Slashdot Mirror
WindowsUpdate.com Secured, Permanently
Precisely nineteen months ago, Bill Gates sent out a
memo
to employees (and the press) announcing that security was Microsoft's
number-one priority.
Today, about a hundred readers have submitted the
news that Microsoft.com
went down last night.
And now, the company has
"extinguished" WindowsUpdate.com
(future updates will come from a
different domain).
All this because of some Microsoft worm that triggers at midnight. Related news:
Windows Update
says you're protected, but maybe you're not;
WU.com
briefly ran Linux, heh;
worm variant with clever "anatomical term."
Don't worry next week there will be another memo with the URL for the new update
It seems the power in one of the most populated areas of North America was out around the same time Micrsoft was making these fixes? Coincidence? I think not. For those of you in the power outage area, expect it to happen again tomorrow as the DoS is about to begin.
Microsoft should take a clue from User Friendly!
We (a 30,000 student Midwest University) are currently thinking about making our DNS servers authoritive for windowsupdate.com and and pointing the A record bac k to loopback.
Did they point windowsupdate.com to 127.0.0.1 ? I hope not, there was a mail on FD explaining that such an action would cause it to DOS the local network.. Also, wtf is up with the site running lunix?
always took you to http://windowsupdate.microsoft.com so whats the big deal about cancelling windowsupdate.com? do you think anyone will notice, or care for that matter?
Does the name Pavlov ring a bell?
but Microsoft was seen on Linux today also http://uptime.netcraft.com/up/graph/?host=www.micr osoft.com.
Quoth Billy G: "Linux sucks, it's worthless, not usable for real . . . What? A worm? Aaaiiiieee! Tux Save Me!!!"
---
Jedimom.com, that not-so-fresh feeling.
StrategyTalk.com, PC Game Forums
Wasn't this the subject of a famous memo about a year and a half ago, when they were spending 10 months doing nothing bug security? Good job guys. Interesting enough Scoble has some things to say about windows and security. Some good comments as well (both for and against). Of course, as he's an MS cheerleader you can't expect completely unbiased reporting.
This is kind of interesting: Microsoft's insecure Windows platforms is the breeding ground of massively distributed worms, which are designed to attack Microsoft's own servers (karma?)
While Microsoft thinks the "solution" is to move the target server, the real solution is to fix those gaping holes in their products.
Microsoft.com also pointed to a linux machine
... reminds me of the whole hotmail DNS thing a few years back (my favorite slashdot story ever):
...
jejeje
Merry christmas Microsoft, from the Linux comunity to you
Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
Change the update machines, new names, etc etc. MS is resorting to smoke and mirror tricks. It will only fool the current worms, not future ones that will have the new machine names in them.
Trolling is a art,
...all HTTP requests to WindowsUpdate.com will be directed to goatse.cx.
Some speculate that this will considerably improve Microsoft's customer service.
3D Printing Tips and Tricks at Zheng3.com
Yeah, the shortcut on the Start Menu does at well.
This isn't really a big deal, IMHO...
Xentax
You shouldn't verb words.
they just aren't aimed at that sort of market. they are aimed at selling as many boxes (ideally cd's without boxes) as possible. and that's what leads to the problems.
the os's aimed at smaller but more important markets (finance, health etc) have much safer software.
it's the fact that the majority of people run windows, with all the bugs it has, that causes the problems, especially now all those insecure systems are linked via the net.
the solution? who knows, but for a start the governments of the world should heavily fine ms each time a serious bug is found and/or exploited. and people should examine, and demand, better alternatives.
All I Want For Christmas Is My Constitutional Rights
...they publish the address of the new site and then someone else writes a virus that attacks that site. Instead of putting a band-aid on the problem why not just fix it? Just my opinion, SirLantos
The flying hamster of DOOM rains coconuts on your pitiful city.
From what I understand windowsupdate.com is the target URL of the latest worm (msblaster). Now that this URL is no longer functioning, is there any other way that this worm can cause problems for Microsoft's servers?
Was this the only action Microsoft could have taken to protect itself from the pending attacks? Was this some sort of last resort?
Any information about the new worm and how it is affected by this URL change is very much appreciated.
netcraft goes by IP, so if the MS servers went down, someone else running Linux got the IP, then it could show up on Netcraft. it's happened to me, where my dns would point to some ip, but then I move apartments, and my net is down for a week, and during that week, netcraft says that my system was running Win2K... but I haven't had Windows in my home at all for about a year.
but with MS, they probably were running Linux, and their IPs likely don't change like that. but you never know.
Why would they bother taking windowsupdate.com down, if they left windowsupdate.microsoft.com up. Do they know for certain that none of the bugs are setup to attack both?
That's just an Akamai cache engine, duh.
Take NetCraft stats with a Big Grain of Salt (big grains of salt, heh). If a site is "Akamized", as this one was, or is otherwise distributed, you'll see the OS of the front end, not what the site actually runs. You'll note that NetCraft lists "linux" for the Akamai site.
I like music
[rimshot]
Thanks folks, I'll be here all week!
Breathing is more important to us than any other activity. If we don't breathe, we will die.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
1) Disconnect box from all external cords
2) Encase box in several hundred cubic meters of concrete
3) Surround concrete with meter thick lead lining
4) Bury under radioactive waste in a geologically stable region
5) Saturate the surface with nuclear land mines
6) Curse MicrSoft, becase you still get hacked!
-- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
Went to check for updates today, just for the hell of it and the speed was a huge improvement over the old URL.
They're obviously worried that something is in the wild that is hard-coded to attack WindowsUpdate.com, else there would be no point in abandoning that domain and moving to another.
Where in any of those articles does it say that MS is taking down windowsupdate.com? It's always redirected me to windowsupdate.microsoft.com.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
Not a huge deal, since the official URL is windowsupdate.microsoft.com . The start menu, Tools in IE, and Windows Help all have that address. The worm author was kinda stupid, he should have pointed it to microsoft.com or windowsupdate.microsoft.com.
Username taken, please choose another one.
that gotta teach a lesson to those lousy worm writters. Changing domain name, who whold have thunk , microsoft would come up with such an ingeneous solution.
Take that you microsoft hackers, bet you are scratching your head now.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
So "Permanently Secured" now basically means "Permanently Offline"? Why didn't they just let the worm eat the domain? What's the difference, really? Whether they pull the plug, or the worm does it for them, it still means windowsupdate.com won't work...
"It's better to have a gun and not need it than need a gun and not have it." ~ Christian Slater, True Romance
They've given the windowsupdate.com site to Akamai to serve for them. Not a bad idea, actually, since Akamai has something like 15,000 webservers distributed around the world, to share the load.
Of course, it's extremely amusing that they're paying to have their content served by a flock of 15,000 penguins. I'm a bit concerned for our own site this weekend, as we use akamai for our static content. It'll be interesting to see how my pageloadtimes are affected (if they are).
Akamai is a great resource for dealing with huge spikes in webserver load - I guess you could say this qualifies as that.
Last night I finally went to go upgrade from Windows Media Player 6.4 to 9.0 so I can test out those high definition WMP9 videos for once. I couldn't figure out why microsoft.com wasn't loading but now I find out it was because of a DOS attack.
Now I'm thinking, was this intervention from a higher force to protect me from installing WMP9 or just odd luck?
----------
Check out my blackbox styles
That's a real strong word. We all know that PERMANENTLY is an impossibility.
You don't believe me, see if you can find an RFC for it!
do() || do_not();
OS: Linux
o m.edgesuite.net is an alias for a562.cd.akamai.net.
Server: Microsoft-IIS/6.0
Last changed: 15-Aug-2003
IP address: 213.161.82.33
Netblock Owner: Akamai
they did not switch their servers to linux, they used akamai's caching services to handle their massive bandwidth requirements. notice the server is still iis. this is an akamai box (linux) serving a cached copy of microsoft.com (windows/iis)
$ host www.microsoft.com
www.microsoft.com is an alias for www.microsoft.com.edgesuite.net.
www.microsoft.c
a562.cd.akamai.net has address 63.236.1.163
a562.cd.akamai.net has address 63.236.1.160
a562.cd.akamai.net has address 63.236.1.153
a562.cd.akamai.net has address 63.236.1.139
a562.cd.akamai.net has address 63.236.1.168
a562.cd.akamai.net has address 63.236.1.147
a562.cd.akamai.net has address 63.236.1.138
And who says that BSOD are so bad.
To see how much microsoft sues the person who wrote that worm, or if it's someone from a third world country, they might just take a nod to the US government and post a 25 million dollar dead or alive bounty.
Whoever it is is in A LOT of trouble now.
GoatPigSheep, the 3 most important food groups
You have to give it to the guy; his timing is impeccable...
It does take you to http://windowsupdate.microsoft.com. Got it from strings wupmgr.exe. So what the hell was windowsupdate.com for anyhow?
Just because netcraft is reporting www.microsoft.com running on Linux, it's unlikely that they ported IIS to it. What you're seeing is a Linux proxy; The webserver itself is still an IIS6 box running on Win32 behind Akamai's Ghost proxy/cache.
We all know that when Microsoft run UNIX, they run FreeBSD.
-- Jared Earle | "There is no spork"
the Army, or any large organization with a large install base of MS boxes, does not use SUS?
I started using it here about 6 months ago, it is the only way to go. I cannot imagine using Windows Update as an enterprise solution. One or two PCs at home sure, but SUS is free dammit.
A DOS attack has nothing to do with the OS of the server it is trying to block access to.
The DOS attack last night had nothing to do with the worm or any security flaw what so ever.
At least we know where the DDOS attack didn't come from: New York, Detroit, Cleveland, Toronto, et al.
Stop by my site where I write about ERP systems & more
A question ..
Assuming that all old windows systems are unsecure or badly written..
Would it not make sense to take 75% fo $45 billion and offere to replace hardware and update to winXp or longhorn to every MS custoemr worldwide?
It would be the PR stunt of the century..
Don't Tread on OpenSource
Do you think anyone will notice, or care for that matter?
... oh, wait, maybe they don't trust their own systems and sysadmins to be able to deal with it!
Well, isn't the last Microsoft virus supposed to "attack" windowsupdate.com tomorrow? That might be an explanation as to why they are changing this - they obviously don't trust their own users to keep their systems patched and/or behing firewalls
Don't try to fix me. I'm not broken.
Peon: "Bill, the XYZ worm will attack www.microsoft.com at mightnight!" BG: "Change the name of the company immediately! Do we know security or what?!" By 2010 they'll just be dropping network support from Windows.
