to zero-day: "pertaining to a program that exploits a computer security vulnerability before security experts can address it" so there you have it.
I remember once trying to see what it takes to make Windows not have any ports open and it resulted in severely reduced access to just about anything that wasn't local. Why is it that these ports are necessary? Why is NETBIOS necessary?
Even weirder - on a machine which isn't on a domain, but which has a software firewall, you can open *every* port to a destination machine (e.g. a fileserver) and it *will* access the SMB shares of that fileserver (\\ipaddress\c$ etc.) but takes forever the first time because the broadcasts have been blocked by the firewall. So it doesn't need the broadcasts, or to be on that domain, or to do anything that isn't direct IP with the target machine - but it still takes forever to realise that and just start listing files.
And once you've done it once, that file sharing will run at full speed for the rest of the day. I'm imagining some sort of name resolution etc. issue (but the PC in question can actually use the same machine for DNS and still have the problem) but if it's not *required* to connect to the machine, why does it try anyway and hold everything up? And the firewall only ever reports NetBIOS traffic while that's happening.
I don't have your problem, and never have had. When I have DNS working and windows set to go to DNS for netbios name resolution, then everything works OK. What I *do* have now is that GNOME VFS will refuse to connect to a server on the first attempt (and fails quickly) but works immediately on the second. I wonder if that's related somehow.
I decided that unlike Vista, I would beta Windows 7 and be ahead of the curve by the time it came out. I've been running it for roughly a year now (midnight snacktime is not condusive to memory) . Overall I am actually quite impressed (gasp! shoot me now). One thing I really like is the granular firewall abilities, which has clearly defined and seperate inbound/outbound rules. I currently have both set to a PIX style ACL type deny all except ports I explicitly state. Now this can be a pain to evaluate a new program to figure out which ports it needs open for proper function, but is definitely something that should be done ona group policy level at the domain, just because you have a supertight internet facing firewall, you still need to prevent LAN and VPN security issues as well.
The article and summary are not clear, but you need to block *outoing* ports 139 and 445 at the firewall to help protect against this issue. The vulnerability is triggered by the system attempting to make an SMB connection to a malicious server. This can happen in a number of ways, such as viewing a web page in IE or viewing an email message in Outlook or Outlook Express.
If your firewall blocks outgoing 139 and 445, then the SMB connection attempt fails.
Don't they do code reviews at Microsoft? Loops 101: prove that the loop terminates under all conditions, even and especially when passed garbage.
Seriously, that's the difference between a hacker and a software engineer right there. If you don't take the time to fix it early, you'll just have to fix it later.
Seriously, that's the difference between a hacker and a software engineer right there. If you don't take the time to fix it early, you'll just have to fix it later.
The Microsoft approach is to collect the money and get their customers to agree that everything that goes wrong is their fault. It's at least as good protection for them as writing decent code and many times cheaper.
"Under all conditions" for a piece of complex code is often far from easy. I am still smarting from a problem we had recently (not a vulnerability) where the system was sporadically failing to output messages, a problem never seen before. Unit testing was no good. We spent a week reviewing the code: found a bug, fixed it. Now there were fewer sporadic missed messages, but the number was nonzero. We used a simulator to test under every condition we could think of: no errors. Back on customer site, missed mes
Given that Windows has more lines of code than just about any other software in existence
Why is that?
Does an OS really need to be so complicated? ReactOS, for example, provides a significant proportion of the functionality of Windows in a fraction of the size.
Surely fewer lines of code mean a smaller attack surface for exploits and vulnerabilities.
People make mistakes. A company that has produced some of the richest people in the world and has extracted billions of dollars from the world's economy should have some processes in place to insure that bugs found years ago do not creep back in. It's called regression testing.
