Slashdot Mirror
Virus Knocks Out U.S. Visa Approval System
GillBates0 writes "According to this story and many others, the State Department's electronic system for checking every visa applicant for terrorist or criminal history failed worldwide late Tuesday because of a computer virus, leaving the U.S. government unable to issue visas. The virus crippled the department's Consular Lookout and Support System, known as CLASS, which contains, among others, names of at least 78,000 suspected terrorists. It was unclear which computer virus might have affected the system. But a separate message sent to embassies and consular offices late Tuesday warned that the Welchia virus had been detected in one facility. Welchia is an aggressive infection unleashed last month that exploits a software flaw in recent versions of Microsoft Windows."
1.) Use a firewall to block unnecessary access from the external network
2.) Patch Windows often
3.) Use anti-virus software and update the definitions often
I would have thought that the State Department would at least do these minimums (to keep its systems "safe from evil-doers"), but I guess you can't even expect that much from government work.
C:\>
As much the Slashdot community hates Windows and likes to dump on its flaws, I've realized one thing: Windows means jobs in the IT security sector. As a Network Security technician, my job is, among other things, to make sure the latest threat to Microsoft software doesn't bring down the entire infrastructure in the federal department where I work. At least twice a week, my office has a meeting where we discuss the latest Windows virus or exploit, organize a task force, and then do a system-wide deployment of the fix to some 2000+ clients. I like to think that as long as Microsoft keeps making, er, crappy software, and as long as we still have crackers writing virii and trojans, I don't have to worry about losing my job. If there was some magical "perfect" sofware that never needed fixing (note: there isn't) then we wouldn't need IT security professionals now, would we?
Why is such an important system run on Windows? This isn't an "MS sux0r5, install Linux" rant, they should use the proper systems for the job. If that tool is some open source stuff or closed source then so be it but you can't tell me that this database can only be run on Windows.
Of course "When your only tool is a hammer, every problem starts to look like a nail."
Trolling is a art,
Go ahead, make fun.
Maybe this was so Microsoft could import more foreign programs to fix their bugs.
Visa as in Pass into the United States.
Not as in Credit Card.
credit card? read closer.
Hard loop..... huh?
Dynamic Designs
So now even terrorists using a fake name won't be able to get into the US!
READY.
#
Seems like there's a Mastercard joke in here somewhere.
And here I was thinking about all the new "Already approved VISA platinum card!" in my inbox...
I almost thought there was no online shopping at work for me today!
I think I speak for every /. skimmer when I say, DOH! :)
Again, this is why I am switching to art... all those similar words (like VISA, visa) are confusing to me
stuff |
Dang, just imagine how many people that is. Have they actually researched all those people? I am just baffled by the sheer number and really wonder how they came up with that list.
Use Adsense for Charity
Please keep an eye out for mid-eastern looking people, they are most probably terrorists.
Do not, under any circumstances, sell them nuclear weapons or plastic spoons.
Not being able to check every visa applicant for terrorist or criminal history...
...priceless
i like this article, you managed to point out that it was Microsoft Windows without directly pointing it out. I was looking for the manditory finger shacking but i was happy to see it not there !
So they'll blame this virus attack on terrorists then maybe?
Well, it would have been interesting if the terrorists created a virus that got inside these systems and then started having some fun with the data...
Good to see that security is taken seriously in the government and that systems such as these are protected.
// instant - "I for one welcome our new Decaff Coffee-Flavoured-Coffee Overlords"
security professionals would still exist to protect users from their own stupidity.
expect terorism outbreak soon.
With that aggravating beauty, Lulu Walls.
According to a CNN article, the State Department shut down the network to prevent the spread of the virus. It was down from noon until 9PM on Tuesday. Shutting down a network on purpose is different from having it "fail" due to a virus.
There is no sig, there is only Zuul.
Some day soon there will be a class action lawsuit against M$ regarless of their 'Hold Harmless Agreement' in the EULA.
And BTW, firwall WON'T in and of themselves stop this kind of attack. Sure firewalls are your first line of defense, but all it takes is someone that has a notebook that is infected from home, a business trip or somewhere ELSE to bring it as a 'trusted' device on your clean network and BOINK, you are infected internally.
What is a gov agency doing having open ports on their firewalls anyway?
Honestly issuing visa's is just way to importiant to trust to a closed OS with known security flaws, with at least one major one a month.
MS is so entrenched in the gov now that its kind of scary, that one day a order might come down to homeland security that some town is nothing but terrioriests and should be arrested, then taken to cuba. Meanwhile some hacker in the assend of the planet wiring a virus to gain entry to the gov systems is laughing his ass of at Ma and Pa being taken to a Marine base in another country.
"The word "genius" isn't applicable in football. A genius is a guy like Norman Einstein," - Joe Theisman
Singular: visum, plural visa.
NOT singular: visa, plural visas.
From the parent comment: "... Microsoft keeps making, er, crappy software
I just want to say that I appreciate the tactfulness, sensitivity, restraint, and diplomacy of that remark.
Because remember, if you use Windows, the terrorists have already won. (its a feature, not a bug)
... yesterday's cliche joke, today's sad reality.
Why not have a PSA for this spammed out to the nation for a couple months?
Though I suppose it could be disqualified as the advertised danger apparently actually exists.
// "Can't clowns and pirates just -try- to get along?"
Not allowing remote logins to something this important might be a good idea ^_^
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
How on earth does the government come up with a list of _78,000_ suspected terrorists? This is the type of indiscriminant prejudice that a seige mentality creates. This is a list of everyone who ever talked to anyone who ever talked to someone who might be a terrorist. In many ways these people's rights are now forfeit.
If the US government actually cared about human lives, it would be spending this type of attention on automobile safety (50k dead a year in US) or malaria (>1 million dead a year worldwide) or cancer (half a million dead in US per year). Compare this to "terrorism" which has claimed maybe 5000 lives in the past 30 years.
