This is dumb ownership, if this bug becomes prevalent.
Sort of like it was dumb ownership to leave your SQL machine open to the Internet, allowing port 1334 open?
Or it was dumb to open any of the attachments claiming to be from your administrator sending a passworded zipped file with some "clean-up tool" attached?
We have proven that users aren't the one's responsible enough not to do something dumb. And, SP2 is still undergoing testing in many office environments.
I just went to try and cancel my membership (just *trying* not actually doing- I'm a happy Netflix Member) and I had to just click a button and mail back my DVD's within 7 days and my account would be terminated.
Maybe if I finish my sentence, I'll confuse less people like you.
Maybe if all the radio stations across the US didn't sound exactly alike....
you would be able to switch stations in a major market and hear different playlists.
Maybe if all the radio stations across the US didn't sound exactly alike....
people would actually listen to the radio instead of complaining that it all sounds the same.
Maybe if all the radio stations across the US didn't sound exactly alike....
there wouldn't be the need for Microsoft to introduce a service like this.
From the article:
ee Walker, known online as "Emp," "Rain," and "sorCe" respectively. Each of the three apparently had sizable "botnets" at their disposal, meaning they could each command thousands of compromised PCs to simultaneously attack a single host -- Walker alone had control of between 5,000 and 10,000 computers through a customized version of the Agobot worm, according to the FBI affidavit.
Yes, I have been following this story for the past day or so, so I did RTFA.
If you had read more than Microsofts site, you might have seen this quote from the Internet Storm Center :
The Storm Center and others are still investigating the method used to compromise the servers. Several server administrators reported that they were fully patched.
The jury is still out on how exactly this happened, but I tend to believe that some of the largest sites on the internet had system admins that made sure they were up to patch level after they've been burnt by waiting so many times before.
And I also wonder how many people will actually heed the call and switch their browser.
However, I doubt Microsoft will do anything for at least two months. Hopefully by then a major news source will pick up the story and everyone will hear it.
I'm surprised small local bands haven't already grabbed onto this idea.
Has anyone actually tried? I'd love to hear of some band in Nashville call WQZQ and try to purchase some airtime.
Oh, here is their number- (M-F 9-5) (615) 399-1029
"The code is still covered by copyright, and any programmer should probably avoid looking at it, to avoid SCO-style legal implications," said DeGroot of Directions on Microsoft. "If you look at it, and similar code turns up in your own work or even is already in your own work, you could have problems if Microsoft believes you have stolen its code. Proving that you didn't see something can be difficult. My understanding is that Microsoft tells its own programmers that they may not view Linux source code, for example."
Wouldn't it be harder to prove that someone *did* view the sourcecode? Isn't the burden of proof on the prosecution?
Does anyone else in the security industry worry about the amount of publicized security vulnerabilities not having an effect on the general population?
When CNN.com is running stories like this one, and then nothing happens, will people just start ignoring the problem?
If people start ignoring these advisories, we will be in much greater trouble when something bad really does happen.
Slashdot Mirror
We've already /.'ed Kerrnel.org?
I think a mirror is at http://kernel.org./
It's a bot. ISC said that it requires someone to initiate the scanning.
Sort of like it was dumb ownership to leave your SQL machine open to the Internet, allowing port 1334 open?
Or it was dumb to open any of the attachments claiming to be from your administrator sending a passworded zipped file with some "clean-up tool" attached?
We have proven that users aren't the one's responsible enough not to do something dumb. And, SP2 is still undergoing testing in many office environments.
I just went to try and cancel my membership (just *trying* not actually doing- I'm a happy Netflix Member) and I had to just click a button and mail back my DVD's within 7 days and my account would be terminated.
Maybe if I finish my sentence, I'll confuse less people like you.
Maybe if all the radio stations across the US didn't sound exactly alike....
you would be able to switch stations in a major market and hear different playlists.
Maybe if all the radio stations across the US didn't sound exactly alike....
people would actually listen to the radio instead of complaining that it all sounds the same.
Maybe if all the radio stations across the US didn't sound exactly alike....
there wouldn't be the need for Microsoft to introduce a service like this.
Maybe if all the radio stations across the US didn't sound exactly alike....
ee Walker, known online as "Emp," "Rain," and "sorCe" respectively. Each of the three apparently had sizable "botnets" at their disposal, meaning they could each command thousands of compromised PCs to simultaneously attack a single host -- Walker alone had control of between 5,000 and 10,000 computers through a customized version of the Agobot worm, according to the FBI affidavit.
I would say that these guys had it coming.
If you had read more than Microsofts site, you might have seen this quote from the Internet Storm Center :
The jury is still out on how exactly this happened, but I tend to believe that some of the largest sites on the internet had system admins that made sure they were up to patch level after they've been burnt by waiting so many times before.
And I also wonder how many people will actually heed the call and switch their browser.
However, I doubt Microsoft will do anything for at least two months. Hopefully by then a major news source will pick up the story and everyone will hear it.
I'm surprised small local bands haven't already grabbed onto this idea.
Has anyone actually tried? I'd love to hear of some band in Nashville call WQZQ and try to purchase some airtime.
Oh, here is their number- (M-F 9-5) (615) 399-1029
"Dear, break out the refried beans, the lights are flickering again!"
"The code is still covered by copyright, and any programmer should probably avoid looking at it, to avoid SCO-style legal implications," said DeGroot of Directions on Microsoft. "If you look at it, and similar code turns up in your own work or even is already in your own work, you could have problems if Microsoft believes you have stolen its code. Proving that you didn't see something can be difficult. My understanding is that Microsoft tells its own programmers that they may not view Linux source code, for example."
Wouldn't it be harder to prove that someone *did* view the sourcecode? Isn't the burden of proof on the prosecution?
Does anyone else in the security industry worry about the amount of publicized security vulnerabilities not having an effect on the general population? When CNN.com is running stories like this one, and then nothing happens, will people just start ignoring the problem? If people start ignoring these advisories, we will be in much greater trouble when something bad really does happen.