Slashdot Mirror
Hotmail Servers Shut Down by Code Red
An Anonymous Coward writes: "SF Gate has this story about Code Red taking down some of Microsoft's Hotmail servers. That's funny." So is Code Red a problem yet? Meanwhile my sircams have stopped, except for 2 people who mail me a hundred or more a day. Thank god for filters, but if I had a monthly bandwidth cap, I'd be pissed.
Did anyone read the Dilbert comic where MS had mis-spelled a word in MS Word? I can imagine the Admin(s) in question to be put into a similar situation
.. At our Comdex booth
MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill:
Yahoo! Mail's POP3 service still exists. You just have to accept occasional commercial emails from them. Click Options, then POP access and forwarding.
Don't want ads in your inbox? Then do what I do - leave POP3 access off until the mailbox gets filled up, then turn on POP3 access, use you favorite mail client to download all your email, and finally turn POP3 access off again.
This
Don't they _want_ to render the existing Internet unworkable so they can sell people an 'upgrade' solution based entirely on proprietary protocols that tie in with .NET?
Don't they _need_ the current Internet to grind to a halt with as much damage as possible so their stuff looks good by comparison?
I'm sorry, but Code Red may turn out to be their baby all along. If that is true, then they _meant_ it to cripple the Internet. With .NET coming along, Microsoft desperately want and NEED to cripple the internet. Otherwise, who will buy .NET?
11) Pick a platform which would get you the sack if management had a clue
Shouldn't that be COST you YOUR sack? For male admins, anyway.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Has any mass media (NBC or CNN) hit Microsoft about their crappy design? I would also like to know if Microsoft would ever consider writing a fixing worm.
Click here or here.
I find it amazing that they didn't take every precaution to protect what might be their highest-profile property. If MSDN went down, they could cover it - Most of their other servers, too. But Hotmail? That's so closely associated with Passport and, by association, dot-net, that I think they would do absolutely everything in their power to keep it spotless in the minds of the users.
Good luck to them. They'll need it.
I got two unsolicited calls asking how to set up Apache on a Windows 2000 server. These were people who had never seen a need to switch before. If I convert their servers for them, I'll probably set up a Linux box or two, 'just for backup purposes'.
Heh heh.
Cheers,
Jim in Tokyo
-- My Weblog.
I just queried Netcraft What's That Site Running and it answers:
... I'm laughing as much as everyone!
The site www.hotmail.com is running Microsoft-IIS/5.0 on Windows 2000
I also tried the SSL Port 443 and it's also hosted on IIS5/Win2K. Hope this clears up any confusion *grin*
One thing to consider here folks: this is a classic case of Security Process falling down. It just so happens it's an Win2K hole in this instance. If Hotmail still ran BSD and there was a root exploit discovered, someone still needs to follow the process and plug the hole.
NB: I'm not excusing MS here
Well, here we have a gold-plated example of a fatal flaw in a piece of commercial software, coupled to a lax attitude towards fixing it, that has without question resulted in the loss of Actual Money by a great deal of people. One would think then, that IS Managers across the world would be queuing up to sue Microsoft and recover their costs.
Sue Microsoft because your sysadmin is too lax to install a security patch that came out almost two months ago?
Yeah, that'll work.
NO CARRIER
Microsoft has just reported on its website that the hotmail/passport servers will be down indefinitely because the programmers and technicians who are supposed to fix them can't log into their passport accounts to access their tools to fix the problem.
More on this at 11.
Best. Comment. Ever. Enjoy!
For some reason, everyone seems to think that every virus is an Outlook virus.
I Don't understand why dont they apply their own patches to their own servers ?
I bet they do have their own mailing lists where they are talking about this.
Or possibly they are not interested in it ?
The device you are attempting to access is either read only or just another user.
How can you forget a bunch of servers.
It wouldn't be the first time someone has forgotten a server. (I can't see this happening to a Windows box, though.)
!net
Friends don't help friends install M$ junk.
Ok, I'll bite. Let's go through the list.:
1) Pick a platform that is difficult to administer remotely
Since most admins administer UNIX via command prompts and vi I'd say that UNIX is much easier to administer remotely. With SSH loaded I can get all the same interface at home through a dial up 14.4k connection that I get at work.
(2) Pick a platform that is insecure
I don't really I have to say anything here. If you have ever in your life looked at the stats available at attrition.org then you know.
3) Pick a platform that can't handle the amount of customers you have
Platform wise this really comes down to hardware, not OS and CERTAINLY not admin, which is what we are discussing here.
4) Pick a platform that costs a tonne of money
Here you might have been right. Depending on the installation, the software cost may be marginalized. Or it may not. Think of buying 1000 file servers. There the OS cost is a signifigant factor. Putting in a large scale distributed application? not so much, fewer servers and most of your cost is in development and implamentation.
5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth
I can speak with some authority on this one. The MCSE cirriculum, unless they have added it recently, does NOT mention hot fix patches. At all. It tells you how to set up Microsoft's replication service that fails 20% of the time for no reason, but it does not mention the first thing about hot fixes.
6) Pick a platform that is proprietary
NT is about as proprietary as it gets. With the commercial UNIXs you at least get regular published APIs and system calls. With Linux and *BSD, you get the source. Hard to get less proprietary than that.
