I agree with the statment this is a Windows virus. However, I fail to see how it is limited to Outlook. A Windows user could easly become infected with this malware using Eudora, Outlook Express, or any other 3rd party mail client.
I got pulled over after playing San Andreas for weeks on end.. I seriously thought about making a break for it... Until I remembered that pesky thing called 'reality'
Seriously, for me this flick from the 80's helped fuel my disire to learn more about computers & software. Although, after seeing this movie with my father (I was 8 or 9), he forbid me from using a modem until I was 18.
Although I dont think that DNSReport.com will check for this particular issue, it will at the very least point out many possible issues with your dns configuration.
However, spreading the vulnerability is ALSO just inviting someone to use it.
I disagree. Lynn did not provide the details to exploit the vulnerability. I think discussing the security flaw invites the vendor to CORRECT it and to provide advisories to its customers. Its possible that nefarious organizations already know how to exploit this issue and could be at the ready to use it for evil. IMHO By disclosing this to the public, Lynn provided me and my country a service.
Overall, this sounds like a pretty good deal for just about everyone except the proprietary software vendors. Does anyone here really think the proprietary software vendors will let this stand? I am willing to bet said vendors either a) lobby congress to pass a bill banning Medicare from providing this software or b) sue the government under a 'no compete' clause.
I fully agree that this type of data should not be on a laptop. However, people will be people and they will take shortcuts whenever they can. While I used an HR person in my example, there are many other examples I could have used. For instance, what about the technical sales person who has senstive pricing information on his laptop? If the sales guy is onsite at another company, do you really think said salesguy will a) be able to plug into the network, and if he can, b) use VPN from the remote location?
Its just a bad idea to allow unfettered VPN access from outside of your network, no security admin worth his/her salt will ever allow this type of access for a mear sales person.
There was a time when laptops were stolen due to their price, and possible resale value on the black market. I personally think we are now in a new era where laptop theft (at least the corporate type) is no longer about getting a shiney new powerbook, and possibly selling it off the back of a truck. Today laptop theft could be for the information contained on the hard drive. Now lets think about the componsation, if my HR director "loses" his/her laptop with important information about me/co-workers, is $1000 really going to cover the loss? No, not even close. 1K in most cases will not even cover the cost of the laptop. For my money, I want a techonology that will encrypt the contents of that hard drive, and be easy enough for an HR director to use.
"in case you haven't noticed. Linux uses a built-in firewall"
umm Linux is a kernel, not an operating system. The Linux kernel has support for a IPTables, which is a software firewall, but it requires userland programs such as IPTables. Many Linux Distro's will give you the opportunity to setup a software firewall during the install process, but it can be easily skipped.
"With linux you never ever have to worry about worms or virii."
This is plain incorrect. Linux is not perfect, it has had many security vulneribilities including remote code execution. You're not worried about worms? Do you remember/know about the first widely publicised Internet worm? (en.wikipedia.org/wiki/Morris_worm) It attacked Sendmail, rsh, etc.., many of these daemons can be installed off the media from many modern linux distributions. Take the time to know to learn whats at stake before propagating such incorrect information.
Forget all this nonsense about "certifying" users to access the Internet and forcing ISPs to deal with malware... let Windows get certified to be connected to the Internet. Governments all around the world have minimum safety standards that commercial products (ranging from cars to blow dryers to computers) have to meet before they can be sold.
Are you really saying our/your government should certify Windows before it should be allowed access the Internet? IMHO, thats a scary thought. If the government were to pass legislation dictating what OS'es can/can't be connected to the Internet, what makes you think your OS is going to be safe? Do you really think the government is going to certify your LFS build for you? If they do, do you really think they will do it for free? This is a problem for Microsoft to solve, not my tax dollars.
That all depends if you feel that humans are born with certian inalliable rights. I for one believe humans are born with these rights. That said, would it be unfair to assume these laws are in essense, illegal? I think not.
Slashdot Mirror
I agree with the statment this is a Windows virus. However, I fail to see how it is limited to Outlook. A Windows user could easly become infected with this malware using Eudora, Outlook Express, or any other 3rd party mail client.
Umm, because they buy them out?
