If some piece of software contained a bug that the operator did not (and could not, I'm speaking generally here, not regarding the sendmail example) know about, then I would say it's entirely the creator of that piece of software's fault...
but how can you blame the creator of the software if he has been telling the whole world for months that he is offering a fix/patch for a hole ?
come on, don't tell us that all software you are developing is always 100% free of errors, we all miss something, maybe not that massively like M$ is missing things, but errors happen.
we have to blame the ignorance of the users, we all knwo that any service running on our machines increases the risk to get hacked, but these people do n ot even know that they have sth. like IIS running, thats the problem and it is not totally M$' fault.
thats exactly the point. i am big friend of linux and i am so happy with that thing which has never put me down. onion2k ist right that microsoft has released patches for codered long ago, even the servicepacks for the IE (what is now being used by the nimba to spread via that readme.eml) has been released some months ago.
it is easy to flame all IIS users now, even i am really massivly annoyed from about 200 nimbda attacks oer minute on my machines with 25 ips. but just wait until there is another ramen like thing affecting thousands of linux boxes with some totally new exploit found out saturday night while we are all out
somebody here stated that the ISP should not care WHAT customers are sending over the net (as long as they are paying), but i can only agree with the measure to shut these machines off, after all you are protecting others. blocking port 80 generally on the other side is really not acceptable. no german provider has done anything in this direction yet AFAIK.
we had that topic a few weeks ago here (pop under ads?) believe me, it is possible to change that starting page in IE without you getting any prompt, even with SP2 and a download of Ie5.5 p0rn sites managed to do it somehow.
brink wrote:
>yet I would have to say that America Online's
>software is more crash-prone, buggy, and overall
>confusing than anything Microsoft has put out
although this is true for some cases, this has absolutely nothing to do with "trust". I define trust in a way like: What do these guys to with my adress, with my usage preferences, which sites do i view, what do they all log?
these are the important questions and i do not see any reason why crashing software is untrustworthy.
without revealing anything about how this survey was built up, i find that that news report is totally useless, since i actually cannot imagine what should be so distrutful about AOL compared to M$. I mean of course we do not know how all AIM stuff is used for marketing purposes etc, but compared to what microsoft does to track your PC and usage while you surf the web with lots of Windoozr-applications trying to connect to redmont every minute this seems to be worse.
As Nevrar says the word "trust" has to be defined better, the information we get currently from taht article says nothing.
you're right. since at least what i have seen on my server 70% are behind cable oder dsl modems these are the victims which use win nt or win2k for private use only and maybe have never heard of the word patch anyway.
it's not the lazy administrators on the boxes where some have not done their homework by applying a 2 month old patch, it really is the stupid windows user who simply purchased win2k for private use and does not even know that he has something running called IIS.
shall we all now post IP adresses of victims? This is senseless. I do get about 5 entries per 10 seconds in my logfile from thousands of different servers. reverse lookups show many victims on cable oder dsl modems (@home) and just 30% of all ip's are real webservers. so at least all dialup victims can't be informed and my mails to the others where a reverse lookup reveladed who is running that to the postmaster or webmaster came back.
its unbelievable, i have 70 websites running on my box and still i do get more code read calls than for normal webpages. thank good its linux.
but what about licenses? we setup networks for small companys, many of them need just 7 workstations. so now tell me the cost just for the MS small business server plus 10 licenses? ( ~ $2000?)
compare that with the suse email server, which ships for $250 where i easily setup Squid and Samba and i have a equally powerful server.
---
Lord "not Gargamel's Cat!" Azrael
it's not only the case with NT.
if i see the linux server of my university, it's just the same. there you have an administrator who for some reason made the root directory 777. don't ask me why, maybe it is more convenient like this. of course there is the bind exploit, the wuftp thing you could use to get into this system. if somebody of the 6000 students had a bad day he could take control of this thing, but nobody semmes to bother.
it's a common problem with seucrity and i guess with universitys and schools its even worse since there people are in charge of systems they sometimes hardly can configure and who sometimes just do not care if it is secure...
