If I invite you to my house and your friend stops by and I send them away, I'm under no legal obligation to let you know they even stopped by.
If I'm throwing a party and you paid a cover, you paying me in no way grants you the right to tell me who I can and can't have on my property. I can still turn your friends away without telling you they even stopped by. They're more than free to contact you later by another means.
An ISP is no different than an other server that hosts e-mail accounts. That's why they can legally block spam all day long. The "accuracy" of their blocking is irrelevant from a legal standpoint.
You have no legal right to use another person's property. It's a privilage that person grants you. Either by charge or free. By using their property you agree to abide by their rules.
They're under no legal obligation to tell you who came to the door and was sent away. If someone sends you an e-mail and it doesn't get through it's up to THEM to find another way to contact you. The ISP or e-mail host has no legal obligation to forward any of their information to you.
Just because they granted YOU the priviage of using their property doesn't mean they granted all your friends, and everyone else who wants to contact you, the right to.
What about local blacklists? Am I under some legal obligation not to use a blacklist on my server which I use to host e-mail accounts? What's the difference between my local blacklist and SPEWS?
Idiots need to learn that no one is obligated to allow others unrestricted use of their private resources. You don't have a legal right to tie up MY CONNECTION and MY HARDDRIVE with YOUR CRAP.
Can't send an e-mail to my server because I blocked your domain? Too f-in bad. Contact your "customer" with a letter or by phone. The first amendment doesn't override my ability to mark you as trespassing on my property if you attempt to tell other people who reside on my property how you like to suck on a horse. In fact I have a right to ban people who wear funny hats from my property if I so choose. It's MY PROPERTY. I CHOOSE who can be on it.
Blacklist == restraining order.
Last I checked those were still legal. You don't have a first amendment right to talk to your ex wife who you beat and banned you from comming near her.
People who try to pretend the first amendment grants them some kind of right to my resources needs to go back to kindergarten and start the educational process all over again.
"Linux is Secure" is thrown around like it's gospel so much it's easy for people to say "my site's running linux so it's secure" while completely oblivious to the fact it's not simply because they blindly believe the "gospel" and never realized you have to do things to MAKE Linux secure.
I don't trust Windows with security. I don't expect Windows to be secure or care that it isn't. I have a router that blocks every port I'm not using. And every program that runs on the open ports (25,21,110,80) are checked for security hazards. That keeps out remote exploits. Then I also run antiVirus software which takes care of local exploits that may happen to get on through FTP or whatever.
I can say "My server is secure" because *I* made it secure. It's not some mindless gospel chant that magically protects my server. It's actual research and dedication to making it secure.
I also log my server in as an admin because I don't care that Windows is insecure. It's irrelavent.
Linux would get hacked a lot less if the "gospel" got replaced with the "truth" that it takes work (and third party hardware like a router) to properly secure any network regardless of the OS handling the server programs.
They're plenty helpful until you have an actual problem that requires real effort on their part to fix. Then they refuse to talk to you. My rant on my attempt to get a 1Mbit line installed is posted at
under August 7th. As a result of their stupidity and with-holding information that was necessary in my decision for the second line to begin with (if I had known I couldn't get 1Mbit I would have canceled the entire order) I'm giving them the finger and going with Cox digital cable for my internet connection and moving my web-server to colo with my ISP which is very helpful even when problems are not so small.
There's always "good company" "evil company" stories because it depends on the problems you have. I had no real opinion of Qwest after using them for nearly 3 years until I tried to get the 1Mbit line. Now I'll go out of my way to not use them for anything. I understand that big problems happen occasionally and I have no issue with that. But I refuse to deal with a company that can't handle those big problems in a professional manner.
I'd hate to be a Qwest customer the next time a big problem comes up and so I'm going to make sure I'm not.
Router...check Anti-Virus...check Patched...chec k (occasionally) Viruses...nope
I'm currently using EzMTS as my mail server and have recieved well over 100 infected e-mails simply because I can't do basic checks with the software. It says it can but in actuality, it can't. I put Mercury Mail on my new server which is taking the place of the old one and temporarily set it to handle e-mail as a test. POOF. No more BigOne.F e-mails. It does proper filtering.
