Slashdot Mirror
Homeland Security says 'Patch Windows Now'
gregger writes "Wow, so the Department of Homeland Security is really concerned with Microsoft patches now... enough to come out and tell us to patch our machines. This warning, chronicled in eWeek, was issued less than a day after the release of 23 patches from Redmond. So, if you don't apply the patches, then what?"
In my country, the United States of America, I have never seen everyone so polarized. As a result, I personally highly value the ability to see actions and events from both sides. It's a becoming a rare trait.
... uh ... love life. I wouldn't care if terrorists destroyed every TV & radio station in the United States, but I would riot if I was denied an internet connection for more than a few weeks. They're just protecting my interests much like a public service announcement or a tornado warning. I mean, the US-Cert team has been doing this for a while--even on my Mozilla browser. This "Patch Windows Now or Else..." is just FUD from the Slashdot editors--if you read the government press release, it's merely a recommendation, not a demand, warning or threat to patch your machine.
On one hand, this announcement shows that the government is looking out for us. They are concerned about terrorists using our machines to commit acts of cyber terrorism. They are helping us protect ourselves by advising that we patch our machines with hyper critical updates from Microsoft. We should be glad that our government is so thoughtful and has decided to twist Microsoft's arm into fixing these problems and releasing updates. After all, as Americans, nothing is more important to me than my internet. It's my commerce, education, and
On the other hand, should we be suspicious? I mean, there have been much more severe critical problems with prior editions of Windows that the government hasn't deemed necessary to recommend. How do we know that these patches aren't part of some sort of government initiative to harvest data? I mean, we've seen it with our phones and e-mail--why not another form of technology? Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA? Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative? Why Windows? And how can we believe them if we never get to see the source code of the original program and the source code of the patches? Two points to note: Why now? And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do? These patches might be a wolf in sheep's clothing. I don't think the government is so worried about our interests but more so they're worried about the gathering of intelligence in their case against every single United States citizen.
My work here is dung.
Microsoft:
Patches??? You don't need no stinkin patches!
"If you don't patch Windows, the terrorists win!"
this means the gov't mandated backdoor has been placed in the update queue?
Unplug the machine...
Then your computer will blow up and we'll all die
Then the terrorists win.
Do they know something we don't know? Coming on the heels of this news about the thwarted atacks on trans-Atlantic flights, it makes you wonder if there's something even bigger that DHS knows about. Or it could be their innate paranoia -- hard to tell without any more info from them.
GetOuttaMySpace - The Anti-Social Network
if you don't patch it, Osama will use your machine to download pron and distribute spam!
It's just a recommendation, and they've been doing this for a while now. Perhaps this is to save a little face for the massive Rails exploit posted just a few stories below?
I'm sure "SlashdotMedia" will improve on all the wonders that Dice Holdings blessed us all with
The peace of mind that the terrorists have a harder time of getting you will make you glad you did.:)
Homeland security is trying to get people to install new backdoors and close the old ones that have been discovered by outsiders.
"So, if you don't apply the patches, then what?"
They buy you a brand new Intel Mac! Courtesy of U.S. taxpayers.
Man, I really HOPE I'm just being paranoid today.
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
What if it has nothing to do with actual security updates, but is a way for the DHS to spy on computers? It is, after all, unusual to come out and say this...
Then the nawty trojan horsies sneak down your Internet tubes and steal your bank.
Meta will eat itself
Hey, I found a fairly slick blog claiming to be completely independantly produced by an 18yr old university student. However, it's clearly a Microsoft site complete with Apple-bashing, a NineMSN commercial, a video titled "Vista speech recognition screencast: It works!", a story titled "MSNBC deceived the public: Vista's speech recognition demo" and MS-critic bashing, with a few lame attempts to throw people of their fairly rank scent.
...Or you could just flame be and tell me how redundant this is.
Microsofts Faux Blog
I thought you could do your part and call MS out on this one by leaving a comment to the effect of "We know this is a Microsoft astroturf advertisment that intentionally aims to mislead readers to beleive messages that benefit the corporation."
In Soviet Russia, the machine patches YOU!
