Hotmail Servers Shut Down by Code Red

An Anonymous Coward writes: "SF Gate has this story about Code Red taking down some of Microsoft's Hotmail servers. That's funny." So is Code Red a problem yet? Meanwhile my sircams have stopped, except for 2 people who mail me a hundred or more a day. Thank god for filters, but if I had a monthly bandwidth cap, I'd be pissed.

Re:Microsoft to be the target of (more) lawsuits?

[ethereal]

One would think that Apache is just as susceptable to these problems as IIS, especially given that the source is readily available. But of course it doesn't seem to work out that way.

Even more damning - Apache has the lead in number of web servers deployed, so if anything we should by all rights expect to be awash in Apache-related exploits simply due to their marketshare. The fact that the exploits are still coming mostly from IIS makes the difference in design philosophy and just generally giving a damn about your product all the more evident.

This reminds me of Dilbert

[balls001]

Did anyone read the Dilbert comic where MS had mis-spelled a word in MS Word? I can imagine the Admin(s) in question to be put into a similar situation

MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill: .. At our Comdex booth

Re:This reminds me of Dilbert

[bruceg]

Great toon. I have it on the bottom of our Intranet homepage. I also have the one where dogbert is taking phone calls at the helpdesk, and his fist response is to "reboot!"

Re:This reminds me of Dilbert

Please die.

Re:This reminds me of Dilbert

[Colz+Grigor]

I imagined the conversation to go a little differently...

Bill: What happen?
MS Admin: Somebody set up us the bomb. We get signal!
Bill: Main screen turn on.
MS Admin: It's you!!
Code Red: All your base are belong to us. You are on the way to destruction.
Bill: What you say?!!?!

. . .

::Colz Grigor

--

Re:This reminds me of Dilbert

[optikSmoke]

I agree.
I have the Dilbert 2001 desk calendar. Unfortunately I have already read every single one during periods of boredom, so it kind of detracts from the daily novelty of reading a new dilbert comic (which is why I subscribed to the Daily Dilbert Newsletter)

Re:This reminds me of Dilbert

This needs to be (-1, Redundant) and soon.

Let it die, please.
Let it die.

Re:mail.Yahoo.com

[KilljoyAZ]

Yahoo! Mail's POP3 service still exists. You just have to accept occasional commercial emails from them. Click Options, then POP access and forwarding.

Don't want ads in your inbox? Then do what I do - leave POP3 access off until the mailbox gets filled up, then turn on POP3 access, use you favorite mail client to download all your email, and finally turn POP3 access off again.

Re:Make Sense

It will infect NT machines that it finds, but due to a bug in the worm, it won't spread from them.

Re:I think you meant:

Aww geez... now I'm infected just reading your post....

Re:I know it'll be said a billion times..

That's CANCER to you.

--Uncle Bill

Re:Hotmail running Windows again?

[Chris+Johnson]

Call me evil-minded and cynical, but I would not be at all surprised if Microsoft wrote the _hostile_ worm- perhaps even actively propagating it.

Don't they _want_ to render the existing Internet unworkable so they can sell people an 'upgrade' solution based entirely on proprietary protocols that tie in with .NET?

Don't they _need_ the current Internet to grind to a halt with as much damage as possible so their stuff looks good by comparison?

I'm sorry, but Code Red may turn out to be their baby all along. If that is true, then they _meant_ it to cripple the Internet. With .NET coming along, Microsoft desperately want and NEED to cripple the internet. Otherwise, who will buy .NET?

Re:How to choose a web server for your company

[sharkey]

11) Pick a platform which would get you the sack if management had a clue

Shouldn't that be COST you YOUR sack? For male admins, anyway.

It's bad when a provider doesn't manage its own

[zrk]

Would you buy from a company that begrudgingly admits to flaws in its products, and has to release fixes for the defects, and then doesn't apply them to their own components?

Not I.

Doesn't matter if .NET is entirely different code, etc, what matters is if they properly manage the service. Given that they can't do it for Hotmail, what makes you think they can do it for .NET?

Re:I love Win2k

Really?

You get to reimplement Win2k badly?

You could learn from the Linux project (reimplementing Unix-1989 badly for almost ten years now).

Hotmail running Windows again?

[totallygeek]

I thought Hotmail was not running Windows. Correct me if I am wrong, but I thought it was running Solaris.

Has any mass media (NBC or CNN) hit Microsoft about their crappy design? I would also like to know if Microsoft would ever consider writing a fixing worm.

Re:Hotmail running Windows again?

It's running a win2k frontend with a solaris backend.

Sounds like SunMS FUD (we all know that Scott McGreedy would be Bill Gates if he could). Its FreeBSD.

Re:Hotmail running Windows again?

[daviddennis]

This is correct, but then they switched to Windows yet again, and apparently the new version has been working.

This one's a real black eye for them. The last couple of months don't look good for .NET in practice.

D

Re:Hotmail running Windows again?

Scott McNeely isn't a tech person. Or even close to being a geek.

He's a bloody hockey player. And a suit.

Remember the big louts who beat you up in High School? Scott is one of them.

Bill Gates is more of a techie than McNeely.

Re:Hotmail running Windows again?

[Jucius+Maximus]

"I thought Hotmail was not running Windows. Correct me if I am wrong, but I thought it was running Solaris."

Back when MS bought out Hotmail, they were running on BSD software (Apache, I think,) and then a lot of people started to make fund of them because they didn't even use their own software on their own servers.

So they moved it over to an MS platform. According to my scanner, it's running IIS 5.0.

[64.4.53.7:80] World Wide Web HTTP
HTTP/1.1 302 Redirected..Server: Microsoft-IIS/5.0..Date: Thu, 09 Aug 2001 14:48:33 GMT..Location: http://lc2.law5.hotmail.passport.com

Re:Hotmail running Windows again?

When MSFT bought Hotmail I called them to cancel my account and they said they couldn't do that but if I didn't use it for a couple of years they would delete it

That isn't anything unique. Try to delete a Netscape web mail account sometime.

Re:Hotmail running Windows again?

[Raleel]

It's running a win2k frontend with a solaris backend.

Re:Hotmail running Windows again?

[Salgak1]

I thought Hotmail ran on BSD. . .or at least it did before the NT Switchover Fiasco, after which they quietly switched back. . .

Re:Hotmail running Windows again?

[Thackeri]

I thought it was just their DNS that was running BSD.

Re:Hotmail running Windows again?

[SuperGolden]

>Has any mass media (NBC or CNN) hit Microsoft >about their crappy design? I would also like to >know if Microsoft would ever consider writing a >fixing worm.

I saw a few segments on TV about the virus and they were frustrating to watch... They didn't mention that it only attacked machines running the vurnernable Microsoft ISS software... In fact, I don't recall hearing Microsoft mentioned at all during the segment...

-Super

Re:Hotmail running Windows again?

[doctor_oktagon]

As far as I can recall, it was running on BSD, and it was being recently "migrated" to Win2K. Re: fixing worms ... don't even go there!!

Re:Hotmail running Windows again?

[ph03n1x_333]

code red has been out for a little while now. why on earth would they not patch their IIS servers?? -------------- (ph03n1x@mason)[ph03n1x]$ telnet www.hotmail.com 80 Trying 64.4.54.7... Connected to www.hotmail.com. Escape character is '^]'. OPTIONS * HTTP/1.1 Host: www.hotmail.com HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Thu, 09 Aug 2001 14:51:35 GMT P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Public: OPTIONS, TRACE, GET, HEAD, POST, PUT, DELETE Content-Length: 0

Re:Hotmail running Windows again?

[Andrewkov]

It's impossible to know what they are running. For all we know, they could have a Win2K box which just redirects port 80 to a UNIX box. Or if they are usinging an open source OS, wouldn't it be easy to to some modifications to make it look like a Win2K box from outside?

Re:Hotmail running Windows again?

[Jucius+Maximus]

"Hmmmm, redirected eh? I wonder if they have read this?"

Unlikely. I suspect that the admins are too busy responding to the requests for advice that have been pouring in lately :P .

Re:Hotmail running Windows again?

When Microsoft originally bought Hotmail the entire system was run using Sun boxes with Solaris for the OS AFAIK. They (read Bill G. and company) immeadiately told the guys running Hotmail they would be migrating to NT 4 ASAP. After several years of painstaking failures M$ finally decided to let Solaris continue to do the work on the backend and they would simply use NT 4 for the frontend to make people think the system ran on NT 4. At least that's what I heard.

PS
When M$ bought Hotmail I called them to cancel my account and they said they couldn't do that but if I didn't use it for a couple of years they would delete it.

Re:Hotmail running Windows again?

[finite_automaton]

So they moved it over to an MS platform. According to my scanner, it's running IIS 5.0.
[64.4.53.7:80] World Wide Web HTTP
HTTP/1.1 302 Redirected..Server: Microsoft-IIS/5.0..Date: Thu, 09 Aug 2001 14:48:33 GMT..Location: http://lc2.law5.hotmail.passport.com

Hmmmm, redirected eh? I wonder if they have read this?

I wonder if IIS 5.0 is vulnerable as well?

Re:code red, sircam, taco, and real business

Please tell me that this is not an isolated incident. A capitalist monolith of a corporation is having to spend millions of dollars because of a little communist worm? I'm no communist, but anything that's bad for big business is good for me.

I'm incredulous

[wirefarm]

I find it amazing that they didn't take every precaution to protect what might be their highest-profile property. If MSDN went down, they could cover it - Most of their other servers, too. But Hotmail? That's so closely associated with Passport and, by association, dot-net, that I think they would do absolutely everything in their power to keep it spotless in the minds of the users.
Good luck to them. They'll need it.
I got two unsolicited calls asking how to set up Apache on a Windows 2000 server. These were people who had never seen a need to switch before. If I convert their servers for them, I'll probably set up a Linux box or two, 'just for backup purposes'.
Heh heh.
Cheers,
Jim in Tokyo

Re:I'm incredulous

[Mes]

I work for a large _blue_ company, and our internal networks have been attacked pretty thoroughly by code red. So much for firewalls. Just yesterday a nice anti-virus lady came through our lab and disinfected a bunch of win2k servers. Fortunately all my boxes run linux, so the whole thing was just amusing to me.

Re:I'm incredulous

[Mandi+Walls]

Heh heh. I actually sent a message to noc@microsoft.com yesterday letting them know that several machines were infected:
-----

To whom it may concern:

Your Windows server(s) at
65.54.225.59
65.54.225.129
65.54.225.180
is/are infected with the Code Red worm.

Please see information about patching your systems at Microsoft's
TechNet:
http://www.microsoft.com/technet/treeview/defaul t. asp?url=/technet/itsolutions/security/topics/codea lrt.asp

R Walls
Linux Systems Admin
*email removed*

-----
Had I sent it later in the afternoon, two more servers would have been listed there.

Can't wait until one of these has a malicious payload.

--mandi

Re:I'm incredulous

[sharkey]

Come on. Patching thousands of Windows PCs is a great deal more difficult than cutting a check for US $35.00 and mailing it to NetSol for the renewal of the PASSPORT.COM domain, so you can imagine how little chance there was of getting this done. Especially as how the patch DOESN'T fix the problem if URL redirection is being used on said IIS PC.

Re:Got scanned

[JonathanX]

Well then...that screws up their press release claiming that only 2 boxen were hit. I've got logs from two other machines...anyone else?

Here's what they're really using...

[Scratch-O-Matic]

I have it on good authority that Hotmail is actually running on a cluster of hacked -up Audreys.

Re:code red boon for page views.. let's make some

[CTho9305]

mod this one up :-)

Re:Privacy Compromised

[1984]

Wouldn't be the first time, eh?

Re:Okay so...

[alex_siufy]

At first I thought this service was great, but after just a couple of weeks I noticed that my e-mails were being delayed by several hours, and some of them didn't even arrive! I still have an account in there that, to this day (and several "support" e-mails later) can't receive anything...

Re:I know it'll be said a billion times..

[BradleyUffner]

What does .NET and Passport have to do with CodeRed?

What a switcheroo!

[dave-fu]

At the same time MS was switching Hotmail to run Linux, OSDN was switching their jobs site to run IIS. Nutty!

Re:What a switcheroo!

[Si]

Besides, does it really matter what kind of server an service runs

When it's the _Open Source Developers Network_, yes, they damn well should be running on Open Source servers.

Ford don't put Chevy engines in their cars.
(now some smartarse 'dotter is gonna say 'Actually I bought a Ford blah blah blah')

Re:What a switcheroo!

[mistered]

jobs.osdn.com was put together by a Toronto-based firm, DevelopersNetwork. DevelopersNetwork is a Microsoft shop, and thus jobs.osdn.com is run on Microsoft "servers." There's even a page at jobs.osdn.com that explains the situation.

Re:What a switcheroo!

[jmauro]

jobs.osdn.com is run by an outside firm, using their own software. It's the same as Microsoft DNS running on Linux. It's outsourced so it runs something different than the company would like to have you believe. Besides, does it really matter what kind of server an service runs upon?

Re:What a switcheroo!

[Dr.+Smeegee]

Weird, man. Is this the case? What is the world coming to?

Re:What a switcheroo!

[FunkyLinux]

I do not care what the explanation/excuse is.
OSDN is OPEN SOURCE and should walk the talk!

SALE on Micro$oft IIS (Internet Infection Server)
With every new license(or old) purchased, receive
a FREE can of worms over the internet.

Important Question for Slashdot Readerz:

Is there a Sourceforge project to develop:

Code Red?

Thank you and have a spam-free weekend.

Definitive answer to Hotmail front-end OS

[doctor_oktagon]

I just queried Netcraft What's That Site Running and it answers:

The site www.hotmail.com is running Microsoft-IIS/5.0 on Windows 2000

I also tried the SSL Port 443 and it's also hosted on IIS5/Win2K. Hope this clears up any confusion *grin*

One thing to consider here folks: this is a classic case of Security Process falling down. It just so happens it's an Win2K hole in this instance. If Hotmail still ran BSD and there was a root exploit discovered, someone still needs to follow the process and plug the hole.

NB: I'm not excusing MS here ... I'm laughing as much as everyone!

Re:Definitive answer to Hotmail front-end OS

[mitheral]

Always keeping in mind of course that you can't trust the client :)

Re:mail.Yahoo.com

[Mark+Pitman]

What I did is just gave Yahoo my Hotmail account (which I never check) as my primary email account. That way all the Yahoo spam goes to Hotmail and I get POP3 access.

Re:Microsoft to be the target of (more) lawsuits?

[Chester+K]

Well, here we have a gold-plated example of a fatal flaw in a piece of commercial software, coupled to a lax attitude towards fixing it, that has without question resulted in the loss of Actual Money by a great deal of people. One would think then, that IS Managers across the world would be queuing up to sue Microsoft and recover their costs.

Sue Microsoft because your sysadmin is too lax to install a security patch that came out almost two months ago?

Yeah, that'll work.

Re:"Just patch your servers" - Scott Culp

[Havokmon]

That's it. The name was in my SANS email this morning. :)

Microsoft is not good at making money?

And Bill Gates is pauper I suppose? Please, how did your post get a 5?

This just in....

[Lonath]

Microsoft has just reported on its website that the hotmail/passport servers will be down indefinitely because the programmers and technicians who are supposed to fix them can't log into their passport accounts to access their tools to fix the problem.

More on this at 11.

Re:Yawn

[clone22]

I Don't understand why dont they apply their own patches to their own servers ?

They knew what they were talking about when referring to those lazy sysadmins.

Moron, Outlook has nothing to do with it

[Wonko42]

Outlook has nothing to do with SirCam. SirCam is an executable virus, not a VBScript virus. You will be infected with SirCam by running the attachment, no matter what email client you are using.

For some reason, everyone seems to think that every virus is an Outlook virus.

Re:Moron, Outlook has nothing to do with it

[blazin]

If there is no Outlook, SirCam will scan your browser cache and grab email addresses from the web pages you have visited. That's why web masters are getting hit so much more than most people, because their email address is all over their webpage.

SirCam also has its own SMTP server meaning it can send mail without the help of Outlook.

This is not just an Outlook issue, it is a stupid users who open unsolicited attachments without virus scanning them problem.

Any windows email client that allows the user to open email from within the client is just as vulerable as Outlook.

Re:Moron, Outlook has nothing to do with it

[Tony+Hoyle]

SirCam scans the *outlook* address book using *outlook* activex calls. It has a hell of a lot to do with Outlook.

Re:Moron, Outlook has nothing to do with it

[TeraCo]

Yes.

Re:Moron, Outlook has nothing to do with it

[amanb]

Do you mean it has its own SMTP client code?

Re:Moron, Outlook has nothing to do with it

[ChodaBoy]

Think again, SirCam is indeed an executable virus, however the message body contains a VBScript that exploits unpatched installs of Outlook/Express and executes the attachment for you.

Anyone can be infected by opening the attachment (sorry, anyone running Windoze), but only Outlook/Express users will spread the virus as it exploits the MS Address book.

So, yes the virus is not strictly restricted to Outlook users, they are simply more vulnerable than others.

Re:Moron, Outlook has nothing to do with it

[NutscrapeSucks]

Yes, but unlike ILOVEYOU and so on, it doesn't send mail through outlook, and filtches addresses from other sources besides Outlook. It will fully affect any Win box that doesn't have Outlook installed.

And according to this, it doesn't use Outlook APIs, but instead combs through the Windows address book (WAB file) looking for addresses (which is only used by Outlook in 'internet mode' and is used by Outlook Express, which certainly doesn't support Outlook's COM API). The fact that it doesn't grab Netscape or Eudora's address book is probably just lazyness on the author's part.

Conclusion: Not a Outlook virus, except according to CmdrTaco.

Re:Moron, Outlook has nothing to do with it

[jelle]

Don't worry, the S in SMTP stands for Simple. Making your own SMTP client is probably easier than figuring out how to use MAPI.

Re:Why not serve your own?

[fyonn]

this only works if a) you have your own (sub)domain (not difficult) and b) you team up with a few friends to secondary MX for each other otherwise.

it's something I've been meaning to do but haven;t got round to yet... one day

dave

Re:Yawn

[Tungursk]

I Don't understand why dont they apply their own patches to their own servers ?
I bet they do have their own mailing lists where they are talking about this.
Or possibly they are not interested in it ?