I'm moving to colocation so I need remote management. VNC is just waiting to be hacked with no logging to track attempted logins and just a single password to get in with only 8 significant characters. I downloaded the source and 30 minutes later I have a white list that prevents any IP but ones I specifically list the ability to even connect to attempt a password in the first place. It also logs every IP that attempts to connect so I can see if I'm getting attacked and take action.
Security is not brainsurgery. But on the other hand I'd hate to think what kind of crap I'd have to put up with if say for instance AT&T tried to put security as a default on VNC. The white list is about 20 lines of simple code that solves the problem very nicely. HTPASSWORD for Apache had to be modified quite a bit to be made reasonably useful. I had to remove lots of code as it was. I'd hate to think what I'd have to cut out if it came with prewritten usefulness.
I like the fact that Windows is "insecure" out of the box. It reduces the amount of hoops I have to jump through to get things working the way *I* want them working. I'd hate to imagine the nightmare of trying to configure Windows as a router. I'd rather have an external hardware solution that I plug in and is a 2 minute job to configure that I can then plug any computer into regardless of the OS and know they're all equally secure without having to dick around with each of them.
I dumped Linux because I didn't care to fight with the OS. I have better things to do. Microsoft is not my mother. It is not here to protect me from the big bad world. And I don't expect it to. If you need Linux to be your mother to hold your hand and protect you then good for you.
If software companies were FORCED to be liable, no company but Microsoft et al would be able to afford to stay in business.
As it is, software companies can CHOOSE to be liable in order to get deals. A hospital would not buy software from a company that didn't promise their software would not kill the patients.
If you don't like that Microsoft doesn't guarentee you anything then DON'T BUY IT. And good luck finding an OS that guarentees your complete saftey from the big bad world of hackers and virii et al.
When a company is gasping it's last breath it's stock fluctuates greatly before bottoming out. I'd say it's just standard daytrading at work. If I had funds I'd probably throw some at it.
"But this exo-skeleton does nothing really to solve that problem."
That's neat but no one ever claimed otherwise because nobody was talking about that problem. They were handling the problem of weak leg muscles. The problem of balance has been solved long ago for people who have a hard time balancing.
The all or nothing mindset is amazing. A number of posts have complained about this, completly forgetting about the elderies' friend the walker.
Legs like these have been in development for years (one sent electical pulses into paralyzed legs to make them move) and during testing they ALWAYS use a walker to balance the patient until (if ever) they can balance themselves.
If your muscles are so bad you can't walk then a walker won't help. A walker is for balance. I'd imagine SOME may be able to use this on it's own but for others these bionic legs would be used in conjunction with a walker of some sort.
I realize they didn't just come out and tell you this so that may sufficiently explain why you're confused.
"It doesn't do everything so it's not good for anything" just means you're not thinking.
I often check my logs to see where visitors are comming from and if it's a message board I stop by and read what people are saying to see what motivated them to go to my site.
Many companies (stars often check out what fans are saying around the net) are probably scoping out message boards/newsgroups to see what people are saying about their products. And plenty of people have opinions about various products but most people are less than stellar when it comes to intelligently expressing why they feel the way they do.
"It sucks" is not helpful to companies in their quest to improve their products. And people who bitch about everything or praise everything also aren't worth paying attention to.
It's called market research. This is a non story. "I want to have an opinion about X but X better not read it!" is just dense.
There won't be major distributers of marijuana bringing in tax revenue because it's so easy to grow practically anywhere. Tobacco can't be grown by your average Joe due to the nature of the plant. It's grown where it's grown in the US for good reason. Beer and other alchoholic beverages are also difficult to make and therefore much easier to tax and control.
Last I checked the government can't tax your garden. They can tax the seeds you buy in the store but unless they find a way to keep marijuana plants from producing more seeds...etc etc.
It's a heck of a lot easier to make money off of marijuana by arresting people and taking their property which creates law enforcment jobs etc etc. Columbia makes billions a year from the US alone thanks to this Drug War.
They do that, too. It's be a little excessive to use a new deck every hand. With this new system they won't have to because counting between shuffles will be more difficult to get away with.
"IMHO, Microsoft should be *required* to send critical updates on a CD package via postal mail."