People make mistakes. Perhaps the coders of the loop thought that input protection located in code elsewhere would prevent this from ever being a problem.
assert() for that on entry to the function and it becomes immediately clear when your assumptions about elsewhere were lacking
It will assert on entry of course, but only in a debug build, and only when the proper input conditions are met. In the putative scenario of a loop coder thinking he was protected by input protection located somewhere else, the assert would only fire if the right test case was constructed. For all we know there is an assert in the code, but it won't help us in a release build.
assert() for that on entry to the function and it becomes immediately clear when your assumptions about elsewhere were lacking
It will assert on entry of course, but only in a debug build, and only when the proper input conditions are met.
C99 specification says that defining a NDEBUG symbol can be used to prevent compiling the assert() into the program. That means it is not a debug option, and should normally be present even in release code unless specifically disabled. Far far better for the program to fail
From the article:
"Instead, the company suggested users block TCP ports 139 and 445 at the firewall. Doing so, however, would disable browsers as well as a host of critical services, including network file-sharing and IT group policies."
Good to know that blocking ports 139 and 445 will block browsers, we wouldn't want people actually doing that, after all!
The author probably confused the browser service - which is for lan filesharing - with a webbrowser. Not that that confusion gives me much faith in the rest of the article; what other "details" are equally mangled?
Public networks have all inbound ports blocked by default. Changing a network type to anything other than public requires admin rights, so this would have to be an internal DOS attack realistically.
The summary states "A maliciously crafted URI could hard-crash affected machines beyond any remedy besides pushing the white button."
I checked all the Windows machines here. None of them have a white button on them anywhere. What does this mean? Does the poster just mean powering the machine off and then on again?
Too many times on Slashdot, when people should be informative, they obfuscate the information it in failed attempts at being clever.
#3043-001 USB White Button Kit........34.99 + Shipping
Ideal for computers not shipped by the manufacturer with a White Button pre-installed.
A White Button is essential for all Windows Users. Upon a system failure, Denial of Service attack or crash, pressing the White Button releases a scientifically-formulated, airborne scent of soothing essential oil fragrances, including: Verbena, Sweet Orange, Roman Camomile and Ylang Ylag.
At the same time, one of a number of pre-programmed actions are triggered while you listen to a random selection of 10 relaxing 'mood music' tracks.
Basic actions include:
1) Reboot 2) Call my IT Support department 3) Call the manufacturer's support department and cancel my evening dinner arrangements 4) Reinstall current OS 5) Reinstall current OS after backing up all user data 6) Wipe and install CentOS 7) Wipe and install Ubuntu 8) Order me a Mac 9) Order me a Big Mac, fries and a Coke
Secondary actions can also be triggered from:
A) Call Microsoft HQ every 'x' minutes and shout 'Fuck it' down the line. B) Post my CV to Linux-only job sites C) Rub my shoulders (Requires optional add-on #RS01) D) Dial local suicide help line
A deluxe version of this item is available (#3043-002, 139.99 + Shipping). This model includes an external 10" LCD panel that can display random pages from a number of Web sites (slashdot.org, fark.com, silicon.com, cloudappreciationsociety.org and todaysbigfail.com)
Extras and consumables:
* #3043-S01 Replacement aromatherapy scent cartridge - pack of 12 * #3043-S02 Replacement mustard gas scent cartridge sold singly, no returns * #3043-M01 Extended play music ROM - an extra 4 hours of music (for Dell Support customers) * #3043-P01 Enlarged White Button with face of Steve Ballmer on top. Comes complete with real wood mini hammer and elastic band-powered mini crossbox with safe-tip(TM) arrows (pack of 12 buttons)
In my ignorance, I have to ask: What's so special about 139 and 445? What do they do normally, and why would blocking them help? No, I didn't RTFA. I'm too tired for this:P
Yeah, great. I use a screwdriver to short pins on the array of motherboards hanging off the power supplies at the back of my bench. Just don't nudge the hard drives with the mouse whilst playing games, and watch out for that massive graphics card just wobbling there when you change the monitor lead!!
Since the exploit is possible without any user interaction all it takes to bring down a corporate network is one single machine running the xploit locally. A simple broadcast and every machine running w2kr2 or Vista7 will be dead until someone pulls the plug.