Res publica non dominetur
So great, DHS is recommending that people keep their machine patched. Anyone who says this is a bad thing has their tinfoil hat on a little too tightly. The only thing that concerns me is that DHS's responsibility in the US government seems to get more and more broad; anything that can be deemed in the protection of "Homeland Security" they can control, from intelligence to customs and border patrol to cyber security.
Anyway, this isn't that big a deal.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
What HS really means: Get UBUNTU Now ! ! ! Do it now ! ! !
You wake to a pounding on your door. At your door are two men dressed in suits. you "Umm can I help you." Suits " You're under arrest." you "On what charge?" Suits "For not patching your windows computer." You "patch my what?? I use Linux!" Suits with a baffled look "Lin-what? Are you threatening us?" Suddenly more suits surround you and begin beating you while you hear "King Bill" laughing in the background.
So many choices, so little tolerance.
http://www.ubuntu.com/download :)
Considering this morning's prohibitions on taking liquids onboard (after a terrorist plot was uncovered), I'm resisting temptation so far to place my bottle of 'Dew in my computer's cup holder.
Where were you when the voynix came?
Then you will be considered a terrorist for endangering the American economy by having corporate networks comprimised.
And you know what happens to things that endanger de US economy... they will be eliminated.. ermmm... I mean.. democracy and freedom will be brought to them, or they will thought of as totally unimportant (environmental issues).
So, does this mean that the creators of malware/viruses/spyware are going to be classified as terrorists?
They were confused. They don't really mean MICROSOFT Windows - this is the same old patch your HOUSE windows - cellophane and duct-tape. There's a red-level threat in the UK today, therefore nobody can carry-on water on airplanes in the US. Clearly water can kill you, so they are making sure none of that nasty humidity in the summer air can get into our homes. Thank goodness for the protective vigilance of our gubmint!
Why, oh why, didn't I take the Blue Pill?
Easy: the only website you get to access would be the one from guatanamo bay.
less than a day after the release of 23 patches from Redmond
Yeah, boy, did I get bored reading about them as they came out on the mailing list I'm on. Can't they just sum them all up?
Internet Explorer: Bad
Powerpoint: Bad, etc.
Get your own free personal location tracker
Gawd, sometimes I loathe Microsoft in all its guises, and sometimes I fall into a Descent style animal fury at this annoyingly necessary evil.
With the latest "Critical, this affects everything" remote exploit patch, I had to run around patching our many computers in our medium sized academic department. We're supposed to have a software update service which pushes out the patches to critical issues such as this. Of course the SUS didn't update about 60% of the PCs, requiring me to manually run windows update on each one. each damned PC.
But wait, it gets worse.
About 80% of the unpatched PCs didn't have the latest Windows Genuine Advantage activex control installed. And for some reason, using windows update via "Run As..." no longer works. So I have to kick all my users off their PCs, log in via the local admin account, run windows update, manually install the new "improved" WGA tool, then finally click a bunch of times to get through to the final update screen. On about a quarter of the PCs, the Malicious Software tool or whatever it is called, requires a "click OK to install" about halfway through the patch process.
My Red Hat servers took a couple of clicks; go to redhat satellite server, select all out of date servers, click update, OK.
My lab of Macs took a little more work; open apple remote desktop, select all, run Unix command softwareupdate -l, download the pkgs manually, then apply those pkgs to all the out of date macs.
Both of those updates, the redhat and the macs, took less time than a single windows PC.
And all this during the busiest 2 weeks of the academic IT year, preparing for new visitors, classes and students...
----- Documentation is worth it just to be able to answer all your mail with 'RTFM' - Alan Cox.
Doesn't the United States CERT fall under DHS?
It makes sense that they would issue an advisory to tell people to protect their machines. While the R in CERT traditionally stood for Response (it is not Readiness), I still don't think its a huge deal for them to be proactive in telling people to get their act together
Use linux.
Microsoft denies patches to any system it deems "non-authentic". Now the US government is urging, strongly, everyone to patch their systems. This leaves your typical patriotic "pirate" US individual in a bit of a pickle. Skip the patch and "Let the terrorists win" or fess up, pay up and "Think of the children."
