Slashdot Mirror
WinXP Security Flaw
Many readers have submitted word of the newest security hole in Windows XP. joshjs, for instance, writes: "Don't know if this is common knowledge at this point or not, but apparently some security researchers discovered that Windows XP's universal plug and play features contain a huge security flaw: 'A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. ... Microsoft made available on its Web site a free fix for both home and professional editions of Windows XP and forcefully urged consumers to install it immediately.' Read more at the Washington Post's story." No OS is perfectly secure, but I bet a lot of new XP owners won't be too happy about this. Update: 12/20 20:05 GMT by T : fcrick submits a link to the same AP story at Wired, and several readers have pointed out that a patch is available. Update: 12/20 21:31 GMT by T : And as banuaba writes: "This hole also affects versions of 98 with XP File sharing installed and all versions of ME."
So, I'll just run the patch and move on with my life. No big deal.
It's not like I'm going to lose sleep over what *might* happen.
It's only a computer, for christ sake.
"Adequacy.org: Where congenital stupidity is not an option, but a requirement."
I would not mind a decent explaination of what Universal Plug and PLay is, what it takes to shut it off, and what it would affect.
Open Source Identity Management: FreeIPA.org
tally of said security issues as they pop up and then document how long it takes Microsoft to fix them-- before and after the bug is publically exposed.
I would be interested to see captured on a yearly basis the bug count of Microsoft products versus some open source products including how long each bug took to get fixed and the severity of each bug.
Microsoft is good a spreading FUD-- but facts are hard to beat and gobbled up by the media.. I'd be willing to volunteer my time to anybody with a server and some bandwidth for a project like this: just tell me what you need me to do.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
The OS allows access to raw sockets and, therefore, the entire kernel.
Go read it again. Raw sockets is not a security flaw. Unix (including Linux and OSX) has them too. All it means is that it's easy to spoof packets. That's it.
"Anyone with any kind of "always on" connection would have to be an idiot to not engage some kind of firewall for their connection."
what about those "idiots" that aren't computer literate and that dont know what a firewall even is?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Just last week, Microsoft's corporate security officer, Howard Schmidt, expressed frustration about continuing threats from overflows. "I'm still amazed that we allow these things to occur," he said at a conference of technology executives. Schmidt is expected soon to resign from Microsoft to work for President Bush's top computer security adviser.
...what is this...the Twilight Zone?
I want to be alone with the sandwich
I am sure this will give new Compaq, Dell, Gateway, and HP buyers some pause
... well, they don't know enough to care. Who does that leave?
People who know this is just the latest symptom of Microsoft's general neglect for security won't be buying XP anyway. Those who believe Microsoft deserves their dominant position because they are the best will see that there is already a patch. Those who don't know enough to know why they should care
Nope, no sig
For all you Linux-heads that haven't installed XP, the installer determines by asking you if you are connected directly to the Internet or if you are connected to a LAN --- if you're directly connected, YOUR CONNECTION IS AUTOMATICALLY FIREWALLED. Which means, that if MS did its math correctly, most people connecting to the Internet should already be protected, patch aside.
Now, what if you're on a LAN? You should already be behind a firewall. So theoretically the only people vulnerable are corporate users vulnerable from attacks INSIDE the company. That narrows it down, doesn't it?
Ooooh, it's a bug!! So what?!? I believe "security by obscurity" has proven to work this time. When did /. hear about this bug? Today. When was the patch released? Prolly before we heard about it. Nuff said.
But then, you know, Linux doesn't have bugs (eyeroll). Why is it that when Win* has bugs, it's headline news on /., but all the bugs in the 2.4 kernel go unnoticed? Oh yeah, heh, I forgot, this is Slashdot. Honestly, guys, grow up.
Like all the Linux boxen running pretty much any version of wu-ftpd and vulnerable versions of BIND (and there are A LOT) are safe. Hah. Why don't you look at the fact before you start posting flamebait......
Ironically, he did "stay quiet". Notice that Scott Culp is practically peeing his pants in admiration of how he didn't publish details on how this is exploited.
There have been a number of remote exploits in Win9x filesharing, first of all. I don't know of anything affecting an "out of the box" installation, but if you had a Win95 box that had any writeable shares, even password protected ones, even deeply nested in the filesystem ones, your computer could have been remotely compromised.
Secondly, does anyone remember a little thing called Outlook Express? Sure, most of the popular worms exploited the unpatchable "Stupid User" bug, but there have been at least two that left your computer remotely compromisable from just the Preview pane of the email (thanks to HTML buffer overflows) and one that would let your computer be compromised as email was downloaded (thanks to email header buffer overflows). Of course, the preview pane bugs were really Microsoft HTML component bugs, so could be triggered by Internet Explorer hitting a malicious page even if you didn't use Outlook.