Im also very surprised that Micorosft didnt audit the code properly after the last hole. You would think that the former xploit would ring a couple of bells since it was big enough for a truck to run through. Im beginning to suspect all the talk about SDL, reviews and stuff are nothing but PR.
Well, this may be the first "zero day" exploit, but this one [seclists.org] ("Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.") was around for much longer, and it's truly amazing that it still works on a majority of machines I try it out [dereenigne.com] on.
"As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445. too."
I respectfully disagree.
Any IT staff worth their pay packet should have EVERYTHING blocked at the firewall, then open holes for things that you can be certain you need. Ideally, those holes don't go direct to systems on the company LAN but instead to a DMZ.
Reader xploraiswakco adds, "As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445. too."
The reader xploraiswakco needs to pull his head out of that dark place and realize that my wife doesn't have an IT staff (I refuse to do Windows). I would even dare to say that most people don't have an IT staff at home. It's a stretch, I know, But I'm the kind of guy that takes chances like that.
Does reader xploraiswakco carry an IT staff with him in case he needs to use a wifi hotspot some place?
Does it have Digital or DG written on it too? Happy days. From the time when a cluster was better than a cloud? When computers were "managed" by people who knew how they worked and who knew Netbios was for something only a friend would share (with another friend). If you wanted a file over a network you sent a request to the Operator for a kind lady to haul your disc pack to the big washing machine thingy and mount it for you. Promotion meant getting system privileges like clearing your own printer queue.
Goodbye PDP-11. Mourn not for AOS-VS II. Farewell DG/UX. No more CLI.
Welcome to the nouveau "geek" who needs to know why it's bad to have port 139 open but kicks ass in Gears 2.
To quote Ripley from "Aliens", "Did IQs suddenly drop while I was gone?"
OMG what if my computer doesnt have a white button (Score:5, Funny)
What are my options? New computer?
Reply to This
Re:OMG what if my computer doesnt have a white but (Score:4, Funny)
Simply use Wite-Out, or Liquid Cover-Up, doesn't matter what button, as long as it's white.
Reply to This
Parent
How is this zero-day? (Score:5, Insightful)
OK the exploit is almost a week old already. How is this "zero-day"? In the immortal words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."
Reply to This
Re: (Score:3, Informative)
Re:How is this zero-day? (Score:5, Insightful)
Nope! It's the number of days between the release date and today.
I find little use in a definition that depends on today's date. Especially because I can read articles from saturday and they will call it 3-day, which gives me no information.
A zero-day exploit is one that is created before a fix is available. It is more severe than others because no version of the target software is safe, even if it is constantly updated. Any security expert knows the implications of this, and how to take it into account when assessing the risks.
Reply to This
Parent
Re:How is this zero-day? (Score:4, Informative)
You're just being idiotic now.
Here's an easy, plain vanilla example for you to understand:
Firefox releases Firefox 4.0. In the patchnotes they say "- Found and fixed a bug allowing a website to catch your computer on fire.".
Some anxious teenager reads that and says "Holy shit! I bet a lot of people haven't upgraded yet. I'm off to craft up an exploit . . .". A week later he has it ready.
Millions of computers smolder in ruin. Most importantly though, the fix was available BEFORE the exploit was, and therefore it was not 0-day. End of story.
Reply to This
Parent
Re: (Score:3, Funny)
Re:Are you trolling? (Score:4, Insightful)
So you're saying that it can only be described as zero day on that day, and thereafter it cannot be called a zero day exploit, but a n-day exploit where n is the number of days since it was announced?
Sorry, but while you may be *lexically* correct, I think everyone with two brain cells that are on talking terms knows what is being referred to by a "zero day" exploit, even when referring to an exploit not released on that day.
Reply to This
Parent
Re: (Score:3, Funny)
loses it's [sic] meaning
your [sic] plain wrong
That last one might be ironic.
xx
Re:Are you trolling? (Score:5, Funny)
I tried blaming my keyboard once. It just stared back at me knowing that it had done nothing wrong and I couldn't prove otherwise. The little bastard had me in a corner and the other people in the office were staring at me.
