WebTV/MSNTV Virus Dials 911

Semji Rkim writes: "Though not the first virus to direct modems at 911, ABC News is reporting a bug in WebTV (Now branded as MSNTV) units which causes the infected unit to hang-up and dial 911. The virus spreads via email and Microsoft officials are looking into how it is able to replicate and also control the modem. Affected users are advised to delete the email and call Microsoft at 1-800-469-3288."

I Wonder

[Jonny+Ringo]

Effected users are advised to delete the email and call Microsoft at 1-800-469-3288.

I wonder how they will get charged :-)

Re:I Wonder

[jeffy124]

i read somewhere last week that Gateway once published a number as 800, but was supposed to be 888. The company that owned that 800 number sued Gateway and won judgement for charges related to callers calling that number incorrectly, and damages resulting from lost productivity.

Let's hope MS (and the press) got that number right, for the sake of whomever would be at the other end...

Re:I Wonder

"Effected users are advised to delete the email and call Microsoft at 1-800-469-3288."

Why did you type that over again? I wouldnt have noticed if you spelled "Affected" properly. Is your copy/paste cache full? :-P

Re:I Wonder

He is probably using Linux, which does not yet support copying or pasting.

Re:I Wonder

[tomhudson]

for those who don't get it - linux supports cut-and-paste

it just doesn't support cut-and-past-ath1911-to-com1

Re:I Wonder

That would be AFFECTED users for people who know english.

Re:I Wonder

[tomhudson]

or INEFFECTIVE users, for those who have to unplug their webtv units.</smile>

Re:I Wonder

And I wonder why did your mother ever meet your father

Re:I Wonder

They have their ways. They probably call you collect back. Why wont M$ let you call them and then delete the email instead of the other way round?

Almost free CAD.
http://www.datacad.com/
By architects for architects

NO, I don't work there. Check it out.

Re:I Wonder

US police department will sue MS for just that. Users miss dealed toll free 911...

Holy shit

[brsmith4]

Microsoft actually has a support phone number? I wonder how much that costs per incident.

Re:Holy shit

[CrazyDuke]

Bequotith the MS support site: "Retail Microsoft desktop systems, desktop applications, interactive media, game titles and hardware receive 90 days no-charge assistance starting from the first day the customer contacts a support professional. Customers whose Microsoft consumer products came preinstalled on their new PC (OEM licenses) or have trial versions may utilize fee-based Personal Support.

Fee-based Assisted Support -Fee-based assisted Personal Support is available to consumers either not eligible for no-charge or whose no-charge eligibility has expired. Fee-based assisted Personal Support is not available after-hours. Consumers are charged 5-incidents pack of S$200, 3-incidents pack of S$135 and a pay per single incidentrate of S$45 for each incident of support on any of the eligible products."

No wonder so many people come to me to fix thier windows boxes. I only charge $20-$35 per incident. ...and I actually fix it, not just chat on the phone with them. ;P

Re:Holy shit

[unicron]

Yeah, Duke, but what do you do when the problem is bigger than just re-installing Acrobat?

Re:Holy shit

[Doug-W]

Same thing Microsoft tells them? Re-Install windows...

Re:Holy shit

[CrazyDuke]

Actually most windows "incidents" involve removing 1-3 different virii, 2-5 spyware apps, and fiddling around with the hardware and network drivers.

Re:Holy shit

[SirSlud]

> Microsoft actually has a support phone number?

Thats not bait? If it isn't, consider the flamebait mod as a replacement for the lack of (-1, living under a rock)

Re:Holy shit

[brsmith4]

sarcasm... i meant phone number that your average joe can actually call. for those prices, I can safely say that they don't have a support phone number.

Re:Holy shit

Why would they - y'know, that number would be needed if they actually provide any support

Re:Holy shit

So much for your .sig line...

Can't be true

[CodeWheeney]

This can't be true. Microsoft just spent a whole month focusing on security. There must be some mistake.

Re:Can't be true

[drsoran]

This can't be true. Microsoft just spent a whole month focusing on security. There must be some mistake.

It's gotta be fake, they included an 800 number. Unless the first thing it asks for is your credit card number it's probably some scam to sell you a penis enlargement device. Hmm, now that I think about it, Microsoft tech support and penis enlargement scams are pretty similar.

Re:Can't be true

[CodeWheeney]

But there are no Linux viruses. It must be the very name MSNTV that caused the virus. I know this for a fact, after all, I read Slashdot and I am L33t.

Note: </Sarcasm> for the humor impaired.

Re:Can't be true

[hawkbug]

What the hell are you talking about?? Do you even realize who OWNS WebTV? If you think WebTV is a stand alone business you, you need to do your homework moron.

Re:Can't be true

[the_marco_polo]

While everyone may joke about how the product being a microsoft one is a valid reason to call 911, the truth remains that microsoft probably isn't responsible for this mess. When MS bought out WebTV a few years ago, virtually no extra money or research was invested into it besides just keeping it alive. So Microsoft didn't just necessarily overlook this type of a problem in WebTV- Microsoft is virtually ignoring the whole WebTV division of MSN. Blame the original developers of WebTV for this mess with a helpless device.

Re:Can't be true

[C.U.T.M.]

You must be confused. Palladium is going to fix this. They've only focused long enough to figure that out.

Re:Can't be true

[juhaz]

Yeah, sure. Just because they didn't code it from scratch doesn't mean that they aren't responsible for it. Maybe they SHOULD have invested some extra money or research into it, don't you think?

Re:Can't be true

[linzeal]

Microsoft penius enlargement: The purple scream of death.

Re:Can't be true

[buck_wild]

Well, hindsight is 20/20.

I don't know how long the product was stable before MS took it over, but how can you really expect MS to ensure that no viruses are written for it?

Re:Can't be true

open source it?

Re:Can't be true

Hey, we must've gotten some Microsoft shill in here moderating! That's supposed to be +5 funny!!! Everytime someone mentions Penis enlarging doesn't mean it's an offtopic, flamebait, or a troll!

Re:Can't be true

[matrix29]

Microsoft penis enlargement: The purple scream of death.

Nah, they'd just send some pills that would shrink the penis until it's a nubby dot, but they would send you progressively smaller scaled down rulers to make it appear everything about your penis got bigger (ergo - The first week the ruler measures 1"=1", second week 1" on their ruler would equal 1/2" on a normal ruler. The third week 1 normal inch = 1/4" on a normal ruler). That way they could appear to be showing extreme growth, but all they are doing is shrinking their rulers drastically compared to a regular ruler.

And of course they'd include a cream as their Free Genital Security Upgrade that would give you genital lice so they could sell you completely ineffective "cures" which end up coloring the lice a different shade or make the lice smell better, but never actually kill the bugs. You'd need a third-party solution that would make the bugs only bother you during the night. And then the Microsoft Penis Enlarger Corp would outlaw "Linux-Rit" which effectively kills the lice, but gives a small percentage of the population allergic reactions. That of course would give Microsoft Penis Enlarger Corp the basis for another lawsuit.

Re:Can't be true

[juhaz]

Maybe MS can't ensure there are no viruses written, but they could at least try to find and fix few of most obvious security holes those viruses can use to work.

Then again, MS isn't exactly well known of securing its products...

Re:Can't be true

[xoff00]

>Blame the original developers of WebTV for this mess with a helpless device. It isn't their fault, either, most likely. The problem has actually been around for quite a while and is not easy to fix, as its hardware, not software. There are numerous ways to insert commands into the modem stream of an active connection.

Attrition.org has a BUGTRAQ mentioning it back in 1998. An experiment I tried earlier today caused about 25% of the pinged clients to disconnect.

Re:Can't be true

My, my ... such big important words for someone so young and incredibly insignificant as yourself.

Run along now, little boy and let the adults play.

Re:Can't be true

Nope -- never got suckered for that one. I'm actually just tired of reading some teenage Canadian cocksucker's weak trolls and flames. It obviously shows that you have little or no technical ability, so the best you can do is try to troll and flame people.

Re:Can't be true

Please explain how that shows any technical inability, or anything other than dislike for the Linux community being fags.

I've built computers, program as a hobby, and have made money in computer-related activities. In fact, you've probably got one of my other accounts (The non-trolling/flaming/crapflooding accounts) in your friends list.

I do, however, commend you on realising that I don't go to Masco.

-Spooge, posting AC to conserve posts for more important things.

This is serious

[jandrese]

Tying up 911 lines costs lives. In many jurisdictions you can be fined for prank calling 911, especially if you are a repeat offender. WebTV users would be well advised to be very careful with their email until this problem is resolved.

Re:This is serious

[Jonny+Ringo]

WebTV users would be well advised to be very careful with their email until this problem is resolved.

I'd one up you on that, and advise WebTV users to take their WebTV out to the back yard with a baseball bat. You know like on Office space.

Then, call the MS 1800 number and say that you found a fix.

Re:This is serious

[HanzoSan]

Yeah Its wrong to tie up 911 but 911 is the only number which could fit into the command string for ATH0.

Yes its ATH0, not a virus.

ATH0 Exploit

ATH0 info

Re:This is serious

[FortKnox]

Absolutely. Usually, virii are FAR from life threatening, but this one is an exception. Whoever wrote this should get some SERIOUS jail time for his work. This is one of those cases where hackers should have the book thrown at them.

Re:This is serious

[SpamJunkie]

It's really quite sick. In some perverted way I can understand viruses that delete files, email files and torture my web server. I mean we've all been young, drunk and stupid.

But calling 911? That is something I can't understand. I only had to call 911 once in my life but if it had been busy I would have been horrified. Luckilly the people at 911 are extremely professional and are likely very well prepared for prank calls.

Re:This is serious

[Henry+V+.009]

Under the new hacking legislation reported in slashdot earlier, could this make the creator liable for the death penalty?

Re:This is serious

What about 411?

Re:This is serious

[Graelin]

I've never dialed 911, but my two year old has. The odds of a child (who cannot read) dialing "Send" and 9-1-1 may SEEM low, but they're not! :(

The 911 operator called me back saying they had just received a hang-up phone call from here (my house). After a pretty short (and very embarassing) phone conversation explaining how my two year old had called she told me she would stand down the police. As expected, they came anyway. Ohh well, sure did make for an interesting evening. (No fine yet, but I'd gladly pay it if asked)

Re:This is serious

[jat850]

Hmm, maybe if there was any mention of the death penalty in that legislation. But there wasn't. :)

Re:This is serious

Yeah. It's funny, this ex-microsoft chief is running around screaming about how worms will destroy everything by 2005, but right here we have a worm tying up 911 lines and possibly ending lives, today.

Oh, wait, except that the ex-microsoft chief seems to be blaming TCP/IP and power companies and traffic light manufacturers and, well, everyone except Microsoft, for how much of a problem these "zero-day worms" are, and very distantly implying a palladium style global user-distrust technology would be the answer, from looking at that article. Funny how this sort of thing (massive-scale destructive worms) never seems to happen anymore except through Microsoft products.. I personally wonder if we'd see less of this Code Red / Klez stuff if we had less of a computing monoculture.

Re:This is serious

[gmack]

I doubt it.. webtvs use a software modem wich most likely doesn't even respond to AT commands. Theres also the matter of the virus shutting down the system after.

OTH this is proof that "Trusted Computing" won't fix anything.

Re:This is serious

[Doug-W]

How about 411? (Directory Assitance in most of the US)

Re:This is serious

[sean23007]

What about 411? Last time I checked, they were the same number of digits. 411: 1+1+1=3. 911: 1+1+1=3. Okay, another quick doublecheck proves it, 911 and 411 have the same number of digits.

Re:This is serious

[netbpa]

Under the new hacking legislation reported in slashdot earlier, could this make the creator liable for the death penalty?

Does this same legislation say anything about the responsibility of the developer if any?

Re:This is serious

[An+dochasac]

The author of such worms which cause or intends to cause death or injury could face life in prison.

Re:This is serious

[GoatPigSheep]

yeah. whoevever wrote this virus should be locked up for the rest of his life. I'm sure the big, lonely 6'7 black guy named bubba who will be his cell mate will make him regret writing this horrible virus

Re:This is serious

[tomhudson]

most software modems respond to the AT (Hayes) command set, either in hardware, or in software, or a bit of both. Depends on the implementation. Just a quick fyi :-)

Re:This is serious

[mobets]

Don't you usualy have to dial a 1 before the 411? as in 1-411. that would make it 4 didgits.

Re:This is serious

Here is a book I'd like to throw at you. It's called the dictionary. The plural of virus is viruses. Get it right, numbnuts.

Re:This is serious

please mod this up..been trying to figure this out for weeks! Thanks!

Re:This is serious

[murphj]

Quoted from parent's link:

The patent was a "submarine" patent -- that is, one that issues long after others in the industry have begun using the same technique or technology ... The patent involved the timing of the escape sequence: The characters "+++" followed by a 1-second pause. To get around the patent, some modem vendors simply eliminated the pause, so that the sequence +++AT would bring the modem back to command mode in all cases.

It's interesting that the only reason this works is that Hayes pulled the same trick Forgent is trying with JPEG.

Re:This is serious

[lightcycler]

"Whoever wrote this should get some SERIOUS jail time"

No, the director of the company who wrote the software should.

If I kick a wall and the building falls down, whose fault is it? mine or the architect's?

Re:This is serious

[Henry+V+.009]

Ya got me. I was wrong.

How about life in prison then?

Re:This is serious

No.

Re:This is serious

[murphj]

I've called 911 several times here in DC. I've been put on hold before getting to ask for the police every time. And you're right, it sucks.

Re:This is serious

[martyn+s]

Yeah, and the dictionary also thinks that the plural of "box" is "boxes". The word "boxen" isn't anywhere in the damn book! Who ever listens to that thing anyway.

Re:This is serious

[TheMidget]

You know like on Office space.

But, if there's a fire at the office, you're supposed to call 911...

Re:This is serious

[jat850]

Very possibly. The question is level of intent and severity of damage, probably. I'm not familiar with the legislation (and IIRC it's not actually "law" yet) but that could very well be the case.

Re:This is serious

Maybe he is already in prison? How are you going to punish him, hit him with a spoon?

-- MMMMMMMMMMMMMMMMMMMM

Re:This is serious

If it was someone elses wall. Then you're both at fault.

If I kick the lights out of your car, who's fault is it? Mine or the company that made the lenses breakable when kicked?

Re:This is serious

[zazas_mmmm]

THIS JUST IN...WebTV users have been tying up 411 lines due to a new version of the WebTV virus.

The ramifications are terrifying! Thousands of people too lazy to look the number up in the phone book or online are left scratching their heads wondering how to get the number for Dominos Pizza!

Fears of additional mutations of the virus have left authorities wondering if tomorrow people will be bale to call time or check the traffic!

News at 11.

Re:This is serious

[M-G]

f I kick a wall and the building falls down, whose fault is it? mine or the architect's?

Well, if an architect was allowed to design the structural aspects of the building, you need to throw in the various governmental bodies, since things like that are the realm of an engineer.

Re:This is serious

[MattCohn.com]

You have to dial a 1 before using 555-1212, and use the area code, even if you are IN the area you want assistance for...

So if I'm in Seattle(206) and want Directory Assistance for Seattle(206), I dial

1 + 206 + 555-1212

And if I'm in Long Beach(562) and want Directory Assistance for Seattle(206), I dial

1 + 206 + 555-1212

Re:This is serious

[MattCohn.com]

Well, if you kick it with a Wrecking Ball, who's fault is it then?

The difference is that Microsoft had 100% NO INTENT to open a security risk, nore did they do anything wrong. The people who wrote this virus DID something and with full knowledge it was illegal.

Re:This is serious

[Aqua+OS+X]

Seriously. I could care less about most viri. They're typcially targeted at things I hate :) However, calling 911 is just plain tasteless. People's lives are one the line.

Whoever wrote this thing is an evil 'lil sh*t. Why couldn't he/she point this toward some tech-help phones over at AOL or Worldcom? Do some good :)

Re:This is serious

[Frank+of+Earth]

Wouldn't 411 also fit then?

Dial 411
Play wave file that asks for Mr Freely, initials IP

Re:This is serious

[rarose]

Yeah but at least Hayes *invented* the patent and used it to actually create product instead of being a Johnny-come-lately shake down artist.

Re:This is serious

The difference is that Microsoft had 100% NO INTENT to open a security risk, nore [sic] did they do anything wrong.

Oh Christ, if that's the best argument (and the most coherent writing) you can produce, then the good guys are in serious trouble. Please step away from the keyboard and let the older children have a chance.

Re:This is serious

[mbadolato]

Only in some areas. A lot of areas are just 4-1-1.

Re:This is serious

I think only politicians are liable for death penalty laws. Dumbass. Is liable too big a word for you?

Re:This is serious

If you drop a stick of dynamite in front of a wall and then light the fuse "just to see what happens" or to "point out the weaknesses in the wall" it's your fault and you should go to JAIL.

Re:This is serious

[comp.sci]

I don't care who wrote this, but he/she should be put into jail for a _long_ time.
Maybe if he the creator didn't think about this:
There is absolutely NO difference in blocking 911 and to kill someone else directly. It doesn't matter what a person dies of, what matters is the fact that he is dead. For me this is cruel murder.
My bet is that someone really young wrote this virus and felt really good about being able to cut and paste some sourcecode.
It is really sad that someone tries to kill hundreds of people just because he is able to...
I just hope that nobody gets affected by this.