7) Pick a platform that runs on low-end server hardware or worse only
see my above point about platform
8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years
AFAIK, MS is the only company to even suggest the rent the OS idea.
9) Pick a platform with a database server that "loses" data given certain queries
This shouldn't have been included. Funny, but off topic.
10) Pick a platform that is forever morphing, changing technology, and has a history of instability
That's NT. It would be an accolade but for the instability part, and the fact that most of the changes don't work and aren't wanted or used by the users.
11) Pick a platform which would get you the sack if management had a clue
I would fire someone for picking a Microsoft solution when an alternative existed. Wouldn't you? What's the good side of picking Microsoft?
I'm failing to see much in this post that indicates that a good admin has a whole lot of control. Yes they can patch servers, but as has been noted, the patch doesn't always work in this case. Also, Microsoft patches are well known to de-stabalize the system, or bring back old bugs, or chrash server applications, or cause any other host of problems. Yes, the admin is important, but you're trying to say that Michael Schumacher could win while driving a stock Yugo, based strictly on his qualifications as a driver. The tool DOES matter.
Politics, Culture, Food?
Make a modified version of CodeRed called, say, CodeNap. Include in the payload an MP3 by Metallica. Wait 48 hours until it's everywhere. Now sue Microsoft because they are making money of a system that is being used to make illegal copies of copyrighted works!
324006
Microsoft has a long history of poor security in their software. They have made progress in this area, but they are still far behind the curve.
I'm a little out of my realm of knowledge here, but it seems like IIS also has a lot of features that other web servers don't have. If you have more features, you also have a lot more likelyhood for bugs and exploits. It's much easier to secure a simple product than a more feature rich one. I've heard many people state that the cost off running MS software is much higher than running other competing software. I'm sure that that's true in many cases, especially when those users aren't utilizing the extra features that IIS may offer them. However, if those features meet their needs better than Apache for example, then maybe IIS is worth the cost and the security rick for them. Regardless of who's software they use, they need to keep up on the security patches. There was a patch for this. The problem was heavilly advertised. People, including many in Microsoft itself, didn't apply the patch.
Another reason why there may be more security exploits hitting IIS than Apache is that IS people who are properly concerned with security, and properly apply patches are more likely to be running Apache than IIS. I hate to fuel the UNIX has smarter admins fire, but there seems to be a lot of truth to it in a very general sense. Note, I said in a general sense. I'm quite sure there are brilliant NT adins, and stupid UNIX admins, I've actually met a few of each.
Dave Farber's mailing list passed along Microsoft's Hotmail Is Red Hot From Worm from Newsbytes
-foxxz
I bet Microsoft is wishing they left those hotmail servers on BSD. If I remember correctly, they started moving from BSD to Windows 2000 just about this time last year...of course that was after an unsuccessful try in about the 97/98 time frame....
Crewd
Microsoft is using a Beta version of the new IIS software for their hotmail servers that come with the worm already bundled with it.
I submitted this as an article this morning, but as it is still pending, and both my home and work servers are still under constant annoyance, I figured I'd pass it on here as well. If you are running a Windows NT server, kindly do us all a favor and just turn it off for a few months.
According to yesterday's Handler's Diary on www.incidents.org, "Microsoft has confirmed that if an IIS 4.0 webserver is using URL redirection, it is still vulnerable to Code Red even if the Microsoft patch is installed". The only known solution is to remove all URL redirections from NT servers running IIS 4.0.
-Tommy
"I got a half gallon of Jack, and 2 dozen Ant Traps. I'm about to get wild." -me
I found out that a couple of the servers were infected by code red.. not taken down. It even states that it caused no slow down accessing hotmail. The only news here is that MS doesn't care enough about hotmail to patch a few servers. Woo.
I Don't understand why dont they apply their own patches to their own servers ?
Probably for the same reason many people don't install the patches. They have the server up and running and are afraid of what the patch will break.
As x approaches total apathy I couldn't care less.
Are you a suicide victim after you kill yourself? M$ brought this on themselves through their software quality (or lack thereof) and their failure to apply the fixes that supposedly fix the problem after laying the blame for this at the feet of all those who didn't. "Victim" just doesn't seem to fit.
Of course, how much of this whole discussion is Schadenfreude? (Of which I am gleefully participating in.)
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
The only thing better would be if Microsoft's server that has the patch to download was infected...
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
Redirect gone /default.ida
in your conf. Will make it return a "410 Gone" message which is like a "stronger" 404, and it won't log in the error log. This will return a default error page (few hundred bytes); much like the 404 error.
Liberty in your lifetime
We all do it, that is, create a throw-away HotMail account for those times we need to register online somewhere with an e-mail address. I even go so far as to turn on the SPAM Filtering and limit the use of the account for said registrations.
Even so, these accounts always manage to get overrun by a flood of SPAM. I've even set up one account to throw away EVERYTHING. Then again, that's the account I used to sign up with SpamCop
So I'm thinking, perhaps it's not a bad thing for all those nasty SPAM'rs to get hundreds, if not thousands of messages bounced back (not like they don't already). One can only hope that their stupid harversters removed bounced addresses from their lists.
At least in this way, maybe CodeRed will have done us a favor. Even for a short while.
healyourchurchwebsite.com - WWJB?