Instead we spend more on a "war on terror" in a year than has been spent in the entire history of cancer research.
-braddock
if they had read slashdot, they would have done all of these mistakes: - They didn't find out if they can run Linux, not BSD, since it is dying. Or maybe they ran Linux, but the SCO license fees were too steep? Or maybe they didnt add the debian sources and do an apt-get to get updated packages to get good protection against worms and viruses? Imagine a beowulf cluster of these non-patched government servers! ...which is kind of an utopia since the monopolistic evil Microsoft would stop that from happening anyway.
Perhaps their plan is simply to:
1. Run unpatched Windows servers for the visa approval system
2. Capture the visa thirsting masses
3. ?????
4. Profit!
Ah well, in soviet russia people get their visas on the black market - eliminating the problem with broken computer systems... and who needs computers anyway when a TiVO is much better??
Not that we care, we live outside USA, you insensitive clods! This post is a dupe anyway...
Karma: Funny status; Witty reason
You don't put users and the servers inside the same firewall... do you?
Sorry -- I cannot think of a clever sig.
Well, I guess the good news is that we can be reasonably confident that at least they aren't running OpenSSH...
Not trying to bash Microsoft but....
I assumed that ppl who run critical services were not from that class of "Internet guys who just want to check their email and browse the web, and don't even know what a patch is".
So, my question is: Why in hell does anybody uses a system that has a track record of so many bugs, virus, crashes, etc ?
I see this more and more: A "breakthrough" is made by some stupid CEO in a companny and in a matter of weeks everything is run under windows. Why ? because it integrates better... "we now have single sign on... for virus too: they just get in one computer and can spread around easily"!!!!
Damn stupid morons...
Evidently, the virus was patched/cleaned pretty quickly, and there was no real security risk, as in national security, because when the system is down, they simply do not issue visas. Most places they probably just told people to come back tomorrow.
You gotta wonder about how long it is before a windows virus kills someone though. There have been a few close calls, but maybe after the public starts loosing their lives cause of M$ bugs people will start to go "uh.. maybe we should install some *nix machines"
I swear the world would be a much better place if M$ had it's market share on the desk top knocked down to 70% or less. Then maybe the market forces would take over and force them to improve their wares in ways that benefit their customers and not just themselves.
First high level government agencies and departments suffer "apparent" virus attacks while running MS Windows...
Eventually MS will start pushing their Trusted Computing bullshit as the ultimate solution for blocking attacks on their own flawed products.
Oh and it will keep those nasty terrorist guys out too! Did we (MS) mention terrorists. Oh we did ok...
So who's responsible for IT security there? If they've outsourced IT security to Microsoft or Symantec, then it is well past time to fire them and put some linux or unix-based (low-cost high-availability) servers up. Ask any Linux sysadmin how they survived the last two months worth of email virus bombardments. Then ask a Microscrap Exchange administrator. Do some simple math on the time and therefore money involved with maintenance of these systems. Why is no-one outraged about the tax dollars being wasted on cleanup of Microsoft-platform based email viruses?
http://tinyurl.com/4ny52
Not allowing remote logins to a national database used to approve visas all over the U.S. which is located in one spot? Do you see the problem?
Ultimate control hinders flexibility. If you want to fill out your application for a visa, send it by mail which will be handled by hundreds of people, to receive your visa which will be mailed to you, again handled by hundreds of people, rather than create a network which will allow someone to remotely access the information that they need in an environment more trusted than the U.S. mail system?
This is not your mom-n-pop accounting database, this is used all over the world. Eliminating remote access is not really an option.
.. As long as any half-*ss kid can write 'applications' for the OS by point-and-click on Visual Basic, Windows will be the OS of choise. Too many companies are making money of cutting and pasting together apps.
It isn't the OS that counts, it's the applications that run on it. If it gets the job done, nobody will give a rats ass what OS is beneath.
To Terminate, or not to Terminate, that's the question - SCSIROB
Personally I'm not so much worried about them being knocked offline for a few hours as I am about what this incident says about security at the place. If security is bad enough for this to occur, it is probably bad enough for an intruder to *alter* some of the files.
...why governments like Germany, etc, etc, are switching to either Linux or Unix. Windows is just one big gaping security hole. Windows is insecure. It has evolved from a single-user simple desktop on top of DOS to what we have today without much thought to security except for an easily circumvented login.
Unix (whatever your favorite flavor - Linux, Solaris, HPUX, even OSX etc, was designed from the ground up to work in a networked environment. That at least gives you a fighting chance of maintaining some level of security provided you or your MIS department set the system up right (like... dont use a default root password).
If Microsoft wants to save their market share, they should start looking into a Unix-type OS. Either port BSD (they have anyway in their TCPIP stacks) or buy someone out (um, SCO maybe - or maybe I'm psychic?).
Stop trying to push a derivitive of WinNT which came from MS OS/2 launched back in the late 80's.
Sorry to rant on so much and restate the obvious, but geez. How many times before people wise up. Every time some script kiddie throws together some crap and unleashes it, corporations and governments get clobbered.
Jail time for virus authors isnt going to solve the problem, it's time to attack it at the source: Windows.
- Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
- Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
- Attempts to remove W32.Blaster.Worm.
I guess all that aggressive system patching is what brought down the visa system. At least now the department's sysadmins can go back to readingIt would be a lot harder for stuff like this to happen if they would:
- develop cross-platform applications
- use a variety of platforms
That doesn't replace having an adequate system in place for testing and installing the latest patches. It does, however, guarantee that slipping up and missing one patch won't stop you cold. It may slow your enterprise down, but stuff will still get done."Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
What? They cracked the slashdot users file?
is only 0.001 percent of the world population. If you consider that "suspected terrorist" includes groups besides al Qaeda, such as some of the separatist movements in various parts of the world, 78,000 is not very many people. To put it another way, there are 191 nations in the UN, so this gives 408 people per country on average. I could believe there are 408 people who could be "suspected terrorists" in the US without putting on my tinfoil hat -- just think of groups like ELF, various right-wing militias, etc.