Re:Microsoft to be the target of (more) lawsuits?

some fatal flaw that resulted in Actual Money being lost, the corporation could go after a commercial software house in the courts in an attempt to recover costs. have you read any EULA? I mean ANY? You cant do that, open source or not. Period...when you click "Yes", F8, or any other key saying you agree to their policies - you cant sue. Thats like that first line in these things too...

Re:A Bad Sign

[aozilla]

So don't use a four letter hotmail ID, how hard is that? Also, if you want to only accept email from people in your address book, unless you're expecting it, it's quite easy to automatically send bulk mail into the bulk mail folder. I currently have 25 messages sitting there right now. You don't get alerts for your bulk mail folder, and the mails get deleted after a certain amount of time, so you don't have to do anything to support it.

I must admit that hotmail isn't very good for mailing lists and signing up for sites, but I have a seperate account and email address for that. Admittedly that gets tons of spam, but I don't read it unless I'm changing my password anyway. For mailing lists, well, I don't read any any more, but you can always make a new account for each mailing list, or use an outlook express filter. Mailing lists via email is a stupid idea for the most part anyway.

I don't know, I'm sick of people complaining about spam. I don't get any in my personal mail, simply by only giving my email to real live humans and using hotmail's spam filter. I contend that if you get a lot of spam it's probably your own fault.

Re:Windows NT servers

[csbruce]

It's a wonder that the recommended correction isn't to upgrade to a newer IIS or a newer OS. The virus was probably written under the guidance of Microsoft's Marketing Department.

Re:BSD

[jeremyp]

Yes, you're right, they just moved the front end servers to Win2K and IIS. Event then they are running some software to emulate a FreeBSD environment so that their cgi scripts etc still work.

Unfortunately, the whole point of Sircam is to attack the web front end servers, so the back end is irrelevant.

More seriously, people say "just apply the patch" but for a site like Hotmail that is a non-trivial exercise. You have to test the patch extensively in your environment to make sure it doesn't break anything. Can you imagine the smugness of the Slashdot community if they had applied the patch and some subtle bug in it brought down every web server in Hotmail?

Re:code red, sircam, taco, and real business

I work at Intel. All our internal port 80's are blocked right now, and servers (non-windows) are having problems due to connections going up and down because of the DDOS natur of Code RED II. It keeps tying up all our net bandwidth and is also wrecking havoc with shitty cisco routers that keep crashing. (requiring a power cycle). I've been unable to get ANY real work done for the last 2 days because of the network outages. It IS costing billions. I'm an EE and I make a shitload of money. If I'm sitting there for 2 days doing nothing, and Intel's paying me for it, that's a lot of money x 70,000 employees.

Re:What the hell.

[JonathanX]

To make matters worse, Microsoft claims that they discovered the infection on Wednesday. I notified them on Monday that I was logging Code Red scans from their internal network. Apparently I was ignored...

Re:What the hell.

[ozbird]

How can you forget a bunch of servers.

It wouldn't be the first time someone has forgotten a server. (I can't see this happening to a Windows box, though.)

Re:What the hell.

Of course only Microsoft has to do this because they don't want to pitch into Symantec's coffers for pcAnywhere or have to use dirty open source software like VNC.

But of course not ...

[Davewpw]

Desler said no customer data, customer e-mails or personal information appeared to have been compromised in the attack. He also said the company had had no reports of slowdowns because of the attack.

No slow downs on the slowest web-mail system.. hhmm How would you tell if it was slow???

We also dont know how much information was lost because it was running on MS servers.

the names are so confusing

[twitter]

it's kinda like win2k, based on NT Technology, (New Technology Technology), or it's the New NT (New New Technology) that's to blame for the failure of the dot.net (yot.yet.not.net) Nyet? They forgot a line!

!net

Better Yahoo solution

[ubernostrum]

They let you set up a limited number of filters - filter the stuff they send you. I have a college account that forwards to my "private" Yahoo box, and by default, anything that isn't to or from the [mycollege].edu domain goes to a "spamfilter" folder that I clean out once a week (the small group of people who have the "private" address don't get filtered out, though...they do let you have mroe than one filter, after all). That lets me use Balsa for convenient POP3 access all the time, and not worry about spam.

Re:A Bad Sign

[mitheral]

My comment was more of a whine than a complaint. I've done what you suggest as soon as I realized it was possible (3-4 months back) and therefor, of course, never get anything except from people I know. :)

It just amazed me the couple of times I have turned it off in order to harvest an email address (it's weird how many people don't know what their email address really is) how much spam I recieved in a few hours. I've been told that there are bulk mail programs that just guess email addresses at hotmail and send mail to everyone in a range like a@hotmail.com to zzzzzzzzzzzz_zzzzzzzzzzz@hotmail.com. Therefor with only four letters in my ID, I recieve all of these. However they go right into the not read by anyone folder.

I already have several hotmail id's including a couple for spam traps. For personal messages I find that the coolness of a four letter ID outweighs the occsional inconvience. and it sure is a lot easier to tell to some one over the phone than I_Wanted_a_different_ID_but_it_was_already_taken_1 9853@hotmail.com

Re:BSD

I haven't heard of a hit crew sent out to kill the authors of 'Undocumented Windows NT' or anything.

Of course you wouldn't have heard of them. What do you think they are, amateurs?

Re:What the hell.

[garren_bagley]

.....lot more critical data THAN your little account......

Re:How to choose a web server for your company

[null_session]

Ok, I'll bite. Let's go through the list.:

1) Pick a platform that is difficult to administer remotely

Since most admins administer UNIX via command prompts and vi I'd say that UNIX is much easier to administer remotely. With SSH loaded I can get all the same interface at home through a dial up 14.4k connection that I get at work.

(2) Pick a platform that is insecure

I don't really I have to say anything here. If you have ever in your life looked at the stats available at attrition.org then you know.

3) Pick a platform that can't handle the amount of customers you have

Platform wise this really comes down to hardware, not OS and CERTAINLY not admin, which is what we are discussing here.

4) Pick a platform that costs a tonne of money

Here you might have been right. Depending on the installation, the software cost may be marginalized. Or it may not. Think of buying 1000 file servers. There the OS cost is a signifigant factor. Putting in a large scale distributed application? not so much, fewer servers and most of your cost is in development and implamentation.

5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth

I can speak with some authority on this one. The MCSE cirriculum, unless they have added it recently, does NOT mention hot fix patches. At all. It tells you how to set up Microsoft's replication service that fails 20% of the time for no reason, but it does not mention the first thing about hot fixes.

6) Pick a platform that is proprietary

NT is about as proprietary as it gets. With the commercial UNIXs you at least get regular published APIs and system calls. With Linux and *BSD, you get the source. Hard to get less proprietary than that.

7) Pick a platform that runs on low-end server hardware or worse only

see my above point about platform

8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years

AFAIK, MS is the only company to even suggest the rent the OS idea.

9) Pick a platform with a database server that "loses" data given certain queries

This shouldn't have been included. Funny, but off topic.

10) Pick a platform that is forever morphing, changing technology, and has a history of instability

That's NT. It would be an accolade but for the instability part, and the fact that most of the changes don't work and aren't wanted or used by the users.

11) Pick a platform which would get you the sack if management had a clue

I would fire someone for picking a Microsoft solution when an alternative existed. Wouldn't you? What's the good side of picking Microsoft?

I'm failing to see much in this post that indicates that a good admin has a whole lot of control. Yes they can patch servers, but as has been noted, the patch doesn't always work in this case. Also, Microsoft patches are well known to de-stabalize the system, or bring back old bugs, or chrash server applications, or cause any other host of problems. Yes, the admin is important, but you're trying to say that Michael Schumacher could win while driving a stock Yugo, based strictly on his qualifications as a driver. The tool DOES matter.

Here's a great plan

[BillyGoatThree]

Make a modified version of CodeRed called, say, CodeNap. Include in the payload an MP3 by Metallica. Wait 48 hours until it's everywhere. Now sue Microsoft because they are making money of a system that is being used to make illegal copies of copyrighted works!

Re:Here's a great plan

Actually, wouldn't it be better to make a patch to send patches to other servers whenever it detects a Code Red worm?

Re:Here's a great plan

It could be a new peer-to-peer system for sharing files, but it might be kinda hard to search for something specific.

Re:Here's a great plan

[Maditude]

Lol! You might be onto something!

Aren't these CodeRed II attacks supposed to finish

[vondo]

Everything I've read about Code Red II says that each infected machine is only supposed to try to infect new machines for 24 hours. Considering that CRII exploded Sunday evening and judging from the number of hits I've gotten on my @HOME machine, everyone should have been infected within an hour.

My machine seems to be getting hit just as hard as ever. Surely these can't be recent infections? Do we really have to wait until October 1 for this storm to pass?

Re:BSD

The vast majority of freebsd machines are now running w2k.

Heh. Taken out of context, that sounds pretty funny. It sort of reminds me of the "*BSD is Dying" troll.

I love Win2k

[lavaforge]

I get to reimplement the same solution with four times the hardware and none of the worm protection.

More media coverage

[FrankHaynes]

...in this Computerworld story.

It actually names MicroSoft as being negligent, or at least somewhat responsible. Maybe this one will open eyes despite the huge media machine?

---

Re:Ironic...

[monkeyserver.com]

ya, that is why they want to offer subscriptions to software, to force you to upgrade when they want you to, and to force you to pay for it.

They won't change their model they'll force you to assimilate to theirs.

Microsoft: This is where you want to go today.

Re:What the hell.

June 18. Nowhere near 6 months ago.

Internet time, baby. Geez, Dillon. You're still using Julian measurements? That's so last year!

Total cost of running IIS

[flatrock]

Microsoft has a long history of poor security in their software. They have made progress in this area, but they are still far behind the curve.

I'm a little out of my realm of knowledge here, but it seems like IIS also has a lot of features that other web servers don't have. If you have more features, you also have a lot more likelyhood for bugs and exploits. It's much easier to secure a simple product than a more feature rich one. I've heard many people state that the cost off running MS software is much higher than running other competing software. I'm sure that that's true in many cases, especially when those users aren't utilizing the extra features that IIS may offer them. However, if those features meet their needs better than Apache for example, then maybe IIS is worth the cost and the security rick for them. Regardless of who's software they use, they need to keep up on the security patches. There was a patch for this. The problem was heavilly advertised. People, including many in Microsoft itself, didn't apply the patch.
Another reason why there may be more security exploits hitting IIS than Apache is that IS people who are properly concerned with security, and properly apply patches are more likely to be running Apache than IIS. I hate to fuel the UNIX has smarter admins fire, but there seems to be a lot of truth to it in a very general sense. Note, I said in a general sense. I'm quite sure there are brilliant NT adins, and stupid UNIX admins, I've actually met a few of each.

another article on hotmail infection

[treebeard77]

Dave Farber's mailing list passed along Microsoft's Hotmail Is Red Hot From Worm from Newsbytes

DDOS

[Foxxz]

Code Red 2 + Trinoo = Internet Death

-foxxz

Re:DDOS

[doctor_oktagon]

As this new story in the Register points out, the Internet managed to survive very well through a whole slew of recent incidents, so there is no reason to believe it will not continue to do so.

Ok, a DDOS might knock out access to a few websites, or at very worst a full ISP, but it would certainly not lead to the entire Internet grinding to a halt.

BSD

[Crewd]

I bet Microsoft is wishing they left those hotmail servers on BSD. If I remember correctly, they started moving from BSD to Windows 2000 just about this time last year...of course that was after an unsuccessful try in about the 97/98 time frame....

Crewd

Re:BSD

[bmajik]

No.

The "back end" is a bunch of Sun E4500's.

The vast majority of freebsd machines are now running w2k.

Re:BSD

[aozilla]

Yeah, FreeBSD never has root exploits that are enabled by default.

Re:BSD

[Balinares]

In the fact they actually sell Visual C to individuals, you have a point, indeed, though you could have voiced it just a tad more politely.

What prompted my feeling (just a feeling, Mr. AC :)) is a combination of parameters, actually. The wording of their presentation of .NET. The fact they generally don't seem to envision development outside an environment. The fact that while I've not done much development in Visual C (three months of it, all in all), I had a definite feeling of being trapped in what I'll call The Legal API Set. The fact I read about driver makers complaining they had to do guesswork in NT because the Legal APIs weren't sufficient for them and the rest wasn't documented, as you point out yourself. For that matter, Microsoft blamed NT's instability on those very drivers.

So maybe they've got nothing at all against individual programmers in themselves, but I still have the same feeling: they do not enjoy much programmers that want to go deeper than the Legal API. If you have different feelings, good for you, dude. :)

Re:BSD

[Balinares]

I bet Microsoft is wishing they left those hotmail servers on BSD.

The sad part is, they probably don't. More likely, they're wishing it was illegal to be a programmer outside a regular, certified company. That way, those damn hackers couldn't exist, and only companies would produce software, for the only good reason there is to produce software, money.

And the worse is, I'm barely being satirical here. It's really what they corporate culture seems to promote, as has been proved too many times... Maybe I'm just being an overreacting idiot, but they've given me that impression so many times...

Re:BSD

*SD is dying

Yet nother crippling bombshll hit the eleaguered *BSD community when last month IDC confirmed that *SD accounts for less than a fraction of 1 percent of all servers. Coming on top of of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick nd its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For ll practical purposes, *BSD is dead.

*BS is dying

Re:BSD

I bet Microsoft is wishing they left those hotmail servers on BSD...

The install guys got confused. They were turned loose on a bunch of new servers for Hotmail front-end boxes. Their boss told them to install "the BSD OS on those" and they thought he said "the BSoD OS on those" so they busted out their Windows 2000 Advanced Server (a true oxymoron) CDs.

Re:BSD

[smooc]

I thought just the webfrontends are running a version of Windows & IIS, the backend is still FreeBSD.

Or did they change that by now?

Re:BSD

I thought the backend was Oracle on Solaris.

Re:BSD

[DiLLeMaN]

They didn't, they just hid the BSD part better. I think =]

You log in on a win2k box, you'll then get a generic screen on a win2k box. The link to your inbox points to a BSD box, which redirects you to a win2k box.

Load balancer?

Re:BSD

[ethereal]

The vast majority of freebsd machines are now running w2k.

You mean in VMWare? Or is this one of those "FreeBSD is dying" trolls again?

Yes, I know what you meant :)

Re:BSD

[DavidJA]

As a IIS systems admin, I would feel better if Microsoft had enough trust in their patch's stability that they installed it on ALL of their own production enviroment servers before release.

Yes I might delay the patch release by 2 days, but SirCam took at least 1 month to develop after details of the exploit were released by Microsoft.

Re:BSD

[jdh28]

What idiot moderated this as informative?

john

Re:BSD

Doesn't really matter if you can't access the front end, eh?

Re:BSD

[bluelarva]

Actually backend is (or at least once was) a flat text files. I'm not kidding.

Re:BSD

[Fishstick]

That sounds right. I questioned the validity of the headline when I saw it wondering how Code Red could affect hotmail when last I heard they used BSD.

But what you say sounds familiar; that they still use BSD for the backend mail servers, but the 'user interface' websites are all running W2K/IIS5

Re:BSD

"More likely, they're wishing it was illegal to be a programmer outside a regular, certified company. That way, those damn hackers couldn't exist [...]"

Yeah! Because those hackers would never do anything illegal.

Re:BSD

[jbarnett]

True, ALWAYS test in QA before going into a production envoriment. But how much time do they need to test? 4-5 months? How long has this patch been out again....

Re:BSD

[jesseraf]

yeah, and somehow you just know they're going to try to point the blame for this on the few FreeBSD servers they still have running there. Just like when they claimed the FreeBSD was to blame when their users get viruses.

Re:BSD

"The telnetd service is enabled by default on all FreeBSD installations if the 'high' security setting is not selected at install-time"

Read your links next time.

Re:BSD

The high security setting is not enabled by default. It's the same as Windows, every daemon you install is another risk. Run no daemons, and you have no risks.

Ironic

[TrollMan+5000]

That Microsoft didn't download and install their own patch!

Probably...

[briggsb]

Microsoft is using a Beta version of the new IIS software for their hotmail servers that come with the worm already bundled with it.

Re:Probably...

[Waffle+Iron]

Microsoft is using a Beta version of the new IIS software for their hotmail servers that come with the worm already bundled with it.

This is another monopolistic outrage!!! Just where will the bundling stop? Now Bill Gates wants to take away the livelyhoods of the virus witers! Is anybody safe?

Re:Probably...

[ncc74656]

Microsoft is using a Beta version of the new IIS software for their hotmail servers that come with the worm already bundled with it.

I thought tequila was the only product that was supposed to have a worm bundled with it...

Windows NT servers

[tringstad]

I submitted this as an article this morning, but as it is still pending, and both my home and work servers are still under constant annoyance, I figured I'd pass it on here as well. If you are running a Windows NT server, kindly do us all a favor and just turn it off for a few months.

According to yesterday's Handler's Diary on www.incidents.org, "Microsoft has confirmed that if an IIS 4.0 webserver is using URL redirection, it is still vulnerable to Code Red even if the Microsoft patch is installed". The only known solution is to remove all URL redirections from NT servers running IIS 4.0.

-Tommy

Re:Windows NT servers

[tringstad]

Not surprisingly...

2001-08-09 15:17:15 WindowsNT still vulnerable after Code Red patches (articles,bug) (rejected)

I'm sure it'll be accepted by someone else around next tuesday.

- Tommy

Re:Windows NT servers

I just have to ask.... when will corporations realize that MS products can HURT them? I mean, c'mon... how many "e-mail viruses" (translation, OUTLOOK viruses) and "internet worms" (translation, IIS worms) is it going to take before these people wake up and see what the hell is going on? I work for a small, privately owned network consulting firm, and you wouldn't believe the idiocracy I see on a daily basis... just a question....

Re:Okay so...

[iCEBaLM]

They have said that Hotmail should not be trusted to store valuable mail (and that I should use outlook instead -- the damn software responsible for SirCam in the first place).

Hrmm, lets see, a free service with multi-millions of accounts running IIS, I wouldn't trust it to store my valuables, why do you?