Who causes this mess?
Obviously not Msft, since their FU's are protected by the EULA; society seems to want to blame the virus authors who exploit the holes, but I think the blame belongs to: people who take the path of least resistance and buy Msft licenses. Yes, people should be FIRED , sacked, terminated, let go, finito', by company's for recommending Msft Exchange/Outlook/IIS when they get a plague of viruses. And I mean TOP IT mgmt should get the old heave-ho onto the street from the suits when there's a major business disruption. After they dump the McSE fakirs and the "40 Billion Dollar RipOff Goliath" they should look around for some credible, broad computer business information systems experience willing to look at alternatives other than a simple minded 'single source' from budget sucking vendor lock in thieves leading them further down the primrose path to madness, mayhem & self destruction.
Thank you.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Actually, EULAs would be less binding on businesses because they tend to employ lawyers who would instruct them of this.
However, businesses tend to sign paper contracts that spell out everything in the EULA, as part of their bulk-purchase agreements. And in that fashion, being open and before-sale, it's perfectly legal and binding.
If you had to sign your name to an EULA when you bought software at a store, it's be more binding. Especially if you had to sign BEFORE purchase.
But if a business (or consumer) goes to the store, buys a package, takes it home, installs it, and clicks-through the EULA, they are NOT bound by it. Even if they knew it was there, they also knew that it is invalid. EULAs, no matter how you look at it, are not binding to ANYONE.
Thus the UCITA. I mean, if a business can't forbid people commenting on the quality of a product, writing reviews, distributing anything made with the software without royalties, and cripple it in the name of piracy provention... how do we expect them to make billions of dollars and oppress us?!? Support your local billionaire, buy him a politician.
Can anyone write a new napster using this "protocol". Then we just have to set up NT servers and wait for the files to arive. First it spread itself to any boxes on the net then start transfering files on off Your HD. Everyday when you come home from work you got 2gb of fresh pron. Should keep you busy for the rest of the evening.
So after Microsoft who do they sue next? SUN? They've had security bugs that have caused problems for customers. How about Apache? They've also had to patch security holes. How many companies that make server software haven't had security holes at one point or another? More viruses/trujans/worms are made to attack MS OSs because they have a larger market share (in the desktop market at least), and they're probably more despised by the crackers writing the viruses/trojans/worms.
The real story here is that a lot of people running Microsoft OSs don't take applying security patches seriously enough. The fact that some of them are at Hotmail which is owned by Microsoft makes the news both funnier and more depressing.
System administrators and computer users in general need to be more concerned with the costs of not applying security patches. A more serious effort also has to be made to convince crackers that there will be serious penalties for releasing these viruses/trojans/worms. It's past time to accept excuses like I didn't mean to cause that much harm, or I was just doing it to show the hole existed. Is it necessary to throw a brick through a car window to prove that a car alarm won't stom you from steaning someones stuff out of the car? These crackers are causing serious finicial harm. They should be held responsible for their actions, and not get a slap on the wrist.
Except that the EULA, any EULA, is absolute and total bullshit, except in Maryland and Virginia(?) who think UCITA makes sense.
You can't make addendums to a contract after the sale without agreement from both sides. Clicking a button or hitting a key does not constitute proof of agreement. That requires a signature. Please help spread the news that EULA's are bullshit until they are upheld in a court of law or supported by legislation. At the present, they are just some grandstanding bullshit from rich software companies with nothing more than threats from lawyers standing behind them.
BTW, did I mention that EULAs are BULLSHIT mumbo-jumbo legalese that don't have the force of spit.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
The difference is that you purchase ISP service on a subscription plan. If they change their TOS or AUP in a way that you don't like, you're free to complain until they cancel your account and quit sending you a bill every month. Lucky thing is that there is still a small amount of competition in the ISP market and you really do have some choice in the matter.
I don't want free as in beer. I just want free beer.
MSN Hotmail has a new look!
MSN Hotmail has a brand new face...and it's easier to use. You'll find it easier to create and manage your folders, see which of your Messenger buddies has been hacked by chinese, and quickly choose names from your Address Book when send document for to ask advice.
Promote proofreading. Don't mod up sloppy posts.
MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill:
Have him spray the booth in herring oil, then release the penguins...
Oh, that would be messy. :)
Fire and Meat. Yummy.
Who has losses that arise from code red?
ISP's and individuals/companies paying for bandwith used.
Who causes this mess?
People who haven't patched their software (gross negligence).
Who can sue who?
People who have losses because of gross negligence.
Micorosoft is shielded by a EULA that limits (or denies)liability (although this EULA might not be fully apllicable worldwide).
Oooohh, the total cost of ownership argument rears its ugly head again! :)
As I said, most MCSE's don't know left from right. They may be cheap, but there is a reason for that! You gets what you pays for.
Linux does get security holes, although a well configured install should have less opportunity. If the box is only running sshd, httpd and a database, then you cut down the options for attack immediately. If you run OpenBSD you will be pretty safe out of the box!
Windows appears to get a major security hole several times a year, and people just don't learn. This isn't about a webserver, it is about the future of your data and personal information, because that is what Microsoft wants to manage via Passport.