Reply to This
Parent
Re: (Score:3, Funny)
Actually, the grandparent poster is correct. Zero-day means just that. What you're talking about needs a different word.
I believe the term "Windows exploit" in itself adequately covers that it was quickly and easily discovered and abused.
Bonus points for stating that anyone who thinks differently from you must be stupid.
Damn Mac users eh?
Re:Are you trolling? (Score:5, Informative)
I always thought that zero-day referred to the time between when an exploit was being used in the wild and the amount of time admins/endusers had to patch there systems.
In the case of an exploit floating about in the wild where there has been no patch made available is a zero day because I have had zero days to patch my systems before the potential for easy exploitation.
Reply to This
Parent
Re:How is this zero-day? (Score:4, Funny)
Exactly.
It's not as though Windows exploits are a scarce event. There'll be plenty more where that came from, so you can be semantically correct next time.
Reply to This
Parent
Re: (Score:3, Funny)
So, we'll see you next Tuesday? ;)
Re: (Score:3, Informative)
Why are ports 139 and 445 still open? (Score:5, Interesting)
I remember once trying to see what it takes to make Windows not have any ports open and it resulted in severely reduced access to just about anything that wasn't local. Why is it that these ports are necessary? Why is NETBIOS necessary?
Reply to This
Re:Why are ports 139 and 445 still open? (Score:5, Informative)
Even weirder - on a machine which isn't on a domain, but which has a software firewall, you can open *every* port to a destination machine (e.g. a fileserver) and it *will* access the SMB shares of that fileserver (\\ipaddress\c$ etc.) but takes forever the first time because the broadcasts have been blocked by the firewall. So it doesn't need the broadcasts, or to be on that domain, or to do anything that isn't direct IP with the target machine - but it still takes forever to realise that and just start listing files.
And once you've done it once, that file sharing will run at full speed for the rest of the day. I'm imagining some sort of name resolution etc. issue (but the PC in question can actually use the same machine for DNS and still have the problem) but if it's not *required* to connect to the machine, why does it try anyway and hold everything up? And the firewall only ever reports NetBIOS traffic while that's happening.
Reply to This
Parent
Re: (Score:3, Interesting)
I don't have your problem, and never have had. When I have DNS working and windows set to go to DNS for netbios name resolution, then everything works OK. What I *do* have now is that GNOME VFS will refuse to connect to a server on the first attempt (and fails quickly) but works immediately on the second. I wonder if that's related somehow.
Win 7 Firewall (Score:4, Informative)
Reply to This
Parent
You need to block *outgoing* ports (Score:5, Informative)
The article and summary are not clear, but you need to block *outoing* ports 139 and 445 at the firewall to help protect against this issue. The vulnerability is triggered by the system attempting to make an SMB connection to a malicious server. This can happen in a number of ways, such as viewing a web page in IE or viewing an email message in Outlook or Outlook Express.
If your firewall blocks outgoing 139 and 445, then the SMB connection attempt fails.
Reply to This
Parent
Ball kicking time (Score:5, Insightful)
Don't they do code reviews at Microsoft? Loops 101: prove that the loop terminates under all conditions, even and especially when passed garbage.
Seriously, that's the difference between a hacker and a software engineer right there. If you don't take the time to fix it early, you'll just have to fix it later.
Reply to This
Re:Ball kicking time (Score:4, Informative)
Seriously, that's the difference between a hacker and a software engineer right there. If you don't take the time to fix it early, you'll just have to fix it later.
The Microsoft approach is to collect the money and get their customers to agree that everything that goes wrong is their fault. It's at least as good protection for them as writing decent code and many times cheaper.
Reply to This
Parent
That will be some code review (Score:3, Interesting)
Re: (Score:3, Informative)
Don't they do code reviews at Microsoft?
Yes they do.
Loops 101: prove that the loop terminates under all conditions, even and especially when passed garbage.
"Terminates under all conditions" is a little difficult to prove in any non-trivial situation.
