New Windows Worm on the Loose
Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."
Mutexes are named consistently enough under Windows that I wish somebody would make a program that simply caught all attempts at gaining a mutex and popped up a dialog window if the mutex hadn't been seen before. This would stop most any new software from running without first checking with the user. This is no good for a server of course, but ideal for a workstation.
This would also be great for catching spyware crap installs, as well as things like the RealPlayer toolbar that keeps popping up adverts by default. Simply tell the mutex checker to decline the requested mutex from then on and it would have the mutex always fail from then on -- then those programs could never be run again.
Since most users don't have a firewall and don't use Windows Update, I wonder how many machines will be infected by Monday? Seriously now, it's getting old now. Good thing I'm using Linux now.
I want a tarpit option for FreeBSD's ipfw, the same way there is for Linux. It'd be nice to do something to slow this thing down...not that it's easy to tell this worm apart from everything else cluttering up my firewall logs.
Carousel is a lie!
1) IE won't work (joking aside it just doesn't work at all). This happened a long time ago, so I switched to mozilla. I thanks ms for this cause moz. owns.
2) Add/Remove programs, I can no longer see the text to describe the program install. It's all grey. An icon shows, so I can uninstall that way. Its not the colo scheme either, I tried MS default and it still didn't work.
3) I was having problems with this latest worm, but patching fixed everything, so now we wait to see what broke.
All and all I'm getting extremely close to wiping the HDD, and dual booting Slackware Linux (which has been on my laptop for over a year and I love it) and win98se for games. All the backups are current, and I'm waiting for the next problem to make the system more unsuable. If I wasn't so damn lazy, this would of been done sooner.
BrendanSo for the past few days, I've had to live with part of my bandwidth getting chewed up by incoming packets that don't actually do anything but take up space. It effectively slowed the speed of downloads by about half. The rate of packets is starting to slow down now... finally (I guess as people patch their systems), but it still was highly annoying.
Anyways, I called my ISP when I first noticed it 3 days ago (after checking it with ethereal), and asked if they could help. They told me that this was caused by filesharing programs, which I knew wasn't the case becuase in fact the only port 445 stuff I've done is windows filesharing, and I've secured the one and only Windows system on my LAN against IP addresses other than other ones on my LAN from being able to access them. Needless to say, this answer did not impress me. Here I was, effectively being subjected to a DoS attack, and they are trying to tell me this is _my_ fault? Man, if I had any other choice for high speed internet, I'd be switching in a heartbeat.
Anyways, that's my story. Things like this totally bite because you can have a firewall and all the security precautions in the world, but worms like this still chew up your bandwidth.
File under 'M' for 'Manic ranting'
I pity my educational counterparts in other districts...one in particular has probably a dozen Win2K/W2K3 machines sitting outside the firewall...no protection whatsoever. No, they do not do regular updates...just when something breaks. Oh well, they'll just hire their friendly neighborhood MCSE consultants to come in at $150 an hour to "sell them some protection." It seems like it's always firefighting with Windows anymore...And no, I do NOT run Windows on any server in my district...
1990, the year someone said it was a bad idea to have default services in listening state.
1999, the year MS forgot was was said back in 90.
2003, the year of Microsofts new security initiative.
2004, the year of the Windows worms.
XP SP2, the patch for mentioned "listening state" error.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Looks like they just cut and pasted that page.
Do you create all your HTML documents from scratch?
This worm release is pretty cool, I think. This is the first time I've got to see the patch deployment process I built with a couple of other people from my group send out patches to the entire company and get pretty much everybody taken care of before the worm was released. We built it from SMS SUS and a bunch of in-house components. 11,000 workstations across the country patched in less than a week, and we could have done it even faster in an emergency.
Regular SUS took care of our servers a week ago.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
a firewall is essential.
It sure is. The last worm wouldn't have worked without one.
Do you care about the security of your wireless mouse?
And in other news ... Delta flights grounded today due to "a computer glitch"
I have to wonder...
On the other hand, remind me again what year Redhat decided it wasn't a good idea to install telnet, sendmail, pop3, imap, and a hot of other services _open to the world_ by default? I'm fairly sure they were still doing it in 1999 and a little after 2000.
455fe10422ca29c4933f95052b792ab2
Well, as they say, YMMV.
I don't use a Windows machine from the adminstrator account. When I need to run Update, I switch over and do it as the administrator. I read before I install, and I don't install nonapplicable updates. I don't trust anyone's automagic updaters.
When I've used Gentoo, it's been as a desktop machine. I've installed it 3, maybe 4, times, always building from the minimal install (the one that takes a day and a night, and most of the second day...). I don't much about and I don't install "foreign" software. Every time I've used Gentoo, it goes belly up after I've installed some update or another.
Gentoo may have an excellent packaging system, but I don't have time or energy or purpose to become an expert on one more proprietary packaging and updating scheme.
Linux touts "choice" all the time, and rightly so. But the fact is that having a plethora of distribution-specific packaging schemes is a major pain that limits choice.
So long as the Linux community fails to agree to, implement, and use a single packaging and updating scheme, Linux will be a nonstarter outside the geek and corporate worlds.
-- Slashdot: When Public Access TV Says "No"