Some day soon there will be a class action lawsuit against M$ regarless of their 'Hold Harmless Agreement' in the EULA.
Actually, Business Week had an article about that a couple days ago, which I submitted last night (it was rejected). The author closed with (paraphrasing) "Maybe it's time some big customers refused to buy software without some sort of guarantee."
These last few worms and e-mail viruses seem to have become the collective last straw. The unwashed masses are finally beginning to grouse about buggy software-- the tide is slowly beginning to turn against onerous "no liability" EULAs coupled to expensive software that is critical to business.
A few years ago, Microsoft was very quick to whine that any delay in the release of Windows 98 forced on them by the government would hurt the U.S. economy and/or bring about the end of the world as we know it. Well, what about all these businesses who have to eat the costs of cleanup and lost productivity every time there's another Windows worm? Nooooo, that doesn't hurt the economy at all, does it?
~Philly
The software is bad enough; but the patch process is ridiculous.
If you could patch non-kernel portions of the OS without rebooting, it would be a lot easier on the average Windows admin who has to argue for downtime with the internal customers.
And while you're at it, let's not install every application in the OS every time.
Hot Damn! It's the Soggy Bottom Boys!
Ok, in places where you HAVE to use Windows... PATCH. PATCH OFTEN. PATCH. PATCH. PATCH. Most of the viruses attack known vulnerabilities. If you get torked by a worm or virus because you didn't patch, you deserved it. Their IT team should be slapped.
Before anyone mods me as a troll, let me say I prefer Linux to Windows these days. That being said, only one time in the article is Windows mentioned.
It was unclear which computer virus might have affected the system. But a separate message sent to embassies and consular offices late Tuesday warned that the ``Welchia'' virus had been detected in one facility. Welchia is an aggressive infection unleashed last month that exploits a software flaw in recent versions of Microsoft Corp.'s Windows software.
That says they're not sure what virus, and the mention of the other memo really doesn't tie these two together.
So really, nowhere in the article does it say that this was a Windows virus, not even what virus it was.
One could easily assume, of course, that it was a Windows virus on a Windows network, but the text just isn't there.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
That explains why he's always smiling.
On a serious note, how about either not allowing in laptops or mandatory auto-update on them before allowing them onto the network? Or perhaps keep them on their own node with anti-virus scanners between it and the main network?
Er... firewalls are not just perimeter devices.
I am responsible for 4 SQL server clusters, the yare firewalled off from my users, who in turn are firewalled off from the outside world. Critical departments are segregated from the rest of the company.
I know what I'm doing in my job - that's what I get paid for. I know Windows Servers and SQL inside out. I also have a good knowledge of networking theory in general. That knowledge isn't MS supplied, it comes with experience and obeying basic ground rules, and it's usually drivem by common sense and by not taking risks.
The government clearly employs people who either take too many risks or don't know what they're doing. It is possible to weather a Welchia/MSblast storm and not have it affect your network, thus it isn't MS's fault. Holes in MS software are part of the problem, but the real problem are crap system administrators and the people who write exploits in the first place.
And if you think that by not running an MS OS, you are somehow secure, you're living in cloud cuckoo land. You are less likely to be on the ball...
Apparently they didn't. Does this incident change their view?
H1-B visas? If it does, then, well allright! Here's hoping it stays down a longggg time.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
have any of you actually bothered reading Symandicks Virus Advisory on this?
Welchias (if it actually was Welchia) one and only purpose in life is to propagate from machine to machine, killing MSBlast and updating the RPC service to the newest "vulnerability-safe" version.
This is basically windozeupdate taken to the extreme, including the function that has the virus deleting itself if the date is 2004.
I cant shake the feeling that the author of this beauty is sitting somewhere in his starspangled-banner-wallpapered room screaming righteous indignation for getting slandered while actually saving the US from the big, bad foreign terrorist threat.
There's probably a joke here. Anyone know where?
http://www.switch2firefox.com/
There's only one way for the mentioned virus to propopate off from big iron or Unix servers to other desktops or Windows servers: CIFS. So unless people were mounting Windows shares from the server it would have to be some sort of Windows box, probably running MS SQL Server.
That's their fault, regardless of MS or anyone else. IF they can't be bothered to keep their stuff up to date this late in the game, what good are they?
Hell, at least welchia will patch their systems for them...
Immediate term bashing aside
The reason open source is supposed to be better is that when lots more people (like 15% market share worth) run linux, then there will be more resources being used to update and error check open source software - theoretically. Comparing Linux with a small market share to windows with a large market share in terms of bugs is not appropriate, and considering the paid resources available (but maybe not used?) to Microsoft, it is amazing that open source even compares.
Not to knock Volunteers at all, but if every company who used open source in a major way paid for 1-2 full time programmers, which is a relatively small expense, maybe Linux would have an even better security track record. Microsoft can't get much bigger, and their software maintenance model has still proven itself unworthy.
With 3 OpenSSH patches + sendmail in that last week I'm sure UNIX peeps have been busy. Of course updates seems fewer than windows but it still keeps us all in work
Rus
Cheap UK and US VPS
Good grief. We need a 12 step program for sysadmins in critical locations to break their Windows addiction.
-You may license this sig for only $6.99.
I find it interesting that W. and staff is pushing known insecure systems throughout the government. At the same time, they state that by putting in a firewall, a known insecucure system is as safe as *nix. But of course, in our government we have always had traitors, some who believe in a cause (such as the 2 airmen), and others who will simply take money to look the other way( or to change a final judgement) or to possibly just conenct a laptop into the network. There is no way to secure a computer network, even when not plugged into the internet. Our society is all too willing to accept an insecure system to be plugged into the network. Witness the nuke plant that was infected. It is almost certain that at this point, that a number of virus have been created by UBL that target US (and propably the world) systems to feed info back to them and quite probably to feed money back into their accounts. What Allah does not provide, then willing theives will.
