Slashdot Mirror

← Back to Stories (view on slashdot.org)

HomeSec Warns Again About Microsoft's Insecurity

Posted by michael on from the repatch-and-sin-no-more dept.

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

23 of 497 comments (clear)

  1. Microsoft really did it this time.. by Tirel · · Score: 5, Interesting

    This is turning out to be a huge problem, we got the exploit a bit *cough*early*cough* and by simply joining a channel on IRC you get a handful of IPs, of which at least a few are exploitable. And then they wonder why there are a thousands of ddos zombie machines running windows!

    But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

  2. How long? by Voltas · · Score: 5, Funny

    2 years / millions of dollars and the Home Land Security people tell me that people like to attack Microsoft Products.

    I'm glad I pay all those taxs!

    --
    -- Disclaimer: I can't really back up anything I post on /. --
    1. Re:How long? by Jonsey · · Score: 5, Funny

      I'm glad I pay all those taxs!

      And I'm glad our "edjacashun" budget keeps rising to make the US more smarterer.

      --
      I assert that my comment is only my opinion, not that of any employer, past, present or future.
  3. Pretty Bad by the.jedi · · Score: 5, Insightful

    My friend works at MIT's network security.
    From wednesday to thursday they're compromise rate
    went from 3 computers an hour to 30.
    Right now they're just blocking the RPC port
    but the routers are starting to take some heavy
    traffic. Looks like this one is going to be pretty
    bad.

    --
    ThunderBird. Nuff said.
    1. Re:Pretty Bad by tarquin_fim_bim · · Score: 5, Funny

      "Which port is it that you need to block?"

      To make windows secure?

      All of them.

    2. Re:Pretty Bad by pascalb3 · · Score: 5, Informative

      Check out CERT, a good site for this stuff. Here's their warning (more info than DHS). A list of what they have to block:
      135/TCP
      135/UDP
      139/TCP
      139/UDP
      445/TC P
      445/UDP

      Also, it appears 4444 is being used,

      Security Focus's incidentmailing list is also enlightening. And for good measure, a posting on the ineffectiveness one of MS's patch (as of 29 Jul).

  4. Ugh. by JohnGrahamCumming · · Score: 5, Funny

    Could we not go around referring to The Department of Homeland Security as HomeSec? The last thing we need is /. popularizing a cool sounding name for this behemoth.

    If we need to refer to it then use the initial letters of its name... DoHs.

    Somehow appropriate when they put out warnings like the last one.

    John.

  5. The Department of Homeland Security? by Wacky_Wookie · · Score: 5, Insightful

    Sounds more like The Department of Homeland in-security :)

    Joking aside I find the US media's "fear hyping" to be outrageous.

    "It could happen to you" Is a major catch phrase for the US media, and they are not talking about winning the lottery.

  6. windows at the office?? by chef_raekwon · · Score: 5, Interesting

    i could have sworn that 2 weeks ago, here on this very same slashdot....there was a story about HomeLand Security securing a very large purchase from Microsoft....aka 100 million, or some outrageous number like that..

    isn't this a bit irresponsible of them, now that they are declaring Windows a vulnerability?

    --
    We're like rats, in some experiment! -- George Costanza
  7. Hilarious! by Wilersh · · Score: 5, Funny

    Microsoft is now officially a threat to Homeland Security. Maybe George should drop some bombs on Redmond! We know where they are and they keep putting out a product that threatens our security. Oh wait, the government saw fit to give them a slap on the wrist and turn around and contracted even more unsafe software from them. They'll undoubtedly be mentioned in future hindsight publications from congress but on blanked out pages for national security reasons. That's what we do for "friends".

    Ugh.

    Wilersh

  8. Color scale? by Elendil · · Score: 5, Funny

    On the DHS alert color code, blue means "guarded", just one notch lower than the alert level the USA have been living in for the last few months (with occasional orange flares). Should this color be reconsidered in sight of the well known Blue Screen of Death?

