Walk into work in a penguin costume and a baseball bat. Then walk around from cube to cube smashing anything MS related chanting screaming "Linus is lord!".
No idea what you're talking about.
This is no different than any other security research company (eEye, ISS, etc) with one exception, they accept findings from outside sources.
What I meant was that the vast, vast majority of Freshmeat projects are unmaintained and never go anywhere. People who bought a book on C, Python or Perl and wrote some useless util they never really finished.
I don't think most people who use the UA for validation do so in an attempt to foil those want to get around it. It's more of a support issue. If the site was designed to run in IEx and you're running Lynx they're just letting you know up front that it may not work properly.
To your second coment. Probably because fewer people will complain (or at least have reason to complain) if MS provides a warning. Sure there will be people like you and I who feel it's obvious and unnecessary, but there are more people who aren't like us than are.
Sure, and I'm sure they'll do well for the rest of the year and probably most of next. However, I just don't see how they can keep it up much further than that.
This is (imho) a contributing factor to their migration to x86. As you know, Apple is a a very popular brand right now, and they obviously want to continue that trend. x86 arch will presumably lower the cost of their hardware and make Apple computers more accessible while they're still hot.
I think you missed my point. You made it appear as if Microsoft needed to address issues that Linux (Redhat 9 specifically) doesn't have. Which is not the case.
First, I'd like to know where you got the '50 percent chance' figure from.
Secondly, what's the ratio of Redhat 9 to Windows XP hosts on the Internet? Now, lets say it's 100:1 (even though it's a much wider figure), but 100:1 will do fine for the purpose of this arguement.
Now, lets say you have worms which attempt propagate at the same speed but exploit to unique vulnerabilities in both operating systems (Redhat 9 and Windows XP).
Based on the ratio of XP to RH9 hosts, each infected host would be 100x more likely to find and compromise a Windows XP host than Redhat 9. Now since this is a worm we're talking about, that would mean you'd have 100x more machines attempting to propagate, resulting in 100x attack attempts.
This doesn't mean that one operating system is more secure than the other, it just means that due to market saturation and the availability of unpatched hosts, Windows infections will be much more common in the wild and therefore have a much smaller window of compromise.
Yeah, I have an inbound port NAT on my home DSL for SSH.
I'm not too concerned about it. I just thought it was interesting as I had just enabled it a short time before the first bruteforce attempt. At the time, I wasn't aware SSH bruteforce attacks were so prevalent.
I was just reviewing one of these today from Miami University (Ohio).
Jul 15 04:55:51 combust sshd[12125]: Did not receive identification string from 134.53.130.197 Jul 15 04:59:57 combust sshd[14758]: Invalid user president from 134.53.130.197 Jul 15 04:59:57 combust sshd[1219]: input_userauth_request: invalid user president Jul 15 04:59:57 combust sshd[1219]: Failed password for invalid user president from 134.53.130.197 port 57698 ssh2 Jul 15 04:59:57 combust sshd[14758]: Failed password for invalid user president from 134.53.130.197 port 57698 ssh2 Jul 15 04:59:57 combust sshd[1219]: Received disconnect from 134.53.130.197: 11: Bye Bye Jul 15 04:59:58 combust sshd[29612]: Invalid user bob from 134.53.130.197 Jul 15 04:59:58 combust sshd[7875]: input_userauth_request: invalid user bob Jul 15 04:59:58 combust sshd[29612]: Failed password for invalid user bob from 134.53.130.197 port 57789 ssh2 Jul 15 04:59:58 combust sshd[7875]: Failed password for invalid user bob from 134.53.130.197 port 57789 ssh2 Jul 15 04:59:59 combust sshd[7875]: Received disconnect from 134.53.130.197: 11: Bye Bye Jul 15 05:00:00 combust sshd[22372]: Invalid user sunshine from 134.53.130.197 Jul 15 05:00:00 combust sshd[6311]: input_userauth_request: invalid user sunshine Jul 15 05:00:00 combust sshd[22372]: Failed password for invalid user sunshine from 134.53.130.197 port 57864 ssh2 Jul 15 05:00:00 combust sshd[6311]: Failed password for invalid user sunshine from 134.53.130.197 port 57864 ssh2 Jul 15 05:00:00 combust sshd[6311]: Received disconnect from 134.53.130.197: 11: Bye Bye... Jul 15 05:11:57 combust sshd[1820]: input_userauth_request: invalid user gus Jul 15 05:11:57 combust sshd[1820]: Failed password for invalid user gus from 134.53.130.197 port 39530 ssh2 Jul 15 05:11:57 combust sshd[23478]: Failed password for invalid user gus from 134.53.130.197 port 39530 ssh2 Jul 15 05:11:57 combust sshd[1820]: Received disconnect from 134.53.130.197: 11: Bye Bye Jul 15 05:11:58 combust sshd[14363]: Invalid user adminweb from 134.53.130.197 Jul 15 05:11:58 combust sshd[3817]: input_userauth_request: invalid user adminweb Jul 15 05:11:58 combust sshd[3817]: Failed password for invalid user adminweb from 134.53.130.197 port 39568 ssh2 Jul 15 05:11:58 combust sshd[14363]: Failed password for invalid user adminweb from 134.53.130.197 port 39568 ssh2 Jul 15 05:11:58 combust sshd[3817]: Received disconnect from 134.53.130.197: 11: Bye Bye
And what exactly is the root of their security problems? Is it any different than those facing Linux? Enough about that...