Why? Is this another fantasy law where only MS has to play by it? Simply because YOU refuse to download on dial-up.
Imagine if such a rediculous law went into affect that software companies had to send out patches for exploits on hard media. Every company (including RedHat and every other distro company) would be out of business.
"The other twist would be the built-in firewall software."
Windows does have a built in firewall although it's a joke. Aren't we whining that MS includes Internet Explorer and Media player and now you want them to include firewall software too? What about Norton, McAfee, Linksys, Cisco, etc?
"It just isn't bandwidth effective."
Then make friends with someone with broadband and burn the patches to CD to update your home computer.
It's just so much easier to fall down and play victim though isn't it? Poor you. You can afford a thousand dollar PC but can't spring for $50 to get antivirus and firewall software. MS has to hold your hand.
I wasn't patched when Blaster hit and my computers were completely unaffected simply because I have everything behind a router.
does NOT entitle others to that authority to take matters into their own hands. He had NO authority to break/test the security in the first place under any circumstances. And it was blabbing that just put him past any sympathy points. Telling people it's insecure is one thing. Telling people HOW to break in is quite another.
The guy is rightfully going to jail. It's as stupid as the people who try to break airport security.
"So if you find problems, the best practice is to keep quiet about it."
No, the best practice is to ask permission of those in charge before doing security checks and then to tell those in charge about the flaws you find.
It's moronic to break in without permission and then tell everyone about it. Especially those who can't even do anything to correct the situation.
What do you think would happen if you broke into your neighbor's house and then informed everyone on the block how you got past his security?
The guy is rightfully going to jail because he's a moron.
If you want to check your neighbor's security, you ASK YOUR NEIGHBOR and then TELL YOUR NEIGHBOR what weaknesses you found.
The moron in this story, didn't ask permission and then scared off customers. It's not his job to check security and then report to the world the results of his unauthorized tests.
Duh. It's amazing how many otherwise intelligent people can be so braindead.
It has nothing to do with the "free market" or "encouraging competition." It's all about money. MS products cost way too much and don't do what they want, so they're comming up with singular solutions to get MS and other expensive companies out.
Once MS is out of China and more OSes and whatnot are created then we can talk about their intent to create a free market.
"Helpful hint: anti-virus software is not a cureall."
Neither are condoms but you're an idiot (or very trusting of your partner and don't mind having a kid) not to use one.
AntiVirus isn't cheap. But what costs you more money? $50 per PC to keep the viruses at bay or the money spent fixing systems (and lost productivity) after they get hosed?
Firewalls and AntiVirus are two essential and BASIC components to running any computer on the web. There's no excuse not to have them.
I was stupid once and got hit by nimda. Fortunatly it didn't do any real damage and my server was cleaned and back on-line in a couple hours. It hasn't been without AntiVirus software since. And that was about 2 years ago.
How many times do you need to blast an image before you learn?
"I've offered on several occasions of virus outbreaks in the company to switch everyone to mozilla mail so"
Or...here's a crazy idea...you could put some virus protection on the systems. We maintain quite a few systems at the Uni and we rarely go on virus calls. Blaster was taken care of in a day or so. Why? Because we install McAfee on the systems and put them on autoupdate. And for the most part, the faculty all keep their systems up to date.
It boggles the mind how many "techs" on Slashdot can't even manage to intelligently protect a system.
Mozilla doesn't prevent Blaster. It doesn't prevent people from opening attachments. It just warns them or maybe you're so lazy and paranoid you plan on forbidding attachments which is just idiotic.
"I swear if i ever own my own company"
Let's hope you learn how to be an actual tech before then.
Helpful hint number one: use virus protection software. This is a no brainer.
Helpful hint number two: never put a PC directly on the wire regardless of OS unless you absolutly must. A router is all of $50. If your users absolutly must have their own unique IP then figure $50 as part of the cost of the PC otherwise throw them behind a NAT will no ports open.
Keeping a PC from being hacked isn't rocket science.
I have an upgrade version of Win98, WinMe, Win2K. I also have a student version of XP Pro.
Win98 can't be installed (without some tricks at least) so it's used as the upgrade path for WinMe if for some horrible reason NT won't install clean. Then from WinMe I can upgrade to XP or 2K easily.
