Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Internet Security Warnings 296

Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
This discussion has been archived. No new comments can be posted.

Internet Security Warnings

Comments Filter:
  • by confusion ( 14388 ) on Saturday August 13, 2005 @11:19PM (#13314469) Homepage
    But it's been a while since we've had a good/effective worm.

    Jerry
    http://www.cyvin.org/ [cyvin.org]
    • by ciroknight ( 601098 ) on Saturday August 13, 2005 @11:27PM (#13314506)
      Eh, just wait for Vista.

      Oh, but of course that's a troll, so I've gotta say something constructive.. Microsoft's been doing a lot better with security now that everyone on earth is making a buck off of "securing" Windows. As more and more security-related technologies such as antivirus, firewall and antispyware make their way into Windows, however, lots of these companies will die or be bought by MS, and they'll be held a lot more responsible for security, and thus, when Vista rolls around, security is likely to be absymal again. Maybe it'll be just what's needed for a huge evacuation from the MS dependency...

      Here's for hoping..
      • by tomhudson ( 43916 ) <barbara.hudson@b ... com minus distro> on Saturday August 13, 2005 @11:57PM (#13314657) Journal
        Maybe it'll be just what's needed for a huge evacuation from the MS dependency...
        My "threat meter" isn't even plugged in - but then again, I'm not running Windows.

        What are the chances of Microsoft making a secure anti-virus or a secure anything? Remember their last "security push?" 1 month of "emphasis on security" isn't a magic wand to fix 20 years of code; nor will it change the underlying corporate culture. It was all for the media. And they ate it up, being too lazy (or too addicted to free meals - see the story on groklaw about that) to bother telling the truth. http://www.groklaw.net/article.php?story=200508121 9304040 [groklaw.net] or, for those too lazy to click, Microsoft is offering free pizza:

        Speaking of FUD, I have a copy of the email Microsoft sent out to journalists inviting them to lunch.

        Here's a snip:

        Why spend 10 bucks on a burger at Moscone when you can have a slice on Microsoft? Come join the Microsoft Embedded group at Moscone Pizza (across the street from the Moscone Center) on Tuesday, August 9 from 1pm - 4pm for lunch and discussion on the Windows Embedded operating systems. Product managers Mike Hall and Dan Javnozon will be available to provide demos of Windows Embedded developer tools and answer questions about Microsoft's strengths in the embedded space.

        For instance, did you know... .

        - Microsoft embraces shared source, and makes more than 2.5 million lines of source code broadly available to customers, partners, developers, governments, academicians and other interested individuals. In fact, more than 275,000 developers have downloaded Windows CE Shared Source

        - Microsoft offers a shared success model that translates to low up-front investments for device makers, in addition to faster time-to-market. The Windowsembedded motto? "We don't make money until you do."

        - Windows Embedded designs, on average, get to market 43% faster, on average, than embedded Linux designs - 14.3 months with embedded Linux vs.. 8.1 months with embedded Windows; 14.2 engineers with embedded Linux vs.. 7.9 engineers with embedded Windows (Embedded Market Forecasters, November 2003)

        - Windows Embedded designs, on average, cost 75% less to bring to market than embedded Linux designs. (Embedded Market Forecasters, November 2003)

        I'll be in touch to gauge your interest in setting up a one-on-one briefing with Mike or Dan during the lunch.

        A little nauseating, don't you think (love the carrot -- a one-on-one -- which is hard for journalists to turn down), to set up camp across the street and trash talk Linux at LinuxWorld?

        Burns also mentions that the Microsoft Linux Lab session was well attended. I believe that falls into the category of keep your friends close, but your enemies closer. If I had been there, I'd have attended that session too, even though I would prefer that Microsoft never be given a platform at any FOSS conference, personally. Shared source is not Open Source even, and it for sure isn't Free Software, and don't ever kid yourself about it. It's Brand X, and there is no reason to settle for so little.
        Anyone guillible enough to believe there really is such a thing as a free lunch deserves what they get.
    • Affected Products:
      Microsoft Windows NT 4.0 up to and including SP6a
      Microsoft Windows 2000 up to and including SP4
      Microsoft Windows XP up to and including SP2
      Microsoft Windows Server 2003 up to and including SP1

      It's nice to be a Microsoft "reject"...
      at least when worms come out I don't give a damn.

      Just don't use Internet Explorer and have a good Firewall...

      The only problem with Windows 98 SE, is that most newer machine cannot install it properly, since drivers do not exists!!! arggggg.

