MS08-067 is an RPC vulnerability, and is indeed linked to in the summary as of the most recent update. However, the summary also states that it is an SMB vulnerability, which is MS08-063. I think one of the updates in the summary is talking about the wrong vulnerability, since they really aren't that similar. It appears from this article, though, that they are actually releasing the emergency patch for the SMB exploit in MS08-063, not the RPC vulnerability.
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
In other words: any idiot on your network can gain admin access to any attached Windows-based system with file-sharing enabled. I'm really glad that they're releasing an emergency patch for this, because that's a pretty fucking crazy description of an exploit, especially since it affects all versions of their last 10 years of operating systems.
AVG is dirt cheap, and you get exactly what you pay for. I'm talking $1,000 for ~300 licenses; Sophos quoted me almost $11,000 for the same number. AVG is not a true enterprise-class solution, it's home software hacked (ugly hacked) into a networkable-ish product that barely does the job it's advertised to do. And although I've never owned any Symantec software, I have dealt with their consumer Norton product and if you thought that was bloated and ugly, well, I think you just haven't experienced AVG 8.x.
When I did look into a couple of the others while I was looking for a new AV solution, I found what you said to be true for most of the real brands; the difference between Sophos, TrendMicro, and others was pretty minimal.
Now that is something I would really love to use. I've read really great things about them, and their demo really impressed me. They even offered to craft a custom installer that would remove our current AV at no extra cost. Sadly, the higher-ups didn't go for the price because they're used to AVG.:`(
Now I've never actually used any of Symantec's AV software, but I usually hear from peers that their enterprise solution is actually pretty lightweight, unobtrusive and generally decent software.
having Symantec on these machines is detrimental
Again, I really don't have any experience, but would you feel like elaborating?
I deal with AVG Network edition (which is the same as the free edition but not free and with a semi-functional control center), and I can tell you that they put a lot of what I would consider legitimate software in their defs. Their newest version 8 does not remember your exceptions correctly, either.
Dude, RTFA, even just read the summary, it's not like they pull up a website from their living room and click a fucking "vote here" button, the only place to vote is on secured laptops over a VPN from a specific location. Clearly the big "if" is "if they can do it correctly," however I think the idea that it can't be done is just paranoid and ignorant of the technology discussed in the article.
Nobody is saying that RAID is a backup. RAID is there to keep you up and running in a business environment when a drive fails, which is, as the author puts it, inevitable. Then he goes on to statistically prove that, while rebuilding an array of currently relevant size for a large business, as in many TB of data, that you will almost certainly not be able to recover your array to a healthy state because of an unavoidable, highly probable read error on one of your "healthy" disks. Of course you have a fucking backup of your production 12 TB RAID array. He said what he did about tape backups to drive home the point, which is that your shit will be down, out of production, thereby making the fact that you had your data in RAID 5 completely pointless. The author has a good fucking point, RAID 5 is statistically useless when dealing with disks that large.
Thanks, I believe it was done in the name of security, and since it actually frustrates me sometimes, I think I will go ahead and enable it. I really appreciate your response, (even though you're AC) this kind of discussion where I can actually learn something from peers is why I love slashdot.
I think (at least for whatever kernel they were using in '03, when I first tried Gentoo) that ext2 was significantly faster than ext3. They were saying that you could cut some decent boot time by going with ext2, and because of the small size, fsck time was trivial. Even if you ended up with a corrupted/boot because you didn't have a journal, it's really the only partition you can remake easily from scratch.
I think the big news flash on this is that they actually performed four different, real attacks on real, physical keyboards. Theory is one thing, someone actually saying "hey, we can really do this on the cheap now to 11 different keyboards sold at your local Best Buy; here's how..." is another. I don't think it's unreasonable to consider that "news for nerds."
Holy shit, calm down, I'll turn it on. I already said above that I meant echo and let a decent amount of ICMP through. The only reason I block echo is because the previous admin had it off and I didn't really have an informed opinion on it one way or the other. But you've convinced me in the most assholish, unconstructive way to turn it on, so sorry for breaking your PMTU, I hope it frustrated you at one point or another.
I may be an idiot and not have any business managing a firewall, but apparently judging from the article you linked to, a lot of people make the same mistake. I went in and checked though, and I was thankfully mistaken, we do have 3-0, 3-1, 3-2, 3-3, 3-4, and 11 turned on, but 8 definitely off on the outside.
So now I'm not sure if we really would be invisible, are there other scanning methods besides echo?