My post you quoted was a joke, although it got a couple of informatives (?!) as well. Code Red has proved that most admins for windows system don't patch their machines, possibly because MS patches tend to mess things up like Exchange so they don't work. So to use MS, you need a duplicate setup of your servers just to test out these patches and check they will work when used on production equipment. That is expensive, even if the hardware is old, the software needs licenses.
The fact that Code Red has infected so many home users suggests a big piracy problem to me. No wonder MS have WPA in XP. I bet that WPA won't make people buy Windows though, they will stick with what they have, and eventually be forced to check out an alternative OS.
Of course, for some applications, MS will be the right choice. .NET looks like it will be very good, however MS want to fix it up in patents to prevent interoperability and keep it to themselves and their friends. Linux/BSD/etc does not need a .NET clone, it needs its own system that works like .NET, but using open, free software and algorithms, all managable from a single command line and GUI tool. Easy to set up, easy to configure, cross platform and easy to interoperate with other vendors. I call it "The Unix Business Platform"... :)
Hmmm...Hotmail used to be a *fantastic* mail service until MS took it over (first, they added SSL which made accessing it from lynx impossible. Fortunately lynx-ssl made it possible again. Then, they added Javascript. Bastards. Javascript, for MAIL???)
Then Hotmail moved their cluster (several times, if memory serves) from trusty, reliable FreeBSD servers to MS products. We have seen the results of this changeover in the past, and now we're seeing what happens now with all the viruses floating around in MS-land.
I was happy enough to discover Yahoo Mail, which IS running on FreeBSD servers, and DOESN'T need SSL or Javascript to access. Haven't had a problem since then. :-)
Back in the Dark Ages of corporate acceptance of Free Software (circa '97 or so) a common pointy-haired manager complaint was "Who do we sue?"
IE, if the software contained some fatal flaw that resulted in Actual Money being lost, the corporation could go after a commercial software house in the courts in an attempt to recover costs.
Free Software, being provided as a community service with no sue-able corporation behind it, lacked this perceived accountability.
Well, here we have a gold-plated example of a fatal flaw in a piece of commercial software, coupled to a lax attitude towards fixing it, that has without question resulted in the loss of Actual Money by a great deal of people. One would think then, that IS Managers across the world would be queuing up to sue Microsoft and recover their costs.
Anybody seeing any evidence of this happening?
Want to learn about race cars? Read my Book
32 billion dollars in cash in the bank, increasing by a billion per month, and thats not very good at making money?!
Who by your standards is good at making money?
No, Thursday's out. How about never - is never good for you?
Either someone has hacked up Apache to report a different server string, or jobs.osdn.com is actually running IIS 5.0.
THAT is interesting!!
Fear: When you see B8 00 4C CD 21 and know what it means
They are difficult to patch or upgrade or remotely configure or fix, or even publish to.
So...how, exactly, are these systems easy to use again?
I work for a small company that handles license production for a number of the software companies, most of the stuff for OEMs - one of them is Microsoft. (You know that little piece of paper with the cool hologram and bunch of numbers? We make them)
Now Microsoft is very critical about who gets access to the serial numbers and databases. They have there own servers, VLAN, and firewall at our plants for distribution of licenses. Think it would be pretty secure, right?
Well not really, they all got Code Red when it first came out. Now we were cleaning Code Red up on our own webserver (Yeah, I know, should have patched) Noticed that the MS server were infected, called up MS and told them what was up. They didn't believe us and told us the servers were already patched. Took a number of calls and yelling to get their boxes fixed.
I don't know if its really funny or really sad.
The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data.
NT's standard remote admin tools, like Event Viewer and Server Manager, require RPC using NetBIOS, which is difficult if not impossible to secure.
UNIX may have its problems, but secure remote administration using native tools is not one of them.
Helevius
Now when it hit their Windows Update site, that was funny. Slow day?
DataSquid.net, a little about me.
heh. heheheh. heheheheheheheheheheheh..... hehehehaehahahahahahahaaaaaaaahahahahaaaaaaaaaaaaa aaaaaaaaaa.... oh, man...... heheheh. muahahahahahahahahaaaaaaaaaaaaaaaaaaaahahahahaHAHA HAHAHAHAAAAAAAAAAAAAAAAAAAAa...
hee heeeeeeee....
Okay, people keep saying it isn't a problem, the news doesn't know what to say about it, but I can confirm, it is a problem. More of a pain in the ass. Cisco DSL modems are still vulnerable, because people don't realize it is code red locking them up. Infected IIS servers are all over the place, and I keep getting more scans every day.
On my web server (with multiple IPs), 689 probes yesterday. 613 of those were Code Red II. 685 the day before (578 were CRII). 543 the day before that (419 CRII). 433 the day before that (224 CRII).
So, simply put, Code Red II is worse than Code Red, and getting more so. Who cares what it does to the servers, right now, it is a major pain in the ass.
Ever tried explaining to a client that their network is down because of a worm that infects web servers? And no, I didn't install those Ciscos, I would have brought CBOS up to date if I had.
And this the company whose software that the vast majority of ISPs insist that you use if you want to connect to the internet using their lines.
I think I'll have some new ammunition the next time I get into an argument with an ISP over what software I'm allowed to run.
CUR ALLOC 20195.....5804M
Funny, when we shut down access to port 80 through our firewall, worker productivity went up 172%!