And if there's one thing that Microsoft has taught us, it's that Internet Explorer is an essential part of the Windows(TM) Operating System eXPerience.
You aren't bugged as much if you uninstall Windows Messenger (ignoring that Microsoft says you're SOL if you're not running Home Edition.) Then again, you also aren't bugged if you take Windows XP off the system completely, which also helps you with today's little bug as well. I'm glad I did last week, even though I only used it for games and DVDs...
That's a good idea. Let's not let people know their OS is compromised, so that they can get cracked. EXCELLENT plan. You know the crackers are going to find the exploits whether it's published or not, so stop being a fool. Ignorance being bliss is sorta like being dead means you get a good long nap. =P
>
>You don't think the Feds dropped the antitrust case for nothing, do you?
I may have misadjusted my tinfoil hat this morning, but it struck me that a PC configured to send out unicast malformed NOTIFY messages to exploit the previously-undisclosed UPnP hole on a specific target machine... well, it'd look to the UPnP service like piece of hardware. Hardware like a lantern, if you will, shining a light on the suspect's machine... *evil grin*
The GPL is a EULA..
EULA = "End User License Agreement". They are a way of taking away user's first sale rights. The GPL does not try to foist any license agreement on end users. In fact it states
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works.
So you are confusing a license to redistribute something (which is required for all copyrighted works) with a license to use a copyrighted work. Microsoft has the latter in the form of EULA. Linux doesn't. Microsoft has the former in the form of often secret agreements with OEMs. Linux has the former with the publicly available GPL. Apples and oranges.
When in doubt, have a man come through a door with a gun in his hand.
Imagine this scenario:
:-)
1. your off-the-cd version of windows XP is vulnerable.
2. You connect to the internet to download all of the security patches.
3. WAMMO! you get struck by this code red XP exploit.
4. It get's installed before you have had a chance to install the patch.
5. It recognises the security update patch and silently/secretly ignores it.
6. Your system is still rooted, you believe you have patched your system, you don't realise until you run your favourate virus checker, Code Red XP notices and nukes your system.
7. You blame your virus software for destroying your computer and reinstall windows XP off the CD...
8. goto 1
Believable scare-mongering?
The idea that full-disclosure means "immediate disclosure" is simply not true.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
How do you know there hasn't already been one. After all, security through obscurity means not telling users how bad things really are.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
The ip_conntrack_ftp bug is hardly anywhere near the scale of this XP bug. It was not a remote root vulnerability. Not even close to the same thing.
And it's not like Microsoft hasn't had
time to think this through, Extremetech
had a story on how to set up
an IIS server trying to get the patch before
code red got them. (And failed miserably of course)
Now wouldn't XP's registration service be better if it didn't let you actually use the system until you had the patches downloaded on registration. But then noone would buy it, and an exploit for the registration service would spoil everything once and for all for ms.
I daresay you're right. Now please explain to me why a free kernel which was written for motives other than profit and with no obligations to the user base, manages to produce code that is NO WORSE than an expensive piece of software from Microsoft that has gone through a proper software engineering process.
This is even more damning when you consider that Jim Allchin said
So Microsoft is even admitting that they went to extra effort this time to improve the quality of their code and they STILL can't beat the free software. Microsoft has all the funding to do security audits and all the facilities for code review yet they STILL produce software that is only just on-par with freeware!
Yes, Linux has problems. My incredulity stems from the fact that Microsoft has them too. If Microsoft wants to distinguish themselves from the freeware then they're going to have to offer something MORE than the freeware. Their history with security proves that they have nothing more to offer than something I can download for free.
"No OS is perfectly secure, but I bet a lot of new XP owners won't be too happy about this."
Perhaps fewer than you might think, because first they have to know about the hole, then they have to care . In my experience, the average joe doesn't understand the implications at all, and asks "why would anyone want to break into my system anyway? I have nothing of interest or value there."
As Slashdotters we tend to highly over-estimate the level of understanding of the average joe with regard to security issues and YRO in general. Sad, but all too true 8^{
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Why only UPNP?
.. do you want to supply one... is asking for trouble Even a signed driver - if it is old - may have buffer overflow vulnerabilities - use this to set diagnostic modes on a video card chip feature, then using dma to go a wandering.
The protocol for normal PNP and USB devices, and physically plugging in new cards, or altering an old card with an overlapping or unknown identification code may invokes system level install processes - windows has detected new hardware - cannot find a driver
The trusting registry needs to REJECT all new hardware and devices by default, and an implicit acl check on the ones it has.
That would make windows very unfriendly, and also knock out identical cards with different firmware.
Thankfully, the video card manufacturers are not telling, what security nasties are lurking, but it is an area ripe for discovery.