They think this is my problem, and I should upgrade my anti-virus software (I've repeatedly assured them that I've been WinDoh's free for four years -- I can't find McAfee's Linux download site).

This is your problem, see quote number one above.

They say their anti-virus protection is sufficient -- yet I rec'd two more SirCam laced spams today. They won't let me download the contents (even though it won't hurt my Linux system).

This is the kind of protection I, and the rest of the world, would like. Able to see the email, not able to infect myself with the crappy attachment, oh, it's SirCam, .

If you've been running Linux for 4 years you should surely know by now how to use mutt, pine, or even evolution if you so desire. I would suggest not trusting valuable information to free - error prone - services and start downloading your email straight to your computer via that pop3/imap account your ISP gives you.

-- iCEBaLM

When?

[CatKnight]

When did the hotmail servers go down? I havn't noticed any downtime at all and I'm constantly checking my mail (cuz I suck).

99.999% uptime?

What about those 5-nines reliability ads for Win2K Microsoft's been buying? The boxes stay up, but the servers they run fail. Hmmm, too bad Microsoft's the main one around with the money and the mentality for lawsuits... sounds like false advertising to me.

in reading the article...

[linuxpng]

I found out that a couple of the servers were infected by code red.. not taken down. It even states that it caused no slow down accessing hotmail. The only news here is that MS doesn't care enough about hotmail to patch a few servers. Woo.

Re:in reading the article...

[Jucius+Maximus]

"The only news here is that MS doesn't care enough about hotmail to patch a few servers."

It would be funny if someone from, say, Oracle, IBM or a Linux Distro staff used the root exploit associated with the CRII and installed the patch for Microsoft. Hehe. Perhaps get some witnesses from CNN or another mainstream news network to watch the process and spread the word of what happenned ;-) That would get some intresting press rolling down the line.

Re:Yawn

[bmongar]

I Don't understand why dont they apply their own patches to their own servers ?

Probably for the same reason many people don't install the patches. They have the server up and running and are afraid of what the patch will break.

Re:"may" have been a victim?

[sharkey]

Are you a suicide victim after you kill yourself? M$ brought this on themselves through their software quality (or lack thereof) and their failure to apply the fixes that supposedly fix the problem after laying the blame for this at the feet of all those who didn't. "Victim" just doesn't seem to fit.

Of course, how much of this whole discussion is Schadenfreude? (Of which I am gleefully participating in.)

I know it'll be said a billion times..

[xtermz]

but how can MS promote it's whole .NET/Passport philosophy if the very same services are proven to be insecure. And why hasnt MS been made accountable at all? Is it simply their huge media machine they have working for them, or are people truly that blind to the insecurities and downfalls of MS software?

Re:I know it'll be said a billion times..

What about the sheep around here who refuse to use an OS that has over 25% market share?

Re:I know it'll be said a billion times..

[why-is-it]

how can MS promote it's whole .NET/Passport philosophy if the very same services are proven to be insecure

Because the average (L)user has only had experiences with crappy micro$oft offerings. This is typical of their experiences. And, quite frankly, there are not many alternatives out there for the typical user. Linux is not ready for the corporate desktop or the average home user - yet.

For those of us who run UNIX or Linux, we know that systems should not crash or BSOD daily. Hey, I have some AIX-based mail servers that have not been re-booted in 5 months, and the last time they were down was because I needed to add more disk. If the average home user can go a day or so between crashes, they are satisfied and happy with that.

That is the market that micro$oft sells to. The (L)users and pointy-haired bosses of the world are their audience. Not the informed techies. Their target audience completely accepts that the evil hackers are to blame.

And why hasnt MS been made accountable at all?

Because their PR firms do an amazing job of making sure that a micro$oft-friendly version of the problem gets reported. There are not many reporters out there who have the technical know-how to be able to see through the obfuscation. Unfortunately, most of the (L)users get their technical news from ZDNET and other micro$oft-friendly sites.

are people truly that blind to the insecurities and downfalls of MS software?

Most people probably are. From what I have seen, the people who recognize the risks of using micro$oft products on critical systems run UNIX variants.

Re:I know it'll be said a billion times..

It isn't a virus, it's a worm.

The difference?

Viruses eat your files, worms eat networks.

Re:I know it'll be said a billion times..

What does .NET and Passport have to do with CodeRed?

If it was CodeRed II, it has a lot to do with passport. The root.exe trick that CodeRed II installs would allow anyone to access private data on people's accounts. That sounds pretty serious to me!

Re:I know it'll be said a billion times..

[1alpha7]

What does .NET and Passport have to do with CodeRed?

They run under Windows, and CodeRed is a Windows Virus(tm). IOW, they require a proven insecure platform.

1Alpha7

Re:I know it'll be said a billion times..

[RobNich]

but how can MS promote it's whole .NET/Passport philosophy if the very same services are proven to be insecure...

The news agencies don't even mention that this is specific to Microsoft's software. Microsoft doesn't have to do anything but keep marketing, telling the sheep that everything is alright, and not to run Linux because it is a virus.

Re:I know it'll be said a billion times..

[jeffy124]

.NET and Passport demand good security, as people will be attempting to break into those systems, viruses to DDoS Passport, etc. Yet here's MS unable to patch their own Hotmail systems to prevent Code Red from infecting their own machines. By failing to patch their own computers, can people expect the same from Passport?

How Ironic

[A+Commentor]

The only thing better would be if Microsoft's server that has the patch to download was infected...

Re:How Ironic

[houghi]

What would be even worse is if you would have to pay for their software. I am sure people will revolt then.

Re:How Ironic

[3am]

i'm pretty sure one of them was (update.microsoft.com?) in the first wave of code red. i seem to recall that at least of of a load balanced server group was compromised there.

Re:Bad Microsoft ! No donught for you!

You are correct. However, "slashdrones" as you put it also:
1. Have the ability to think independent thought.
2. Will research issues to solve problems
3. Don't purchase products based on marketing
4. Believe that their is NO One software or hardware package that solves every need.
5. Are not afraid to take chances.
6. Will stand up to management to do what they believe is correct.
7. Understand that the cost of software and hardware effects the companies bottom line.

Ahhh, but sadly, they are out numbered by a factor of 1,000 to 1 by the M$clones. So for every "slashdrone" you read about on this site, there are easily 1,000 M$clones who do the following.

1. Purchase a software not to get fired.
2. Believe that even if another software or hardware is better, the bigest company will eventually fix their product and crush out anyone else.
3. Tell everyone that their product is the best without ever learning anything else about other products.

Lastly, and the worst of all:
4. They are just implementers of software and do whatever their upper level management tells them to do. However, they talk to everyone like they make all the decisions for their company, and that those decisions are the ONLY Logical way for people to go with technology.

Steve Michael
smichael@netcapade.net
Network Architect
Performance Strategies
Indianapolis Indiana

Re:Handling the /default.ida request [OFF TOPIC]

[J'raxis]

Just a thought. I'm running Apache 1.3.x, and was tired of logging all those 404's. I have custom server messages with a few images on them. I decided to create a 0-byte /default.ida just to cut down on the sheer number of bytes being passed around. Is this advisable? Should I be correct and return a 403 or 404 instead of an empty 200? I'm getting a Code Red hit about twice a minute.

Or, try:

Redirect gone /default.ida

in your conf. Will make it return a "410 Gone" message which is like a "stronger" 404, and it won't log in the error log. This will return a default error page (few hundred bytes); much like the 404 error.

CodeRed actually a SPAM filter

[beanerspace]

We all do it, that is, create a throw-away HotMail account for those times we need to register online somewhere with an e-mail address. I even go so far as to turn on the SPAM Filtering and limit the use of the account for said registrations.

Even so, these accounts always manage to get overrun by a flood of SPAM. I've even set up one account to throw away EVERYTHING. Then again, that's the account I used to sign up with SpamCop

So I'm thinking, perhaps it's not a bad thing for all those nasty SPAM'rs to get hundreds, if not thousands of messages bounced back (not like they don't already). One can only hope that their stupid harversters removed bounced addresses from their lists.

At least in this way, maybe CodeRed will have done us a favor. Even for a short while.

Re:Microsoft to be the target of (more) lawsuits?

[ch-chuck]

Who causes this mess?

Obviously not Msft, since their FU's are protected by the EULA; society seems to want to blame the virus authors who exploit the holes, but I think the blame belongs to: people who take the path of least resistance and buy Msft licenses. Yes, people should be FIRED , sacked, terminated, let go, finito', by company's for recommending Msft Exchange/Outlook/IIS when they get a plague of viruses. And I mean TOP IT mgmt should get the old heave-ho onto the street from the suits when there's a major business disruption. After they dump the McSE fakirs and the "40 Billion Dollar RipOff Goliath" they should look around for some credible, broad computer business information systems experience willing to look at alternatives other than a simple minded 'single source' from budget sucking vendor lock in thieves leading them further down the primrose path to madness, mayhem & self destruction.

Thank you.

Re:Microsoft to be the target of (more) lawsuits?

[WNight]

Actually, EULAs would be less binding on businesses because they tend to employ lawyers who would instruct them of this.

However, businesses tend to sign paper contracts that spell out everything in the EULA, as part of their bulk-purchase agreements. And in that fashion, being open and before-sale, it's perfectly legal and binding.

If you had to sign your name to an EULA when you bought software at a store, it's be more binding. Especially if you had to sign BEFORE purchase.

But if a business (or consumer) goes to the store, buys a package, takes it home, installs it, and clicks-through the EULA, they are NOT bound by it. Even if they knew it was there, they also knew that it is invalid. EULAs, no matter how you look at it, are not binding to ANYONE.

Thus the UCITA. I mean, if a business can't forbid people commenting on the quality of a product, writing reviews, distributing anything made with the software without royalties, and cripple it in the name of piracy provention... how do we expect them to make billions of dollars and oppress us?!? Support your local billionaire, buy him a politician.

Re:Easy way to stop Code Red infection

Ah, i see.

I'd say this solution actually works on ALL memory-resident worms and viruses.

:-)

Re:A Bad Sign

[mitheral]

You must have a high character/unlikely to be guessed ID Those of us with four letter hotmail ID's get random spam all the time regardless of of the spam filter.

However only accepting email from people in my address book has cut the spam down. It's kind of inconvient however as I have to turn it off when ever I'm expecting mail from the wild.

Re:Make Sense

[fyonn]

code red infect's IIS 4 and 5 which tends to be installed on NT4 server and w2k server boxen *by default I think).

so yes, NT 4 can be easily infected

dave

Great way to spread sotfware.

[Lussarn]

Can anyone write a new napster using this "protocol". Then we just have to set up NT servers and wait for the files to arive. First it spread itself to any boxes on the net then start transfering files on off Your HD. Everyday when you come home from work you got 2gb of fresh pron. Should keep you busy for the rest of the evening.

Re:Decent reporting

[feces_tossin_primate]

It is refreshing to see the beginnings of a "main-stream" media move towards at least pointing out that these things are more often than not soley M$-related problems... Who knows, maybe they might even start to hold M$ accountable for stupid server tricks... But don't hold your breath.

Re:Microsoft to be the target of (more) lawsuits?

[jmauro]

Actually clicking a button after launch is now considered a "signature". The federal law is silly, who knew you'd be signing your life away by clicking the silly and stupid little check box when the program starts up. Sucks doesn't?

Re:A Bad Sign

They do protect against the dictionary attacks, that's what the spam filter is for.

Re:Make Sense

[dermotfitz]

code red II doesn't infect NT I think.

Re:Yawn

[Tungursk]

I assume this patch is mandatory one. Bill just need to send everybody @ M$oft mail with subject :
Install @#$%.. patch NOW!
:))

Re:Microsoft to be the target of (more) lawsuits?

[flatrock]

So after Microsoft who do they sue next? SUN? They've had security bugs that have caused problems for customers. How about Apache? They've also had to patch security holes. How many companies that make server software haven't had security holes at one point or another? More viruses/trujans/worms are made to attack MS OSs because they have a larger market share (in the desktop market at least), and they're probably more despised by the crackers writing the viruses/trojans/worms.
The real story here is that a lot of people running Microsoft OSs don't take applying security patches seriously enough. The fact that some of them are at Hotmail which is owned by Microsoft makes the news both funnier and more depressing.
System administrators and computer users in general need to be more concerned with the costs of not applying security patches. A more serious effort also has to be made to convince crackers that there will be serious penalties for releasing these viruses/trojans/worms. It's past time to accept excuses like I didn't mean to cause that much harm, or I was just doing it to show the hole existed. Is it necessary to throw a brick through a car window to prove that a car alarm won't stom you from steaning someones stuff out of the car? These crackers are causing serious finicial harm. They should be held responsible for their actions, and not get a slap on the wrist.

I don't understand the apologist stance.

[dave-fu]

I mean, it's nice and all that they've got a page explaining that they had someone else build their site, but why? Is it too complex an application? Are open source databases not robust enough? What's up with that?
And last I'd heard, jobs.osdn.com was sporting a slew of long-since-patched vulnerabilities as well as an open SQL*Server port on it; for a website that likes to preach about security and knowing who's working for you to make sure they do things right and all that jazz, they sure don't keep their own house in order.

Truly Sad.

[El+Camino+SS]

You know, one lone *ssh*le with no social life decides to jam up the net, why? Simply because he can. Pathetic. Its amazing to me that anyone would do this. I certainly feel sometimes in the minority about treating my fellow man fairly. Its hurting the credibility of all computer coders... and although I might be out on a limb, OPEN SOURCE too. Some jerk decides to do this, and guess what? All of the precious freedoms that we have will slip away. Certainly all of the "freedom" net principles /.ers extoll so loud will disappear within cries of "look what they can do!!!" Don't think that for a second that some Gov't group is not watching this... taking notes... making policy. Viruses and their kind hurt open source. Make us look like outlaws. Forcing them to remove freedoms on the 'net. Don't laugh... regulations are coming. A few are destroying the whole movement. If you know a person that does this kind of virus crap, talk them out of it... or turn them in, this CODE RED bastard is TRULY a criminal. It is no less malicious than going to every major religious landmark in the world and spraying "BITCH" on it, or going to everyone's office and doing the same... these are our stomping grounds, churches, and our offices. Don't deride others for their server choices. GO after the pricks that made the virus.

Re:Microsoft to be the target of (more) lawsuits?

[Shotgun]

Except that the EULA, any EULA, is absolute and total bullshit, except in Maryland and Virginia(?) who think UCITA makes sense.

You can't make addendums to a contract after the sale without agreement from both sides. Clicking a button or hitting a key does not constitute proof of agreement. That requires a signature. Please help spread the news that EULA's are bullshit until they are upheld in a court of law or supported by legislation. At the present, they are just some grandstanding bullshit from rich software companies with nothing more than threats from lawyers standing behind them.

BTW, did I mention that EULAs are BULLSHIT mumbo-jumbo legalese that don't have the force of spit.

Re:Microsoft to be the target of (more) lawsuits?

[lizrd]

The difference is that you purchase ISP service on a subscription plan. If they change their TOS or AUP in a way that you don't like, you're free to complain until they cancel your account and quit sending you a bill every month. Lucky thing is that there is still a small amount of competition in the ISP market and you really do have some choice in the matter.

Re:A Bad Sign

The real question is why Hotmail doesn't pull their head out of their ass and protect against dictionary attacks. I have a very guessable Yahoo address that I've never distributed, and there's 0 spam in there.

Re:What the hell.

[mrmag00]

you make it sound like its no big deal. what if one of the records it /just/ doesn't show was your account balance, so the software defaults it to 0? databases store a lot more critical data then your little account balance too, think about it a bit.

Re:Make Sense

[NewbieSpaz]

I'm still able to get my hotmail... *shrug*

All part of the new design

[Nick+Number]

MSN Hotmail has a new look!
MSN Hotmail has a brand new face...and it's easier to use. You'll find it easier to create and manage your folders, see which of your Messenger buddies has been hacked by chinese, and quickly choose names from your Address Book when send document for to ask advice.

Re:All part of the new design

[snake_dad]

You mean that was a ...... joke?

Re:All part of the new design

[Zach+Baker]

Comedy gold!

Gun? Poison? Electrocution? Angry Penguins?

[BigBlockMopar]

MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill: .. At our Comdex booth

Have him spray the booth in herring oil, then release the penguins...

Oh, that would be messy. :)

Re:Okay so...

[jayhawk88]

Two things:

They have said that Hotmail should not be trusted to store valuable mail: They're right. It's a free email service that you have no direct control over. If it's important, save a copy locally.

I've also told them that the correct solution is to bounce new incoming emails....They don't get it. They don't understand.: Keep in mind your probably corresponding with people who's sum technical knowledge comes from the troubleshooting-script book they have on their desk.

Re:Microsoft to be the target of (more) lawsuits?

[slimme]

Who has losses that arise from code red?

ISP's and individuals/companies paying for bandwith used.

Who causes this mess?

People who haven't patched their software (gross negligence).

Who can sue who?

People who have losses because of gross negligence.

Micorosoft is shielded by a EULA that limits (or denies)liability (although this EULA might not be fully apllicable worldwide).

Re:Security versus Ease-Of-use

[NewtonsLaw]

Hey, make a server system so user-friendly that an idiot can use it -- and only idiots will!

Re:Get a switch.

[Bender+Unit+22]

No, you are a moron, and yes I do know whats under the hood of my switch. It was built for this, and the CPU load is below always below 8%.
I guess you don't know much about using layer 4-7 switches for load balancing your website.

Make Sense

[e-matt]

That would explain why I couldn't get to one of my hotmail accounts

I just assumed they migrated that server to Win 2000 from BSD

Re:Make Sense

Code Red just crashes NT when the probe happens. I've been watching them crash -- fortunately they're someone elses'.

Re:Make Sense

[ckd]

I doubt it, since only some of the W2K HotMail servers are infected (according to Microsoft, anyway). I suppose they missed a few or just ran out of time to patch them all - how many boxen do you think they have to patch? Lots?

The patch has been out since what, June? MS is happy to say "we had a patch out months ago, sent out plenty of warnings, everyone had plenty of time to stop this, it's not our fault they didn't patch it" when people complain about the problem.