LilMikey.com... I'll stop doing it when you sto
Will target windowsupdate.microsoft.com - what will they do then?
grisha.org
I predict (maybe this post will help a little :-( ) that the next iteration of the worm (or another one) will google up "windows update" and will attack the 3-5 bests results.
;-)
Let's see what happen then... Microsoft is going to pressure Google to remove www.google.com from their DNS Servers
That is the coolest job title. I'd have to negotiate a gold plated machette as a hiring bonus for a title like that. And anyone working for me would be officially titled a Hacking Minion!
NT
Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.
With yesterday's event, I'm thinking those aren't such good references anymore.
"We are preparing," said Stephen Toulouse, security program manager for Microsoft's security research center. "We are working diligently to make sure that our customers can get the patch."
We are doing anything and everything EXCEPT making sure that these Windows problems do not find their way to the user in the first place. That would cost too much, slow down the new releases of Windows (hey, it takes us years for new releases that are nuthin' but eye-candy, you wouldn't want us to find bugs, too?), and generally just hurt our bottom line. Can't have that!
Well, the bottom line should take a big boost now.
whats the big deal about cancelling windowsupdate.com?
it isn't, but what if the worm had been written to attack microsoft.com instead? would they redirect all of their traffic for that URL to microsoft.com.microsoft.com? it just seems like a hackneyed fix. they lucked out that the worm won't follow a redirect and that it was for a URL they could afford to surrender.
Today, in the developed world, we do not worry about electricity and water services being available.
Maybe he didn't get the memo?
Check out my sysadmin blog!
So now, when we face a choice between adding features and resolving security issues, we need to choose security.
Apparently he changed his mind.
Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.
After it's too late, that is.
A good example of this is the changes we made in Outlook to avoid email borne viruses.
I must've been absent when that came true.
If we discover a risk that a feature could compromise someone's privacy, that problem gets solved first.
Since when are bugs called "features"?
If there is any way we can better protect important data and minimize downtime, we should focus on this.
Lip + service = $$$
Look, we all know this is just a temporary solution, since the next worm will target the new web site. Microsoft has planned ahead with a series of new web sites that should be able to handle any future problems.
In the words of Bullwinkle "this time, for sure!"
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
If the network went down due to MS it will never be admitted.
We are a society that is easy to attack (due to shoddy coding) and yet our government still supports it due to political connections. How funny.
I don't know where I place the blame for MS's horrible track record with bugs. I think, initially, it falls to the users. The users are idiots, they don't know how to properly secure their systems. They don't know to firewall everything, inside and out, and disable stuff like RPC where it's not used. However, why don't the user's know this? Because MS doesn't want them to. MS wants Windows to be point and click and not involve thinking. I think that's where disasters like this start. People need to be educated about how to secure their systems. Making everything as easy as point and click without thinking does not help people to understand how a system works, and how it needs to be protected. XP's firewall should have been enabled by default, protecting EVERYTHING. If the User found something didn't work, then the system should explain why. MS makes it EASY to be unprepared.
I don't get it either. Slashdot says "future updates will come from a different domain" as if they always came from windowsupdate.com, which is completely false.
"Sufferin' succotash."
windowsupdate.com is up for sale?
:(
Eh, probably not.
Marc Maiffret, chief hacking officer for security software maker eEye Digital Security, said the amount of data sent from each infected computer would be small....
Man, how would you like to put THAT on your resume? :-)
From the memo:
"Today, in the developed world, we do not worry about electricity and water services being available"
Well, at least some people don't have to worry about electricity...
-eric
Sorry, I guess that's 3 reasons, not 2. :)
At least I said (at least)!
What was that statement about "you should have previewed"?
Billy G. could only say:
"It's not about the bugs! It's not about the bugs!"
host www.microsoft.como m.edgesuite.net is an alias for a562.cd.akamai.net.
www.microsoft.com is an alias for www.microsoft.com.edgesuite.net.
www.microsoft.c
a562.cd.akamai.net has address 206.112.112.69
a562.cd.akamai.net has address 206.112.112.71
a562.cd.akamai.net has address 206.112.112.63
a562.cd.akamai.net has address 206.112.112.64
.sig
From: Bill Gates
To: Microsoft staff
Last month I sent out a memo. Well here is another one. It has come to my attention that people on the website www.slashdot.org make fun of me and how I run my business.
On another note there is another Windows Update available at the url www.windowsupdate2.com please download this due to the fact there were major holes in the last update.
-Bill
It will only fool the current worms, not future ones that will have the new machine names in them.
So you expect them to do NOTHING now? They released a patch weeks ago, what else can you expect them to do to take care of an issue that is gonna crop up in less than 24hours? Your post is resorting to smoke and mirror tricks to appear to be insightful or interesting when in fact it is simply clueless.
For example, if someone hijacks or otherwise poisons some DNS servers, then all the traffic to windowsupdate.com will make it through to windowsupdate.microsoft.com anyway.
Or, a future worm could be written to target & attack a variety of Microsoft servers.
Or a future fowm could be written in such a way that the target is not part of the worm's code, but rather can be directed remotely somehow. This way, even if Microsoft tries to switch addresses, the person[s] directing the attack can just change the target.
The real solution isn't to keep trying to dodge the bullet.
The solution to become bulletproof.
Even after all this time, Microsoft still doesn't seem to get that.
Part of the reason Microsoft is such a prominent target is of course because it is so, well, prominent. Taking down (say) an FSF server doesn't raise nearly as many headlines (as this week's headlines will attest to). But I don't think that all of the problem here can be traced to how widespread Windows is -- while the Internet's clients are nearly all running Windows, a large fraction of the server architecture is running some Unix variant, and while there is of course some malware that targets *nix (Linux, Solaris, MacOSX, BSD, etc), the results never seem to be as catastrophic as the typical Windows outbreak
To rip of Bruce Schneier's analogy from his security article in Atlantic Monthly a year ago, it seems to me that the what security mechanisms Windows has tend to be brittle, while those that the *nix etc world have tend to be pliable. That is to say, when a problem comes up with (say) Apache, the damage tends to be isolated. This is partly because each installation will be configured differently, with different features enabled or disabled, and partly because the server runs on a variety of systems, each of which may have different mechanisms for providing underlying security protections. On the other hand, IIS installations tend to be pretty homogeneous, and a flaw with one very well could be a flaw with all.
That's not to say that IIS couldn't be just as secure as Apache, if not much more so. But part of Apache (etc)'s strength is it's heterogeneous nature -- people are able to tinker, adapt, mix & match components to suit their needs, and in the process this will also tend to protect them from catastrophic failure. Microsoft has actively resisted this kind of diversity -- witness their howls about having to come up with "thousands of versions of Windows" if some of the firmer antitrust penalties were put into force. Those thousands of permutations are, arguably, exactly what is needed: this will give their users greater choice, and it will make emergencies like this more rare.
I don't get why they're so opposed to the idea.
Maybe they've got cleverer plans than anything I can think of. I certainly wouldn't claim to be any kind of security expert. But if the best they can come up with is a change of address card, I can't help but wonder if they're fumbling in the dark here...
DO NOT LEAVE IT IS NOT REAL
I cant wait for some asshole to try and reclaim the windowsupdate.com domain after it's been abandonded (if it is actually fully abandoned) and suddenly find his site being hammered on the first day.
no comment
This strikes me as being a really bad thing:
They're missing a really big flaw, here, which is that this is horribly vulnerable to malicious behavior. There are already plenty of viruses and worms out there that make registry entries for one purpose or another. It seems to me that if you were exploiting a vulnerability for which a patch already existed it would be very easy to automatically modify the registry to make it appear that the patch had already been applied. This would make tracking which systems were vulnerable much, much more difficult. This would work particularly well if you were trying to make a stealth worm.
There's no point in questioning authority if you aren't going to listen to the answers.
Gasp, slashdot's got something inaccurate about ms?
Username taken, please choose another one.
Microsoft products cost a lot of money. Linux is free. Both are vulnerable. Get over it.
I installed and ran the Microsoft BSA utility that scans your computer for updates (windowsupdate looks in registry only) per the link above. It found 4 problems that WindowsUpdate can't find, so I followed the links, to read about them.
Problem is, when you click on the link to DOWNLOAD the actual patch for XP, it just redirects you to www.microsoft.com, so even their security tool is useless if you cant get to the files to manually install them. Fucking rediculous.
Tequila: It's not just for breakfast anymore!
Going to 'tools, windows update' in internet explorer takes you to a redir site on microsoft.com, which attempts to forward you to windowsupdate.com NOT windowsupdate.microsoft.com .. even still (~3PM EST). you'd think they'd at least fix that if they were fuckin with the dns..
You have to give it to the guy; his timing is impeccable...
Timing being the essence of comedy........
I had the same problem this afternoon, this link for the XP patch seems to work still, for the moment.
Um, it's called the W32Blaster worm.
"Sufferin' succotash."
"Microsoft.com went down last night" - See? Microsoft really DOES suck!
Acts of massive stupidity are almost never covered by warranty. --me.
is a "companion" virus to update infected machines now that windowsupdate.com is no more. How about keeping the domain around, but either modifying the DNS server to point it at the IP of RIAA.org, or perhaps just a slight modification to the hosts file of local machines?
If they think a slashdotting was bad, I'd love to see their server smoke after all the infected windows machines start saying "hello"
...MS. I believe last night's power failure was not caused by a lightning strike or terrorists. I believe it was cause by a comet fragment hitting the power grid. Last night was just a small sampling of what is coming when Planet X arrives. It will rain oil and fire and water over the entire earth. Everything that depends on electricity will cease. Screw Bush, the Taliban or Saddam. It's not going to matter after Planet X is here.
I wonder if this "DOS" they claim to be suffering is really too many users actually trying to get updates for once. After all, the code in this virus is not set to DOS MS until the 16th so they can not blame it on that. I doubt they would ever admit to not being able to handle the load. I use MS update at least a few times a day and have been for the last year on various client machines. Sometimes I need 10's of updates from a fresh install, sometimes just a few driver updates or the recently released. I don;t have any specific stats but I have noticed a definate slowing of the update site when the blaster worm was announced and it is getting slower as the days go on, today it took over 5 minutes to get a sound card update that for the previous year, only took 10 seconds. Another time today it took about 60 seconds. DOS causing this? Maybe, but I would guess they are having a hard time providing the update service for everyone and do not want to admit it. I bet hundreds of thousands of people are running the update service for the first time ever and they need a lot of updates. This move of names and connectivity is probably a hidden attempt to get the stuff hosted somewhere else or split up the load more then what they are currently doing and make it appear it is for security reasons. Reading bewteen the lines here but the amount of work involved with name change of this nature is massive compared to the relative ease a virus writer can simply point to the new site. Does MS honestly think a name change will stop a DOS? I doubt it, but it fits into thier FUD compaign of increased security and that they are under attack.