"There's nothing more useless than an internet account with a monthly cap."
--Blair
"You'll find truth only in mathematics."
(twas a ZDNet story I can't seem to locate)
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
how can MS promote it's whole .NET/Passport philosophy if the very same services are proven to be insecure
Because the average (L)user has only had experiences with crappy micro$oft offerings. This is typical of their experiences. And, quite frankly, there are not many alternatives out there for the typical user. Linux is not ready for the corporate desktop or the average home user - yet.
For those of us who run UNIX or Linux, we know that systems should not crash or BSOD daily. Hey, I have some AIX-based mail servers that have not been re-booted in 5 months, and the last time they were down was because I needed to add more disk. If the average home user can go a day or so between crashes, they are satisfied and happy with that.
That is the market that micro$oft sells to. The (L)users and pointy-haired bosses of the world are their audience. Not the informed techies. Their target audience completely accepts that the evil hackers are to blame.
And why hasnt MS been made accountable at all?
Because their PR firms do an amazing job of making sure that a micro$oft-friendly version of the problem gets reported. There are not many reporters out there who have the technical know-how to be able to see through the obfuscation. Unfortunately, most of the (L)users get their technical news from ZDNET and other micro$oft-friendly sites.
are people truly that blind to the insecurities and downfalls of MS software?
Most people probably are. From what I have seen, the people who recognize the risks of using micro$oft products on critical systems run UNIX variants.
*** Where are we going? And what's with this handbasket?
One little server on a little 128k leased line and the attack pattern since 1st August reads
13,35,24,27,27,63,73,47,32 (in 15 hours)
Until the 4th August all the attacks were from the initial breed (NNNNNN). On the 4th 3 of the 27 attacks were from the new breed (XXXXXX). On the 5th 15 NNNNN and 12 XXXXX. Day 6 and only 10 of the old breed arrive while 63 of the new breed are in and since then we are down to about 3 attacks of the old NNNNN per day.
I actually agree with the concept setting up a lot of machines to reply to the virus with the fix. It seems obvious that too many NT/2000 boxes out there are abandoned and vulnerable thanks to the lack of knowledge required to expose one. Who thinks that we won't see any attacks next month?
Never underestimate the dark side of the Source
Um... maybe that's where Code Red originally came from.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
We discussed this one year ago this week. It was concluded that they were running a round-robin DNS, and you'd sometimes get Apache (~20% of the time) and sometimes get IIS 5.0 (~80% of the time.) To run your own experiment, try the script that I included at the time.
/var/tmp/hotmail
#!/bin/bash
i=1
while [ "$i" -lt 253 ]
do
lynx -head -dump http://lw7fd.law7.hotmail.msn.com/ |grep Server >>
let i="$i"+1
done
-Waldo
IIRC, it doesn't DROP the records, it simply does not retreive & display them after the table they reside in gets to be a certain size. 1000 records, 10,000 records? The records are still there, they just don't show up in query results.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
> This company release a warning, what, like 6 months ago
June 18. Nowhere near 6 months ago. Barely a month before the onslaught of Code Red I.
GET /default.ida?heheheheheheheheheheheh.....heheheh.m uahahahahahahahahaaaaaaaaaaaaaaaaaaaahahahahaHAHAH AHAHAHAAAAAAAAAAAAAAAAAAAAa%u9090%u6858%ucbd3%u780 1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801% u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0
;-)
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
...Code Red is taking down Hotmail so that people can't get to their accounts that are filled up with SirCam?
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Losing track of Nuclear materials
Nuclear Materials System Not Buggy, Says Microsoft
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Um, I actually am surprised to see the level of hostility levied towards a service that is provided free of charge to the general public. One thing that is also interesting is the number of posts (I knew it was inevitable) touting Linux. I love Linux. I think it's great. You want to know why there are no real virus threats against Linux? It's because no one has targeted it. Maybe all the virus writers are 15 years old and using Linux? It seems to me that *no* OS is safe if people really want to target it, and laughing at the misfortune of another smacks of immaturity and a certain foolishness.
I seem to remember some savvy /.er out there somewhere who showed that MS was actually using Linux to power Hotmail. Maybe with the recent facelift upgrade they did, they changed the backend as well...
Captain_Frisk
The patch has been out since what, June? MS is happy to say "we had a patch out months ago, sent out plenty of warnings, everyone had plenty of time to stop this, it's not our fault they didn't patch it" when people complain about the problem.
The fact that they didn't get their systems patched is a real indictment of either their system administration practices (if even the vendor doesn't install widely-publicized vendor patches, how can they claim that Bob's Bait Store should always be up to date?) or the "easy administration" of W2K. Unfortunately I doubt anyone will actually be indicted....
Can you believe I have not ever received one single Sircam OR "love bug" mail?
Imagine trying to run an e-mail service on NT. What a pack of incompetent marketdroids.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Sign me up for Hailstorm right now! Do you need my credit card number now or later? When do you want my ssn, drivers license, home address and other personal information? Boy, I sure am glad I've got a big responsible company to handle my sensitive data instead of a bunch of foreign nobodies. If MicroSoft can't protect my information, who can we trust? ;)
You must be the change you wish to see in the world - Ghandi
Mr Troll:
That's because there are no Linux viri!