Without looking up a definition, do you even know what a buffer overflow is or how it's used? Does the term EIP mean anything to you?
You have nothing to contribute other than some stupid comment on of your friends made on IRC. Guess what, he doesn't know what he's talking about either.
I say medium at best...
1) Few corporate workstations have RDP enabled.
2) Few corporate environments allow anonymous access to RDP (or Teminal Services).
3) RDP isn't enabled on XPSP2 by default to begin with.
4) There's no reason to believe this vul would allow remote code execution at this point.
Slashdot Mirror
Back in the days of ASP, PHP was a real contender. Today, ASP.NET makes PHP4/5 look like Mike Tyson after he got out of jail.
Walk into work in a penguin costume and a baseball bat. Then walk around from cube to cube smashing anything MS related chanting screaming "Linus is lord!".
No, the exploit itself is owned by TippingPoint but the signature to detect it is open. BTW, IDS is a horse with a broken leg.
No idea what you're talking about. This is no different than any other security research company (eEye, ISS, etc) with one exception, they accept findings from outside sources.
iDefense (recently acquired by VeriSign) has been doing this years.
Actually, that was a little trollish..
What I meant was that the vast, vast majority of Freshmeat projects are unmaintained and never go anywhere. People who bought a book on C, Python or Perl and wrote some useless util they never really finished.
look at all the garbage projects on Freshmeat. :)
I don't think most people who use the UA for validation do so in an attempt to foil those want to get around it. It's more of a support issue. If the site was designed to run in IEx and you're running Lynx they're just letting you know up front that it may not work properly.
To your second coment. Probably because fewer people will complain (or at least have reason to complain) if MS provides a warning. Sure there will be people like you and I who feel it's obvious and unnecessary, but there are more people who aren't like us than are.
http://www.bloomberg.com/apps/news?pid=10000103&si d=a_E1xJZdLLHc&refer=us
Sure, and I'm sure they'll do well for the rest of the year and probably most of next. However, I just don't see how they can keep it up much further than that.
This is (imho) a contributing factor to their migration to x86. As you know, Apple is a a very popular brand right now, and they obviously want to continue that trend. x86 arch will presumably lower the cost of their hardware and make Apple computers more accessible while they're still hot.
Correct. Apple is a business and it's trying desperating to hold on to it's trendiness as iPod fever dies off.
Not that I have anything against Apple, I'm typing this on a Powerbook.
I think you missed my point. You made it appear as if Microsoft needed to address issues that Linux (Redhat 9 specifically) doesn't have. Which is not the case.
First, I'd like to know where you got the '50 percent chance' figure from.
Secondly, what's the ratio of Redhat 9 to Windows XP hosts on the Internet? Now, lets say it's 100:1 (even though it's a much wider figure), but 100:1 will do fine for the purpose of this arguement.
Now, lets say you have worms which attempt propagate at the same speed but exploit to unique vulnerabilities in both operating systems (Redhat 9 and Windows XP).
Based on the ratio of XP to RH9 hosts, each infected host would be 100x more likely to find and compromise a Windows XP host than Redhat 9. Now since this is a worm we're talking about, that would mean you'd have 100x more machines attempting to propagate, resulting in 100x attack attempts.
This doesn't mean that one operating system is more secure than the other, it just means that due to market saturation and the availability of unpatched hosts, Windows infections will be much more common in the wild and therefore have a much smaller window of compromise.
