There seems to be some discrepency here...
by
DataPath
·
· Score: 4, Interesting
From an AP article: "I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
Russ Cooper is a security expert for TruSecure Corp., based in Herndon, Va.
There seems to be some disagreement on the exploitability of this.
-- Inconceivable!
I sometimes wonder
by
sielwolf
·
· Score: 4, Interesting
If any of this does any good (outside of warning Windows admins). People who have used computers for twenty years still have no idea how these exploits and bugs work. They think that Kevin Mitnick can hack a computer with a telephone (ala Scanners) but don't think twice about double-clicking an email from "1337user@aol.com".
I sometimes think that education has been a problem, as all of these reports usually come with a verbose "what this does, what it doesn't, what you should do." So then I go on to think that it must be some sort of lethargy on the part of Joe End User. So then I think that a serious entrance learning curve would do the trick (i.e. stick every one on some old terminals).
But I think a threshold has been crossed. People now need to use computers. Colleges and businesses are going paperless, demanding a higher level of computer savvy... but all the while ignoring basic user compotence. Computer use is either "so simple a monkey could do it" or "impossible for anyone but geeks to understand". It's as if most users are satisfied to never understand how their "magic box" works.
This wouldn't bother me too much if it didn't seem that this same disease has seemingly infected a significant minority of admins out there (considering how ridiculously some of these viruses spread). Of course many of these seem to be (in my experience) non-CS academic types who "need" Unix workstations but are uninterested in protecting them.
-- What is music when you despise all sound?
Contradictions from the experts
by
dstone
·
· Score: 5, Interesting
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Windows Update not working?
by
mtcrowe
·
· Score: 5, Interesting
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..
From an AP article:
"I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs."
Russ Cooper is a security expert for TruSecure Corp., based in Herndon, Va.
There seems to be some disagreement on the exploitability of this.
Inconceivable!
If any of this does any good (outside of warning Windows admins). People who have used computers for twenty years still have no idea how these exploits and bugs work. They think that Kevin Mitnick can hack a computer with a telephone (ala Scanners) but don't think twice about double-clicking an email from "1337user@aol.com".
I sometimes think that education has been a problem, as all of these reports usually come with a verbose "what this does, what it doesn't, what you should do." So then I go on to think that it must be some sort of lethargy on the part of Joe End User. So then I think that a serious entrance learning curve would do the trick (i.e. stick every one on some old terminals).
But I think a threshold has been crossed. People now need to use computers. Colleges and businesses are going paperless, demanding a higher level of computer savvy... but all the while ignoring basic user compotence. Computer use is either "so simple a monkey could do it" or "impossible for anyone but geeks to understand". It's as if most users are satisfied to never understand how their "magic box" works.
This wouldn't bother me too much if it didn't seem that this same disease has seemingly infected a significant minority of admins out there (considering how ridiculously some of these viruses spread). Of course many of these seem to be (in my experience) non-CS academic types who "need" Unix workstations but are uninterested in protecting them.
What is music when you despise all sound?
Russ Cooper, moderator of the NTBugTraq security list and a security expert for TruSecure Corp., seems to be contradicting himself in two stories on the same day (or is being misquoted). Make of this what you will...
This story quotes Cooper: "I do expect that in the next seven to 10 days we're going to see a worldwide wave" of attacks, probably via an Internet worm, Cooper said Wednesday. "And it will be effective."
And this story quotes Cooper: ""I doubt we will see an attack based on this," Cooper said. "It's pretty unlikely any such exploit attempt will get legs.""
Has anyone tried to use Windows Update to grab this patch? I'm running WinXP at work and just tried to hit Windows Update to let it auto-magically determine which update(s) to send to me. However - it came back and said everything was already hunky dory, no patches available.
I checked www.microsoft.com/security and looked up the MS03-008 patch for XP. It had a Qfix number starting with 8. I then compared against the Qfixed installed in my add/remove programs listing and it wasn't there...
I'm wondering whether they forgot to include that patch on the WU site for WinXP users. Seems to me like that would be one of the most critical places to put it for all of the normal user-folk.
So, I manually downloaded and installed the "Js56en" patch on WinXP and it took.
As an aside - I was very concerned when MS announced the Windows Scripting Host functionality. My thinking at the time (and again now) is that they allow so many file types to be executed that there's just no way they can keep all of the bugs out of all of those interpreters. Figured it would just be a matter of time..