W. et. push security and are having us give up liberties (supposedly temporary), but they are not willing to change their systems due to their pocketbooks.
Bad policies.
I prefer the "u" in honour as it seems to be missing these days.
I would argue that the deaths in the last 30 years far exceed 5000, although the exact numbers depend on how you define terrorism. If you include the various separatist movements such as in Ireland, the Phillipines, and other countries you would easily exceed 5,000. Or look at some of the cross-border disputes, such as Pakistan-India, many of the deaths are due to so-called terrorist activities. Thousands have died there in the last few years.
I will admit that defining terrorism is a squishy subject, that politicians modify to their advantage, but saying only 5,000 have died in the last 30 years wildly underestimates the death toll.
Sheesh, I heard about this on The Truckin' Bozo show last nite. When a truck driving show beats Slashdot to the news, it's the dawn of a new age.
-- Liberalism is a mental disorder.
That's ok. I'll just get an American Express card instead.
I'm a leaf on the wind. Watch how I soar.
As much the Slashdot community hates child molesters and likes to dump on their flaws, I've realized one thing: child molesters means jobs in the law enforcement and social work sector. As a police detective, my job is, among other things, to make sure the latest threat to our children doesn't bring down a life in the city where I work. At least twice a week, my office has a meeting where we discuss the latest incident, organize a task force, and then do a rescue. I like to think that as long as child molesters keep on, er, molesting, I don't have to worry about losing my job. If there was some magical "perfect" society that never needed policing (note: there isn't) then we wouldn't need law enforcement now, would we?
Though the story is worth a laugh in a way (wether its true that the system got infected or was shut down to prevent infections), it really isn't funny.
.
It just indicates some important systems are run badly enough that they can be taken down by some avoidable exploits (or fear of said exploits). When these are government systems . .
I used to think the idea of an electronic Pearl Harbor was unlikely. However, considering recent events, I must admit I'm revising my opinion. If we have one it will not be so much some clever virus writers/crackers, it will be because of people's own ignorance of safe and rational computing practices.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Ummm, maybe give us the first letter?
VIRUS: It is everywhere you don't want it to be.
From official US gov't literature:
Posts may process a V visa for any applicant with a V CLASS hit
...
Names of derivatives who aged out have not been entered into CLASS as they are no longer eligible for V visas.
Call it what it is: A Microsoft Windows virus. Maybe if the media keeps pointing out what us /.ers already know, the general public will get it through their heads that their choice of OS makes a difference.
A firewall isn't going to protect your network if you have people with laptops. It only takes one person to plug it in at home or on the road to bring down the house of cards. Nimda broke out on our corporate network in this manner thanks to at least one of the marketing guys.
Your other suggestions are spot on though: keep everything up to date.
Does the system really need remote logins though? How many databases are there out there that use various other interfaces to get to it. Seriously, something like this is going to be on a db server, with a front end app server. The db server should be locked down to only allow access from whatever method the app server uses to communitcate with the db server...that is it. I can see the app end being in some sort of DMZ, but I can't see why they do not have some sort of system image avail. for it to recover from something like this.
Professionals are users too. :)
I think that we have to remember that computing is still in its early childhood; Eventually software will become more secure. People often state that software is becoming less secure, but one has to remember that today's software is exposed to many more challenges and malicious influences than software 5 or 10 years ago. There are a finite amount of vulnerabilities in code. Once software is "mature" and no longer has new versions coming out every few years, those vulnerabilities will start to disappear. After the same piece of software has been in use for 20 or 50 years, then I suspect it will be quite secure. I do recognize that there will always be a human factor providing insecurity. The human factor, however, will not be the fault of the software.
MY GOD! Have we all become lemmings? I mean, we could all fill buckets of water from the Pacific Ocean and then transport and dump it into the Atlantic because "we can't find a job", but it isn't productive now is it? Wake up! With the amount of time wasted on this, we could use our resources to better society, not fix the problems laid upon us by some greedy corporation. If we didn't have Microsoft problems, then you could use your IT skills to help a school educate children to use computers responsibly. That would be productive.
No, Microsoft (and any other corporation) who haphazardly builds an unsafe product and continues to build unsafe products even after being notified, criticized, and slapped on the wrists by the government solely for money at the cost of our labor pool and IT funding should be boycotted until they get their prioritites staright => custormers and their concerns come first, then profit.
the illegals will still got in using American Express.
Sigs are bad for your health.
I'm setting up an offshore prayer service, just call in with your credit card and I'll have my professional anti viri prayer staff to ensure that your machines keep running virus free 24/7*
*This statement has not been validated by the FDA or any other scientific body...
10 Must preview after edit.
20 GOTO 10
Sigs are bad for your health.
Was I the only one let down that this wouldn't mean I would stop getting those annoying YOU ARE PRE-APPROVED FOR A VISA CARD! offers?
It's 10 PM. Do you know if you're un-American?
None of the article's say for sure that it was a windows viris... It could be anything.
All they do is do some speculation based on another unrelated anouncement.
Geez, if they used that same poor sepculation to link it to Linux every one would be in an up-roar about that.
Geek != MS Hater. Some of use like them and the work they do. I'm constantly amaized that all my software/hardware keeps working dispite upgrades from 95 -> 98 -> 2k -> XP.
If you want to talk about network security and best practices go ahead, but leave the MS bashing behind, you just end up sounding silly.
"Failure is not an option, it's part of the standard package"
I'm not absolving the State Department of responsibility for this error; they messed up somewhere, they need to fix it. I think, though, that they could at least do some "damage control" by keeping the problem undisclosed until the security hole is rendered benign. Unfortunately, I have no idea how the State Department could keep something this large under wraps, but I'd think using a little more discretion in internal communications is in order.