Re:This is serious

[HP+LoveJet]

"If you know the name of the felony being committed, press 1."

<beep>

"You have selected: REGICIDE."

Re:This is serious

[EvilBudMan]

Yes, it is! I wouldn't doubt if a few people get their name in the news on this one.

Re:This is serious

[pyite]

Well, if you repeatedly kick at a wall of a building with thousands of people in it until it falls down, who's responsible for the death of all those people? You are to blame MUCH more than the architect. After all, there's better ways to see if something's broken. You could tap at the wall a little bit, and then say to the architect (or builder, or whomever), "You know, this wall seems a little shaky, you might wanna take a look at it." The architect (builder, etc.) only becomes particularly negligent (IMHO) when he or she ignores your warnings and eventually it does come down.

Re:This is serious

[Chandon+Seldon]

Umm... If in building a building, it is built such that a couple of kicks will make it fall down, it's not the kicker who should get his ass kicked.

Re:This is serious

[pyite]

The point is, someone deliberately exploited the WebTV for harm to others. I wouldn't care if it weren't for the fact that flooding the E911 system can cause people to lose their lives. Basically, the way it works (I work with Police CAD (Computer Aided Dispatch)) is an E911 call comes in and (in many systems) a window pops up detailing the caller info. The dispatcher then can take the call and use that info to put in a CFS (Call For Service). However, while that dispatcher is taking a 911 call, they basically can't take any others. Hence, backlog.

Re:This is serious

[flacco]

I'd one up you on that, and advise WebTV users to take their WebTV out to the back yard with a baseball bat. You know like on Office space.

Uhhh, yeah..... if you could go ahead and file a TPS report on that, that would be great... terrific.....

Re:This is serious

[Henry+V+.009]

Yes, politicians are liable for death penalty laws. But it is still good english for a criminal to be "liable for the death penalty." It is a common phrase. Do a google search.

Dumbass.

Re:This is serious

[greenrd]

Oh, that sounds highly innovative. A patent that could be worked around by ommitting a one second pause.

What genius thought that one up?

The non-obviousness of patents will continue to amaze me.

Re:This is serious

Yes, the virus should deal '1-800-469-3288'

Re:This is serious

are you fucking moron? The lense is supposed to fall when you kick it. The Wall is not supposed to fall when you kick it. STupid.

Re:This is serious

No, you were just stupid. You thought that you were drunk.

Re:This is serious

That makes users responsible for prank calls..
They will have to take care of M$ security problems
(and solve those problems, too)..

Nice going, shaggy..

Re:This is serious

[dafozzee]

"911, what is your emergency?"... "bing, bing, bing, bing AHAAAAAAAAAAAAAAAAAAAAAAHHHHH!!!"

"Sir? Sir?..."

Re:This is serious

[N3MCB]

This can be a bigger issue than just the 911 lines/dispatcher being busy. I am a police officer and by department policy if the dispatcher can't talk to a human being on the line and determine it was a prank/accident we end up responding. So now you tie up cops (realy 2 since this is an unknown situation) and real calls start holding until we can clear the open line/911 hangup by talking to someone.

Re:This is serious

[dubiousmike]

operator: 911, how can I help you?

webtv user: HELP! I have a crushing sense of impending doom!

operator: OK sir, I see that you are using WEBTV. I'm going to have to ask that you reboot your computer.

webtv user: Computer? What's that?

Re:This is serious

[warp365]

It's not too bad, those of us who are members of the Stonecutters know that the real number is 912...DOH!

Re:This is serious

[Snover]

They could've used 411. "Information, how many I assist you?" "BRRRRREEEEEEEEEEEEE"

Hah! First and I'm not a rabid Microsoft hater!

Lol

Hehe...

[brogdon]

"911, what's your emergency?" "I've got a Microsoft product in my living room!" "What?" "I've got a Microsoft product in my living room! AIIIIGH!"

Re:Hehe...

[Buck2]

Your sig is about thirty times funnier than your joke. Stick with the visual comedy. :)

Re:Hehe...

[E1v!$]

Are you kidding? I don't think it was a joke at all. (maybe that the reasoning behind the virus it's just trying to do what all those users are too stupid to.)

Re:Hehe...

[Buck2]

E1v!$, have you been drinking?

Re:Hehe...

"But, Microsoft is a monopoly, there is nothing we can do for you"

"I'll have to call the A-team then"

Re:Hehe...

Get out of the house. Now.

Don't be fooled!

[quantaman]

It's not a virus!
It's just the poor MSN infected boxes crying out for help!!

Re:Don't be fooled!

How can it be a virus if it says "I love you"

Re:Don't be fooled!

[OrangeSpyderMan]

Remember that story on /. about the AI robot escaping... This is the MS equivalent.

Re:Don't be fooled!

virus does love you. That's why it won't get out of your body(or pc).

webtv

[signingis]

Doesn't that figure? A piece of hardware that surely no one can work on and it's open to this kind of attack. Can they even upgrade the firmware within a reasonable amount of time over a modem connection?

Re:webtv

[Old+Uncle+Bill]

You missed one: - Nietzsche is God - The Dead

Real Damage

[millette]

I don't know how many of these exist in the wild, but I know someone at 911 who isn't going to be happy at all.

Paradoxical...

[httpamphibio.us]

How are users supposed to get the phone number for Microsoft Technical Support if they can't get online?

Re:Paradoxical...

[yasth]

I would assume that there are numbers on documentation, bills, etc. Of course some people might not think of that. Indeed some people might not think that thier MSN box did it when the cops say someone at the house was dialing 911, I wonder how many children are getting yelled at for this?

Re:Paradoxical...

[httpamphibio.us]

Do you really think Microsoft would make it that easy to get ahold of them? :)

Re:Paradoxical...

[mini+me]

Call 911?

Voice of Stephen Hawking....

[simetra]

When 911 operator answers, the virus plays a wav file, in the voice of Stephen Hawking's voice thing:
"Help Me. I have Web TV. Help Me"

Re:Voice of Stephen Hawking....

I have a 17 inch neck and a 17 inch monitor.
Coincidence?

No, you're just fat.

Re:Voice of Stephen Hawking....

Maybe, maybe not. Either way, I'd still never have sex with you.

ATH0

[HanzoSan]

Any knowledgeable hacker knows about ATH0, it effects around 50 percent of 56k/33/28 modems.

With this, I was able to hang up peoples connections and even make them dial phone numbers, you send the modem commands and because of a bug, the modems obey the commands.

Its not a virus, Its something thats been going on for years, its an old trick/exploit.hack

Re:ATH0

[Mr+Guy]

For information: First google hit on ATH0

Re:ATH0

[Mr+Guy]

Actually, a later hit was more interesting: Explanation of what is happening

Re:ATH0

[SlugLord]

hmm, it's a hack and it replicates by email... sounds like a virus to me...

Re:ATH0

Uh huh. You think you're a "knowledgable hacker" because you used some precanned utility to send people ICMP packets with modem commands in them? Fucking loser. And nice attempt at gaining a bit of product with your "home page" link up there too, jackass.

Re:ATH0

[CaffeineAddict2001]

wow, that's pretty scary.
If you can make it hang up, can you make it dial (ATDT)?

Imagine some goon on IRC makes your modem dial his number so he can grab it on CallerId and then harass you. :\

Re:ATH0

[_Sprocket_]

Its not a virus, Its something thats been going on for years, its an old trick/exploit.hack

That's akin to saying "this so-called 'virus' that deletes files is not a virus - I've been deleting files for years!" Its the behavior of the code, not its payload, that defines it. In other words - if the email itself includes code that infects the host device and then attempts to replicate, its pretty much met the definition of a virus.

Granted - this article is rather light on detail. It doesn't specifically state that is what's going on - only that Microsoft tech support is reseting devices. It could simply be a mass emailing.

Of course, that might be the point HanzoSan was trying to make.

Re:ATH0

[Neon+Spiral+Injector]

That's why good PPP implimentations escape the '+' character. And why smart people include "S2=255" in their init string. The S2 register defaults to 43. (The decimal value for the '+' character.) Setting it to 255 disables the the "+++" feature. Of course with out being able to go "+++" (wait) "ATH0" you need to be able to hang up the modem by manipulating the control lines (which most programs can do). Oh, I say "wait" cause good modems require a 3 second pause after the "+++" to enter command mode. I think that is how some modems go uneffected as you can't get the "+++" to be the only thing sent for 3 seconds and then continue with the commands.

Ah the old BBS days. I remember some fool on the local board I hung out on had some crappy term program that would hang up if it saw "NO CARRIER" at the start of a line. Now why would a communication program issue an ATH0 after the carrier had been dropped?

Re:ATH0

[strictnein]

It's a freeware program idiot.

Strangely, you don't get a lot of money pandering freeware programs.

It's actually somewhat of a neat program

Re:ATH0

according to the TechTV article, the virus causes the WebTV/MSNTV unit to _reboot_ and *then* dial 911. Doesn't sound like the ATH0 hack to me.

Re:ATH0

[Citizen+of+Earth]

So when did/does the Hayes patent expire? Can they be sued for consequential damage and loss of life?

Re:ATH0

[Ralph+Wiggam]

So it's not really Microsoft's security lapse, it's Hayes'? I guess it's a good thing they went out of business 5 years ago.

-B

Re:ATH0

and this is what you get when some friggin genius patents the delay there. sigh.

Re:ATH0

[*xpenguin*]

I wrote a quick php script to disconnect any 56k user with a bad modem:

<?

$REMOTE_ADDR = $_SERVER[REMOTE_ADDR];
print "Your [modem] at $REMOTE_ADDR is being pinged with +++ATH0<br>";
print "<pre>";
system("/bin/ping -p 2b2b2b415448300d -c 5 $REMOTE_ADDR");
print "</pre>";
print "Ping complete.<br>";

?>

Re:ATH0

[0x0d0a]

Any knowledgeable hacker knows about ATH0, it effects around 50 percent of 56k/33/28 modems

If ATH0 didn't affect my modem, I think I'd return it as defective.

Re:ATH0

[HanzoSan]

you dont need to use the utlity to send the commands, the utlity just automates the process.

Second, its not my homepage. Third its freeware.

Re:ATH0

[Neon+Spiral+Injector]

and this is what you get when some friggin genius patents the delay there.

Really? Is there a patent on the delay after "+++" to enter command mode? Is that why some modems don't impliment this (absolutely needed) feature?

Re:ATH0

[*xpenguin*]

God damn 'redudant' moderation. Of course there are going to be redundant comments because a slashdot comment page is static. Posters don't reload it every 10 seconds to make sure their comment doesn't repeat somebody else's.

Re:ATH0

[Tablizer]

(* Really? Is there a patent on the delay after "+++" to enter command mode? *)

In the spirit of patenting a delay, the patent office should have delayed the patent for a century or two.

Re:ATH0

[toastyman]

What's really amusing....

Back when this was first "discovered", I was one of the people on Bugtraq discussing how this could be exploited.

I very stupidly posted what I typed to knock myself off, with my real nickname included: //raw NOTICE ToastyMan : $+ $chr(1) $+ PING +++ATH0 $+ $chr(1)

For the longest time, I couldn't sign on IRC on any major network without someone actually typing that verbatim, and sending that to me.

In the past couple of years I've received thousands of those. Kinda funny. :)

Re:ATH0

[ThePlumber2]

I always ATH0'd my modem when it saw that someone dropped. Sometimes your fossil would not play well with your OS, BBS, Frontdoor, etc, etc. The easiest way to deal with a modem hanging for any odd reason was to bring it back to default and to then re-init it as the BBS shuttles back out to frontdoor.

Some of my USR init strings were HUGE. They made me feel hellacool.

Re:ATH0

[pyite]

You must have joined the game late, lol. This was quite popular a few years ago. Happened a couple of times to me (not the caller ID) but you can make it dial. The funniest IRC thing was passing BitchX commands to make colors flash on the screen, like the whole screen. Or, which happened to me a few times, making your console switch. So say you're logged into tty2. Suddenly, you get thrown to a login screen on tty6.

Re:ATH0

[antv]

Doubt it's ATH0-related. WebTV, AFAIK, has sofware modem.Besides, device shuts off and reboots.

From google search: this page claims that:

1. giving "client:poweroff" as URL shuts WebTV down
2. the "wtv-setup:/accounts" URL gives accounts setup wizard, which is HTML page

My guess is that virus is simply a javascript app that simply fills in new dialup number and reboots WebTV.

Just another innovation from people who brought you Word auto-open macros and self-launching VBS scripts :-(

Re:ATH0

I still love the looks of awe from lesser geeks when I pull out my modem init string book and give them a nice, long cryptic command to use as an initstring to fix some problem or another.

Re:ATH0

[c00lant]

A virus is a program, it replicates and usualy destroys. Basicly it's behavior is that of a real virus. This, an exploit, is a problem with the program in existance or hardware. An exploit would be like if you had a trick knee, and hitting it would make you pass out (just a hypo-situation), now would that be a virus if someone acted on it?

Re:ATH0

That attack can work against users, too. If properly placed and timed, a NO CARRIER can be very convincing...

Re:ATH0

[_Sprocket_]

I believe we're basically saying the same thing. My point is that this is, in fact, a virus if it involves code that infects and replicates itself. Period. It may also have a payload, in this case exlpoiting a bug in the device's MODEM. But just because it is using a known exploit does not make it less a virus.

If, in fact, that is what's going on. Its hard to tell as the article was a bit confusing and woefully light on detail (passing up on oportunity to bash TechTV).

From what I read of the article... its just as likely that this is a simple exploit from a mass emailing. Microsoft's tech support might be over reacting by reseting customer's devices. Perhapse. Don't know.

Re:ATH0

[matrix29]

That attack can work against users, too. If properly placed and timed, a NO CARRIER can be very convincing...

All those AOL-nitwits will always fall for obvious pranks.

My favorite is to go into an online RPG, make a character named "SYSTEM ERROR" or "PROGRAM VIOLATION" or "OUT OF MEMORY" or "ERROR 125" then go up to a bunch of newbies and EMOTE - "Please Shut Down Your Computer and Reboot".

Nothing as giggle inducing as seeing a bunch of idiots blink offline because they EXPECT AND ARE USED TO continual MICROSOFT CRAPWARE system bugs.

People are TOO DAMN GULLIBLE THESE DAYS. Not an ounce of critical independant thinking among the lot of them it seems.

Re:ATH0

[mitheral]

It's not Hayes ( do they even exist anymore?) It is a fault implementation by vendors would didn't want to pay licencing for the submarine patent.

Re:ATH0

[mitheral]

Yah, It'd be like a roach motel: Once you dial in you can never hang up.

Re:ATH0

[CaffeineAddict2001]

I wasn't late in the game for that. I was screwin with ANSI bugs back in the BBS Days. =) The most annoying one was the "beep" character.

Colour me impressed

[Aexia]

that a virii could hack a MSN/WebTV unit *and* propagate itself to other MSN/WebTV users.

Microsoft advises affected customers to delete the email and call 1-800-469-3288.

Suggestion for next iteration of virus: dial this number instead.

Re:Colour me impressed

[warmcat]

hahaha - too bad I don't have mod points today :-)

Re:Colour me impressed

No, I'd rather it dial 911. This raises the priority for a fix, and exposes the public to the issue.

Re:Colour me impressed

[msntvemp]

It can't propagate itself. It is just an email attachment. You can forward it yourself, but it won't look in your address book and send copies of itself out. It is not a virus.

Re:Colour me impressed

[greenrd]

Microsoft officials are looking into how it is able to replicate and also control the modem.

So - do you know something that "Microsoft officials" don't? Or are you just guessing?

Re:Colour me impressed

[msntvemp]

"So - do you know something that "Microsoft officials" don't? Or are you just guessing?"

I know a lot of stuff that the Public Relations people and the Media people don't. I'm not sure who messed up the translation, but it is certainly an incorrect statement. I'm sure that anyone here that has had to have their companies PR try to explain something to the press knows how painful that can be.

Re:Colour me impressed

Please, learn the proper English plural of the word 'virus.'

There's no need to be making up words in hopes of sounding smarter. You only end up looking silly.

Trustworthy Computing....

[Barondude]

I guess they never said trustworthy phone dialing.

Legal Consequences?

[jonman_d]

If (incredibly hypothetical?) the guy/gal who wrote this virus gets caught, can he/she be fined/jailed for each and every call made to 911? If so, how long would you be in jail for/how much would you have to pay?

Re:Legal Consequences?

[NanoGator]

Well, if Microsoft presses charges, then it'll probably be 1 count for every computer they have whether it can run Windows or not.

Re:Legal Consequences?

[Fjord]

Just asking for a "friend", right? :)

Re:Legal Consequences?

[daemones]

It would be much better if Microsoft, being at the root of the vulnerability, were held liable for each and every 911 call.

Re:Legal Consequences?

[jat850]

Yeah, like the locksmiths that get held responsible when your house gets broken into, right?

Re:Legal Consequences?

[daemones]

When they sell locks that they KNOW don't secure properly 100% of the time, yes.

Re:Legal Consequences?

[jat850]

Ahh, right, I forgot about the "premonition" department at Microsoft that knew about this problem and let it out the door anyway.

Re:Legal Consequences?