So it's not a terrible investment. It keeps my upgrade path up to date so I can save 50% or so when new versions of Windows come out.
That's nice that they want to open source the engine but that's the least of a search engine. They're going to need multiple high end servers to process the searches and plenty of bandwidth to get the results to the users.
How do they plan to pay for that? Apparently advertising is out. And we just had another monephobe complaining about lack of funds for his accounting software who expected people to donate because he couldn't figure out that maybe, just maybe he should find a way to sell his product in some form while also keeping one form free. I can get RedHat for free OR pay money to get a hard copy with some bonus stuff. Net result is that RedHat makes money and everyone is happy. Those who refuse to pay don't have to and those who are willing to pay have a reason to. Most people are not going to just give you money out of the goodness of their heart and accept nothing in return if they don't have to. Why do you think PBS gives you gifts with your donations?
I'd be more impressed with such undertakings if the owners weren't convinced the bandwidth fairy was real and that money will fall from the sky like mana.
When someone comes along who recognizes that the bandwidth fairy doesn't exist and that money needs to be aquired through marketing to get any real amount then I'll think twice before laughing it off.
Free is a pretty dream but free don't pay the bills.
"Thirdly, you've just annoyed people who have access to these different systems as they now have to change their password in 3 (or more?) different places."
Exactly. Admins who are lazy will sacrifice security for simplicity.
If you've got the same userpass for everything someone only needs to figure out one userpass to get in everywhere.
If you force your users to have different logins for every app and keep all your app accounts seperate of the OS then if someone gets one userpass the amount of damage they can do is minimized. If someone get my SMTP password, worst they can do is check my e-mail.
In your setup if someone gets your SMTP password they can check your e-mail, mess with files and even possibly escelate permissions on the OS and do some real damage.
I run Apache precisly because it doesn't do anything extra. Lack of functionality doesn't make it more secure than something of greater functionality. It's apples and oranges. As someone else mentioned, Apache has modules that open up the same/similar vulnerabilities as IIS.
IIS gets hacked from remote administration exploits and the fact it's tied in the to OS. Which is precisly why I dumped Linux which stupidily ties in FTP to the OS.
App accounts should NOT be system accounts. If I want to have the same user and pass for HTACCESS, FTP, SMTP, POP3, and VNC, I'll set up the seperate programs handling them to have the same user and pass in their respective account files. I don't want the OS to handle all the passwords. When you do that, then getting a password means you have access at some level to the OS which leads to escelation hacks. The intelligent way where say an FTP count has nothing to do with a system account, getting a username/pass only gets you into the FTP account.
If you get a password for my mail server, worst case you can read my e-mail. If you get a password for FTP, worst case you can change some files.
Getting hit by this worm demands complete apathy towards patching your system. One faculty member at the University I do tech for was complaining about doing patches. It's so hard to open IE go to tools and then Windows Update and click a couple buttons. If that. We tend to set Windows to automatically download and install critical patches and then cross our fingers and hope the users are too lazy to disable it.
In my case I just run a $50 router with NAT that blocks everything I don't need which makes the entire house network of around 10 computers immune from this worm regardless if they're patched or not.
This worm doesn't prove anything. Linux users need to be patching their systems as well and when it becomes mainstream it'll be the target of script kiddies as well. It's just pointing out what techs all know: people are lazy and don't care until it's a problem.
I've been cleaning a bunch of systems at the Uni and all you need to do is boot into safe mode without networking,
disable system restore search for msblast*.* delete all occurances reboot into normal mode and patch enable system restore
it'd also be a good time to spend that $50 a buy a router with NAT which you should have anyway. And also spring for $50 or so and get McAfee or Norton virus protection which you should have anyway.
Even if my machine wasn't updated it wouldn't be affected simply because my router blocks everything except FTP, HTTP, SMTP and POP3
Slashdot Mirror
If I invite you to my house and your friend stops by and I send them away, I'm under no legal obligation to let you know they even stopped by.
If I'm throwing a party and you paid a cover, you paying me in no way grants you the right to tell me who I can and can't have on my property. I can still turn your friends away without telling you they even stopped by. They're more than free to contact you later by another means.