      Which means.... hmmm
      may
    • Thank XP SP2.

      I'm serious, look at it for a sec:

      "There should be a firewall on every desktop" done
      "Patches should just show up one day, stupid users shouldn't have to think to install them" done
      "Damn compiler shouldn't allow buffer overflows" done (to the degree to which it's possible)

      All these exploits are against a five year old OS. XP's moved on.

  • by Anonymous Coward
    Oh, I guess it doesn't, ror.
    • by buro9 ( 633210 ) <david@buro9 . c om> on Sunday August 14, 2005 @03:09AM (#13315170) Homepage
      Erm, it DOES affect your powerbook.

      IIRC we're all plugged into the same internet. A potentially mid to high level set of Windows exploits raises the *Internet* Storm Center's alert level to yellow.

      This should tell you something. Ideally it should tell you that when X million Windows boxes are exploited, that there will be a noticeable degradation of quality or service on the internet. That the resultant poor quality traffic and noise created by a large scale (poorly written) worm will degrade the connection your PowerBook is enjoying.

      Don't ever forget that we're all in the same boat, and it does little good to sit at the stern and laugh at the suckers at the bow as they dip gently under the water for the Nth time.

      Damn, I posted, and I had mod points to burn too.
      • Totally agreed. This is why i flame my isp with all the front i've got. According to that recent zombie report they are the fourth most zombie infested isp in the world (not in sheer numbers but in the ratio of infected / non-infected). They still don't give a shit about it. I would consider it necessary to perform some anti-infected machine checks on the network and disconnect those with infections so that MY service/connection would improve. I'm not worried about viruses on my linux box, but when i see 15
        • So you want your ISP to cut off paying customers, because said customers have infected computers? And your ISP has one of the highest infected/clean ratios in the world? So you want them to cut off a large part of their customer base? Forget it.

          Also, how are they going to do it? Inspect their traffic and see who's spreading viruses? Do you have any idea of how much overhead per packet that's going to cause them? Do you have any idea how troublesome it is for an ISP to inspect your traffic (they could be hel
      • Not to sell a used car at a funeral, but... when these worms hit is the best time to push linux, especially to companies who see significant downtime and lost sales. Something along the lines of, "You know, if you were running (Insert *nix and/or BSD distro here), you'd still be in business. Right now, your business is doing as much sales as a liquor store being robbed, because being 'robbed' is exactly what's happening. If Windows is the liquor store, (distro) is the well guarded bank. 'Robberies' can s
        • The thing is, the whole claim that OSS has inherently better security has been exposed as hype for a long time now.

          Some OSS projects have excellent security, because the project leaders place sufficient emphasis on it, and the coders code with that emphasis in mind.

          Other OSS projects do not have good security, sometimes not even as good as Microsoft and co.

          Consider this: I have downloaded patches for more security flaws in Firefox than for IE in recent weeks. Moreover, the IE patches were offered to

  • by green pizza ( 159161 ) on Saturday August 13, 2005 @11:22PM (#13314482) Homepage
    Seems to me these color coded systems do more to confuse than they do good. Should I relax if we're at green? Should I be paranoid if we're at Red? Should I even care since I run UN*X rather than Windows? Every day there are at least a few new sploits. Every few weeks there's a sploit that affects me as a sysadmin and requires my attention to preserve the security of my servers and internet-attached LAN. Given this I still don't understand the value in these color coded alert systems. Yellow? What does that mean? Wake up an extra hour early to read the logs? The terrorists can attack just as easily if we're at green than if we are at red. I'm uncertain of the value in the announcements at the airport every 15 minutes to remind me that we're at yellow or orange.
    • To the security departments of companies the elevated levels mean that we have something new to pay attention to that we haven't been looking for before. Certainly being green doesn't mean that we can let our guards down.

      Applying these alert levels doesn't make any sense at the individual level, for the exact reason you gave.

      Jerry
      http://www.cyvin.org/ [cyvin.org]
    • "I'm uncertain of the value in the announcements at the airport every 15 minutes to remind me that we're at yellow or orange."

      I've never been to the US, do they really do that in the airports or are you just pulling my chain?
      • by lgw ( 121541 ) on Sunday August 14, 2005 @12:55AM (#13314880) Journal
        I don't think the alert level has been below yellow since the system was invented, and I've never heard such a thing. There are occasionally announcements saying somehting to the effect of "we're being particularly vigilant right now", but I'm not sure that's tied to anything.

