Slashdot Mirror
Homeland Security says 'Patch Windows Now'
gregger writes "Wow, so the Department of Homeland Security is really concerned with Microsoft patches now... enough to come out and tell us to patch our machines. This warning, chronicled in eWeek, was issued less than a day after the release of 23 patches from Redmond. So, if you don't apply the patches, then what?"
In my country, the United States of America, I have never seen everyone so polarized. As a result, I personally highly value the ability to see actions and events from both sides. It's a becoming a rare trait.
... uh ... love life. I wouldn't care if terrorists destroyed every TV & radio station in the United States, but I would riot if I was denied an internet connection for more than a few weeks. They're just protecting my interests much like a public service announcement or a tornado warning. I mean, the US-Cert team has been doing this for a while--even on my Mozilla browser. This "Patch Windows Now or Else..." is just FUD from the Slashdot editors--if you read the government press release, it's merely a recommendation, not a demand, warning or threat to patch your machine.
On one hand, this announcement shows that the government is looking out for us. They are concerned about terrorists using our machines to commit acts of cyber terrorism. They are helping us protect ourselves by advising that we patch our machines with hyper critical updates from Microsoft. We should be glad that our government is so thoughtful and has decided to twist Microsoft's arm into fixing these problems and releasing updates. After all, as Americans, nothing is more important to me than my internet. It's my commerce, education, and
On the other hand, should we be suspicious? I mean, there have been much more severe critical problems with prior editions of Windows that the government hasn't deemed necessary to recommend. How do we know that these patches aren't part of some sort of government initiative to harvest data? I mean, we've seen it with our phones and e-mail--why not another form of technology? Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA? Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative? Why Windows? And how can we believe them if we never get to see the source code of the original program and the source code of the patches? Two points to note: Why now? And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do? These patches might be a wolf in sheep's clothing. I don't think the government is so worried about our interests but more so they're worried about the gathering of intelligence in their case against every single United States citizen.
My work here is dung.
"If you don't patch Windows, the terrorists win!"
this means the gov't mandated backdoor has been placed in the update queue?
Then your computer will blow up and we'll all die
It's just a recommendation, and they've been doing this for a while now. Perhaps this is to save a little face for the massive Rails exploit posted just a few stories below?
I'm sure "SlashdotMedia" will improve on all the wonders that Dice Holdings blessed us all with
"So, if you don't apply the patches, then what?"
They buy you a brand new Intel Mac! Courtesy of U.S. taxpayers.
So great, DHS is recommending that people keep their machine patched. Anyone who says this is a bad thing has their tinfoil hat on a little too tightly. The only thing that concerns me is that DHS's responsibility in the US government seems to get more and more broad; anything that can be deemed in the protection of "Homeland Security" they can control, from intelligence to customs and border patrol to cyber security.
Anyway, this isn't that big a deal.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
You wake to a pounding on your door. At your door are two men dressed in suits. you "Umm can I help you." Suits " You're under arrest." you "On what charge?" Suits "For not patching your windows computer." You "patch my what?? I use Linux!" Suits with a baffled look "Lin-what? Are you threatening us?" Suddenly more suits surround you and begin beating you while you hear "King Bill" laughing in the background.
So many choices, so little tolerance.
http://www.ubuntu.com/download :)
Considering this morning's prohibitions on taking liquids onboard (after a terrorist plot was uncovered), I'm resisting temptation so far to place my bottle of 'Dew in my computer's cup holder.
Where were you when the voynix came?
So, does this mean that the creators of malware/viruses/spyware are going to be classified as terrorists?
They were confused. They don't really mean MICROSOFT Windows - this is the same old patch your HOUSE windows - cellophane and duct-tape. There's a red-level threat in the UK today, therefore nobody can carry-on water on airplanes in the US. Clearly water can kill you, so they are making sure none of that nasty humidity in the summer air can get into our homes. Thank goodness for the protective vigilance of our gubmint!
Why, oh why, didn't I take the Blue Pill?
Easy: the only website you get to access would be the one from guatanamo bay.
Or it could be DHS making a publicity move. They've got to justify their budget to the public somehow, and a lot of what they do is behind-the-scenes stuff.
Also, to be cynical as ever, we DO have elections coming up in a few months.
As far as I'm concerned, the boy has cried wolf far too many times for me to react to any warning DHS or any other governmment agency says about threats.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I'm a system administrator at a large university. Apparently Microsoft actually contacted a few people around the university urging them to patch up. This shocked a few people because apparently we don't normally get that kind of communication from them here. It went around our listserv yesterday. So anyways, it seems like Microsoft might think it's an unusually big deal too.
You're not with us. That means you're against us.
GET HIM!!!!!
Right. And of course you sniff all the packets that your machine sends out from your windows machine every time it gets a patch from microsoft, etc, etc, to make sure it's not 'reporting back' on your activities since you last connected to Microsoft, etc, etc?
The opensource firewall only protects you from them initiating contact to your machine from outside. It doesn't prevent hidden reports being sent out. That takes a lot of human monitoring, and some packets, you just don't know the real content/context of (reports to MS etc).
Actually, they did that. You just didn't bother looking. http://www.kb.cert.org/vuls/id/650769
http://www.us-cert.gov/cas/techalerts/TA06-220A.h
The cynical side of me also says that some department in the United States got hacked into. They do say that the exploits were being used but dont go futher.
Ooo man the floppy drive is broken. No wait. The computer is just upside down.
hmm, what's with the black helicoptor outside. Woah, look at the scope on that guys rif
Another strike from the Grammar and Spelling Department (Apostrophe Patrol).
