I see your point, but the extreme difficuly comes when a sysadmin should determine that something needs to be handled by the information security officer and not by himself. Here's an example:
You have an older server that has a relatively small hard drive. You get a complaint from somebody saying they can't do so and so on the server. You look on it and find that the hard drive is full. You think, oh great, somebody printed a 200mb print job again and filled up the hard drive. Well, time to reboot the server. You have just lost an enormous amount of evidence and you may never know where the pirated games, movies, and music came from.
I am a windows/linux sysadmin and when something goes isn't working right, my first thought is not *I'VE BEEN HACKED*, no its "stupid {some software}, {some company} can't program to save their life. time to restart the service or reboot". I will agree that discovering a problem at this point is too late - you're already 0wN3d. Instead of focusing on forensics, we need to focus on proactive measures - use group policies to enforce better security policies; use ntop, nmap, snort, gfi languard, and ms baseline security analyzer to check your systems; dump your linux and windows boxes to a syslog server that notifies on any irregularities; use SUS, SMS or something similar to patch all systems quickly and efficiently. If we are more proactive, then forensics will be less of an issue.
I called the 800 number for EB Games to check on my order.
"Thank you for calling EB Games. If you are calling about your Halo 2
order, all shipments are being made on time and tracking numbers are
available on the web site. For any other assistance, please hold for
the next available representative."
Bad thing though....my order page hasn't been updated. If it's not
here tomorrow like it's supposed to be, I'm going to go after
somebody.:-)
Then, what do you propose we do? Go sweet talk the user and ask that they nicely reconfigure their system pretty please with a cherry on top? We aren't just cutting them off of the network - we are giving them a choice - either configure their system properly, or don't be on our network.
In IT, more often than not, security has to come first, and people's feelings come second - we are talking are personal information being passed around. How do you propose running a network where the emphasis is on sharing and being nice instead of enforcing strict security policies. Go to a warehouse - the physical security of that warehouse doesn't care if you are a nice person or not - they are going to make sure to enforce the security policies on you the same as everyone else. The same idea applies to data security.
I work in a higher-education environment as server/desktop/network support. I am faced with the problem of working with systems that were setup improperly and me not having authority over them directly, but having the responsibility of making sure the network doesn't collapse into a quivering heap.
The way we have started facing this problem is confronting the end user and the people that setup the misconfigured equipment saying: "you must work with us in fixing this problem, or we will disconnect you from the network and you can find your own ISP". That pretty much gets their attention and allows us to set security policies, firewalls, system/application patches, and virus protection.
Yeah, its not the optimal solution. We really need a single head person who can enforce security policies totally over every section, but that is difficult in the open environment of higher-ed.
According to this article, diebold is still running windows nt 4 internally. This is scary because because microsoft is scheduled to stop releasing all hotfixes for nt 4 on december 31st of this year. What does it say about the security of our election if the driving company behind the election machines has no clear upgrade path for their internal software? Does it imply that products they release may be released on unsupported, buggy platforms?
Not really. It implies that Microsoft changed the security in IE so that it would be much less likely to be vulnerable to certain types of situations. An analagous example is adding the No Execute (NX) code to hardware and software. It doesn't prevent coding mistakes, but it does prevent many ways of exploiting coding mistakes.
Its interesting to note that the most critical patches - those for remote code execution - do not affect Windows XP with Service Pack 2 installed. When Microsoft built SP2, they did a lot of things right. IE has better security, for one. At my corporation, I have pushed out the updates with SUS already, but I am not too worried about this. I have already implemented SP2 across the corporation, and I am much more secure now than I was without SP2. Yeah, I know that security is a process, not a product, but SP2 helps that process a lot.
Re:Better update my mtach.com profile
on
Halo 2 Goes Gold
·
· Score: 3, Funny
It is about time halo2 came out - it has been 3 long years. I still play halo 1 on pc to this day. The servers are always full of people and the graphics still great. If you had asked me a couple of years ago, I would never have believed that halo 2 would come out before half life 2.:-)
This guy apparently did some real, physical harm to someone. I know this shouldn't be funny, but it is. Nevertheless, the guy should have his computer act the same way he makes other people's computers act. This quote is from one of the pages linked in the story.
"J" (who in his anger may have been under the mistaken impression that I'm associated with Spy Wiper) intends to sue Spy Wiper. He says that when Spy Wiper opened his CD-ROM drive, it popped his infant in the eye. The infant had to be taken to the emergency room.
Netcraft confirms it - asp.net is dying. Thank you, thank you. I'll be here all week.