        You do get searching of vehicles at the airport entrance when the threat level is orange, however, or at least of vehicles with ferners in 'em.

        None of these color codes is intended to be useful to the common man - they're indicators for security professionals, in whatever field is relevent. The media can't go 3 days without a "crisis" however, so they're good for a scare on a slow news week. I'm not sure why people still pay attention to media hysteria, but apparantly it still gets ratings.
    • The current threat level is brown - meaning that I don't give a shit. Just patch your systems when the patches are available and you should be good to go. Your users are a much bigger threat than the new exploits based on vulnerabilities that have already been patched.
    • by Ingolfke ( 515826 ) on Sunday August 14, 2005 @12:02AM (#13314679) Journal
      Seems to me these color coded systems do more to confuse than they do good.

      I totally agree w/ you. We need more clear statements about what the problem is and what we should do about it... like this.

      Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon.

      LOLOMGWTFBBQ? At least with the colors you can say, oh well red is bad, and green is good... and so that's that. When AlertCons are X-Forced w/ 3 points of Increased Vigilence and 1 point of Vitality, whose to know what could happen or what arcane anti-sploit knowledge you should call upon.
    • At least they didn't raise it to threat Level Fuschia, the level at which the gayness of Linus converts even the most hardened heterosexual to the likes of *nix programmer.

      I'm sorry, after seeing the lunacy of coloured threat levels hyped for decades, and the /. phenomenon of claming linux users are homosexuals, it only made sense that I combine the two into a semi-constructive joke to link the two cliches.
    • Why are you even trying to attach any meaning to the color codes at all? Isn't it obvious that the only thing the system is good for is drawing attention to the threat, so that the people who supposedly work on your security can be employed?
  • I set my Windows update to manually update (too paranoid?) but anymore it might just be better to set it to update automatically so I don't have to keep checking on security vulnerabilities. I don't run Windows enough for it to be a big problem, but still.

    • http://www.microsoft.com/technet/security/bulletin /notify.mspx [microsoft.com]

      I used to subscribe to the mailinglist back when I actually used windows, as I wasn't too keen on stuff getting automagically installed.

      IIRC it was what kept me safe during Blaster while the campus network went to crap. :-)
    • Re:Windows Update (Score:3, Interesting)

      by Fizzl ( 209397 )
      I also had the automatic updates set to wait for my approval. For a long time. Then I finally realized that in the years approving the updates, I haven't rejected a single one. I can't remember even researching most of the updates to see if there's something I don't want. To the extent that I didn't even bother reading the descriptions because they always were pretty useless.

      Now I just have it on full auto. What the heck. If they fuck up, I think I'll be reading about it on slashdot within few minutes and s
  • by joelparker ( 586428 ) <joel@school.net> on Saturday August 13, 2005 @11:27PM (#13314509) Homepage
    It would be cool to have a little app that reports the current Windows threat level.

    The app could download data automatically using IE and ActiveX, format the data using an Excel Macro, then email results to me using Outlook.

    Because I care about security.

    • Actually.. there is a Windows-based tool that sits in the taskbar called ISCAlert which you can download from LaBrea Technologies [labreatechnologies.com]. No security vulnerabilities in that tool that I know of!
    • by Anonymous Coward
      Maybe clippy can get in on the action.

      "Hi, it looks like you're fucked!"
    • by Anonymous Brave Guy ( 457657 ) on Sunday August 14, 2005 @12:30PM (#13316702)

      Here are my conclusions about the current Windows threat level:

      Today, 173 users of Slashdot will post comments about how Windows security sucks, they've had enough, and they'll be switching their entire corporate network to Linux on Monday. None of them will.

      Threat assessment: hollow.

  • by Unsus ( 901072 ) on Saturday August 13, 2005 @11:31PM (#13314529)
    On related news, the US puts it's security level color at pink. Again, on related news, Bobby's mom chooses to wear an orange shirt. No need to actually read the security threat -- we have colors for that.
  • Correct me if I'm wrong but haven't there already been warnings about Plug and Play prior to this? I know at least one security website that had warnings about Plug and Play a long time ago, along with a handy utility to disable it. See below.

    http://grc.com/UnPnP/UnPnP.htm [grc.com]

