HomeSec Warns Again About Microsoft's Insecurity

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

How long?

[Voltas]

2 years / millions of dollars and the Home Land Security people tell me that people like to attack Microsoft Products.

I'm glad I pay all those taxs!

Re:How long?

[Jonsey]

I'm glad I pay all those taxs!

And I'm glad our "edjacashun" budget keeps rising to make the US more smarterer.

Now if we can get them to arrest

[MECC]

If ew can get them to arrest the board of MS directors, in cluding BIll Gates, and treat them as POWs, that would help things considerably.

Re:Now if we can get them to arrest

[Zemran]

The whole Microsoft staff end up in Gauntanamo bay without trail or legal representation :) Seems fair to me...

Ugh.

[JohnGrahamCumming]

Could we not go around referring to The Department of Homeland Security as HomeSec? The last thing we need is /. popularizing a cool sounding name for this behemoth.

If we need to refer to it then use the initial letters of its name... DoHs.

Somehow appropriate when they put out warnings like the last one.

John.

Re:Ugh.

[glwtta]

I just tend to call it MiniPax - is that better?

Re:Ugh.

[chrisgeisel]

I prefer "Ministry of Love". We are at war with drugs err, al queda err, iraq err, gay marriage. We have always been at war with gay marriage.

They should know!

[jocknerd]

After all, they're giving Microsoft $90 million to run their computers.

Godwin's Law! Godwin's Law!

Worst Thread Ever. (TM)

Hilarious!

[Wilersh]

Microsoft is now officially a threat to Homeland Security. Maybe George should drop some bombs on Redmond! We know where they are and they keep putting out a product that threatens our security. Oh wait, the government saw fit to give them a slap on the wrist and turn around and contracted even more unsafe software from them. They'll undoubtedly be mentioned in future hindsight publications from congress but on blanked out pages for national security reasons. That's what we do for "friends".

Ugh.

Wilersh

Re:Hilarious!

[kinnell]

Maybe George should drop some bombs on Redmond

...or maybe he should summon the giant penguin of the apocalypse.

Color scale?

[Elendil]

On the DHS alert color code, blue means "guarded", just one notch lower than the alert level the USA have been living in for the last few months (with occasional orange flares). Should this color be reconsidered in sight of the well known Blue Screen of Death?

Why are they even working on this?

[slusich]

Shouldn't the Department of Fatherland Security be working to eliminate terrorists and Democrats instead of pointing out the obvious?

Re:Why are they even working on this?

[admbws]

Can't you see??? If they don't tell anyone about these vulnerabilities, "terrorists" will take advantage of them and kill hundreds of thousands of people! What if "terrorists" hacked into the Win98 computer controlling one of the many Nuclear Reactors based in the United States? Can you imagine the havoc that could cause?!?!

Re:How big a threat is this?

[rde]

windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.#

So upgrade to Windows XP, or the 73rr0r1575 \/\/1ll win.

Re:Pretty Bad

[tarquin_fim_bim]

"Which port is it that you need to block?"

To make windows secure?

All of them.

Re:How big a threat is this?

[mjmalone]

ah, I can see it now.

You are either with US, or you are with the TERRORISTS. We want YOU to upgrade to Windows XP!

Contract?

[WPIDalamar]

Didn't the department of homeland injustices sign a big fat contract with MS to provide a bunch of software a little while ago? Wouldn't announcing this be againse the EULA of microsoft products or something =)

HomeSec. Ingsoc. MiniPax. Double-plus good.

[thelandp]

The name "HomeSec" reminds me of a few similar terms from George Orwell's important (and never more appropriate) book, 1984.

Most government departments actually are designed to achieve the opposite of their names. For example, the "Department of Homeland Security" is in fact designed to control the level of insecurity that people feel. Likewise, the ministry of defence is really about offence, and in 1984 the Ministry of Information is about disinformation and so on.

In the book, the language was controlled to the point of creating new terms like IngSoc, MiniPax (ministry of peace, really designed to perpetuate war), and Double-plus good.

The whole point here is to justify the actions of the government. Because it becomes alot easier to justify removing civil rights when there is the perceived threat of some common enemy.

the patch is really a trojan (funny)

[number6x]

The patch from MS is really a trojan!

Go to this link to learn more!

security through obscurity

[BigBir3d]

I guess that is why our IT Department doesn't want to update the desktops beyond Windows 98. "Hackers target the newest OS" is what he said. Apparently system stability is not a high concern :(

No patch for Win98/SE?

[shunnicutt]

This suggests a new marketing slogan:

"If you don't upgrade to Windows XP, then the terrorists have already won!"

That's not true

[TheConfusedOne]

"Which port is it that you need to block?"

To make windows secure?

All of them.

You only have to block the port where the power cord goes into the computer. :-D

Can I suggest some newspeak

[Rogerborg]

Instead of saying open source versus closed source, how about we just start saying open source versus untrustable? That might help to chivvy things along.

d'oh

[saskwach]

And the Code Red/Nimda spam was just starting to not fill the majority of my apache logs...grumble

WoMD?

[vgaphil]

Windows of Mass Destruction?

Re:how long has the patch been available?