Then again, if someone doesn't drop the ball in a big ignorant entity, Slashdot readers wouldn't have an easy target to insult...
Losers choose to abuse the use of "loose".
I mean, you hear about such people with a almost a full deck of fake identities. It'd be like counting unique IPs used to access a site, and equate that with the number of individuals.
And after all, I expect the terrorist:suspect ratio to be rather low, it's not like there are usually any big telltale signs you're a terrorist. Most likely they're members of some organization where extremists might resort to terrorism, would easily add up to a few people...
Kjella
Live today, because you never know what tomorrow brings
What system admin would put such a machine on
the internet? In addition why would they *NOT* make a backup?
Easy way for the U.S. to put more restrictions on the internet because one of many government employee incompetents can't perform their function properly. If the head of the fish stinks, so does the rest of the fish.
What's the person's name anyway? If I ever hire someone to run a windows machine directly to the net without protection and no knowledge of tierciary storage or patches I want to make sure I hire the right person. (ie- operates mouse) Who is thie person's boss? Will they get fired? I want the scroop!
In the overall picture, it's just almost as bad as allowing sketchy foreignere to operate massive 747 jets. How many 747 airports are in kerplakistan anyway?
Regards,
Friendly Neighborhood Spiderman
In many ways these people's rights are now forfeit.
Bullshit. These people are foreign citizens;
Sorry human rights and the right to fair treatment below to EVERYBODY, regardless of citizenship.
We have accepted standards of treatment for people we are actively at war with. People who have no apparent hostile intent should get treated at least as well.
Murder means work too. Are you willing to die a few years early so detectives, attorneys, and judges can have jobs?
I would really much rather design and build secure network systems than apply bandages to existing hopeless systems. If a system is available that resists viruses (like BSD or Linux), that might be a good place to start...
Oh, wait, I do have that job! And I bet I am having more fun than you. One thing is certain, my employer is not flushing as much money down the toilet as yours.
One day my job will be obsolete, but it will be because of self-healing, learning software, not software that was written 'perfectly.' Until that happens, however, we might spend our time trying to do things properly, and learning from our mistakes.
Nobody would support houses of mud and straw in the Northeast US just to keep a bunch of mud-slathering straw harvesters in jobs every time it rained. My house of stone, concrete, and wood requires maintenance on my part, and it has provided plenty of skilled, high-paying work to the local tradespeople in my city, as well as opportunities for me to learn valuable skills. Because of its construction, it also provides a safe place to sleep and run electrical wiring. But oh, the unemployed mud mixers! But when you think about it, who really wants to mix mud and straw for a living?
As for your economic 'theory,' read this, In short, it says that as an employee of the government, if you are talking about the US, you are advocating the continuous waste of my tax money so that you can remain employed. Please put that on your resume when you are out of work and apply for a job working for me!
This just goes to show that terrorism can start at home ... in the hands of people who don't keep their software patched and upto date.
... If he did he could then go beg for some tasty UN 'foreign investment' to get that economy jumping!
Of course there's plenty of other more extreme examples of terrorism starting at home in the US too. (timmy mcveigh for one) Hmmm, I wonder why Dubya hasn't bombed Oklahoma yet
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
That is, until RedHat gets nailed with a worm or virus. It will happen: Linux is not bug free. (Folks with long memories will remember the RTM worm: infected only Unix machines and effectively shut the entire Internet down. We were a VMS shop, which was vastly more secure.)
RedHat has two choices.
These sorts of lawsuits will have exactly the opposite of the desired effect: only behemoths like IBM and MS will be able to stay in the software business, not because their software is better but because only they have enough lawyers.
"Seven Deadly Sins? I thought it was a to-do list!"
The W32.Swen.A@mm exploits a vulnerability in Microsoft Outlook and Outlook Express for which a patch was posted in M$ site in March 2001.
Windows XP (which was released more than a year after the patch) is among the affected systems. So they failed to apply their own patches.
This shows that the problem with M$ security is very serious, they fail at the corporate level to address the security issues.
PENAROL: Seras eterno como el tiempo y floreceras en cada primavera.
Meanwhile, numerous government linux boxes running unpatched OpenSSH servers have also been... What? Oh, I guess it's a hard exploit to pull off then.
Nevermind.
We covered the Windows Virus-of-the-Week(tm), EU software patents, and Verisign. But where are todays SCO, linux on odd/small device, spammers get theirs, and Knoppix stories?
(And what the hell is is with /. ed's and Knoppix? Do they friends on the Knoppix team or something?)
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
That's as much as all inhabitants of the Seychell Islands.
Could you please keep up the good work by making a virus that erases everyones Visa, Mastercard, Discover, and American Express Debt. That would really be great. Thank you.
Sincerely,
Mr. College Debt
Ave Molech Setting
OMG!!
Please don't tell me that some idoit has implemented a nation-wide network populated with national secrets on a Windoze platform??!!!
What is it going to take to get folks who are responsible for security, to actually educate themselves on the subject, or hire those who are.
I'm not an expert, but I have yet to hear of a Windoze installation that can fully protect you... Once your in, your IN.
Even if you are totally protected from outside crackers or virus', you may still have folks WITH log-in access that have a notion of doing wrong. You MUST have a system that can not only limit access, but cannot be brought down by some idoit simply uploading a virus from a floppy on the INSIDE.
Fire every single one of those bozo's (I don't mean the IT folks, I mean the decision makers who chose Windoze) and have somone install actual security!!
I can only imagine how our military, former military and law enforcement folks must feel now... Knowing that their records are "secured" by folks that allow this sort of thing to happen.
change it.
There are more non Americans than this surely. Or perhaps this is target they are aiming before the end of GW's reign.