McAfee does make a linux server tool for detecting WinDoh's viri on the server side (before the user gets it)... along with a few other Linux-based tools to try to protect WinDoh's lusers from thier idiocy.
When I die, please cast my ashes upon Bill Gates -- for once, make him clean up after me!
Probably the same thing that happened with Windows. Same situation, just not free.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
wasn't it not too long ago this very forum was laughing at the piddly virus 'code red', because the author had 'stupidly' used a site name instead of its IP to attack it. now look at how much trouble it has caused and answer me... how many other more successful viruses have there been? maybe its intended purpose, DDOS-ing whitehouse.gov, has gone by the wayside, but man, what a lot of crap being posted here, there, and everywhere, on the TV, etc, etc. this is an unbelievably 'successful' virus.
The REAL sam_at_caveman_dot_org is user ID 13833.
I think the definition of power user here is incorrect - there is no Microsoft product which comes into the "Power" category. Clustering windows servers gets you possibly into mid-range, but it's pretty much low end.
For high end, you are talking big iron from IBM, SUN, Cray or SGI, or massive Unix/Linux clusters a la ASCI, Lawrence Livermore etc.
However, if these hackers you mention do get ticked off and learn linux/freeBSD or a.n.other *nix the experience may well be good for them. Some of these people may be the gurus of the future.
Now, I know what it takes for us in a small (50 person) company to patch our desktop and server machines, so it seems to me that this patching undertaking would take a LOT of people a LOT of time. Who knows, maybe they HAVE been patching their servers, it's just taking them months to do it!
Perhaps they should fire off a simple script using ssh and awk that will make the update on all of the...OOOPS, I guess they hired a few more permatemp MCSEs who for some reason didn't have the real world ability you might expect from someone with such an illustrious certification.
Oh, sorry I forgot. Some people just can't take the competition.
Is it true that I can get my FREE download of MSN Explorer at http://explorer.msn.com/intl.asp? Wow! That's just what I've always wanted, FREE software.
Friends don't help friends install M$ junk.
You know you're in a bad position when a large group of people say that despite your service being free it still sucks. Could you imagine the heat MS would be getting if they charged for Hotmail?
BOSTON SUCKS!
Actually Windows 95 and NT4.0 with office 97 does everything an office worker needs.... actually even earlier versions of office are plenty sufficent. all versions after 5.0 are just adding intentional incompatabilities to force upgrades as the features are useless... (Funny how abiword is 10 times smaller than word.... oh wait there isnt an entire version of VB5.0 in it!)
for productivity, corperate and all companies havent had to upgrade for 6 years.. It's the morons in the IT/IS department that gotta have the latest!
Do not look at laser with remaining good eye.
I doubt it, since only some of the W2K HotMail servers are infected (according to Microsoft, anyway). I suppose they missed a few or just ran out of time to patch them all - how many boxen do you think they have to patch? Lots?
Unless Code Red II on the infected servers is having a field day with all those other NT boxen on the same subnet and they are suffering from congestion of course. Either way, it might explain why I haven't received any SirCam emails recently...
UNIX? They're not even circumcised! Savages!
"Sucks to be them"
I can think of worse jobs than being paid by Microsoft to watch their servers being brought down by their own software!
I have seen one of Msoft's server buildouts at an Exodus building. It is for the most part what you would expect. Many rows of 19" racks fully populated (or getting that way) of 2u and sometimes 4u rack mount boxes. It is all well placed and well cabled... as it should be with the huge number of contractors they hire. The only thing I get a chuckle out of is watching the rolling carts in there moving around with monitors, keyboard and mice on them. So much for serial console management!
--- I do not moderate.
Ok, I know it's a lot of servers, but the company that runs Hotmail, also wrote the OS that is insecure. This company release a warning, what, like 6 months ago, and also released a patch at the same time. They have been claiming that this is a major security hole since then and strongly encourages everybody to install the patch, yet they themselves don't.
Somehow, when I picture a server farm, I see this clean, organized room with nice neat racks. With everything that happens with MS's servers, all I can envision is a building reminiscent of a level from Diablo. Something dark & gloomy with servers just sitting on workbenches with their hard drives just hanging out of the side of the case and the motherboard coated in 1/2" of dust.
How can you forget a bunch of servers. I work for a small ISP so we're not the most organized place, but hell, all we have is two racks for modems & routers, and a dozen boxes sitting on the floor for servers. But we at least have pieces of paper tacked to the wall with a list of IP addresses, server names, functions and OS. We install the patches on all of our machines just fine.
All you need is a list of all the servers. Then take that list around with you and after you install the patch, put a little "X" next to the server on the list. Not really complex guys. Of course this is Microsoft, they're probably running little handhelds with WinCE, connecting wirelessly to a MSSQL server that seems to simply misplace records for the hell of it.
Whatever they pay their PR department, it's not nearly enough..
I expect an MS Product manager to walk into their office this morning, only to find them to have all hung themselves..
.. unless they anticipate said MS Product manager to be walking in with yet -another- set of healthy bonus cheques.
Oh, and that new crucifix in Redmond, that has nothing to do with religion, that's the Hotmail admin responsible for this mess.