[Rogerborg]

Jeez, you Microserf zealots are getting irrational and touchy. Back off man, that's our shtick. ;-P

Re:Well engineered worms

...Or, maybe, create a set of worms...

if a set of geese is a gaggle,
a set of whales is a pod,
a set of cows is a hurd,
is a set of worms a can ?

...Or, maybe, open a can of worms...

HA! I Crack my self UP!

Re:Again..

[White+Roses]

RPC port open to the word? Why?!

So it can be saved and get into heaven. Oh, you mean world.

To be really exact...

[Shenkerian]

or the HIV virus if you want to be exact

Actually, to be really exact, it's just HIV. The 'V' is for virus.

I bet you enter your PIN number at ATM machines, too.

Security

[atcurtis]

To make your computer truely secure, follow these simple steps:

1. Get a decent firewall
   
2. Configure it to deny everything except the ports you really need.
   
3. Unplug any conputer with really sensitive data from the network
   
4. In fact, unplug it from the wall power socket
   
5. Heck with it, it's still vulnerable from someone at the console - encase it in concrete
   
6. Cover the concrete block with copper sheeting to prevent against Echelon
   
7. Cover it with lead plate just to be safe from X-Rays.
   
8. Put it on a back of a trailer and tow it into a deep mine shaft. Salt mines go pretty deep.
   
9. More concrete please!
   
10. Use a tactical device to ensure that access to the bottom of the mine is difficult.
    

Should be truely secure... But for the overtly paranoid, concider dropping the planet into your local black hole. Please note that there may be information leakage as any entropy is represented on the black hole's event horizon.

Not practical... But fun.

Re:Well engineered worms

[chef_raekwon]

...the mother of all conspiracy theories....

i wonder if you watched a helluva lot of star trek when you were a kid....(or maybe Bill Nye the Science Guy, you really seem to like worms.)

(this is meant as a joke for all you moderators...im not trolling, atleast not here)

It's all right

[Rogerborg]

"Based on this notification, no change to the Homeland Security Advisory System (HSAS) is anticipated; the current HSAS level is YELLOW."

Hasn't it been yellow for like ever? I think they just can't figure out how to change the bulb.

Slightly more seriously, are we all comfortable with the idea that the Vaterland Security Advisory System is now here to stay, and that it's now featured in contexts where the words "external" or "terrorists" don't appear? That Homeland Security bulletins, much like the "troops killed in Iraq" daily scorecard, are now routine routine occurances?

I've just had a kid. When he starts asking what the HSAS is, what do I tell him? "We're at War, junior. We've always been at War. Terrorists, drug barons, organized criminals, religious extremists, crackers, hackers, commies, arabs, they're all out to get us, and it's important to know just how scared the government wants us to be that we're going to die today."

Nice world he's going to grow up in.

THIS IS TOOOOOO RETARDED

[Bob+Abooey]

I JUST CAN'T TAKE IT ANY FRIGGIN MORE!!!

If you need to be secure then UNPLUG YOUR FUCKING NETWORK CARD AND TAKE YOUR DATA OFFLINE!!! And yes I know, even if it's offline someone can still get to your data by social engineering or physically breaking into your box and all that, but taking it offline (ie., off any public network) will make it much more secure. LET ME REPEAT THIS: IF YOUR BOX IS CONNECTED TO A PUBLIC NETWORK LIKE THE INTERNET THEN IT'S NOT SECURE. PERIOD.

And isn't it ironic that the department of homeland stupidity just announced they're spending a metric buttload on Microsoft software a few weeks ago, and now they come out to tell us about how insecure it all is?????

I give up, it's all just too retarded for me to deal with anymore...

Microsoft's Insecurity?

[Captain+Large+Face]

Perhaps all it needs is a big hug? I know we all call Microsoft a massive anti-competative tool of the Devil, but these comments do HURT.

DHS warns about windows.

[Mr_Icon]

DHS warns about Windows.
I see.
Did their solution involve duck tape and plastic sheeting?

(Though I must admit, after about 20 minutes the computers protected this way will be VERY secure. :))

The Net is safe from my computer

[frovingslosh]

I have right here a computer that is much more powerful that the million dollar plus CDC computer that provided services to my entire University when I went to school. It's more powerful than the 90 user time sharing system I was in charge of for another university. But the Internet is safe from having all of this potential computing power unleashed against it. Why? Because I hobble that dangerous computing power with Microsoft(R) brand software! Yes friends, that's right. No matter how powerful your computer is, you can rest assured that it can do little harm on the 'Net when it's running Microsoft(R) brand software, the software that not only opens security vulnerabilities but makes your system so slow that it just can't do much harm to the rest of the 'Net. And , as an added bonus, my Microsoft(R) software crashes frequently, so I reboot it often and just maybe that might eliminate or at least confuse some exploits. And when a world full of computers are crashing several times a day, it's just that much harder for exploits to find ones that are up long enough to exploit. And any exploit is likely to be minimally more inconvenient that running the Microsoft(R) software in the first place.

Don't unleash your powerful computer on the Internet. Tame it with Microsoft(R) brand software today.

Conputer???

[Evil-G]

Unplug any conputer with really sensitive data from the network

is a conputer one which is running windows?