Seriously, what kind of nonsensical idea is it for programmers to rewrite their programs to work around a security hole in the **compiler**??!! That's just ridiculous. Microsoft needs to have the patch out front & center right now.
This is what I tell everyone that I help support. If you are a serious web user, you need to be using Firefox. The mantra that I repeat is: firefox reduces spyware, viruses, and security holes in your system.
With the latest version of firefox, it checks for program updates automatically, it downloads program patches, and it attempts to find necessary plugins for pages and install them if you tell it to. Firefox is about to reach the point to where the adoption rates start increasing exponentially.
Well, they may lose money initially, but with XP starter edition being so limited, you are almost forced to upgrade to home ed. or prof. ed at some point, which then brings in the moolah. Check out this article http://news.bbc.co.uk/1/hi/business/3554084.stm. Windows XP Starter edition can only run three applications at a time - almost unusable for everyone today.
No, Microsoft new what they were doing - Starter Edition should be named Demo Edition.
Update your systems now! The patch has been out for several weeks. I have already applied it to my corporation via SUS (which is free) and am rolling out the office patch now, as well. There is no reason other than laziness or sysadmin ignorance for this to be another massive virus attack.
Well, I didn't mean to imply that I didn't test it. I meant to say that if I had pushed it out, I would have had non-stop phone calls about it for the rest of the day.
In general though, I don't test hotfixes before I push them out just because I don't have time to extensively test every hotfix, but I will test service packs (win xp sp2, office 2003 sp1, etc.)
I totally agree with the 'worse than useless' statement. In my office, I had to disable it on the corporate SUS server because all it did was pop up and worry users. It gives no meaningful information. It does not patch all the dll's that it may or may not find. It merely scares users into thinking they had a virus. This is the only thing in my SUS list that is not approved and it will stay that way forever as far as I am concerned.
In my SUS server at my corporation, I disabled this stupid tool because all it does it pop up with some confusing error message that the end user does not understand. Then they would all just call me asking about a weird popup they got on their screen. I am deploying the windows patch via SUS and the office pack via scripts, so there is nothing for the end user to do anyways.
Yeah, I remembered the same thing as well. However, in my search for the dupe, all I could find was http://www.lastwishes.com/ which made the news about 6 months ago.:-) You win.
Plazanet and colleagues prepared a liquid solution containing a-cyclodextrine (alpha-CD), water and 4-methylpyridine (4MP). Cyclodextrines are cyclic structures containing hydroxyl end groups that can form hydrogen bonds with either the 4MP or water molecules.
What I see:
And if you expect me to tell you how this discovery will modify our lives, you're going to be disappointed. I've not a slightest idea about it, even if I find fascinating that scientists always find new ways to break rules and shake our certitudes.
Because I sign up for sites where I forget my password 3 years later, so when I want to get back in, they have to email me & if I'm using spamgourmet, the account will have been used up long ago.
But, I still prefer using spamgourmet when possible.
Slashdot Mirror
You have an older server that has a relatively small hard drive. You get a complaint from somebody saying they can't do so and so on the server. You look on it and find that the hard drive is full. You think, oh great, somebody printed a 200mb print job again and filled up the hard drive. Well, time to reboot the server. You have just lost an enormous amount of evidence and you may never know where the pirated games, movies, and music came from.
I am a windows/linux sysadmin and when something goes isn't working right, my first thought is not *I'VE BEEN HACKED*, no its "stupid {some software}, {some company} can't program to save their life. time to restart the service or reboot". I will agree that discovering a problem at this point is too late - you're already 0wN3d. Instead of focusing on forensics, we need to focus on proactive measures - use group policies to enforce better security policies; use ntop, nmap, snort, gfi languard, and ms baseline security analyzer to check your systems; dump your linux and windows boxes to a syslog server that notifies on any irregularities; use SUS, SMS or something similar to patch all systems quickly and efficiently. If we are more proactive, then forensics will be less of an issue.
He is just spamming with his amazon account.
I called the 800 number for EB Games to check on my order.
"Thank you for calling EB Games. If you are calling about your Halo 2 order, all shipments are being made on time and tracking numbers are available on the web site. For any other assistance, please hold for the next available representative."
Bad thing though....my order page hasn't been updated. If it's not here tomorrow like it's supposed to be, I'm going to go after somebody. :-)
In IT, more often than not, security has to come first, and people's feelings come second - we are talking are personal information being passed around. How do you propose running a network where the emphasis is on sharing and being nice instead of enforcing strict security policies. Go to a warehouse - the physical security of that warehouse doesn't care if you are a nice person or not - they are going to make sure to enforce the security policies on you the same as everyone else. The same idea applies to data security.
