Slashdot Mirror
Hotmail Servers Shut Down by Code Red
An Anonymous Coward writes: "SF Gate has this story about Code Red taking down some of Microsoft's Hotmail servers. That's funny." So is Code Red a problem yet? Meanwhile my sircams have stopped, except for 2 people who mail me a hundred or more a day. Thank god for filters, but if I had a monthly bandwidth cap, I'd be pissed.
Did anyone read the Dilbert comic where MS had mis-spelled a word in MS Word? I can imagine the Admin(s) in question to be put into a similar situation
.. At our Comdex booth
MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill:
I find it amazing that they didn't take every precaution to protect what might be their highest-profile property. If MSDN went down, they could cover it - Most of their other servers, too. But Hotmail? That's so closely associated with Passport and, by association, dot-net, that I think they would do absolutely everything in their power to keep it spotless in the minds of the users.
Good luck to them. They'll need it.
I got two unsolicited calls asking how to set up Apache on a Windows 2000 server. These were people who had never seen a need to switch before. If I convert their servers for them, I'll probably set up a Linux box or two, 'just for backup purposes'.
Heh heh.
Cheers,
Jim in Tokyo
-- My Weblog.
I just queried Netcraft What's That Site Running and it answers:
... I'm laughing as much as everyone!
The site www.hotmail.com is running Microsoft-IIS/5.0 on Windows 2000
I also tried the SSL Port 443 and it's also hosted on IIS5/Win2K. Hope this clears up any confusion *grin*
One thing to consider here folks: this is a classic case of Security Process falling down. It just so happens it's an Win2K hole in this instance. If Hotmail still ran BSD and there was a root exploit discovered, someone still needs to follow the process and plug the hole.
NB: I'm not excusing MS here
Make a modified version of CodeRed called, say, CodeNap. Include in the payload an MP3 by Metallica. Wait 48 hours until it's everywhere. Now sue Microsoft because they are making money of a system that is being used to make illegal copies of copyrighted works!
324006
I bet Microsoft is wishing they left those hotmail servers on BSD. If I remember correctly, they started moving from BSD to Windows 2000 just about this time last year...of course that was after an unsuccessful try in about the 97/98 time frame....
Crewd
Microsoft is using a Beta version of the new IIS software for their hotmail servers that come with the worm already bundled with it.
I submitted this as an article this morning, but as it is still pending, and both my home and work servers are still under constant annoyance, I figured I'd pass it on here as well. If you are running a Windows NT server, kindly do us all a favor and just turn it off for a few months.
According to yesterday's Handler's Diary on www.incidents.org, "Microsoft has confirmed that if an IIS 4.0 webserver is using URL redirection, it is still vulnerable to Code Red even if the Microsoft patch is installed". The only known solution is to remove all URL redirections from NT servers running IIS 4.0.
-Tommy
"I got a half gallon of Jack, and 2 dozen Ant Traps. I'm about to get wild." -me
Can anyone write a new napster using this "protocol". Then we just have to set up NT servers and wait for the files to arive. First it spread itself to any boxes on the net then start transfering files on off Your HD. Everyday when you come home from work you got 2gb of fresh pron. Should keep you busy for the rest of the evening.
Back when MS bought out Hotmail, they were running on BSD software (Apache, I think,) and then a lot of people started to make fund of them because they didn't even use their own software on their own servers.
So they moved it over to an MS platform. According to my scanner, it's running IIS 5.0.
[64.4.53.7:80] World Wide Web HTTP
HTTP/1.1 302 Redirected..Server: Microsoft-IIS/5.0..Date: Thu, 09 Aug 2001 14:48:33 GMT..Location: http://lc2.law5.hotmail.passport.com
Except that the EULA, any EULA, is absolute and total bullshit, except in Maryland and Virginia(?) who think UCITA makes sense.
You can't make addendums to a contract after the sale without agreement from both sides. Clicking a button or hitting a key does not constitute proof of agreement. That requires a signature. Please help spread the news that EULA's are bullshit until they are upheld in a court of law or supported by legislation. At the present, they are just some grandstanding bullshit from rich software companies with nothing more than threats from lawyers standing behind them.
BTW, did I mention that EULAs are BULLSHIT mumbo-jumbo legalese that don't have the force of spit.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
MSN Hotmail has a new look!
MSN Hotmail has a brand new face...and it's easier to use. You'll find it easier to create and manage your folders, see which of your Messenger buddies has been hacked by chinese, and quickly choose names from your Address Book when send document for to ask advice.
Promote proofreading. Don't mod up sloppy posts.
Who has losses that arise from code red?
ISP's and individuals/companies paying for bandwith used.
Who causes this mess?
People who haven't patched their software (gross negligence).
Who can sue who?
People who have losses because of gross negligence.
Micorosoft is shielded by a EULA that limits (or denies)liability (although this EULA might not be fully apllicable worldwide).
Back in the Dark Ages of corporate acceptance of Free Software (circa '97 or so) a common pointy-haired manager complaint was "Who do we sue?"