I got pulled over after playing San Andreas for weeks on end.. I seriously thought about making a break for it... Until I remembered that pesky thing called 'reality'
Seriously, for me this flick from the 80's helped fuel my disire to learn more about computers & software. Although, after seeing this movie with my father (I was 8 or 9), he forbid me from using a modem until I was 18.
Although I dont think that DNSReport.com will check for this particular issue, it will at the very least point out many possible issues with your dns configuration.
I disagree. Lynn did not provide the details to exploit the vulnerability. I think discussing the security flaw invites the vendor to CORRECT it and to provide advisories to its customers. Its possible that nefarious organizations already know how to exploit this issue and could be at the ready to use it for evil. IMHO By disclosing this to the public, Lynn provided me and my country a service.
Overall, this sounds like a pretty good deal for just about everyone except the proprietary software vendors. Does anyone here really think the proprietary software vendors will let this stand? I am willing to bet said vendors either a) lobby congress to pass a bill banning Medicare from providing this software or b) sue the government under a 'no compete' clause.
What version of Windows are you using?
mod this one as a troll...
I fully agree that this type of data should not be on a laptop. However, people will be people and they will take shortcuts whenever they can. While I used an HR person in my example, there are many other examples I could have used. For instance, what about the technical sales person who has senstive pricing information on his laptop? If the sales guy is onsite at another company, do you really think said salesguy will a) be able to plug into the network, and if he can, b) use VPN from the remote location?
Its just a bad idea to allow unfettered VPN access from outside of your network, no security admin worth his/her salt will ever allow this type of access for a mear sales person.
There was a time when laptops were stolen due to their price, and possible resale value on the black market. I personally think we are now in a new era where laptop theft (at least the corporate type) is no longer about getting a shiney new powerbook, and possibly selling it off the back of a truck. Today laptop theft could be for the information contained on the hard drive. Now lets think about the componsation, if my HR director "loses" his/her laptop with important information about me/co-workers, is $1000 really going to cover the loss? No, not even close. 1K in most cases will not even cover the cost of the laptop. For my money, I want a techonology that will encrypt the contents of that hard drive, and be easy enough for an HR director to use.
Ohh la ta da.. I call it a car hold.
"in case you haven't noticed. Linux uses a built-in firewall"
umm Linux is a kernel, not an operating system. The Linux kernel has support for a IPTables, which is a software firewall, but it requires userland programs such as IPTables. Many Linux Distro's will give you the opportunity to setup a software firewall during the install process, but it can be easily skipped.
"With linux you never ever have to worry about worms or virii."
This is plain incorrect. Linux is not perfect, it has had many security vulneribilities including remote code execution. You're not worried about worms? Do you remember/know about the first widely publicised Internet worm? (en.wikipedia.org/wiki/Morris_worm) It attacked Sendmail, rsh, etc.., many of these daemons can be installed off the media from many modern linux distributions.
Take the time to know to learn whats at stake before propagating such incorrect information.
Postfix is fast, flexable and easy to use. In my mind, there is no better mail server for Unix and Unix like platforms.
Ha ha!
Are you really saying our/your government should certify Windows before it should be allowed access the Internet? IMHO, thats a scary thought. If the government were to pass legislation dictating what OS'es can/can't be connected to the Internet, what makes you think your OS is going to be safe? Do you really think the government is going to certify your LFS build for you? If they do, do you really think they will do it for free? This is a problem for Microsoft to solve, not my tax dollars.
That all depends if you feel that humans are born with certian inalliable rights. I for one believe humans are born with these rights. That said, would it be unfair to assume these laws are in essense, illegal? I think not.
To bad this wasnt posted until 3 hours after we discovered the issue @ my shop...
Have you ever read any of the Linux source code? Something tells me the religous right would not be down with a custom catered linux distro.
I guess Boeing...
"workmanlike". Better luck next time.
RedHat != Linux.
RedHat = one of many Linux distributions.
the_other_one could have just as easily been talking about Debian.
Look again. There is more then just x86 in the linux kernel.
Winzip, while not part of the core Windows OS is available on many, many systems. Winzip will make file associations for .rar files.
I thought it was odd when the med tech asked me if I wanted a 'happy ending'..
In which case he would still be wrong. Linux distributions can be configured to user openldap/sasl/kerberos.