Slashdot Mirror

← Back to Stories (view on slashdot.org)

HomeSec Warns Again About Microsoft's Insecurity

Posted by michael on from the repatch-and-sin-no-more dept.

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

13 of 497 comments (clear)

  1. GNAA EARLY POST SYSTEM by Anonymous Coward · · Score: -1, Troll
    GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
    gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

    Are you GAY ?
    Are you a NIGGER ?
    Are you a GAY NIGGER ?

    If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
    Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
    GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

    Why not? It's quick and easy - only 3 simple steps!

    First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it.

    Second, you need to succeed in posting a GNAA "first post" on slashdot.org, a popular "news for trolls" website

    Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
    Talk to one of the ops or any of the other members in the channel to sign up today!

    If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.isprime.com as one of the EFNet servers.
    If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.

    If you have mod points and would like to support GNAA, please moderate this post up.

    This post proudly brought to you by the GNAA president

    ________________________________________________
    | ______________________________________._a,____ |
    | _______a_._______a_______aj#0s_____aWY!400.___ |
    | __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ |
    | _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ |
    | _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ |
    | ________"#,___*@`__-N#____`___-!^_____________ |
    | _________#1__________?________________________ |
    | _________j1___________________________________ |
    | ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ |
    | ____!4yaa#l___________________________________ |
    | ______-"!^____________________________________ |
    ` _______________________________________________'

  2. Let the bashing begin by Anonymous Coward · · Score: -1, Troll

    50% of posts bashing Microsoft, the other 50% blaming stupid sysadmins who don't patch their servers. Next story please.

  3. Re:Homeland Security? Don't make me laugh... by pair-a-noyd · · Score: -1, Troll

    You are a retard.
    They are the STASI and the KGB..

    You are an immature child that knows not of what he speaks..

    Grow up, boy...

  4. Alanis, where are you? by harley_frog · · Score: -1, Troll
    The Office of Homeland Security is warning all Microsoft users of a security hole. Excuse me, but aren't they the some ones who chose to adopt M$ in the first place?

    Isn't it ironic, don't you think -- Alanis Morissette

    --
    It's all fun and games until someone loses the key to the handcuffs.
  5. Re:Ugh. by Anonymous Coward · · Score: -1, Troll

    Ha ha you're so funny. No wait, you're still an idiot. Yay you read 1984. What do you want, a cookie? Er, mod points? I guess you got them. If you want to be taken seriously though by intelligent people and not Slash-idiots then you might want to try dropping the name calling so you appear older than 12.

  6. Re:How big a threat is this? by Anonymous Coward · · Score: -1, Troll

    So hide your 98/98SE systems behind a firewall with the RPC ports closed.

    From the advisory...
    DHS and Microsoft further suggest that Internet Service Providers and network administrators consider blocking TCP and UDP ports 135, 139, and 445 for inbound connections unless absolutely needed for business or operational purposes.

    If you are running ANY MicroSoft OS naked to the Internet, you are a fool! Even the latest and greatest from MicroSoft have new vulnerabilities discovered weekly.

  7. Re:Color scale? by Troed · · Score: 0, Troll

    Due to the war in Iraq the risk has _increased_ since the US doesn't seem to understand that pissing 2/3 of the world off doesn't go unnoticed ..

    Oh, and you _have_ seen the news about all the links between Iraq and terrorism were void, and that basically everything you were told before the war was lies?

    --
    it's in my head
  8. All of this crap is pure HYSTERIA by jbottero · · Score: -1, Troll

    All of this crap is pure HYSTERIA generated to rally the sheep - I mean public... Looks like the suits in Washington are getting nervous that public interest in the "War on Terrorism" is starting to wane. Could it be because of the lack of any REAL threat?

  9. Re:Well engineered worms by peccary · · Score: 0, Troll

    The fact that there are so few truly malicious worms has given me renewed faith in the basic goodness of human nature.

    The only other explanation is that malice and laziness are inextricably intertwined.

  10. Fight on. by TwistedSpring · · Score: 0, Troll

    As usual out come the Linux crowd to say "M$ si teh ghey use lunix!". My answer to this is that you use the OS that:

    Your staff are familiar with, to avoid re-training
    Is easilly patched against such flaws as this (the OS does it for you without you even knowing if you want, couldn't be more straightforward than that)
    Runs the legacy applications you have developed to run your organisation
    Runs commercial applications such as Sage and Office that have been developed to be the best and not shallow copies of such products that have been developed because the OS needs to compete

    The bottom line here is that jumping on the "hah! crappy RPC!" bandwaggon is probably a mistake. RPC is extremely handy, despite the fact that it may have a few security flaws, and it is not something that was really meant to be open across the Internet, it's more of a LAN thing. The fact that it can, if desired, be conveniently accessible over your external interface is really something sysadmins should decide about whether this should be allowed or not.

    Admittedly, most home users aren't system administrators, and I think Microsoft is probably failing (through obscurity and simplicity-of-install) to inform people using, for example, Windows XP, that they probably don't NEED to allow RPC over their dial-up adapter. I'm not sure if there's an option to disable it, but I think simply disabling "Client for Microsoft Networks" on your external/dial-up interface would do the trick. Since I use a gateway to access the net, I'm not even sure if CfMN is enabled on new dialup connections by default, but I seem to remember it isn't.

    With the amount of people running windows update (which is a gift from God now that it doesnt download updates for crap you don't even have) I'm not sure how much of a threat this will really be. It'll slam people who were arrogant enough to say "hah! windows update is a pile of filth and is insecure and if i use it MS will come knocking on my door asking about my pirated copy of their softwarez!!" but then they probably deserve to be slammed anyway.

    Use Windows for your office desktops, and Linux or some other UNIX variant for your servers. May I also point out that some Linux distros are so insecure on the default install that it beats all hell out of anything that Microsoft have done, for example some don't even set a root pass until the user does it manually.

  11. not funny. by twitter · · Score: 0, Troll
    Microsoft is now officially a threat to Homeland Security. ... We know where they are and they keep putting out a product that threatens our security.

    Oh yeah, don't forget about them selling Communist China their source code after swearing that releasing their source code would constitute a threat to national security. They not only comprimise US secutity, they do it willfully. That's called treason. Perjury or treason, take your pick, they are not the kind of people you should trust. Bobming is a bit heavy, but hanging might be too good for them.

    --

    Friends don't help friends install M$ junk.

  12. "Mr Gates, if you don't mind..." by Tactical+Skyrider · · Score: 0, Troll

    Here's another thought... the U.S. Dept of Homeland Security is backing this wholeheartedly -- what if this is really a ploy to get users of microsoft software to install a remote tracking patch designed by microsoft to send usage information to the DoHS? What if this patch to handle remote control security actually sends information to the government? or better yet, ALLOWS certain types of remote control BY the government?

    Surely I'm not the only one out there who's considering this possiblity...

    "Hello, Bill Gates?"

    "Uh, how did you get this number?"

    "This is the Dept of Defense. $500,000,000 is being wired to your account in exchange for launch of Operation MS Probe as previously agreed. We will expect patches online within the hour."

    "Swell! You can count on it!"

    --
    In Soviet Redmond, software programs you!
  13. Re:It's all right by sharkey · · Score: 0, Troll
    Hasn't it been yellow for like ever?

    France?

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.