Well if you make something and sell it to the puplic without adequate testing then yes you are liable.. Look at design faults in cars, they did n't "know" about the problem when they sold you one but it still does n't absolve them of their responsabilities after.

Re:Legal Consequences?

[jat850]

There's a difference in this situation because someone is exploiting a fault in a product. In a case like you are mentioning, there is no intention to exploit a known fault.

Re:Legal Consequences?

Regardless if the fault is being exploited it's still a fault. Imagine you was driving your car and you got hit by someone who knew your cars seat belt had a design flaw. Who's fault is it that I've got injured because my seatbelt did n't work? I say both the car company and the other driver.

So imagine that it was 1-900-whatever instead of 911? Who's at fault for my large phone bills I say both the hacker and MS.

Re:Legal Consequences?

[jat850]

I sincerely doubt action would be taken against the car company in that case. I could be wrong, but I wouldn't be interested in blaming the car company at that point.

Even still ... wouldn't you have to consider some sort of "good faith" effort by Microsoft/Car manufacturer/whatever? If they both did as much as they could to test/prevent these flaws, I don't really see how they can be blamed for not knowing every tiny potential flaw. I don't even believe that is possible, especially in the case of software.

Re:Legal Consequences?

You see thats the thing, if it was a company that had a very good record then you really don't have any recourse. However what if the company had a history of products with serious defects? Surely then questions would have to be asked about the companies testing policies. The problem with MS is that it's a monopoly so you cant compare it's record with other companies. You're right about software being different but look at EULA's that basically say you've got no recourse even though EULA's have n't been tested in court.

Re:Legal Consequences?

[tomhudson]

Ask general Motors about the judgement against them for $4.9 billion (that's Billion, not an Million).

Search for the law firm that got it Greene, Broillet, Panish & Wheeler

Here's a quote from their web site: Punitive Damages A Los Angeles jury hit GM with a $4.9 billion punitive damage award for callously calculating that human lives were worth no more than $200,000 each. As shown in GM's internal documents, this figure came from their own legal department. It enabled GM executives to make a deliberate decision to allow 300-500 people a year to burn to death and thousands of others to suffer burn injuries instead of spending $8.59 per vehicle to put in a safer fuel tank.

Re:Legal Consequences?

[mobets]

from what I've read, this is an old hack. If it wan't guarded against, then MS was neglagent.

Re:Legal Consequences?

[jat850]

Right, but again, you're missing the point about due diligence. GM obviously did NOT do everything in their power to stop the situation, correct? There is the key difference, or at least, in my mind. I'm very open to being called wrong ... wouldn't be the first time. Heck, it wouldn't be the first time TODAY :)

Re:Legal Consequences?

[tomhudson]

Microsoft has a history of "ship-it, then fix-it".

That's why their products are in permanent beta.

That's how they sell "upgrades"

Re:Legal Consequences?

[buck_wild]

Is this why there are so many iterations of Linux code? Because I'd be interested to know why the hell someone would release the Linux code, when they knew (just as you're expecting MS to know) that there were bugs in it.

Re:Legal Consequences?

[GutBomb]

where does microsoft claim that they know that webtv is uncrackable?

Re:Legal Consequences?

[anthony_dipierro]

When they sell locks that they KNOW don't secure properly 100% of the time, yes.

What lock do you know of that secures properly 100% of the time?

Re:Legal Consequences?

[zerocool^]

...it'll probably be 1 count for every...

I don't know if the DoJ computers can handle anything over MAXINT number of counts of a crime...

~Will

Huh?

[Wakkow]

From the article: Technicians are advising victims to "hard nuke" their unit -- in other words to reset the machine by entering a new code.

What does that mean, exactly? How would entering any type of "new code" besides a software upgrade protect the box from being hit again?

Re:Huh?

[tomhudson]

Hard nuke == put it in the microwave for an hour?

It'll be a fused hard lump of plastic and metal the next morning.

You can also do this to protect yourself from all windows viruses (virii, whatever) by nuking your install CD for a few seconds.

New code == Linux, FreeBSD, etc.

Re:Huh?

[msntvemp]

"What does [hard nuke] mean, exactly? How would entering any type of "new code" besides a software upgrade protect the box from being hit again?

I've never actually heard it called hard nuke, but I'm guessing they mean to enter the secret code of 32768 which resets a bunch of settings stored in NVRAM. This will get rid of the 911 dialing prefix and make you do another toll free call to get a new dialing script.

To enter a secret code, power off the unit, wait 15 seconds, and press CLEAR, 3, 2, 7, 6, 8 on the remote while pointed at the unit.

The privacy zealots were right!

[Toasty16]

Microsoft IS trying to police our use of their products! "Those reports say that once the infected attachment is opened, the WebTV shuts down, reboots, then calls 911. Several people have reported this happening and then having a police officer show up at their door. "

Liability?

[Quixote]

This is bad, because 911 services cost real taxpayer money. The question is: can Microsoft be held liable for wasting my taxpayer dollars because of their product's flaws?

Re:Liability?

[t0qer]

You're saying it's MS's fault someone not an MS employee wrote this malicious code?

If it's anyone's liability it comes down to the person that wrote the virus. The same thing COULD be done on a linux system too, should linus be held liable? Should the whole open source community be held liable?

Your comment was stupid, I just wanted to point that out.

Re:Liability?

[SwissCheese]

No, you blame the person responsible for actually commiting the crime, in this case the person who wrote the virus. If someone steals your car and damages city property, are you and Ford/Chevy/whoever held responsible or the thief?

Re:Liability?

[NanoGator]

Nobody held a gun to your head and made you buy anything. Why didn't you make informed decisions about your purchases? It's not like Slashdot doesn't report every single flaw in MS stuff.

Re:Liability?

You're an idiot...

MS is liable because they allowed a hole like this to exist. Arbitrary code can be run on an MS System, where as on linux that is a virtual impossibility.

Re:Liability?

[t0qer]

Here here ng! Well put, even better than what I said :P

Re:Liability?

Wow, that's such a bias. You have a.) A machine with microsoft software. b.) A user installing a virus. c.) The author of the virus. And you want to blame Microsoft? And the answer to most "Would I be liable for _____?" is it would be up to a jury of your peers. I think the Sept 11 example would work well for this. The terrorists took flight training classes, took over a plane, and then blew up some buildings. You have a.) Flight school training. b.) People letting the terrorists board. c.) The terrorist. I'm sure no jury would hold the flight school responsible. The government did blame bad airport screeners. Common sense put the terrorists mostly at fault. And you're there blaiming the flight school. Unless you think in a court case that Microsoft's security measures were so lax that they should be liable, and I doubt you would, then please don't blame them for what is clearly the fault of a programmer.

Re:Liability?

[tomhudson]

Can't be done on a linux box if you're logged in as an ordinary user (instead of root) and you don't have permission to write to the hardware registers on the modem (to change the ATH0 string to ATH1DT911).

besides, if you're running a linux box you're NOT running WebTV, which is how it propagates.

Re:Liability?

[Peyna]

You're liable for purchasing MS software, thus promoting them, and giving them money to produce said hole in their software. Your parents are liable for giving birth to you, but it wasn't their fault because the condom broke. Therefore, it is Trojan's fault, but it isn't their fault because it is Margaret Sanger's fault for promoting birth control. I can keep going if you like.

Re:Liability?

[schon]

Nobody held a gun to your head and made you buy anything

OK, I'll bite.

What, exactly, does this have to do with ANYTHING the poster said?

Are you suggesting that nobody forced him to pay taxes? That's complete bunk.

He never mentioned anything about buying anything, nor did he say that he bought anything from MS.

He said: "can MS be held liable for wasting my tax dollars" - meaning "MS's negligence allowed this to happen, so can't they be held liable?"

Re:Liability?

[t0qer]

That's just ignorant...

A virus packaged with a root kit for example would circumvent your little point and make your comment totally useless!

With the recent root exploit on apache, it probably won't be too long before someone writes a worm to look for all those unpatched apache boxes. Yours could be next!

Lets recap.
Worm that uses the apache exploit gains root (no rootkit needed)
Worm then makes modem dial 911, just ATDT 911 is needed, no ATH0 911

Get it? BTW your point of if you're running a linux box you're NOT running WebTV, which is how it propagates. is moot because this thread was about liability, not how the virus propegates.

Re:Liability?

[nvrrobx]

Microsoft doesn't code the unit to call 911. If anyone is using up the taxpayers money by having it dial 911, the fault belongs squarely on the heads of the script kiddie who wrote the virus.

It's almost like saying it's GM's fault that someone can drive a car drunk and kill themselves.

Re:Liability?

[mickwd]

Tying up emergency lines can cost lives.

Compared to that I say BOLLOCKS to the small amount of taxpayer dollars it costs you.

Re:Liability?

You sound like you have first hand knowledge about the condom breaking. Were you a mistake child?

Re:Liability?

[delus10n0]

HAHAHAHAHAHAHHA

Oh man, if I could mod you up I would. Rock on!

Re:Liability?

>Your comment was stupid, I just wanted to point that out.

The relative stupidy of the parent comment is a matter of opinion. The unbelievable ignorance of *your* comment is a matter of fact.

Picture this: Chester D. ExpensiveLawyer goes iceskating. Someone bumps into him, he's not sure who because there are so many people on the ice, and he breaks his arm.

Does he say "Oh, well..." and go home; or does he sue the living phuck out of the arena?

Look up "negligence" in law textbook. Preferably one aimed at small children, so that you will be able to understand it.

Re:Liability?

[kootch]

um, you're usually held liable until you prove that your car was stolen on said day.

hey, it happened to my mom. her car was stolen, and then the person who stole it did a whole lot of damage, ran someone down, and abandoned the car. until she was able to point out that she had called the police and reported it stolen, they were holding her accountable.

Re:Liability?

The condom company offers a disclaimer that their condoms are not 100% effective against pregnancy prevention, or STD's, thus absolving them from that risk. They essentially admit that the condome -could- have a manufacturing flaw, however unlikely.

MS does not disclaim that it's possible to be infected by a virus due to flaws in their product. Not disclaiming this fact provides would be users with a false sense of security. It will be a cold day in hell when they do make such a disclaimer. MS should have to pony up for wasting taxpayer dollars in this case.

Re:Liability?

[daeley]

It's almost like saying it's GM's fault that someone can drive a car drunk and kill themselves.

No, it's more like saying it's GM's fault that some vandal can pour sugar in the gas tank because the cap isn't locked behind a door.

Re:Liability?

[SirSlud]

Um.

Ever wonder why Microsoft systems are often targets of viruses? Virii's are often the products of a virus author going, "I'll show you your stupid ad campaigns about how secure your OS is are false!" They are the technical equivilent, in many cases, of an "I Told You So!"

Stupid comments like yours that claim Linux is infailable is what makes virii writers go after your box in the first place.

You're waving a target in the air, with the words "I Dare You" painted on it. Do not do the Linux community this vast disservice, thank you.

"The best way to get shot isn't to wave a gun." misses the point. The best way to be _noticed_ is .. and then you'd learn the reality that nothing is infailable or perfect. Nothing.

Re:Liability?

[NanoGator]

"He never mentioned anything about buying anything, nor did he say that he bought anything from MS"

I focused it at him so he'd understand. Remember Men in Black: "An individual is intelligent, groups of people are not."? I thought it was the best way to make him understand where the responsibility really is.

I don't know why you're bothered with my post, his was a knee-jerk 'Everything MS makes is bad so they should be punished' karma whoring reaction.

Re:Liability?

With the recent root exploit on apache, it probably won't be too long before someone writes a worm to look for all those unpatched apache boxes. Yours could be next!

Which root exploit? The one under BSD? or the One under Windows? Because on linux it only causes a seg fault and does not lead into a remote root exploit.

My linux box will be safe from that one.
But you're right. It could happen to linux, just not through the way you mentioned.

Re:Liability?

[Fjord]

He tries to sue the arena and fails. You probably should actually read about negligence. In the case you describe, there wasn't any.

Oh, and we aren't talking about skating rinks. Your comment is a non-sequiter.

Re:Liability?

[tomhudson]

Let's look at your points:

A virus packaged with a root kit for example would circumvent your little point and make your comment totally useless!

Right, but most of us don't install just any ol' crap that comes along, especially as root!

With the recent root exploit on apache, it probably won't be too long before someone writes a worm to look for all those unpatched apache boxes. Yours could be next!

That's why it's so nice to be able to get patches for open source software in hours, instead of months

BTW your point of if you're running a linux box you're NOT running WebTV, which is how it propagates. is moot because this thread was about liability, not how the virus propegates.

Well, let's comment on liability, then. In the real world, if you spread AIDS, you're criminally liable. Basing any product on Windows (a known insecure platform) that ends up screwing up the 911 system and costing lives is aiding and abetting, or criminally negligent.

Re:Liability?

[blamanj]

No, it's more like saying it's GM's fault that some vandal can pour sugar in the gas tank because the cap isn't locked behind a door.

Actually, it's more like some vandal pours sugar into your gas tank, and your car drives next door and siphons some of the gas into your neighbors car.

I think there is a real liability question. Not in the initial act of vandalism, but that the system can be considered faulty for allowing the vandalism to spread so easily.

Software manufacturers have gotten off the hook for crummy software for too long. Look at the kinds of recalls that happen in the auto industry. Somebody gets a rash from the dye they use to color a seat belt, and 100,000 cars get recalled at the manufacturers expense. Microsoft and others need to be accountable for quality, too.

Re:Liability?

[Anonvmous+Coward]

"What, exactly, does this have to do with ANYTHING the poster said?"

His comment was dripping with "I hate Windows so I hope MS has to pay in some way or another.". It doesn't take a telepath to see that.

Re:Liability?

[cschieke]

No, you Dolt! This is not bad because it costs tax payer dollars. This is bad because it put lives in jeopardy. It delay's service to people in real need. My first law of computer security:

People come first!

Re:Liability?

[incog8723]

This is *not* an issue with operating systems; it's an issue of hardware. People have been doing this for years. I recall dialing into my own BBS years ago, testing stuff like this.

Even with the s2=255 "patch", it's still easy enough to get around. Blame the Hayes command set, not Microsoft or the licensees of the Hayes command set. It's a fundamental *hardware* bug. It shouldn't have to be fixed in software.

Re:Liability?

[t0qer]

So ford should be held liable for building OJ's Bronco?

Monkeys in africa should be held liable for being the first to contract aids?

My parents should be held accountable for every fuckup I ever did in my life?

Your biological virus argument has no basis in the silicon world. The only person who knowingly infected these boxes was the original virus writer, not MS.

By your logic we should hold god accountable for making humans compatible with aids.

Re:Liability?

[marick]

This vulnerability has a simple patch. All modems are known to be vulnerable to ATH0 commands. You can disable command mode by making a change in the registry in windows.

Can Microsoft be held liable for selling a product with a LONG-KNOWN vulnerability and NOT fixing it with the WebTV auto-updating functionality. Assuming that it is easy to fix, of course, which I am (of course) assuming.

And by the way, YES, WebTV has always been able to auto-update.

Re:Liability?

[tomhudson]

Don't argue with me about it - the courts have already decided that knowingly having sex when you are at risk of transmitting the AIDS virus is attempted murder. People have been sent to jail for this.

It's like this morning, when I went to donate blood. There's a lot of questions regarding sexual behavior, to screen out people who would be at risk of donating infected blood.

The courts ordered the Canadian Red Cross to pay up $$$$ (millions) to people who contracted hepatitis C because their screening procedures weren't strict enough, and hep C was a known problem.(look up Krever Commission).

The similarity to a Windows product is astounding - laxness regarding precautions that they knew years ago they should have taken, but didn't, and which could cost people their lives.

And this is the way it SHOULD be - contributory negligence is and should be punishable.

Re:Liability?

[schon]

I thought it was the best way to make him understand where the responsibility really is.

But it doesn't, because part of the responsibility really is Microsoft's.

MS made a product. They sold a product. Due to a defect in the product, it's possible for the product to cause harm to a third party.

I'm not saying that MS should be held solely responsible, but this isn't a new attack - this type of thing has been known for over 10 years, and yet MS didn't do anything about it. That makes them negligent, and therefore liable.

Re:Liability?

[t0qer]

Yes but what you are describing is a pre-existing motive. If M$ had manufactured these boxes with the INTENT to leave this hole open (Look at intent) Then they could be held liable.

The only person with the INTENT to spread the virus is the original virus writer himself. Maybe you just hate MS and can't look at the issue objectively enough?

Re:Liability?

Taxpayer money?!?!?! What about *lives*??? Typical American...

Re:Liability?

[NanoGator]

Let me ask you this: What if a feature of the product (as opposed to a flaw) was exploited? Would MS be liable then? I don't think so. It'd be one thing if they didn't provide a patch. (I wouldn't think highly of anybody who didn't make at least an effort to address a problem like that)

On the other hand, there's no such thing as a product that couldn't be abused. Cars could be made with a capped top speed of 75 (which is practical), but they don't. I'm reasonably certain that there's never been a successful lawsuit against a car company because soembody died when they crashed at 100+ MPH.

To put it another way: Punish MS for this, and you'll open the door to punish a whole lotta companies for a similar deal. I'm not fond of MS, but I don't want that sequence of events to happen.

I'm also not fond of overreactive claims by somebody who clearly has a bloodlust against MS.