The way we have started facing this problem is confronting the end user and the people that setup the misconfigured equipment saying: "you must work with us in fixing this problem, or we will disconnect you from the network and you can find your own ISP". That pretty much gets their attention and allows us to set security policies, firewalls, system/application patches, and virus protection.
Yeah, its not the optimal solution. We really need a single head person who can enforce security policies totally over every section, but that is difficult in the open environment of higher-ed.
Hopefully these companies have some sort of antivirus protection installed on their workstations. It really is a good idea in this day and age.
http://news.netcraft.com/archives/2004/10/18/diebo ld_among_sites_still_running_windows_nt4.html
According to this article, diebold is still running windows nt 4 internally. This is scary because because microsoft is scheduled to stop releasing all hotfixes for nt 4 on december 31st of this year. What does it say about the security of our election if the driving company behind the election machines has no clear upgrade path for their internal software? Does it imply that products they release may be released on unsupported, buggy platforms?
Not really. It implies that Microsoft changed the security in IE so that it would be much less likely to be vulnerable to certain types of situations. An analagous example is adding the No Execute (NX) code to hardware and software. It doesn't prevent coding mistakes, but it does prevent many ways of exploiting coding mistakes.
Its interesting to note that the most critical patches - those for remote code execution - do not affect Windows XP with Service Pack 2 installed. When Microsoft built SP2, they did a lot of things right. IE has better security, for one. At my corporation, I have pushed out the updates with SUS already, but I am not too worried about this. I have already implemented SP2 across the corporation, and I am much more secure now than I was without SP2. Yeah, I know that security is a process, not a product, but SP2 helps that process a lot.
It is about time halo2 came out - it has been 3 long years. I still play halo 1 on pc to this day. The servers are always full of people and the graphics still great. If you had asked me a couple of years ago, I would never have believed that halo 2 would come out before half life 2. :-)
"J" (who in his anger may have been under the mistaken impression that I'm associated with Spy Wiper) intends to sue Spy Wiper. He says that when Spy Wiper opened his CD-ROM drive, it popped his infant in the eye. The infant had to be taken to the emergency room.
Seriously, what kind of nonsensical idea is it for programmers to rewrite their programs to work around a security hole in the **compiler**??!! That's just ridiculous. Microsoft needs to have the patch out front & center right now.
With the latest version of firefox, it checks for program updates automatically, it downloads program patches, and it attempts to find necessary plugins for pages and install them if you tell it to. Firefox is about to reach the point to where the adoption rates start increasing exponentially.
I just broke amazon's patent by single-click the submit button to this post.
How will keeping people from reading their email help reduce spam? Hotmail already limits you to sending ~100 messages/day.
No, Microsoft new what they were doing - Starter Edition should be named Demo Edition.
Update your systems now! The patch has been out for several weeks. I have already applied it to my corporation via SUS (which is free) and am rolling out the office patch now, as well. There is no reason other than laziness or sysadmin ignorance for this to be another massive virus attack.
In general though, I don't test hotfixes before I push them out just because I don't have time to extensively test every hotfix, but I will test service packs (win xp sp2, office 2003 sp1, etc.)
I totally agree with the 'worse than useless' statement. In my office, I had to disable it on the corporate SUS server because all it did was pop up and worry users. It gives no meaningful information. It does not patch all the dll's that it may or may not find. It merely scares users into thinking they had a virus. This is the only thing in my SUS list that is not approved and it will stay that way forever as far as I am concerned.
In my SUS server at my corporation, I disabled this stupid tool because all it does it pop up with some confusing error message that the end user does not understand. Then they would all just call me asking about a weird popup they got on their screen. I am deploying the windows patch via SUS and the office pack via scripts, so there is nothing for the end user to do anyways.
Yeah, I remembered the same thing as well. However, in my search for the dupe, all I could find was http://www.lastwishes.com/ which made the news about 6 months ago. :-) You win.
http://en.wikipedia.org/wiki/Earth_impacts
However, our current programsto track asteroids that might hit the earth is extremely limited.
It's disgustingly well engineered and it works incredibly well.
Here's a link to a single page that you don't have to click through.
Plazanet and colleagues prepared a liquid solution containing a-cyclodextrine (alpha-CD), water and 4-methylpyridine (4MP). Cyclodextrines are cyclic structures containing hydroxyl end groups that can form hydrogen bonds with either the 4MP or water molecules.
What I see:
And if you expect me to tell you how this discovery will modify our lives, you're going to be disappointed. I've not a slightest idea about it, even if I find fascinating that scientists always find new ways to break rules and shake our certitudes.
But, I still prefer using spamgourmet when possible.