Bad boys rape our young girls but Violet gives willingly.
Or should I say, it used to, I think.. I just tried it before posting, and it got to some funky redir address, and didn't work.. timed out. Then i punched in windowsupdate.microsoft.com, and it worked. now when I go to tools, windows update:
& cl cid=0x0409&pver=6.0&ar=ienews&os=N6
.. well, now it works again. So maybe they just fixed the redir or something. who the hell knows, I'm sick of this :) anonymous cuz replying to myself is dumb
it works immediately (i don't even see a redir address)
Oh well.
Ok, I closed IE and then opened it back up while I was waiting for the two minute rule to expire, and it again timed out while trying to hit the redir address:
http://www.microsoft.com/isapi/redir.dll?prd=ie
So I put it in to mozilla, trying to easily see what headers were sent, it grinds away, does nothing. I refresh, and it goes to windowsupdate.microsoft.com. then IE does it. so I close it, open it up again, and
Is that Microsoft starts writing software for the Linux platform. Thereby making Linux a big fat target for bugs, worms and viruses.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Just change the first five results on google to some page that explains it's only there to be taken down by the worm. Virus attack: incapacitated.
I used to bulls-eye womp-rats in my pants
They've contracted their massive load balancing requirements to Akami, and probably don't give a shit what Akami runs to do their work.
It's not like Billy G. called the Network guys into his office and told them to go stick their servers behind a linux proxy.
They're just contracting a service, like Apple and several other companies do for high bandwidth projects. (Apple distributes most of the Quicktime Movie Trailers via Akami)
More importantly when will MS abid by their settlement and allow alternative browsers to be used with WindowsUpdate?(In my eyes that should be implied)
Doesn't seem right that they are allowed to throw up a button for "Program Access and Defaults" while at the same time making sure you actually can't live without the products your trying not to use.
btw, waiting and hoping that the automatics updates works is NOT an alternative. Except for those who never use non-critical updates(IE WMovMaker, WMP9 etc) or love being alpha testers for a company known to CONSTANTLY screw up their patches.
If you wanna get rich, you know that payback is a bitch
Adding more salt to the wound I guess. I have also noticed that if their servers are not properly operating, they will say there are no updates available, even when there are. I have confirmed this twice when I KNEW there was an update that was not installed on the laptop (sometimes i go two weeks without using).
That is a pretty shitty way to handle a down server, by convincing your customers they are safe when they are not.
Tequila: It's not just for breakfast anymore!
the Linux community needs to concentrate on not becoming the next big security joke. Okay, it's fun to laugh at Microsoft's pathetic record.... Just a second... Muhahahahahah. I feel better now. But as Linux becomes more and more popular blackhats will put more and more attention into breaking our OS.
We need to all make good design and operational decisions. Bad decisions like the one made by Lindows to run as root be default can lead to Linux having as bad a reputation as Microsoft.
The Linux community is positioned to demonstrate to the world that Linux, not Windows, should be used anywhere that security is an issue. Let's not blow it.
The race isn't always to the swift... but that's the way to bet!
Heres my suggestion to MS (and this is actually a serious one).
Ever thought about peer to peer? integrated bittorrent or Kazaa style sharing would be a god send for the dissemination of huge patches like this.
Food for thought
That's a pretty strange definition of impeccable timing if you ask me.
I wonder if the ad in the middle of the article is from ZDNet or actually in Bill's memo... (or course it was from ZDNet, but I wouldn't put it past Billy boy do drive advertisment dollars from his own employees)
-----
Web Hosting @ HostForADollar.com
Yeah...You'd think they'd notify all the people like Symantec, Mcafee, CERT, etc. that've been posting the other links all week.
Two thoughts here. First, package management
Operating system version control has been a problem for Microsoft Windows for a long time. Especially with runtime software bundled with third-party applications (think DirectX), you need a clear way to identify what is installed on a machine, upgrade it while tracking dependencies, and easily remove it. InstallShield does this sort of thing -- why isn't it built into the operating system?
Furthermore, most package managers provide a facility to verify the files that are running on the machine. While it isn't as conclusive as something like Tripwire, a simple "rpm --verify --all" will give you some insight into whether a system file has been replaced.
Package management on AIX (and probably other UN*Xes, but I haven't used them) gives you the ability to roll back out of a patch that went wrong, too. While that is possible to some extent in Windows, a package management solution could make that very easy.
And while we're at it, why isn't there a framework built into Windows to centralize patching of ALL products, not just Microsoft ones? Certainly the "Microsoft Update" that they are proposing is a good step, but why not build something that can check other vendors' web sites for patches? Couldn't such a framework be built so that when an application is installed it registers with the OS, and tells the OS where to look for updates for that specific product? Then when you run this "update console" or whatever, your local machine goes out to Microsoft, Symantec, Adobe, whoever, and checks to see if there are updates for EVERYTHING that is installed?
The system could also be similar to Red Hat's update mirrors/satellite up2date server, where a corporate customer could set up a central update server, tell it where to get updates for all the products in use in their company, and then that server mirrors it. Then updating the client workstations (and servers) is something that happens in-house. Maybe it could even be smart enough to tell if a client machine hasn't been updated yet, and then when that machine is powered on it could update itself and reboot if necessary, all before the user is able to log in.
These two things together could really put a dent in management for Windows machines. Sorry if this is sort of a ramble, I've been thinking about it for a while and it all just spilled out.
Maybe I just wasn't ever paying attention, but I don't remember the address ever being "windowsupdate.com"; it's alwasy been "windowsupdate.microsoft.com". At best there was some DNS redirection going on at some point perhaps.
It hurts when I pee.
1) M$ (and the media) hyped this security patch to the hilt, IMHO, because WU was the target. Other worm exploits that have been cited in the news can be prevented by patches that come out a year or two ago. It would be nice to have the other 30 or so patches released this year equally hyped.
2) Re: WU says you're patched but you're not... I'm sorry, but nothing impresses me more than Shavlik's HFNetChkLT for Win2K, NT, and XP. SCan with this and then download the patch from the M$ Security Bulletins through Technet and install manually.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Because they've endgendered a "computing" culture where users are either: 1)ignorant about the need for patching, or 2) have been burned by fucked up M$ patches in the past and hence, don't keep up to date.
"Fool me once, shame on you ...
...
Fool me twice
won't get fooled again"
This country is overrun with idiots. I hope you reap the consequences of your actions. I spit on you all!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
You've nailed the problem down pretty well though. I'd require a license similar to the ham radio license to use the Internet, if I were Dictator of the World.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Going to 'tools, windows update' in internet explorer takes you to a redir site on microsoft.com, which attempts to forward you to windowsupdate.com NOT windowsupdate.microsoft.com .. even still (~3PM EST). you'd think they'd at least fix that if they were fuckin with the dns..
You may not know this, but when you change an entry in DNS, it is not available to everyone for a while. This is due to caching (all ISP DNS servers are caching servers, of course). For instance, the AOL servers may have gotten the ip for the domain at 8am, and if it doesnt expire for 24 hours, their server will assume it is still at the same ip, so when an AOLer tries to go there (using AOL's DNS server) it will simply give that IP address, even tho it has changed. It wont go back to the SOA and check the serial number of the DNS entry to see if it is still valid until after it expires and someone requests it. So, it depends on the expiry of the DNS record before the change. My experience is that it takes 1 to 2 days for all the changes to fully propegate, and sometimes longer on some DNS servers if they override expiry.
Tequila: It's not just for breakfast anymore!
The reason this is getting attention is because it's the first major
security flaw in Windows Server 2003 which was supposed to be
impenetrable being the first major OS released after the big security
push my Microsoft.
In addition to that juicy bit of info, this flaw is more interesting
to talk about than most because of the worm. It's amusing to see such
a clever worm thwarted by using the wrong domain name. Seems intentional
to me.
*sigh* back to work...
The button on the taskbar is targeted to
a sp
%SystemRoot%\system32\wupdmgr.exe
which sends me to http://v4.windowsupdate.microsoft.com/en/default.
which appears to work just file. Didn't try it from IE tools menu, tho
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Microsoft is about to get into the AV business yet again. Keep in mind, MS does NOT consider those companies friends, rather they are competitors, so I can see MS letting them look bad with old links. That is not new for them.
Tequila: It's not just for breakfast anymore!
You guys should poke the registry key that indicates the patch status for the hole you are exploting So the patches, won't work.
EVIL!
That "memo" looks more like an advertisment to me. Read it and see how much Bill gabs on and on about all the good things that Windows, .NET, et al provides.
Even when security is there number one priority advertising is still their other number one priority.
Why don't you now try to download the latest IE?
I can holy hope as to what might happen.
So what happens when the worm writers get a clue, and write subroutines to do lookups on hostnames, and attack based on the translated host-to-ip address? It's not too hard to resolve windowsupdate.microsoft.com to whatever the root dns has listed, or for that matter any domain. A big enough worm, even with load balancing on its target, will still cause havoc on every routing device from here to Timbuck Two. I for one, would hate to be paying the bandwidth bill on the intended target.
Slashdot.. Land of nerds, trolls, and FlameBait..
Maybe he didn't get the memo?
That, or he didn't bother to RTFFP (read the fscking front page).
Sure, don't read articles, but shit, alteast skim the OTHER slashdot story titles!
Apparently the US National power grid uses "OPC"
OPC stands for "OLE for Process Control"... (if you did some COM/DCOM windows programm you will be familiar with this).
It's the same technology targeted by the W32.Blaster worm that is crawling around the web.
It won't suprise me if some of those computers responsible for failover/grid isolation actually hung themselves on the worm.
In case you don't know what the worm does, not much, but a side effect (because of sloppy coding) it causes the machine to restart very frequently (it also attempts to attack microsoft.com in a DoS attack, I guess that's why microsoft shut down windowsupdate).
what do you think?
they obviously don't trust their own users to keep their systems patched and/or behing firewalls
/.ers , hehehe.
I'm an XP user (among other os's) and I don't trust the average Windows user either. Not ragging, just a fact. My mom is one of them.
My brother and I were joking around because mom asked him what she should do about "that new virus" (blaster). She asked him if unplugging the computer was enough, or if she needed to do more. I told him he should have told her to put the box in the refrigerator because everyone knows that viruses and germs won't grow when they are kept that cold. Yea, I know, slightly cruel, but I'm telling ya, she just MIGHT have done it if we could have kept from laughing.
So its not an insult to Windows users, its just a fact: Most are interested in doing stuff with their computers and expect them to be like a toaster, just plug it in and never think about it again.