That said, it sounds like a new Microsoft slogan:
"Unpatched Windows systems are hurting the war on terror; buy your legitimate license today."
Then again there is always http://windizupdate.com/
Im being conspirative here, yes. But after all we have seen it is not too far fetched to believe that 'homeland security' got a sizeable donation from microsoft, riaa and the like.
Read radical news here
An unsealed bottle of water can be used as a transport for biological and chemical agents- and
with many of the agents, you'd never know it wasn't "just water" until it was too late.
To be sure, the "can't be bringing a bottle of water on board" is a bit overboard (But then, many
of the things they've instituted have been at least a little bit that way from the beginning...)
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Isn't DHS concerned about the threat against the install base of *nix OS boxes?
When they suggested immediate pathing of ALL boxes, I will take this serriously, otherwise . . .
It's a trick. Get an axe.
Here will be an old abusing of God's patience and the king's English.
They won't be able to monitor you as well.
hmm, what's with the black helicoptor outside. Woah, look at the scope on that guys rif
You're not with us. That means you're against us.
GET HIM!!!!!
If this were an actually serious situation, then the US government would physically take over Microsoft's Redmond 'campus' and force all activity on future commercial products to cease until this 'threat' is over. Then the source code would be released to the authorities and universities for review and study for future 'dangerous defects'.
As to why this doesn't happen for Linux, well it's because the US government doesn't take Linux seriously. To them, it's a toy or at best, a minor application program that does...something. To the millions of employees of the US government, 'Microsoft' and 'computers' are identical terms. Most government workers, if asked, would probably tell you that Linux was a Microsoft project mandated to comply with some distant previous anti-trust ruling.
In reality, this is just the US government (or rather, some very minor apparatchek) just talking out of his ass and hoping to get on the evening news.
I didn't see a Homeland terror level mentioned anywhere. The current terror level is BERT: Sessame Street Terror Level
Do they mean install the same patches that made machines unusable a few months ago? http://news.zdnet.com/2100-1009_22-6062026.html I'll hold off for a month.
I have to admit this is a little bit creepy. Maybe we should wait for some Slashengineers to take a closer look at this patch. But honestly, government officials already have ability to spy on everything you do and frame you for anything so I'm not even sure a backdoor would accomplish - just makes things easier I suppose.
Haiku for you!
Patch available here.
HTH
rooooar
Just out of curiousity, what happens if you don't?
For you average tech savy user, using Win2000, firefox, openoffice, zonealarm
and would likely know, I was wondering about blocking TCP ports 139 and 445. Aren't they the ports used by Samba to connect Linux computers with Windows machines?
3 things about computers: they're alive, they're self-aware, and they hate your guts.
Actually, they did that. You just didn't bother looking. http://www.kb.cert.org/vuls/id/650769
http://www.us-cert.gov/cas/techalerts/TA06-220A.h
The cynical side of me also says that some department in the United States got hacked into. They do say that the exploits were being used but dont go futher.
Ooo man the floppy drive is broken. No wait. The computer is just upside down.
then the terrorists win...
They probably just want you to install WGA, which is required for new Windows patches... they probably saw my new motivational poster.
stuff |
1 - DHS orders Windows Update for everybody
2 - Windows update install patches and WGA
3 - Everybody thinks their "PCs are pirated on the internets"
4 - ???
5 - Profit!!
how long until
but it appears my copy of Windows is not genuine.
the announcement will be made November 1st.
you heard it here first.
NostrilDrippus sees all!
I agree 67.314159% with everything the OP said!
If you mod me down, I shall become more powerful than you could possibly imagine.
I hereby refrain from the apple fanboi knee-jerk "yeah but OS X..." remark. ;)
"So, if you don't apply the patches, then what?"
You're an idiot, that's what.
The U.S. government raised the security alert on passenger planes to its highest level for the first time on Thursday after Britain said it had foiled a plot to blow up flights to the United States.
The government also raised the security alert level for Windows users from Purple to Pink after Microsoft announced it had foiled a plot to make Windows more secure.
It's just the normal noises in here.
If the goobermint realizes the danger posed by millions of easily hacked toy computers, perhaps Microsoft will be declared a terrorist organization. A few dozen Tomahawks aimed at Redmond couldn't hurt.