Re:Liability?

This may fairly (*gasp*) be said not to be microsoft's bug, but the modem manufacturer. Yet Another Example of security problems with having code and data mixed together (executable stacks, malloc architectures, ...)

Re:Liability?

[tomhudson]

What pre-existing motive? The Red Cross certainly didn't sit down and say 'let's give people infected blood'.

What they did was cut corners that shouldn't have been cut, and hundreds of people paid for it.

Just like M$ cuts corners when it comes to product development. ( more features good! fixing known bugs bad! let them buy the next upgrade!)

Hatred for a company that fucks its' users every which way,sounds objective to me! Mind you, I am on /. :-)

Re:Liability?

[carambola5]

IANAL, but it seems like this problem could have been easily avoided. Using that as a premise, one could litigate against M$ on the grounds of negligence. According to some of the other posts, this bug has been known for quite some time and has been patched on a variety of comm devices (modems). Also, referencing other posts, the WebTV/MSNTV devices can be auto-upgraded, implying that M$ not just had the knowledge that the problem existed BUT ALSO the ability to fix it within a reasonable cost structure.

So, no, it wasn't a stupid comment... just under-/poorly-explained. I guess you could equate it with a home security system:

• Company comes over and installs a very complex security system at your house. Only problem is that there is a very old component used in the system that alerts the police to a hostile break-in if a number of normal circumstances align at the same time.
• These certain circumstances are:
  1. Ggarage door is closed
  2. Upstairs window open
  3. Dog in the basement triggering motion detector
  4. The owner sets the "HOME" option (the one that triggers if certain windows/doors are opened, but not the main door)
• Home user is happy with their system for months... even years, until these certain circumstances align. Uh-oh. Silent hostile alarm goes off.
• 5 Minutes later, the doorbell rings. It's a cop with gun unholstered. His partner is in the bushes targeting the door. Another trooper is walking around the back.
• You tell the cops nothing happened. They say they've seen this happen before, but because you required the attention of multiple police officers, you will need to pay a modest $50.

Sound impossible? Well, it happened to us (except swap in a malfunctioning keypad for all the coincidences). And yes, we did get fined because it had happened before.

Making M$ pay a little doesn't seem like that bad of an idea.

Re:Liability?

[t0qer]

Don't argue with me about it - the courts have already decided that knowingly having sex when you are at risk of transmitting the AIDS virus is attempted murder.

You warped the law to fit your comment. If that really is the law then all humans should be locked up because we are all "AIDS PNP"

It should read.
The courts have already decided that IF you HAVE aids and you KNOWINGLY have SEX with a PERSON without DISCLOSING that you HAVE aids then you are guilty of Attempted murder.

The webtv boxes did not come with aids installed.

Re:Liability?

[t0qer]

Making M$ pay a little doesn't seem like that bad of an idea.


So what kind of message does that send out to virus writers?

"Yeah it's a free for all on M$! Go ahead and write viruses for their OS because we'll hold M$ liable and not you because j00 4r3 50 l33t!"

No I think thats the wrong message. It should be stopped at the source, M$ didn't sell webtv units with the virus installed.

Re:Liability?

[snake_dad]

Keep this up for a bit longer and you'll be sueing god... ):-> btw, ever get in trouble while surfing to your site and typing picek.ath0.cx?

Re:Liability?

[guttentag]

I can just see the FBI going to Redmond to settle the issue of liability:

FBI: "The kid says your computer called 911. What the hell is going on, Bill? I woke up the president and told him we were under attack by the Russians. Do you have any idea what kind of an idiot that makes me look like?"

Bill: "David, machines don't call people."

Re:Liability?

[snake_dad]

My parents should be held accountable for every fuckup I ever did in my life?

Depends on your age, doesn't it?

Re:Liability?

[tomhudson]

Sure they did - at least the electronic version (a M$ product).

And what's this: <quote> KNOWINGLY have SEX </quote>

Q. When's the last time you unknowingly had sex?

A:When you bought a M$ product

Re:Liability?

[quantum+bit]

If I had mod points today you'd get one just for the Wargames reference.

Re:Liability?

[xtremex]

I'll take a bite too...If I buy a Toyota that has a KNOWN defect in the brakes that allows a person to simply turn a screw by the door that makes the brakes no longer work..who is responsible? The guy who turned the screw? Or toyota? Or BOTH?

Re:Liability?

[Alien+Being]

How about the negligence of the airlines who should have known to (try to) keep the cockpit secure. Instead of holding them responsible, congress gives them a bunch of money.

What a country.

Re:Liability?

[WhiteKnight07]

Q. When's the last time you unknowingly had sex?

A:When you bought a M$ product.

Wow I guess people really mean it when they say that MS is screwing them in the ass. Damn....

Re:Liability?

[homer_ca]

"It's almost like saying it's GM's fault that someone can drive a car drunk and kill themselves"

I have yet to see a GM car that you can command remotely to shut down and then after it starts up again, swerve all over the road with the engine stuck full throttle.

Re:Liability?

[geekoid]

unless MS claimed in some way that this couldn't happen, in which case you could sue them.

Example:
If FORD said there car windows where unbreakable, and it turned out there not, FORD would have liability.

Of course the Writer of the exploit is responsible as well.

Re:Liability?

[Quixote]

Compared to that I say BOLLOCKS to the small amount of taxpayer dollars it costs you.

While I understand your passion, I was trying to simplify things. I am well aware that tying the emergency services costs lives, and that lives are much, much more important than money. But quantifying this "tying" is difficult to do. On the other hand, it is easy to calculate the cost of these false alarms: x false alarms at the rate of average y dollars each = x*y dollars.

Re:Liability?

[Peyna]

Odd how that site works =] I've got port 80 blocked right now, so nothing is going to come through for the moment. (I need to patch apache and a few things, easiest to block it at the firewall until I've done so)

Re:Liability?

[Quixote]

Let me reiterate: I know that lives are much, much more important than money! But it would be very hard to quantify the lost lives due to this negligence; however, if you wanted to calculate the cost of the false alarms, all you have to do is count them and multiply by the average cost of a call.

Secondly: I am not a Microsoft basher (though I don't like many of their practices). I asked this question because I know people who work in the emergency services (cops, firemen, EMTs) and I know how hard they work.

Thirdly, the Coporate World only understands the langudage of money. They really don't give a rats ass for anything else. Their only responsibility is to their shareholders and the bottom line. By putting a dollar figure on their negligence (see point #4 too), you are forcing them to act.

Just a couple of days ago, 18 million pounds of ground meat was recalled due to potential contamination with a deadly bacteria (E. Coli). The company (ConAgra) knows that if someone dies, their ass will be sued all the way to hell. So, they're doing "the right thing" by recalling the meat.

Finally: Microsoft has the ability to update the MSNTV/WebTV box while it is sitting in the customer's house. The customer is paying for a monthly service for this maintenance. So, in a sense, Microsoft still has control of the box. Hence the liability comes in.

Re:Liability?

[Tony-A]

Why didn't you make informed decisions about your purchases?
From a Microsoft advertisement????

It's not like Slashdot doesn't report every single flaw in MS stuff.
"every". Hardly. Just the ones you need to know about if you're supposed to be supporting the stuff.

Re:Liability?

[antirename]

Maybe not a GM product, but Audi did make some cars with out-of control acceleration problems. And no, the problem WASN'T with the pedals being too close together. I worked on a few. The problem is Bosch's fuel injection system; the vaccum lines/hoses snap together and when they get hard you get vaccuum leaks. Vaccuum leak in the wrong place=gas pedal going to the floor. Find an old Audi 5000 with a broken "park" switch and add a remote engine starter. Leave it in drive, get out and push the button. Sooner or later you'll have an out-of-control vehicle with no one in it. Did Audi go out of business? No. The government obviously didn't want to piss off the French. If most mechanics who have specialized in Euro cars know what the problem really was, do you honestly think that a government lab couldn't figure it out after they worked on the problem for months? BS. The government will help big business cover up even the dumbest mistakes if it's in their interest.

Re:Liability?

[NanoGator]

"every". Hardly. Just the ones you need to know about if you're supposed to be supporting the stuff.

That is total baloney. Every time there's a story that's even slightly embarrasing to MS, it gets published. I'll give you an example: Remember the headline 'Microsoft throws Sony out of Ce-Bit'?

Wanna know what really happened? Microsoft complained that Sony was violating trade-show rules (and they were), so Sony packed up and left. That's a bit of an oversimplification of what really happened, however the important point to note is that MS didn't throw anybody out of anything. Sony violated the rules. MS brought it up to management of the show. Sony left, as opposed to modifying their exhibit to comply with the same rules that every other exhibitor had to.

The story was published because it sounded like "oo oo, MS is picking on somebody!".

There is no filter that says 'do they need to know this?'. The filter is more like 'can we stir up more interest in Slashdot if we can play on the bias against them?'

Re:Liability?

>> You're saying it's MS's fault someone not an MS employee wrote this malicious code?
>> Your comment was stupid

Never attribute to stupidity what can be attributed to Microsoft.

Re:Liability?

I sure hope I never have to use any blood you donate, I might catch stupid.

Re:Liability?

[Tony-A]

I'm confused. How is what Sony did or did not do at a convention a flaw in MS stuff?

Re:Liability?

[NanoGator]

I'd answer if your question didn't confuse me, heh.

Sony was doing something wrong with their exhibit. MS complained about it. Sony packed up and left (or at least that particular exhibit did). The headline on /. was "MS kicked Sony out of CeBit." An accurate headline would have been "Sony f'd up at CeBit, threw a temper tantrum, and left."

Re:Liability?

[SwissCheese]

Exactly. I'm sure it won't be hard to prove that it was your webtv with a virus that called 911. Since this was obviously a malicious act by a third party and not the manufacturer or end user, the third party should be held responsible.

Re:Liability?

[schon]

Cars could be made with a capped top speed of 75 (which is practical), but they don't.

Apples and oranges. Travelling at 75MPH isn't necessarily unsafe, and it's directly under the control of the driver.

If, on the other hand, your car had a tendancy to burst to 100MPH, and there was nothing you could do to stop it, and HELL YES there would be lawsuits.

Punish MS for this, and you'll open the door to punish a whole lotta companies for a similar deal. I'm not fond of MS, but I don't want that sequence of events to happen.

You mean like the lawsuits against Ford and Firestone stopped car manufacturers from making cars?

Sorry, try again.

Re:Liability?

[NanoGator]

Hmm know what I see happening? I'll come up with a metaphor to defeat yours, and then you'll come up with one to defeat mine, but we never come to agreeance. Heh.

What do ya say we chalk this one up as a draw instead of wasting energy in a futile effort? :)

Trustworthy Computing to the rescue!

[Eric+Seppanen]

None of this will be possible once you all surrender minute-by-minute control over all your computing devices to Microsoft. Duh.

apt behavior

[tps12]

If I get my hands on the people responsible for this, they're going to need to call 911!

Phone Firewall

[NanoGator]

Kinda makes you ache for a phone-firewall, doesn't it? Heh.

Hmm I could block 911 & telemarketers...

Re:Phone Firewall

[SlugLord]

i guess it's a little off topic, but that's actually a pretty good idea... hook up a computer to your phone line (with caller ID) and have it filter known telemarketing agencies. maybe it wouldn't work if they blocked the caller ID-ness, but you could block some people, most notably large companies (like those bastards at MCI that keep calling me)

Re:Phone Firewall

[NanoGator]

"... maybe it wouldn't work if they blocked the caller ID-ness"...

Personally, I'd set the firewall to block anonymous calls heh.

Okay, Im way off topic here, but I do have a question: a friend of mine had it set up to where you HAD to dial a *XX number to disable anonymous calling or the call wouldn't go through. Anybody know what that service is called?

Re:Phone Firewall

[purplebear]

Anonymous call rejection?

Re:Phone Firewall

[Moonshadow]

I remember hearing about a phone firewall, of sorts. Basically, it sends a signal at the beginning of every call that says "this number's disconnected". Regular users don't hear it, but telemarketers' autodialers do. Your number is then removed from their list as out of order.

I want one.

Re:Phone Firewall

Personally, I'd set the firewall to block anonymous calls heh.

SBC offers a service called Privacy Manager (at least in Ohio) that does basically that. I added it after I got sick of telemarketing wardialers calling me and hanging up when I went to pick up the phone. It wasn't bad at first, but when I started getting 5 or 6 calls like that a night spaced 45 minutes apart that was too annoying. Since then I haven't gotten any spam calls. Best $3.95/month I've spent yet. It doesn't actually block them as much as it makes you say your name if you come up as out-of-area or private caller on caller-id and the recipient can choose whether to accept the call or not without ever speaking to the person. Very nice. Again, my main problem was those fucking automated dialers that spammers use to look for active numbers.

Re:Phone Firewall

[tomhudson]

It's one of several SIT (special information tone). Just call a disconnected number, record the sound, and get your speaker to play the three-tone sound back.

Finally, a practical use for that old 286.

Re:Phone Firewall

[realdpk]

I didn't buy it in our market because they called/telemarketed me up a few times offering it to me. That was probably the last straw, I no longer answer that phone.

Re:Phone Firewall

[realdpk]

The part I don't get is how regular people don't hear it? If it's just a recording of it, I'd hear it and hang up if someone I called had that.

Re:Phone Firewall

[yasth]

http://www.flash.net/~carlton2/telemark.htm
Just dump it on an answering machine. Easy.

Honestly you suposedly need only the first tone, but...

Re:Phone Firewall

[tomhudson]

It depends on your phone system. Some systems block out the SIT, some don't. But if their machine hangs up before you pick up the receiver, you don't hear anything.

Just like in the old days before caller ID - the phone number was always transmitted between the first and second rings (your side) - first ring (receiver's side) and could be decoded with the right equipment, but you never heard it.

Then ma bell decided to block the data, and charge extra for access to it.

Re:Phone Firewall

[tomhudson]

Actually, there's a 3-tone SIT that still gives you long distance access for free - but if you stay on for more than a minute or so, they'll (the telco) will notice. And with long distance so cheap, why bother.

Mind you, the idea of dumping it on an answering machine is GREAT.

Re:Phone Firewall

[NanoGator]

Thank you! :)

*wonders why cell phones don't have the 'phone firewall' idea...*

Re:Phone Firewall

[fobbman]

Great idea for a geeky horror flick.

When your firewall is up, no one can hear you scream.

Re:Phone Firewall

wouldn't *you* feel stupid when there was a real emergency and you couldn't call 911....

Re:Phone Firewall

[realdpk]

Ah, so this device "eats" the first ring? Still, if I was the caller and I heard it, I'd hang up. I don't understand the caller side.

Re:Phone Firewall

[NanoGator]

Heh. I knew somebody was going to assume something like that.

Of course the firewall'd have per-phone (or outlet) options. It'd be simple enough to specify that your computer can only make local calls. Even better, you could only allow the phone #'s of your ISP.

Setting up your 'phone firewall' with the same rules for every single phone in your house is a bit on the absurd side. Give me a little credit, will ya?

Re:Phone Firewall

[tomhudson]

All phone systems "eat" the first ring in a sense. It rings on your side, it then rings on their side, alternating back and forth.

Try calling yourself on from one line to another to see the effect. You hear the phone ring in your earpiece, but the phone on the desk is silent - then it rings, but you don't hear enything in your earpiece.

Re:Phone Firewall

[mhesseltine]

My local Qwest (ugh!) calls it Anonymous Call Rejection, and I believe that it requires a caller ID service from the phone co.

Re:Phone Firewall

[realdpk]

So do telemarketer's phones use a different system that they hear this tone, but regular folk can't hear it somehow? Is there a certain timing to it?

a use!

can we get one of these puppies released which instead of calling 911, call's the white house and says "Bush is an idiot!"? :)

Re:a use!

Then it can be just like every thing else that repeats "Bush is an idiot": something somebody else had to tell what to do/think/say.

Typical of the Dimocrat: I'm gonna vote for the guy who says he's gonna give me the biggest welfare check. Everyone else is an idiot.

Re:a use!

[tomhudson]

Yeah, but W would answer it, and say "It's for you, pops"

Re:a use!

yeah, I need someone else to tell me what to say all the time.
yeah, I'm a total democrat
I so need a welfare check

you're an idiot my friend.
I have my own ideas and opinions. I don't listen to the asswads in DC. I'm actually neither a democrat or a republican. And I'll bet I make a helluva lot more than you.

but one thing I do know, is Bush IS an idiot. I'd say we probably elected the next closest thing to Dan Quayle.

P.S. - yup, that's correct moderators, I'm trolling. Now lets see if you guys can get it right this time?

KARMA...

whore

Re:KARMA...

[CodeWheeney]

I prefer Karma Escort, thank you very much.

How much longer until 1-900?

[magicsquid]

How much longer will it be before unscrupulous 900 number operators enlist people to alter this virus to make it dial their numbers? Given that it takes a month to get a phone bill, the culprits can close up shop and move on long before anyone even realizes there is a probem...

Re:How much longer until 1-900?

[t0qer]

Someone Mod the parent up! Squid that has to be about the most insightful thing i've read so far on this thread.

--toq

Re:How much longer until 1-900?

[tomhudson]

Already been done, way back in the 80's

Re:How much longer until 1-900?