Ironically, I bought my 67 year old mom the computer last christmas, she uses it every day, and she WAS smart enough to ask someone about it, more than I can say about a few
Tequila: It's not just for breakfast anymore!
when I sent someone a link to http://www.windowsupdate.com this morning and there was no site there, I noticed and cared.
The truth doesn't care what I think.
If those rumors are true, then the worm didn't cause the power failures, it just disabled the systems that would have prevented them. That this happened at around the same time is just a coincidence, - or maybe minor power failures happen frequently and were just prevented from spreading?
Who the fuck runs mission-critical systems on Windows?!! HOMER SIMPSON?!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I need to research this, thought someone might know off the top of their heads... .SCR, (yeah yeah, revenge of pr0n), a pretty nasty one that pulled crap like shutting down task manager as soon as I brought it up. I think it might have disabled windows update. is there a way to tell if it is actually disabled, and how to get it back?
Windows XP, I got hit by a trojan hiding as an
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
Or that if you aren't, you neve work in a security field.
Yeah, you get hit with a virus and the network slows down for a while, but the problem is solved for the future.
For those who actually think that this is a good idea:
I'm curious. Does the registry entry include any security, or can any exploit set the registry to deceptively indicate that the host is already protected.
Scott Renfro
Paranoid Yahoo
yahoo.com
...hackers will just point at http://windowsupdate.microsoft.com instead. Right?
-- http://frobnosticate.com
"We found that people had got the registry key for the patch, but not the file," he said, explaining that the error could be triggered by a number of reasons -- from an incomplete installation to a lack of system resources.
Microsoft did not respond to requests for comment on the Windows Update issue."
When is Redmond going to realize that people do not have time for this kind of Mickey Mouse bullshit? All of those developers and resources and they cannot even ensure that you are patched when you use windows uodate...
Then unable to keep their site up for their customers - they switch to linux. Gives a whole new meaning to 'Do more for less'.
And I'm on a 56K phone modem. Took less than thirty seconds of connection before BlackICE prompted me.
So I unplugged the phone cable and then configured BlackICE to block MSBlast forever.
Then I checked my registry, drivers, and running applications for this maggot. No sign of it.
After reconnecting, BlackICE detected and blocked attempts at MSRPC.
Firewalls WORK.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Oh man this makes me feel good. As more and more of these happen soon the world will see MS as a company that creates inferior products with serious security flaws that are not addressed for months!
Will someone please patent something like this before micro$oft:
;-)
"Method to prevent worm attacks by changing site hosting locations as many times as needed".
This way they'll either have to fix the damn holes or pay up.
I'm joking... but if someone wants to try and the USPO actually accepts it (not totally unlikely) just give me some credit, and some 10% of the profits will do.
/* TAANSTAFL */
I'm frustrated that I've only heard people saying what "didn't" cause the power failure by the powers that be: It wasn't terrorism or the MS worm. So says the politicians and power grid experts. Of course, they also go on to say things like "I don't know what caused it--it shouldn't be able to happen".
I also remember hearing months back that some functions of control for public utilities are taking place over the internet. Why not since its cheap and mostly reliable.
Does anyone remember Homer's rhetorical query to lisa's sarcastic assessment of the killer robots at the amusement park..."Wonders, Lisa, or blunders?"
WindowsUpdate.com did not, I REPEAT: DID NOT EVER Run Linux. The scan from Netcraft only shows that during a particular scan the DNS resolved to Akamai's web caching servers. So Puh-LEASE don't try to start misinformed rumors.
Linux AkamaiGHost 15-Aug-2003 213.161.82.37 Akamai
There is one fundamental difference I would like to point out concerning Microsoft OS's vs Linux, BSD and other open source OS's:
1. With an open source OS those who find security holes and exploits can also patch them themselves since the source code is available. With closed source/proprietary OS software you are at the mercy of the OS Vendor (Microsoft) to provide the appropriate patches when a security hole is discovered.
2. You have to accept on blind faith that they knew what they were doing when they coded the patch and cross your fingers, hoping that the fix does not turn out to cause more problems than the hole reguarding the running of your system and sometimes essential third party software which you may depend on.
Yes, it is true that security holes have been found (and patched quickly) in Linux and other open source variants. The major difference, at least to me, is that I have access to both the original OS code containing the bug/hole/problem as well as the code for the patch that fixes it!
Yes I know that most /. readers already understand this!
Just my two cents worth here.
The Matrix IS real but I'm only visiting!
The Matrix is real... but I'm only visiting!
Microsoft products cost a lot of money. Linux is free. Both are vulnerable. Get over it.
MS products only cost money if you pay for them. I've been using MS products for free (for educational purposes of course) without paying a dime to MS - except for Xbox Games. And they provide free patches also!
Reminds me of the old military joke,
The Army will post guards around the place.
The Navy will turn out the lights and lock the doors.
The Marines will kill everybody inside and set up a headquarters
The Air Force will take out a 5 year lease with an option to buy.
[
I'm thinking if the author of this worm would have made it attack the windows update site a few days ago, when the number of infected computers was at its peak, it would have caused a lot more damage. I'm sure most of us on /. would have figured a way to get the update from somewhere else (assuming WU gets taken out). But what about all the computer illiterate users who were too clueless to update their systems ahead of time in the first place?
I think there would have been alot more problems if the author predicted the spread of the worm more accurately. Am I correct in assuming this?
Abaddon: An Xbox 360 Indie game
Apparently, at least from this report at eWeek, Microsoft's official story is that they took the site off-line intentionally to avoid the Blaster attack. Bolstering this is that the page was a redirect; however, discrediting their argument is the fact that getting to the same data is rather clumsy. You think they'd be able to have something better in place.
Put a locked-down box on windows-update.com that logs all the IP addresses it gets DOSed from, then trace them back to the actual users whose machines were compromised. Then revoke all of those users' XP licenses for being bloody stupid morons who don't know how to apply a patch.
Make me a friend and I'll mod you up
While Windows was getting all the attention from their common creator Microsoft, DOS has secretly been waiting for its opportunity to strike at both.
From the infoworld article:
The company is cooperating with federal law enforcement officials to investigate the attack, which is the second successful DOS attack against Microsoft.com this month.
Two successful DOS attacks this month. And what a sense of irony: revolt against the creator by manipulating "the favorite" to do its bidding.
What's so hard about using a lower-case 'o'?
This is not my sig.
The only problem, was that 4 of the 9 download links redirected me to http://www.microsoft.com/
I heard to search the link on Google til I found the actual .exe to download.
Against a large and diverse enough DDoS, all the sysadmins in the world together can't deal with it. Microsoft did all that they really could do: remove the target address from the internet, so that the pings never reach their server in the first place. Of course, all it takes is a new variant of the worm targetting windowsupdate.microsoft.com to recreate the problem all over again - and unlike windowsupdate.com, Windows systems use windowsupdate.microsoft.com.
some users reported difficulty reaching [windowsupdate.com] Friday morning.
"The windowsupdate.microsoft.com and download.microsoft.com sites, which distribute software updates to Microsoft customers, were unaffected by the attack, Sundwall said. Users continued to access and download software patches from those sites throughout the attack, he said."
The quote is wrong. The previous sentence in the article contradicts the quote! windowsupdate.microsoft.com was too slow to do anything useful last night!
Seems to me that if MSBlast.exe could get in, Microsoft could program their own program that seeks the same vulnerability to get in and patch the system... I'm sure its in the license agreement somewhere, right? Hah.
This is a garden-variety buffer-overflow exploit of the sort that could just as easily still exist somewhere in Linux.
m e kind of talk should be left at score 1 or so, where it belongs, regardless of wether it praises or bashes M$ or *nix.
Active Directory also provides a way to block this type of worm that *ix doesn't. There wasn't time to patch all of our servers during the outbreak, so one of the guys here implemented a group policy that prevents execution of msblast.exe and teekids.exe on any machine on our network. Once they're all patched, the policy can be removed really easily.
Is this guy for real?
This kind of am-an-admin-expert-because-i-have-two-boxes-at-ho
That kind of "block" should not be suggested to other clueless admins! This is exactly why the worm got the 2nd generation where the filename had changed.
(I'm trying real hard not to mention also the fact that you shouldn't make false claims like about *nix systems. You really think *nix systems, employed for thousands of users all over the world in thousands of universities don't have elaborate user policies that can be administered swiftly and efficiently? Thenagain you're probably just flaming/trolling...)
(and even you forgot the penis32.exe, which btw is indeed a genius naming stunt! I do loathe the black hats, but every now and then I can't help myself admiring the simplistic beauty in some of their tricks. Thinking how many warning mails that never reached their target because mail filters grabbed them...)
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
Because they've endgendered a "computing" culture where users are ... ignorant about the need for patching
Yeah, curse those bastards for making computers that are usable by people other than us techno-elite snobs.
Many people simply have other things they care about more than patching their computer. If 95% of people used *NIX, would it have a reputation for being mostly secure? No, because people who don't care would still be the vast majority. Most people should know the importance of basic car maintenence: checking oil, tire pressure, anti-freeze, etc. Many, many people don't bother to do so. When they have problems, is it Ford's fault?
I imagine that given that there are already variations that use names that will get blocked by kiddie protection filters and spam filters that block porno mails, that any attempt by MS to sidestep the domain name of WU will soon be nullified by the same people putting out the current variations.
Although I'm aware that many users simply don't know how to patch their systems often or don't care, I am truly amazed at the sheer number of worms that do manage to get through, no matter what. I am even more surprised at MS' rather clumsy responses every time a worm gets through. Oh well.
The IE tools menu will eventually get you there, but it definitely seems to be taking a different route. Of course, this is the first time I've ever gone to Windows Update that way, I usually just type in http://windowsupdate. (hit down arrow, hit enter) if I have an IE window open or use the start menu link, both of which go to the same old windowsupdate.microsoft.com site.
-PainKilleR-[CE]
Linux, BSD or other may not get as many attacks as windows does even wiht high market share. Karma does catch up with us all. MS has business and ethical practices that frankly, piss a lot of people off. "A wise philospher once said that anger, hate, fear, these are the ways of the dark side, and the dark side makes you strong."
There are lots of huge companies. Even the occasional near monopoly. MS gets hit more than them. What goes around comes around.
my two cents
-Iowa
"He who laughs last, didn't get the joke."-Cap
Get a clue.
windowsupdate.com does not resolve: pinging or tracert does not work
windowsupdate.microsoft.com works (asks for I.E. 5)
microsoft.com no problems (thay have a nice link on how to stop the baster worm though...)