So, if you don't apply the patches, then what?
Well, I'm not sure what happens if you don't apply the patches, but we do have an idea of what happens if you ask questions like that on a blog.
(that's mostly a joke... at least for now)
Stop-Prism.org: Opt Out of Surveillance
After Microsoft stuck their WPA Notify spyware on my machine, claiming it was an important, possibly vital update, how am I expected to trust them?
* No * Thank * You *
I have a better solution: I run Windows 2000 SP4 (XP is bloatware in my opinion) inside a Virtual Machine on Linux. The virtual machine has no connection to the internet (its IP address is blocked by the router), and does not run email or a web browser. When the copy of Windows is shut down, *it reverts to a snapshot*. All data is stored external to the VM's "C drive", where it's protected by Linux. Voila, no updates needed!
We've all heard how Microsoft's latest efforts to fight piracy hurt innocent people running legitimate copies of their software. We have all seen how Microsoft installs "beta" software without asking permission. Distrust, like trust, is earned. The folks in Redmond have *earned* my distrust.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Why is it that the only US government recommended way to fix this alleged security problem is to install a patch? Why did they not list any other possible ways to remediate the problem, such as replacing the OS? I am going to have to agree with the conspiracy theorists on this one -- the government didn't suddenly become concerned about a security problem in Windows, there is some other reason that the government wants people to install this "patch".
What a remarkable commentary on the sad state of affairs in the "Land of the Free" that our government makes a press release regarding patches to our computers and the first thing we think of is that the patch is associated with monitoring us somehow. For the record, I had the exact same thought as the OP and agree 100% with what he said.
Sorry, but these two post really comment on the sad state of affairs on slashdot. Slashdot is a bit heavy with tinfoil hat types. One of the primary rules of espionage is to just blend in, fade into the background, don't call attention to yourself. If the government were to do something like this, and I don't believe they would, it would be quietly slipped into a run of the mill security update. Nothing special, just a routine monthly security update like the ones we have come to expect.
I wonder if that study included all these costs associated with these critical security upgrades too.
[*] Some trivia for the curious: Whitemail is the tax paid by serfs to their lords in silver coins. Blackmail is tax collected in the form of goods.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
You know, what if they're using Macs or Linux?!
Is homeland security going to fine them, throw them in prison?!
<pananoid>Homeland Security is working with Microsoft to further their monopoly!</pananoid> ;-)
If I don't patch my machine it is vulnerable.
If I do patch my machine I get WGA, whatever other unknown bugs introduced. Also ever notice how MS machines seem to get more unstable as we get closer to a new release? Where's the KB article on that?
Rick B.
It probably (finally) occurred to someone that perhaps the discovered attack for each of these wasn't the *first* attack.
This attack provided interesting and somewhat rare evidence that exploits are sometimes discovered by the black hat's and used for unknown (long) periods of time, quietly, before they are discovered by white hat's or by script kiddies (who invariably exploit them less than discretely such that the defects are discovered quickly).
These recent events should prompt a fair number of security consultants to have somewhat more polite versions of "I told you so" conversations with their unruly clients, who typically don't believe this really happens "in the real world". Yes, it really happens. It really happens in the real world. Let's get real.
If you mod me down, I shall become more powerful than you could possibly imagine.
...just because you're paranoid, doesn't mean they're *not* out to get you.
Shouldn't they just order Microsoft to fix their dam operating systems. And office packages, and services, web server, database products, and web browser.
Oh what the hell, just order citizens to stop using Microsoft products.
>_>
/tinfoilhat on
That's what they WANT you to think
_
http://www.TheGamerNation.com/Forums
Drat... I forgot to mention an important bit...
Although the DHS warning is about the remote worm exploitable hole, not the office holes, I meant to explicitly suggest that the reason the DHS have their undies in a bunch is because of their heightened sensitivity right now. In turn, I suspect their sensitivity is due to the recent exploitation of the Office holes, not a terrorist plot as such. There have been a couple remote rootable exploits that MS has patched in the past six months which didn't elicit such a response from DHS. What has changed probably isn't the occasional discovery of worm exploitable defects, nor a terrorist threat against The Internet (which threats are omnipresent, eh?) but rather the DHS sensitivity, due to these other recent problems.