The fact that they didn't get their systems patched is a real indictment of either their system administration practices (if even the vendor doesn't install widely-publicized vendor patches, how can they claim that Bob's Bait Store should always be up to date?) or the "easy administration" of W2K. Unfortunately I doubt anyone will actually be indicted....

Re:Make Sense

[Zocalo]

That would explain why I couldn't get to one of my hotmail accounts

I doubt it, since only some of the W2K HotMail servers are infected (according to Microsoft, anyway). I suppose they missed a few or just ran out of time to patch them all - how many boxen do you think they have to patch? Lots?

Unless Code Red II on the infected servers is having a field day with all those other NT boxen on the same subnet and they are suffering from congestion of course. Either way, it might explain why I haven't received any SirCam emails recently...

Re:Make Sense

code red II doesn't infect NT I think.

Bzzt! Wrong! Thanks for playing, we have some lovely parting gifts for you.

Code Red targets any NT or Windows 2000 machine running indexing services with IIS.

Re:Make Sense

[RobNich]

how many boxen do you think they have to patch

Hmm, that's 5 users per dual P3-1Ghz, 2GB RAM server...

Re:Make Sense

[LinuxHam]

so yes, NT 4 can be easily infected

CR-2 does not infect NT4. It uses a Win2k-specific API call which crashes NT boxes, but does not infect them. That may be only for the installation of CR-II's back door. If the box crashes, it gets rebooted and uninfected.

Re:How to choose a web server for your company

[hattig]

For A Linux box or a Windows box, go through the same list and realize that it's the administrator that matters. Not the OS! Really. A windows box can be just as secure as linux box if the administrator knows what he is doing. An admin for a win2k box is cheaper than a linux admin. There's more of them. So the cost of the OS takes itself out.

Oooohh, the total cost of ownership argument rears its ugly head again! :)

As I said, most MCSE's don't know left from right. They may be cheap, but there is a reason for that! You gets what you pays for.

Linux does get security holes, although a well configured install should have less opportunity. If the box is only running sshd, httpd and a database, then you cut down the options for attack immediately. If you run OpenBSD you will be pretty safe out of the box!

Windows appears to get a major security hole several times a year, and people just don't learn. This isn't about a webserver, it is about the future of your data and personal information, because that is what Microsoft wants to manage via Passport.

My post you quoted was a joke, although it got a couple of informatives (?!) as well. Code Red has proved that most admins for windows system don't patch their machines, possibly because MS patches tend to mess things up like Exchange so they don't work. So to use MS, you need a duplicate setup of your servers just to test out these patches and check they will work when used on production equipment. That is expensive, even if the hardware is old, the software needs licenses.

The fact that Code Red has infected so many home users suggests a big piracy problem to me. No wonder MS have WPA in XP. I bet that WPA won't make people buy Windows though, they will stick with what they have, and eventually be forced to check out an alternative OS.

Of course, for some applications, MS will be the right choice. .NET looks like it will be very good, however MS want to fix it up in patents to prevent interoperability and keep it to themselves and their friends. Linux/BSD/etc does not need a .NET clone, it needs its own system that works like .NET, but using open, free software and algorithms, all managable from a single command line and GUI tool. Easy to set up, easy to configure, cross platform and easy to interoperate with other vendors. I call it "The Unix Business Platform"... :)

Hmmm...free e-mail 'aint so free with MS

[Linux+Freak]

Hmmm...Hotmail used to be a *fantastic* mail service until MS took it over (first, they added SSL which made accessing it from lynx impossible. Fortunately lynx-ssl made it possible again. Then, they added Javascript. Bastards. Javascript, for MAIL???)

Then Hotmail moved their cluster (several times, if memory serves) from trusty, reliable FreeBSD servers to MS products. We have seen the results of this changeover in the past, and now we're seeing what happens now with all the viruses floating around in MS-land.

I was happy enough to discover Yahoo Mail, which IS running on FreeBSD servers, and DOESN'T need SSL or Javascript to access. Haven't had a problem since then. :-)

Re:Hmmm...free e-mail 'aint so free with MS

[NutscrapeSucks]

Umm, many of Yahoo Mail's features do in fact require JavaScript (multiple msg delete, attachments, for example). The basic functions are fine without tho.

(Someone needs to hack a text version of mozilla for you guys.)

Re:Hmmm...free e-mail 'aint so free with MS

[Mr.+Sketch]

I agree. I love yahoo mail, much more than hotmail. Not to mention the fact that I can check my yahoo mail from home with a pop3 client or have all mail forwarded to another address and thus use my yahoo address as a permanant address. I can't do any of these from hotmail because once the mail gets into hotmail the only way to get it out is to manually forward out each message, what a pain. But my hotmail account does serve a purpose: the spam purpose. It's the only account I give out online that could potentially be picked up by spam bots.

Microsoft to be the target of (more) lawsuits?

[DG]

Back in the Dark Ages of corporate acceptance of Free Software (circa '97 or so) a common pointy-haired manager complaint was "Who do we sue?"

IE, if the software contained some fatal flaw that resulted in Actual Money being lost, the corporation could go after a commercial software house in the courts in an attempt to recover costs.

Free Software, being provided as a community service with no sue-able corporation behind it, lacked this perceived accountability.

Well, here we have a gold-plated example of a fatal flaw in a piece of commercial software, coupled to a lax attitude towards fixing it, that has without question resulted in the loss of Actual Money by a great deal of people. One would think then, that IS Managers across the world would be queuing up to sue Microsoft and recover their costs.

Anybody seeing any evidence of this happening?

Re:Microsoft to be the target of (more) lawsuits?

Micorosoft is shielded by a EULA that limits (or denies)liability (although this EULA might not be fully apllicable worldwide).

His point was that a company wants someone to be responsible when a business critical application is causing problems. Now, we could argue that MS's EULA would not hold up to a consumer class action lawsuit. But we can also argue that since MS denies responsibility, then it is not offering any more than free software's warranties. You would do better to use a modified apache server from IBM that is more stable and has IBM to support your problems.

Re:Microsoft to be the target of (more) lawsuits?

[xeno-cat]

I don't think that the legality of suing is really his point. The point he is trying to make is a good one, and it is something I have bumped into time and again. The scenario usualy involves some underqualified over promoted "manager" who knows that a lot of cash is about to be spent, and they want to spend it. During the requirements process it's suggested that maybe the software could just be downloaded for free. Instead of spending a half million ( yes actually 1/2 mil ) on web server software that is non-standard, slow and unstable, we could hire a couple programmers to work full time on improving the free stuff. This would get us in deep with the commnity that actually produces the software and would provide us a higher level of support then we ( actually got ) could get from some sleezy proprietary company, "I mean, did you see there presentation"?

Now the big show stopper was that they were going to be spending alot of money and needed to be able to go after a company legally if things went bad.

Well, things went bad. The software suxors and do you think they can even get the company on the phone? Actually, do you even think that this manager has even tried? Who cares, it sounds agravating and there's no money to spend.

Re:Microsoft to be the target of (more) lawsuits?

[iCEBaLM]

You're right on the money for the most part, however lets make a little modification:

Who has losses that arise from code red?

ISP's and individuals/companies paying for bandwith used.

Who causes this mess?

Microsoft who left a remote buffer overflow in the 5th version of their IIS software

Who can sue who?

People who have losses because of gross negligence.

-- iCEBaLM

Re:Microsoft to be the target of (more) lawsuits?

[dslbrian]

System administrators and computer users in general need to be more concerned with the costs of not applying security patches.

Perhaps the real issue is that system admins and computer users in general need to be more concerned with the costs of RUNNING IIS WEBSERVERS. One would think that Apache is just as susceptable to these problems as IIS, especially given that the source is readily available. But of course it doesn't seem to work out that way. The real issue is that MS doesn't take the time to properly make IIS secure in the first place (and given that its closed source, noone is going to help them do it). MS just doesn't seem to be learning from historical mistakes they make. Instead of really fixing things, they simply throw PR dollars at it in an attempt to minimize the blame. I imagine once these incidents are repeated enough smart admins will move to a different platform (and the non-smart admins will simply repeat these mistakes all over again...)

A more serious effort also has to be made to convince crackers that there will be serious penalties for releasing these viruses/trojans/worms.

This is not a practical solution, you can't prosecute what you can't find. And since Code Red has no identifiers to point to the source, odds are noone will ever get the blame for it.

Re:Microsoft to be the target of (more) lawsuits?

Im fairly sure that I read someplace that a law was passed in the US that makes it so when you click "I agree" it is the same as providing a signiture. This has been used a lot with online petitions, as well as those nasty things called EULA's. In any case.. Microsoft really needs to get its act together. They aren't getting the best of press right now, and .net is coming out soon, which they want to work real well... As with many of you, I am not going to touch anything .net made by M$.. My hotmail account I use as a throwaway account, and for msn instant messanger, so I really could care less what happened to my mail. If I am doing online transactions with .net, or whatever else, and this kinda stuff happens, id be pissed.. but we still wont be able to sue them..

Re:Microsoft to be the target of (more) lawsuits?

[jrockway]

Even the GPL adds this:

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

RMS already emphasized the important parts :) My work here is finished.

Re:Microsoft to be the target of (more) lawsuits?

[slimme]

This may all be very true for consumers. They need protection when agreeing to contracts.

However businesses are expected to be more knowledgeable when agreeing (explicitly or implicitly) to a contract. Adding to this is the fact that businesses usually buy more than 1 software from a vendor, so they are supposed to know what they are signing (or agreeing to).

Re:Microsoft to be the target of (more) lawsuits?

[n0rm]

We found some crap on our IIS server a couple of weeks ago.

Just guess the CIO's ( chemist ) response to my telling him that one of the options we were looking at was Linux or FreeBSD ( which run on our hardware ). I was told that he wouldn't support those changes because he needed someone to blame.

Re:Microsoft to be the target of (more) lawsuits?

[slimme]

I don't think Microsoft ever claimed their software to be flawless (usually they cover their ass very well when it comes to legalese. And so they have every right to put a clause like "Microsoft does not accept responsability for losses arising from the use of this software." And this is especially true for flaws for which they provided a patch.

If you buy (download) software and expect that there are no flaws in there you might as wel think that fairy tales are true.

Microsoft did not cause any damage (except for their hotmail servers and other MS owned servers that got infected).

The people who control unpatched servers do cause damage and should be prosecuted to the full extent of the law (civil or criminal) for gross negligence.

Re:Microsoft to be the target of (more) lawsuits?

[EvlG]

What about ISPs and such that modify the TOS or AUP after the sale? I would certainly never agree to a change in my service, but they do it anyway.

If these aren't legal, why isn't more of a fuss raised about them?

Re:Microsoft to be the target of (more) lawsuits?

[WNight]

EULAs aren't binding. Even if they were, you can't sign away your right to legal action, except as a result of some legal action (class action lawsuit preclude any other cases...)

Here's the pointform reasons why EULAs aren't binding.

1) Contracts require 'consideration' (Both parties must get something.) They get your agreement, you get nothing. (You've already bought the software and are entitled to use it, they can't take that away.) Thus the contract is voided.

2) Contracts must be voluntary. If I take something of yours (the software you've purchased) and won't give it to you till you sign the contract, the contract is void. Because they remove functionality until you 'agree', the contract isn't binding.

There are a few other reasons, and those can be fleshed out a bit, but without the UCITA, EULAs aren't binding. That's the whole reason they (MS, etc) are buying votes to get the UCITA passed.

So, if MS software formats your HD, or is so insecure it allows someone else to do so, you can sue MS. Of course, you'll *never* win, MS has proven time and again that they're willing to tell outright lies to the judge in order to win a lawsuit. But you're still entitled to sue and theoretically, you might win. If you find an honest judge (unlike Kaplan who was bought and paid for by the MPAA courtesy of Time Warner.)

Yes, this is true. Quote me on it. Bill Gates has committed perjury during the anti-trust trial. If he wasn't a billionarie, he'd have spent time in jail for it. As was, nothing. Gotta love America, the best justice system money can buy.

Re:Microsoft to be the target of (more) lawsuits?

It might when you point out that they come so fast, and are such a pain to install over an entire cluster that the MANUFACTURER of said patch was unable to patch their systems (both the security critical windowsupdate.microsoft.com cluster and hotmail.com).

Re:Microsoft to be the target of (more) lawsuits?

What about ISPs and such that modify the TOS or AUP after the sale? I would certainly never agree to a change in my service, but they do it anyway.

If these aren't legal, why isn't more of a fuss raised about them?

It's very simple. If you disagree with their change they can throw you out. Your original contract _always_ has a clause telling you they can nullify it whenever they please. So you _could_ go to court and have the court tell the isp they have to make the original contract apply to you, it would be a hollow victory, since you would lose your connection.

Most people just swallow their anger and accept the inferior service, even if it's unfair. At least they still have service.

Re:Ironic...

[Pinball+Wizard]

they're not that good at making money

32 billion dollars in cash in the bank, increasing by a billion per month, and thats not very good at making money?!

Who by your standards is good at making money?

Code Red is a welcome situation for admins

[The-Dork]

Its gonna help people to format their harddrives and reinstall their 'favourite' OS from the evil empire.

As far as i have seen, the performance of a Windoze server is inversely proportional to the time since a reinstall. Less the time between reinstalls, more the performance. Its that simple !

jobs.osdn.com

[throx]

Either someone has hacked up Apache to report a different server string, or jobs.osdn.com is actually running IIS 5.0.

THAT is interesting!!

Not Only Ironic but Hilarious!

Microsoft is going to provide professional services!!! Oh! Ho! Ho! Ho! That's a good joke! That's rich! That's a real knee slapper!

Why, they can't even get their "amateur" services to work. What else can you call MSN, Passport and Hotmail but amateur (or should that be amateurish?)? Even PC Magazine rates MSN at the bottom of the list of ISP's along with AOL!

Re:Not Only Ironic but Hilarious!

Who is rated at top of the list?

Earthlink?

Or some loser with a room full of Linux boxes and a customer base of 1500?

Sorry.

Re:Other keywords that identify faggoty Brits

[TeraCo]

Or in fact, anyone who isn't American.

Aussie aussie aussie!

Email

[Paul+Anagnostopoulos]

I'm new here. Aren't all the email services you're discussing free services? Could there be a correlation between free and crappy? ~~ Paul

Re:Email

[jvanber]

Uh, linux is free. You tell me if there is a correlation.

Re:Security versus Ease-Of-use

[SCHecklerX]

These are servers.

They are difficult to patch or upgrade or remotely configure or fix, or even publish to.

So...how, exactly, are these systems easy to use again?

Not just MS Hotmail server with the bug

[jmoo]

I work for a small company that handles license production for a number of the software companies, most of the stuff for OEMs - one of them is Microsoft. (You know that little piece of paper with the cool hologram and bunch of numbers? We make them)

Now Microsoft is very critical about who gets access to the serial numbers and databases. They have there own servers, VLAN, and firewall at our plants for distribution of licenses. Think it would be pretty secure, right?

Well not really, they all got Code Red when it first came out. Now we were cleaning Code Red up on our own webserver (Yeah, I know, should have patched) Noticed that the MS server were infected, called up MS and told them what was up. They didn't believe us and told us the servers were already patched. Took a number of calls and yelling to get their boxes fixed.

I don't know if its really funny or really sad.

Re:Not just MS Hotmail server with the bug

Since I live in Seattle, I know quite a few people who work for the Evil Empire. I happen to know that the documentation and testing servers got hit as well.

Apparently, even though there was notice about the bug, it wasn't even reported very well internally. The first that MS employees were hearing about the problem was when the news hit about the worm. Of course, by that time it was too late.

Re:How to choose a web server for your company

[Helevius]

I agree the sys admin matters, but it's not as simple as that. Try reading Securing Windows NT/2000 Servers by Stefan Norberg. To securely admin a Windows NT/2000 box, Stefan advocates ripping most of its guts out (NetBIOS, Workstation and Server services, etc.)

NT's standard remote admin tools, like Event Viewer and Server Manager, require RPC using NetBIOS, which is difficult if not impossible to secure.

UNIX may have its problems, but secure remote administration using native tools is not one of them.

Helevius

I'm not sure about anyone else..

[reflective+recursion]

But my cable provider (Road Runner) has been having problems today and yesterday (connection seems to just go "poof"). Might not be this virus though. I've had 1676 attempts on my cable connection. Finally I shut down Apache (getting tired of it loading from inetd).

From looking at /var/log/messages it seems there have been numerous attempts today, most of which are from RR.

July (19-20ish): 22 hits
August 1st : 22 hits
August 2nd : 26 hits
August 3rd : 30 hits
August 4th : 205 hits
August 5th : 318 hits
August 6th : 352 hits (!)
August 7th : 253 hits
August 8th : 210 hits
August 9th : ~193 hits as of 11:18am

Yawn

[DataSquid]

Now when it hit their Windows Update site, that was funny. Slow day?

Re:Yawn

[Andrewkov]

No, he would write an MS Outlook virus which would install the patch automatically!

Re:Yawn

Well, MS did send this out through it's security list:

Date: Mon, 30 Jul 2001 11:39:12 -0700
Sender: Microsoft Product Security Notification Service
From: Microsoft Product Security
Subject: URGENT MICROSOFT SECURITY ANNOUNCEMENT

-----BEGIN PGP SIGNED MESSAGE-----

The Microsoft Security Response Center, along with other
organizations listed below, is jointly publishing this alert that
ALL IIS ADMINISTRATORS ARE ASKED TO READ

A Very Real and Present Threat to the Internet:
July 31 Deadline For Action

Summary:

The Code Red Worm and mutations of the worm pose a
continued and serious threat to Internet users. Immediate action
is required to combat this threat. Users who have deployed
software that is vulnerable to the worm (Microsoft IIS
Versions 4.0 and 5.0) must install, if they have not done so
already, a vital security patch.

How Big Is The Problem? (...)

[Wouldn't be shocked if someone got fired over this one...]

excuse me, but....

[AugstWest]

heh. heheheh. heheheheheheheheheheheh..... hehehehaehahahahahahahaaaaaaaahahahahaaaaaaaaaaaaa aaaaaaaaaa.... oh, man...... heheheh. muahahahahahahahahaaaaaaaaaaaaaaaaaaaahahahahaHAHA HAHAHAHAAAAAAAAAAAAAAAAAAAAa...

hee heeeeeeee....