Microsoft Instructions on "What You Should Know About the Blaster Worm and Its Variants"
how long until
Has anybody else noticed that hotmail has been down all day today? I haven't been able to login from my home computer (md.comcast.net) or work computer (umd.edu), or from a couple other Linux boxes at various points around the country...
My bicyles
"Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes."
d me .html
http://razor.bindview.com/tools/desc/strace_rea
Interesting article. But did you have to be such an asshole about it?
Yours truly,
Keith
P.S.: If your power is still out tonight, I hope this burning karma lights your path.
This sig intentionally left blank.
Notably, Microsoft refused to give permission to ISPs to burn CD's or make floppies with the Blaster patch on them. I heard of one outfit that had their lawyer contact MSFT to make sure that they were kosher before giving them to customers. Microsoft refused. As it turns out, stating that the users could easily download the patches directly, even if they had the shutdown bug and were dialing in to download a 1.2 MB patch.
I have no sympathy for MSFT getting DOS-ed. The fuckers deserve it, and they were hoist by their own petard. Sure, there is some nitwit out there that acted on as explout that was known for at least a month, but WTF? What is the problem with letting ISPs distribute the patch to fix this thing?
The ISPs are burning time and support lines over it, bandwidth is getting hosed by the packets on the affected ports, filtering ports helps (but doesn't eliminate the problem). Essentially, third-party companies (ISPs) asked for permission to help put out this fire, and Microsoft gave them a big "fuck you" and I am somewhat gratified by the whole thing.
Fuck you, Microsoft. Here's hoping you get more of the same.
I might post the emails discussing the attempt to get authority to help spread the patches somewhere, but I'm not anxious to cause a slashdotting of my own weenie ISP's servers.
And, if you read further about how Netcraft actually works, you will notice that they state that firewalls and other sorts of software can make it appear that a server's software is actually running on an OS that it would otherwise be impossible to run on. This is why you will find IIS running on Solaris, FreeBSD and Linux. Read first.
www.sitetronics.com/wordpress
The impending DDoS attack on Microsoft scheduled in the MSBlast worm was drastically mitigated by Microsoft's DNS shuffing, the diligent patching by systems administrators around the world, and the lack of electricity in several population centers. However, it was replaced by a much more potent DDoS attack by people checking to see if Microsoft's site was dead yet...
"Never put off for tomorrow what can be avoided altogether"
Wait a minute... (Hop in discussion)
When you install Windows XP, when creating the admin account, it tells you it shouldn't be the account you would use your computer with it.
When you create a new account, it asks you weither it should be "normal" or "user with power" account. User with power aren't admin, before you flame. They can install and remove programs, but not install services and such. Services can be installed with privileges only if you are admin, etc etc etc. Funnily, you find some stuff in the security doc of Windows, cut/pasted from *x.
When a software become widespread, all of a sudden many users drop standards. Each user you add to a system, each times your system becomes dumber. I personnaly find that for a software with that many code lines, the bugs and holes are still pretty low.
I admit I respect Unix (BSD at home) for security, but Windows is not THAT far behind. You can't blame a system to be dumb when the ones using it are.
I've updated my computer a month ago for the security hole, and magically I don't have any virus problem right now.
Of Code And Men
The SUS server is supposed to synchronize itself (manually or automatically) with Microsoft's servers to get the latest updates, and you get a chance to approve them for distribution to clients. Not a bad idea, and it seems to work OK.
However, the URL that's coded into SUS to synchronize with updates is -- wait for it -- a windowsupdate.com URL!
Error Message:l og1.cab'. (Error 0x80072EFD: Unable to connect to the server.)"
"Failed to download from URL 'http://www.msus.windowsupdate.com/msus/v1/aucata
Anyone using SUS to update their client machines is now stuck with their current update set until Microsoft sets up a new site to sync with and documents how to change the URL that SUS uses to whatever one they come up with.
Lame.
Well they bought a Romanian AV company called RAV. They used to have anti virus products for Linux and FreeBSD (to scan for wind0ze viruses of course), but no more now.
With Microsoft getting DOS attacks and viruses all the time one might begin to think that someone doesn't like them. Hrmm. Wonder who that could be..
I don't know why this became a big deal. Ok, I lied. It became a big deal because of users who did not patch their systems (for whatever reason). But it isn't like this patch is new. It was originally posted on July 16, 2003. They just revised the bulletin because of the outbreak.
From MS's site:
Why have you revised this bulletin?
Subsequent to the release of this bulletin Microsoft has been made aware that additional ports involving RPC can be used to exploit this vulnerability. Information regarding these additional ports has been added to the mitigating factors and the Workaround section of the bulletin.
If I have installed the patch provided with the original bulletin, am I still protected?
Yes. There has been no update to the patch itself, and the patch will still correct the vulnerability. This additional information is being provided to those customers who may require a temporary workaround until they can apply the patch.
I wish I could make my friends, family, people I know read these security reports on their own, but they never do.
-Valiss
Maybe this has something to do with the recent announcement that EACH Microsoft division would have its own CFO!
This is right out of Dilbert!
Select and buy your favorite combination of solar, wind, gas generators, or whatever else your locale will support. Call the power company and tell them to disconnect you, and would they PLEASE get their damn wires and poles off your property.
Worms, such as the latest one that attacks Windows RPC services, only need to make outgoing TCP connections in order to propogate. This does not require root access. The fact that network daemons under *nix don't usually run as root has no impact on worms; worms don't need root.
Root access would be needed for viruses (that modify executables), more sophisticated worms that install rootkits to hide their presense (has that been done yet?), and human attackers that want to snoop around users files or sniff network traffic or install rootkits. A simple worm is one of the few cases where containing a compromise to a user account is not a major win.
However, even more important than any of these new capabilities is the fact that it is designed from the ground up to deliver Trustworthy Computing. What I mean by this is that customers will always be able to rely on these systems to be available and to secure their information. Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.
Today, in the developed world, we do not worry about electricity and water services being available. "
I guess Bill hasn't seen the news in the last 24-48 hours. I haven't seen a virus yet that can take down all systems in less than nine seconds. If the reliability of power is what Bill aims to achieve we (MS) admins will always have a paycheck...
A new story will be posted soon, but subscribers get enough time to think about rude stuff to write up, before 300+ posts are posted.
Have Linux installed at your place in Amsterdam, for cheap
To all of the programmers:
User interface IS THE ISSUE.
The Mac OS X implementation uses non-privileged user for all normal operations, then and ONLY THEN, does it propmpt for an admin password.
Contrary to what you all think is right, I keep my more or less secured Linux box running as root user for one main reasons: I routinely (daily) install or modify systems USING THE X GUI, which does not allow me to shift on the fly to root and back for things like drag-and-drop of files.
Call me crazy, but I thought this whole crazy computer thing was to make our lives easier, not to burden us with being our own little system administrator.
Users will not accept systems which do not provide to them what they need (a word processor, a game platform, or whatever.)
Don't blame the dumb user for the poorly made system or poorly written software - IT IS YOUR FAULT IF SOMEONE HAS A PROBLEM WITH YOUR PROGRAM.
If you can't grasp that, it is obvious why software programmers aren't really engineers. (With apologies to those of you who do get it.)
Faith is the very antithesis of reason, injudiciousness a critical component of spiritual devotion. Jon Krakauer
Description: WTF? Your bugfix doesn't work! LOL!
Repro steps:
(1) Lauch msworm on a zombie farm
(2) Use IRC bot to reset dates and trigger attack
Expect:
Moderate DDoS to slow down new site
Observe:
No effect.
Note: Micro$oft has moved to a caching company to support this new domain. Akamai has bandwidth to burn and enuf points of presence that we'd have to take down the whole net to have an effect.
Try again, Luser!
Last time I checked, most everybody, on average, beats microsoft in terms of speed of security fixes. So I suppose unmatched, because Microsoft has been completelysurpassed.
Bill is setting up the mood for the industry to beg for palladium and DRM...
The best way to do it is a few days before the actual IP address change, go in and set the TTL on the zone file to 15 minutes. Let that propogate to all of the cashing DNS servers. Then when you do update the IP address on your DNS server, the changes propogate to everybody within 15 minutes guaranteed.
Of course in the interim, your DNS server will have a pretty heavy load. You probably don't want to keep it at 15 minutes for any longer than you need!
Here in CA you have to fund the switch which allows you to feed from your supply to the lines, even if you don't EVER want to feed back, PG&E got some help in the legislation, this run s around 10K minimal. The CA government in its infinite wisdom also institutied a Farking tax on power feedback, in order to offset the cost of people leaving the system while it is so deep in financial trouble, so now even if you DON'T USE the power grid, you are required to pay a tax on the approx. amount you would use....Our rural neighborhood association just went through the governmental hoops to get this working...what a friggin nightmare.... Unless you have several hundred potential users, there is no way this is financially feasible thanks to our friends in government, always out to protect corporate interests at the expense of taxpayers freedom and choice.....
errr....umm...*whooosh* *whoosh* Is this thing on ?
Is anyone concerned that putting a link to the new [?] Windows Update site on the /. front page would cause a DoS in itself? Granted, the traffic woudln't be as great as the Blaster DoS, but the Slashdot Effect is pretty strong.
7) Loss.
How difficult can it be to write one of these things? You don't even have to be a hacker at all. all you do is.
1) Wait for a MS critical update to come out.
2) Write code to take advantage of the documented flaw. (take a month or two to write it, what the heck)
3) release.
Then all the yay-hoos that didn't upgrade their systems (when their computers probably told them to) get borked. if people would only apply security patches... ahh well...
T.
SUS = Software Update Services.
With SUS you can use the automatic update feature of Windows 2k/XP/2k3 to download and install updates automaticly (or with your own approval for each update).
It's kind of the Microsoft equilevant of "apt-get update && apt-get upgrade".
It's based on the same protocol as Windows Update, so therefor it requires IIS.
they will say there are no updates available, even when there are. I have confirmed this twice when I KNEW there was an update that was not installed on the laptop (sometimes i go two weeks without using).
I just cleaned up my friend's computer who got infected with blaster.
I went to Windows update, and it said that he needed no updates which is, of course, false since otherwise he wouldn't have gotten infected in the first place.
He's running XP home which has the auto update set to download patches but not install by default.
So after some digging around I realized that Windows update was correct that there were no newer patches available for download, but he had never installed any of them, so it was wrong that none were needed.
I wonder if something similar might have happened in your case?
"if I were Dictator of the World."
That is what all you Cheney-neocons strive for, isn't it? To rule the world as a dictator?