If you mod me down, I shall become more powerful than you could possibly imagine.
Of course admins who are diligent will keep the systems patched. Not sure why we need DHS to stick their collective noses into it, and considering the fact that they have a bad habit of flunking IT security audits, maybe they should spend more time worrying about their own security.
s p
http://www.eweek.com/article2/0,1895,1938866,00.a
It's always the same. I get up and turn on the PC, as a a Winamp playlist is in the startup folder and I want music with my coffee. I pour a cup and see a yellow box in the corner of the computer.
Now, before I have my second cup of coffee I have an IQ of about half my age. So I completely forget the previous month. I tell it to download the patches, looking to see if some insidious Microsoft crap like WGA isn't there (even a total moron like I am before my coffee does that) and download. While I'm sitting there, I of course check my email.
As I'm responding to someone, the box pops up on the screen, interrupting what I'm doing to inform me that it's done downloading.
When I've composed my wits a bit and remember what I was trying to type when Windows so rudely interrupted me, I start typing and another God damned box pops up, do I want to install? Stupidly I click "yes".
Then I'm interrupted every five fucking minutes asking me if I want to reboot or should it wait. WTF, I told you "no" once, you Goddamned stupid machine! But it keeps nagging every five goddamned minutes.
They can wait a month to get the patch to me on their schedule (patch Tuesday) even though the exploits they're patching have been in the wild for weeks, but I can't wait thirty minutes to reboot the fucking computer!
I hate Microsoft. When Patch Tuesday comes I always consider stealing a B-52 and carpet bombing Redmond with it. Fucking asshats.
I'm sorry but all of these conspiracy theories floating around seem completely ridiculous to me. If I were to guess why the government is recommending we patch Windows, I would say it's because they got hacked just a few weeks ago and there was an article on slashdot about it. This is probably their lame way of covering up or making things right again, even though anyone who cared has obviously forgotten about it by now anyway. Microsoft's advice to them on how to not get hacked was probably along the lines of "patch Windows regularly" and they probably bought it. Now the Government says to the Vulnerable Public, have no fear! We have it figured out! It happened to us too, but we know you need to patch things!
Just my two cents.
"if only i had known i would have been a locksmith." -albert einstein
Please install these rootkits, I mean patches as soon as possible so that we can begin arresting the problems quickly.
My first thought also, from within, is that this was somehow tied to an information gathering linked either to the Lieberman loss in the CT primary or the thwarting of the airline bombing in England. Very sad...
does it run on Linux?
and we have not seen virii on Unix boxes since then.
Hahahahaha. What, am I about to get hacked with a 100-dollar hand-crank laptop? Thanks DHS, but the record shows that I seem to be much more adept at computer security than the DHS...and I get high. Regularly.
1. microsoft is spending 3.8bilions in PR and no one knows where it goes.
2. Russian submarine manufacturer also spends bilions in PR that no one knows where it goes.
3. Homeland security says 'patch you submarines'. no, don't buy one without holes, use gum.
Then the terrorists have already won.
Duh!
Without MS06-040, the malware can spread computer to computer within a protected network after the first breech though a link or email. So, one user screws up and all 10,000 computers behind your university firewall are infected in a few hours. Then, all someone has to do is take their laptop from your infected network and plug it into their network. Do you have anyone on-site right now from IBM, HP or Dell? If they plug their laptop in for a patch, then go to their home network, they will spread that virus to another group of 10,000+ computers all without intervention. The potental is huge that a virus could spread worldwide within 24 hours of hitting, and then be pretty nasty to rid off of a network. See CodeRed and others.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
So I head off to boot my lappy to XP, something it hasn't done in weeks, run the updater, deselect the WGA option, and the sonofabitch installed it anyway.
/., and that makes me look like a nubie, which I hardly am, and you all know that. IMO, the inbreeding in Redmond has reached the point of no return, and I'm thinking of reclaiming the space the XP install uses for something usefull.
Is there no end to the microsoft perfidity?