Re:I didn't know that MS used IIS for Hotmail

[3am]

i think it's FreeBSD, which came with hotmail when they acquired the company that developed it. I've only heard this, and cannot confirm it in the least.

Security versus Ease-Of-use

[rajslashdot]

This whole code-red business brings to the front the trade-offs between security and ease of use

This episode really highlights difficulties faced by end-users in patching up systems, that are fundamentally architected with a weak security, continually.

When even Microsoft finds it difficult to keep-up, how can we blame the others?

The battle ahead between linux and microsoft, will really boil down to this fundamental tradeoff, and the current problems with code-red really help in raising the security conciousness of the server community

Re:Security versus Ease-Of-use

[Tackhead]

>>that are fundamentally architected with a weak security
>
> "architected"? WTF?

Calvin: "I like to verb words."
Hobbes: "What?"
Calvin: "I take nouns and adjectives and use them as verbs. Remember when `access' was a thing? Now it's something you do . It got verbed."
Calvin: "Verbing weirds language."
Hobbes: "Maybe we can eventually make language a complete impediment to understanding."

Re:Security versus Ease-Of-use

[lucius]

that are fundamentally architected with a weak security

"architected"? WTF?

Re:Security versus Ease-Of-use

[Tony-A]

The internet has been IIS'd.
Blame it on the UN-patchy web server.

The thing is

[pudge_lightyear]

XP and beyond will have mandatory registration processes which will inevitably (spelling?) tick some people off. These will most likely be power users who will install on two to three computers at home who don't want to pay M$ all that money. Many of these ticked off users will become hackers (which may also be inevitable) as they find how easy it is through learning to be a power user under a different OS. So, M$ is creating a bunch of Ticked-Off Hackers who will probably just create more and more of these annoyances.

Re:The thing is

[frog51]

I think the definition of power user here is incorrect - there is no Microsoft product which comes into the "Power" category. Clustering windows servers gets you possibly into mid-range, but it's pretty much low end.
For high end, you are talking big iron from IBM, SUN, Cray or SGI, or massive Unix/Linux clusters a la ASCI, Lawrence Livermore etc.

However, if these hackers you mention do get ticked off and learn linux/freeBSD or a.n.other *nix the experience may well be good for them. Some of these people may be the gurus of the future.

Re:The thing is

Wow. A dicksize war. Who woulda thought?

BSD, Windows, whatever...

[HerrGlock]

When they tried to run Hotmail with NT, it crashed. When they tried to switch to 2000, it gets Code Red'd.

Why don't they just keep with what works, FreeBSD.

DanH

Re:BSD, Windows, whatever...

[vs]

Why don't they just keep with what works, FreeBSD.

Because then the usual suspects wouldn't have any obvious reasons to post the *BSD is dying stuff.

Yes, it is a problem

[billh]

Okay, people keep saying it isn't a problem, the news doesn't know what to say about it, but I can confirm, it is a problem. More of a pain in the ass. Cisco DSL modems are still vulnerable, because people don't realize it is code red locking them up. Infected IIS servers are all over the place, and I keep getting more scans every day.

On my web server (with multiple IPs), 689 probes yesterday. 613 of those were Code Red II. 685 the day before (578 were CRII). 543 the day before that (419 CRII). 433 the day before that (224 CRII).

So, simply put, Code Red II is worse than Code Red, and getting more so. Who cares what it does to the servers, right now, it is a major pain in the ass.

Ever tried explaining to a client that their network is down because of a worm that infects web servers? And no, I didn't install those Ciscos, I would have brought CBOS up to date if I had.

Re:Yes, it is a problem

FYI -- they have a work around set web prot 1111 or any other number write and reboot So far the routers have been up for 2 days compared to 2 hours

Irony?

[rnturn]

And this the company whose software that the vast majority of ISPs insist that you use if you want to connect to the internet using their lines.

I think I'll have some new ammunition the next time I get into an argument with an ISP over what software I'm allowed to run.

true

[e2d2]

I think my sarcasm was over stated. I shouldn't imply that everyone that reads slashdot is a drone zealot. I simply wanted to give a good laugh, my typical motivation. It's good to laugh at yourself and others just to keep sane.

I do believe that there are plenty of the M$ drones as you say, implementing MS solutions just because they come from MS and MS can do no wrong in their eyes. And there are just as many GPL sealots out there touting quirky tag lines climbing to the speakers pedestal every chance they get to "defend free speech". I sit on the fence laughing at everyone, including myself, for being swept up in bravado and a lot of rhetoric.

I simply wanted to give a good laugh and maybe try and work in an asimov reference while I was at it
:-)

Re:A Bad Sign

"Could you imagine the heat MS would be getting if they charged for Hotmail?" They are already doing so with their Windows OS'es. It's the same ;-)

Re:code red, sircam, taco, and real business

Funny, when we shut down access to port 80 through our firewall, worker productivity went up 172%!

Decent reporting

[lavaforge]

The software giant on Wednesday confirmed that some of its MSN Hotmail servers were infected with a Code Red virus, the computer virus that exploits a vulnerability in Microsoft's own server systems.

The emphasis is my own, and I'm happy to point out that a reporting agency has finally begun to grasp the fact that Microsoft IIS is part of the problem.

Privacy Compromised

[Tremul]

This article doesn't mention the fact that anybody in the world could possibly have had unrestricted access to any number of email accounts. I wish they would post some statistics on the number of people who took advantage of the fact that there was a root shell on the hotmail servers.

Re:Privacy Compromised

[louzerr]

I had to set up a hotmail account just to chat with a friend on MSN Instant Messanger. If someone did break in an read my mail, I'm glad. I hate to think of all those bytes sitting there unused.

Easy way to stop Code Red infection

This is a sure way to uninfect your system if you have Code Red.

Step 1) Open a command prompt
Step 2) Run 'ping localhost'
Step 3) Press F7 and Enter quickly a couple times in a row

Your Code Red infection is now gone.

Thank you for your attention.

Re:Easy way to stop Code Red infection

Was this supposed to make my box reboot itself?

CodeRed's true motive revieled...

[the_ph0x`]

It seems this was the true attack pattern - to infiltrate the geek comunity by hitting hotmail servers. Thereby wreaking havok with all of the /. users spam accounts and ultimatly destroying our freedom of speech...

Well I know - it's a long shot as far as ideas go... but hey so is most of the stuff here. :)

.ph0x

It's not a worm

[lavaforge]

It's a feature.

as Cardinal Borusa always said...

[blair1q]

"There's nothing more useless than an internet account with a monthly cap."

--Blair
"You'll find truth only in mathematics."

Re:Aren't these CodeRed II attacks supposed to fin

[Chakat]

I didn't do a netcraft followup with any of these servers, but judging from the slightly different "there is nothing here" screens of the infected machines, a good amount of these servers are NT4 machines, which are rebooted a bit more than the more stable W2K machines. Plus, you've got to take into account those people who use these boxes as a work machine, and shut them down at the end of the day. Since these machines are not puting any real content on the server, the owners don't even know they're vulnerable.

"Just patch your servers"

[Havokmon]

Wasn't it Craig Mundie who said that, in refrence to WHOSE problem the virus was?

(twas a ZDNet story I can't seem to locate)

How long will this be going on

[bfree]

One little server on a little 128k leased line and the attack pattern since 1st August reads
13,35,24,27,27,63,73,47,32 (in 15 hours)
Until the 4th August all the attacks were from the initial breed (NNNNNN). On the 4th 3 of the 27 attacks were from the new breed (XXXXXX). On the 5th 15 NNNNN and 12 XXXXX. Day 6 and only 10 of the old breed arrive while 63 of the new breed are in and since then we are down to about 3 attacks of the old NNNNN per day.

I actually agree with the concept setting up a lot of machines to reply to the virus with the fix. It seems obvious that too many NT/2000 boxes out there are abandoned and vulnerable thanks to the lack of knowledge required to expose one. Who thinks that we won't see any attacks next month?

Re:How long will this be going on

[jelle]

"I actually agree with the concept setting up a lot of machines to reply to the virus with the fix."

The amusing part about that suggestion is that it is probably illegal to do so.

And if it were legal, then crashing the box might work better. Fixing it without the owner doing it will just lead to more lazyness on the part of the owner.

Re:Maybe they HAVE been patching...

[Sloppy]

While they probably have some sort of automated or remote patching facility,

Um... maybe that's where Code Red originally came from.

Load Balanced

[waldoj]

We discussed this one year ago this week. It was concluded that they were running a round-robin DNS, and you'd sometimes get Apache (~20% of the time) and sometimes get IIS 5.0 (~80% of the time.) To run your own experiment, try the script that I included at the time.

#!/bin/bash
i=1
while [ "$i" -lt 253 ]
do
lynx -head -dump http://lw7fd.law7.hotmail.msn.com/ |grep Server >> /var/tmp/hotmail
let i="$i"+1
done


-Waldo

Re:What the hell.

[sharkey]

IIRC, it doesn't DROP the records, it simply does not retreive & display them after the table they reside in gets to be a certain size. 1000 records, 10,000 records? The records are still there, they just don't show up in query results.

Bzzzt!

[es-mo]

I call your bluff; evidently you do not work for the same IBM that I do.

No IBM internal servers have been blocked, nor access to external servers.

Maybe they HAVE been patching...

[nettdata]

...strongly encourages everybody to install the patch, yet they themselves don't.

Somehow, when I picture a server farm, I see this clean, organized room with nice neat racks.

I remember hearing somewhere that the Redmond server farm consists of THOUSANDS of boxes. This equates to a huge warehouse of racks.

Now, I know what it takes for us in a small (50 person) company to patch our desktop and server machines, so it seems to me that this patching undertaking would take a LOT of people a LOT of time. Who knows, maybe they HAVE been patching their servers, it's just taking them months to do it!

While they probably have some sort of automated or remote patching facility, I like to envision a bunch of interns with crash carts (monitors/keyboards) and freshly burned CD's walking from rack to rack installing the patch.

Sucks to be them.

Re:Maybe they HAVE been patching...

[sjames]

Now, I know what it takes for us in a small (50 person) company to patch our desktop and server machines, so it seems to me that this patching undertaking would take a LOT of people a LOT of time. Who knows, maybe they HAVE been patching their servers, it's just taking them months to do it!

Perhaps they should fire off a simple script using ssh and awk that will make the update on all of the...OOOPS, I guess they hired a few more permatemp MCSEs who for some reason didn't have the real world ability you might expect from someone with such an illustrious certification.

Re:Maybe they HAVE been patching...

[MeNeXT]

Maybe they should get one large SUN system this way it would only take one patch. but then again it doesn't run W 2000.

Re:Maybe they HAVE been patching...

[WNight]

1) The bigger the system, the tidier it usually is. A small company can buy a few servers and network them easily. A thousand servers require a huge ammount of specialized equipment which is hard to misplace.

2) If you ever do anything requiring thousands of PCs, there's a 99.9% chance that you're doing something VERY wrong. Mainframes exist for a reason, that's because they're very much better at huge jobs. (Except for a few oddball tasks like google, or a render farm.)

There aren't a lot of really great remote-admin tools for Windows. This is because people doing HUGE jobs go buy mainframes. Only companies who failed the product-requirements phase use MS products on a large number of servers. (To a large degree, simply because PC hardware just doesn't cut it, and even 8-way XEONs are laughable compared to *real* computers.) If an admin has a thousand windows box either 1) they aren't mission-critical servers, or 2) the admin is clueless. (Or 3, the company needs to use its own products or nobody will respect it, at all.)

Re:Okay so...

[mallie_mcg]

Unfortunately you then get the other side of the coin, the number of EMails I have recieved from people trying to send EMails to a friend and having it bounce back with an over quota message and then demanding to know what that means or telling you to fix your computers is phenomenal.

I term these people aquaintance's. Not friends. I tend to call people who have a clue friends, well unless they are really really good looking. In which case they get my mobile number but no email address that i actually check :)

Re:Okay so...

Saying "Just my 2 cents" at the end of your posts shows you are someone who lacks assertivness and are afraid of treading on someone elses beliefs. Quit being a pansy ass.

Bzzt to your bzzt

The original poster was correct. IBM US had major outages (48 hours+) in Raleigh, Boulder, and Austin. I'm in Austin, and they restored connectivity fully only last evening at 8PM.

Re:What the hell.

[dillon_rinker]

> This company release a warning, what, like 6 months ago

June 18. Nowhere near 6 months ago. Barely a month before the onslaught of Code Red I.

I think you meant:

[flimflam]

GET /default.ida?heheheheheheheheheheheh.....heheheh.m uahahahahahahahahaaaaaaaaaaaaaaaaaaaahahahahaHAHAH AHAHAHAAAAAAAAAAAAAAAAAAAAa%u9090%u6858%ucbd3%u780 1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801% u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0

;-)

Re:Okay so...

[CodeMunch]

I was once a hardcore "Outlook" user but last October I switched to this:
http://www.junglemate.com
and I'll never go back - so far it has everything I need and accessing all my mail from practically anywhere is the only way to go. When your mailbox fills up, they defer for a day & then bounce your mail instead of automagically deleting :)

But we did already know

But we (slashdot) already knew this didn`t we?
Or at least the brave souls who read post at 1, don`t ask me why its not moderated up.

Cut, and paste:

Why code red is still around (Score:1)
by jerrytcow on Tuesday August 07, @05:58PM EST (#82)
(User #66962 Info)
I was looking at my server log, and couldn't believe how many hits from the second round code red it received. I did a DNS lookup on a few of the addressed (most of the hits seem to be from 64.x.x.x). Several are from 64.4.13.232 (msgr-cs22.msgr.hotmail.com).

At first I was astounded that so many users could running IIS still unpatched, but if sites like hotmail can't patch their servers, how can we expect the average home user to?

Re:code red, sircam, taco, and real business

We had some people get unplugged b/c they had the virus and weren't fixing it fast enough, but there is no general port 80 blockage that I am aware of.

Re:I didn't know that MS used IIS for Hotmail

[suwain_2]

Well... At some point (long ago) I went to Netcraft's "What's that site running?" section, and it told me it was FreeBSD. Supposedly they've switched to Windows 2000, but, as you can see if you read through all the posts, a lot of people still suspect that it's running FreeBSD on the 'back end'.

110 million accounts

[Nater]

It really caught my eye where they claimed 110 million Hotmail accounts. I wonder... if Hotmail implemented an activity percentile (a la Sourceforge) how many of those 110 million would fall into the bottom %1? ... the bottom %0.5?

Re:code red, sircam, taco, and real business

Same story at the Folsom site at least. And there is a _lot_ of stuff done over the web, at least for the team I'm on.

Re:Okay so...

[sumengen]

http://www.myrealbox.com/
from Novell is definitely the winner.

Re:Ironic...

[unicaller]

Actually, they're not that good at making money. They've coded themselves into a hole where people don't want to upgrade their software to new versions every year or two.

This is what I call the Novell effect you reach a point where people are happy with what they have and see no reasion to up grade.

Re:Proof

what is the gmx's OS ????

aha another reason Windows is better than linux

[arielb]

there's no McAfee or Symantec anti-virus tools for linux!

Okay so...

[UberOogie]

...Code Red is taking down Hotmail so that people can't get to their accounts that are filled up with SirCam?

Re:Okay so...

A word of advice, stay away from email.com They might run on solaris, but they are so bad that it's not the least bit amusing. It's down more than it's up and even when it's up it's very slow. They just went through a major upgrade and it still sucks.

I really wonder if they don't know what they are doing.

Re:Okay so...

And this is somehow suppose to excuse MS for insecure environments and poor support?

Re:Okay so...

[RisingSon]

They have said that Hotmail should not be trusted to store valuable mail (and that I should use outlook instead)

Or you could also use anything .NET to store your trusted information. I'm sure somehow .NET is different than Hotmail or MSN.

Re:Okay so...

[cworley]

>people can't get to their accounts that are filled up with SirCam

I was out of town for a week (two weeks ago), when I returned, the Hotmail Janitor had deleted all my saved mail in all my folders, and all I had left was that weeks spam/sircam.

In complaining to Hotmail support, they replied, to my Hotmail account, asking what the name of my Hotmail account was. I'm not joking -- they're that stupid.

In further correspondence, they have said that they can't recover anything deleted by their "auto janitor".

They have said that Hotmail should not be trusted to store valuable mail (and that I should use outlook instead -- the damn software responsible for SirCam in the first place).

They think this is my problem, and I should upgrade my anti-virus software (I've repeatedly assured them that I've been WinDoh's free for four years -- I can't find McAfee's Linux download site).

They say their anti-virus protection is sufficient -- yet I rec'd two more SirCam laced spams today. They won't let me download the contents (even though it won't hurt my Linux system).

I've told them that their anti-virus protection kicks in too late -- they need to not stick any email into the Inbox that has the SirCam virus (they don't let you download the attachment anyway -- why bother letting it fill up your quota).

I've told them they should shut down their Janitor and make backups until this problem is resolved, or more Hotmail customer's are going to get their accounts wiped out without backup.

I've also told them that the correct solution is to bounce new incoming emails headed for an over-quota user, rather than allowing the incoming email and deleting the existing, saved, mail.

They don't get it. They don't understand.

And, if any Microsoft troll cares to say I'm a liar about this (like they did the last time I reported this in Slashdot)... I have the email transcripts to proove that this is Hotmail's behavior.

I have found two solutions:

www.mail.com
www.graffiti.net

Both provide free email excellent (and web hosting) service, and are smart enough to not run Microsoft products.

Re:Okay so...

[purdue_thor]

They have said that Hotmail should not be trusted to store valuable mail: They're right. It's a free email service that you have no direct control over. If it's important, save a copy locally.
I can't say this is a valid point anymore. MS is placing so much importance on Passport (which Hotmail is a part of) and their whole .NET strategy that this is inexcusable. Are businesses, or individuals for that matter, really supposed to trust MS with their data? Besides, what good is an account if you can't trust it for anything important? At that point, it's just another way for people to spam me. Even something as trivial as my friend sending me some digital pics -- that would irk me if they never showed up because some Hotmail Admin deleted them. It's one thing for them to say that "it's free so don't complain", but it's another thing entirely when the company saying this is rolling out a huge service that is supposed to change computing entirely. Just my $0.02.