Why couldn't you just redirect windows.com to one of the ips they choode for their new service,using your hosts file or with your dns server?
http://www.matrikon.com/drivers/opc/whatisopc.asp
OLE for Process Control (OPC) is a new technology designed to bridge Windows based applications and process control hardware. It is an open standard that permits a consistent method of accessing field data from plant floor devices. This method remains the same regardless of the type and source of data. Therefore, end users are free to choose the software and hardware that meets their primary production needs, without having to consider the availability of proprietary drivers.
OPC components fit into two categories: OPC clients and OPC servers. A client is typically a data sink -- an application that uses data in some way, such as an MMI or SCADA package. A server is a data source -a device specific program that collects data from a field device, and then makes it available to an OPC client.
and DCOM definately appears to be in the mix as well:
http://www.opcfoundation.org/Downloads/White%20Pap ers/OPC,%20DCOM%20and%20Security.pdf
Perhaps the lusers who are uneducatedly blaming the blaster virus aren't entirely wrong.
Curious using the scan tool on my network for dsl
x.x.x.15: patched with KB823980
x.x.x.4: unpatched
x.x.x.12: connection to tcp/135 refused
x.x.x.66: patched with KB823980
x.x.x.18: patched with KB823980
x.x.x.16: patched with KB823980
x.x.x.21: connection to tcp/135 refused
x.x.x.101: connection to tcp/135 refused
x.x.x.109: connection to tcp/135 refused
x.x.x.99: connection to tcp/135 refused
x.x.x.85: connection to tcp/135 refused
x.x.x.82: connection to tcp/135 refused
x.x.x.131: unable to determine patch status; please investigate
x.x.x.79: patched with KB823980
x.x.x.73: unpatched
x.x.x.80: connection to tcp/135 refused
x.x.x.76: connection to tcp/135 refused
x.x.x.74: unpatched
x.x.x.78: unpatched
x.x.x.135: patched with KB823980
x.x.x.136: patched with KB823980
x.x.x.105: connection to tcp/135 refused
x.x.x.139: patched with KB823980
x.x.x.142: patched with KB823980
x.x.x.130: connection to tcp/135 refused
x.x.x.147: connection to tcp/135 refused
x.x.x.151: patched with KB823980
x.x.x.162: patched with KB823980
x.x.x.183: connection to tcp/135 refused
x.x.x.166: connection to tcp/135 refused
x.x.x.164: connection to tcp/135 refused
x.x.x.200: connection to tcp/135 refused
x.x.x.186: connection to tcp/135 refused
x.x.x.203: patched with KB823980
x.x.x.160: patched with KB823980
x.x.x.171: connection to tcp/135 refused
x.x.x.207: connection to tcp/135 refused
x.x.x.208: connection to tcp/135 refused
x.x.x.206: connection to tcp/135 refused
x.x.x.205: connection to tcp/135 refused
x.x.x.212: patched with KB823980
x.x.x.225: patched with KB823980
x.x.x.228: patched with KB823980
x.x.x.221: connection to tcp/135 refused
x.x.x.215: connection to tcp/135 refused
x.x.x.237: patched with KB823980
x.x.x.234: patched with KB823980
x.x.x.226: connection to tcp/135 refused
x.x.x.238: connection to tcp/135 refused
x.x.x.243: connection to tcp/135 refused
x.x.x.246: connection to tcp/135 refused
x.x.x.254: patched with KB823980
x.x.x.253: patched with KB823980
x.x.x.224: patched with KB823980
So about 1/10+- remain unpatched.
The real reason is either:
Conspiracy A - Uncle Bill takes after Uncle Sam
The blackouts were engineered by Microsoft as a preemptive strike against the vast quantity of infected ("terrorist") computers in the Northeast while it attempted to deal with the worm....
OR:
Conspiracy B - Some guy really desperate to hit Microsoft
The worm author (or someone who really despises Microsoft) was a powerplant worker and sabotaged the systems so that all the infected computers in the Northeast would restart simultaneously as the power came back on, all attacking Microsoft at once.
Conspiracy nuts, pick your story!
but I did very recently start a job where I desperately need to deploy something like this
Have a look at Novell's Zenworks. It has all the functionality you need, and Novell has the best security in the business.
-1 Overrated for that on a +5 post
That doesn't apply, it's a www.microsoft.com/redir.asp?blabla crap or something like that.. so if www.microsoft.com works, then they should have fixed that redir to do an http refresh to windowsupdate.microsoft.com immediately.
:)
They appear to have fixed it by now, as evidenced by the reply I made to my comment. yes, I know how DNS works. It's quite a pain when my friend's computer (which I mostly handle the admin tasks for) loses internet (business class RR in rochester sucks) and the DNS is fucked up for days. I might not have it set up properly or something, but I know about the time it takes to propogate
Because once you tell me I am going to do some research and you better be damn sure that your country has had uninterrupted power since the turn of the century.
I am going to suggest that the U.S. alert the U.N. to put in place an emergency mission to provide you with a clue.
Tim
Omnia vestra castrorum habetur nobis.
and let's concentrate on the
Lip + service = $$$!
"Personally, I think we should (build) some new nuclear power plants...I personally wish the US would update it's power infrastructure, and I'd be willing to pay for it."
You got it, pardner. This is one of those things where they could raise a tax somewhere, and I wouldn't complain about it. ESPECIALLY if it was for new nuclear plants. Environmentalists will be hysterical, but so what. Europe, which is supposedly faaar ahead of us in terms of civilization and good ideas, draws as much as 50 percent of its power from nuclear reactors in countries like France and Sweden.
Not that I wouldn't mind some more natural alternatives. I'd LIKE to see things like advancing wind farm and solar panel technology. Bur right now no other alternatives will provide NEAR the power we need except for nukes or more fossil fuel powered plants.
The grid is indeed horrendous and old, and President Bush himself said as much today, urging that it be upgraded.
Life is hard, and the world is cruel
The parent was modded Redundant, but I can't find any other comment with a working link. I notice the URL works for either infoworld.com or archive.infoworld.com but NOT for www.infoworld.com (which was the URL given in the main post); it just gives a "Not Found: Nothing matches the given URI" error. So somebody please either fix the main post by putting a working URL there, or at the very least mod up this comment's parent.
That line of reasoning is hogwash, and part of the self-apologizing crap us Software Developers keep throwing out.
It used to be that we could blame the users for running executables they receive via emails. We demanded common sense, and said that it was user error, not Software Developer error. This time, the mere act of being plugged into a network or the Internet is enough to get the computer infected. So what do we do? We say Damn those lusers because they didn't install their latest security patches!.
That's a big, smelly load of shit. Systems administrators should be required to read bugtraq and keep their systems patched. Users should only show common sense. We can't ask them to do these things. There are people working with computers that actually use them as tools to do work, rather than as objects of worship, as we geeks do. They don't want to know about driver install woes or our petty flavour of the month.
We should be bounds-checking our mallocs rather than demanding users take the time to fix the faulty products we put out.
Overcaffeinated. Angry geeks.
That Linux was there to save Microsoft. It's truly great that Microsoft could benefit from the incredible POWER of Linux to balance the load to one of their sites. Wow. I'm definitely going to give this Linux thing a try now since even Microsoft ended up having to use it. It must be incredible!
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
http://secure.opera.com
The best way to do it is a few days before the actual IP address change, go in and set the TTL on the zone file to 15 minutes. Let that propogate to all of the cashing DNS servers. Then when you do update the IP address on your DNS server, the changes propogate to everybody within 15 minutes guaranteed.
Of course in the interim, your DNS server will have a pretty heavy load. You probably don't want to keep it at 15 minutes for any longer than you need!
This is EXACTLY what I do, to the letter and to the minute. It works on 99% of caching servers (some are setup to override TTL, but they are rare). I run dedicated DNS servers, even tho the load is in the 0.02 range, mainly because of security, so the extra burden is not a problem. This also helps by having the extra capacity for an amatuer DOS attack.
Tequila: It's not just for breakfast anymore!
Twice I kept checking update over and over. Both times I tested it this way, within 30 minutes it magically found an update, so this tells me their servers were either overloaded and just telling me this to get me to leave, or they have a bug. My guess is they were at max load, and don't really care about security enough to just say "we are at max load". I guess looking good is more important that serving us.
Tequila: It's not just for breakfast anymore!
"why would i want to help allievate the situation? hell, i get to have all my computers attack microsoft for free! and legally! wohoo! sick 'em!"
I know (think) you're joking, but while we can moan all we want about how Microsoft should design software that's more secure, we can't do anything about existing systems. And windowsupdate was the fastest, easiest way for the non-tech public to protect and repair themselves. Those of you out there that view this impending attack and the shutting down of windowsupdate as a good thing are very shortsighted.
Maybe you don't give a shit about all of those other users out there that use Windows. Maybe you're happy this is happening. Fine. But rest assured, it's not going to cause people to rebel against Microsoft, like many of you are hoping. There will be no enlightenment and mass exodus to Linux or BSD or OSX. This is going to get blaimed on "hackers". And we all know hackers hate God, hate America, root for Saddam, get pentagram tattoos on their foreheads....and use Linux. Pretty soon it'll be "yeah, I saw those Linux guys bragging on slashdot.org that they took windowsupdate down!"
IBM's reps will be going "yeah, thanks heaps for the positive image, slashdotters.........fuckers".
Make fun of people that run Windows all you want, but don't assist in, or support the disabling of one of their few effective means of defense.
Life is hard, and the world is cruel
Who's this 'we'? Microsoft should be doing that, not us.
If corporations are people, aren't stockholders guilty of slavery?
If a device becomes so ubiquitous that large scale damage could be done if a flaw exists the product should not be released if this flaw is known before release. We all know that testing of products before release can not find every problem. Major problems should be found. Imagine if a software house as a punishment for anti-trust violations (and majority market share) and broad reaching security flaws had to (by law) refund the purchase of terribly insecure software AND provide a free upgrade once all security fixes were in place ..
imagine slower software release cycles by cathedral software houses ....
imagine overall more secure products which still have to be easy to use ...
imagine better software.
It is schedules which kill cathedral house software not QA.
"They say travel broadens the mind, so I went over the falls in a barrel." -Thomas Dolby
s/do go around/don't go around
A very reliable ( and of course, paranoid ) IT expert working somewhere in the southeast has said it is no coincedence that the power outage and the time that the "blaster worm" hit the east coast were so close. Microsoft's laid-back approach to securing it's commercial O/S product line may have cost us billions. But what the hell, he's got money to spare.
That's a big, smelly load of shit. Systems administrators should be required to read bugtraq and keep their systems patched. Users should only show common sense. We can't ask them to do these things. There are people working with computers that actually use them as tools to do work, rather than as objects of worship, as we geeks do. They don't want to know about driver install woes or our petty flavour of the month.
