Is Zotob A MS Plot . . . .

[kurttrail]

Well, I shouldn't have said "the customer"... The end-users' IT
service provider paid $150,000 to patch their operating system. Why?
Because they insist on running an unsupported operating system, which
is Windows 2000 SP3. Why? Because they moved their Technicians to
an hourly rate to save money during slow periods.

Even though the IT firm would pay nothing to Microsoft to upgrade to
Windows 2000 SP4, a supported operating system, they would have to
pay those hourly technicians to "touch" a helluva lot of machines. So,
this IT firm has made the calculated decision that it is cheaper
to pay Microsoft for patches to an unsupported operating system than
it is to pay the Technicians an hourly rate.

I know this doesn't fit well in your world view, but the progressive
IT firms that actually train their technicians and pay them to manage
their clients' networks never seem to get hit with these problems.
Meanwhile, the reactionary IT firms almost ALWAYS get hit by each and
every one of these problems because they only dispatch technicians to
FIX problems AFTER they are reported.

Carl

MS should provide any necessary patch for free. It is their coding
negligence that
is being exploited.

If the OS is still functional, then MS has a responsibility to patch the
security holes in it. It is a matter of Global Network Security. If MS
doesn't want take responsibility for its holes, then they should get out
of businesss.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[kurttrail]

It's a conspiracy. All software vendors delight in writing bad code
so that you are forced to spend all your free time patching your
operating system and applications.

For example look at the holes that CERT considered important for the
WEEK of August 3-9:

http://www.us-cert.gov/cas/bulletins/SB05-222.html

That's only the tip of the iceberg:

http://www.securityfocus.com/vulnerabilities

Best to stay away from computers entirely!

LOL! I use to think it was computers that were the devil, but it ain't
the hardware, it's the software.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Jon]

My floppy drive lights up when I click that first link

http://www.us-cert.gov/cas/bulletins/SB05-222.html

Jon


news:[email protected]...

 

[Vagabond Software]

MS should provide any necessary patch for free. It is their coding
negligence that
is being exploited.

If the OS is still functional, then MS has a responsibility to patch the
security holes in it. It is a matter of Global Network Security. If MS
doesn't want take responsibility for its holes, then they should get out
of businesss.

--

I don't know how many times I have to repeat myself. Microsoft provided a
FREE fix via Windows 2000 SP4.

Your assertion that as long as the "OS is still functional, then MS has a
responsibility to patch security holes" is, of course, rediculous. Apple
has to support OS 8? OS 9? Sun has to support SunOS 4.1.3? IBM has to
support OS/2 Warp? Like I said, rediculous.

Global Network Security? How dramatic... Ignorance is a matter of GNS. I
think every IT company that has clients who are infected with these exploits
should have to publicize their company names and their excuse for allowing
their clients to be hit by such an ineffectual worm.

Carl

 

[kurttrail]

My floppy drive lights up when I click that first link

http://www.us-cert.gov/cas/bulletins/SB05-222.html

Another IE flaw. It doesn't happen with Firefox.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Jon]

Looks like it's this part of the source that is responsible
<link
href="file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css"
rel="stylesheet" type="text/css">

<style type="text/css">



Odd, because if you paste

file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css

into the Firefox address bar, it also attempts to access the floppy, but
not, as you say, if you access the web page directly.

Jon

 

[kurttrail]

Looks like it's this part of the source that is responsible
<link
href="file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css"
rel="stylesheet" type="text/css">

<style type="text/css">



Odd, because if you paste

file:///A|/Donna/CyberNotes_SecurityBuletin_2004/Donna/bulletin.css

into the Firefox address bar, it also attempts to access the floppy,
but not, as you say, if you access the web page directly.

Firefox is smart enough to understand that pulling a html doc off the
web, it shouldn't be calling up a local drive, but when you locally ask
it to call up a local drive, then it allows it.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[NoStop]

Doesn't matter as my point is that MS will use this worm to get corps
that have been reluctant to upgrade.

I'm sure after this, many will just say f-it and move on to a real OS.

 

[NoStop]

As will many computer repair firms.

Alias

I can earn a living fighting worms and viruses for Windows. My Linux
servers I can afford to ignore for years.