Seriously, that's the difference between a hacker and a software engineer right there.
The former bitches and moans on Slashdot, and Microsoft hires the latter?
If you don't take the time to fix it early, you'll just have to fix it later.
Maybe you should send Micr
Re:Ball kicking time (Score:4, Interesting)
Why is that?
Does an OS really need to be so complicated? ReactOS, for example, provides a significant proportion of the functionality of Windows in a fraction of the size.
Surely fewer lines of code mean a smaller attack surface for exploits and vulnerabilities.
Reply to This
Parent
Re: (Score:3)
People make mistakes. A company that has produced some of the richest people in the world and has extracted billions of dollars from the world's economy should have some processes in place to insure that bugs found years ago do not creep back in. It's called regression testing.
Re: (Score:3, Interesting)
assert() for that on entry to the function and it becomes immediately clear when your assumptions about elsewhere were lacking
It will assert on entry of course, but only in a debug build, and only when the proper input conditions are met. In the putative scenario of a loop coder thinking he was protected by input protection located somewhere else, the assert would only fire if the right test case was constructed. For all we know there is an assert in the code, but it won't help us in a release build.
Re: (Score:3, Interesting)
C99 specification says that defining a NDEBUG symbol can be used to prevent compiling the assert() into the program. That means it is not a debug option, and should normally be present even in release code unless specifically disabled. Far far better for the program to fail
Not much of an exploit.. (Score:3, Funny)
No remote code execution? Boring. Let's see if some people out there could weaponize it and throw it into a metasploit module. Then it's interesting.
Reply to This
Well researched article, that... (Score:4, Funny)
From the article:
"Instead, the company suggested users block TCP ports 139 and 445 at the firewall. Doing so, however, would disable browsers as well as a host of critical services, including network file-sharing and IT group policies."
Good to know that blocking ports 139 and 445 will block browsers, we wouldn't want people actually doing that, after all!
Reply to This
Re:Well researched article, that... (Score:5, Informative)
The author probably confused the browser service - which is for lan filesharing - with a webbrowser. Not that that confusion gives me much faith in the rest of the article; what other "details" are equally mangled?
Reply to This
Parent
Secured by Default (Score:5, Interesting)
Public networks have all inbound ports blocked by default. Changing a network type to anything other than public requires admin rights, so this would have to be an internal DOS attack realistically.
Reply to This
pushing the white button?? what does that mean? (Score:5, Insightful)
I checked all the Windows machines here. None of them have a white button on them anywhere. What does this mean? Does the poster just mean powering the machine off and then on again?
Too many times on Slashdot, when people should be informative, they obfuscate the information it in failed attempts at being clever.
Reply to This
Re:pushing the white button?? what does that mean? (Score:5, Funny)
#3043-001 USB White Button Kit........34.99 + Shipping
Ideal for computers not shipped by the manufacturer with a White Button pre-installed.
A White Button is essential for all Windows Users. Upon a system failure, Denial of Service attack or crash, pressing the White Button releases a scientifically-formulated, airborne scent of soothing essential oil fragrances, including: Verbena, Sweet Orange, Roman Camomile and Ylang Ylag.
At the same time, one of a number of pre-programmed actions are triggered while you listen to a random selection of 10 relaxing 'mood music' tracks.
Basic actions include:
1) Reboot
2) Call my IT Support department
3) Call the manufacturer's support department and cancel my evening dinner arrangements
4) Reinstall current OS
5) Reinstall current OS after backing up all user data
6) Wipe and install CentOS
7) Wipe and install Ubuntu
8) Order me a Mac
9) Order me a Big Mac, fries and a Coke
Secondary actions can also be triggered from:
A) Call Microsoft HQ every 'x' minutes and shout 'Fuck it' down the line.
