Technically, you are correct. But in this incident, the web server being used IS relevant.
1. The payload is IIS/MSSQL specific. The author WANTS that platform.
The platform should be more accurately described as Windows and MS SQL.
IIS has nothing to do with it - other than IIS and MS SQL are commonly used together. The attack works on ANY website that utilizes MS SQL as a database. Since many smaller websites have both the web server and database server on the same machine, they use IIS and MS SQL. This will also work if you have Linux/Apache as your web server and a separate server with Windows/MS SQL for your database. It will also work if you have Windows/Apache/MS SQL on the same server.
The tight integration between MS SQL, LINQ, ASP and IIS make that entire platform desirable to have together.
Microsoft Dynamics GP used to be Great Plains Software. It was purchased by Microsoft in 2001.
The security is a relic of the program originally created by Great Plains Software. Although Microsoft should have fixed this, it was never Microsoft's idea in the first place.
MS is working on integrating GP with Active Directory.
I'm all for MS Bashing, but seriously...
Who do people blame for Flash? Adobe...but it was Macromedia (or SmartSketch if you want to go way back) that unleashed the plague upon the human race...
You should also add to this the statistic of how many corporations use their own distribution server (middleman). Even if clients poll daily, the corporation as a whole may only deliver updates weekly or may stagger updates to ensure they are tested in the wild before pushing them out to corporate clients.
Not only this, but many Administrators manually review virus' before they are cleaned. I have caught a few false positives by doing manual checks.
This is a combination of bad UI in operating systems and programs, and user cluelessness about how to make use of high resolution displays.
It is mostly bad UI.
Changing the font size or DPI settings in Windows wreaks havoc on many programs. Some mainstream applications handle it nicely, but a change to either setting destroys a number of industry applications that my clients use.
I agree with increasing DPI on a screen, to a point.
I find a 22" screen with 1680x1050 is perfect. The new 21.5" screens with 1920x1080 are a bit too "small" when dealing with XP and the native resolution.
Most business users I deal with still want 4:3 screens. 16:9 and 16:10 screens are far too short vertically. Many people still want to see a full page of text on a screen. Widescreen works well for spreadsheets and databases.
I would also like to see more screens with a lower DPI for older users. I have yet to set a 20", 21.5" or 22" screen at native resolution for older workers. Most tend to move to a ~1440x900 or even ~1280x800 from the 1680x1050 or 1920x1080. When I move to those resolutions, or any resolution that keeps the same aspect ratio, but is not the native resolution, the LCDs are blurry (even more troublesome for older users).
Not everyone watches movies on their computers all day, in fact, I would believe most people view more vertical than horizontal documents for the better part of the day - both at work and at home.
Norton, McAfee and Trend Micro have very solid products that allow for remote management, deployment, updates, forced scans, etc.
Avast (which I use at home) does not have all of these features yet. I can tell you that when dealing with hundreds of machines, having that dashboard for antivirus saves many hours of time. You can run more frequent scans on problem machines, or allow more/less freedom with the click of a button. Many of the products also have URL blocking (by category), email attachment filtering through Exchange plugins, etc. One feature I like about Trend Micro is the "behaviour" plugin, which flags anything out of the ordinary - such as accessing files, programs, or drives that they haven't before.
Corporate networks also typically have edge firewalls that will catch many of the malware infested URLs, email attachments, etc that cause problems. For many businesses 200+ computers, the Windows-installed Anti-virus software is actually the last line of defense. Often times the loss of productivity of a couple viruses getting through isn't worth the extra $$ invested in more products or a "better" product with less management features.
Licencing is also a plus. While Norton, McAfeee and Trend Micro are expensive initially, additional licences for a large number of computers and renewal licences each year actually make it less expensive than others such as Avast and Panda.
...the AM2+/AM3 socket on my AMD board continues to be useful for new AMD CPUs literally years after I originally purchased it.
Intel had a long run with the Socket 775 boards, and AMD pulled this stunt back with their Socket 939 to AM2 upgrade. AM2 is a 940 pin socket.
I do agree AMD did something right with their AM2, AM2+, AM3 sockets being interchangeable for many CPUs. Just some of the more interesting features get disabled when running an AM3 cpu on an AM2 socket.
Ah yes, why print locally when you can send it to Google and have them send it back to you. Instead of a print driver...those nasty inefficient things (no really, anyone use HP drivers?), we'll install some software, send it to...THE CLOUD!!!...and have it sent back to us to print.
And, in the meantime, if someone or something happens to "grab" that confidential document you are trying to print, no problem. What's that? government documents you are trying to print? Send 'em to the cloud, China can't get them there...oh wait.
When a user changes their password, a post-it note goes on their monitor for weeks.
If a user picks only one password and keeps it forever, they will typically pick a stronger password, protecting against brute force dictionary attacks.
However, keeping the same password does not protect against malicious ex-employees. I know companies that do not change admin passwords, and although they are complex, previous administrators still have access to certain info if they wish.
'Cause Windows 2008 Server core has SO MUCH overhead...