Oh, wait, this is
--
No Cheers this time, Gene
I mean everyone seems to think the Homeland security is out to get us?
Let's consider the other side. How many people already investigate every patch microsoft sends us even before this announcement? How fast did we learn about the Genuine Advantage Disadvantage?
The fact is we know exactly what's in the patches, we've heard nothing about a bad patch or a big brother patch, the sort of thing these guys hunt for in the first place? So why is everyone paranoid?
I think the scarier thing is that Homeland security is normally a very tight lipped organization, they didn't meantion a threat but I believe we have to believe that they know of a plan to attack windows based machines on a wide scale and in a viral format, probably at a level no one could ever imagine?
If you really think they are out to get us, feel free to check the updates, crack them and find any secrets they have there. Post them on underground boards and with in a week we'll have a way to circumvent them. But you're probably not going to find anything. Instead you're probably going to find a virus in the upcoming weeks that would have crippled the nation but instead just bounced weakly off the computers because of the updates that came out this week.
Why would the government work so hard to spy on us. When AOL will just release all our data from searches and do it for them.
Sorry feds. Theres no way i can patch my windows without exposing myself to the threat of WGA suddenly deciding i'm a pirate.
It's too much to risk.
ya it definately is suspicious for .. years? now they have been trying to find more and more ways to spy on americans, and now they are tell us to apply a patch that supposedly closes a hole they could use to spy on us? did they not need it anymore? they found a better hole to exploit? or is the patch creating a more secure backdoor for them?
This update is as important as it gets. There are vulnerabilities in every major MS program which allow remote code execution, which means that as soon as the exploit is discovered, it can take advantage of holes all over your system.
Affected programs and services:
- MS Server Services (TCP 139 and 445).
- DNS servers
- Internet Explorer
- Outlook Express
- Microsoft Management Console
- HTML Help
- Visual Basic
- Microsoft Office
- Windows kernel
I'm not too surprised that they're trying to push awareness of this patch. It was the lack of patching several weeks beforehand that allowed Code Red to do as much damage as it did.
When did the future switch from being a promise to a threat? -C. Palahniuk
The subject title may be crude but after reading a lot of these comments its the first thing that came to mind. Why do so many people find it surprising that there are alot of tin foil hat types on /.? As far as I can remember we have pretty much been the majority. Yes I have my tin foil hat on now. Most geeks I know are very leary of the gov and intelligence agencies. So why are so many people here in shock that a lot of us are so suspicous of them asking us to update windows when they NEVER have before? Or any other os for that matter. I think the more intellignet a person is the more suspicious they are going to be of the government. Why because we can see what's going on and understand it better than someone of lower intelligence. we are able to put all the oddds and ends together that an average man may miss. We have to remember that unfortunately most people aren't well educated and simply pay no attention to the world around them. TIN FOIL HAT WEARERS UNITE!
WTF?
How many stories have there been in the last year alone about corrupt voting machines and election fraud?
JACEM
DOC Disinformation Obfuscation and Confusion
The carrot to FUD's stick
I'm perfectly fine with the anti-smoking laws. They're just as american as the ones that prevent me from "blowing" lead your way when you blow smoke mine. If you wish to remove the former, also remove the latter.
"Wait, it's not the same thing" you say? I'd beg to differ. The only difference is in speed of effect. (Hint, the lead's just "blowing" in your general direction - it might hit, it might not. Do you feel lucky?)
The proper thing would be for Microsoft (yes, good ole MS) to stop shipping machines that default to "please pwn me". Second would be to encourage ISPs ship those little DLS/Cable routers with the FW enabled with ports below 1024 blocked.
It's not about protecting people from themselves, but more about protecting me from you in my view. I'm perfectly fine with you shooting yourself in the foot, or elsewhere, and firmly believe you should have the right to do so.
The cesspool just got a check and balance.
and all i got was a rude error message.
that doesn't usually happen with Safari unless the website is down... curious...
guns kill people like spoons make Rosie O'Donnell fat.