Re:Okay so...

[prowler1]

Unfortunately you then get the other side of the coin, the number of EMails I have recieved from people trying to send EMails to a friend and having it bounce back with an over quota message and then demanding to know what that means or telling you to fix your computers is phenomenal.

Proof

[jlemmerer]

thats a good proof of the "security" of microsoft servers. i long switched to gmx.net

Re:Proof

[NewbieSpaz]

Netcraft shows that it's Linux, FYI...

Re:What the hell.

[Fishstick]

read all about it...

Losing track of Nuclear materials
Nuclear Materials System Not Buggy, Says Microsoft

...and then decide for yourself

Re:code red, sircam, taco, and real business

Workers get things done, they dont wander in circles holding their heads chanting "ohmygod...ohmygod.."

They do where I work - The Christian Coalition.

SirCams

W32/SirCam@MM Virus Found

There is no cure available for the virus on the file test.doc.pif

It is not possible to download files from Hotmail that contain incurable viruses. Contact the originator of the file, inform them that the file contains a virus, and ask them to send a virus-free version of the file.

Re:Get a switch.

[unicaller]

I think you mean a router.

code red boon for page views.. let's make some $

[SethJohnson]

After reviewing my apache access_log for the past few days, I noticed that I'm getting a huge amount of traffic from http requests asking for /default.ida. I'm wondering if there's some way I can hook up with one of those casino web advertisers and host their banner ads on my docroot as /index.ida... Seems to be a lot of unique IPs requesting this file.. In other words, point the scourge at the scourge and make money from it Fist Full of Dollars style.

Reality check - Hotmail is a free service

[codecowboy]

Um, I actually am surprised to see the level of hostility levied towards a service that is provided free of charge to the general public. One thing that is also interesting is the number of posts (I knew it was inevitable) touting Linux. I love Linux. I think it's great. You want to know why there are no real virus threats against Linux? It's because no one has targeted it. Maybe all the virus writers are 15 years old and using Linux? It seems to me that *no* OS is safe if people really want to target it, and laughing at the misfortune of another smacks of immaturity and a certain foolishness.

Re:code red, sircam, taco, and real business

read the notes from the intel employees above and talk about bulls* again. in a lot of companies, the internal technical support is done through a web page to 'reduce costs'. but how do the employees tell tech support that their web page is down :)

I didn't know that MS used IIS for Hotmail

[Captain_Frisk]

I seem to remember some savvy /.er out there somewhere who showed that MS was actually using Linux to power Hotmail. Maybe with the recent facelift upgrade they did, they changed the backend as well...

Captain_Frisk

Re:I didn't know that MS used IIS for Hotmail

[Zocalo]

Maybe with the recent facelift upgrade they did, they changed the backend as well... Most, if not all, of HotMail should have been migrated from BSD to NT/IIS by now. It looks like they have not gone with SMS (System Management Server) as well though, because isn't that supposed to make managing patching large numbers of NT boxen easy?

Oh, wait, maybe Microsoft is exaggerating that products' abilities in large installs as well... ;)

Re:I didn't know that MS used IIS for Hotmail

[NoOneInParticular]

Just checked all sites ending on hotmail.com at netcraft:

ad.law3.hotmail.com
ad.law4.hotmail.com
ad.law7.hotmail.com

all run Apache/1.2.6 on FreeBSD.

the other four run IIS

Re:A Bad Sign

What's new? People rag on Linux all the time.

Re:How to choose a web server for your company

This is the first time I've ever replied to anything at slashdot, although I've read the boards for a couple of years now. Just a point about Exchange running IIS. In Exchange 2000, this is an absolute must for Outlook Web Access. It's ugly, a security hole, but a service demanded by corporate users who travel extensively. I run the Network Services for a large multi-national corporation. If I had my way, we'ld be running Sendmail on Unix boxes with Apache as the web front end, but somehow, the executives like the fact that we use MS. Life can be unbearably painful some days in an MS shop! Fortunately we are heterogeneous, but the Linux and Unix boxes are just as useless as the MS boxes when Code Red infected machines (we develop software and for some reason, developers like running IIS on their workstation whether or not they need it) start flooding the WAN pipes.

Other keywords that identify faggoty Brits

colour
favourite
mum
bloke

And the real difference: Americans are citizens. The Brits are subjects.

ROFL

hahahaha :)

Re:One Person

[banshee2000]

My guess is they're working on CRIII

"No reported slow-down in service"

Probably because the rest of their servers run BSD...

How to choose a web server for your company

[hattig]

1) Pick a platform that is difficult to administer remotely

2) Pick a platform that is insecure

3) Pick a platform that can't handle the amount of customers you have

4) Pick a platform that costs a tonne of money

5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth

6) Pick a platform that is proprietary

7) Pick a platform that runs on low-end server hardware or worse only

8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years

9) Pick a platform with a database server that "loses" data given certain queries

10) Pick a platform that is forever morphing, changing technology, and has a history of instability

11) Pick a platform which would get you the sack if management had a clue

:)

Re:How to choose a web server for your company

Good one dick head. How many times have you gone over the Apachie code line by line to ensure that it it bug free?

Re:How to choose a web server for your company

[clinko]

Yea, the cost of ownership part was kinda offtopic, but so is this whole thread. But you make good points in here too.

Re:How to choose a web server for your company

[Chris+Johnson]

"A windows box can be just as secure as linux box if the administrator knows what he is doing."

Ha!

Prove it. Let's see the code. The _real_ code, the code that actually ships inside the binaries.

Evidence would tend to suggest you couldn't be wronger... and the ability of the admin has _nothing_ to do with it. What else is out there waiting for enough damage to justify a 'patch'? What evidence do you have that the 'patch' does what you expect and want?

Re:How to choose a web server for your company

EEK! +5 funny and my karma has gone down by 2 points because of two overrateds. Hey, Taco. Is that my fault? Stupid broken karma. :) All the current system can do it reduce it. What is the point of having it. My Karma is now at 69. Hmmm. Oh yeah, baby!

Re:How to choose a web server for your company

[clinko]

Think about this...

For A Linux box or a Windows box, go through the same list and realize that it's the administrator that matters. Not the OS! Really. A windows box can be just as secure as linux box if the administrator knows what he is doing. An admin for a win2k box is cheaper than a linux admin. There's more of them. So the cost of the OS takes itself out.

1) Pick a platform that is difficult to administer remotely
(2) Pick a platform that is insecure
3) Pick a platform that can't handle the amount of customers you have
4) Pick a platform that costs a tonne of money
5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth

6) Pick a platform that is proprietary

7) Pick a platform that runs on low-end server hardware or worse only

8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years

9) Pick a platform with a database server that "loses" data given certain queries

10) Pick a platform that is forever morphing, changing technology, and has a history of instability

11) Pick a platform which would get you the sack if management had a clue

Re:How to choose a web server for your company

[ednopantz]

>most admins for windows system don't patch their machines

Actually, Code Red shows that most admins do patch their machines, but that even a small number of unpatched systems can still wreak havoc.

Anyone cluefull enough to know that Exchange could be broken by some patches is probably cluefull enough to disable default (!) IIS on boxes that aren't actually serving as web servers.

Anyone who runs Exchange and IIS on the same box (make that Exchange and anything, or maybe I should just leave that at anyone who runs Exchange) has some explaining to do.

Re:How to choose a web server for your company

[Sloppy]

I think that in Microsoft's case, it's excusable. Companies have good non-technical non-merit reasons for wanting to use their own products. It makes sense. I would do the same. Let me stress that: I would use my own stuff over other peoples', even if I knew my stuff was inferior. If I have a need for that product as a user, then I'm getting a free tester/debugger as a developer. Free help is a Good Thing. So I don't really blame MS for moving Hotmail over to their stuff.

But I can't figure out why anyone else would pick NT/2k as a server. At least with the desktop monopoly, there's a reason for it: a continuous legact going back 20 years. When someone chooses Windows clients, I don't like it and I disagree with it, but at least they're able to come up with some justification (which always involves some previously existing software). If a real mistake was made, it was made many many years ago, and they're simply locked in nowdays. If there's anything wrong with them now, it's just that they don't have the strength to try to dig themselves out of their hole.

But with the servers (especially when you get into Internet stuff, like email, web, etc. instead of merely office file servers), it's just mindboggling. I'm not saying NT is bad (I would say that, but it's another topic ;-) but what's really wrong with it, is that it just doesn't have anything going for it, and there were significantly already superior products. In order for someone to be using NT as a web server, they either had to trash an existing web server that probably worked better, or they had a blank slate and somehow picked Microsoft over all the other choices. Either way, it's just plain dumb. There isn't any continuous chain of lockin going back to the 80s, to blame it on.

Re:How to choose a web server for your company

Oh, please. We know. It isn't Open Source(tm) therefore by defintion it can never be secure.

Bleat bleat bleat.

Re:How to choose a web server for your company

[tempest303]

Still, what about #'s 1, 4, 7, 8, and 11?

While it's true a good Linux admin is more expensive, your average UNIX admin typically is far more clueful than your average NT/2k admin. (note: this is a broad generalization, applicable to large numbers of people, but not all of them, certainly.) I think part of the problem is that UNIX admins *tend* to know more things outside of their area of specialty, whereas there are a LOT of NT/2k admins out there who ONLY know NT/2k, nothing else.

Re:How to choose a web server for your company

That is to run a Windows NT/2000 box as a front end connected to the Internet. Much the same thing can be set about OpenBSD. Lots of services that I was used to on classic Slackware were missing the first time I brought up OpenBSD on my home network. It was a 'what the hell?' sitation until I realized all the services were turned off and ports blocked (in comparison to NetBSD which I was using at the time).

So obviously you turn off the services not needed if the box is to be 'secure.'

Also, 'Remote admin tools' by definition are a security risk. They just shouldn't be on a secure box. Go in and sit at the keyboard, lazy.

What was your point?

Re:How to choose a web server for your company

[clinko]

Thanks, I'm actually gonna go check this out at Barnes & Noble tonight.

Re:Aren't these CodeRed II attacks supposed to fin

[vondo]

Ahh, I thought they weren't supposed to be reinfected on reboot. And considering the worm reboots the machine, they should avoid propagating for all of about 10 minutes/day.

Question is, will the people who own these machines think it is strange that they are rebooting every day, or just think its par for the Win2K course.

I feel deprived (almost)

[Micah]

Can you believe I have not ever received one single Sircam OR "love bug" mail?

Re:I feel deprived (almost)

[idistrust]

Can you believe I have not ever received one single Sircam OR "love bug" mail?

Me neither. Procmail is a wonderful thing.

Mike.

Re:I feel deprived (almost)

[Micah]

I don't even use procmail. And my (several) e-mail address haven't been particularly secret.

That'll teach 'em!

[jcr]

Imagine trying to run an e-mail service on NT. What a pack of incompetent marketdroids.

-jcr

Re:That'll teach 'em!

[fat_mike]

I run Netscape Messaging Server on a Windows NT 4 Server. Its been running for six years straight now and only averages about two reboots a year. One of those is usally a Service Pack install. Haven't even had to upgrade the hardware, it just plods along. It's not the OS, it's how you configure it and the software running on it.

Re:That'll teach 'em!

[fat_mike]

I can't believe you got that they modded you down for this. I totally agree with you but obviously (sp?) if you post something pro microsoft here you are Joan of Arc.

Re:That'll teach 'em!

Specifically, it's Microsoft's shitty software that uses kernel hooks for speed. Nice clean user-space software (Lotus, Netscape, Apache) tends to run on NT4 forever, while the file server, MTS and IIS will conk all the time. If there was a port of Samba to NT, I might just run it.

Could be forged

[CTho9305]

You can forge the headers the server returns... especially easy since Apache is open source. Who says its actually IIS?

.Net

[Marcus+Erroneous]

Sign me up for Hailstorm right now! Do you need my credit card number now or later? When do you want my ssn, drivers license, home address and other personal information? Boy, I sure am glad I've got a big responsible company to handle my sensitive data instead of a bunch of foreign nobodies. If MicroSoft can't protect my information, who can we trust? ;)

Re: Freemail services

[Don+Keehotay]

www.myrealbox.com is pretty good. At least it doesn't insert unwanted ads into my outbound mail.

aha another reason Windows troll

[cworley]

Mr Troll:

That's because there are no Linux viri!

McAfee does make a linux server tool for detecting WinDoh's viri on the server side (before the user gets it)... along with a few other Linux-based tools to try to protect WinDoh's lusers from thier idiocy.

Re:A Bad Sign

[sharkey]

Probably the same thing that happened with Windows. Same situation, just not free.

Re:code red, sircam, taco, and real business

[atheos]

I'd love to know who sits around and caclulates all the 'millions' of dollars they are loosing. That's just a comment for the press.

at last . . .

... for great justice!!!

eggs, faces, and virus success stories.

[frknfrk]

wasn't it not too long ago this very forum was laughing at the piddly virus 'code red', because the author had 'stupidly' used a site name instead of its IP to attack it. now look at how much trouble it has caused and answer me... how many other more successful viruses have there been? maybe its intended purpose, DDOS-ing whitehouse.gov, has gone by the wayside, but man, what a lot of crap being posted here, there, and everywhere, on the TV, etc, etc. this is an unbelievably 'successful' virus.

Re:code red, sircam, taco, and real business

They did for a while, about 8 hours or so. There were at least for systems, in different cities, that I could telnet to, log into, and connect to the webserver with "telnet localhost 80", yet could not access the webserver remotely. There was no notice of such blockage, but it did happen.

Re:A Bad Sign

Dear Mr. aozilla:

Please get your tongue out of my ass.

Sincerely,
Bill Gates

yeah, it's a big deal

My work just killed all inbound port 80 connections from their VPN clients (i.e. folks like me) because some set of idiots was running IIS from their systems and blasting the intranet with scans after their boxes were compromised.
This really blows because it affects my work quite a bit. Happily, apache can run on > 1 port concurrently. :)
What really sucks is that this is probably going to be the case for a few weeks. At least we've got vnc set up on one of our boxen to test systems on the intranet via port 80. Oh well. workarounds to the workarounds.

Re:code red, sircam, taco, and real business

losing NOT loosing (lose, not loose), you illiterate idiot.

Maybe...

[cyclist1200]

They're not sure where to get the patch!

Anyone know...

[ioexcptn]

which antivirus vendor they use? I heard somewhere that they had used CA's InoculateIT at one point. I dont know if that is true...Does anyone know?

Why not serve your own?

[twitter]

Well, why not. A little 486 and a small pipe are all the average user is likely to need. Debian's Exim configuration could not be easier, and it works great. Who needs those big giant single points of failure? Isn't that the whole point of the net?

Oh, sorry I forgot. Some people just can't take the competition.

Is it true that I can get my FREE download of MSN Explorer at http://explorer.msn.com/intl.asp? Wow! That's just what I've always wanted, FREE software.

Re:Why not serve your own?

[alexburke]

Is it true that I can get my FREE download of MSN Explorer at http://explorer.msn.com/intl.asp?

Nope, but you can at:

http://explorer.msn.com/default.ida?NNNNNNNNNNNN NN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190 %u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a

Re:Why not serve your own?

[c_g_hills]

If you have your own domain, you can create as many subdomains as you like. Although technically, its not unlimited.. there is a theoretical limit.

Re:mail.Yahoo.com

Yahoo has threatened to shutdown my email account for ages (at least a year) yet nvr has, I cant access it from the web interface anymore, but oh well. I just use pop.mail.yahoo.com and telnet in if I need to check it from the road.

Re:mail.Yahoo.com

[Krilomir]

Just use Yahoo! Mail.

Even though their POP3 service disappeared some time ago, I'm still using them. You can replace Outlook with webbased Yahoo! Mail as default mail-client on your windows computer.

They have built in Norton Antivirus just a click away, and you can scan attachments before you download them. That was how I found about this Code Red thing in the first place (I've been on vacation for 4 weeks).

A Bad Sign

[Fatal0E]

You know you're in a bad position when a large group of people say that despite your service being free it still sucks. Could you imagine the heat MS would be getting if they charged for Hotmail?

Re:A Bad Sign

[Kerg]

I remember this story that appeared when Microsoft announced they'd be shutting down their free ListBot service. From the quote you get the impression Microsoft is planning on turning Hotmail into a paid service too.

In the past few months, Microsoft been very open about its plans to "migrate" users of its free services to paid services. Most notably, the company is hoping that those who use its free Hotmail e-mail and MSN Messenger instant messaging service will start using a planned set of paid services called .NET.

Re:A Bad Sign

Yeah, there's definately something like that going on, because I've gotten spam within a day of signing up for accounts. One of these was myfirstname_mylastname@hotmail.com. But all of this spam went directly into the BULK MAIL folder, since I had high protection set on. I've found addressbook only unnecessary, but maybe I'm just fortunate.

Re:A Bad Sign

[shaka]

"Plus the spam filter they offer is great, I have gotten 0 spams since turning it on."

Hey man, you forgot to tell'em that you haven't gotten ANY email AT ALL since turning it on! ;)

Re:A Bad Sign

[aozilla]

If I could have a few gigs of space and my mail was encrypted on the server, I'd definately pay for hotmail. Because I can use outlook express to compose my replies, hotmail kicks the ass of any other web based mail, and because I can quickly and easily access it from anywhere and get instant alerts, it kicks the ass of any POP/IMAP server. Plus the spam filter they offer is great, I have gotten 0 spams since turning it on.

Bad Microsoft ! No donught for you!

[e2d2]

Behold! for I am a slashdrone30000. My positronic brain responds eagerly to any and all anti-MS statements. In the entire history of of the 3000 model there has never been a missed opportunity to bash MS. Excuse me, I mean M$. They are evil and I stand for good.

These are the 3 rules of slashdrones:
1. A slashdrone may not injure a human being, or, through inaction, allow a human being to come to harm, except for Bill Gates, because he is evil.

2. A slashdrone must obey the orders given it by slashdot except where such orders would conflict with the First Law. All words from slashdot should be considered as the word of god itself.

3. A slashdrone must protect Linux's existence as long as such protection does not conflict with the First or Second Law, and especially if it means showing your massive amount of positronic brain power to the mere mortals by writing a soliloquy on each and every single topic on slashdot.