    You'll notice this was circa December 2001, fully 4 years before these new exploits.
    • by insecuritiez ( 606865 ) on Saturday August 13, 2005 @11:44PM (#13314591)
      That link refers to UPnP, Universal Plug and Play, a networking based technology for device discovery and configuration. The vulnerability concerning the ISC is a PnP vulnerability. Plug and Play is used for internal device discovery and configuration. The two are totally different. Microsoft, in a fit of brilliance though that exposing the internal PnP via RPC to the rest of the world was a good idea. As it turns out there is an unchecked buffer than with Windows 2000 machines in accessible via a NULL Session. In XP and 2003 the buffer requires a valid account or even and admin account to expose. The threat of a Windows 2000 based worm in the next few days is very real. All of you with XP and 2003 aren't in immediate worm danger.
    • This is not an old exploit. It's quite fresh . . .

      August 9th Release, which is 4 days ago. Exploits were reported in the wild on Friday, 3 days after the release. There's also a remote exploit in the Spooler service, which is of course enabled by default on all Win2k/XP/2k3 machines. I approved this patch on Friday, hopefully Monday won't bring scores of hosed machines.

      Microsoft Security Bulletin MS05-039 (899588)
      http://go.microsoft.com/fwlink/?LinkId=48900/ [microsoft.com]
  • by rossdee ( 243626 ) on Saturday August 13, 2005 @11:37PM (#13314563)

    "Are you sure, sir? It means changing the bulb...
  • by bmo ( 77928 ) on Saturday August 13, 2005 @11:40PM (#13314572)
    Windows is dying.

    Well, it's deathly ill, mostly. The average Windows end user is in a never ending battle against the baddies. They buy their systems at the Best Buy, bring them home, run for a couple of months, and then complain that they can't login.

    Then they call me, or someone like me. With disdain, I inform them that I'm wicked busy but I'll do it "this time".

    When I get my grubby hands on their machines, they're fubar. It's not for lack of trying either, because there are multiple Virus, Trojan, and Firewall apps, all fighting over the same machine, including the odd fake anti-trojanwares. You know the one's I'm talking about. We've all seen them. "Click here for a FREE security scan!" and then the machine gets YET another bit of evil.

    I simply don't know what to do anymore. I clean them up, set up security, knowing - just KNOWING that it's all in vain. Just yesterday, I got an "e-postcard" in the mail, and it was just an overt attempt at infection. There wasn't anything that would trip an AV or firewall in the mail, just an obfuscated link that actually pointed at a crypically named .exe. I know far too many people who are e-card addicts, and I am SURE they would have clicked.

    Toast. Totally goddamn toast. The fact that Windows programs have their execute bit as part of the filename is probably the worst thing ever to happen to an OS. One click, and yet another "svchost.exe" process. No lube, no kiss, no reach-around, just total PC anal rape.

    And without a total redesign of Windows or dumping the platform for Apple or Linux, Joe and Josephine User are SOL. Vista is going to be more of the same, as it's going to be simply XP SP3 with more chrome.

    Ah well.

    If anyone knows anything about a0190313376667.gif.exe, mail me at my alias AT Entropy dawt TMOK dawt com. There's hardly anything on the 'net about it except some German blogs.

    --
    BMO
    • I've actually found that post-SP2 the number of people calling me with issues has substantially dropped.

      Although. it might have something to do with my new payment policy: $40/hr or sexual favors of equal or greater value.
    • by sound+vision ( 884283 ) on Sunday August 14, 2005 @01:21AM (#13314946) Journal
      Windows will never die, not unless something major happens like Microsoft shuts down... not likely.

      It's just that people don't care enough, or don't know enough. "Here's a Mandrake install disc, have fun." Maybe they'll mess with it for a few minutes, but then the killer question comes: "How do I put my kids' <i>Game X</i> on it?" or "How do I use my camera?" I've tried to convert several people to Linux, and there's <i>always</i> a killer question. Some site needs Active X, or some shit company doesn't make Linux drivers for their hardware. If nothing else, "This doesn't look like Excel. How do I put Windows back on?"

      I'm sure you've all read those jokes in the respectable upstanding citizen! magazines like Reader's Digest, about how computers are unreliable. Everyone I talk to has this conception that computers are inherently unreliable machines that will always break. But when they say computers, they really mean Windows. They don't know the difference between a monitor and a modem, they just want to push the little blue button and have their email pop up... viruses and all.

      In summary, Windows will be the #1 OS until a significant proportion of Wal Mart computers come with an alternative OS (not likely unless MS looses their grip) or people get smarter (not likely period).
      • " Everyone I talk to has this conception that computers are inherently unreliable machines that will always break. But when they say computers, they really mean Windows."

