Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 2003 and XP SP2 Vulnerable To LAND Attack

Posted by Hemos on from the one-if-by-sea-two-if-by-LAND dept.

An anonymous reader writes "Dejan Levaja, a Serbian security engineer has discovered that nearly 8 years after the attack was first made public, WIndows 2003 and Windows XP SP2 are in fact vulnerable to the historic LAND attack." Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

40 of 534 comments (clear)

  1. Little known fact by beatdown · · Score: 5, Funny

    It is also subject to sea and air attacks.

    1. Re:Little known fact by ndogg · · Score: 2, Funny

      But the most powerful weapon of all, which sometimes even classifies as a WMD? The /. attack!!!!!

      --
      // file: mice.h
      #include "frickin_lasers.h"
    2. Re:Little known fact by spektr · · Score: 4, Funny

      True, the US Navy use Windows don't they?

      They had put it on an aircraft carrier and navigated it away from shore immediately, when they heard about the LAND exploit. To their delight, it stayed pretty stable in the middle of the sea.

    3. Re:Little known fact by Anonymous Coward · · Score: 5, Funny

      The Navy usually makes sure its ports are secure.

    4. Re:Little known fact by Anonymous Coward · · Score: 5, Funny

      Yes, but they call them "port holes".

    5. Re:Little known fact by darkpixel2k · · Score: 5, Funny

      Well...usually.

      There was this one time...in Hawaii...

      --
      There's no place like ::1 (I've completed my transition to IPv6)
    6. Re:Little known fact by harrkev · · Score: 5, Funny

      According to the Village People, the Navy usually has some back doors.

      --
      "-1 Troll" is the apparently the same as "-1 I disagree with you."
    7. Re:Little known fact by galdur · · Score: 2, Funny

      You mean "dead in the water"?

    8. Re:Little known fact by Profane+MuthaFucka · · Score: 2, Funny

      Oh my god that was a great movie.

      --
      Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
  2. wow by Quasar1999 · · Score: 5, Funny

    In other news, my computer is also prone to failing if I microwave it... hit it with a hammer, or attempt to install water cooling while I'm drunk...

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
    1. Re:wow by Anonymous Coward · · Score: 5, Funny

      Problem:
      The other thing Microsoft won't tell you is that if paramilitants do a home invasion, they can take your machine right out of the house and have access to all data and the entire network, for that matter.

      Solution: Install complex home alarm system, man traps, CCTV, and acquire armed guards, string up razor wire and dig tunnel system deep in the jungle.

      Ethic:
      I told microsoft that their computers were totally unprotected from physical theft by armed gangs of paramilitants and received no response. I am now sharing this with the community.

    2. Re:wow by log0n · · Score: 3, Funny

      Personally, I'm hoping WinNuke make a comeback.

  3. Windows by Anonymous Coward · · Score: 5, Funny

    Only one remote hole in the kernel FOR eight years!

  4. Wait... by Gorffy · · Score: 5, Funny

    You mean to tell me that XP and 2k3 contain buggy legacy code? that IS news!

  5. Arr...i be by sea by Anonymous Coward · · Score: 1, Funny

    The pirates come by sea, not LAND.

  6. so what? by MC68000 · · Score: 2, Funny

    Amazing, if I don't use I firewall, I'm vulnerable. Who would have thought?

    --
    E = m c^3 Don't drink and derive E = m c^3
  7. Re:What kind of software dev process do MS use? by Anonymous Coward · · Score: 5, Funny

    Regression testing makes sure that things that used to work in the old version still works in the new version, so I'd say that windows is passing its regression tests with flying colors ;)

  8. Windows running slow? by hackwrench · · Score: 5, Funny

    It may be a little thing called a firewall. A firewall is a spyware-like little piece of software that constantly pings a special server called a firedoor so that spammers hackers, and their ilk know when your computer is available on the internet. Unfortuntely Microsoft refuses to release a patch for this thing but a piece of software called a backdoor can be used to prevent the firewall from doing its dirty work. Download one today!

  9. Guess we need Boston Church XP by kakos · · Score: 5, Funny

    01 if by LAND, 10 if by SEA

    1. Re:Guess we need Boston Church XP by Anonymous Coward · · Score: 3, Funny

      I thought it was 1 if by LAN, 2 if by C:

  10. Safest OS by Virtual+Karma · · Score: 5, Funny

    Windows is one of the safest OS around (and to keep it that way it is advised that the computer should not be connected to internet or any other network for that matter)

    --
    fuvoo: watch something
    1. Re:Safest OS by Terrasque · · Score: 1, Funny

      Including the power net.