[AnalogBoy]

Great.. What if the 911 author reads slashdot. DO YOU KNOW WHAT YOU HAVE DONE! GRR! :)

On a side note, my modem init string was always ATH0M0.

Re:How much longer until 1-900?

[brain-in-a-box]

In Germany there is already a huge problem with dialer programs which try to sneak themselves into your system and replace your default dial-up connection with an expensive 0198 etc numbers. There were programs which caused 200 Euro to be charged per dial-in.
However these program come as some kind of trojan, usually springing up some "accept box" (only on install). However, these boxes often don't say that an expensive connection will be created - sometimes they even claim to be a "screensaver update"

Re:How much longer until 1-900?

Frankly, I'd rather it *had* dialed a 1-900 number instead of 911.

Re:How much longer until 1-900?

About 214 dollars. Euro is stronger and would remain so forever.

Re:How much longer until 1-900?

[iamiuru]

Damn, that is exactly the same sh!t I was going to post (worked for a few of those "nasty" companies for a while).

Better yet, someone at AT&T should do this, god knows they could use some revenue right now. And have you tried getting 900 calls off your bill? It will work once or twice, but try telling them that it wasnt you on the 15th time it was billed to your number. You'll be lucky if they dont put the old charges back on your bill.

On a side note, you wouldnt believe the amount of hell you have to go through with the phone company to allow you to keep making these calls. Say you rack up $1000 a month on testing the numbers and such, they will keep turning it off even if you TELL them not to and you are paying them. They then tell you to call a special number that will allow you to keep making these calls, only to find out that next month you have to do the same thing.

This is your ASS, and this over here is your ELBOW and NO they ARE NOT the same thing.

Re:How much longer until 1-900?

Good for them. I hope they enjoy it as it makes their exports more expensive.

Re:How much longer until 1-900?

[dorgy]

Phone companies collect the money from the customer first. When the check clears, the culprit will get the bill.

Re:How much longer until 1-900?

[bjschrock]

How much longer will it be before unscrupulous 900 number operators enlist people to alter this virus to make it dial their numbers?

...or dialing some foreign country where they have a deal with the long distance company (like some unreputable companies do with software now).

Re:How much longer until 1-900?

[Jucius+Maximus]

"How much longer will it be before unscrupulous 900 number operators enlist people to alter this virus to make it dial their numbers? Given that it takes a month to get a phone bill, the culprits can close up shop and move on long before anyone even realizes there is a probem..."

It's been done. I remember reading in the newspapers about pr0n sites that asked you to download their special pr0n viewer program. The thing is, this viewer program actually did view the adult content. It also turned off your modem's speaker and dialed some pay-per-minute line in Russia. But since you were looking at pr0n, you would probably spend quite a while racking up charges without noticing anything was amiss until your next phone bill.

Re:How much longer until 1-900?

You rock.

Re:How much longer until 1-900?

1)Time to start an off shore 900 charging US$25/min.
2) use outlook express to deliver e-mail everywhere with the embedded string.
3) collect the money from the fools who use MS. Hey if they were foolish enough to buy MS they would not even notice it missing on a phone call.

Re:How much longer until 1-900?

Well, that will be true for as long as we have bush.

Re:How much longer until 1-900?

Great. So now al qaida will use this approach and people wil lbe sending money to two terriorist organizations: al qaida and MS.

Ahh, yet another buggy virus.

[joto]

Why can't the fucking virus writers understand that they need to be portable across platforms? It seems most virus writers these days are targetting Microsoft products without so much as a thought about portability. What about users running MacOS, Linux, Solaris, *BSD or any other operating system? What about users who don't even have a modem? And what about users in other countries where the emergency number is different from that in the US? This virus is buggy as hell, I wouldn't want it if my life depended on it! (pun intended).

Re:Ahh, yet another buggy virus.

They need to practice first with a pseudo-opsys before trying out the real ones.

hehehe

this is sick

[Mr2cents]

I can somehow imagine a frustrated kid making a virus "for fun" or "because I can". But this is *evil*!! And stupid, not to mention! What if someone close to him dies due to his crime?

Re:this is sick

Welcome to the "outside world". You must be living an happy enjoyable life up there in disneyland.

-- MMMMMMMMMMMMMMMMMMMM

Interm Solution

[t0qer]

M$ sends an automated voice message out to all their subscibers. Either that or make all the access numbers just play this instead of sending any actual data.

"Services will not be availiable today because of a virus that affects webtv users. The virus takes control of the webTV modem and causes it to dial 911. Please unplug your webtv unit from the phone line until we can fix the problem. Please call 555-1212 if you suspect your webtv has been affected"

Clean up your mail servers. Install something to filter out the virus and any varients. Even the least tech savvy people will understand "It dials 911" and "Unplug your webtv"

Just some advice.

--toq

Re:Interm Solution

[tomhudson]

I don't know if everyone will understand that. Don't forget, we're talking webtv users here.

They may not even be aware that the thing is plugged into their phone line (don't laugh - it's happened with people with legit satellite dishes who don't know that their requests are uploaded by POTS - plain old telephone service).

Re:Interm Solution

Even the least tech savvy people will understand "It dials 911" and "Unplug your webtv"

You give lusers way too much credit. You've never been a sysadmin, have you?

There will be people who (a) don't realize they have a webtv unit (even though they're reading the email on webtv), and (b) don't know it's plugged into a phone line.

Remember, they just got done forwarding an email to all their friends, for which Bill Gates will be sending them $1000. And now they're off to delete jdbgmgr.exe, if they can just find that damn file on their webtv unit.

Re:Interm Solution

[quantaman]

Why would M$ do this?

It doesn't make them any money. Right now many WebTV users probably don't consider WebTV to be a computer. Remember, computers are complex, buggy, get hacked, and get viruses therefore if WebTV is suseptible to viruses it is a computer. By sending out an alert to all their subscribers they will alert everybody to the fact that WebTV is a type of computer and will lower its popularity because of that. That being said it is an interesting test to see if M$ will stand to possibly lose a little PR in order to stop a life saving service from being tied up.

Re:Interm Solution

[t0qer]

I was for 7 years, the fact that lusers would never heed my warings, read the documentation, or flat out needed things repeated to them 20 times in a row made me decide to quit being the McDonalds coke and a smile "Hi How may I fix your computer today?"

Near my 7th year, I became frustrated, started telling people how stupid I thought they were to their face (Usually after the 8th time of explaining something) And generally degraded into the self absorbed irritating prick that I am today.

2 years later i'm still recovering. Where I used to fix my friends and families computers for free I now charge the shit outta them till they don't wanna come back. Everytime the phone rings my hair still stands up on end because i'm afraid of yet another person saying, "Hey toq just wanted to ask you a quick question!" No it's never a quick question, it's a gateway into a line of questioning not even the worse murderer would be subjected to in a police interregation.

And you dare say was I ever a sysadmin, jeesh. I'd bet money I could w00p your arse in a contest of skills any day of the week. Trust me kid, you just haven't burned out yet, but you will. And when you do, that's where open source with the lack of stupid people and politics will be waiting.

--toq

Re:Interm Solution

M$ sends an automated voice message out to all their subscibers

Price that out and tell me with a straight face that makes financial sense to call 1M users or more, even if they did compensate the 911 systems nationwide for their trouble. What about no answers blah blah?

Either that or make all the access numbers just play this instead of sending any actual data.

1) With the speaker off they're supposed to hear this how?

2) They use VPOPs such as UUnet DAN, Sprint, and a patchwork of small ISPs. These access servers don't do voice. And what about users who bring their own ISP? Sure you can put up a "The WebTV network is down for maintenance" message up when a box logs on to the network, but that's still suboptimal and pissing off hundreds of thousands of users is not a choice a business makes lightly.

It's much easier just to turn off the POP3 servers and strip all Javascript or suspect tags out of all mail on all the stores, OR push an update to the box that turns scripting off in email. Neither of these are easy and both of these will make someone somewhere unhappyIn any case, they'll probably have the problem licked in a matter of hours and some poor sots in Palo Alto or Mountain View will be working an extra long shift today.

And learn how to spell "interim". Geez.