Seems like YAMSF - Yet Another Micro$oft Flame.
/. ers are so clued up, when are you going to stop the griping and realise that MS Windows is not the problem per se?
If all you
I'm willing to bet my entire net worth (beleive me, its huge) that if Linux, GNU and other *Open Source Software* were to replace every single Windows system and vice-versa we'd start seeing exploits on this scale in the beloved and holy OSS world too - viruses, worm, trojans and the whole shebang.
The main problem is not insecure software (all software is insecure) - the greater problem lies in the human factor - clueless sysadmins, users etc etc.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The name of the article is rather appropriate for this discussion!
Thank you for the good link.
For those who don't follow the link, it is about the economics of breaking actual "real world" windows, not MS Windows.
when the date reaches 2004, welchia deletes itself and goes away, it's a so-called "benevolent" worm.
that america has no CLASS
all you are, is all you are, i'm so sorry for you.
I've about reached this point with the Swen worm. Since this past Saturday, about 80% of my email--home and office--is either the fake MS support announcement or message errors that tell me that my address was faked in trying to send Swen (got to be faked--I only run KMail on Linux). As my home email is dial-up (the pains of rural life) this is a real burden. Honest to God, are people really THAT STUPID? Until Microsloth can get it act together, we need to start blocking IE, Outlook, and Windows in general. Maybe then people would wise up and either fix there PCs or run a reliable OS.
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
Why dont the govt just demand better software? They are such a huge player that there would be a new market created just to sell secure software.
I dont buy this bullsh*t people keeps spreading that its impossible. It aint, just as you can build secure bridges and houses you can make software that is much more secure than todays crap.
There hasnt been a strong enough market for secure software and its up to the consumers and govts to start demand better software.
Even open source could use a kick in the but to get their act togheter.
Compare vsftpd to some other random ftpd and youll get my drift. Security is about design and not about being bugfree.
HTTP/1.1 400
anyone here think to put together 2 basic assumptions?
1) hackers are people with serious technical skills and (stereo)typically not big on personal skills - those individuals most likely to have their job outsourced/off-shored
2) the frickin' VISA department got blasted, the people that hand out H-1B and L-1B visas to the people coming here to get training and take their jobs
(rest of post assumes this is not a coincidence)
Being vindictive isn't going to solve anything, it's just sticking a finger in the dike. Unless these issues are resolved at a legislative level, people will patch their systems, move to Linux, whatever, and then the old policies will continue to be carried out.
need I remind anyone that the 9/11 Terrorists all had Visa or Bogus Visa information. One of them even got stopped for a speeding ticket and had a bogus driver's license. Apparently they can forge or fake Visa information. So they don't need to go through our Visa system when they can steal a Visa or produce a fake one good enough to get through our system.
Either they need to patch their Windows servers and install a software firewall and keep their AntiVirus programs updated, or they need to get off of Windows and move to Linux or something that the Windows viruses won't run on.
How do we know that the virus didn't do something like pass certain Visa applications through without a security check? How do we know that Terrorists aren't using viruses to cause damage and bypass security in Visa checks? I heard that North Korea spends $3M USD a year to create viruses and trojans to attack various countries and systems. I wonder what other countries and organizations do this?
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Finally a major blow to al-Qaeda terrorists...errr I mean college students from the middle east.
Try this:
[Copy and paste a single line to console and remove slasdot inserted space after 2116 for each url. This should work with a recent mplayer installed.]
Unfortunately, newspapers are not in the business of reporting the news, but in selling eyeballs to corporations in the form of advertising. As long as Microsoft (and other business that feel they are reliant on Microsoft products for revenue) buys ads, and Linux (or other alternatives) does not, they are going to slant the news Microsoft's direction.
Plus (to borrow from another post in a child thread), they can sell a lot more newspapers (and thus eyeballs) by saying, "Automobiles subject to rollover!" than by saying, "Some models of Foo's SUVs subject to rollover at high speeds in tight turns."
That's part of the reason the US news agencies feed into the fear culture that's been building here for the last several years.
Microsoft is to software what Budweiser is to beer.
660 guest workers from Cuba were granted
USA permanent residency status & green cards.
New IT head at Dept. of Homeland Security
inks deal with Microsoft for HSA server OS,
desktop OS, and applications software.
John Poindexter's TIA Project certifies
Microsoft XP as the preferred national OS
of choice.
Steve Ballmer cinches $10 Billion sale of
Microsoft OS and Office Products to the
Kingdom of Saudi Arabia.
I'd rather see the headline read: "Windows is still broken"
If my car stopped dead in it's path or swerved off the road because someone flashed their lights at me, if the rental tape I just inserted in my VCR could cause it to turn on my microwave on "high", if my neighbor could turn off my furnace from their house, if talking to a certain someone on my cellphone could induce that same cellphone to automatically start making crank calls - well, we'd be suing manufacturers, seeing global recalls, and raising a hue and cry for better product safety.
But with Windows, we blame the virus writers.
Enough! Yes, they are at fault, but the real fault is back door - no, the back wall - has been left open for too long. Blame Microsoft.
My millions-of-hits-per-day Unix web server has been running for 317 days without a reboot. My Macintosh desktop has been running for 67 days without a reboot. Neither system has ever seen a virus, worm, or trojan. I want Microsoft to be as bulletproof, and I do not want to see terrorists getting into this country because some "Virus Knocks Out U.S. Visa Approval System".
Although it sounds like it, I don't hate Microsoft. I hate Microsoft's bugs and their lackadaisical attitude towards basic security. And the State Department shares the blame.
660 guest workers from Cuba were granted
USA permanent residency status & green cards.
New IT head at Dept. of Homeland Security
inks deal with Microsoft for HSA server OS,
desktop OS, and applications software.
John Poindexter's TIA Project certifies
Microsoft XP as the preferred national OS
of choice.