      --
      It's The Golden Rule: "He who has the gold makes the rules."
  11. Microsoft Notified by Nom+du+Keyboard · · Score: 4, Funny
    Ethic:
    Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO answer received, so I decided to share this info with security community.

    Of course they didn't reply. They're under LAND attack, and your message is caught in the server. You must have sent them a proof-of-concept, so what did you expect?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  12. Oh c'mon, that isn't fair. by Billy+Bo+Bob · · Score: 4, Funny

    8 years is hardly enough to figure out how to patch windows.

    Besides, like all everyone here says, it is the users own fault for not using a firewall. Having an expectation that 8 yr old attacks should be fixed is just unreasonable.

    WTF, are you all on crack?

    1. Re:Oh c'mon, that isn't fair. by b1t+r0t · · Score: 2, Funny
      WTF, are you all on crack?

      Some of us are on OS X. Is that close enough?

      --

      --
      "Open source is good." - Steve Jobs
      "Open source is evil." - Microsoft
  13. Retro! by bigtallmofo · · Score: 5, Funny

    I remember the days of Ping of Death, Land, Teardrop, New Tear, Bork, etc.

    Now that my WinXP SP2 system is susceptible to land again, it's getting me into a nostalgic mood. I think I'll go play Ms PacMan on my MAME cabinet now.

    --
    I'm a big tall mofo.
  14. Before the M$ bashing begins wholesale... by go3 · · Score: 2, Funny

    Just remember that these people running 2003/XP without a firewall would also be running *NIX with a root password of "password". Mine is 12345

  15. Re:I know its been around, but...Linking to source by Anonymous Coward · · Score: 1, Funny

    The server has been slashdotted... guess it wasn't such a bad idea after all. Now fewer people can get to that file :)

  16. Re:News? by JustForMe · · Score: 5, Funny

    Windows Server must be running some services, I guess..

  17. Everyone has good points, and yet.... by writermike · · Score: 4, Funny

    Experts say servers are vulnerable to the infamous CAFE attack. One drop can take down an entire network!

    Granted you have to have a computer next to a cup of coffee for this to work, but MANY PEOPLE DO!!!!!!!!!!

    --
    If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
  18. "LAND" war in Asia ... by YetAnotherName · · Score: 4, Funny

    Vizzini: You only think I guessed wrong - that's what's so funny. I switched glasses when your back was turned. Ha-ha, you fool. You fell victim to one of the classic blunders, the most famous of which is "Never get involved in a land war in Asia", but only slightly less well known is this: "Never go in against a Sicilian, when *death* is on the line.". Hahahahahah. [Vizzini falls over dead]

    (Yeah, off topic, I don't care.)

  19. Re:What kind of software dev process do MS use? by jd · · Score: 3, Funny
    Hey, give Microsoft a chance! Windows is regressing as fast as it can! :)


    Oh, regression tests! Those things! Bill Gates thought they were just funny-looking packing peanuts and threw them out.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  20. Re:What kind of software dev process do MS use? by Phanatic1a · · Score: 5, Funny

    Or even "You're not using contractions properly, KDN"?

  21. Why wouldn't it be? by Anonymous Coward · · Score: 1, Funny

    Being a military type, I would assume that yes, most computers are vulnerable to the majority of conventional land-based assualts. This is due more to physics than software.

  22. This was close... by saigon_from_europe · · Score: 2, Funny

    Just 5 minutes before I read this post, I turned firewall on my WinXP SP2 machine off, testing someting on our LAN.

    Can you imagine what amount of fear I felt when I realized that this guy lived only 2 miles from my office...

    --
    No sig today.
  23. Re:Only win ? by swillden · · Score: 3, Funny

    Since that site appears to be slashdotted, google turned up another one..

    Might as well take down both of them, right?

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  24. Re:Only win ? by Anonymous Coward · · Score: 5, Funny

    OS X is invulnerable to all attacks, because it's made of magic.

  25. Re:Only win ? by AKnightCowboy · · Score: 5, Funny
    OS X is invulnerable to all attacks, because it's made of magic.

    *snort*. You owe me a new keyboard.

    /Mac user

  26. Re:News? by ErikTheRed · · Score: 2, Funny
    Windows Server must be running some services, I guess..
    <Click>... not anymore! (at least for 20 seconds...)
    --

    Help save the critically endangered Blue Iguana
  27. Now that's ... by IchBinEinPenguin · · Score: 2, Funny

    ... backwards-compatibility.

    Let's see OSS match this! A bug, almost a decade old, STILL SUPPORTED!