        That conception existed well before Windows. Take a machine that requires proper hardware setup, build it upon a computing paradigm that is entirely too literal, and throw less than human-friendly software on it, and you'll get generalizations that computers are unreliable.

        Don't get me wrong, Windows is a major contributer to this line of t
    • Your comment is pretty much completely true.

      Except the "Windows is dying" part. I dont know what planet you're on. That must just be wishful thinking.
    • Hi,

      If I'm not mistaken, that particular executable file is probably one of many created by a program called WinPup(WinPup32?). When I used windows I noticed spikes in CPU usage at about five second intervals. I called up the mighty(HA) task manager and took a look at the processes. Randomly named .exe's popped up every five seconds.

      Do a google on WinPup. It will involve(if I remember correctly) deleting the winpup file from /system32 and editing the registry. Best in safe mode if I'm right. This
    • by homesteader ( 585925 ) on Sunday August 14, 2005 @03:35AM (#13315219)
      More often than not these days, the real tough buggers have randomly generated process names. Here's how I clean a machine:

      Tools required:

      Process Explorer(procexp) from http://www.sysinternals.com/ [sysinternals.com]
      autoruns.exe from the same, or hijackthis.exe from http://www.merijn.org/ [merijn.org]
      Any good virus scanner(McAfee's Enterprise scanner is decent. Use a simple scanner if possible, not a scanner/firewall/spam filter/personal servant. It will be generally be faster and simpler.
      Ad-Aware from http://www.lavasoft.de/ [lavasoft.de]
      LSPFix from http://www.cexx.org/lspfix.htm/ [cexx.org]
      Updated Stinger from McAfee http://vil.nai.com/vil/stinger/ [nai.com]
      Experience enough to know valid windows processes and files.

      Have all of this on a USB drive or CD. Will probably fit on a 64mb drive, unless your virus package is bulky.

      Boot to safe mode

      Start Task Manager or Proc Explorer and kill anything that doesn't look good, or everything that you know isn't part of windows. You could go to Control Panels:Admin Tools:Services and stop all services first, this will narrow the field.

      Run Stinger, just let it scan memory and running apps. Don't wait for it to do a full system scan.

      Run Ad-Aware, do the same. Just trying to ditch bad things that are actually running.

      If you've gotten this far in 15 minutes, the machine probably isn't in too bad of shape. Dump all temp files, c:\temp, c:\winnt(windows)\temp, c:\documents and settings\username\local settings\temp, c:\documents and settings\username\local settings\temporary internet items

      Update virus definitions and do a full scan. Latest SuperDAT from McAfee or Definitions from Symantec or whoever you use, should also be put on the USB drive or CD.

      So, virus scan didn't deal with it, or couldn't stop/remove it? This is where it gets tricky and completely manual. This is the point where most people give up, since you really need to know what should be where in Win2k/XP/2k3. I'm really not thinking of 95/98/Me, if those are hosed just wipe it clean and move to XP home for $99-199

      Run HiJackthis and look for gremlins. This tool really requires an eye for what is supposed to be there, but pay special attention to startup objects and BHOs(Browser Helper Objects aka evil Internet Explorer plugins)

      Add/Remove programs. Go through it with the client. Anything they don't recognize, or know they don't need, ditch. This can be risky, since people forget, but compared to a reinstall . . .

      Now for the real manual part . . .

      Run lspfix and check for foreign entries. There are normally 2-4 LSP's present. I usually only do this if there are persistent network failures.

      Check Hosts file at c:\winnt(windows)\system32\drivers\etc\hosts There really should only be one entry in here, for 127.0.0.1 localhost. You may have already checked this with hijackthis

      Browse to c:\winnt(windows). Sort by date. On a default install, the file modify dates are going to be a long time ago. If you see anything from within the last few months, get suspicious. Ignore log/text files, but don't ignore those without an extension. Do the same for c:\winnt(windows)\system32 This can be a bit trickier, there are way more files in system32 than winnt(windows), but the same rule generally applies. Anything from the last 3-6 months is suspicious.

      Do the same for c:\program files Delete any empty folders that your previous uninstall didn't remove. You should have an idea what is supposed to be here, after doing Add/Remove programs, so hack and slash the folders that you don't think belong.