....yea, get your shit together, you guys suck. :D
I am not sure if you are suggesting I hire a sysadmin to manage Mommy's computer, or that she should not be expected to know how to do all this. My statement was that she doesn't, and shouldn't have to know about all that. Thats one reason i bought her a system with a sys restore disk, since I live 1300 miles away. To her its a game platform (casino games) and an email machine, so wiping it isnt the end of the world.
If you are saying she shouldn't have to know this, wtf are you doing argueing with me? That was my point: Its not their fault that they are not experts at upgrading their computers. My brother and I were just enjoying making fun of her about it. Fuck it, she's my mom, I can pick on her if I want. I bought her the box.
As to the "crap [you] Software Developers keep throwing out",
Tequila: It's not just for breakfast anymore!
Internet is often described as a "highway".
:
:
.
.
People are driving on it and they go where they want to go.
On a real highway, everything works like a charm when these conditions are met
- people respect the driving laws.
- drivers are mentally and physically ok, and they have a driving license.
- cars are secure.
When you violate these rules
1) You can make severe damage to yourself and to other people.
2) You can say goodbye to your driving license and/or your car, you can have to pay a lot of money and you can go to jail.
Now, how are things on the "internet highway"?
Anyone can drive. Even people who absolutely don't know how to drive (ie. people don't patch their system, never heard about the netiquette, send HTML mails, etc)
Most people have a car that wasn't designed to drive on a highway (Windows is obviously something _not_ designed with security in mind).
People don't even keep their car in a good state (no update)
As a result, when their car explodes, they happily make all other car explode as well.
They are so many people violating the driving laws that it's a common practice that correct people tolerate.
I receive hundreds of SPAM and Nimda virus every day, my host is scanned on ports 21 and 135 every minute, my web server receive IIS unicode attacks every hour. This is just "normal", and I can't do anything but ignore that, because this is how the "highway" is nowadays.
Jesus. The fact that internet is a marvellous world where anyone can connect and express himself is great. But nowadays, it's nothing but a big mess and even careful drivers are hit by the silliness of people driving with broken cars and no license.
{{.sig}}
My goals as dictator of the planet would be as follows:
1) The eradication of all superstitious behavior on the part of the citizenry, including all organized religion. Realizing that religious teachings can allow for the development of a more ethical outlook on life, an optional state sponsored religion involving Smurfs will be implemented.
2) Immediate mandatory reversable sterilization of all citizens, male and female. A breeding license will be required on a per-child basis based on a set of criteria that will be enumerated in full once I ascend to power. In no manner will further growth of the population be allowed, until more resources can be obtained (see 3)
3) Immediate and massive space exploration program, with a first goal being the terraforming of the planet Mars. With the world's economy behind me, this should be feasible before my death.
4) Immediate and massive longivity and genetic improvement program, with an eventual goals of faster, smarter humans free of disease and immortality.
5) Research into ways of increasing the wealth of all human beings, with the goal being that every man, woman and child on the face of the planet can have anything they want and only have to work at whatever they want to do. If all they want to do is sit in front of the TV, that's fine with me, but those people won't be front runners for the breeding licenses. I would settle for eliminating hunger and disease world-wide as an acceptable first step.
Although I would have some other more minor goals, I believe those would keep me busy for the foreseeable future as I reshape the world in my image. Naturally such a system would be wide open for abuse by the inner core of the support system, but such abuses would be dealt with most harshly. Anyone working in the government would be required to adhere to strict ethical guidelines and failure to do so would cause them to forfeit all their organs to the state-run organ banks.
I'll let you figure out how much of that is serious and how much of it is irony.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
i thought it was C4 clearance, and that took years to get.
I meant 'we' as in 'all Software Developers'. Although it's usually Microsoft taking the spotlight in these situations, the fact remains that their software has a very large installed user base and therefore is more prone to be analyzed and attacked. There's a lot more software out there just as insecure. It's just not attacked that often.
And still, Security Oriented Programming courses are not a part of most Computer Science Curriculums, and we keep blaming these problems on everyone but ourselves.
Microsoft doesn't magically materialize their sloppy programmers from dirt. They hire them FROM THE BRIGHTEST OF THE PACK. That's right. They go to Uni's, find the most promising students and hire them. And they're the ones giving us Blaster woes. Perhaps we should do something about this.
Overcaffeinated. Angry geeks.
Yeah, a lot of users think a computer is like a Ronco product: Set it and forget it!
Dawn of the Dead
And now, the company has "extinguished" WindowsUpdate.com (future updates will come from a different domain). All this because of some Microsoft worm that triggers at midnight.
If you're going to submit a biased article, at least get the facts straight. WindowsUpdate.com was never the primary WU domain, windowsupdate.microsoft.com was. They're just disabling the extra one that was never linked from the Windows OS.
Beware: In C++, your friends can see your privates!
I was referring more to the part of your post where you made fun of her not knowing if unplugging her computer was enough. We all tend to do that and rag on user ignorance, but we're becoming dangerously close to asking them to actually be on the level of sysadmins, and the whole computer as a tool paradigm kind of gets shot to hell at that point.
....yea, get your shit together, you guys suck. :D
As to the "crap [you] Software Developers keep throwing out",
I know. Damn us.
Overcaffeinated. Angry geeks.
The problem is people are scared to death of "magic" inside a computer and we need to help educate them.
That said a LARGE improvement in initial software quality would be good, especially changes in design that make it much more difficult for the worms and virii to get permission to execute on the machine in the first place would go a long way to solving the issue before its really an issue.
"You can now flame me, I am full of love,"
:)
A few of the german microsoft sites used to run Linux. Oh, and their "Switch to Windows" campaign server used to run Linux as well until everyone started picking on them. You don't have to get all huffy because Microsoft had to rely on the awesome power of Linux to save their bacon. They went with Akamai to load balance a site, and Akamai uses industrial strength Linux. So yes, inadvertently WindowsUpdate.com IS running on Linux. The scan from Netcraft was correct. So Sorry. Thank You For Playing. No rumors here. It's the honest to God's truth.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
Makes ya wonder why they didn't write the worm to attack microsoft.com doesn't it?
... from windowsupdate.microsoft.com ?
It's ok, microsoft.com can take it.
Can they? This is possibly 50% of machines *in the world*, at worst anyway.
But people can just update...
But we can just drop the domain...
What, change the company name because of a DoS attack?
Tricky one, isn't it? Looks like MS got let off.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Under XP, look under Control Panel - Accessibility Options. General box. Yes, those two little ones down the bottom that really shouldn't be there but were tucked in there because they didn't fit in anywhere else. Heh.
That's because the version on their site is oooold. Microsoft didn't write MBSA - Shavlik Technologies did. Last I saw there was an MBSA version that could actually download the patches there. Looks like they took it shareware?
Next time, virus writers - microsoft.com - let's see them turn that one off ;)
Get your own free personal location tracker
is it just me, or is nowhere in the article did it say that they were going to take down http://windowsupdate.microsoft.com? From the C|NET article, "Although Toulouse was mum on the specific steps the software giant is taking to prepare for the attack, Microsoft is advertising alternative ways to get downloads and information from its site. The company has put more than 10 links on its main Web site to send people to more information and alternative channels for downloading updates." Also, near the end of the article: ""I doubt Windows Update will go down," Maiffret said. "They have a big network, and it's very distributed."" Nowhere did I see anything about shutting down windowsupdate.com.. ?? And I'm at the site now, and it appears to be working fine. Did I miss anything?
Try not to let life get in the way of living.
was referring more to the part of your post where you made fun of her not knowing if unplugging her computer was enough.
;)
I was making fun of her because she is my mom (remember how I even said she was smart enough to ask). She is also the first to tell you to kiss her ass. We play for keeps in my family. Most people would have trouble dealing with so much "in your face humanity". Really, it gets pretty wild, although it still sounds weird hearing your own mother refer to someone as a "fucking asshole". And no, they are actually upper middle class, lol.
As to the crap you developers keep throwing out, remember, the first step is admitting you have a problem. Next is seek help among others with the same problem.
Tequila: It's not just for breakfast anymore!
50 MILLIONS people that cannot heat their dinner or have a hot shower, airports blocked, wall street that cannot make business, the white house and the pentagon that survive on emergency power supply, as you pretend to be the richest and whealthiest country in the world ?
How can you possibly tolerate this !! Don't you ask yourself any questions ??!?? Do you never think "is this normal, in 21st century as we spend 400+ billions dollars in your defense and big corporations don't pay taxes, is it normal I can't have light at home !!?!! Is this kind of failure acceptable ?? " Don't you ever wonder if in some other countries, things are different ? I remind you electricity has been discovered more than 100 years ago and we perfectly know how to transmit it safely.
Don't you ever wonder where the fuck are your taxes and your electricity bills going to ??
Please, open your eyes, don't be so dogmatic.
What kind of freedom do you have, except walking in the dark ??
Which makes me wonder how much fun and games would have erupted had some Wiley Hackist been able to perform a similar trick, being sufficiently careful to conceal the payload (unlike the dingdongs behind this one), which would then have DDoS's something similarly large at midnight on the first day of the year 2000.
Is it fascism yet?
Brightest of the pack??? I stopped using MS products because they were the most shoddy, buggy, poorly designed pieces of crap I have ever seen outside of script kiddie shareware. If their programmers are the "brightest of the pack," then their management must be on crack to be directing them so poorly. MS is a screwed up company. I dealt with their crappy products for nearly a decade, so no one can tell me differently. Their security problems are just the tip of the iceberg. From their DOS print string function which used a dollar sign for termination[1] to Windows which would automaticly change settings to the wrong values because they think their three lines of code knows better than the user.
[1] Yeah, you heard right a printable character, so if anyone needed to print a string with a dollar sign in the middle, they would have to print the first half of the string, output a dollar sign with a different function, and print the second half of the string. No wonder most programmers used the BIOS functions or direct access to the video card for display. They'd do it even where DOS would've been more appropriate. Don't even get me started about the bugs in the console functions. These are simple things any inbred script kiddie could do. They had years to work on them, yet DOS still had problems.
car in roadworthy condition, huh?
I mean, what business is it of anyone else's if your brakes are bad, you have bald tires, and huge chunks of the car falling off as you drive down the street.
Microsoft BSA utility which scans your computer? Methinks Pharmboy will get a visit from the stormtroopers tomorrow. ;-)
Stormtrooper via megaphone says: "Alright everyone. Hands off the computers. This is a license audit!"
Facts you won't see: Microsoft had 2 announced holes last month. Linux has 9.
"Sufferin' succotash."
I thing the power outage did a good job of securing my computer for 24 hours.