An ISP is no different than an other server that hosts e-mail accounts. That's why they can legally block spam all day long. The "accuracy" of their blocking is irrelevant from a legal standpoint.
You have no legal right to use another person's property. It's a privilage that person grants you. Either by charge or free. By using their property you agree to abide by their rules.
They're under no legal obligation to tell you who came to the door and was sent away. If someone sends you an e-mail and it doesn't get through it's up to THEM to find another way to contact you. The ISP or e-mail host has no legal obligation to forward any of their information to you.
Just because they granted YOU the priviage of using their property doesn't mean they granted all your friends, and everyone else who wants to contact you, the right to.
Ben
What about local blacklists? Am I under some legal obligation not to use a blacklist on my server which I use to host e-mail accounts? What's the difference between my local blacklist and SPEWS?
Idiots need to learn that no one is obligated to allow others unrestricted use of their private resources. You don't have a legal right to tie up MY CONNECTION and MY HARDDRIVE with YOUR CRAP.
Can't send an e-mail to my server because I blocked your domain? Too f-in bad. Contact your "customer" with a letter or by phone. The first amendment doesn't override my ability to mark you as trespassing on my property if you attempt to tell other people who reside on my property how you like to suck on a horse. In fact I have a right to ban people who wear funny hats from my property if I so choose. It's MY PROPERTY. I CHOOSE who can be on it.
Blacklist == restraining order.
Last I checked those were still legal. You don't have a first amendment right to talk to your ex wife who you beat and banned you from comming near her.
People who try to pretend the first amendment grants them some kind of right to my resources needs to go back to kindergarten and start the educational process all over again.
Ben
"Linux is Secure" is thrown around like it's gospel so much it's easy for people to say "my site's running linux so it's secure" while completely oblivious to the fact it's not simply because they blindly believe the "gospel" and never realized you have to do things to MAKE Linux secure.
I don't trust Windows with security. I don't expect Windows to be secure or care that it isn't. I have a router that blocks every port I'm not using. And every program that runs on the open ports (25,21,110,80) are checked for security hazards. That keeps out remote exploits. Then I also run antiVirus software which takes care of local exploits that may happen to get on through FTP or whatever.
I can say "My server is secure" because *I* made it secure. It's not some mindless gospel chant that magically protects my server. It's actual research and dedication to making it secure.
I also log my server in as an admin because I don't care that Windows is insecure. It's irrelavent.
Linux would get hacked a lot less if the "gospel" got replaced with the "truth" that it takes work (and third party hardware like a router) to properly secure any network regardless of the OS handling the server programs.
Ben
They're plenty helpful until you have an actual problem that requires real effort on their part to fix. Then they refuse to talk to you. My rant on my attempt to get a 1Mbit line installed is posted at
The Rabbit Hole
under August 7th. As a result of their stupidity and with-holding information that was necessary in my decision for the second line to begin with (if I had known I couldn't get 1Mbit I would have canceled the entire order) I'm giving them the finger and going with Cox digital cable for my internet connection and moving my web-server to colo with my ISP which is very helpful even when problems are not so small.
There's always "good company" "evil company" stories because it depends on the problems you have. I had no real opinion of Qwest after using them for nearly 3 years until I tried to get the 1Mbit line. Now I'll go out of my way to not use them for anything. I understand that big problems happen occasionally and I have no issue with that. But I refuse to deal with a company that can't handle those big problems in a professional manner.
I'd hate to be a Qwest customer the next time a big problem comes up and so I'm going to make sure I'm not.
Ben
Router...checkc k (occasionally)
Anti-Virus...check
Patched...che
Viruses...nope
I'm currently using EzMTS as my mail server and have recieved well over 100 infected e-mails simply because I can't do basic checks with the software. It says it can but in actuality, it can't. I put Mercury Mail on my new server which is taking the place of the old one and temporarily set it to handle e-mail as a test. POOF. No more BigOne.F e-mails. It does proper filtering.
I'm moving to colocation so I need remote management. VNC is just waiting to be hacked with no logging to track attempted logins and just a single password to get in with only 8 significant characters. I downloaded the source and 30 minutes later I have a white list that prevents any IP but ones I specifically list the ability to even connect to attempt a password in the first place. It also logs every IP that attempts to connect so I can see if I'm getting attacked and take action.
