No IIS servers I installed got hit by code red because - gasp -
1. Default install was done.
2. They were NOT patched.
3. They did not have a functional gateway to the internet.
4. They were NOT hit by code red.
I finally shut 'em down. Next round of Microsoft worms may be more intelligent.
Yep.
http://microsoft.com/
Today's News
Get and stay secure:
Microsoft unveils major security program.
It is possible to secure against yesterday's known exploits.
It is extremely presumptous to assume you are secure against tomorrow's not yet known exploits.
Consider what a security exploit really is. There is a bug. A bad bug. It is so bad that the "attacker", who should have no control over the system can make the system do his/her bidding. It is buggy. It was buggy. And after band-aid patches it is still buggy. Blaming the admins for Microsoft's buggy software is a bit of a stretch. Blaming the virus authors for exposing the bugs might make sense, but if not an exploit, who is going to pay any attention.
>>They are playing catchup.
Nah, Microsoft isn't even playing the right game. Apache is more likely to find a hole and rebuild the wall. Apache is pretty robust. Once I upgraded an Apache, reconfigured it and changed a bunch of things, but forgot to shut down the one that was running. A month later the damned thing was still running, not well and certainly not the way I wanted it to, but to even survive with everything pulled out from under it speaks well for Apache's robustness.
Catch up on about a years's worth of patches for RedHat. No Reboot.
Bit of a warning if you're updating the kernel. It's not quite as simple as rpm -Uvh kernel-whatever.
microsoft.com now has under Today's News, links to
"Get and stay secure" microsoft.com/security/
and Nimda worm virus to some long asp thing.
It took something over 3 days before a search from the main page for CODE RED VIRUS or CODE RED WORM would return anything. By this point the progress is all too predictable.
redhat.com Under Support and Docs, link to Updates & Errata
redhat.com/errata/ works too.
Navigating from priority.redhat.com is not very difficult.
openbsd.org Patches links to openbsd.org/errata.html
freebsd.org Under Current Release: 4.4, Errata links to www.freebsd.org/releases/4.4R/errata.html
With Linux/BSD it's pretty easy to "get current". Also the system I'm downloading to is usually not the system I'm downloading for.
>>I'm surprised the parent was modded up as insightful:
Astroturfers. Trying to salvage as much face as possible.
>>Most users don't care so much about the system files, which are just a matter of rerunning the install process. Their personal data is far more valuable to them.
Neglecting to mention that the install process destroys all personal data.
>>By definition they are primarily used by one person.
One person. One login. One account. Sounds pretty dumb and limited to me.
>>The protection offered by an administrator account is minimal.
Right. The protection is from a bunch of "user" accounts, which have severly curtailed ability to do damage to each other.
>>Maybe this will save a little data on systems with multiple users...
How generous! Somehow assumes that all the other users have "little data". If many users have "little data" then one user has even less.
Look at the motives. Most look like companies that would not want to put blind trust in someone else, that have some idea of the responsibilities of handling confidential information. Sun wants to sell computers, big computers. Microsoft seems like it is aspiring to be some kind of second-rate AOL/Time-Warner who I would not want to be responsible for the safekeeping of any sensitive personal information.
>>root access is root access regardless of the distribution.
A hardened OpenBSD with the right partitions mounted read/only and append only would be pretty hard to mess with without leaving lots of tracks.
The url for the patch is http://www.microsoft.com/windows2000/downloads/cri tical/q300972/default.asp
Not entirely obvious. Does it also work for NT4?
Search for CODE RED VIRUS now returns 15 results instead of 0, with some "Best Bets for Virus Protection and Information" links.
I was more curious than anything else as to how long it would take Microsoft to respond so that it was plausible to find the cure just knowing CODE RED. If I were that interested, I could probably have found the patch. As it turned out, after about a month, I finally turned IIS and Index Server off, unpatched and uncontaminated.
From the time I read about it on/., it took Microsoft over three days before a search on Microsoft.com for Code Red Virus or Code Red Worm would turn up anything. I don't know what industry they're leading, but it sure has nothing to do with computer security.
No, he's got a very good sense of reality. As an American, I sincerely hope he's wrong, but I suspect he has a bit more experience with this kind of stuff than us americans. It's very easy to lose sight that the war is against terrorists, terrorism, hate crimes. Far too easy to drop into the idea that it is us versus the arabs, exactly what the Teleban is trying to make it.
Yeah, about the first thing I do in OpenBSD is
ftp> get bash "|pkg_add -v -"
and edit/etc/shells
Also is very nice for seeing what went by on the screen too fast.
The impression I got from Sun's java license is that Sun does make software for mission-critical functions. It's just that java has not (yet) been determined to meet that kind of qualification, and despite Sun's logo, should not be automatically trusted to function properly in such an environment.
Phrased badly, but you should get the idea. Sun does know the difference.
No IIS servers I installed got hit by code red because - gasp -
1. Default install was done.
2. They were NOT patched.
3. They did not have a functional gateway to the internet.
4. They were NOT hit by code red.
I finally shut 'em down. Next round of Microsoft worms may be more intelligent.
Code-Red-V
Only the "patched" systems are vulnerable.
Yep.
http://microsoft.com/
Today's News
Get and stay secure:
Microsoft unveils major security program.
It is possible to secure against yesterday's known exploits.
It is extremely presumptous to assume you are secure against tomorrow's not yet known exploits.