  9. Switch campaign kick-off by SgtChaireBourne · · Score: 5, Insightful
    One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.
    A second interesting thing is why just this particular bug is getting the publicity. There's been no shortage of remote exploits for that product line, old or new, this year. Is it part of the new marketing campaign that's just kicking in?

    Along those lines, since most of the design flaws are downplayed for weeks/months/years after exploits are found. Apple, RedHat and SuSe have a good lead time to prepare switch campaigns.

    I'm sure a dollar value can be put on the peace of mind and increase productivity that goes with moving to a better workstation platform.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  10. Re:How big a threat is this? by tlovie · · Score: 5, Interesting

    I'm not sure if Windows98/se is vulnerable since microsoft's knowledge base specifically states that Windows ME is not vulnerable. The vulnerability is based on a buffer overflow of the RPC service. Does windows 95/98 even offer the RPC service?

  11. Govt should use its own OS. by sniggly · · Score: 5, Insightful

    It's time the government started to realize its own linux version has been developed to preclude vulnerabilities such as these that are caused mostly by sloppy programming.

    --
    Of those to whom much is given, much is required.
  12. Well engineered worms by Catskul · · Score: 5, Insightful
    I think it is going to be worse if someone actually has an objective (ie terrorists) because all of the worms I have heard of have been fairly poorly engineered.

    A well engineered worm would:

    Work on many different system.

    Use more than one security flaw. (spread by email, + kazaa, + IE hole, + sendmail hole)

    Patch that flaw once compromised, and open a separate hole

    Have at least different attack modes (slow and quiet and local sub nets, fast and hard and whole internet)

    Build up to critical mass before initiating fast attack mode.

    Attempt to hide itself from scans. (maybe randomly stop functioning for a while to offer false sense of security)

    Adjust its fingerprint so that it isn't simple to find computers which have the worm (use different ports, different protocols, send some different data when filling buffers etc)

    Offer a payload that makes patching difficult, goes after security websites that often offer patches, targets financial institutions, etc.

    Patch other programs on the system, back to previous insecure versions.

    And that's just off the top of my head. If someone really is sitting down and thinking about this, Im sure they could come up with much more dangerous specifications.

    I think someone should be writing a competing worm that patches all vulnerable systems, just in case this breaks out in to a chrisis.

    --

    Im not here now... Im out KILLING pepperoni
    1. Re:Well engineered worms by WhiteWolf666 · · Score: 5, Insightful

      Or, maybe, create a set of worms

      IANAWC (I am not a worm creator), but, you could have all kinds of worms running around. One that attacked on a large scale, seeking to infect as many systems as possible. Then it would download extra components as needed, but otherwise sit dormant, awaiting the final component. One that sought out unpatched, vulernable, Windows 2000/XP boxes, to use as a permanent base of operations (This one could be BIG). One that sought out infected systems, and modified the worm continuously, to confuse scanners. Any maybe, you could even have the dang things self-destruct? I don't know much about this, but you can setup applications on a Windows 2000/XP box that won't run until the next realmode boot, right? If it installs itself as a system file, scanners won't be able to remove it unless they run before the system is fully booted up. But if your worm runs the next time pre-bootup system maintenance is scheduled, and runs before any other task, you could have it eat the harddrive.

      If one were to prepare this sort of thing ahead of time, and released the worms one by one, most of the security community wouldn't anticipate the attack. Especially if they were all encrypted, and you released them in a quick enough period such that it would not be obviously that they were working together until after the fact.

      The other thing I wonder is why worms haven't targeted the infrastructure of weak networks. Like that worm that was discovered on the comcast dns servers. If somewhere were to create something that attacked the Windows 2000/XP (or any other operating system, but Windows seems like it would be the most vulnerable) TCP/IP stack, and only attacked systems behind vulnerable routers, and then utilized the hacked TCP/IP stack and hacked routers to hide all of the traffic, it would be extremely hard for anyone to tell what had happened, right?