Yeah, I have an inbound port NAT on my home DSL for SSH. I'm not too concerned about it. I just thought it was interesting as I had just enabled it a short time before the first bruteforce attempt. At the time, I wasn't aware SSH bruteforce attacks were so prevalent.
I was just reviewing one of these today from Miami University (Ohio).
...
Jul 15 04:55:51 combust sshd[12125]: Did not receive identification string from 134.53.130.197
Jul 15 04:59:57 combust sshd[14758]: Invalid user president from 134.53.130.197
Jul 15 04:59:57 combust sshd[1219]: input_userauth_request: invalid user president
Jul 15 04:59:57 combust sshd[1219]: Failed password for invalid user president from 134.53.130.197 port 57698 ssh2
Jul 15 04:59:57 combust sshd[14758]: Failed password for invalid user president from 134.53.130.197 port 57698 ssh2
Jul 15 04:59:57 combust sshd[1219]: Received disconnect from 134.53.130.197: 11: Bye Bye
Jul 15 04:59:58 combust sshd[29612]: Invalid user bob from 134.53.130.197
Jul 15 04:59:58 combust sshd[7875]: input_userauth_request: invalid user bob
Jul 15 04:59:58 combust sshd[29612]: Failed password for invalid user bob from 134.53.130.197 port 57789 ssh2
Jul 15 04:59:58 combust sshd[7875]: Failed password for invalid user bob from 134.53.130.197 port 57789 ssh2
Jul 15 04:59:59 combust sshd[7875]: Received disconnect from 134.53.130.197: 11: Bye Bye
Jul 15 05:00:00 combust sshd[22372]: Invalid user sunshine from 134.53.130.197
Jul 15 05:00:00 combust sshd[6311]: input_userauth_request: invalid user sunshine
Jul 15 05:00:00 combust sshd[22372]: Failed password for invalid user sunshine from 134.53.130.197 port 57864 ssh2
Jul 15 05:00:00 combust sshd[6311]: Failed password for invalid user sunshine from 134.53.130.197 port 57864 ssh2
Jul 15 05:00:00 combust sshd[6311]: Received disconnect from 134.53.130.197: 11: Bye Bye
Jul 15 05:11:57 combust sshd[1820]: input_userauth_request: invalid user gus
Jul 15 05:11:57 combust sshd[1820]: Failed password for invalid user gus from 134.53.130.197 port 39530 ssh2
Jul 15 05:11:57 combust sshd[23478]: Failed password for invalid user gus from 134.53.130.197 port 39530 ssh2
Jul 15 05:11:57 combust sshd[1820]: Received disconnect from 134.53.130.197: 11: Bye Bye
Jul 15 05:11:58 combust sshd[14363]: Invalid user adminweb from 134.53.130.197
Jul 15 05:11:58 combust sshd[3817]: input_userauth_request: invalid user adminweb
Jul 15 05:11:58 combust sshd[3817]: Failed password for invalid user adminweb from 134.53.130.197 port 39568 ssh2
Jul 15 05:11:58 combust sshd[14363]: Failed password for invalid user adminweb from 134.53.130.197 port 39568 ssh2
Jul 15 05:11:58 combust sshd[3817]: Received disconnect from 134.53.130.197: 11: Bye Bye
And what exactly is the root of their security problems? Is it any different than those facing Linux? Enough about that...
Without looking up a definition, do you even know what a buffer overflow is or how it's used? Does the term EIP mean anything to you?
You have nothing to contribute other than some stupid comment on of your friends made on IRC. Guess what, he doesn't know what he's talking about either.
I say medium at best... 1) Few corporate workstations have RDP enabled.
2) Few corporate environments allow anonymous access to RDP (or Teminal Services).
3) RDP isn't enabled on XPSP2 by default to begin with.
4) There's no reason to believe this vul would allow remote code execution at this point.
Sure, but don't forget the RD service isn't enabled by default.
Absolutely true, however, 11 days is too long if the vulnerability resolve by the patch is:
Remotely exploitable Being actively exploited in the wild Would expose customer data if exploited
You're comparing writing a symphony to getting your MCSE?
FUD = Anything published which looks negatively on Linux and/or OSS.
Linux doesn't beat Windows in anything except initial investment and the vocality (is that a word?) of its user base.
Did Mozilla patch these? I don't see any mention to GIF in the list of fixes
More speculation...just what we need.
Longhorn is nothing more than XP with transparent Windows, I will happily switch if they've done a good job at addressing security.
XP SP 2 was a great start, hopefully Longhorn continues where SP 2 left off.