IE, if the software contained some fatal flaw that resulted in Actual Money being lost, the corporation could go after a commercial software house in the courts in an attempt to recover costs.
Free Software, being provided as a community service with no sue-able corporation behind it, lacked this perceived accountability.
Well, here we have a gold-plated example of a fatal flaw in a piece of commercial software, coupled to a lax attitude towards fixing it, that has without question resulted in the loss of Actual Money by a great deal of people. One would think then, that IS Managers across the world would be queuing up to sue Microsoft and recover their costs.
Anybody seeing any evidence of this happening?
Want to learn about race cars? Read my Book
I work for a small company that handles license production for a number of the software companies, most of the stuff for OEMs - one of them is Microsoft. (You know that little piece of paper with the cool hologram and bunch of numbers? We make them)
Now Microsoft is very critical about who gets access to the serial numbers and databases. They have there own servers, VLAN, and firewall at our plants for distribution of licenses. Think it would be pretty secure, right?
Well not really, they all got Code Red when it first came out. Now we were cleaning Code Red up on our own webserver (Yeah, I know, should have patched) Noticed that the MS server were infected, called up MS and told them what was up. They didn't believe us and told us the servers were already patched. Took a number of calls and yelling to get their boxes fixed.
I don't know if its really funny or really sad.
The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data.
And this the company whose software that the vast majority of ISPs insist that you use if you want to connect to the internet using their lines.
I think I'll have some new ammunition the next time I get into an argument with an ISP over what software I'm allowed to run.
CUR ALLOC 20195.....5804M
(twas a ZDNet story I can't seem to locate)
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
We discussed this one year ago this week. It was concluded that they were running a round-robin DNS, and you'd sometimes get Apache (~20% of the time) and sometimes get IIS 5.0 (~80% of the time.) To run your own experiment, try the script that I included at the time.
/var/tmp/hotmail
#!/bin/bash
i=1
while [ "$i" -lt 253 ]
do
lynx -head -dump http://lw7fd.law7.hotmail.msn.com/ |grep Server >>
let i="$i"+1
done
-Waldo
GET /default.ida?heheheheheheheheheheheh.....heheheh.m uahahahahahahahahaaaaaaaaaaaaaaaaaaaahahahahaHAHAH AHAHAHAAAAAAAAAAAAAAAAAAAAa%u9090%u6858%ucbd3%u780 1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801% u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0
;-)
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
...Code Red is taking down Hotmail so that people can't get to their accounts that are filled up with SirCam?
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Sign me up for Hailstorm right now! Do you need my credit card number now or later? When do you want my ssn, drivers license, home address and other personal information? Boy, I sure am glad I've got a big responsible company to handle my sensitive data instead of a bunch of foreign nobodies. If MicroSoft can't protect my information, who can we trust? ;)
You must be the change you wish to see in the world - Ghandi
"Sucks to be them"
I can think of worse jobs than being paid by Microsoft to watch their servers being brought down by their own software!
Ok, I know it's a lot of servers, but the company that runs Hotmail, also wrote the OS that is insecure. This company release a warning, what, like 6 months ago, and also released a patch at the same time. They have been claiming that this is a major security hole since then and strongly encourages everybody to install the patch, yet they themselves don't.
Somehow, when I picture a server farm, I see this clean, organized room with nice neat racks. With everything that happens with MS's servers, all I can envision is a building reminiscent of a level from Diablo. Something dark & gloomy with servers just sitting on workbenches with their hard drives just hanging out of the side of the case and the motherboard coated in 1/2" of dust.
How can you forget a bunch of servers. I work for a small ISP so we're not the most organized place, but hell, all we have is two racks for modems & routers, and a dozen boxes sitting on the floor for servers. But we at least have pieces of paper tacked to the wall with a list of IP addresses, server names, functions and OS. We install the patches on all of our machines just fine.
All you need is a list of all the servers. Then take that list around with you and after you install the patch, put a little "X" next to the server on the list. Not really complex guys. Of course this is Microsoft, they're probably running little handhelds with WinCE, connecting wirelessly to a MSSQL server that seems to simply misplace records for the hell of it.
first off, cmdrtaco, please keep moaning about getting too much mail all the time from these viruses. it really adds to the discussion to hear every 5 posts or so, 'wah, i am getting megs of virus mail.' okay, we get it. but... what is really weird is the reaction of 'real businesses' to these viruses. IBM for one (and this is why i'm posting anonymously...) SHUT DOWN their entire internal access to all port 80 traffic to stop the spread of code red -- this is a big deal, as this is affecting entire companies' modes of operation and costing millions in lost productivity (no access to even internal web docs, let alone external web resources, etc).
Is it true that I can get my FREE download of MSN Explorer at http://explorer.msn.com/intl.asp?
N NN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190 %u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
Nope, but you can at:
http://explorer.msn.com/default.ida?NNNNNNNNNNN
Actually, the MS provided patch doesn't work against Code Red if you have URL forwarding on your server. I bet they have it enabled, and so they were left open...