When the worm attacks IIS 4.0 and 5.0 Web servers, it does so through either of two means. First, it checks to see if the computer was previously compromised by the Code Red II worm, which creates a "back door" that any malicious user can use later to gain control of the system. If the Nimda worm finds such a computer, it simply uses the back door created by Code Red II to infect the system. Second, the worm attempts to exploit the "Web Server Folder Traversal" vulnerability. If it succeeds in exploiting this vulnerability, the worm uses it to infect the system.
A tool is available to remove the back door created by the Code Red II worm. However, the best course of action is to prevent the Code Red II worm altogether, by taking any of the following steps:
Applying the patch provided in Microsoft Security Bulletin MS01-033
Applying the patch provided in Microsoft Security Bulletin MS01-044
I run a few Red Hat boxes and a bunch of Windows machines (9x desktops, NT servers).
every morning I ssh into the RH boxes and run all available security updates:
up2date --nox -u
Funny... doesn't seem too difficult to me, and it takes under a minute, even when there are updates available.
One of my execs insists on using Outlook & IE, so I thought I should install all his security updates too.
Ok first update iexplorer & windows stuff with wibdowsupdate.microsoft.com
After 4 reboots, and 2 sets of critical updates, it was time to take care of Outlook... hrm have to do that through Office update at
http://office.microsoft.com/ProductUpdates/default.aspx
Took well over an hour (download time minimal due to dsl connection)
The longest up2date ever took me was around 5 minutes, but thats because I had to reboot once (kernel upgrade, why else?)
I guess our definition of 'ease of use' is not the same.
add to/etc/forward.cfg a line that reads:
t,80,207.46.230.219/80
and restart forwarding.
But if you are running any kind of server on port 80, this does not help you, since this redirects all the traffic.
What they tend to forget is that probably 80% or more of the people that would be asked this question dont even realize that they are using encryption when they do, or what it would mean if the backdoor were hacked, or any of the other issues that those of us who are 'in the field' are concerned with. Most of the users I support dont know the difference between http and https, and even some of my better ones don't understand why I only allow access to internal systems from the outside via encrypted protocols (SSH & family) wherever possible.
Some quotes & thoughts:
" INS rules already allow any person who does not have legal permission to be in the United States to be detained for an unlimited time in ?extraordinary circumstances,? which Justice officials said would apply to the terrorism probe."
I'm sorry, but if they are not here legally, why should they be entitled to legal protections equal to those who are?
As far as applying to "permanent legal residents holding so-called green cards" that is admittedly more of a grey area. If we are more cautious in granting legal resident status and green cards, this will be less of an inssue in the future. But what do you do about those that slipped through the cracks? Perhaps re-evaluate all the green cards / student visa / permanent legal resident status etc that have been granted over the past few years?
"Microsoft recommends that the tool only be used by experienced web administrators, as it is possible to configure the filters in a way that would interfere with normal web site operation. The tool is available for downloading..."
That is probably why they dont include it in the base product. A lot of inexperienced webmins might not be able to get their site running if they used it. (which might not be such a bad thing in this case...)
Are we referring to the "innocent people" who were dancing in the streets celebrating this "victory" ? Somehow I am finding it hard to be sympathetic to their plight, I guess I already used up all my sympathy on people who deserved it.
Thank you! I was going to mention that... I just installed 7.1 on a vaio notebook dual-booting with ME it took less time to install and update RH than it did to run the windows updates (not to mention 10 reboots for windows, 0 for RH).
I haven't worked with BeOS so I can't comment on it...
When we statred using Red Hat in my office, first thing I did was buy Professional Server edition. Could I have downloaded everything I needed? Sure. I have the bandwith and the burners. I made a CHOICE to buy it. How many copies of windows have I bought? One with every PC that was ever purchased here (except for the HP Netserver running Linux, that came os-less), since there was no other CHOICE in the matter. Oh, lets not forget all the NT liscenses required so that the machines liscensed to use WIN95/98/ME are allowed to use the network drives as well. Oddly, the drive on my RH box with Samba didn't require any such liscense...
But I also have a WIN95 license for the 3 pentium boxes running Linux (Installed from the same CDs).
Those same CDs also installed the 3 machines on my personal network... and upgraded my friend's 6.2 install... and went on a co-workers home machine when they wanted to learn Oracle and had to choose between Buying NT or installing Linux... the list continues but I think the difference is clear.
The one with the big buttons? The harder you hit it, the harder you hit. Now THAT was a fighting game with control. And that was... umm... about 12 years ago?
Slashdot Mirror
Can Outlook and IE for OSX run under linux? :)
Are you still under the impression that the US constitution is still in force? Unfortunately, that is questionable at best in and of itself.