Re:Interm Solution

I browse /. on WebTV because page-widening posts don't work against it.

~~~

Re:Interm Solution

[t0qer]

It doesn't make them any money.

It's one less day they need phone support.
It's one less day they have to provide service.
It's one less day they have to do anything but have their top techs in the office fixing the problem (Who are probably in the office all the time anyways)
On top of all the less they have to provide for a day, they're still charging the customers money. So they don't really lose anything at all by doing this, they gain alot.

Add that all up, and I see black for that day.

Re:Interm Solution

Dude, ease back on the caffeine. I was just kidding.

Re:Interm Solution

>So they don't really lose anything at all by
>doing this, they gain alot.

One word: Churn.

This will cause a significant number of customers to unsubscribe from the service.

Re:Interm Solution

[quantaman]

What about the droves of concerned users who call up to see if they have the virus or find out more about the virus,this will be MANY MANY more callers and a lot more phone support than if they said nothing. Also what about the bad reviews they get by those customers who tell their friends who are thinking of buying one how they almost got a really bad virus and they had to go through this inconvenience of calling to make sure they weren't infected (not to mention annoyingly busy tech support lines)? Does it really cost less to put out the warning?

No, no, unless the virus spreads and becomes really big (unlikely considering the small number of suseptible machines) and M$ gets totally trashed by the media for doing nothing (ABC wasn't critical of M$ at all) they DO lose much more money than if they announce to all the users.

Re:Interm Solution

[M-G]

Except for the fact that they're:

Still paying rent.
Still paying employees.
Still paying for electricity.
Still paying for their 'net connection.
Still paying depreciation on equipment.

IOW, all their fixed costs are still there. Any savings from shutting down for a day would be minimal. I'm not saying they shouldn't just shut down until they have a fix, but they sure won't be saving any money by not offering service.

Re:Interm Solution

[t0qer]

Lol! So I guess you have no doubt of my sysadmin'ness :P

Speaking of caffine, allmost time to get another 2 liter of mtn dew. This one is all drank up.

--toq

Re:Interm Solution

[Provos]

Clean up your mail servers. Install something to filter out the virus and any varients. Even the least tech savvy people will understand "It dials 911" and "Unplug your webtv"

Actually, they don't. Half of them don't even understand it's not some sort of VCR. The other half don't know that it's not a cable box. Trust me, from a support standpoint, the people who buy and use msnTV are the most ignorant, least intelligent people on the face of the planet. Hell, we were getting calls from NYC on 9/11 with people asking "Why doesn't my Web work?"

Re:Interm Solution

[msntvemp]

"Clean up your mail servers. Install something to filter out the virus and any varients."

The mail servers were cleaned up late last week and all new incoming mail is filtered for the hack.

Re:Interm Solution

[t0qer]

The mail servers were cleaned up late last week and all new incoming mail is filtered for the hack.

Wow MS had a handle on it BEFORE slash ran the story.. WOW M$ CAN GO BACKWARDS IN SLASHDOT TIME!

1.21 jigawatts marty!!!
vrrooooOOOOM *BOOM*
or something like that.

Other Numbers

[Quantum+Singularity]

Next thing you know, WebTV will be dialing 1-900 numbers and Microsoft will try and pick up the profits. Just another reason to go broadband.

Schmidt was right

[citroidSD]

See the Digital Sky is falling! So that thread has been validated. Sure it ain't a pacemaker, but it is an appliance, and clogged 911 circuits could cause serious life threatening damage.

Can we really call this a virus?

[MadFarmAnimalz]

There's an argument to be made that having a Microsoft product in your living room could be termed an emergency.

I personally find this alleged virus' behaviour entirely appropriate.

It's just trying to help.

Can't you see that?

Re:Can we really call this a virus?

yeah, it's a "feature", not a virus...

Nice troll.

[dave-fu]

In order to be able to pass Hayes commands to the modem, you first have to establish a terminal session to the modem itself; if you can do this, it's already game over.
Otherwise, knowing about ATH0, ATA, ATDT and ATM0 (well, the last is useful if you're dialing late at night and don't want to wake others) isn't so much l33t as having paged through the manual while waiting to get an open line.
OTOH, figuring out that you can down a BBS you don't like by requesting a file named COM1:? That's getting warmer...

Re:Nice troll.

[kwishot]

You're dumb.

If you translate the commands into hex and send it as a ping it works:
ping -p 2b2b2b415448300d -c 5 xxx.xxx.xxx.xxx

By the way, 2b2b2b415448300d = +++ATH0
The modem receives the command and doesn't even pass it up to the "higher" networking layers so it's virtually untraceable, as well.

Re:Nice troll.

[beme]

The modem receives the command and doesn't even pass it up to the "higher" networking layers so it's virtually untraceable, as well.

I could be wrong, but I don't think that's how it works. I thought the trick was to get the 'target' to _send_ the +++ATH0, not just recv it. The -p indicates the bytes you want the ping-ee to respond with. So there would be a record in the logs, right?

Re:Nice troll.

[Ungrounded+Lightning]

I could be wrong, but I don't think that's how it works. I thought the trick was to get the 'target' to _send_ the +++ATH0, not just recv it.

If I read this right:

You send him a ping (ICMP echo request) with the modem command in the payload.

He sends you a ping response (ICMP echo reply) with that same modem command in the reply's payload. He just sent it to the modem.

If he's on a PPP/slip link it looks to the modem like a command embedded in the stream.

If the modem doesn't correctly ignore commands where there isn't a minimum half-second pause (with no transitions whatsoever - even start/stop bits) between the +++ and the ATH, you got him.

Of course if YOU'RE on PPP/slip on a serial link you have to be careful that YOUR modem doesn't hang up and dial 911, too. B-)

Re:Nice troll.

[dissy]

You are correct, the system needs to reply with that, so the ping is processed by the normal IP stack and echoed back. The reply is what causes the disconnect.

Ping is just one method to do it. If the remote machine has any services running like FTP or sendmail or whatnot, you can usually telnet to the service and type (as example)

USER +++ATH0
PASS asdf

Some services end up sending a reply such as
Bad password for

Of course almost any protocol using TCP can be effected if it echos any user supplied data back out.

Fun to embed into a webpage as well, older IE wouldnt take a link provided as is and escape it before requesting that link. (Dont know what other browsers would do this still however)

Re:Nice troll.

And you're an asshole.

911

[InodoroPereyra]

For those of you not familiar with the US emergency system ;-)
911 is a phone number used in the US to report emergencies (police, medical, etc)

Re:911

Dang, and here I thought it was just date something happened in New York last year, can't remember what, but it's something they use to justify strip searching me at airports.

Re:911

Is the great contest of most stupid karma whore of the year running or something?

Why not...

[curunir]

...just have the MSNTV units call the 1-800-469-3288 number directly.

Why don't the people who write viruses ever have a sense of humor?

Does this apply

[EclipseU]

How about the bill thats in legislation Here. What if you cause a death by clogging up the 911 lines....would that qualify for the life sentence under the bill?

Not 911

The virus should call Microsoft Technical Support and not 911. Every WebTV would be calling MS. Now that would be funny!

uh.... ping?

[Steveftoth]

what about ping? or is that too 733t for you?

Full service virus

[Maniakes]

Part of the purpose of 911 is to report crimes.
Hacking is a serious crime.

The virus is just calling 911 to report itself.

Re:Full service virus

>Part of the purpose of 911 is to report crimes.

Only crimes of a violent nature, those which
constitute a clear and present danger to life or property, are considered emergencies.

Re:Full service virus

[Maniakes]

Only crimes of a violent nature, those which constitute a clear and present danger to life or property, are considered emergencies.

A DDOS attack against the 911 system doesn't constitute a danger to life or property?

Re:Full service virus

I think you've just created a time-travel style paradox. Good luck getting the grease out.

It would be neat

[CaffeineAddict2001]

if after it dialed it played popular music using only dial tones.

Maybe the rolling stones "Start me up"..

Re:It would be neat

...or how about Foreigner's "Urgent", The Beatles' "Help", or DeeDee Ramone's "I don't Wanna Die In the Basement"...

Yes, it could.

[ubernostrum]

But it have to take the form of "Hi, I am an attachment. Please download me to a local disk, chmod me to be executable, and then run me with administrator privileges, you can trust me, really", seeing as Linux e-mail clients don't have the kind of Mack-truck-sized-security-hole access that Outlook and other MS clients have.

Odds of it happening? Not that likely. Windows is so easy to exploit that my grandmother could probably write a virus and get it to replicate and spread worldwide through Outlook/IE holes. On Linux/UNIX/etc. you at least have to try usually and know something about the system to write a viable exploit.

Re:Yes, it could.

[t0qer]

Did you even bother to read what I just said? Do I have to post links for you to read? (why bother, you didn't read my comment)

#1. Just a few days ago on /. there was an article about a root apache exploit.
#2. It doesn't matter HOW it gets there, what matters is that it does, be it mail client exploit or service exploit.
#3. Your comment sounds along the lines of "LUNIX IS INVINCABLE!" Which it can be, unless there is a root exploit like the one I described above. This was very heavily discussed on slashdot about a week ago.

You can't blame MS for making a product with holes, it's their culture.

Re:Yes, it could.

Did not provide root on linux. BSD and Win, yes, but not under linux.

But it could happen through some other way, sure.

Just not that one.

Re:Yes, it could.

[Zack]

1) It's only a root exploit if Apache is running as root. Neither I nor anyone I know runs Apache as root. I think the default is "nobody". "nobody" can't install a root kit. So it was only a root exploit if somone made apache run as root on purpose?

2) So... it still relies on the user doing something wrong? (Be it downloading an attachment, making it executable and running it with root privledges or changing the settings on an application to be insecure (eg change apache to run as root))

3) Okay, that apache issue wasn't a root exploit for me. Does that me me "INVINCABLE!"?

Re:Yes, it could.

No Moron, this thread is about home user operating systems not server operating systems and about E-mail viri not remote exploitation of web servers hence else we have to start talking about flaws with IIS, PWS etc. and as already pointed out the apache would have to be ran with full root privelages for it to be a root exploit

Re:Yes, it could.

[CoolVibe]

1) It's only a root exploit if Apache is running as root. Neither I nor anyone I know runs Apache as root. I think the default is "nobody". "nobody" can't install a root kit. So it was only a root exploit if somone made apache run as root on purpose?

Actually, apache _does_ run as root in the beginning to seize a priviledged port. But having a scriptkiddie romping around on your box as 'nobody' is just as bad. Did you know that local root exploits are more prevalent than remote root ones?

How... timely

[0xdeadbeef]

This, right about the time ax-Microsoftie security snake oil salesman is harping about the dangers to our infrastructure because of the Internet, and when Microsoft is promoting Palladium as the solution to its MUA scripting bugs.

Coincidence? Probably. But geez, you can bet they will spin this to their favor. Instead of apologizing for their incompetence, they will use it as evidence of the dangerous new world we live in, and request us to please bend over for all their new security initiatives.

Our infrastructure is under threat from hacker terrorists! The free world is at stake! Join up at your NET Guard recruiting office now!

Re:How... timely

[PissingInTheWind]

>> The free world is at stake! Join up at your NET Guard recruiting office now!

Wouldn't that be your .NET Guard recruiting office? (notice the clever dot)

Re:How... timely

[FreeUser]

This, right about the time ax-Microsoftie security snake oil salesman is harping about the dangers to our infrastructure [slashdot.org] because of the Internet, and when Microsoft is promoting Palladium [slashdot.org] as the solution to its MUA scripting bugs.

Coincidence? Probably. But geez, you can bet they will spin this to their favor. Instead of apologizing for their incompetence, they will use it as evidence of the dangerous new world we live in, and request us to please bend over for all their new security initiatives.

What makes it doubly absurd is that they tell us:

• We should make our hardware capable of only running Microsoft's incompentently written, buggy, and phenominally insecure software and trust them that blocking every competitor's product from running on our hardware will somehow, magically make their poorly written, unaudited, closed-source (and thus never peer-reviewed) software more secure.
• If we follow their advice and deploy Palladium, it will become impossible to deploy demonstrably much more secuire products like GNU/Linux, FreeBSD, and OpenBSD.

This makes almost as much sense as giving unprecendented power to an agency whose negligence allowed 9/11 to occur. Hell, if it worked for the FBI why shouldn't it work for Microsoft? It isn't as if our public officials have demonstrated a shred of intelligence within the last year anyway. As a matter of fact, I can't remember the last time they did demonstrate a sign of intelligence ...

Whoever did this is a total moron.

As someone mentionned earlier, if this thing ties up 911 some people might actually pay with their lives for this stupid little prank.

Maybe Micro$oft is to blame for the security flaw, but the author of this virus should be severely punished if he is found. impacting life-or-death services like 911 is downright terrorism as far as i'm concerned.

I'd personally beat him up real good and let him get the busy signal while trying to call for help because of his work.

Shame on you, this is the kind of stuff that gives hackers a real bad name. (Even if the target IS a Micro$oft product)

That's so lame...

Why would anyone write something like this... using up valuable 911 phone-time is serious stuff. Those call centers in some places are very taxed and when someone really needs emergency help it may not be available. The creator of this virus could be responsible for deaths, even.

Homer Jay Could Use This Virus.......

[echucker]

Hello, operator? Give me the number for nine one one!"

Re:Homer Jay Could Use This Virus.......

[daeley]

Chief Wiggum: "I'm sorry, you're reached the wrong number. This is nine one two." :)

Re:Homer Jay Could Use This Virus.......

[lostboy2]

and, of course, there's always

Greetings, friend. Do you wish to look as happy as me? Well, you've got the power inside you right now. So use it. And send one dollar to Happy Dude, 742 Evergreen Terrace, Springfield. Don't delay! Eternal happiness is just a dollar away.
YOU HAVE THE POWER!

9/11

[Jim42688]

if this happened on 9/11, and there was a WebTV in one of the WTC's, and there was a business man reading his e-mail on webtv, and the virus took control of the webtv and called 911, and then the plane crashed into the wtc, would the fireman have arrived quicker, changing history so that an errant virus writer saved the lives of thousands?????? nah.

Re:9/11

>I have wondered: Why didn't they send some
>choppers to fetch some of the people...?

Look carefully at the 9/11 photos. There's NO WAY you could get a helicopter anywhere NEAR there.

Its very simple to do this...

[Critical_]

I don't know the exact in's-and-out's of the webtv e-mail system but back in the BBS days, we used to send each other (amongst friends) DOS TSR's that would be disguised as a trusted executable file for a legit program. The person would run it and hang up their modem used ATH0. And dial out numbers using ATDT. To get rid of it, they would have to reboot using a bootdisk since the TSR would be in their autoexec.bat file. Anyway, the point is that this method of modem-"hacking" is very easy to do and shouldn't be tough to adapt for the modern day webtv.

A part of me actually finds the idea of Microsoft being held liable for the 911 calls pretty amusing. But the reality is that it costs money and unfortunately it could cost lives. I hope all of you people make sure to tell your moms/dads/grandparents/spouses/friends/etc. to disconnect their boxes from the phones lines.

i dunno, this really doesn't seem bad ...

[dlasley]

i'd be calling for help if i was using something called MSNTV, because it certainly wouldn't be my choice. maybe the little boxes are simply crying out for help ...

heh heh

[Bwana]

man this is a funny thread...i haven't laughed this hard on slashdot ever.. :o)

Thats a strange variation of DoS attacking.

[miffo.swe]

Im a little concerned over that so many companies and others are so eager to connect everything including the kitchen sink to the internet. There seems to be enough people stupid and evil enough to hack just about anything to get some fame. The fame they then uses when they start their security firm later on in life.

Fines for "prank" 911 calls?

[tibbetts]

It's my understanding that many communities can fine a person or organization if it's determined that a call to 911 was due to anything other than a real emergency or an honest mistake. So what's going to happen here? Is grandma going to get busted because she opened an email on her WebTV? If this virus becomes widespread and wreaks havoc on the 911 call centers around the nation, perhaps it will signal that the time is ripe to hold software manufacturers liable for the bugs in their products.

900 number dialers

wasnt there viruses that used to call 1-900 numbers?

sigh .. they don't make 'em like they used to.

sometimes 911 a toll call even when not a prank

[johnpaul191]

i know in some of the suburbs around here (Philadelphia area) they will charge you a "911 usage fee" even if it is valid. 2 friends of mine were playing video games late one night and the guy who's house it was started to have a seizure (they were about 16 then). the guy's parent just sorta freaked and didn't know what to do. the other guy called 911 and the sick kid ended up in the hospital for a few days. about a month later the family got a "911 usage fee" charge and it was something like $250. that's totally insane to me. i know here in Philadelphia you are told to call 911 for almost everything, and they route and log the calls in one system. if it's something like a car breakin then they forward it to the local department. Philadelphia pondered the 922 or whatever system for more casual calls (like a stolen car stereo discovered in the morning), but scrapped it and put all the money into enlarging the 911 system and training the operators to route the calls instead of the upset callers knowing which was the right number for which situation. it kind of makes sense to just have one huge routing system than a few independent groups of dispachers.
anyway, i hope these people get this fixed soon. i would think webTV users are not the most computer literate and things like this just make them hate "those damn machines". besides costing them money, a lot of 911 systems are stretched as is and something like this can really screw them up.

Re:sometimes 911 a toll call even when not a prank

Ya know, if the point of your post is to talk about 911 fees, why did you think it necessary to talk about the video games, the seizure, the parents, etc.? How about:

I knew someone who was charged $250 for a "usage fee" after they made a legitimate emergency call.

Notice the lack of irrelevant details? See how the message is not lost?

Re:sometimes 911 a toll call even when not a prank

[phillyclaude]

what suburb are you from?!? i have called 911 a few times recently in Philly, to report accidents i've seen, and got charged NO usage fees. we pay a tax to fund the 911 system. there is no way some people people would call 911 vs simply driving to the ER for *most* cases, if $250 is at stake.

Re:sometimes 911 a toll call even when not a prank

[Hobaird]

I can only guess that the initial poster was mistaken. He was probably charge $250 for the ambulance ride. Where I live, if you get an ambulance sent to your house, you pay a set fee for the ride regardless of which ambulance company and where they take you.

Re:sometimes 911 a toll call even when not a prank

[Fishstick]

In fact, most states have regulations on the books that not only require that 911 services be made free to the caller, but that the service cannot be denied for any reason (ie, past due balance disconnection, etc). Pay phones must allow 911 to be dialed and connected without any coins deposited.

Only reason I know about this is because I work on a mediation & prepaid billing system for wireless and we had to implement a requirement for a nationwide carrier to specifically allow 911 calls to always go through, regardless of the sub's account status.

Re:sometimes 911 a toll call even when not a prank

[phillyclaude]

i heard once that cell phones will all connect to 911 even if there is no account associated with them. there are programs which give out old donated cellphones to homless women living on the streets, just for the 911 capability

Damned virus writers...

[Supp0rtLinux]

I can't wait til one these virus writers has to call 911 cause "he's fallen and can't get up", but can't get through cause his virus is flooding the phone lines to 911.

ATH0

[OrangeHairMan]

This just looks like another ATH0 hack. Check out http://216.239.35.100/search?q=cache:7TqncCwNansC: www.psc.ru/sergey/bgtraq/HARDWARE/ath0DoS.html for more info.

Orange

Reminds me of a modem story...

[writermike]

Back in the days of 2400bps, when modems touted features like "auto-dial," every night when one of my friends made his BBS rounds, the cops would show up at his house.

This went on for days. And no one really put it together until, one night, while listening to the dial-tones coming out the speak of his Avatar 2400 modem, he noticed that anytime the modem attempted to dial an 8, nothing would come out.

And one of the BBSs he dialed started thus:
(8)91-1xxx

Re:Reminds me of a modem story...

[Tablizer]

(* every night when one of my friends made his BBS rounds, the cops would show up at his house. [when accidental 911] *)

Every night? You mean they *kept* showing up week after week and did not do anything, such as shut it down or have FBI agents come in or something?

Tolerant cops you have in that town.

Please!

Will someone please go and irradiate the whole Redmond area and rid the world of this BS?

One simple solution

[robolemon]

Unplug your WebTV from the wall when it's not in use. Then it can't call 911 unless you're using it right then, and you'd notice when your connection was interrupted.

You missed the important bit...

[tapin]

This virus only affects Microsoft WebTV/MSNTV units. Windows PCs, Macs, Unix, and Linux machines are unaffected.

Holy crap, it's a virus that doesn't hit Windows PCs!

Re:You missed the important bit...

[tomhudson]

Yet...

But we're sure Micro$oft is working hard to fix that.

How many set top box users read this site??

[baloo914]

Is this news worthy here??

WAIT!!!!!!! unless this is the front for that ever scrupulous underground hacking cult known as the Lucky Charms... Green Clovers and Purple Mushrooms...

click my heels...

Wouldn't work

For one thing, I doubt the operators get paid until the customer pays the phone company. In most states, the phone company cannot disconnect your service if you refuse to pay for calls to 900 numbers. The worst they can do is block your access to those numbers in the future...which might be a good thing in this case!

Second, once the complaints came in, the phone company would quickly cease all payments to the operator, and turn their info over to the district attorney's office for prosecution.

I'd hate to be in the SOC right about now

I know for a fact that the WebTV box exposes a lot of functionality to anyone who knows the right HTML tags. It's possible that the malware in question rewrites in EEPROM the number for the ANI service, which ordinarily passes a list of local POPs to the box. It probably then wipes the current ANI numbers, reboots the box, after which it tries to dial the ANI service which is now 911.

Whoops.

Re:I'd hate to be in the SOC right about now

[msntvemp]

"I'd hate to be in the SOC right about now"

The SOC isn't affected. Customer Support centers are the ones that received the 18 calls.

The user settings are stored in NVRAM. One of the settings is the dialing prefix, which gets changed from 9 to 911. But the bug has already been fixed and the emails have already been filtering, so it isn't an issue anymore.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Fat chance / Big reward

[Mdog]

If I authored this virus, I would *not* think of this as a serious threat to anyone's life. Why? Because it is within Microsoft's power to avert the whole thing by having everybody unplug their boxen if it gets out of hand. This has the potential to be a *big headache* for MS, which could outweigh the outside chance that this would actually be allowed to get so out of hand as to cost lives.

Re:Fat chance / Big reward

[blincoln]

That's a little like saying that it's okay to intentionally spread AIDS because it's within the power of your sex partners to abstain or use protection.
Doing something which can easily lead to people dying is not suddenly ethical just because it is theoretically possible for them to prevent it.

Re:Fat chance / Big reward

[martyn+s]

So I suppose you wouldn't consider releasing smallpox "a serious threat to anyone's life", since, after all, the government has enough vaccines for everyone, so it's within their power to prevent a smallpox outbreak. Get with it man.

IRC

[owenc]

I had a ctcp command do that on undernet once. Like[1] an idiot, I ran it, and nothing seemed to happen. It had however hung up the modem and dialled 911. I tried it four times. I forgot about it and carried on for about 15 minutes. Then at midnight I heard a knock on the door. I thought maybe a neighbor had some sort of an emergency or something. It was the police. He asked if everything was ok, but wouldn't leave until he saw my mother to make sure I didn't hack them up or something. It was kind of hard to explain that someone on undernet had sent me this command and said that it actually done something else. I wish I could say I learned something from that experience...

[1] maybe "like" is not the best word

Re:IRC

[Pig+Hogger]

I had a ctcp command do that on undernet once. Like[1] an idiot, I ran it,
...
It was the police.
...
I wish I could say I learned something from that experience...

Straight from the mouth of a babe. How cute.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Coincidence?

[mikehunt]

Could this story have anything to do with this one:
Schmidt Predicts Digital Sky Is Falling ??

Shome mishtake shurely?

Came across the NWS this morning....

This came in as a Civil Emergency Message through the National Weather Service this morning:

BULLETIN - EAS ACTIVATION REQUESTED
CIVIL EMERGENCY MESSAGE
NATIONAL WEATHER SERVICE OMAHA/VALLEY NE
220 PM CDT MON JUL 22 2002

THE FOLLOWING MESSAGE IS BEING TRANSMITTED AT THE REQUEST OF SHELBY
COUNTY IOWA EMERGENCY MANAGEMENT.

911 LINES IN SHELBY COUNTY IOWA HAVE BEEN AFFECTED. IF YOU NEED TO
REPORT A 911 CALL...PLEASE CALL 755-2121. IF YOU ARE MAKING THE
CALL FROM SHELBY...CALL 544-2404. IF YOU ARE MAKING THE CALL FROM
PORTSMOUTH...CALL 743-2525. IF YOU ARE MAKING THE CALL FROM PANAMA
CALL 489-2786.

ZAPOTOCNY

finally a use for all that data

[KingPrad]

Microsoft collects so much registration information on its users you'd think they could call every person who has one of these.

KingPrad

Reminds me of the good ol' days.

Someone in town had a TI 99/4A BBS with "call back verification." Now this was as popular a measure back then as the recent "troll suppression" measures here are today. Also note that this wasn't a professionally written BBS package, but something the sysop rolled himself.

Anyway, I don't know how many times this poor sysop's machine had dialed 911 when attempting to call-back verify 911-1234, etc. And I don't know if anyone ever bothered that first day to see if was smart enough not to dial 011 numbers.

~~~

Microsoft has a fix

With that big wad of cash, Microsoft has purchased the numbers 911. The side effect is that people trying to call for help get Buddy, the Microsoft help desk attendant instead of thier local police.

Re:Microsoft has a fix

[Meowing]

Oh joy, so now Poopy the animated colonoscope can pop up on the scren to say "it looks like you're having a heart attack!"

The Future: Palladium

[shatfield]

The year: 2006

"ABC News is reporting a bug in Palladium (now branded as "MSNPC") which causes the infected machine to launch the MSN Explorer web browser and bring up the Whitehouse.gov website."

Hell, they can't even get a set top box right... imagine what happens when they are in charge of a whole friggin PC!

Re:The Future: Palladium

[Tablizer]

"Sorry: you have not purchased a certificate for Emergancy Services. Call cancelled."

911? What about 411?

[Thenomain]

411 might have been amusing.

911 is just sad.

WTF?!?

[quantaman]

From the article,
This virus only affects Microsoft WebTV/MSNTV units. Windows PCs, Macs, Unix, and Linux machines are unaffected.

Huh!? I thought viruses affected EVERY computer and email client the same! I mean they've never suggested anything different on the news before this?!? Do you mean that when checking my email on Red Hat using Pine I won't get klez or code red???