Ydco co
They probably just want you to install WGA, which is required for new Windows patches... they probably saw my new motivational poster.
stuff |
but it appears my copy of Windows is not genuine.
I agree 67.314159% with everything the OP said!
If you mod me down, I shall become more powerful than you could possibly imagine.
The U.S. government raised the security alert on passenger planes to its highest level for the first time on Thursday after Britain said it had foiled a plot to blow up flights to the United States.
The government also raised the security alert level for Windows users from Purple to Pink after Microsoft announced it had foiled a plot to make Windows more secure.
It's just the normal noises in here.
After Microsoft stuck their WPA Notify spyware on my machine, claiming it was an important, possibly vital update, how am I expected to trust them?
* No * Thank * You *
I have a better solution: I run Windows 2000 SP4 (XP is bloatware in my opinion) inside a Virtual Machine on Linux. The virtual machine has no connection to the internet (its IP address is blocked by the router), and does not run email or a web browser. When the copy of Windows is shut down, *it reverts to a snapshot*. All data is stored external to the VM's "C drive", where it's protected by Linux. Voila, no updates needed!
We've all heard how Microsoft's latest efforts to fight piracy hurt innocent people running legitimate copies of their software. We have all seen how Microsoft installs "beta" software without asking permission. Distrust, like trust, is earned. The folks in Redmond have *earned* my distrust.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
These ports have to do with things like name resolution, network file sharing, remote execution, and stuff. I don't really know all the details. While linux can talk samba with windows, it is more a windows to windows kind of thing. Read this for some more info. What port 445 does
One should probably never have 139 and 445 exposed directly to the internet, one should probably only have them exposed beyond an individual workstation if that workstation is part of a realish network (eg, three pcs that never talk to each other plugged into the same linksys router wouldn't count). When in doubt, block it and see what happens.
What a remarkable commentary on the sad state of affairs in the "Land of the Free" that our government makes a press release regarding patches to our computers and the first thing we think of is that the patch is associated with monitoring us somehow. For the record, I had the exact same thought as the OP and agree 100% with what he said.
Sorry, but these two post really comment on the sad state of affairs on slashdot. Slashdot is a bit heavy with tinfoil hat types. One of the primary rules of espionage is to just blend in, fade into the background, don't call attention to yourself. If the government were to do something like this, and I don't believe they would, it would be quietly slipped into a run of the mill security update. Nothing special, just a routine monthly security update like the ones we have come to expect.
>_>
/tinfoilhat on
That's what they WANT you to think
_
http://www.TheGamerNation.com/Forums
I'm sorry but all of these conspiracy theories floating around seem completely ridiculous to me. If I were to guess why the government is recommending we patch Windows, I would say it's because they got hacked just a few weeks ago and there was an article on slashdot about it. This is probably their lame way of covering up or making things right again, even though anyone who cared has obviously forgotten about it by now anyway. Microsoft's advice to them on how to not get hacked was probably along the lines of "patch Windows regularly" and they probably bought it. Now the Government says to the Vulnerable Public, have no fear! We have it figured out! It happened to us too, but we know you need to patch things!
Just my two cents.
"if only i had known i would have been a locksmith." -albert einstein
So I head off to boot my lappy to XP, something it hasn't done in weeks, run the updater, deselect the WGA option, and the sonofabitch installed it anyway.
/., and that makes me look like a nubie, which I hardly am, and you all know that. IMO, the inbreeding in Redmond has reached the point of no return, and I'm thinking of reclaiming the space the XP install uses for something usefull.
Is there no end to the microsoft perfidity?
Oh, wait, this is
--
No Cheers this time, Gene
nor any viruses
This update is as important as it gets. There are vulnerabilities in every major MS program which allow remote code execution, which means that as soon as the exploit is discovered, it can take advantage of holes all over your system.
Affected programs and services:
- MS Server Services (TCP 139 and 445).
- DNS servers
- Internet Explorer
- Outlook Express
- Microsoft Management Console
- HTML Help
- Visual Basic
- Microsoft Office
- Windows kernel
I'm not too surprised that they're trying to push awareness of this patch. It was the lack of patching several weeks beforehand that allowed Code Red to do as much damage as it did.
When did the future switch from being a promise to a threat? -C. Palahniuk
Has anyone considered the possibility that the patches contain monitoring code that will in fact allow the department of Homeland Security to monitor people's computer communications? It is not as if such accusations have not come forth before. This article over at the CBC website comments about alleged CIA operations, in where they are flying prisoners around the globe to be handled in different jurisdictions. This particular article comments about such flights landing in Canada. In Gander to be exact. So it is not to far fetched to consider possible ulterior motives to getting people to update.
So while I applaud the Department of Homeland Security for advising the citizens of the USA to stay on top of their computer updates, I also wonder if there is any ulterior motive behind it. Have they asked Microsoft to include some code that they can use? Or for the bigger conspiracy theorists out there, have they infiltrated their own programmers among those who are writing Windows updates and Vista code?
And for the ultimate in conspiracy theories! Has anyone thought about the timing of the press release? One day before terrorist in the UK are busted in the closest terrorist attack since 9/11, and no one can use the argument that Homeland Security did not know about it the day before. It's not like they woke up and said "Let's bust some guys in England who just happen to be plotting to do something with commercial flights going to the USA"
My opinions might not be popular but they have a point. Be skeptical of everyone, till they prove you wrong!
-Ghost
Windows Visa will automatically send the details of people that don't update to the 'no fly' list.
Engineering is the art of compromise.