      In one of these deleting sprees you are sure to find something bad that won't let itself be deleted, usually a .dll that is registered and can't be removed. Never fear! Write down the .d
      • Fucking hell! Is your second name Sisyphus? Plus you're doing half-assed stuff like sorting by file date and automatically overlooking old files?

        Save yourself some of your lifespan dude and do what's the only right thing to do to a compromised machine: reinstall from fresh media.
      • Great tips, thanks!

        I will have my CD ready for my next family reunion. :-/
      • You cannot clean a compromised system with tools running within that system, even in Safe Mode. That's like asking your mayor if s/he's been bribed or not and expecting an honest answer just because the question has been posed during a public council meeting. Wipe, and install from scratch. I would count those ~2 hours as lost in the sense that the system may not have been fixed; you'd probably have been better off watching a funny movie with kith and kin.
        Try googling rootkit. *nix has been around ~35
  • by Dynamoo ( 527749 ) on Saturday August 13, 2005 @11:45PM (#13314599) Homepage
    A Yellow alert at the ISC is pretty rare, and it has been several months at least since the last one. Generally even a worm outbreak such as Blaster only elevates the threat level to Yellow. Orange is even rarer.. I think that maybe has happened just a couple of times with Code Red and Slammer. There has never been a Red alert level.

    In other words.. the alert level tends to stay stubbornly at green unless there is a real issue - the ISC is usually extremely conservative about threat assessments. If they've raised the alert level as a precaution then it's definitely time to take notice.

    As for me.. I check the ISC at least once every day to see what emergent threat are out there. There are also a number of tools [sans.org] you can use such as a small Windows app that can help to inform you when the threat level changes.

    It's worth having these tools - when Sasser came out I'm pretty sure they saved my backside.. because in that case the short amount of time between the vulnerability being announced and the worm coming out was so short that many organisations hadn't even started patching. Thanks to the ISC we managed to get almost everything secured in a day, so when the inevitable rogue laptop user physically brought a worm infected machine into the office, then we managed to contain the outbreak effectively.

    • Someone needs to ask Tom Liston about the color Orange. :|

      And Dynamoo, you're spot on. The Handlers do not arbitrarily upgrade to yellow on a whim.

      -buf
    • by Anonymous Coward on Sunday August 14, 2005 @12:42AM (#13314830)
      There has never been a Red alert level.

      Red alert sould be used at each Windows release.
    • by lamj ( 153635 ) <jasonlam@nOspAM.flashmail.com> on Sunday August 14, 2005 @12:54AM (#13314875)
      One happy customer :-)

      You are correct. We want the infocon to stay at green most of the time and only raise it when necessary. Think about this, if we keep it at yellow all the time, it would eventually lower people's perception of the current threat. Trust me, we do try very hard to only raise it when necessary and appropriately.

      Disclaimer: I am one of the ISC guys.
      • When you disclaim something, you remove your own responsibility for it. For example, if I saw something about the law and then say "Disclaimer: I am not a lawyer", I am using the word correctly: I'm disclaiming any responsibility towards people foolish enough to follow my advice, as well as warning them why they shouldn't take it too seriously. Your "disclaimer" is really a "claimer": you are saying that you speak from an insider position and know what you are talking about. So don't misuse the word "dis
    • There has never been a Red alert level.

      Oh, just wait. We've got till December [wikipedia.org].

      /me eagerly awaits the coming of the Cursed Wave.

  • Kinda reminds me of Robin Williams [imdb.com] referring to the vage announcements of the US Homeland Security Department:

        Tom Ridge ever so often goes: "Today's a blue day. No, orange--RED!!!".
    • NetCraft has announced what we all knew a long time ago... Robin Williams is not funny. Maybe at one time he was, but that time is long past. Please Mr. Williams, follow in the footsteps of Jerry Lewis and self-impose an exile on yourself.
  • How long? (Score:4, Insightful)

    by ErichTheWebGuy ( 745925 ) on Saturday August 13, 2005 @11:50PM (#13314622) Homepage
    How long until that "uber-virus/trojan/worm" comes out that deletes the hard disk contents of millions of PCs? On one hand, that would be a great day, because then people would truly pay attention to security and Microsoft would get the attention it deserves.

    On the other hand, it would be bad for obvious reasons. But, IMO, it's only a matter of time. What color will the Infocon be then?
    • ... Do not pass you lawer, You won't be needing your passport.

      It seems that the majority of people in the US and Canada believe that people who advocate terrorism should be jailed.