Exchange Server is extremely reliable and very scalable...there are very few products that are open source and/or free that have the same level of usability, stability and features.
I have both Unix and Windows servers and both have had very few problems. I think some of the misconceptions about Microsoft's products being prone to problems have more to do with the user than the software. It is possible that anyone who can download a torrent can walk through a basic installation of Windows Server and Exchange Server, and possibly start receiving email on it...but they will not be able to deal with any problems that arise.
Now, try installing Linux and Horde, and see how far the same person gets. It's not that hard, but definitely harder than installing Windows.
I don't agree with slashdot's historical comments about Windows admins/users being "worse" than Linux admins/users. It's just that there are far more unqualified Windows admins than there are Linux admins, simply because you can't fake it with Linux as well as you can with Windows.
I was an SCO admin first (um, I know, I know). I started on Slackware, moved to SCO, then got into Windows because that's what the market demanded of me in my area. I now do 80% Windows and 20% Unix. 0% Linux.
Now let's all be friends, and bash a company we can all agree on...SCO
That's the best because people don't always realize they're being shut out of something.
I love the "Tachy Goes to Coventry" (Global Ignore) feature of vBulletin. Banning users, or having the user *know* they are ignored just prompts them to find ways around it. When the user spins their wheels and has no idea they are being ignored, they keep doing it. Funny, actually.
Pray tell, why should a system such as Air Traffic Control even be accessible on a public network such as the internet? To the best of my knowledge air traffic controllers aren't allowed to telecommute. Why aren't networks such as this hardened and kept off public networks?
How else are the Air Traffic Controllers going to get their fix of cute kittens?
Slashdot Mirror
Or Pigeons with SD cards on their legs.
Technically, you are correct. But in this incident, the web server being used IS relevant.
1. The payload is IIS/MSSQL specific. The author WANTS that platform.
The platform should be more accurately described as Windows and MS SQL.
IIS has nothing to do with it - other than IIS and MS SQL are commonly used together. The attack works on ANY website that utilizes MS SQL as a database. Since many smaller websites have both the web server and database server on the same machine, they use IIS and MS SQL. This will also work if you have Linux/Apache as your web server and a separate server with Windows/MS SQL for your database. It will also work if you have Windows/Apache/MS SQL on the same server.
The tight integration between MS SQL, LINQ, ASP and IIS make that entire platform desirable to have together.
We gotta do it before the cyberterrorists cybernuke our cybernets!
Think of the cyberfallout! Cybercancer, cyberbirthdefects...we better sink some cybermoney into our cyberdefences!
Microsoft Dynamics GP used to be Great Plains Software. It was purchased by Microsoft in 2001.
The security is a relic of the program originally created by Great Plains Software. Although Microsoft should have fixed this, it was never Microsoft's idea in the first place.
MS is working on integrating GP with Active Directory.
I'm all for MS Bashing, but seriously...
Who do people blame for Flash? Adobe...but it was Macromedia (or SmartSketch if you want to go way back) that unleashed the plague upon the human race...
Why would I want to open all my spam in Office?
Because all the best email viruses have word and excel macros built in...you can't open those in Google Docs.
The plural of virus is viruses. Also, there's no reason to capitalize administrators here.
I know, I should proof-read more often.
Oh well, we all make mistakes - some larger than others (McAfee).
You should also add to this the statistic of how many corporations use their own distribution server (middleman). Even if clients poll daily, the corporation as a whole may only deliver updates weekly or may stagger updates to ensure they are tested in the wild before pushing them out to corporate clients.
Not only this, but many Administrators manually review virus' before they are cleaned. I have caught a few false positives by doing manual checks.
This is a combination of bad UI in operating systems and programs, and user cluelessness about how to make use of high resolution displays.
It is mostly bad UI.
Changing the font size or DPI settings in Windows wreaks havoc on many programs. Some mainstream applications handle it nicely, but a change to either setting destroys a number of industry applications that my clients use.
I agree with increasing DPI on a screen, to a point.
I find a 22" screen with 1680x1050 is perfect. The new 21.5" screens with 1920x1080 are a bit too "small" when dealing with XP and the native resolution.
Most business users I deal with still want 4:3 screens. 16:9 and 16:10 screens are far too short vertically. Many people still want to see a full page of text on a screen. Widescreen works well for spreadsheets and databases.
I would also like to see more screens with a lower DPI for older users. I have yet to set a 20", 21.5" or 22" screen at native resolution for older workers. Most tend to move to a ~1440x900 or even ~1280x800 from the 1680x1050 or 1920x1080. When I move to those resolutions, or any resolution that keeps the same aspect ratio, but is not the native resolution, the LCDs are blurry (even more troublesome for older users).
Not everyone watches movies on their computers all day, in fact, I would believe most people view more vertical than horizontal documents for the better part of the day - both at work and at home.
"Go to Microsoft! You Son of a PC!"
I'm a PC, and Windows 7 was my idea!
Norton, McAfee and Trend Micro have very solid products that allow for remote management, deployment, updates, forced scans, etc.