FOR GREAT JUSTICE AND ALL THAT CRAP!

Do the Dew???

[jbuilder]

Hotmail was shut down by the new flavor of Mountain Dew? Man.. that must be pretty strong stuff....

Re:what's this code red anyway?

- Yeah, I been real busy lately replying to all these messages from people writing to me for advice. Funny they all chose the same subjectline, how's that for a coincidence?

Its not the subject, its the message body. You'll confuse them. :)

Re:Ironic...

[Lumpy]

Actually Windows 95 and NT4.0 with office 97 does everything an office worker needs.... actually even earlier versions of office are plenty sufficent. all versions after 5.0 are just adding intentional incompatabilities to force upgrades as the features are useless... (Funny how abiword is 10 times smaller than word.... oh wait there isnt an entire version of VB5.0 in it!)

for productivity, corperate and all companies havent had to upgrade for 6 years.. It's the morons in the IT/IS department that gotta have the latest!

Get a switch.

[Bender+Unit+22]

If they can't figure out how to patch their servers then get a switch to filter out those attacks. It's not that hard to make a url-rule in fx a ServerIron to catch those attempts. I work with them a couple of places where we configured them to redirect all attacks on their netblock to a Apache server just so we could count the attacks for fun. :-) The switches where in place there already for content switching so it was no big deal.

Re:Get a switch.

[Bender+Unit+22]

Uhm, kinda, they do call it a switch.
Extended Layer 4-7 functionality including URL-, Cookie-, and SSL Session ID-based switching
But I would call it routing too.

Re:Get a switch.

Yeah! Force all of those packets out of the fabric and through the CPU instead! Take the slow path BABY.

Moron - do you have any idea about what's under the hood of your switch?

Re:Get a switch.

[sparkz]

I'm logging requests to my Apache box ... and sending them a coredump, just to add to the fun!

I dunno!

[pallex]

"Sucks to be them"

I can think of worse jobs than being paid by Microsoft to watch their servers being brought down by their own software!

Re:hotmail.com unpingable?

[J'raxis]

I can connect fine (HTTP), but can't ping. Maybe they block ping. (Boston area, BTW.)

Re:what I dont understand is...

With Windows 2000 (all but Professional), IIS 5.0 is installed by default.

Re:what sub domain?

[twitter]

Oh. It would be nice to do things properly, but I'll settle for the job the cable company did for me. Their little name for my box cx####.btnrug1.la.home.com has dns set up for it and it seems to work. Some dull mail set ups, like the NT system where I work, take a little time to find the IP, but they get it eventually.

Re:code red, sircam, taco, and real business

Actually, I know of a major computer manufacturer that would exactly take an order for 300 laptops and push it through for a quote through an entirely web based system. Everything from the initial sales call to the final delivery of the product is tracked through a web application, which really streamlines the process. To go back to the old way of doing things (email, fax, post-it, etc.) would be catastrophic to the process because it ruins the ability to track opportunities and perform reporting, not to mention nobody really remembers how to do it the old way anymore. They wouldn't lose an order for 300 laptops as a result, but it would take an extra week or two to deliver it, that's for sure.

Re:mail.Yahoo.com

Even though their POP3 service disappeared some time ago, I'm still using them.

I had a geocities account that I hadn't been using for a long time. When Yahoo took over geocities, they made setup a yahoo account but let me keep the old address and POP3. I don't really need it but it's nice to have an offsite POP3 just in case I want it

Re:I know it'll be said a billion times+ once more

[onepoint]

The true shame is that, We, the readers of /. have knowledge and see the errors in the M$ systems, We know how to deal with errors and solve the problems as they happen.

Sadly the general public will thank M$ for making the patch to there software, The M$ media machine will turn and grind the "good" things that M$ has done. Again fooling the public.

How often does the few know the truth and the masses know nothing.

tiss is the shame we might have to carry.

ONEPOINT

what I dont understand is...

[night_flyer]

if these people are "smart" enough to install PWS or IIS on their machines at home (which isnt all "that" easy, how they can let it happen... Personally I ditched PWS because of this very reason, I didnt trust it...

I am running Tiny Web Server Right now and am having NO problems (and it is a grand total of 180k in size)

Re:What the hell.

[juuri]

I have seen one of Msoft's server buildouts at an Exodus building. It is for the most part what you would expect. Many rows of 19" racks fully populated (or getting that way) of 2u and sometimes 4u rack mount boxes. It is all well placed and well cabled... as it should be with the huge number of contractors they hire. The only thing I get a chuckle out of is watching the rolling carts in there moving around with monitors, keyboard and mice on them. So much for serial console management!

What the hell.

[scott1853]

Ok, I know it's a lot of servers, but the company that runs Hotmail, also wrote the OS that is insecure. This company release a warning, what, like 6 months ago, and also released a patch at the same time. They have been claiming that this is a major security hole since then and strongly encourages everybody to install the patch, yet they themselves don't.

Somehow, when I picture a server farm, I see this clean, organized room with nice neat racks. With everything that happens with MS's servers, all I can envision is a building reminiscent of a level from Diablo. Something dark & gloomy with servers just sitting on workbenches with their hard drives just hanging out of the side of the case and the motherboard coated in 1/2" of dust.

How can you forget a bunch of servers. I work for a small ISP so we're not the most organized place, but hell, all we have is two racks for modems & routers, and a dozen boxes sitting on the floor for servers. But we at least have pieces of paper tacked to the wall with a list of IP addresses, server names, functions and OS. We install the patches on all of our machines just fine.

All you need is a list of all the servers. Then take that list around with you and after you install the patch, put a little "X" next to the server on the list. Not really complex guys. Of course this is Microsoft, they're probably running little handhelds with WinCE, connecting wirelessly to a MSSQL server that seems to simply misplace records for the hell of it.

Re:What the hell.

If they were running Win2k with Terminal Services running as Remote Admin, they could PCAnywhere w/out PCAnywhere from their desktop. You might even be able to use a linux box w/rdesktop. That would make you super 'leet. But I'm sure they are just like every company in the world and still "evaluating" Win2k migration.

Re:What the hell.

[gsherman]

...connecting wirelessly to a MSSQL server that seems to simply misplace records for the hell of it.

This is the second mention I've seen about SQL Server dropping records. Can somebody please elaborate on this bug, and/or point me to more information about it?

Thanks,

G. Sherman

Re:What the hell.

[macsforever2001]

IIRC, it doesn't DROP the records, it simply does not retreive & display them after the table they reside in gets to be a certain size.

That's fine I suppose. So if I go to a jewelry store and try to buy an expensive diamond and I say I want to pay in cash. Then I say here's the money, you can't see it because it's invisible. Don't you think I would get laughed out of the store? The effect is the same, it's not really there.

If someone suggests using a M$ database server, they should get laughed out of a job.

Re:What the hell.

[tyoud1]

This reminds me of the SNL skit with the brokerage firm:

• "we will keep a list with all of our customers on it"
• "and on the list we'll mark how much money they've given us"
• "and we'll keep the list in a safe place, like a safe"
• "and we'll have another list with how much money they have"
• "and we'll keep that in a safe, place. probably with the other list"

Hahahah!!

Re:What the hell.

[sharkey]

Oh it's there. It just can't be seen with certain queries. Display the full table, and you should be able to see it, IIRC.

My point was that the record was not dropped entirely, just hard to retrieve.

All I can say is..

[balls001]

Whatever they pay their PR department, it's not nearly enough..

I expect an MS Product manager to walk into their office this morning, only to find them to have all hung themselves..

.. unless they anticipate said MS Product manager to be walking in with yet -another- set of healthy bonus cheques.

Oh, and that new crucifix in Redmond, that has nothing to do with religion, that's the Hotmail admin responsible for this mess.

Code Red is not the problem

Microsoft is. If microsoft would stop making suck fucking crap, viruses would be elimitated. The problem is most people who use microsoft have no real business touching computers. If you disagree with me that you too have no real business touching computers.

Ironic...

[Alexxis]

Code Red: Exploits a secruity bug in Micro$oft IIS, winds up taking down Micro$oft Hotmail servers. Damn. These guys are good at making money, and making themselves look stupid.

Re:Ironic...

[Ratbert42]

These guys are good at making money...

Actually, they're not that good at making money. They've coded themselves into a hole where people don't want to upgrade their software to new versions every year or two. Windows 98 or 2000, Office 2000 and Internet Explorer 5.5 do everything the typical office worker needs. It's the same on the server side. Most offices aren't looking for new features. They want to reduce support costs. That doesn't translate well into writing more checks to Microsoft.

For a long time Microsoft had no real professional services arm. They left that to all the independant MCP's. Now they're catching on to what IBM, SAP, Oracle, and everyone else figured out at least 5-10 years ago. Software sales is only part of the pie. Service and support can be a big revenue source, especially if your software isn't easy to support. Now Microsoft is building up their professional services arm.

Re:Ironic...

[patter]

They've coded themselves into a hole where people don't want to upgrade their software to new versions every year or two

Actually, this is so true it hurts. I work for a company with customers all over the world. Unfortunately, we decided to switch our Unix based software to NT several years ago (we maintain both versions, but I'm stuck working with the NT shit).

We just completed testing to see if our stuff runs on Win2K a little while ago, and are talking about XP testing soon.

The ironic thing is, I'm only aware of one of our customers who is even running win2K, and that's for the improved terminal server version (based on Citrix if memory serves). The vast majority of our international customer base isn't going to switch away from NT for years (unless we stupidly force them to).

We're prediciting very poor sales of XP server whenever it's due to ship, at least to customers in our industry. Microshaft should really look into expanding beyond the 'sell, sell, sell' mentality that worked for them in the 80's.

Re:Ironic...

[ackthpt]

Now Microsoft is building up their professional services arm.

Not just building it up, but engaging in activities which would have required users to pay annual license fees, without even a service contract. Granted this would be initially targeted to large customers, but it's only a matter of time before the appetite calls for individual users, too. (Leverage that monopoly!)

Could the future hold a bill such as this:

Month of April

MSN Service Surcharge* $0.98

Word XP/2005 $1.51

Outlook XP/2005 $3.27

Virus/Worm Filtering $46.35

IE XP/2003 $2.06

31337 h4X0r, Inc. fees $46.35

Please remit: 100.52

* Does not include your Internet Service Provider fee.

Hacked by Chinese

[waa]

All your Hotmail are belong to us.

what's this code red anyway?

[me.at.work]

Clueless hotmail admin to security guy:
- What's this code red anyway?
Security guy:
- A worm that infects iis servers with OR without index server and then spreads to other iis servers. Why haven't you patched the servers?
- Well, I read the bulletin but it said index server, and since we aren't running it I thought I wouldn't have to install the patch?
Security guy looks the other way.
- Uh, right... Well, even if you don't run index server we have prepared a mapping to idq.dll, just in case you would've. So, you know, just apply the patch.
- Ok, I'll get right on it. How long's this worm been around anyway?
- What?! You missed all the coverage in the news??
- Yeah, I been real busy lately replying to all these messages from people writing to me for advice. Funny they all chose the same subjectline, how's that for a coincidence?
<Security guy vanishes in a cloud of buffer underruns and vbscript>

Re:Rockwell Hit

Unless your firewall is explicitly denying all http traffic, there's nothing a firewall can do to stop Code Red. With Code Red riding on port 80, any unpatched IIS server on the inside and allowed through the wall is vulnerable. A firewall has no way to determine "legit" port 80 traffic from "harmful" port 80 traffic. I work for a large telecommunications company security dept. and we've had gobs of customers get hit by this simply because of IIS's flaws. Some of our firewalls were brought to a halt themselves because of the amount of scans going through and the amount of logging being done. If this doesn't teach people not to run IIS as a webserver I don't know what will.

Re:mail.Yahoo.com

[who+what+why]

Even better, I decided to bite the bullet at Yahoo because they offer smtp & pop access with an 'opt-in' email every week as the catch. I clicked on really obscure interests (i.e. not computing!) and I haven't received an ad in the 4 months I've been with them. Nor have they ever lost several weeks worth of incoming mail with no explanation (unlike mail.com).

It's true

For several days - a week at least - every time I try to access my hotmail account I get a pop-up message: "server 216.xx.xx.xx not responding, try again later". I am royally pissed off.

Oh, joy - wait till .NET arrives and we are totally owned by Microsoft.

code red, sircam, taco, and real business

first off, cmdrtaco, please keep moaning about getting too much mail all the time from these viruses. it really adds to the discussion to hear every 5 posts or so, 'wah, i am getting megs of virus mail.' okay, we get it. but... what is really weird is the reaction of 'real businesses' to these viruses. IBM for one (and this is why i'm posting anonymously...) SHUT DOWN their entire internal access to all port 80 traffic to stop the spread of code red -- this is a big deal, as this is affecting entire companies' modes of operation and costing millions in lost productivity (no access to even internal web docs, let alone external web resources, etc).

Re:code red, sircam, taco, and real business

Where do people get this stuff? IBM did NOT close port 80 on any internal traffic?

IBM Intranet

Re:code red, sircam, taco, and real business

on the contrary, Tivoli STILL is shut down on all port 80 traffic. so... yes, they have. and still are.

Re:code red, sircam, taco, and real business

No, Actually, they haven't. (And that's also why I am posting anonymously) 8/9/01 11:44 EST

Re:code red, sircam, taco, and real business

And that is why IBM (seemingly) never makes money... Great leadership. Just great! "Uh, there's a problem. Let's shut it off!" Absolutely brilliant...

Re:code red, sircam, taco, and real business

[Lumpy]

Costing millions? That is the biggest boatload of BullS**T I have ever heard. "The webserver is down, Holy crap we're losing money like mad!!!!!!" My ass. Workers get things done, they dont wander in circles holding their heads chanting "ohmygod...ohmygod.." sales orders dont magically stop... sorry, but a corperate buy for a mainfraime or 300 laptops doesnt go through a web order page.

that's like the claims that hackers cost Billions every year to companies..... that also is pute BullS**T. and everyone knows it.

Re:code red, sircam, taco, and real business

So did Nortel, BTW. All internal and external port 80 traffic was filtered out. Thankfully, there was safeweb, and slashdot.

FSPD (Funny slashdot post of the day)

[EMH_Mark3]

Heh Thx, I needed this :)

Save your Souls

[inflex]

Ghar, the local ISP here had Xamime installed.. not a single client copped anything from Sircam... oh wait, this is about RedCode? :)

...only if the patch works.

[cirby]

Apparently, that "patch" only works some of the time. As others have pointed out, if you have URL Forwarding active, Code Red just blasts right through that "fix."

Okay, now I'M "pissed."

[Amphigory]

Taco, The logical response to your repeated complaints about Sircam is for a few of the trolls to start sending you unlimited numbers of the virus. Stop whining.

Not just HotMail + Microsoft.Com

[Martin+S.]

It seems to me that microsoft.com is also badly effected by something [Code Red?]. It's been returning, Servery Busy, and Access Control Violations all morning. When you do get a page returned it's slow, very slow.

FastMail

I have found two solutions:

www.mail.com
www.graffiti.net

Both provide free email excellent (and web hosting) service, and are smart enough to not run Microsoft products.

Neither of these comes close to:
fastmail.fm
which gives you IMAP access to your email, so you can manage all of your email folders from Outlook Express, mozilla-mail, KMail, etc and then see those same folders and messages on the web.

And it has no graphics, and appends no tag-line to outgoing emails, and lets you set your reply-to address to whatever you like...

anti-CRII exploit possible?

[emeitner]

Has anybody disassembled the CRII code to see if it is at all possible for a server(that the worm is trying to infect) to send a response back to the worm that would cause the worm to crash? A simple script named default.ida and some knowledge of CRII is all thats needed. It would be a unique way of ending this thing...but I have a feeling that the person(s) who coded this worm may write tigher code than MS.

Topology of the net

As this article makes clear, the topology of the net is not what was expected.

In trying to understand the topological component of error tolerance, we can get help from a field of physics known as percolation. Percolation theory tells us that if we randomly remove nodes, then at some critical fraction, fc, the network should fragment into tiny, non-communicating islands of nodes. To our considerable surprise, simulations on scale-free networks do not support this prediction. Even when we remove up to 80% of the nodes, the remainder still form a compact cluster (figure 4). The mystery was resolved last year by Reuven Cohen of Bar-Ilan University in Israel and co-workers. They showed that as long as the connectivity exponent G is less than three (which is the case for most real networks, including the Internet) the critical threshold for fragmentation is fc = 1. This is a wonderful demonstration that scale-free networks cannot be broken into pieces by the random removal of nodes, a result also supported by the independent calculations of Duncan Callaway and collaborators at Cornell University. This extreme robustness to failures is rooted in the inhomogeneous topology of the network. The random removal of nodes is most likely to affect small nodes rather than hubs with many links because nodes significantly outnumber hubs. Therefore the removal of a node does not create a significant disruption in the network topology, just like the closure of a small local airport has little impact on international air traffic. The bad news is that the inhomogeneous topology has its drawbacks as well. Scale-free networks are rather vulnerable to attacks. Indeed, the absence of a tiny fraction of the most-connected nodes will cause the network to break into pieces. These findings uncovered the underlying topological vulnerability of scale-free networks. While the Internet is not expected to break under the random failure of the routers and lines, well informed hackers can easily design a scenario to handicap the network.

Basically because most links go through a few highly connected nodes, simultaneous ddos attacks on those nodes COULD 'take down the net'.

This also explains why SirCam and even Lovebug won't die:

"Recently Romualdo Pastor-Satorras from Universitat Politecnica de Catalunya in Barcelona, Spain, and Allessandro Vespigniani from the International Centre for Theoretical Physics in Trieste, Italy, demonstrated that viruses behave rather differently on scale-free networks compared with random networks. For decades, both marketing experts and epidemiologists have intensively studied so-called diffusion theories. These theories predict a critical threshold for virus spreading. Viruses that are less contagious than a well defined threshold will inevitably die out, while those that are above the threshold will multiply exponentially and eventually reach the whole system. The BarcelonaTrieste group, on the other hand, has found that the threshold for a scale-free network is zero. In other words, all viruses, even those that are only weakly contagious, will spread and persist in the system. This explains why "Love Bug", the most damaging virus so far, is still the seventh most frequent virus, a year after its introduction and supposed eradication. "

Re:Topology of the net

[Tony-A]

Mod parent up, please.
Seems like Code Red will be with us for a long time (as will be unpatched IIS servers).