      If they wanted to, that law and your post would be all that it would take.

      It's getting scary out there.

  • by grcumb ( 781340 ) on Saturday August 13, 2005 @11:55PM (#13314644) Homepage Journal

    "Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."

    What. The. Fuck.

  • Alert Level Red? (Score:3, Interesting)

    by g-san ( 93038 ) on Saturday August 13, 2005 @11:56PM (#13314652)
    So if the internet should come crashing down, as in the infocon red situation, what is the use of a little hyperlinked gif to their website, a gDesklet , or a systray icon?
  • are just something for management to mentally masturbate over, they are meaningless. so what if we were are WankerCon green, if your getting DDOS'd to death why will you care? what has it done for you?
  • by HishamMuhammad ( 553916 ) on Sunday August 14, 2005 @12:08AM (#13314704) Homepage Journal
    Isn't "color-coded threat levels" an excessively paranoid way to describe what we've always known as outdated, buggy software? This kind of representation paints a very fake picture -- as if those "threats" are a given and that all we can do is "try to protect ourselves", when in fact what we're dealing with is simply the result of flawed operating system design. These threats are only symptoms, not the root of the problem. I wonder who benefits from making people focus on the former instead of the latter.
    • Well, until that shining day when people can write millions of lines of code with no bugs, we have to deal with the reality of an installed base. Only very small systems are bug free. Don't mistake the lack of popularity of some OS with it having no bugs - attackers focus on the mainstream.
  • ...Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."

    WTF is this supposed to mean? Is there anyone in the office who took a grammar course in the last two decades who could translate this?
  • on all of my Linux boxes..
    Thanks Linus!!

  • by zymurgy_cat ( 627260 ) on Sunday August 14, 2005 @12:35AM (#13314807) Homepage
    ...and colorblind admins go on without a care in the world....
  • by CoyoteGuy ( 524946 ) on Sunday August 14, 2005 @12:54AM (#13314876)
    Data: Captain.. Sensors are picking up localized pockets of Upnp activity in subspace transmissions.

    Picard: Geordi, can we triangulate the originating source?

    Geordi: Yes sir, it's coming from a planetary system 15 light years from our present location. Long range sensors indicate it is...

    Picard: Yes, I know... Microsoft...

    Picard: All hands, yellow alert. Data, set a course for the source of the transmissions. All hands, to battlestations. Worf, put us to red alert upon enterting the system. We don't want another Code Red Incident. And send out a subspace communication to the Federation, all ships, all systems.. We have engaged Microsoft..

    Worf: Yes Captain.

    Picard: Data, we did test our monthly Microsoft patches on the first Tuesday of the month, correct.

    Data: Negative Captain. Unfortunately, there were exploits in the wild which take advantage of the weaknesses in the Upnp service installed on the ship's computer, and the Federation threat level was raised, so we did not test them.

    Picard: Damn Microsoft. Alright, let's be careful. We don't know yet what we're dealing with. Maximum Warp! Engage!
  • Hey Guys.. (Score:5, Funny)

    by CoyoteGuy ( 524946 ) on Sunday August 14, 2005 @01:05AM (#13314898)
    I think the threat level was raised to blue...

    But what does this mean?

    STOP: 0x0000000A (00000595 00000002 00000000 8010da41)
    IRQL_NOT_LESS_OR_EQUAL

    • It means there is one less windoze machine infecting our internet. I consider this a good thing.

      The only thing better would be to change the security switch on that machine from [I]nsecure to [O]versecure, which will change your machines threat level from blue (panic) to black(get a life). Typically the security switch is found on the back of the computer. Flip it. Go outside, enjoy the day.

      the AC
      Going to follow my own advice now
  • Yellow?! What are we going to do now?!

    *Jumps out the nearest window*
  • Re: (Score:2, Funny)

    Comment removed based on user account deletion
  • by Fallen Andy ( 795676 ) on Sunday August 14, 2005 @02:07AM (#13315041)
    I guess someone over at ISC had to blow the dust off the colo(u)r sensor (grins), but seriously, not much on the radar to panic anyone right now. Still, if you aren't awake you really ought to add ISC to your
    morning newspaper (wakeup + gallon of coffee) along with some others, so for the sake of people who don't grok the need to be aware (but: go read doug adams and don't panic as well!):

    Here goes: (sometimes costs me an hour in the morning, but it's worth the effort...).

    http://www.dshield.org/ [dshield.org] http://secunia.com/ http://vitalsecurity.org/ http://www.f-secure.com/weblog/ - gossip and just
    plain fun (cough) dilbert (cough).
    (many others, but i'm tooo lazy on a sunday morning to write em...).