Security is not brainsurgery. But on the other hand I'd hate to think what kind of crap I'd have to put up with if say for instance AT&T tried to put security as a default on VNC. The white list is about 20 lines of simple code that solves the problem very nicely. HTPASSWORD for Apache had to be modified quite a bit to be made reasonably useful. I had to remove lots of code as it was. I'd hate to think what I'd have to cut out if it came with prewritten usefulness.
I like the fact that Windows is "insecure" out of the box. It reduces the amount of hoops I have to jump through to get things working the way *I* want them working. I'd hate to imagine the nightmare of trying to configure Windows as a router. I'd rather have an external hardware solution that I plug in and is a 2 minute job to configure that I can then plug any computer into regardless of the OS and know they're all equally secure without having to dick around with each of them.
I dumped Linux because I didn't care to fight with the OS. I have better things to do. Microsoft is not my mother. It is not here to protect me from the big bad world. And I don't expect it to. If you need Linux to be your mother to hold your hand and protect you then good for you.
If software companies were FORCED to be liable, no company but Microsoft et al would be able to afford to stay in business.
As it is, software companies can CHOOSE to be liable in order to get deals. A hospital would not buy software from a company that didn't promise their software would not kill the patients.
If you don't like that Microsoft doesn't guarentee you anything then DON'T BUY IT. And good luck finding an OS that guarentees your complete saftey from the big bad world of hackers and virii et al.
Ben
When a company is gasping it's last breath it's stock fluctuates greatly before bottoming out. I'd say it's just standard daytrading at work. If I had funds I'd probably throw some at it.
Ben
"But this exo-skeleton does nothing really to solve that problem."
That's neat but no one ever claimed otherwise because nobody was talking about that problem. They were handling the problem of weak leg muscles. The problem of balance has been solved long ago for people who have a hard time balancing.
The all or nothing mindset is amazing. A number of posts have complained about this, completly forgetting about the elderies' friend the walker.
Legs like these have been in development for years (one sent electical pulses into paralyzed legs to make them move) and during testing they ALWAYS use a walker to balance the patient until (if ever) they can balance themselves.
If your muscles are so bad you can't walk then a walker won't help. A walker is for balance. I'd imagine SOME may be able to use this on it's own but for others these bionic legs would be used in conjunction with a walker of some sort.
I realize they didn't just come out and tell you this so that may sufficiently explain why you're confused.
"It doesn't do everything so it's not good for anything" just means you're not thinking.
Ben
I tried that and it decided to stop working because I didn't have Gator or whatever installed.
Ben
I often check my logs to see where visitors are comming from and if it's a message board I stop by and read what people are saying to see what motivated them to go to my site.
Many companies (stars often check out what fans are saying around the net) are probably scoping out message boards/newsgroups to see what people are saying about their products. And plenty of people have opinions about various products but most people are less than stellar when it comes to intelligently expressing why they feel the way they do.
"It sucks" is not helpful to companies in their quest to improve their products. And people who bitch about everything or praise everything also aren't worth paying attention to.
It's called market research. This is a non story. "I want to have an opinion about X but X better not read it!" is just dense.
Ben
There won't be major distributers of marijuana bringing in tax revenue because it's so easy to grow practically anywhere. Tobacco can't be grown by your average Joe due to the nature of the plant. It's grown where it's grown in the US for good reason. Beer and other alchoholic beverages are also difficult to make and therefore much easier to tax and control.
Last I checked the government can't tax your garden. They can tax the seeds you buy in the store but unless they find a way to keep marijuana plants from producing more seeds...etc etc.
It's a heck of a lot easier to make money off of marijuana by arresting people and taking their property which creates law enforcment jobs etc etc. Columbia makes billions a year from the US alone thanks to this Drug War.
Ben
They do that, too. It's be a little excessive to use a new deck every hand. With this new system they won't have to because counting between shuffles will be more difficult to get away with.
Ben
Just look at all those cool casinos they helped build.
Ben
"IMHO, Microsoft should be *required* to send critical updates on a CD package via postal mail."