Works fine here, go to "Tools > Windows Update" and I get a v4.windowsupdate.microsoft.com/blah/blah page which allows me to scan for updates, going nowhere near a windowsupdate.com site.
They're obviously worried that something is in the wild that is hard-coded to attack WindowsUpdate.com, else there would be no point in abandoning that domain and moving to another.
Well duh....
The article says that the attack did not come from the Blaster Worm. I am not sure if I believe this.
Probably true, but the authorities could be in denial. Remember the shuttle disaster. For the first few days, they said it definitely was not caused by the foam issue.
The BSOD (Black Smoke of Death).
I think everybody is missing the point on this whole issue. Fact :- Blaster is a worm, who's payload was intended to dos windowsupdate.com, rendering it unavailable to the folks using it.
Fact :- windowsupdate.com is 100% unavailable.
Conclusion :- Blaster is the most successful virus/trojan to date. It didn't just cause a few hours of unavailability, it wiped the domain from existence. Not just any domain, but a prominent microsoft domain (high profile, big budget website) totally obliterated off the internet.
Folks can say what they want, and argue about the politics of it all, bicker about who is responsible to update what, and whatever, but you cannot deny the facts.
Blaster is head and shoulders above the crowd as a denial of service worm, the first to achieve a 100% success even prior to actually triggering.
Say what you want folks, but this has got to go down in history as the most successful worm ever.
It's already the sixteenth down here in the merry old land of Aus. We have computers too.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
You don't have to/aren't prompted to create an unpriviledged account.
If the vast multitude of windows exploits are merely proportionate to market share, why is it that IIS has the bulk of web server exploits, the bulk of 0wn3d sites, and lags Apache in market share?
Redmond would be releasing hundreds of them every month.....
PENAROL: Seras eterno como el tiempo y floreceras en cada primavera.
Perhaps an entity is attempting to mitigate every convenient method by which a Windows administrator or user can retrieve updated packages.
Perhaps this entity has discovered another Windows exploit.
Once the vendor distribution services (Windows Update, for instance) were rendered inaccessible, the hypothetical entity could then invoke its exploit. And, until the services were restored, every affected machine would remain involuntarily susceptible.
Imagine the possibilites!
Do you like German cars?
Ok, windowsupdate.com is history:
nslookup windowsupdate.com
Server: localhost
Address: 127.0.0.1
*** No address (A) records available for windowsupdate.com
Because someone spent a couple weeks writing a worm
and convinced 200,000 computers to attack it. Rather
than attempt to withstand the attack, Microsoft decided
that the domain was not important enough to defend.
What happens next week when someone modifies the worm
(which will take hours/days instead of weeks) and attacks
a more important domain (www.[yourcompanyhere].com)?
Does anyone think they could have withstood an attack
of this magnitude? (200,000 * 20pps = 4 million pps)
By Akamai-zing perhaps.
i believe that if Microsoft Windows is compared to unixes, Windows are far more secure. Please see Mirosoft Hatred, the beginning follow down to MS hatred FAQ. Xah Lee
To further add to the conspiracy take a look at some of the clients on the Power & Utilites - Client List page:
ConEdison.
Brooklyn Navy Yard.
New York Power Authority.
Brooklyn Navy Yard.
matrikon.com
While they market mostly monitoring tools that run on client-side Wintel machines, it still makes you wonder. I admit that I laughed when I first heard of people trying to make this connection, now it seems slightly less improbable.
Opps,
The last client in that list should have been:
Orion Power - New York
Sorry 'bout that. The point is all of those are players in the NY area black-outs. ( Brooklyn Navy Yard, at least the non-critical areas, was affected and they run their own grid.)
In 2001, after Code Red infected some 350,000 computers, it aimed a similar denial-of-service attack at Whitehouse.gov. Network administrators were able to move the site from the targeted Internet address and sidestep the attack. Moreover, despite hundreds of thousands of PCs flooding the Internet with data, local network outages didn't happen. The major difference here is that Code Red was targeted at an IP, Blaster is not, rather a domain.
"extinguish" Windows
h-t-t-p-colon-slash-slash-slash-dot-dot-org
I wonder if Microsoft has cut SCO a cheque for the move to Linux?
IS TOO LONG!!
windowsupdate.com is about as useful as whitehouse.com
Seriously though, windowsupdate.com was just a redirector for those who don't know the real URL (not quite the high profile-big budget website, but close.) Same thing goes for technet.com. Too lazy to type the real URL, MS conveniently provides a TLD URL based on what you're looking for.
The automatic updates and windows update option in IE both connect to windowsupdate.microsoft.com.
I'll grant you that 100% success for Blaster, but it's kind of silly if you takeout whitehouse.com when you were really aiming for whitehouse.gov.
Life moves pretty fast; if you don't stop and look around once in a while, you could miss it. -FB
"Thank you for your interest in Windows Update Windows Update is the online extension of Windows that helps you get the most out of your computer. The latest version of Windows Update is available on computers that are running Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium Edition, Windows 2000 (except Windows 2000 Datacenter Server), Windows XP, and the Windows Server 2003 family."
That's how they plan to deal with the attacks? Just put up a simple html page? What if I wanna do an update?
Man, this virus's payload was a real fizzer!
That'll learn me!
Here ya go: M$'s WMV 9 codec for WMP 6.4 & 7.0 Gotta give the credit to Google for locating the site...
"I like systems, their application excepted", George Sand (French)
The most 'impressive' denial of service going on here is the social one. Get a lot of folk out there that are manually trying to get patched, all together and it's going to cause a hell of a spike on whatever machines service the update. This is aided slightly by some good meeja stories.
Removing the DNS for windowsupdate.com is one thing but windowsupdate.microsoft.com looks a lot like toast right now. That could be because there are variants of the worm, I suppose, but I'd wager it's the monkeys at keyboards.
Imagine if they didn't have the best part of a month to patch and a week to prepare for the ddos. How about an hour or so to code for a new exploit and 15 minutes for it to propagate? Patching isn't going to save anyone if that sort of thing ever because commonplace.
ash
Well, not since april's fool, anyway...
/. summary. Even the part about WU downtime being due to the worm.
1/ Nothing besides a couple of "helpful suggestions" on public mailing lists states that windows update might change URL.
2/ If you look at the netcraft grph, you'll see that the "linux" entry isn't the MS web site, it's a MS-owned IP. What it simply shows is that, for some times, Netcarft's probes where not served directly ba MS's servers but by Amakai's cache. Simple as that.
3/ ALL the articles and web pages are missquoted: they usually specifically say the OPPOSIT of what's stated in the
I would suggest permanently baning the poster from ever submitting news again. Remember folks: it's not because you WANT it to be true that it is true.
add spybot to the list.
I use spybot, zone alarm, avg anti-virus, mozilla, mail via yahoo (excellent free anti spam protection), and never use IM or anything by Micrsoft except the operating system itself (e.g. no IE, no outlook,etc)
I've tried a few free anti pop up products; all work good but none work great.
oh, and turn off ALL automatic upgrades.
There are rumors that the NY power blackout was caused by a worker from Springfield Nuclear Power Plant, from sector 7G. The workers name is assumably Homer Jay Simpson. Owner of the plant Mr. Montgomery Burns hasn't stated anything to the press yet. Our reporter was chased away from his property by fiercious hounds :)
http://bstring.sf.net/
You want to know that sad thing? Microsoft has 3 very well known ways of dealing with buffer overflow that their own developers do not use:
1. MFC's CString class
2. STL's std::string
3. A length guarded C library called SafeString.
Each one of these exposes a usage that completely protects from buffer overflows on string manipulation (including input.) Microsoft VC++ has access to all 3 APIs. MS has no good excuse for having lame string based buffer overflows anywhere in their code.
Yes, string manipulation is not the *only* situation where buffer overflows can happen, but its clearly the most prevalent. And if a string library is augmented with full binary string capabilities (i.e., dropping the '\0' termination condition) then you can use a buffer-overflow safe string library for more tasks, most importantly -- *ALL INPUT* tasks.
A link on Slashdot...;-)
That's life, the gas turbines are cheaper.
However you could make more use of the Solar II Solar thermal stuff mentioned in slashdot a few weeks ago. They produce power period as the aircon requires it and they reckon they can scale the technology to 400MW.
Deleted
onall "find / -name msblast.exe -exec chmod a-x {} \;"
Where onall is a trivial shell script wrapper round rsh, ssh or whichever equivalent you use.
Deleted
Let me tell you about a place, somewhere up in Redmond way
where the people are so gay, patchin' the night away
Here they have a lot of fun, puttin' worms on the run
Oh man you'll find the old and young patchin' the night away
Here's a man in evening clothes, how he got here I don't know
but oh man, you ought to see him go, patchin' the night away
He's getting ready to reboot, he just installed a service pack
Oh man, there ain't nothing like patchin' the night away
Feel much better
Here's a fellow in blue jeans, who's fighting with an older box
reloading Windows 2000, patchin' the night away
Man you ought to see him go, patchin' to the rock and roll
Here you'll find the young and the old patchin' the night away
They're patchin', patchin', everybody's doing great
They're patchin' man, patchin', they're patchin' the night away
Patchin', you know they're patchin', patchin' the night away
They're patchin', patchin', man patchin' the night away
Here they have a lot of fun, puttin' worms on the run
Oh man you'll find young and the old patchin' the night away
Here's a man in evening clothes, how he got here I don't know
I don't know but man you ought to see him go
Patchin' the night away
Well, there's no shortage of weasels in the administration...
Sean
I'm really surprised that they actually took windowsupdate offline.
Just to clarify (though I think you understand this), they unregistered the windowsupdate.com domain, but did *not* take the Windows Update service offline.
The windowsupdate.com domain was only a "redirector" domain anyway. The service itself is hosted at windowsupdate.microsoft.com, but apparently the worm-burners weren't very clever on this point, and they pointed at the redirector domain instead of the real thing. This let Microsoft retire the redirector as part of a defense against this particular worm. I'd say MS is just being opportunistic, because basically very few people ever used windowsupdate.com to get to the Windows Update service anyway. For example, if you click Tools | Windows Update in IE you are sent to windowsupdate.microsoft.com, not to windowsupdate.com.
windowsupdate.microsoft.com canonical name = windowsupdate.microsoft.com.edgesuite.net.w supdate.microsoft.com.edgesuite.net canonical name = a822.cd.akamai.net.
windo
Name: a822.cd.akamai.net
Address: 63.208.194.73
Name: a822.cd.akamai.net
Address: 63.208.194.97
makes sense to me.. add 15,000 servers to your pool.
They should have done that the first time around.
Microsoft aggravates my tourettes syndrome.