    Oh, and be sure to replace the windows task manager with the wonderful (process explorer)
    over at the always splendid Mark Russinovich's sysinternals.com (it'll save you when your friends machine gets pwn3d). (hint: it shows tcp/ip connections so you can see if ET is phoning home).

    Finally, no list would be complete without a pointer to "comp.risks" (google groups ok?). Laugh. It helps...

    cheers all,
    Andy.
  • by shri ( 17709 ) <shriramc@@@gmail...com> on Sunday August 14, 2005 @02:16AM (#13315063) Homepage
    I'm sorry, but if I have to take stuff seriously, can someone put it in plan simple english without these threatening big brother buzzwords?

    "Internet Storm Center"
    "turn the Infocon to yellow"
    "Internet Threat Level meters"
    "Symantec ThreatCon"
    "DeepSight Threat Management System"
    "Internet Security Systems X-Force"
    "AlertCon"

    Sounds like a bad CIA / X-Men / Matrix rip off movie.
  • by matt me ( 850665 ) on Sunday August 14, 2005 @02:42AM (#13315116)
    I just read the rest of this morning's news on /. half an hour ago, and just popped back to read this article. Seems a good order, reminds me of how TV news works. They show the day's 'real' news - war, disasters, etc and then at the end, just before the weather they have something silly to cheer you up, usually animal related - an otter that can surf, monkeys at zoos having triplets, etc

    Here on /. we have the day's real news of interest, software patents, privacy, Google joining Apple, and then at the end when we think all is bleak for free software, there's a short story on Windows to make you laugh. Look, it's insecure! All their sensitive data's being emailed around. Ha ha.
  • Yellow Alert? (Score:2, Insightful)

    by Elshar ( 232380 )

    Doesn't every ISP already have the typical windows ports blocked already?

    I mean, in every one of my routers I block 135-139,445 TCP/UDP. (Yes, I know, there's one or two that aren't windows specific, but its easier on the FW rules considering its exceedingly rare for any legitimate traffic to go over the 'net on 'em)

    Maybe the yellow alert is warrented, but imo its jumping the gun. And to those network admins who haven't gotten the hint yet and blocked those ports, DO IT NOW! Thanks. Oh, and while we're at i
  • Sometimes... (Score:5, Interesting)

    by RAMMS+EIN ( 578166 ) on Sunday August 14, 2005 @05:33AM (#13315424) Homepage Journal
    Sometimes I almost wished Microsoft's own Internet imitation hadn't died. Then, we would have the true Internet, with the academic publications, some grassroots stuff, and the users of alternative operating systems. And the Microsoft network with all the Windows users, entertainment, flashing adverts, worms, pr0n, and everything.

    Of course, people would probably build bridges between the two networks, and the bridges could probably be exploited by worms...but the vulnerabilities would probably be on the Microsoft side for the most part, meaning that worms could travel from the Internet to the Microsoft network, but hardly the other way around.

    Ah, how pleasant dreams can be...
  • EULA (Score:2, Insightful)

    by Skiron ( 735617 )
    The thing that really galls me on MS with these issues is the fact that it's THEIR problem, and they issue a security update to patch a product a user BOUGHT under good faith. Then you have to sign your life away/agree to various thing MS can do to your machine to apply it - as if it's YOUR fault and not MS's onus.
  • by HangingChad ( 677530 ) on Sunday August 14, 2005 @09:29AM (#13315958) Homepage
    as a part of global DeepSight Threat Management System...

    Did anyone besides me originally read that as the global DeepShit Threat Management System?

    I think I like it better that way.

  • by Alejo ( 69447 ) <alejos1@hotma i l . com> on Sunday August 14, 2005 @10:05AM (#13316110)
    Look for pnpsrv.exe in windows/system32 and /run.

    A large client was affected last night because of it. And they patched almost all servers this week, but how can you keep patching up with thousands of workstations, including home users accessing through vpn?

    Tightening more is not an easy option as people want to do all what Microsoft promises them. When security teams (or just plain support) insist on patching they are labeled as annoying dorks, and when a worm/virus hits because of lame users not patching... just plain dorks!

    Sometimes I wish I liked painting instead of computers.

If mathematically you end up with the wrong answer, try multiplying by the page number.

Working...