[sarcasm on]i that law came you'll be arrested for a portscan. [sarcasm off]
---
Lord "not Gargamel's Cat!" Azrael
Slashdot Mirror
If some piece of software contained a bug that the operator did not (and could not, I'm speaking generally here, not regarding the sendmail example) know about, then I would say it's entirely the creator of that piece of software's fault...
but how can you blame the creator of the software if he has been telling the whole world for months that he is offering a fix/patch for a hole ?
come on, don't tell us that all software you are developing is always 100% free of errors, we all miss something, maybe not that massively like M$ is missing things, but errors happen.
we have to blame the ignorance of the users, we all knwo that any service running on our machines increases the risk to get hacked, but these people do n ot even know that they have sth. like IIS running, thats the problem and it is not totally M$' fault.
thats exactly the point. i am big friend of linux and i am so happy with that thing which has never put me down. onion2k ist right that microsoft has released patches for codered long ago, even the servicepacks for the IE (what is now being used by the nimba to spread via that readme.eml) has been released some months ago.
it is easy to flame all IIS users now, even i am really massivly annoyed from about 200 nimbda attacks oer minute on my machines with 25 ips. but just wait until there is another ramen like thing affecting thousands of linux boxes with some totally new exploit found out saturday night while we are all out
somebody here stated that the ISP should not care WHAT customers are sending over the net (as long as they are paying), but i can only agree with the measure to shut these machines off, after all you are protecting others. blocking port 80 generally on the other side is really not acceptable. no german provider has done anything in this direction yet AFAIK.
we had that topic a few weeks ago here (pop under ads?) believe me, it is possible to change that starting page in IE without you getting any prompt, even with SP2 and a download of Ie5.5 p0rn sites managed to do it somehow.
anyway, OT
brink wrote:
>yet I would have to say that America Online's
>software is more crash-prone, buggy, and overall
>confusing than anything Microsoft has put out
although this is true for some cases, this has absolutely nothing to do with "trust". I define trust in a way like: What do these guys to with my adress, with my usage preferences, which sites do i view, what do they all log?
these are the important questions and i do not see any reason why crashing software is untrustworthy.
without revealing anything about how this survey was built up, i find that that news report is totally useless, since i actually cannot imagine what should be so distrutful about AOL compared to M$. I mean of course we do not know how all AIM stuff is used for marketing purposes etc, but compared to what microsoft does to track your PC and usage while you surf the web with lots of Windoozr-applications trying to connect to redmont every minute this seems to be worse.
As Nevrar says the word "trust" has to be defined better, the information we get currently from taht article says nothing.
you're right. since at least what i have seen on my server 70% are behind cable oder dsl modems these are the victims which use win nt or win2k for private use only and maybe have never heard of the word patch anyway. it's not the lazy administrators on the boxes where some have not done their homework by applying a 2 month old patch, it really is the stupid windows user who simply purchased win2k for private use and does not even know that he has something running called IIS.
shall we all now post IP adresses of victims? This is senseless. I do get about 5 entries per 10 seconds in my logfile from thousands of different servers. reverse lookups show many victims on cable oder dsl modems (@home) and just 30% of all ip's are real webservers. so at least all dialup victims can't be informed and my mails to the others where a reverse lookup reveladed who is running that to the postmaster or webmaster came back. its unbelievable, i have 70 websites running on my box and still i do get more code read calls than for normal webpages. thank good its linux.
but what about licenses? we setup networks for small companys, many of them need just 7 workstations. so now tell me the cost just for the MS small business server plus 10 licenses? ( ~ $2000?) compare that with the suse email server, which ships for $250 where i easily setup Squid and Samba and i have a equally powerful server.
---
Lord "not Gargamel's Cat!" Azrael
it's not only the case with NT. if i see the linux server of my university, it's just the same. there you have an administrator who for some reason made the root directory 777. don't ask me why, maybe it is more convenient like this. of course there is the bind exploit, the wuftp thing you could use to get into this system. if somebody of the 6000 students had a bad day he could take control of this thing, but nobody semmes to bother. it's a common problem with seucrity and i guess with universitys and schools its even worse since there people are in charge of systems they sometimes hardly can configure and who sometimes just do not care if it is secure ...
[sarcasm on]i that law came you'll be arrested for a portscan. [sarcasm off]
---
Lord "not Gargamel's Cat!" Azrael