Why? Is this another fantasy law where only MS has to play by it? Simply because YOU refuse to download on dial-up.
Imagine if such a rediculous law went into affect that software companies had to send out patches for exploits on hard media. Every company (including RedHat and every other distro company) would be out of business.
"The other twist would be the built-in firewall software."
Windows does have a built in firewall although it's a joke. Aren't we whining that MS includes Internet Explorer and Media player and now you want them to include firewall software too? What about Norton, McAfee, Linksys, Cisco, etc?
"It just isn't bandwidth effective."
Then make friends with someone with broadband and burn the patches to CD to update your home computer.
It's just so much easier to fall down and play victim though isn't it? Poor you. You can afford a thousand dollar PC but can't spring for $50 to get antivirus and firewall software. MS has to hold your hand.
I wasn't patched when Blaster hit and my computers were completely unaffected simply because I have everything behind a router.
Ben
does NOT entitle others to that authority to take matters into their own hands. He had NO authority to break/test the security in the first place under any circumstances. And it was blabbing that just put him past any sympathy points. Telling people it's insecure is one thing. Telling people HOW to break in is quite another.
The guy is rightfully going to jail. It's as stupid as the people who try to break airport security.
There are better ways to go about such things.
Ben
"So if you find problems, the best practice is to keep quiet about it."
No, the best practice is to ask permission of those in charge before doing security checks and then to tell those in charge about the flaws you find.
It's moronic to break in without permission and then tell everyone about it. Especially those who can't even do anything to correct the situation.
What do you think would happen if you broke into your neighbor's house and then informed everyone on the block how you got past his security?
The guy is rightfully going to jail because he's a moron.
If you want to check your neighbor's security, you ASK YOUR NEIGHBOR and then TELL YOUR NEIGHBOR what weaknesses you found.
The moron in this story, didn't ask permission and then scared off customers. It's not his job to check security and then report to the world the results of his unauthorized tests.
Duh. It's amazing how many otherwise intelligent people can be so braindead.
Ben
They're just creating their own monopoly.
It has nothing to do with the "free market" or "encouraging competition." It's all about money. MS products cost way too much and don't do what they want, so they're comming up with singular solutions to get MS and other expensive companies out.
Once MS is out of China and more OSes and whatnot are created then we can talk about their intent to create a free market.
Ben
"Helpful hint: anti-virus software is not a cureall."
Neither are condoms but you're an idiot (or very trusting of your partner and don't mind having a kid) not to use one.
AntiVirus isn't cheap. But what costs you more money? $50 per PC to keep the viruses at bay or the money spent fixing systems (and lost productivity) after they get hosed?
Firewalls and AntiVirus are two essential and BASIC components to running any computer on the web. There's no excuse not to have them.
I was stupid once and got hit by nimda. Fortunatly it didn't do any real damage and my server was cleaned and back on-line in a couple hours. It hasn't been without AntiVirus software since. And that was about 2 years ago.
How many times do you need to blast an image before you learn?
Ben
"I've offered on several occasions of virus outbreaks in the company to switch everyone to mozilla mail so"
Or...here's a crazy idea...you could put some virus protection on the systems. We maintain quite a few systems at the Uni and we rarely go on virus calls. Blaster was taken care of in a day or so. Why? Because we install McAfee on the systems and put them on autoupdate. And for the most part, the faculty all keep their systems up to date.
It boggles the mind how many "techs" on Slashdot can't even manage to intelligently protect a system.
Mozilla doesn't prevent Blaster. It doesn't prevent people from opening attachments. It just warns them or maybe you're so lazy and paranoid you plan on forbidding attachments which is just idiotic.
"I swear if i ever own my own company"
Let's hope you learn how to be an actual tech before then.
Helpful hint number one: use virus protection software. This is a no brainer.
Helpful hint number two: never put a PC directly on the wire regardless of OS unless you absolutly must. A router is all of $50. If your users absolutly must have their own unique IP then figure $50 as part of the cost of the PC otherwise throw them behind a NAT will no ports open.
Keeping a PC from being hacked isn't rocket science.
Ben
I have an upgrade version of Win98, WinMe, Win2K. I also have a student version of XP Pro.