Consider what a security exploit really is. There is a bug. A bad bug. It is so bad that the "attacker", who should have no control over the system can make the system do his/her bidding. It is buggy. It was buggy. And after band-aid patches it is still buggy. Blaming the admins for Microsoft's buggy software is a bit of a stretch. Blaming the virus authors for exposing the bugs might make sense, but if not an exploit, who is going to pay any attention.
>>They are playing catchup.
Nah, Microsoft isn't even playing the right game. Apache is more likely to find a hole and rebuild the wall. Apache is pretty robust. Once I upgraded an Apache, reconfigured it and changed a bunch of things, but forgot to shut down the one that was running. A month later the damned thing was still running, not well and certainly not the way I wanted it to, but to even survive with everything pulled out from under it speaks well for Apache's robustness.
Catch up on about a years's worth of patches for RedHat. No Reboot.
Bit of a warning if you're updating the kernel. It's not quite as simple as rpm -Uvh kernel-whatever.
Coincidence? Nah.
microsoft.com now has under Today's News, links to
"Get and stay secure" microsoft.com/security/
and Nimda worm virus to some long asp thing.
It took something over 3 days before a search from the main page for CODE RED VIRUS or CODE RED WORM would return anything. By this point the progress is all too predictable.
redhat.com Under Support and Docs, link to Updates & Errata
redhat.com/errata/ works too.
Navigating from priority.redhat.com is not very difficult.
openbsd.org Patches links to openbsd.org/errata.html
freebsd.org Under Current Release: 4.4, Errata links to www.freebsd.org/releases/4.4R/errata.html
With Linux/BSD it's pretty easy to "get current". Also the system I'm downloading to is usually not the system I'm downloading for.
LOL.
Beautiful.
Part of the Microsoft Internet Infection Strategy?
>>I'm surprised the parent was modded up as insightful:
...
Astroturfers. Trying to salvage as much face as possible.
>>Most users don't care so much about the system files, which are just a matter of rerunning the install process. Their personal data is far more valuable to them.
Neglecting to mention that the install process destroys all personal data.
>>By definition they are primarily used by one person.
One person. One login. One account. Sounds pretty dumb and limited to me.
>>The protection offered by an administrator account is minimal.
Right. The protection is from a bunch of "user" accounts, which have severly curtailed ability to do damage to each other.
>>Maybe this will save a little data on systems with multiple users
How generous! Somehow assumes that all the other users have "little data". If many users have "little data" then one user has even less.
Correlation is the fraction of variance in one variable that is "explained" by knowing the other variable.
Sample Correlation coefficient
r = ( nSUM(xy) - SUM(x) SUM(y) )
/ ( SQRT( [nSUM(x^2)-(SUM(x))^2][nSUM(Y^2)-(SUM(Y)^2] ) )
>>If you're a server admin and you get your security updates from criticalupdate, your intranet is in big trouble.
Now that's the best laugh I've had all day. Personally I've found that priority.redhat.com (or a random mirror) to work much better.
Look at the motives. Most look like companies that would not want to put blind trust in someone else, that have some idea of the responsibilities of handling confidential information. Sun wants to sell computers, big computers. Microsoft seems like it is aspiring to be some kind of second-rate AOL/Time-Warner who I would not want to be responsible for the safekeeping of any sensitive personal information.
>>root access is root access regardless of the distribution.
A hardened OpenBSD with the right partitions mounted read/only and append only would be pretty hard to mess with without leaving lots of tracks.
>>The attempt to rank vendors according to their security success rate is a risky business.
Yep, Microsoft might get mad.
The url for the patch is http://www.microsoft.com/windows2000/downloads/cri tical/q300972/default.asp
Not entirely obvious. Does it also work for NT4?
Search for CODE RED VIRUS now returns 15 results instead of 0, with some "Best Bets for Virus Protection and Information" links.
I was more curious than anything else as to how long it would take Microsoft to respond so that it was plausible to find the cure just knowing CODE RED. If I were that interested, I could probably have found the patch. As it turned out, after about a month, I finally turned IIS and Index Server off, unpatched and uncontaminated.
FrontPage Extensions are suid root. The soft underbelly of Apache. Apache may run as nobody, but the FrontPage Extensions own the machine.
From the time I read about it on /., it took Microsoft over three days before a search on Microsoft.com for Code Red Virus or Code Red Worm would turn up anything. I don't know what industry they're leading, but it sure has nothing to do with computer security.
No, he's got a very good sense of reality. As an American, I sincerely hope he's wrong, but I suspect he has a bit more experience with this kind of stuff than us americans. It's very easy to lose sight that the war is against terrorists, terrorism, hate crimes. Far too easy to drop into the idea that it is us versus the arabs, exactly what the Teleban is trying to make it.
No, the plural of virus is Microsoft.
Looks like CDs are going the way of the 8-track tape.
Arggh
ftp> get bash (tab-completion works here) "| pkg_add -v -"
Yeah, about the first thing I do in OpenBSD is /etc/shells
ftp> get bash "|pkg_add -v -"
and edit
Also is very nice for seeing what went by on the screen too fast.
The war is against terrorists, not Muslims, not Arabs.
It sounds like YOU are the enemy.
ftp> get foo "|pkg_add -v -"
The trick is to do pkg_add inside of ftp instead of ftp inside of pkg_add.
The impression I got from Sun's java license is that Sun does make software for mission-critical functions. It's just that java has not (yet) been determined to meet that kind of qualification, and despite Sun's logo, should not be automatically trusted to function properly in such an environment.
Phrased badly, but you should get the idea. Sun does know the difference.