Avast (which I use at home) does not have all of these features yet. I can tell you that when dealing with hundreds of machines, having that dashboard for antivirus saves many hours of time. You can run more frequent scans on problem machines, or allow more/less freedom with the click of a button. Many of the products also have URL blocking (by category), email attachment filtering through Exchange plugins, etc. One feature I like about Trend Micro is the "behaviour" plugin, which flags anything out of the ordinary - such as accessing files, programs, or drives that they haven't before.
Corporate networks also typically have edge firewalls that will catch many of the malware infested URLs, email attachments, etc that cause problems. For many businesses 200+ computers, the Windows-installed Anti-virus software is actually the last line of defense. Often times the loss of productivity of a couple viruses getting through isn't worth the extra $$ invested in more products or a "better" product with less management features.
Licencing is also a plus. While Norton, McAfeee and Trend Micro are expensive initially, additional licences for a large number of computers and renewal licences each year actually make it less expensive than others such as Avast and Panda.
...the AM2+/AM3 socket on my AMD board continues to be useful for new AMD CPUs literally years after I originally purchased it.
Intel had a long run with the Socket 775 boards, and AMD pulled this stunt back with their Socket 939 to AM2 upgrade. AM2 is a 940 pin socket.
I do agree AMD did something right with their AM2, AM2+, AM3 sockets being interchangeable for many CPUs. Just some of the more interesting features get disabled when running an AM3 cpu on an AM2 socket.
Ah yes, why print locally when you can send it to Google and have them send it back to you. Instead of a print driver...those nasty inefficient things (no really, anyone use HP drivers?), we'll install some software, send it to...THE CLOUD!!!...and have it sent back to us to print.
And, in the meantime, if someone or something happens to "grab" that confidential document you are trying to print, no problem. What's that? government documents you are trying to print? Send 'em to the cloud, China can't get them there...oh wait.
If they want to find ET, they should be tapping the phones.
When a user changes their password, a post-it note goes on their monitor for weeks.
If a user picks only one password and keeps it forever, they will typically pick a stronger password, protecting against brute force dictionary attacks.
However, keeping the same password does not protect against malicious ex-employees. I know companies that do not change admin passwords, and although they are complex, previous administrators still have access to certain info if they wish.
'Cause Windows 2008 Server core has SO MUCH overhead...
Exchange Server is extremely reliable and very scalable...there are very few products that are open source and/or free that have the same level of usability, stability and features.
I have both Unix and Windows servers and both have had very few problems. I think some of the misconceptions about Microsoft's products being prone to problems have more to do with the user than the software. It is possible that anyone who can download a torrent can walk through a basic installation of Windows Server and Exchange Server, and possibly start receiving email on it...but they will not be able to deal with any problems that arise.
Now, try installing Linux and Horde, and see how far the same person gets. It's not that hard, but definitely harder than installing Windows.
I don't agree with slashdot's historical comments about Windows admins/users being "worse" than Linux admins/users. It's just that there are far more unqualified Windows admins than there are Linux admins, simply because you can't fake it with Linux as well as you can with Windows.
I was an SCO admin first (um, I know, I know). I started on Slackware, moved to SCO, then got into Windows because that's what the market demanded of me in my area. I now do 80% Windows and 20% Unix. 0% Linux.
Now let's all be friends, and bash a company we can all agree on...SCO
Office 14 is Office 2010.
So, Office 15 will be the version after 2010.
... from my cold, dead digestive tract!
I take it you've been eating Fugu?
No need to panic. There is a map to the hospital on the back of the menu.
That's the best because people don't always realize they're being shut out of something.
I love the "Tachy Goes to Coventry" (Global Ignore) feature of vBulletin. Banning users, or having the user *know* they are ignored just prompts them to find ways around it. When the user spins their wheels and has no idea they are being ignored, they keep doing it. Funny, actually.
they got it unencrypted
Or, like every password in the world, the decryption keys were on a post-it note that the submitter passed along with the video.
It's the digital equivalent of putting your car keys in the visor.
Pray tell, why should a system such as Air Traffic Control even be accessible on a public network such as the internet? To the best of my knowledge air traffic controllers aren't allowed to telecommute. Why aren't networks such as this hardened and kept off public networks?
How else are the Air Traffic Controllers going to get their fix of cute kittens?
I don't think staying up 84 hours to do something is *particularly* rare
Do you smoke crack or something? I don't think I've ever been awake for 48 hours straight, let alone 84.
You've never had a full time job as an IT or System Administrator then!
The team describes its findings in a report called Shadows in the Cloud: An investigation into Cyber Espionage 2.0
Even "researchers" have caught the marketing bug. "Cloud" "Cyber" "2.0"
Full report here:
http://www.scribd.com/doc/29435784/SHADOWS-IN-THE-CLOUD-Investigating-Cyber-Espionage-2-0
I'll bet IBM will apologize for accidentally listing the 2 patents that it swore it would not.
This will leave the creator with 171 patent infringements and nothing to complain about to slashdot.
I'm going to start using qwyjibo as often as I can...
Why not, it's a perfectly cromulent word.