B) Post my CV to Linux-only job sites
C) Rub my shoulders (Requires optional add-on #RS01)
D) Dial local suicide help line
A deluxe version of this item is available (#3043-002, 139.99 + Shipping). This model includes an external 10" LCD panel that can display random pages from a number of Web sites (slashdot.org, fark.com, silicon.com, cloudappreciationsociety.org and todaysbigfail.com)
Extras and consumables:
* #3043-S01 Replacement aromatherapy scent cartridge - pack of 12
* #3043-S02 Replacement mustard gas scent cartridge sold singly, no returns
* #3043-M01 Extended play music ROM - an extra 4 hours of music (for Dell Support customers)
* #3043-P01 Enlarged White Button with face of Steve Ballmer on top. Comes complete with real wood mini hammer and elastic band-powered mini crossbox with safe-tip(TM) arrows (pack of 12 buttons)
Reply to This
Parent
Terrifyingly potent (Score:5, Funny)
A maliciously crafted URI could hard-crash affected machines beyond any remedy
Oh no! A PC-killer!
besides pushing the white button
A reboot? Well, it's an unorthodox and extreme solution to a machine crashing, we'll have a hard time convincing Windows users to do that.
Reply to This
I have to ask (Score:3, Interesting)
In my ignorance, I have to ask: What's so special about 139 and 445? What do they do normally, and why would blocking them help? No, I didn't RTFA. I'm too tired for this :P
Reply to This
Re:I have to ask (Score:5, Informative)
139 is NETBIOS, 445 is SMB.
139 is used for discovery and browsing of network shares (Primarily on legacy machines), 445 is the "current" port for accessing network shares.
Reply to This
Parent
Answer (Score:5, Informative)
What's so special about 139 and 445? What do they do normally, and why would blocking them help?
Here's a list of assigned port numbers: https://www.arin.net/knowledge/rfc/rfc1700.txt [arin.net]
Reply to This
Parent
Re: (Score:3, Informative)
This ports are always closed, if they aren't your system is already infected.
My computer doesn't have a white button (Score:3, Funny)
... they're all black ... you insensitive clod.
Reply to This
Re: (Score:3, Funny)
I call it Computing with Thrills (TM) ;)
"Pay packet?" (Score:4, Funny)
Mine turned out to be maliciously crafted.
Reply to This
Firewall wont help. (Score:3, Informative)
Since the exploit is possible without any user interaction all it takes to bring down a corporate network is one single machine running the xploit locally. A simple broadcast and every machine running w2kr2 or Vista7 will be dead until someone pulls the plug.
Im also very surprised that Micorosft didnt audit the code properly after the last hole. You would think that the former xploit would ring a couple of bells since it was big enough for a truck to run through. Im beginning to suspect all the talk about SDL, reviews and stuff are nothing but PR.
Reply to This
Zero day (Score:3, Interesting)
Reply to This
Erm... no. Not quite. (Score:5, Insightful)
"As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445. too."
I respectfully disagree.
Any IT staff worth their pay packet should have EVERYTHING blocked at the firewall, then open holes for things that you can be certain you need. Ideally, those holes don't go direct to systems on the company LAN but instead to a DMZ.
Reply to This
IT staff? (Score:4, Insightful)
Reader xploraiswakco adds, "As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445. too."
The reader xploraiswakco needs to pull his head out of that dark place and realize that my wife doesn't have an IT staff (I refuse to do Windows). I would even dare to say that most people don't have an IT staff at home. It's a stretch, I know, But I'm the kind of guy that takes chances like that.
Does reader xploraiswakco carry an IT staff with him in case he needs to use a wifi hotspot some place?
Reply to This
Yet again ... (Score:3, Informative)
From NT, XP, Vista, Windows 7 ...
When are they going to learn that EVERY port from 0 - 65535 should be disabled by default, and only enabled if the user chooses ?
Reply to This
Does this affect Samba (Score:3, Interesting)
and the Linux Kernel SMB support? If it does, we've got a major problem as they now have a method of taking a whole batch of sites down.
Reply to This
Re:buttons (Score:5, Funny)
Reply to This
Parent
Re:Yes, any admin... (Score:4, Funny)
...but what about home users?
What, you don't have an IT staff at home?
Reply to This
Parent