Win98 can't be installed (without some tricks at least) so it's used as the upgrade path for WinMe if for some horrible reason NT won't install clean. Then from WinMe I can upgrade to XP or 2K easily.
So it's not a terrible investment. It keeps my upgrade path up to date so I can save 50% or so when new versions of Windows come out.
Ben
It's a good thing we have the Chinese with their complete disregard for human rights or we'd never get the opportunity to have such a freak show.
Ben
That's nice that they want to open source the engine but that's the least of a search engine. They're going to need multiple high end servers to process the searches and plenty of bandwidth to get the results to the users.
How do they plan to pay for that? Apparently advertising is out. And we just had another monephobe complaining about lack of funds for his accounting software who expected people to donate because he couldn't figure out that maybe, just maybe he should find a way to sell his product in some form while also keeping one form free. I can get RedHat for free OR pay money to get a hard copy with some bonus stuff. Net result is that RedHat makes money and everyone is happy. Those who refuse to pay don't have to and those who are willing to pay have a reason to. Most people are not going to just give you money out of the goodness of their heart and accept nothing in return if they don't have to. Why do you think PBS gives you gifts with your donations?
I'd be more impressed with such undertakings if the owners weren't convinced the bandwidth fairy was real and that money will fall from the sky like mana.
When someone comes along who recognizes that the bandwidth fairy doesn't exist and that money needs to be aquired through marketing to get any real amount then I'll think twice before laughing it off.
Free is a pretty dream but free don't pay the bills.
Ben
"Thirdly, you've just annoyed people who have access to these different systems as they now have to change their password in 3 (or more?) different places."
Exactly. Admins who are lazy will sacrifice security for simplicity.
If you've got the same userpass for everything someone only needs to figure out one userpass to get in everywhere.
If you force your users to have different logins for every app and keep all your app accounts seperate of the OS then if someone gets one userpass the amount of damage they can do is minimized. If someone get my SMTP password, worst they can do is check my e-mail.
In your setup if someone gets your SMTP password they can check your e-mail, mess with files and even possibly escelate permissions on the OS and do some real damage.
Ben
IIS is a Swiss Army knife.
I run Apache precisly because it doesn't do anything extra. Lack of functionality doesn't make it more secure than something of greater functionality. It's apples and oranges. As someone else mentioned, Apache has modules that open up the same/similar vulnerabilities as IIS.
IIS gets hacked from remote administration exploits and the fact it's tied in the to OS. Which is precisly why I dumped Linux which stupidily ties in FTP to the OS.
App accounts should NOT be system accounts. If I want to have the same user and pass for HTACCESS, FTP, SMTP, POP3, and VNC, I'll set up the seperate programs handling them to have the same user and pass in their respective account files. I don't want the OS to handle all the passwords. When you do that, then getting a password means you have access at some level to the OS which leads to escelation hacks. The intelligent way where say an FTP count has nothing to do with a system account, getting a username/pass only gets you into the FTP account.
If you get a password for my mail server, worst case you can read my e-mail. If you get a password for FTP, worst case you can change some files.
Ben
Getting hit by this worm demands complete apathy towards patching your system. One faculty member at the University I do tech for was complaining about doing patches. It's so hard to open IE go to tools and then Windows Update and click a couple buttons. If that. We tend to set Windows to automatically download and install critical patches and then cross our fingers and hope the users are too lazy to disable it.
In my case I just run a $50 router with NAT that blocks everything I don't need which makes the entire house network of around 10 computers immune from this worm regardless if they're patched or not.
This worm doesn't prove anything. Linux users need to be patching their systems as well and when it becomes mainstream it'll be the target of script kiddies as well. It's just pointing out what techs all know: people are lazy and don't care until it's a problem.
Ben
I've been cleaning a bunch of systems at the Uni and all you need to do is boot into safe mode without networking,
disable system restore
search for msblast*.*
delete all occurances
reboot into normal mode and patch
enable system restore
it'd also be a good time to spend that $50 a buy a router with NAT which you should have anyway. And also spring for $50 or so and get McAfee or Norton virus protection which you should have anyway.
Even if my machine wasn't updated it wouldn't be affected simply because my router blocks everything except FTP, HTTP, SMTP and POP3
Ben