Has anyone considered the possibility that the patches contain monitoring code that will in fact allow the department of Homeland Security to monitor people's computer communications? It is not as if such accusations have not come forth before. This article over at the CBC website comments about alleged CIA operations, in where they are flying prisoners around the globe to be handled in different jurisdictions. This particular article comments about such flights landing in Canada. In Gander to be exact. So it is not to far fetched to consider possible ulterior motives to getting people to update.
So while I applaud the Department of Homeland Security for advising the citizens of the USA to stay on top of their computer updates, I also wonder if there is any ulterior motive behind it. Have they asked Microsoft to include some code that they can use? Or for the bigger conspiracy theorists out there, have they infiltrated their own programmers among those who are writing Windows updates and Vista code?
And for the ultimate in conspiracy theories! Has anyone thought about the timing of the press release? One day before terrorist in the UK are busted in the closest terrorist attack since 9/11, and no one can use the argument that Homeland Security did not know about it the day before. It's not like they woke up and said "Let's bust some guys in England who just happen to be plotting to do something with commercial flights going to the USA"
My opinions might not be popular but they have a point. Be skeptical of everyone, till they prove you wrong!
-Ghost
It's a simple choice on slashdot:
1) You choose to question authority because you understand man's potential for selfish motives especially when man is in positions of power. You choose to look for lies or misinformation in case they are there, not because you "know" they are there.
2) You wear tinfoil blinders and simply accept what your favorite authority figures tell you because you truly believe they mean the best for you and everyone else. You ignore history and you actually think "These guys, ya, these guys are different.
Make your choice.
Tomorrow is the three year anniversary of the Blaster virus, which just happened to take advantage of a very similar vilnerability. Today might be a good day to patch... http://securosis.com/2006/08/10/today-is-a-good-da y-to-patch/
First, if you consider your government to be benevolent, that the security hole this patch should fix is so critical that it does not only affect you, and your machine, but also the rest of the net, by the very simple reason that your machine is connected to it. Governments are rarely if ever concerned with the well being of a single citizen (seriously, it does not have the means to), it is concerned with the well being of the total populace. So it didn't care about the security problems that opened your machine and compromised your security, but it is concerned with security issues that allow an attacker to use you to affect the rest of the net.
Second, if you consider your government to be malvolent, that this patch introduces a better way to eavesdrop on you, that it opens up a spying channel for them, that it removes some security means that allow you to encrypt data better than they can decrypt them with their sniffing tools or that it's the first step to putting the blame on you should your computer inflict some damage to something "important" under the control of a trojan.
Which one it is is up to you.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
When Microsoft sent the WGA Notify program to all those computers, *that software was considered beta*! Microsoft even admitted that, and explained *that* was the reason the software phoned home, so they could de-activate it if they found any serious problems. It's bad enough they would put what I consider spyware on my machine, it's quite another to put *beta* spyware on my machine. I don't have the original installer anymore for WGA Notify, but if I remember correctly, the "read me" (which I don't recall being given the chance to actually *read* before the thing was installed automatically) mentioned the software was some sort of pre-release.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
All self-respecting terrrorists run Linux anyway.
they vill take you und lock you up in the concentration camp!
That's what happens if you dare question our Reichsfuhrer and his Homeland Security order to upgrade Windows!
-- Tigger warning: This post may contain tiggers! --
These ports have to do with things like name resolution, network file sharing, remote execution, and stuff. I don't really know all the details. While linux can talk samba with windows, it is more a windows to windows kind of thing. Read this for some more info. What port 445 does [petri.co.il]
That's funny, I thought Homeland Insecurity cut all the funding for Port Security.
Good thing it doesn't affect my Bridge route.
-- Tigger warning: This post may contain tiggers! --
If you don't patch Windows, the terrorists win!
I'm not sure about OBL, but the spammers and assholes have already won. Not that applying the patch of the month will really help. After all, the spammers have known for years the problems being fixed this month and next month and so on ad nausea. The OS itself is just junk. That's why Windoze has a half life of 12 minutes, 80% of spam is coming from broken windoze boxes, the vast majority of email is spam and people with botnets can screw anything anyone wants to do online. With new problems found every month and none of the same problems on any other OS, you can't blame the users. North Korea is already taking advantage of the situation to spy. Directing people to constantly apply a stream of patches instead of abandoning Windoze is nothing but a waste of time.