I drop ICMP entirely, and besides our website and mailservers, we don't have any standard tcp ports open on any of our other external IPs. I really can't imagine it's that much different for other medium and large businesses; am I to believe they nmapped the entire Internet? (It's clear FTA that they did not) To me, these findings are not that surprising in the security-oriented world we live in today.
I should have said Volume Shadow Services, which does exactly what you mention and is what System Restore is built on. Not the point though:
I don't buy anything off itunes
If Apple rocks so much, why not? Is it because they encode in a nearly unlistenable 128Kb/s or because of the lock in? I'll take the lock in, since I actually do exactly the same thing as you with CDs, attic and all, though recently I've been using the Amazon MP3 store.
when Microsoft regularly destroys my linux partition when it detects something "non-microsoft" or a "boot sector virus."
I've been triple-booting for six years and have never had this happen, not once, nor has it happened to anyone else I know that multi-boots. Not saying it hasn't happened to you, just that this isn't something the average dual-booter worries about. (let me know what distro, though, so I can stay the fuck away from it).
My point isn't at all that Apple sucks, but that your blind faith in them and blind hatred for everything Microsoft means that you get some of one world, not the best of both worlds.
Here's how your post reads to someone who's not a drunk/zealot:
no we had [generic Unix mail server that doesn't support half the features Exchange does] and [one of the generic directory protocols that can be used used to access Active Directory and isn't even close to the same class of application] instead of the bloated mess that is M$ product "development". M$ has no unique products...oh maybe the bloated ugly crashing piece of shit called vista. Remember how unix completely ripped off [generic archiving format/application that doesn't really have anything to do with MS System Restore besides the fact that it is an archiving app] from M$ System Restore ? I don't because it actually [didn't happen]. i agree that M$ is a shitty dirty and underhanded company. no argument there.
You're just as bad as the Apple guy (are you the Apple guy posting AC?).
...$MS actually invent something they couldn't sue, buy out or copy
Yeah, because everyone had things like Exchange Server and Active Directory before '$MS' (Don't you mean 'M$?'). Netware and Groupwise were great in 1998, but welcome to the real world in 2008 where Apple is still irrelevant in the business world and Microsoft has some unique products. Oh, remember how M$ completely ripped off System Restore from Apple's Time Machine? I don't because it actually happened the other way around. Microsoft is a shitty, dirty, underhanded company in a lot of ways, but you clearly don't know why, you are just ill-informed and like '$MS bashing.'
Slashdot Mirror
Dude, you have to use the "static link" on the NIST page for that to work...
MS08-067 is an RPC vulnerability, and is indeed linked to in the summary as of the most recent update. However, the summary also states that it is an SMB vulnerability, which is MS08-063. I think one of the updates in the summary is talking about the wrong vulnerability, since they really aren't that similar. It appears from this article, though, that they are actually releasing the emergency patch for the SMB exploit in MS08-063, not the RPC vulnerability.
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
In other words: any idiot on your network can gain admin access to any attached Windows-based system with file-sharing enabled. I'm really glad that they're releasing an emergency patch for this, because that's a pretty fucking crazy description of an exploit, especially since it affects all versions of their last 10 years of operating systems.
When I did look into a couple of the others while I was looking for a new AV solution, I found what you said to be true for most of the real brands; the difference between Sophos, TrendMicro, and others was pretty minimal.
Heh, if it doesn't like nmap or windows rsync, then damn, it's out of consideration already for me. Thanks!
My company relies on SOPHOS
Now that is something I would really love to use. I've read really great things about them, and their demo really impressed me. They even offered to craft a custom installer that would remove our current AV at no extra cost. Sadly, the higher-ups didn't go for the price because they're used to AVG. :`(
having Symantec on these machines is detrimental
Again, I really don't have any experience, but would you feel like elaborating?
I deal with AVG Network edition (which is the same as the free edition but not free and with a semi-functional control center), and I can tell you that they put a lot of what I would consider legitimate software in their defs. Their newest version 8 does not remember your exceptions correctly, either.
Wow, solid, well supported argument right there.
Dude, RTFA, even just read the summary, it's not like they pull up a website from their living room and click a fucking "vote here" button, the only place to vote is on secured laptops over a VPN from a specific location. Clearly the big "if" is "if they can do it correctly," however I think the idea that it can't be done is just paranoid and ignorant of the technology discussed in the article.
