Slashdot Mirror

← Back to Stories (view on slashdot.org)

HomeSec Warns Again About Microsoft's Insecurity

Posted by michael on from the repatch-and-sin-no-more dept.

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

7 of 497 comments (clear)

  1. Pretty Bad by the.jedi · · Score: 5, Insightful

    My friend works at MIT's network security.
    From wednesday to thursday they're compromise rate
    went from 3 computers an hour to 30.
    Right now they're just blocking the RPC port
    but the routers are starting to take some heavy
    traffic. Looks like this one is going to be pretty
    bad.

    --
    ThunderBird. Nuff said.
  2. The Department of Homeland Security? by Wacky_Wookie · · Score: 5, Insightful

    Sounds more like The Department of Homeland in-security :)

    Joking aside I find the US media's "fear hyping" to be outrageous.

    "It could happen to you" Is a major catch phrase for the US media, and they are not talking about winning the lottery.

  3. Switch campaign kick-off by SgtChaireBourne · · Score: 5, Insightful
    One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.
    A second interesting thing is why just this particular bug is getting the publicity. There's been no shortage of remote exploits for that product line, old or new, this year. Is it part of the new marketing campaign that's just kicking in?

    Along those lines, since most of the design flaws are downplayed for weeks/months/years after exploits are found. Apple, RedHat and SuSe have a good lead time to prepare switch campaigns.

    I'm sure a dollar value can be put on the peace of mind and increase productivity that goes with moving to a better workstation platform.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  4. Govt should use its own OS. by sniggly · · Score: 5, Insightful

    It's time the government started to realize its own linux version has been developed to preclude vulnerabilities such as these that are caused mostly by sloppy programming.

    --
    Of those to whom much is given, much is required.
  5. Well engineered worms by Catskul · · Score: 5, Insightful
    I think it is going to be worse if someone actually has an objective (ie terrorists) because all of the worms I have heard of have been fairly poorly engineered.

    A well engineered worm would:

    Work on many different system.

    Use more than one security flaw. (spread by email, + kazaa, + IE hole, + sendmail hole)

    Patch that flaw once compromised, and open a separate hole

    Have at least different attack modes (slow and quiet and local sub nets, fast and hard and whole internet)

    Build up to critical mass before initiating fast attack mode.

    Attempt to hide itself from scans. (maybe randomly stop functioning for a while to offer false sense of security)

    Adjust its fingerprint so that it isn't simple to find computers which have the worm (use different ports, different protocols, send some different data when filling buffers etc)

    Offer a payload that makes patching difficult, goes after security websites that often offer patches, targets financial institutions, etc.

    Patch other programs on the system, back to previous insecure versions.

    And that's just off the top of my head. If someone really is sitting down and thinking about this, Im sure they could come up with much more dangerous specifications.

    I think someone should be writing a competing worm that patches all vulnerable systems, just in case this breaks out in to a chrisis.

    --

    Im not here now... Im out KILLING pepperoni
    1. Re:Well engineered worms by WhiteWolf666 · · Score: 5, Insightful

      Or, maybe, create a set of worms

      IANAWC (I am not a worm creator), but, you could have all kinds of worms running around. One that attacked on a large scale, seeking to infect as many systems as possible. Then it would download extra components as needed, but otherwise sit dormant, awaiting the final component. One that sought out unpatched, vulernable, Windows 2000/XP boxes, to use as a permanent base of operations (This one could be BIG). One that sought out infected systems, and modified the worm continuously, to confuse scanners. Any maybe, you could even have the dang things self-destruct? I don't know much about this, but you can setup applications on a Windows 2000/XP box that won't run until the next realmode boot, right? If it installs itself as a system file, scanners won't be able to remove it unless they run before the system is fully booted up. But if your worm runs the next time pre-bootup system maintenance is scheduled, and runs before any other task, you could have it eat the harddrive.

      If one were to prepare this sort of thing ahead of time, and released the worms one by one, most of the security community wouldn't anticipate the attack. Especially if they were all encrypted, and you released them in a quick enough period such that it would not be obviously that they were working together until after the fact.

      The other thing I wonder is why worms haven't targeted the infrastructure of weak networks. Like that worm that was discovered on the comcast dns servers. If somewhere were to create something that attacked the Windows 2000/XP (or any other operating system, but Windows seems like it would be the most vulnerable) TCP/IP stack, and only attacked systems behind vulnerable routers, and then utilized the hacked TCP/IP stack and hacked routers to hide all of the traffic, it would be extremely hard for anyone to tell what had happened, right?

      Of course, all of the things I have just said won't work, as I've described them. My knowledge of this topic is just too limited to really make much sense, but my point is I don't think we have seen a coordinated effort to run multiple, smaller worms in concert. This way you can spread a rapid, smaller infection, and use it to pave the way for a much more deadly, and harder to remove infection.

      --
      WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  6. Port blocking by Gothmolly · · Score: 5, Insightful

    Is it me (insert tinfoil hat joke), or is anyone else disturbed by the increasing tendency of ISPs and vendors to say 'just block port xxx' on your network connection, as a response to problems? Is this one more step on the road of converting the Internet to simply an MSN-ified WWW? Where does the small, independent content creator turn as more and more barriers to market entry are enacted, either by FUDding ISPs, lobbying Congress, and blatant stupidity?

    --
    I want to delete my account but Slashdot doesn't allow it.