Steve Ballmer cinches $10 Billion sale of
Microsoft OS and Office Products to the
Kingdom of Saudi Arabia.
Quoted "78,000 suspected terrorists" was
ammended to "78,002 suspected terrorists"
It is if you run one on every machine. Oh look there is one built in to XP.
That's very perceptive of you Mr Stapleton and rather unexpected in a G Major
... The US government is actually trying to stop terrorrists by trying to trace them using one of the most insecure operating systems ever? Are they for real?
Terrorists need credit cards too!
Keep those pesky Russians/Chinese/Israeli/Indian programmer away from MY job
I can't speak for whoever is moderating my comments, but I from where I'm sitting this is not a blind hatred for Microsoft. It is absolutely a blind hatred for anyone wasting my tax dollars who shrugs off accountability.
Between procmail, spamassassin, bogofilter, mime defang, and any number of freely available solutions to the spam and virus epidemics, the *nix MTA problem set has a number of very effective low cost solutions ready to go. A sysadmin familiar with any scripting language (perl,bash,csh,etc) can script the patches to fix an arbitrary number of remote servers in short order. And do it securely!
I've recently heard a number of Windows/Exchange admins from different companies complaining about having to go from desk to desk, from seat to seat, from box to box applying patches which can't be scripted.
The thing about all those openssh patches is that I can control the patching mechanism itself in ways that MCSE's could only dream about. I desperately want the U.S. government to have full advantage of this efficiency instead of purchasing Symantec virus subscriptions at top dollar and then billing me next tax season for the self-congratulated job well done.
Your point about competent administration is well taken. Hopefully my point about technology tax dollars accountability will be too.
http://tinyurl.com/4ny52
With the DMZ, they wouldn't have to come in early. The end users would just be treated with the wariness that they deserve. It would be as if they were still in front of the firewall.
You're smoking crack
The simplest antivirus filter: drop any message that contains 'MS-DOS executabe' according to file(1). Nobody sends executables except worms.
Now I am testing this filter implemented in postfix/procmail/perl/munpack/file. Next week it will be installed system-wide. Filter like this costs nothing and is effective enough to stop next epidemy.
It is absolutely a blind hatred for anyone wasting my tax dollars who shrugs off accountability.
Now you're talking my language! Yes, I agree that tax dollars could be better spent than propping up iffy Windows servers and desktops and wasting man hours fixing exploited boxes. But in many cases a Windows box is the ideal solution from a usability and ease of integration standpoint. Linux desktops just aren't there yet.
I've recently heard a number of Windows/Exchange admins from different companies complaining about having to go from desk to desk, from seat to seat, from box to box applying patches which can't be scripted.
Erm then maybe they should be looking for new work... Most every patch I've seen could be installed using some form of Windows Scripting (VBScript for instance) securely from the Domain Controller as either a login script or by pushing it out one way or another. There ARE ways to push out patches, many of them automatic, but you're correct in that they don't give you the same granularity as open source solutions. But then again, this wasn't a case of there not being enough control on the patching process, the boxes *weren't* patched, *period*. An unpatched Apache/OpenSSH/wu-ftp/sendmail install is just as dangerous as an unpatched IIS/DCOM/SQL Server/Exchange install. I agree tax dollars aren't being spent properly, but in this case it's more that the IT staff wasn't performing the duty we pay them to do, not that the money was mis-spent on the software purchase.
In this case, there was no massive downtime due to exploits, the system was brought down for a review to assure that the small amount of exploitation didn't compromise the system in some other more devious way. Had these been Linux boxes, and they'd been victim of an OpenSSH exploit, they'd of had to do the same forensic analysis and would've experienced the same downtime to assure they were clean. Look at the FSF's recent exploitation for an example of this.
In a situation where the Open Source offering is clearly a better solution, believe me the Government will make use of it. But there's not that many cases where it's true... I'm still confused as to how Exchange entered this discussion as the article has nothing whatsoever to do with Exchange... but Exchange is an excellent example of this problem. There is nothing on the market that even comes close to providing Exchange's functionality. And all of the methods you mentioned before of how to deal w/ viral e-mails will work just fine with Exchange (SpamAssassin especially). Where I work we use non-Free software to provide spam and virus filtering on the server side (we really don't have the manpower to support using Free software) and aside from the occassional glitch with our mail routing (I blame the consultants) it works pretty darn well.
In the case of our Exchange installation, I'd vehemently deny that tax dollars were wasted on purchasing the software (maybe I'd agree that it was wasted on the consultants, but I digress) as there was no other alternative on the market for our needs. If you think you know of a server that's a drop-in replacement for Exchange that costs less and is more reliable, please let me know! Otherwise, I can't see your argument for tax dollars being wasted on Exchange.
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
Many US agencies standardize on a single vendor (a fascist one, nearly).
Then, they suffer crippling downtime from that vendor's flawed products.
Side-splitting laughter ensues.
"Where is that laughter coming from," asks an official.
"The rest of the populated world," says his aide.
I have heard people post things like, "in the government, no real system uses Windows. Critical things still use OSXYZ, etc." Okay, then why do whole portions of the US government infrastructure go down due to a casual Windows-borne virus?
Another question, does anyone working IT in the government enjoy their job? I mean saying they really enjoy it without resorting to cynical quips about their bureaucratic superiors to change the subject?
Healthcare article at Kuro5hin
Hey ashcroft, why not look at Linux or OpenBSD, or did microsoft pay you so much that you not only looked the other way when the doj only slapped microsoft on the wrist after it was found a monopoly, yet now you have sold out the defense of your own country?
Recently while checking bags at the airport ticket counter, something caught my eye...
Apparently one of the machines that sniffs for explosive residue in those swabs they wipe luggage with had stopped working. They fixed it with a power cycle, and I was greeted with a familiar sight... the Windows 98 boot screen. Be afraid.