Code Red: Exploits a secruity bug in Micro$oft IIS, winds up taking down Micro$oft Hotmail servers. Damn. These guys are good at making money, and making themselves look stupid.
first off, cmdrtaco, please keep moaning about getting too much mail all the time from these viruses. it really adds to the discussion to hear every 5 posts or so, 'wah, i am getting megs of virus mail.' okay, we get it. but... what is really weird is the reaction of 'real businesses' to these viruses. IBM for one (and this is why i'm posting anonymously...) SHUT DOWN their entire internal access to all port 80 traffic to stop the spread of code red -- this is a big deal, as this is affecting entire companies' modes of operation and costing millions in lost productivity (no access to even internal web docs, let alone external web resources, etc).
Hello little man. I will destroy you!
Ghar, the local ISP here had Xamime installed.. not a single client copped anything from Sircam... oh wait, this is about RedCode? :)
It seems to me that microsoft.com is also badly effected by something [Code Red?]. It's been returning, Servery Busy, and Access Control Violations all morning. When you do get a page returned it's slow, very slow.
Why does the title of the article say that Microsoft may have been victim of Code Red worm when it later says that The software giant on Wednesday confirmed that some of its MSN Hotmail servers were infected with a Code Red virus. Aren't you a victim if your computers get infected? Or do you have to wait until all your disk drives are formatted?
- Right click on My Computer
- Select Manage.
- Double click Services and Applications
- Double click on Internet Information Services
- single click on Default Web Site
- Click Delete
- Repeat for other web sites
- Open up Internet Explorer
- Go to http://www.apache.org
- Download the Win32 binaries
- Unzip and install them
- Click on Start/Programs/Apache/Configure/Edit http.conf
- Edit that file to add whatever sites and functionality you need
- Restart Apache
You are now immune. Microsoft releases a few patches here and there, but you are running A Patchy web server....Actually, this is what I did when the first one hit. It saved my box because I am running an old betal of Whistler on one machine for testing purposes and did not want to be without protection from the virus. The information I was able to get on whether I was vulnerable was inconsistant.
LedgerSMB: Open source Accounting/ERP
It's bad enough that they need Free Software to keep Hotmail afloat as it is. I can't se Microsoft using a Free Software solution on their boxes too...
Part of the problem, may be that NT doesn't respond well to remote admin.. I can see some intern going from box to box, plugging and unplugging keyboards and mice, and doing the upgrades.
"Oops! I must have missed 3 of the 85 boxes that I was supposed to patch!"
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Ha!
Prove it. Let's see the code. The _real_ code, the code that actually ships inside the binaries.
Evidence would tend to suggest you couldn't be wronger... and the ability of the admin has _nothing_ to do with it. What else is out there waiting for enough damage to justify a 'patch'? What evidence do you have that the 'patch' does what you expect and want?
Enjoy your job, make lots of money, work within the law. Choose any two.
In the past, the server cracks tended to hurt the people who owned the servers, leaking information and so forth. These people couldn't sue MS for shoddy work, because that license agreement took away those rights.
But now we've got Code Red. People who never signed any sort of license agreement with MS are now paying the price for their lousy quality control. Can these people sue? If Code Red causes your ISP's network traffic load to go up, if it overloads your company's router, whatever, can MS be sued?
I'm waiting for the lawyers to start circling on this one...
-jon
Remember Amalek.
Actually, the MS provided patch doesn't work against Code Red if you have URL forwarding on your server. I bet they have it enabled, and so they were left open...
Think about this...
For A Linux box or a Windows box, go through the same list and realize that it's the administrator that matters. Not the OS! Really. A windows box can be just as secure as linux box if the administrator knows what he is doing. An admin for a win2k box is cheaper than a linux admin. There's more of them. So the cost of the OS takes itself out.
1) Pick a platform that is difficult to administer remotely
(2) Pick a platform that is insecure
3) Pick a platform that can't handle the amount of customers you have
4) Pick a platform that costs a tonne of money
5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth
6) Pick a platform that is proprietary
7) Pick a platform that runs on low-end server hardware or worse only
8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years
9) Pick a platform with a database server that "loses" data given certain queries
10) Pick a platform that is forever morphing, changing technology, and has a history of instability
11) Pick a platform which would get you the sack if management had a clue
I doubt that the Hotmail admins are so incompetent that they forgot to patch their own servers. What are the odds that the patch itself is defective? Their P.R. guys could just be putting a different spin on the story by blaming the admins.
"What is the sound of one belly slapping?"
1) The bigger the system, the tidier it usually is. A small company can buy a few servers and network them easily. A thousand servers require a huge ammount of specialized equipment which is hard to misplace.
2) If you ever do anything requiring thousands of PCs, there's a 99.9% chance that you're doing something VERY wrong. Mainframes exist for a reason, that's because they're very much better at huge jobs. (Except for a few oddball tasks like google, or a render farm.)
There aren't a lot of really great remote-admin tools for Windows. This is because people doing HUGE jobs go buy mainframes. Only companies who failed the product-requirements phase use MS products on a large number of servers. (To a large degree, simply because PC hardware just doesn't cut it, and even 8-way XEONs are laughable compared to *real* computers.) If an admin has a thousand windows box either 1) they aren't mission-critical servers, or 2) the admin is clueless. (Or 3, the company needs to use its own products or nobody will respect it, at all.)