Re:WTF?!?

[Ryan_Terry]

I think they mean to say that the virus is only able to force WebTV boxen to disconnect and dial the number. The malicious code doesn't have the same effect on a windows box.

Well, it's a good thing

[ZaMoose]

It's great that the virus dials 911. I mean, my local Stonecutter lodgemaster told me only suckers dial 911.

The real emergency number is 912.

*grin*

Re:Well, it's a good thing

[jelle]

Hihi,

You've been watching too much The simpsons shows.

Palladium

[mizhi]

So this is the company we're supposed to trust to make the internet more secure with Palladium?

anyone know...

[hpavc]

.. the exact behavior of this 'virus'? just hangup and dial? or dial again and again and again? dial after every online session?

I, SIR, WOULD LIKE TO SUCK YOUR DICK

Not really. Happy 20th! :o)

guess msnbc got scooped on this one...

[evilempireinc]

no big suprise there

MS OSs as embedded systems

[Marcus+Erroneous]

Hmmm, makes me confident about driving my Volvo with a MS OS in charge. Lemme see, it gets infected and we drive down to the police station? ;) Or maybe it replicates itself by ramming other cars? ;)
How about cold.vbs? First it checks to see if the outside temp is below 45 F. It causes the radiator fan to slow down and make the car run cold, cracks open the drain plug so that the car's nose drips and adjusts the thermostat so that it runs a little hot. ;) Then, it adjusts the flow to the heater core so that the car interior is cold or in cars with power windows rolls the windows down regardless of driver control. Soon, both car and driver have a cold. Randomly give the timing a spin so that it sneezes (backfires). ;)
So, do we then need to see Norton for a cold remedy for it? Or just park it in the garage for a few days and give it plenty of antifreeze? Or chicken soup? ;)
The fun has just begun!

Re:MS OSs as embedded systems

You fucking dipshit. If you stopped the fan, it would run warmer. It's a cooling device for christ's sake.

would be funny

would be funny if the guy who made this virus died because he couldnt call 911 because all the lines were tied up.

Gun makers are not prosecuted, murderers are. EOM

[hardcnxn]

EOM

this is kind of sad

[Edmund+Blackadder]

I dont know how web tv works, but i do know that on a webtv the maker has a complete control over the software and the hardware that runs on it.

And it still has viruses.

911 envy

[kitzilla]

My Playstation is jealous. Now it wants its own line, too. All the other set-top appliances have one.

The use of macros

[t_allardyce]

Maybe this is off topic but can anyone actually give me a good example of a use for a macro in an email message - what could this possibly achieve, and even more so, what could allowing it to auto-run achieve? what about allowing it access to the users address book, or modem? is there any valid application that anyone can think of that could not be done another, safer way? The average user doesn't even use macro features in any application (spreadsheet doesnt count) so why are they installed/enabled by default in the first place? The need for a macro feature is even less likely for a WebTV user. Does Microsoft take security seriously? since im not even a programmer and i can see the mistake, im thinking no.

Joint and Several Liability

[overshoot]

PI lawyers won't waste time going after Aunt Martha; if any ambulances arrive late they're going for the deep pockets of the company which sold the boxen, runs the servers, wrote the software, and ignored seven years of warnings about exploits waiting to happen.

What's more, they're going to win. A jury will take nanoseconds to decide between a grieving family and a convicted abusive monopolist sitting on $40 billion in liquid assets.

Bug in MSNTV???

[guttentag]

WebTV (Now branded as MSNTV)

If this affects all of MSNTV, it could be a bigger problem than we thought. Just think of all the unsuspecting MSNBC viewers who didn't even know their TV had a modem! We should petition our cable providers to block MSNBC until this is fixed.

My only hope...

[erat]

...is that the loser who made this all happen has a heartattack and can't get through to 911 emergency services because his/her own virus/hack/whatever is tying up the line.

Sometimes these pranks go too far.

Re:My only hope...

[Ilgaz]

I wish the same for the losers designed that platform too.

You know the plans about XBox right?

a tie-in to JPG situation too ..

[Greedo]

Interesting read ... especially this part:

Some time ago, Hayes Microcomputer Products got a patent -- known as the "Heatherington patent" -- on its method of doing modem escape sequences. The patent was a "submarine" patent -- that is, one that issues long after others in the industry have begun using the same technique or technology -- and was bitterly disputed by other modem vendors, who didn't want to pay money to Hayes. However, Hayes gradually one most of the lawsuits due to deep pockets, clever lawyers, and the idiosyncrasies of the patent system.

...

Hayes, bitter about not being paid royalties by these vendors, sabotaged its own press releases by placing the characters "+++ATH0" at the top of
each document and then circulating them widely. (The idea, I suppose, was to make the press believe that other brands of modems were not reliable.) I exposed this primitive denial of service attack in my InfoWorld column in 1991.

The Big Question...

[sterno]

If the person who wrote this virus has caused 911 to be tied up, and this has possibly caused somebody to die, would they be prosecutable under the new anti-hacker law that Congress put together?

Re:The Big Question...

[LinuxWhore]

As I understand it, the new law does nothing new that wasn't already covered under old laws. The new law just specifies that the crime is committed using a computer.

Yay for government pork!

Re:The Big Question...

[Kufat]

Forget about the "anti-hacker law." Couldn't something like this be considered terrorism under the current US rules, laws, and political climate? "Tying up and attempting to disable an emergency service" or some such.

It'll be interesting if they catch this guy, to see what he gets charged with. He'd probably do more time than many rapists or murderers.

National Enquirer: WebTV Saves Grandma

[N8F8]

Gotta be at least one story like this.

Re:National Enquirer: WebTV Saves Grandma

[Tablizer]

(* National Enquirer: WebTV Saves Grandma. Gotta be at least one story like this. *)

An almost close match:

There was a slashdot story about a month ago in which a hiker used up his cell-phone account and then got lost in some cold mountains. He was saved by a telemarketer calling to ask if we wanted to buy more phone minutes. (911 or its equiv was appearently not working.)

Product Misrepresentation

One of the big selling points of the WebTV unit was that it was "impossible" to get viruses. The sales staff were trained to say this (I knew a few). Obviously this isn't the case.

Re:Product Misrepresentation

[msntvemp]

"One of the big selling points of the WebTV unit was that it was "impossible" to get viruses. Obviously this isn't the case."

It isn't a virus. It doesn't propagate itself. It has been vulnerable to a few different security hacks, but there have been no viruses in the last six years.

Perfect timing

[guttentag]

This was posted just seven hours after a story about ex-Microsoft security chief Howard Schmidt warning that the Internet could facilitate the collapse of our infrastructure.

A lot of people have commented that Schmidt is full of... well, Schmidt, because anything critical should not be hooked up to the Internet. But here's an example of one way the ubiquity of Internet-connected computers could disrupt things.

Hypothetical scenario:

A rogue group hiding out in the tribal areas of Pakistan writes this virus (or whatever it's officially classified as), begins sending it to WebTV random *@WebTV.net addresses and causes them to flood 911 (a critical part of our emergency response infrastructure) with false calls. While the officials are busy trying to sort the WebTV-callers from the real emergencies, a group like Al Qaeda could carry out an attack and we would be ill-equipped to respond appropriately.

Whether this "virus" was planted by terrorists is not at issue, though. Perhaps we should pay more attention to Schmidt -- after all, who would know more about the insecurity of 95% of US PCs than an ex-MS security chief. We need to start looking at how our non-Internet-connected infrastructure might be indirectly vulnerable to Internet-based attacks.

This isn't me posting

[Orion+Blastar]

It is a virus on my WEBTV/MSNTV device.

After dialing 911, I like to call those 1-900 numbers and order things for myself off of web stores.

P.S. All your base are belong to us! I just networked with a Sega Genesis running "Zero Wing" :)

Clarification

[0x0d0a]

In order to be able to pass Hayes commands to the modem, you first have to establish a terminal session to the modem itself

You are correct.

The problem is that normally "+++" drops the modem into terminal mode.

To keep this from being a problem (whereyou actually want to send "+++") is that modems are *supposed* to have a guard time where "+++" must not be followed by any data for a certain period of time. If any data comes in, they do not drop into terminal mode. This time is called the guard time. The guard time can be set to zero in software, however (if your dialup software is being braindead or is misconfigured), and a few modems (ones that Apple shipped) had a zero guard time by default. So all you had to do was get the remote computer to send *any* data containing +++AT(a Hayes command). This could be accomplished by sending an ICMP echo (ping) packet and waiting for the pong to hit the modem.

I thought this was fixed for just about everyone, but evidently the WebTV guys still have a zero guard time.

This "50% vulnerable" number is absolutely ludicrous. I've had a 33.6 and three 56k modems, and none of them have had a zero guard time by default or set to zero by the two Linux dialers, the two MacOS dialers, or the Windows NT dialer that I've used. I'd say that *maybe* .1% of modem users on the Internet are vulnerable, which is probably way too high. If you did have a system set up like this, you'd experience frequent hangups during normal operation.

Setting the guard time to 255 is probably overkill...I can't see it being a problem at much of anything but zero.

Re:Clarification

[adolf]

Back In The Day, I made an informal study of this topic, on IRC (of course).

I chatted with prospective participants, gathered as much information from them about their modem as possible, asked if it were OK if they might drop carrier, and sent three magical ICMPs their way, one second apart. I logged the data in a text file, which I don't seem to be able to find just now.

Something like 80% were vulnerable. I was amazed. I gave my SupraFAXModem 288i a big fat kiss for being such a good sport about it all.

Hacks like this have existed for a -long- time. I remember helping sysops in 1991 to defend against kids who would dial up BBSs, and use the login prompt's echo to drop the board's modem to command mode, whereupon they'd leave it in a strange state and things wouldn't work until the sysop reset the modem.

Fun stuff. It wasn't until some years later that I learned about the Hayes patent on having a silence period between +++ and command mode.

They don't even know their own stuff!

[Shirloki]

...Microsoft officials are looking into how it is able to...control the modem.

I always knew that Microsoft wrote Windows not knowing exactly how it worked, and now they've got a hardware product that they don't understand how to control the modem of. They bring me a good laugh every day.

Re:IF THEY DON'T LIVE HERE...

[buck_wild]

Wow, who pissed in your cereal this morning?

You're not a self absorbed irritating prick

[vsprintf]

Near my 7th year, I became frustrated, started telling people how stupid I thought they were to their face (Usually after the 8th time of explaining something) And generally degraded into the self absorbed irritating prick that I am today.

No, that's not right. It should be self-absorbed, irritating prick. Watch that punctuation! :)

Re:You're not a self absorbed irritating prick

[t0qer]

Funny, I used to be in all honor english classes before I got into computers :/

Re:You're not a self absorbed irritating prick

[t0qer]

Yes i am /. stalking you oo0000ooo

I went back and read some of your old comments because sympathy on / is hard to find. The thing that struck me was you were an atari user, not a commode door person.

You Rock!

Wife just made me move all my computer stuff into the garage. She would never let me plug in my 800 with dual happy modified 810 drives, omnimon and rambo upgrades. Every damn time I would she would neatly tear it all down and put it back in the box.

This was my computer from when I was like... 12 to like 17 or so? Around 17 I got into PC's and dos. Man I miss knowing what every poke location did. Those were the days =)

Now I got everything all unpacked, not hooked up yet though. I took some pics in case you want to see. Lemme know and i'll upload em somewhere.

--Toq

Re:You're not a self absorbed irritating prick

[acceleriter]

If your wife won't let you keep that Omnimon, let me know, and I'll get you my address :).

Re:You're not a self absorbed irritating prick

[t0qer]

More than welcome to use my bytewriter (eeprom burner connect via joystick ports) to copy it :) I'll even give you a eeprom.

Re:You're not a self absorbed irritating prick

[acceleriter]

Heh, haven't burned any EPROMs lately--but the peripheral reminds me of the MPP-1000 modem, that also connected to two joystick ports.

Re:You're not a self absorbed irritating prick

[vsprintf]

Yeah, the Ataris were fun. I've still got a box of circuit boards and cases for building cartridges. The serial floppy drives are in a box somewhere - the rubber bands are probably shot. The Okidata thermal printer and the cassette tape storage thing... You're right, those were the days.

Re:You're not a self absorbed irritating prick

[t0qer]

Yeah I got a bunch of spare 1050 boards, 800 boards, some odd internal docs. During the liqudation days of atari goodwill in san jose obtained a lot of stuff.

Here's where a life sentence should apply...

[anthony_dipierro]

Interesting that this virus comes out so soon after the House OKs Life Sentences For Hackers. If the 911 lines get tied up, and someone dies as a result, can the virus writer be charged with murder?

"If a hack causes death the hacker can never be the only one to blame IMHO." - AVee

I guess in this case it could, unless you want to blame the user for hooking his computer up to a phone line.

It's not ATH0

[marxmarv]

if it causes the box to disconnect, reboot and dial a new number. More likely, there's some "extended" tags in an HTML mail that update the 1-800 number (probably in EEPROM) that the boxes call to get your local dialup numbers, then makes the box forget the cached local dialup numbers and resets the box. Not very tricky if you happen to know the tags. Unfortunately I've lost touch with most of my internal contacts so I have no idea whether my knowledge is out of date or not.

Disclaimer: this is Slashdot, so everyone has to shoot their mouths off without knowing what they're talking about, right?

-jhp

recursive virus?

[Tablizer]

One of these days a virus will dial up the Virus Hotline and report itself.

Re:recursive virus?

Look up the meaning of recursion, please.

Re:recursive virus?

Look up the meaning of recursion, please.

It was for comedic affect, you lumphead. Lighten up.
Take a breather and +++ ...... I am your master, your wish is my command> _

Re:recursive virus?

Look up the meaning of affect, please.

Re:recursive virus?

Virus: Hello... My name is Klez... and I...
I... am a.. Virus

Virus Anonymous Group: Hello Klez!

And this is on a closed system

[Animats]

This demonstrates the total failure of Microsoft's "authorized code" approach to security. WebTV is a completely closed system; it is designed to run only the code it comes with. Yet it has been cracked. None of the DRM-type "security" stuff Microsoft has been talking about would have prevented this.

Since this apparently affects pre-Microsoft WebTV boxes, though, it may be in code from the original WebTV people in Palo Alto. But that was a long time ago. Microsoft owns it now, and has to take the blame.

Is it actually running unauthorized code, or does the exploit just change what it dials?

Re:And this is on a closed system

[fadden]

Some observations...

(1) Microsoft TV (nee WebTV), while a closed system, does run javascript. So you can't add binaries, but you *can* add code.

(2) I doubt very much there is a pre-Microsoft WebTV box. The service can force updates out to boxes. I'm guessing most or all of the clients out there are MSNed at this point.

(3) Even if there were some surviving units, the service side is updated more often, and the service has a lot of control over what the box dials.

I, for one, would *love* to know how this got pulled off. (And, no, it's not "ATH0".)

If it lead to someone's death... it could.

[M3shuggah]

As noted in an earlier article, if it leads to someone's death -- then a possible life sentence could be handed to the author of this expliotation.

But this is also assuming that it could be proved a life could have been saved if the 911 lines were not tied up due to this bug.

And di you read mine?

[ubernostrum]

Compare Windows vs. Linux worm-writing:

Windows - Write five lines of code, stick them in an HTML email and wait for people's mail clients to execute it.

Linux - Spend a LOT of time tinkering, examining the source, experimenting, writing one test exploit after another, get one that works. Then release it and have it work against the n% of Linux users running that particular service, that particular version, probably on that particular distro.

I didn't say it was invincible, just that IMO it takes more skill, time, and effort to crack Linux. Why? Because Linux boxes get patched quickly and still tend to be run by people with at least half a clue about security. That means a vulnerability lasts a couple weeks at the most, whereas clueless users and Microsoft's inherently insecure coding practices have opened up the combination of buggy software and systems that go unpatched for years. Hence, Windows = easy to crack. Linux = harder to crack.

Re:And di you read mine?

[t0qer]

Very easy to make such broad categorizations.

How many unknown exploits exist? Can you answer that? Because if I were a malicious hacker I wouldn't tell the likes of you. I wouldn't post it to security focus. I would STFU keep my lips sealed. Keep it in my pocket.

There is no way of accounting for the unnacountable. How long did the apache problem really exist before it was discovered? I can't answer that, c'mon, try and give me an answer. What's that? can't answer that? Try giving me an estimate. Can't estimate it? Well neither can I.

Only way to truly stay secure from a network is to not be connected to one at all.

Re:And di you read mine?

[ubernostrum]

OK, did I say somewhere Linux is absolutely secure? Nope. I said one simple thing - it's harder to exploit Linux than Windows. Where's your beef with that? If you want to quote the possibility of all sorts of unknown exploits, I'll ask how you sleep at night with all the millions of unknown terrorists who might be lurking outside your door, waiting for an opportunity to crash a 747 into you.

So seriously, what's your problem? Linux is not 100% secure, but I'll be damned if you can tell me it's as bad as Windows, which is a heck of a lot easier to exploit. One look at my web server logs will tell you that - I have thousands of Code Red, and about five of the Apache worm. To me that says Linux is doing something better than Windows.

Re:And di you read mine?

Love your sig. God, I miss Animaniancs.

WebTV 911 Virus - Not a virus

[Provos]

It's not a virus, it's a bug.