Nobody is saying that RAID is a backup. RAID is there to keep you up and running in a business environment when a drive fails, which is, as the author puts it, inevitable. Then he goes on to statistically prove that, while rebuilding an array of currently relevant size for a large business, as in many TB of data, that you will almost certainly not be able to recover your array to a healthy state because of an unavoidable, highly probable read error on one of your "healthy" disks. Of course you have a fucking backup of your production 12 TB RAID array. He said what he did about tape backups to drive home the point, which is that your shit will be down, out of production, thereby making the fact that you had your data in RAID 5 completely pointless. The author has a good fucking point, RAID 5 is statistically useless when dealing with disks that large.
Thanks, I believe it was done in the name of security, and since it actually frustrates me sometimes, I think I will go ahead and enable it. I really appreciate your response, (even though you're AC) this kind of discussion where I can actually learn something from peers is why I love slashdot.
Now consider why one needs journal outside their /home
Yeah, good point, I mean who the fsck would ever want to write to somethings like /var/logs?
I think (at least for whatever kernel they were using in '03, when I first tried Gentoo) that ext2 was significantly faster than ext3. They were saying that you could cut some decent boot time by going with ext2, and because of the small size, fsck time was trivial. Even if you ended up with a corrupted /boot because you didn't have a journal, it's really the only partition you can remake easily from scratch.
Once they get banned from holodecks.
I don't see the big "News Flash" on this.
I think the big news flash on this is that they actually performed four different, real attacks on real, physical keyboards. Theory is one thing, someone actually saying "hey, we can really do this on the cheap now to 11 different keyboards sold at your local Best Buy; here's how..." is another. I don't think it's unreasonable to consider that "news for nerds."
Yeah, I remember they used to talk about this in the Gentoo handbook; use ext2 for /boot, but ext3 for everything that you actually care about.
Holy shit, calm down, I'll turn it on. I already said above that I meant echo and let a decent amount of ICMP through. The only reason I block echo is because the previous admin had it off and I didn't really have an informed opinion on it one way or the other. But you've convinced me in the most assholish, unconstructive way to turn it on, so sorry for breaking your PMTU, I hope it frustrated you at one point or another.
So now I'm not sure if we really would be invisible, are there other scanning methods besides echo?
I drop ICMP entirely, and besides our website and mailservers, we don't have any standard tcp ports open on any of our other external IPs. I really can't imagine it's that much different for other medium and large businesses; am I to believe they nmapped the entire Internet? (It's clear FTA that they did not) To me, these findings are not that surprising in the security-oriented world we live in today.
I don't buy anything off itunes
If Apple rocks so much, why not? Is it because they encode in a nearly unlistenable 128Kb/s or because of the lock in? I'll take the lock in, since I actually do exactly the same thing as you with CDs, attic and all, though recently I've been using the Amazon MP3 store.
when Microsoft regularly destroys my linux partition when it detects something "non-microsoft" or a "boot sector virus."
I've been triple-booting for six years and have never had this happen, not once, nor has it happened to anyone else I know that multi-boots. Not saying it hasn't happened to you, just that this isn't something the average dual-booter worries about. (let me know what distro, though, so I can stay the fuck away from it).
My point isn't at all that Apple sucks, but that your blind faith in them and blind hatred for everything Microsoft means that you get some of one world, not the best of both worlds.
no we had [generic Unix mail server that doesn't support half the features Exchange does] and [one of the generic directory protocols that can be used used to access Active Directory and isn't even close to the same class of application] instead of the bloated mess that is M$ product "development". M$ has no unique products...oh maybe the bloated ugly crashing piece of shit called vista. Remember how unix completely ripped off [generic archiving format/application that doesn't really have anything to do with MS System Restore besides the fact that it is an archiving app] from M$ System Restore ? I don't because it actually [didn't happen]. i agree that M$ is a shitty dirty and underhanded company. no argument there.
You're just as bad as the Apple guy (are you the Apple guy posting AC?).
...$MS actually invent something they couldn't sue, buy out or copy
Yeah, because everyone had things like Exchange Server and Active Directory before '$MS' (Don't you mean 'M$?'). Netware and Groupwise were great in 1998, but welcome to the real world in 2008 where Apple is still irrelevant in the business world and Microsoft has some unique products. Oh, remember how M$ completely ripped off System Restore from Apple's Time Machine? I don't because it actually happened the other way around. Microsoft is a shitty, dirty, underhanded company in a lot of ways, but you clearly don't know why, you are just ill-informed and like '$MS bashing.'
Heh, whoops, yeah I'm an idiot
Good points, I guess that is what I meant.