SirCam just won't go away. Here are my daily counts, starting from 7/23:
3 1 6 2 0 1 3 0 2 3 0 1 1 2 2 1 5
I had thought the worst was over after the 25th, but the last 24 hours have been busy again. This must be absolutely ravaging the Windows world.
Also, I still haven't gotten a single one from anyone I know. Ten are explainable because they came over the Freeciv mailing list (showing that even Windows users like open-source software). It's incomprehensible why any of the others would have me in their address book.
Also, I had one stranger mail out a FixSir.com, asking everyone to run it. (Our standard joke about how to spread e-mail viruses under UNIX may not be as unrealistic as we like to think it is.) This one might have been innocent, put it probably points to a future trend: release a virus, wait until it hits the news, then release a second piggyback virus with a message promising to protect against the first one.
Sheesh, evil *and* a jerk. -- Jade
I think that in Microsoft's case, it's excusable. Companies have good non-technical non-merit reasons for wanting to use their own products. It makes sense. I would do the same. Let me stress that: I would use my own stuff over other peoples', even if I knew my stuff was inferior. If I have a need for that product as a user, then I'm getting a free tester/debugger as a developer. Free help is a Good Thing. So I don't really blame MS for moving Hotmail over to their stuff.
But I can't figure out why anyone else would pick NT/2k as a server. At least with the desktop monopoly, there's a reason for it: a continuous legact going back 20 years. When someone chooses Windows clients, I don't like it and I disagree with it, but at least they're able to come up with some justification (which always involves some previously existing software). If a real mistake was made, it was made many many years ago, and they're simply locked in nowdays. If there's anything wrong with them now, it's just that they don't have the strength to try to dig themselves out of their hole.
But with the servers (especially when you get into Internet stuff, like email, web, etc. instead of merely office file servers), it's just mindboggling. I'm not saying NT is bad (I would say that, but it's another topic ;-) but what's really wrong with it, is that it just doesn't
have anything going for it, and there were significantly already superior
products. In order for someone to be using NT as a web server, they
either had to trash an existing web server that probably worked better,
or they had a blank slate and somehow picked Microsoft over all
the other choices. Either way, it's just plain dumb. There isn't any
continuous chain of lockin going back to the 80s, to blame it on.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Nobody's going to sue Microsoft over this, because the majority of the infected W2K systems are not using legally purchased software.
They're home systems running a duplicate copy of somebody's work installation.
I'll bet you a quarter.
Known about this since Sunday. When I went thro my error_log file on my apache box and found this.
Tue Aug 7 05:37:56 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:38:45 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:38:54 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:40:21 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:01 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:15 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:20 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:48:55 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:49:13 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
64.4.13.230 is msgr-cs20.msgr.hotmail.com
You'd figure they'd patch themselves.
.NET and Passport demand good security, as people will be attempting to break into those systems, viruses to DDoS Passport, etc. Yet here's MS unable to patch their own Hotmail systems to prevent Code Red from infecting their own machines. By failing to patch their own computers, can people expect the same from Passport?
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
colour
favourite
mum
mate
Piss off, you stupid Yank.
You think you have "rights", but when was the last time you tried to exercise one of them that might conflict with the interests of one of your powers-that-be?
There are thousands of programmers who could write this virus. All it takes is one. You can discourage 9999 out of 10,000, but you can't expect 100% cooperation from the entire world. Protecting servers is more realistic than eliminating every potential outlaw.
(Reality reasserts itself sooner or later.)
I had nothing to do with it! It was Microsoft(TM)'s servers that are having problems. It seems like everyone points the finger at CodeRed, when all I'm guilty of is lurking on Slashdot and posting useless messages over and over.
Please refrain from blaming me for every little thing. Yes, I'm the reason the net is slowing, yes my cousins [2,3] are good at what they do, but isn't it time we point the finger at security issues of other OS's instead of the usual suspects??
And I am no relation to SirCam, I just respect his work!
Thank you,
CodeRed [The low user #]
--
CodeRed, the lower user #. No relation to SirCam.
(Note: calls work fine; it's just directory information that you cannot get.)
[reposted from here]
Hi, Just an update. Some yahoo managed to get CodeRed inside our firewall where it's running rampant. At one point, the gigabit connection to the Internet was at 90% utilization. We are in the process of finding and patching all servers now. We have several hundred affected machines. Most of the resources from at least three IT organizations are working on this now.
Dirty Pirate Hooker
Over my way, daily average is about 225 attacks, no sign of letting up, and when a browser is pointed towards them, most of them are simply show the default IIS screen. These boxes are probably not going to be patched because the owners of the machines are unaware their machines are owned. So, yeah, Oct 1 is probably when this crap is going to end.
If god had intended you to be naked, you would have been born that way.
Everyone should offer this wonderful and handy
/dev/zero /default.ida
cleanup service through the web, courtesy of
Linux and Code Red. Simply create the following
symbolic link:
ln -s
Cheers,
RAK
http://minduploading.org
When you select for the setting 'When connection to this resource, the content should come from' option 3: A redirection to a URL, (On the 'Home Directory' Tab in the website's properties in IIS4) you are still vulnerable. You are thus not vulnerable when you do response.redirect() kinda stuff in ASP.
Never underestimate the relief of true separation of Religion and State.