Web Servers
When the worm attacks IIS 4.0 and 5.0 Web servers, it does so through either of two means. First, it checks to see if the computer was previously compromised by the Code Red II worm, which creates a "back door" that any malicious user can use later to gain control of the system. If the Nimda worm finds such a computer, it simply uses the back door created by Code Red II to infect the system. Second, the worm attempts to exploit the "Web Server Folder Traversal" vulnerability. If it succeeds in exploiting this vulnerability, the worm uses it to infect the system.
A tool is available to remove the back door created by the Code Red II worm. However, the best course of action is to prevent the Code Red II worm altogether, by taking any of the following steps:
don't forget the "Web Server Folder Traversal" vulnerability:
- Applying the patch provided in Microsoft Security Bulletin MS00-057
- Applying the patch provided in Microsoft Security Bulletin MS00-078
- Applying the patch provided in Microsoft Security Bulletin MS00-086
- Applying the patch provided in Microsoft Security Bulletin MS01-026
- Applying the patch provided in Microsoft Security Bulletin MS01-044
- Installing Windows 2000 Service Pack 2
- Installing the Windows NT 4.0 Security Roll-up Package
- Running the IIS Lockdown Tool in its default mode
- Installing the URLScan tool with its default ruleset.
Somehow I think that might take more than 2 minutes...every morning I ssh into the RH boxes and run all available security updates:
up2date --nox -u
Funny... doesn't seem too difficult to me, and it takes under a minute, even when there are updates available.
One of my execs insists on using Outlook & IE, so I thought I should install all his security updates too.t .aspx
Took well over an hour (download time minimal due to dsl connection)
Ok first update iexplorer & windows stuff with wibdowsupdate.microsoft.com
After 4 reboots, and 2 sets of critical updates, it was time to take care of Outlook... hrm have to do that through Office update at http://office.microsoft.com/ProductUpdates/defaul
The longest up2date ever took me was around 5 minutes, but thats because I had to reboot once (kernel upgrade, why else?)
I guess our definition of 'ease of use' is not the same.
I remember a similar quote in the movie "Ever After", the baroness speaking to her youngest daughter...
add to /etc/forward.cfg a line that reads:
t,80,207.46.230.219/80
and restart forwarding.
But if you are running any kind of server on port 80, this does not help you, since this redirects all the traffic.
What they tend to forget is that probably 80% or more of the people that would be asked this question dont even realize that they are using encryption when they do, or what it would mean if the backdoor were hacked, or any of the other issues that those of us who are 'in the field' are concerned with. Most of the users I support dont know the difference between http and https, and even some of my better ones don't understand why I only allow access to internal systems from the outside via encrypted protocols (SSH & family) wherever possible.
Some quotes & thoughts: " INS rules already allow any person who does not have legal permission to be in the United States to be detained for an unlimited time in ?extraordinary circumstances,? which Justice officials said would apply to the terrorism probe." I'm sorry, but if they are not here legally, why should they be entitled to legal protections equal to those who are? As far as applying to "permanent legal residents holding so-called green cards" that is admittedly more of a grey area. If we are more cautious in granting legal resident status and green cards, this will be less of an inssue in the future. But what do you do about those that slipped through the cracks? Perhaps re-evaluate all the green cards / student visa / permanent legal resident status etc that have been granted over the past few years?
"Microsoft recommends that the tool only be used by experienced web administrators , as it is possible to configure the filters in a way that would interfere with normal web site operation. The tool is available for downloading..."
That is probably why they dont include it in the base product. A lot of inexperienced webmins might not be able to get their site running if they used it. (which might not be such a bad thing in this case...)
Are we referring to the "innocent people" who were dancing in the streets celebrating this "victory" ? Somehow I am finding it hard to be sympathetic to their plight, I guess I already used up all my sympathy on people who deserved it.
Thank you! I was going to mention that... I just installed 7.1 on a vaio notebook dual-booting with ME it took less time to install and update RH than it did to run the windows updates (not to mention 10 reboots for windows, 0 for RH). I haven't worked with BeOS so I can't comment on it...
When we statred using Red Hat in my office, first thing I did was buy Professional Server edition. Could I have downloaded everything I needed? Sure. I have the bandwith and the burners. I made a CHOICE to buy it. How many copies of windows have I bought? One with every PC that was ever purchased here (except for the HP Netserver running Linux, that came os-less), since there was no other CHOICE in the matter. Oh, lets not forget all the NT liscenses required so that the machines liscensed to use WIN95/98/ME are allowed to use the network drives as well. Oddly, the drive on my RH box with Samba didn't require any such liscense... But I also have a WIN95 license for the 3 pentium boxes running Linux (Installed from the same CDs). Those same CDs also installed the 3 machines on my personal network... and upgraded my friend's 6.2 install... and went on a co-workers home machine when they wanted to learn Oracle and had to choose between Buying NT or installing Linux... the list continues but I think the difference is clear.
The one with the big buttons? The harder you hit it, the harder you hit. Now THAT was a fighting game with control. And that was... umm... about 12 years ago?