Sue Microsoft!

[Smokinn]

Everything that touches their hotmail becomes their property right? So does that mean the worm is their's now? =)

"may" have been a victim?

[sameerd]

Why does the title of the article say that Microsoft may have been victim of Code Red worm when it later says that The software giant on Wednesday confirmed that some of its MSN Hotmail servers were infected with a Code Red virus. Aren't you a victim if your computers get infected? Or do you have to wait until all your disk drives are formatted?

Better way -- Win 2k instructions

[einhverfr]

1. Right click on My Computer
2. Select Manage.
3. Double click Services and Applications
4. Double click on Internet Information Services
5. single click on Default Web Site
6. Click Delete
7. Repeat for other web sites
8. Open up Internet Explorer
9. Go to http://www.apache.org
10. Download the Win32 binaries
11. Unzip and install them
12. Click on Start/Programs/Apache/Configure/Edit http.conf
13. Edit that file to add whatever sites and functionality you need
14. Restart Apache

You are now immune. Microsoft releases a few patches here and there, but you are running A Patchy web server....

Actually, this is what I did when the first one hit. It saved my box because I am running an old betal of Whistler on one machine for testing purposes and did not want to be without protection from the virus. The information I was able to get on whether I was vulnerable was inconsistant.

Re:What the hell, The patch doesn't work

[darkonc]

Of course, the web page that mentions this problem mentions a program that helps you find your forwarding links -- but it's a Perl program....

It's bad enough that they need Free Software to keep Hotmail afloat as it is. I can't se Microsoft using a Free Software solution on their boxes too...

Part of the problem, may be that NT doesn't respond well to remote admin.. I can see some intern going from box to box, plugging and unplugging keyboards and mice, and doing the upgrades.
"Oops! I must have missed 3 of the 85 boxes that I was supposed to patch!"

Keywords that identify twatty Americans

Pop
Mom
Heck
Mission
Issues
Self-help
Obesity
Faggoty

Re:Smoke and Mirrors?

Right you are... from incidents.org

WinNT/IIS-4.0 with URL Redirection Still Vulnerable After Patch http://www.incidents.org/diary/diary.php#801

Maybe they should change the name...

[eric2hill]

...from dot-net to not -net.

Can anyone sue MS for CodeRed?

[TWR]

It's a well-known fact that despite Win NT/2000 servers being in the vast minority, they are susceptible to the vast MAJORITY of server cracks.

In the past, the server cracks tended to hurt the people who owned the servers, leaking information and so forth. These people couldn't sue MS for shoddy work, because that license agreement took away those rights.

But now we've got Code Red. People who never signed any sort of license agreement with MS are now paying the price for their lousy quality control. Can these people sue? If Code Red causes your ISP's network traffic load to go up, if it overloads your company's router, whatever, can MS be sued?

I'm waiting for the lawyers to start circling on this one...

-jon

hotmail.com unpingable?

[ronubi]

Right now (12:15 PDT Aug 9) I can't ping
hotmail.com (64.4.53.7) or www.hotmail.com
(64.4.44.7), from my work or home machines
in the SF area. Anyone else observing this?

Arse?

[Unknown+Bovine+Group]

Arse? What are you, Chaucer?

Re:Arse?

That's "arse" as in very common English slang for your bottom. Not everybody speaks American, thank God.

Code Red designed by Microsoft

[totallygeek]

I don't think that Code Red was anything Microsoft wanted out there. Just like I don't believe an anti-virus company would design something like Sircam. However, Microsoft has not been blemished by the media as far as I can tell, and that is strange to me.

Re:What the hell, The patch doesn't work

[Whiplash42]

Actually, the MS provided patch doesn't work against Code Red if you have URL forwarding on your server. I bet they have it enabled, and so they were left open...

Nothing new here

[dcavanaugh]

They can promote .NET/Passport (and sell it), only to the extent that we, the customers, are dumb enough to ignore the security issue.

Unfortunately, the customers are not all that bright. I could make a long list of M$ shortcomings that are tolerated or ignored by real IT professionals (who should know better). [List omitted to conserve bandwidth]

If they use media hype and FUD to successfully release yet another mediocre/unsecure product, how is this any different from their traditional tactics?

It's hard to make a good product and sell it to a few smart people. Why bother doing that when you can make a mediocre product and sell it to millions of dummies?

If they could get past this Sircam thing, maybe they could finish up and release Microsoft Cupholder. Then again, I wonder how they intend to stop Outlook VB script viruses from closing the CD-ROM and spilling my coffee!

Who says they're running IIS?

[CTho9305]

Apache is open source. There is NO reason they could not modify the headers it returns in such a way that it just tells the world it's IIS/Win2k. Better evidence than Netcraft and Netcraft-style lookups is needed.

Re:Who says they're running IIS?

Oh yeah. I'm gonna run apache and tell everyone I'm running microshit. Exactly why would I do that?

Oh dear

[notroot]

I'm almost crying with laughter, who would have thought that the almighty Hotmail would've been brought down by Code Red. And I thought Microsoft make the best software, not. It looks like they still haven't a clue about security, I wonder what will happen if .net ever takes off.

Re:mail.Yahoo.com

I clicked on really obscure interests

good idea.

so... why did you tell everybody about it? it only works if a few people do it that way. if everybody does, everybody will get email.

are you so fucking pleased with yourself that you can't keep a secret, you have to just share?

like I said, though, good idea.

Smoke and Mirrors?

[Zen+Mastuh]

I doubt that the Hotmail admins are so incompetent that they forgot to patch their own servers. What are the odds that the patch itself is defective? Their P.R. guys could just be putting a different spin on the story by blaming the admins.

One Person?

[Macrobat]

Nope, I'm sure that "one person" was a committee. Someone had to write the spec, some[one| group] had to code it, someone else had to test and implement it, someone else had to sign off on the project.

The closest we get in this scenario to individual accountability is the one who signed off, and he (or she) is probably the person with the least direct involvement with the project. That's usually how it goes in megacorps.

SirCam, immortal virus.

[Black+Parrot]

SirCam just won't go away. Here are my daily counts, starting from 7/23:

3 1 6 2 0 1 3 0 2 3 0 1 1 2 2 1 5

I had thought the worst was over after the 25th, but the last 24 hours have been busy again. This must be absolutely ravaging the Windows world.

Also, I still haven't gotten a single one from anyone I know. Ten are explainable because they came over the Freeciv mailing list (showing that even Windows users like open-source software). It's incomprehensible why any of the others would have me in their address book.

Also, I had one stranger mail out a FixSir.com, asking everyone to run it. (Our standard joke about how to spread e-mail viruses under UNIX may not be as unrealistic as we like to think it is.) This one might have been innocent, put it probably points to a future trend: release a virus, wait until it hits the news, then release a second piggyback virus with a message promising to protect against the first one.

what sub domain?

[twitter]

I may be dull, but why the sub domain?

My cable company gave me a name and a static IP. I've used it as a gateway to a subnet and a mail server because it's visible inside and out. It worked fine and my mail all sent and recieved OK. Glad I did'nt chuck the 486 out.

Now I'm told that it's not such a good idea to run services on a gateway if you want to firewall your local net. What you are supposed to do is forward port 25 to a machine inside the local subnet. I've done this but it looks like I need to make the internal server pretend to be the gateway. Other mail servers have not liked seeing a 192.168.1.X IP and a non extant name, mail_box.

Do it today!

Re:what sub domain?

[fyonn]

well, if you want mail sent directly to your machine via smtp, ie have your machine as a full internet mailhost etc then you'll need to have MX records pointing towards you.

I suppose you could receive mail for modem-1004.ca.arbdslco.com if they would do dns changes for you ubt it's much nicer to have mail for fred@fredscome.com sent directly to you machine surely?

okay, there are other ways to do it but hey, we're geeks, we wanna do things properly :)

dave

I'm surprised. . .

[Passacaglia]

Their spokesperson is admitting they were infected. This is just the sort of thing MS usually lies about.

No retail version?

[marcovje]

I can vaguely remember that Hotmail doesn't use
standard Win2000, but a customised tool (with HTTP
daemon in the kernel).

Maybe the retail patch wasn't directly applicable

They're all pirated copies, anyway

[peccary]

Nobody's going to sue Microsoft over this, because the majority of the infected W2K systems are not using legally purchased software.

They're home systems running a duplicate copy of somebody's work installation.

I'll bet you a quarter.

Got scanned

[SgtClueLs]

Known about this since Sunday. When I went thro my error_log file on my apache box and found this.

Tue Aug 7 05:37:56 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:38:45 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:38:54 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:40:21 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:01 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:15 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:20 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:48:55 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:49:13 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida

64.4.13.230 is msgr-cs20.msgr.hotmail.com

You'd figure they'd patch themselves.

Re:Got scanned

[hedgefrog]

They still weren't fixed on Wed the eighth at 7:30. They only hit me once though, of course that may have been because Qwest's network was so slow that DSLReports' speedtest said I was running a standard modem.

FUD you and the packet you rode in on...

[SomeoneGotMyNick]

I bet they try to blame their problem on Linux somehow

Re:FUD you and the packet you rode in on...

[Tony-A]

I bet they try to blame their problem on Linux somehow
Hehe. Well there's all these Linux users standing on the sidelines, watching the spectacle unfold, and making rude comments from time to time. I'm surprised that no-one has mentioned how to turn off this index-server thingee or whatever it is. Download this patch to protect your network. Sheesh.

Other keywords that identify manly Aussies

colour
favourite
mum
mate

Piss off, you stupid Yank.

You think you have "rights", but when was the last time you tried to exercise one of them that might conflict with the interests of one of your powers-that-be?

Re:Other keywords that identify manly Aussies

[IronChef]

You forgot "Vegemite."

Ironic

[tankrshr77]

Isn't it funny that they used to be running BSD over there?

Re:Truly Sad.

[bharlan]

There are thousands of programmers who could write this virus. All it takes is one. You can discourage 9999 out of 10,000, but you can't expect 100% cooperation from the entire world. Protecting servers is more realistic than eliminating every potential outlaw.

Misinformation!

[CodeRed]

I had nothing to do with it! It was Microsoft(TM)'s servers that are having problems. It seems like everyone points the finger at CodeRed, when all I'm guilty of is lurking on Slashdot and posting useless messages over and over.

Please refrain from blaming me for every little thing. Yes, I'm the reason the net is slowing, yes my cousins [2,3] are good at what they do, but isn't it time we point the finger at security issues of other OS's instead of the usual suspects??

And I am no relation to SirCam, I just respect his work!

Thank you,
CodeRed [The low user #]

Code Red has done real damage to Britain's phones

[Sara+Chan]

I live in England. For the last day or so, it has not been possible to get telephone-directory inquiries for Europe or Asia. Asking for numbers in Canada/USA works fine. But when I've tried to get a number in Eurasia, I've been told that there are no lines to directory inquiries in those countries. The cause is claimed to be CodeRed, but I haven't been able to find out the details.

(Note: calls work fine; it's just directory information that you cannot get.)

[reposted from here]

default.ida?

default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNN..... N N

i was wondering what all those requests for this file were for on my Apache webserver. i dont have a file named default.ida, hundreds of people a day try to get to that page on my home computer. good thing i dont have it. it seems if i did, i'd be screwed like Microsoft's webserver is.

Good PR?

[FyRE666]

You know, if we all stopped laughing for a while and thought about this, we might do the open source community a bit of good. IIS servers have the virus, and they are probing servers all over the place, including BSD and Linux machines. Why not send out "vaccine" from the *nix boxes, and then tell every news-feed out there about how the OS community is helping to cure Microsoft's servers virus problems for free?

There's no way MS can attack this statement, since it would be true, and it'll go someway toward making their claims Linux is a "virus" seem even more absurd...

Re:Good PR?

[Tony-A]

Hmmm, no. Bad idea. It is somebody else's box and it's best not to mess with it.
It might be fun to start selling "CodeRed Linux", if nothing else unofficial RedHat with current security updates, preferable dated with something like "Patches current to 10 August 2001 04:40 GMT".

Rockwell Hit

[photozz]

Hi, Just an update. Some yahoo managed to get CodeRed inside our firewall where it's running rampant. At one point, the gigabit connection to the Internet was at 90% utilization. We are in the process of finding and patching all servers now. We have several hundred affected machines. Most of the resources from at least three IT organizations are working on this now.

Re:Rockwell Hit

[photozz]

well, as soon as we found the extent of the open servers, we did cut off port80 on the FW for three days. back up now, everything patched.

Re:Aren't these CodeRed II attacks supposed to fin

[Chakat]

A recent /. article theorized that CRII has already infected pretty much all the servers it's going to infect, and is currently propogating itself among infected servers. An unpatched box, once rebooted, is infected again very quickly simply because of the rapid dissemination techniques.

Over my way, daily average is about 225 attacks, no sign of letting up, and when a browser is pointed towards them, most of them are simply show the default IIS screen. These boxes are probably not going to be patched because the owners of the machines are unaware their machines are owned. So, yeah, Oct 1 is probably when this crap is going to end.

oxymoron alert!

the daily novelty of reading a new dilbert comic

oh yeah, that's an oxymoron all right.

If only Hotmail still used FreeBSD

Hotmail ran on FreeBSD until fairly recently. If only they hadn't switched to Win2k & IIS, none of this would have happened...

One Person

[skroz]

My favorite part about code red is that the fault lies with a single person. This one person wrote code for a small, single aspect of IIS, and all of this is his fault. I wonder what he's doing today? Is he the type of person that's wracked with guilt over shutting down large portions of the internet, or is he the type of person that will realize that he single handedly impacted the entire virtual world, and be proud of it? I wonder what code red's author is doing today, too... rolling on the floor laughing his ass off, I imagine. We should try to get those two people together and see what they can come up with over a few beers.

Handling the /default.ida request [OFF TOPIC]

Just a thought. I'm running Apache 1.3.x, and was tired of logging all those 404's. I have custom server messages with a few images on them.

I decided to create a 0-byte /default.ida just to cut down on the sheer number of bytes being passed around. Is this advisable? Should I be correct and return a 403 or 404 instead of an empty 200?

I'm getting a Code Red hit about twice a minute.

I don't pay for bytes served _yet_, and don't plan to

Any comments?

jdv

Disk Clearing Service "Code Red"

[RAK]

Everyone should offer this wonderful and handy
cleanup service through the web, courtesy of
Linux and Code Red. Simply create the following
symbolic link:

ln -s /dev/zero /default.ida

Cheers,
RAK

Re:Disk Clearing Service "Code Red"

[eric_n_dfw]

Anyone tried this? What does Code Red do when it swallows it?

For people who ask WTF is URL redirection:

[Otis_INF]

When you select for the setting 'When connection to this resource, the content should come from' option 3: A redirection to a URL, (On the 'Home Directory' Tab in the website's properties in IIS4) you are still vulnerable. You are thus not vulnerable when you do response.redirect() kinda stuff in ASP.

CmdrTaco feeling a little lonely?

[SpamapS]

CT, you getting out enough? It seems like every posting you put up has something worthless and asinine about your day. So I ask, are you getting enough human interaction?

We're just concerned for your well being! :-P

Re:Bzzzt! Nope, try again.

Tivoli (Austin -and- RTP) has 0 access to any port 80 site around the internet or intranet, and the official response is that they have closed port 80 because of the code red worm. so which IBM do YOU work for?

You do realize.....

[NDPTAL85]

....that Microsoft only has around 20% of the server market yet suffers the most vulnerabilities. Not just attacks but vulnerabilities.

Both statements are true...

[jlrowe]

Awhile back, my brother talked to a MS person on a plane about this while in flight.

Hotmail's interface, the web server access was moved to Windows.
The back end databases remain on Sun Solaris however.

I probably have notes on this somewhere, but can remmeber that a whole lot (hundreds I'd guess) of Windows web servers are feeding just a handful of Sun machines handling the actual mail databases. There is also another layer of servers between the two that figure out which Sun server has a particular person's email.

Re:mail.Yahoo.com

hopefully someone will mod him down as offtopic... ;)

I wonder if this one of them

[Astralmind]

This is one I found in my Apache's Logs. 65.54.225.31 - - [08/Aug/2001:17:39:01 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 303 "-" "-"

Re:Analysis of Managerial administration by the BO

It's just too bad they put all that UK grammar in it, such as "bollocks" "pounds sterling" and "smoking fags"

IF *nix was admined by doze users would the nix ..

[Totally+Desensitized]

Jeez so long I posted that I can barely remember my login and on such a overdone topic but I have never seen the exact question asked how would a properly set up nix system stay up with Joe Doze adding and removing hard and software daily. Christ my cousins win box is a nightmare with every fopnt, icon wallpaper theme Game dumb fractal applet worthless application hacked and other crap its all on a PIII with plenty O disk and RAM Anyhow I dunno how linux gets when you install and uninstall endless packages I think we may see a lot more linux reboots of course Windows is quite often like that from a fresh installation.
I dunno I guess I am just curious to what degree bad administration affects linux stability

Another infected MS site?

[NicePaisleyHorsy]

Unless this IP has been spoofed, I just got this log entry from the vigilante java applet I started running today. If you look at the site under this IP, http://216.72.47.132/ , it is the Microsoft site for the Windows NT 4.0 Option Pack! Here's the log entry: [09/08/01 10:03:42 EDT] BaitThread: Processing req uest. [09/08/01 10:03:42 EDT] BaitThread: Request string : "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u78 01%u9090%u6858%ucbd3%u7801%u90 90%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078 %u0000%u00=a HTTP/1.0". [09/08/01 10:03:43 EDT] Decaffeinator: Updated decaffeination script successfull y. [09/08/01 10:03:43 EDT] Decaffeinator: Updated decaffeination script successfull y. [09/08/01 10:03:43 EDT] Decaffeinator: Decaffeinating http://216.72.47.132/... [09/08/01 10:04:42 EDT] Decaffeinator: Decaffeinated http://216.72.47.132/ succe ssfully. [09/08/01 10:04:42 EDT] Decaffeinator: 1 servers decaffeinated.