Friends don't help friends install M$ junk.
.... it makes it obscenily easy.
IANAL but write like a drunk one.
Just take away our library cards. Or take away our rights to use Windows (That would be cool).
He who said 1,000,000 monkeys on 1,000,000 typewriters would eventually type the great novel, never saw an AOL chat room
The government also raised the security alert level for Windows users from Purple to Pink after Microsoft announced it had foiled a plot to make Windows more secure.
No wonder I didn't get this one, my video settings are set to monochrome!No doubt this Windows update will undergo intensive scrutiny by individuals and companies interested in computer security, especially in light of this excitement surrounding the DHS recommendation. Any suspicious functionality will be discovered, even though we do not have the source code. The government knows this, so I would be amazed if they actually included nefarious code in this update. Besides, WGA can probably spy on us just fine, thank-you-very-much. ;)
You bring up an interesting point, one that I didn't consider. If we (the slashdot conflux) are to take that into consideration when evaluating the intention of the DHS regarding this press-release, then we could assume that they know that any attempt at subverting privacy, security, etc. will be discovered through such means. A reverse-engineering might prove this patch and subsequent patches benign in the civil-liberties-eroding sense. If, however, it's discovered that the patch indeed performs some kind of surveillance or intelligence gathering, not only does that demonstrate a massive underestimation of "the people" by "the man", but it provides even greater evidence that we live in some troubling times. The implications of such a thing occurring are major: the government is trying to hack your home computer. Not only do you have to worry about spam, viruses, spyware and the like, but now you have to wonder if Big Brother is logging every Internet search you make (ala Yahoo!), or counts every time you view something on the government's "evil-doers" list.
Hades, PoD: Official Advocate
Windows Visa will automatically send the details of people that don't update to the 'no fly' list.
Engineering is the art of compromise.
(http://slashdot.org/) It's a simple choice on slashdot:
1) You choose to question authority because you understand man's potential for selfish motives especially when man is in positions of power. You choose to look for lies or misinformation in case they are there, not because you "know" they are there.
2) You wear tinfoil blinders and simply accept what your favorite authority figures tell you because you truly believe they mean the best for you and everyone else. You ignore history and you actually think "These guys, ya, these guys are different.
Make your choice.
You are right, slashdot has the intellectual simplicity of Bush Jr. and most folks around here would think it is that simple.
Please people Wake Up!
Homeland Security issues warnings, statements, etc.
Fails every challenge they have publicly faced.
Hails ignorant prosecution of minor terrorist. Can't find the Worst of the Worst BL.
After the disclosure they busted two disgusting defiles in Two TOP administration positions of Homeland Security in charge of US Security, using H.L.S. Computers and one of the cretins actually giving out his office phone numbers, business card and or pictures of HIS badge (credentials..I don't recall which)...I have a hard time lending any credibility to anything wrapped in their letterhead.
Have any slashdotters ever heard another thing about what the outcome of that event is/was/ or is in the process of being dealt with?
Like many/.'rs, I don't like being labeled a nut, unpatriotic or paranoid but if you aren't paying attention, I fear you earn the 'there is no cure for stupid'.
What does the govt. have to do besides lie to you, play both sides against the middle and take your constitutional rights and flush them down the toilet to make you wake up.
"Never try to teach a pig to sing. It simply wastes your time and truely annoys the pig"
I have a solution that eliminates all threats posed by buggy software:
"format C:"
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
AHA!
That's why they bought sysinternals!
Now everything makes sense.
We are Turing O-Machines. The Oracle is out there.
Charles Wyble System Engineer
"Then your computer will blow up and we'll all die"
Your not real bright are you?
http://www.securityfocus.com/columnists/402
Let me configure your monitor for you.
You don't know the half of it (IT).
"A comprehensive study of the 2000 presidential election in Florida suggests that if the U.S. Supreme Court had allowed a statewide vote recount to proceed, Republican candidate George W. Bush would still have been elected president. The National Opinion Research Center (NORC) at the University of Chicago conducted the six-month study for a consortium of eight news media companies, including CNN." http://www.cnn.com/SPECIALS/2001/florida.ballots/s tories/main.html