More generally, administrations are not tech-savvy. Even if you abstract away the low pay, adminsitrations don't attract the kind of geeks that are likely to put up extra hours to make a badly designed system work in spite of user carelessness. Of course, you find exceptions to this rule. But sadly, this department had no such computer-babysitting geek.
Procurement of computer hardware (and worse, software) in state and national administrations is not a pretty sight. Little things like reliability and security tend to get lost in the bigger issues of "Will this project make me/my boss look good?"
The quality of the purchased products is much less of an issue than the degree of supplier's salesmanship. If Microsoft was selling papier-mache bridges and cardboard water mains, they'd manage to sell them by wining and dining the right officials. Not bribery, mind you, just convincing sales pitch.
Having witnessed the technical projects process in a federal administration that shall remain nameless (and which is gonna be broke in a few years so better milk it now), I can safely predict many more disasters of this nature!
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
When was the last time CNN said something that was correct. Remember they are mouthpieces for the Govt and Corporations.
I'm mean boo, virus bad(but look what it knocked out!).
For a minute I thought that meant I couldn't charge something to credit :)
For a minute there I thought they meant Visa Credit Cards, I was going to say it's gonna suck for the next few days not being able to use my CC at all.
There are 78000 terrorists!? No wonder i've been blown up 12 times this morning!
I know that my system is safe from nasty viruses.
I install every Microsoft update and security patch, on average of one per hour.
I thank Microsoft for working so quickly to keep me protected,
and all I have to do is install the many patches which they email to me.
I'm sure one of these patches will soon fix my email program,
it recently stopped displaying the contents of email which
could not be delivered. I'm simply resending all my mail, to make sure
the people will get my mail.
I'll call Microsoft Support if that email problem is still happening next week, I have a company
credit card for this, and I'll make that get fixed. For some reason my techs are very busy lately, and I
don't want to bother them with something which I can get the experts to fix with fifteen minutes on the phone.
78,000 suspected terrorists! What are they doing, putting everyone who applies for a visa on the list!
***You learn something Every day. And then you die.***
Just a bit of Bias showing in the two versions of the
Ok Windows screwed up ;)
Check out the bias in these two stories, from the same AP source:
http://abcnews.go.com/wire/Politics/ap20030924_650 .html
Virus Hits Federal Visa-Checking System
Computer Virus Cripples State Department's Visa-Checking System for About Nine Hours
The Associated Press
WASHINGTON Sept. 24 -- A computer virus disrupted systems at the State Department for checking every visa applicant for terrorist or criminal history, leaving the U.S. government unable to issue visas for roughly nine hours.
And the following from MSNBC:
http://www.msnbc.com/news/971031.asp
Computer virus hits U.S. visa system
Government was briefly unable to issue travel documents
ASSOCIATED PRESS
WASHINGTON, Sept. 23 -- The State Department's electronic system for checking every visa applicant for terrorist or criminal history failed worldwide for several hours late Tuesday because of a computer virus, leaving the U.S. government briefly unable to issue visas.
Now, CNN does not even have the story yet, or deems it not newsworthy.
Avihson
( have to learn to keep the sweaty palms away from the touch pad)
The sub-network CLASS resdies on was disconnected from the rest of the State Department network in order to clean other systems -- during that time, CLASS could not be reached by consulates. There was no security problem because visas cannot be issued when no name check system is available -- just some inconvenience for people waiting on their visas.
It's gotta be said, WTF are they doing running important government functions on Microsoft OS's? When are people going to learn?
Do you have ESP?
for a country that preemptively strikes into other countries it sure has a horrible reputation of security... Too bad it's yet again the normal people who are the victims of this patriotic system since they will yet another time have to wait longer for their visas.
yanks, time again to write to your congressmen!
INS, the more you tighten your visa policy, especially against those already in the USA; the more threat you expose this nation to.
Umm... Remote Logins != Remote Access.
More specifically, Remote Access < Remote Logins.
Allowing Remote Access is fine. Allowing Remote Logins is a no-no.
I feel fantastic, and I'm still alive.
Let's give credit where credit is due, shall we? The inverse of your statement is true. Picking Windblows garuntees you will have some kind of virus, worm or whatever eat your machine at some time. It's a simple matter of poor design. Having a mail client that auto executes crap like sounds from anyone on the world wide web as "administrator" or root is brain dead. Microsoft's Outlook does just that by default and I'm not sure you can make it or Internet Exploder do anything else. This is why we have I Love You, Blaster, Code Red, Slammer, Swen, Klez, Bugbear, and all year after year.
A monoculture of OpenBSD would not be good, but it would be vastly better. Any free software offers enough variety to give you the diversity you seek. Not everyone who runs Debian uses Exim, for instance. Debian has 7,000+ packages available and there is lots of functional repetition. This redundancy makes even a monoculture of Debian boxes look far more diverse than a bunch of M$ crap which must ALL have the same mail client, browser, media players and other fat ugly software integrated into the GUI.
Friends don't help friends install M$ junk.
if they outsourced the IT to India.
There is no difference between those that cannot read and those that do not. If the state department could / did read, then MS products would not be allowed on networked computers. Windows, among other MS products, is not ready for the Internet.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
They are either hypocrites and not really concerned with security or they are idiots!! If the federal government is really interested in security, why do they insist on continuing to spend 10 times more money out of our tax dollars to run one of the most (to the best of my knowledge, THE MOST) insecure computer system in the world? Every other alternative to Microshaft crap is more secure, both free and commercial: FreeBSD, OpenBSD, NetBSD, Linux, or Apple OSX as examples.
Dear AC,
I've just metamoderated your offtopic rating, and all things considered I felt obliged to mark that rating as "Fair".
However I did read your diatribe in full, and I found it creative, insightful and inspiring. I hope you will post again, and I hope you will do it where more people are likely to see it.
Yours sincerely,
RC