      Of course, all of the things I have just said won't work, as I've described them. My knowledge of this topic is just too limited to really make much sense, but my point is I don't think we have seen a coordinated effort to run multiple, smaller worms in concert. This way you can spread a rapid, smaller infection, and use it to pave the way for a much more deadly, and harder to remove infection.

      --
      WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  13. HomeSec. Ingsoc. MiniPax. Double-plus good. by thelandp · · Score: 5, Funny
    The name "HomeSec" reminds me of a few similar terms from George Orwell's important (and never more appropriate) book, 1984.

    Most government departments actually are designed to achieve the opposite of their names. For example, the "Department of Homeland Security" is in fact designed to control the level of insecurity that people feel. Likewise, the ministry of defence is really about offence, and in 1984 the Ministry of Information is about disinformation and so on.

    In the book, the language was controlled to the point of creating new terms like IngSoc, MiniPax (ministry of peace, really designed to perpetuate war), and Double-plus good.

    The whole point here is to justify the actions of the government. Because it becomes alot easier to justify removing civil rights when there is the perceived threat of some common enemy.

    --

    -- the only thing we have to fear is really scary things
  14. No patch for Win98/SE? by shunnicutt · · Score: 5, Funny

    This suggests a new marketing slogan:

    "If you don't upgrade to Windows XP, then the terrorists have already won!"

  15. Re:How big a threat is this? by saskwach · · Score: 5, Informative

    Someone did their reporting wrong. The huge gaping flaw that was announced recently pertained only to computers with the NT kernel (WinNT, Win2000, WinServ2003, WinXP). This vulnerability does NOT affect 98/98SE/ME/95/3.1/whathaveyou.

  16. Linux Users? by Chibi+Merrow · · Score: 5, Informative

    I'm a tech on a Windows network for the local government here and we immediately disable Automatic updates on machines now. Lord knows it's not because we're Linux users (I'm the only one) but because the updates all too often BREAK things that were already working.

    --
    Maxim: People cannot follow directions.
    Increases in truth directly with the length of time spent explaining them
  17. Re:Again.. by White+Roses · · Score: 5, Funny
    RPC port open to the word? Why?!

    So it can be saved and get into heaven. Oh, you mean world.

    --
    Do not touch -Willie
  18. Security by atcurtis · · Score: 5, Funny

    To make your computer truely secure, follow these simple steps:

    1. Get a decent firewall
    2. Configure it to deny everything except the ports you really need.
    3. Unplug any conputer with really sensitive data from the network
    4. In fact, unplug it from the wall power socket
    5. Heck with it, it's still vulnerable from someone at the console - encase it in concrete
    6. Cover the concrete block with copper sheeting to prevent against Echelon
    7. Cover it with lead plate just to be safe from X-Rays.
    8. Put it on a back of a trailer and tow it into a deep mine shaft. Salt mines go pretty deep.
    9. More concrete please!
    10. Use a tactical device to ensure that access to the bottom of the mine is difficult.

    Should be truely secure... But for the overtly paranoid, concider dropping the planet into your local black hole. Please note that there may be information leakage as any entropy is represented on the black hole's event horizon.

    Not practical... But fun.

    --
    -- The universe began. Life started on a billion worlds...
    -- Except on one where stupidity was there first.
  19. Port blocking by Gothmolly · · Score: 5, Insightful

    Is it me (insert tinfoil hat joke), or is anyone else disturbed by the increasing tendency of ISPs and vendors to say 'just block port xxx' on your network connection, as a response to problems? Is this one more step on the road of converting the Internet to simply an MSN-ified WWW? Where does the small, independent content creator turn as more and more barriers to market entry are enacted, either by FUDding ISPs, lobbying Congress, and blatant stupidity?

    --
    I want to delete my account but Slashdot doesn't allow it.