Slashdot Mirror

← Back to Stories (view on slashdot.org)

HomeSec Warns Again About Microsoft's Insecurity

Posted by michael on from the repatch-and-sin-no-more dept.

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

6 of 497 comments (clear)

  1. Re:Color scale? by Troed · · Score: 0, Troll

    Due to the war in Iraq the risk has _increased_ since the US doesn't seem to understand that pissing 2/3 of the world off doesn't go unnoticed ..

    Oh, and you _have_ seen the news about all the links between Iraq and terrorism were void, and that basically everything you were told before the war was lies?

    --
    it's in my head
  2. Re:Well engineered worms by peccary · · Score: 0, Troll

    The fact that there are so few truly malicious worms has given me renewed faith in the basic goodness of human nature.

    The only other explanation is that malice and laziness are inextricably intertwined.

  3. Fight on. by TwistedSpring · · Score: 0, Troll

    As usual out come the Linux crowd to say "M$ si teh ghey use lunix!". My answer to this is that you use the OS that:

    Your staff are familiar with, to avoid re-training
    Is easilly patched against such flaws as this (the OS does it for you without you even knowing if you want, couldn't be more straightforward than that)
    Runs the legacy applications you have developed to run your organisation
    Runs commercial applications such as Sage and Office that have been developed to be the best and not shallow copies of such products that have been developed because the OS needs to compete

    The bottom line here is that jumping on the "hah! crappy RPC!" bandwaggon is probably a mistake. RPC is extremely handy, despite the fact that it may have a few security flaws, and it is not something that was really meant to be open across the Internet, it's more of a LAN thing. The fact that it can, if desired, be conveniently accessible over your external interface is really something sysadmins should decide about whether this should be allowed or not.

    Admittedly, most home users aren't system administrators, and I think Microsoft is probably failing (through obscurity and simplicity-of-install) to inform people using, for example, Windows XP, that they probably don't NEED to allow RPC over their dial-up adapter. I'm not sure if there's an option to disable it, but I think simply disabling "Client for Microsoft Networks" on your external/dial-up interface would do the trick. Since I use a gateway to access the net, I'm not even sure if CfMN is enabled on new dialup connections by default, but I seem to remember it isn't.

    With the amount of people running windows update (which is a gift from God now that it doesnt download updates for crap you don't even have) I'm not sure how much of a threat this will really be. It'll slam people who were arrogant enough to say "hah! windows update is a pile of filth and is insecure and if i use it MS will come knocking on my door asking about my pirated copy of their softwarez!!" but then they probably deserve to be slammed anyway.

    Use Windows for your office desktops, and Linux or some other UNIX variant for your servers. May I also point out that some Linux distros are so insecure on the default install that it beats all hell out of anything that Microsoft have done, for example some don't even set a root pass until the user does it manually.

  4. not funny. by twitter · · Score: 0, Troll
    Microsoft is now officially a threat to Homeland Security. ... We know where they are and they keep putting out a product that threatens our security.

    Oh yeah, don't forget about them selling Communist China their source code after swearing that releasing their source code would constitute a threat to national security. They not only comprimise US secutity, they do it willfully. That's called treason. Perjury or treason, take your pick, they are not the kind of people you should trust. Bobming is a bit heavy, but hanging might be too good for them.

    --

    Friends don't help friends install M$ junk.

  5. "Mr Gates, if you don't mind..." by Tactical+Skyrider · · Score: 0, Troll

    Here's another thought... the U.S. Dept of Homeland Security is backing this wholeheartedly -- what if this is really a ploy to get users of microsoft software to install a remote tracking patch designed by microsoft to send usage information to the DoHS? What if this patch to handle remote control security actually sends information to the government? or better yet, ALLOWS certain types of remote control BY the government?

    Surely I'm not the only one out there who's considering this possiblity...

    "Hello, Bill Gates?"

    "Uh, how did you get this number?"

    "This is the Dept of Defense. $500,000,000 is being wired to your account in exchange for launch of Operation MS Probe as previously agreed. We will expect patches online within the hour."

    "Swell! You can count on it!"

    --
    In Soviet Redmond, software programs you!
  6. Re:It's all right by sharkey · · Score: 0, Troll
    Hasn't it been yellow for like ever?

    France?

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.