As someone who supports the damn thing, we're aware of this...umm... "feature". I don't speak for MS, or MSNTV - but the email doesn't spread. It's a one time thing sent by a malicious malcontent to a webtv user.

WebTV users can forward the email to each other, but the origination is obviously non-webtv since such things are impossible to create on the pitiful excuse for an internet access device.

Re:WebTV 911 Virus - Not a virus

Microsoft officials are looking into how it is able to replicate

The why are Microsoft officials looking into how it replicates? I used forwarding is not replicating

Re:ATH0 (delay)....

[orius_khan]

Really? Is there a patent on the delay after "+++" to enter command mode? Is that why some modems don't impliment this (absolutely needed) feature?

Yes. That someone was called Hayes Corp... they were big bullies back in the early modem days... back when I got my first 2400baud. By the time I making the choice between Kflex and x2 when 56k came out, Hayes was a dirty word and you couldn't even buy their stuff anymore. (Retailers weren't selling them, at least not around here.)

I guess they're a pretty good example of how you can get short term gains from patenting offensively simple details, but in the long run you lose because you've pissed the whole world off. When was the last time you heard of someone buying a Hayes product??

Cruising around slashdot stoned, are we?

[Nanite]

NT :)

How about the PATRIOT Act?

[wrinkledshirt]

The wording's loose enough that it could be branded as terrorism. That'll get you the death penalty.

Choose bitterness.

[Inoshiro]

Choose using computers.

Choose hanging out on Slashdot.

Choose knowing enough about the patent system to make a lawyer blush.

Choose not having a girlfriend.

Choose your hand every night.

Choose Linux, and its politics.

Choose videogames, LAN parties, XL shirts, and big screen TVs.

Choose a career in the IT field.

Choose bitterness.

Re:Choose bitterness.

[t0qer]

nah...

chillaz a killaz bluntaz you fukaz
that's my choice

Pranking the M$'s 800 number?

[McG33k]

So.. if we call the webtv support line and ask for help, will they help? Give them a fake number and phone number and let them know that you've been notified of a hold in webtv that makes it dial 911. Lookup a google image search on BSOD and report to the guy every so often the content of the image... good times. Just remember: act dumb!

Ignoring the +++

[gordzilla]

I thought (it has been a while) that most modems could be configured to ignore the +++ command and only drop carrier if the DTR (Data Terminal Ready) line was lowered? I seem to recall that &C1 and &D2 set this behaviour.

1-800-469-3288

[twoslice]

The MS Support phone number is supposed to spell out 1-800 GO-WEB-TV but it can also spell...

1-800-HI-WEB-TV when the user is on IRC

or if the user has been watching porn...

1-800-HO-WEB-TV

Or another :)

[tcc]

Talk about efficient AI...Microsoft probably didn't look at that code after stealing it, heh... "hello 911, this is the Box reporting Microsoft frauded my owner for selling him overpriced underfeatured and buggy hardware, thank you."

never send a set top box...

[izm]

Never send a set-top-box to do a PC's work... and one serviced by Microsoft no less!?!?

MS wins vs. MS wins & ...CONSPIRACY!

[Kalkin]

It's a complex argument.

Laws gets passed against hacking.

Lessee...
Microsoft has a flaw in their program. It doesn't exist as a problem, until some hacker pushes them to fix it. Therefore if hackers did not exist, it wouldn't be a problem, right?

So let's pass a law - hacking bad. The law gets passed, because of these bad programmers (I think we're talking hackers, but I digress.) Things like this causes the ball to roll much easier for their lobbying group.

*OR*

No one finds the flaw, *whew*. We don't have to fix it unless there's a real problem...that would *kill* my chances of moving up...

Now, what we should *really* be asking, is it an error being generated by flawed Microsoft code? Maybe Joe was working a little late, got sloppy, and when someone clicks *here* it generates a strange string in an e-mail, causing problems. (Or some programmer in their employ who was miffed with...?)

Someone's mentioned that MSNTV is a closed system - do we have faith that Microsoft would actually disclose its own error? That would be the *only* way the win/win condition does not occur, ie, bad press existing only for Microsoft.

-Jimmer
Without noise you cannot filter truth. -DKM

calling 911 is pretty low

[v8interceptor]

and not very original either - maybe it should call Microsoft tech support instead.

Stupid linux losers at it again

[TurdFurgeson]

I'm sure the microsoft hater fan boy thought it would be funny to focus the blame on MICROSOFT THE EVIL EMPIRE while placing lives at risk.

Nice job! We all apreciate the idea you came up with. I personally have accomplished a better task by posting this message on the loserboard then he accomplished in all his high and mighty coding.

Linux for the masses!

F U ...always playing catchup

In case you weren't listening..

[snoozebutton]

Thought this was appropriate..

"I've heard WinXP removed the cmd/command prompt."

No, Microsoft didn't remove the CMD.EXE or COMMAND.COM prompt from Windows XP. But Windows XP has reduced functionality, in many ways, not just in the command line. The command line is a big embarrassment because of its limited capabilities, but at least in Win 95 it worked. With every version since then it has worked less well. (There are two kinds of command prompt, and, according to Microsoft employees, the differences between them are not documented.)

The command line prompt sometimes begins to display short file names. Microsoft employees say that Microsoft has no fix, although someone not connected with Microsoft did make a work-around.

Cutting and pasting into a command line program often puts successive extra spaces before each line. Microsoft employees say that there is no plan to fix this.

The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this.

When using the command line interface, Windows XP doesn't always update the time. After several hours, the time reported to command line programs can be several hours in error.

There is a DOS program called START.EXE that can be used to start other programs. But it does operate the same way as in other versions of Windows. It starts a program, but cannot be made to return control to the command line program as previous versions did. There is no technical reason for this; it is just one of the shortcomings that are allowed to exist.

People often say that DOS has gone away. But Microsoft still calls the command line interface DOS, and in Windows XP Microsoft has added new programs for configuring the OS that work only under DOS.

Sometimes when you press a key while using Windows XP, it is seconds until there is any response. Apparently there is something wrong with the CPU scheduler in XP, because there are a lot of complaints about this in the forums and MS people have said that they are working on it. On one particular fresh installation of XP, on an Intel motherboard with either a Matrox G550 or an ATI Radeon video adapter, it requires 18 seconds to display a directory listing of 94 items. This is apparently related to a bug in the video software, not the adapter drivers.

Something is wrong with the Alt-Tab display of running programs under Windows XP. If there are a lot of programs, not all of them are displayed. The order jumps around in a seemingly random way.

Although articles often say negative things about Microsoft, I've never seen an article that fully documents how bad the situation really is. Microsoft's management is so bad that the company has become self-destructive. For example, Windows XP is spyware. Here is a list of ways Windows XP connects to Microsoft's servers:

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

These are just the ones I know. There may be others.

So, if you use Windows XP, your computer is dependent on Microsoft computers. That's bad, not only because you lose control over your possession, but because Microsoft produces buggy software and doesn't patch bugs quickly. For example, as of July 7, 2002, there are 18 unpatched security holes in Microsoft Internet Explorer. This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them. Since the bugs are very public and Microsoft has the money, it seems reasonable to suppose that top management at Microsoft has deliberately decided that the bugs should remain, at least for now.

It seems possible that there is a connection between all the bugs and the U.S. government's friendly treatment of Microsoft's law-breaking . The U.S. government's CIA and FBI and NSA departments spy on the entire world, and unpatched vulnerabilities in Microsoft software help spies.

Windows XP, and all current Windows operating systems, have a file called the registry in which configuration information is written. If this one (large, often fragmented) file becomes corrupted, the only way of recovering may be to re-format the hard drive, re-install the operating system, and then re-install and re-configure all the applications. The registry file is a single, very vulnerable, point of failure. Microsoft apparently designed it this way to provide copy protection. Since most entries in the registry are poorly documented or not documented, the registry effectively prevents control by the user.

Note that Microsoft does not support making functional complete backups under Windows XP. Look at Microsoft's policy about this: Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation . Only those who work with Microsoft software will understand the true meaning of Microsoft's policy. Since almost all programs use the registry operating system file, if you cannot make a functional copy of the operating system you cannot make a functional copy of all your application installations and configurations. There are other software companies that try to fix this, but they don't work well, and Microsoft can, of course, break their implementations, as they have often done with other kinds of competitors.

Because the configuration information for the motherboard and the configuration information for the are mixed together in the registry file, the registry tends to prevent you from moving a hard drive to a computer with a different motherboard. That's another implication of the above Microsoft policy. So, if you have a motherboard failure, and a good complete backup, you may not be able to recover unless you have a spare computer with the same motherboard.

Note that Windows XP Professional can support only ten simultaneous incoming network connections. If you want more than that, you must use Windows 2000 server, and pay much, much more. (There is no Windows XP server yet.) Many businesses have very light network traffic; they just move files from staff member to staff member; they really don't need a dedicated server computer. The staff computers could easily handle the load except for this artificial limitation.

Apparently because the Windows XP GUI comes from Windows 98, Windows XP has the same problem with desktop icons that Windows 98 has. The icons sometimes flicker. Sometimes they move themselves around, particularly after the user switches monitor resolutions. Also, sometimes the taskbar settings un-configure themselves, as they do in Windows 98.

Only technically knowledgeable people know how to avoid signing up for a Microsoft Passport account during initial use of Windows XP. The name Passport gives an indication of Microsoft's thinking. A passport is a document issued by a sovereign nation. Without it, the nation's citizens cannot travel, and, if they leave, won't be allowed back in their own country. In Microsoft's corporate thinking, the company seems to be moving in the direction of believing that they own the user's computer. Most people are both honest and intimidated. Apparently about 95% do whatever they are asked on the screen. They give their personal information to Microsoft. They don't realize that, if they feel forced to get a Passport account, they should enter almost completely fictitious information, since the real question is not "What is your name and address", but "Can we invade your privacy". The honest answer to this is "No, you cannot invade my privacy", and the only effective way to communicate that is to give completely fictitious information. Since it is the educated people who have computers, Microsoft is building a database of the personal lives of educated people. Microsoft knows when they connect and from what IP address (which tends to show the area), what kind of help they ask, and information about what they are doing with their computers, including what music they like. It is not known, and there is no way to know, how much Microsoft or other organizations make use of this information, or their plans for future use.

Not only has Windows XP definitely gone further in the direction of allowing the user less control over his or her own machine, but with Palladium, Microsoft apparently intends to finish the job: Microsoft will have ultimate control over the user's computer and therefore all his or her data. Even now, under Windows XP, a recent security patch requires that the user agree to a contract that gives Microsoft administrator privileges over the user's computer . The contract says that if a user wants to patch his or her system against a bug which would allow an attack over the Internet, he or she must give Microsoft legal control over the computer. See this article also: Microsoft's Digital Rights Management-- A Little Deeper . You may need to be a lawyer to take apart the crucial sentence. "These security related updates may disable your ability to copy and/or play Secure Content and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that the term "security related updates" is meaningless to the user because the updates have no relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without notice and whenever it wants. That kind of sentence is known in psychology as "testing the limits". If there is no strong public complaint about this, expect to see more and stronger language like this.

This Register article shows the direction Microsoft is going: MS Palladium protects IT vendors, not you . Absolute power corrupts absolutely, and Microsoft is well down that road. See this ZDNet article, also: MS: Why we can't trust your 'trustworthy' OS .

Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to apologize for using Microsoft software. The correct solution to abuse is persuading the abuser to stop being abusive. Once I posted to a Slashdot story a link to an article on a web site of mine. By far the majority of visitors from the Slashdot story used Microsoft operating systems. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken to prevent the abuse. If you are against Microsoft abuse, you are not against Microsoft; you are more pro-Microsoft than Bill Gates.

These Microsoft policies mean that any government which wants to be independent of the United States government, and any government which represents itself as controlled by the people, cannot use Microsoft operating systems, or other Microsoft proprietary systems.

Re:In case you weren't listening..

[Ilgaz]

note that, "run dll as an app" is used widely by Spyware companies... Since it has given access already.

Re:In case you weren't listening..

[Entropix]

It seems that your computer is obviously the one with the problems. First of all, alt-tab is always the same, the last item you selected on alt-tab moves up to the front, they don't "jump around in a seemingly random way." Also, I hope you realize Windows XP is based off the same core as Windows NT/2000 not 9x. Many of your other claims are also incorrect. You say that START.EXE doesn't return control to the prompt. Just try "start calc." Finally, as to the extra spaces put in when you copy-paste into a window. First, that happens in 98 too. Second, it's because of the text, not Microsoft. To verify this, type a couple of lines with a letter each on notepad, and copy that and paste it into EDIT in a command box. No spaces to the left... - Entropix

+++ATH0

[Erpo]

ATDT18004693288

take a deep breath....

[DarkStar-63017]

I never post to slashdot, but I love to read along. After reading this, I had to say something. I only tested 3 or 4 of your claims on my Windows XP box, and found them all to be untrue. Many of the claims sound completely untrue based on my experience with XP. I'm not saying that problems don't exist, but you seem way over the top. Testing your copy paste claim in a dos window only takes a second. I'm amazed that whomever rated this note neglected to verify its validity also.

On a similar vein...

[Alien+Conspiracy]

I recall once trying some obscure open-source dial-up package (can't remember the name I'm afraid) which for some reason had the (unconfigured) default phone number as 99999...

Now, 999 is the UK equivalent of 911.

Just typing the command caused it to dial...

Re:Can't be true, but..

[hplasm]

Wouldn't it be better to forward the e-mail to Micro$oft instead...

A greengrocing we shall go

[mccalli]

Everytime the phone rings my hair still stands up on end because i'm afraid of yet another person saying, "Hey toq just wanted to ask you a quick question!"

At parties, every so often I say I'm a greengrocer. Trust me - people are much more interested in it than with the answer "I'm in computers", and you also don't risk the dreaded "yeah, I've got a problem with my computer. I just can't get it to...<insert MS Word function here>".

Cheers,

Why isn't MSNBC reporting?

[eples]

Why isn't MSNBC reporting anything about it? They usually jump at the chance to prove they are unbiased even though (MSNBC is a joint venture between Microsoft and NBC)...

There's no fix for this.

[macdaddy357]

Educating the public won't fix this. Only Red-Ass Baboons with VCRs flashing 12:00 use WebTV. A bios flash won't work. Again, that's to complicated for the RABs. All WebTV baxes need to be smashed into bits. Maybe RABs can be convinced to do that.

Two Others

[virg_mattes]

There are two others with three digits. 411 is directory assistance. 611 is the number to call for phone system problems (you figure out the logic in that one...).

So, the creator of this prank could tie up lines that someone needs it for a real, life-threatening emergency, instead of playing a funny prank. I hope they nail his/her ass to the wall.

Virg

Re:Two Others

[mitheral]

Phone system problems aren't always as severe as no connection or no dial tone. And you don't have to use the problem phone to call 611.

Re:Two Others

There's also 211, which on some phone systems will shut the line down for 2-10 minutes. Why? I don't know, but learning is fun......

Just unplug the damn thing

[swe]

Wouldn't the first line of defence be to unplug the thing from the phone socket?

Re:911? What about 411?

[Fishstick]

yeah, but 411 would have cost the webtv owners money because phone companies typically charge a $0.35 surcharge for DA calls?
</tongueincheek>

Due Diligence

[virg_mattes]

Consider this: this exploit has been around for more than a decade. Also, not all modems are affected by this. Also, it's fairly easy to fix this hole in the modem's init string, so even if you have affected hardware it's a simple fix to disable the escape sequence.

Now, considering these three points, and most strongly the first, the case can easily be made that due diligence was not used. I have little difficulty believing that somebody working on this project in Redmond ran a BBS at some point in the past (BBS operators know about this because schmucks would knock your board out all the time if you didn't compensate for it). Therefore, it was either willfully ignored for some reason, or nobody tested it who was qualified to test systems that use modems to communicate.

In either case, they're at fault.

Virg

Probable cause?

If a criminal by some coincidence owned one of these webTV boxes, could he/she possibly expose themself to a probable cause search? In other words, if I killed a person and the five-o were too lazy to get a search warrant, (and somehow knew I had a exploitable modem) couldn't someone from an outside source have the box dial in and make the call to 911 so the poilce now have a reason to enter my house?

Offtopic Name

[virg_mattes]

Sollt Ihre name nicht "gutentag" sein? Was bedeudet "guttentag"?

Virg

Closed Inforamtion

[virg_mattes]

The article is very short on details, but if it is what it seems to be, it's just an old modem exploit, not hacked code. The idea is to send a ping with "+++ATH0" and then a modem command to dial 911 in the ping data. When the system responds to the ping, it sends back the data (including the escape string). Since the outgoing data goes over a dialup link, the return ping gets handed to the modem, and the modem sees the +++ATH0 in the data stream as an escape sequence/command sequence and responds by doing what it's told (in this case, hanging up and dialing 911).

It's bad, both to do such a hack (tying up 911 is very bad) and to have a modem that's not init'ed to prevent it, but it's not really a code hack.

Virg

Not that SlashDot is going to mod this up...

As of TUESDAY NIGHT Microsoft issued a patch against this.

Turns out it's NOT a virus, it DOESN'T propogate.

Where's the love?

Another one bites the dust!

Yea what about that classic tune?