You have to be a pretty knowledgeable computer user on Linux to make it
"not" secure.

 

[Dimple Wathen]

You have to be a pretty knowledgeable computer user on Linux to make it
"not" secure.

Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
that there are none that even nobody has found yet! COOL!

 

[NoStop]

Has "Linux" removed all buffer overflow bugs then? Hmmm... that means
that there are none that even nobody has found yet! COOL!

Since the majority of the Web runs on Linux, when is the last time you heard
of malicious code bringing down a website running on Linux? OK, I thought
so ... you haven't.

 

[kurttrail]

Since the majority of the Web runs on Linux, when is the last time
you heard of malicious code bringing down a website running on Linux?
OK, I thought so ... you haven't.

Actually, I had a website that was hosted on Linux servers, and had my
home page replaced.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[kurttrail]

I don't know how many times I have to repeat myself. Microsoft
provided a FREE fix via Windows 2000 SP4.

No. A corporation has to spend money and time to implement a SP over
its network.

So MS is basically making them pay to upgrade to a service pack or pay
for a patch.

I don't know how many times I have to repeat myself. Microsoft should
provide a free patch to any working vulnerable OS, that is only
vulnerable due to MS coding negligence! If they work take
responsibility for the hole they created then they should get the hell
out of the OS business!

Your assertion that as long as the "OS is still functional, then MS
has a responsibility to patch security holes" is, of course,
rediculous. Apple has to support OS 8? OS 9? Sun has to support
SunOS 4.1.3? IBM has to support OS/2 Warp? Like I said, rediculous.

If hole is actively being exploited, then yes, software manufacturers
should be held responsible for their negligent mistakes.

Global Network Security? How dramatic... Ignorance is a matter of
GNS. I think every IT company that has clients who are infected with
these exploits should have to publicize their company names and their
excuse for allowing their clients to be hit by such an ineffectual
worm.

LOL! That patch had only been out for a week, and with the number of
patches that MS released in its last bunch, it is quite understandable
that testing all those patches would take a while. It's not like MS has
never released a patched that didn't create other problems.

The larger the organization, the longer it will take to test the
MicroPatches, especially when you have multiple patches released all at
once. And MS is the one that decided to release patches all at once on
a monthly schedule.

So stop your apologizing for Microsoft. They created the hole through
there negligence, and they should be held accountable to fix it for
free, or be run out of town like any snake oil salesmen that gets caught
selling an inferior product.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Dimple Wathen]

Since the majority of the Web runs on Linux, when is the last time you heard
of malicious code bringing down a website running on Linux? OK, I thought
so ... you haven't.

Depends on whose news you read, doesn't it? Certainly, CraptiveX
exploits and various other flaws in Windows "makes the news" all over.

However, "Linux" exploits do exist. Ever heard of a buffer overflow in
"Linux"? No. Not really. But what you would have heard if you have been
paying attention is buffer overflows in services and programs running
under Linux (hence I used Linux in quotes).

If an ASP/IIS Website gets "hacked" should we blame Microsoft or the
people who configured and setup and programmed the site?

Yes Windows has more core system internal flaws than Linux. Yet default
"Linux" setups get exploited too. Ever hear or root kits?

The argument that "Linux" is flawless is not really an argument. It is
stupid sophistry.

I've seen rooted Redhat boxes. A place I worked for was notified by the
FBI that one of their Redhat boxes had been hacked and was DDOSing
them. (The admin obviously did not configure the box properly--did not
apply all patches.) But "Linux" boxes are exploited and you are just
plain ignorant if you think otherwise. LESS than Windows yes, but not
NEVER.

 

[Dimple Wathen]

So stop your apologizing for Microsoft. They created the hole through
there negligence, and they should be held accountable to fix it for
free, or be run out of town like any snake oil salesmen that gets caught
selling an inferior product.

Hear hear!

Microsoft Corporate Officers should be brought before Congress as
commiting fraud just as the Tobacco and S&L executives and those of
Enron, Worldcomm, et. al.

Can you imagine what would happen if people's SUVs suddenly would not
start on the 31st day and there was a message stating that they had to
call this 800 number to "activate" their gas guzzling wreck?

Or if SUVs kept stalling on the highway every six months and the only
way to restart it was to haul it into the shop to be "fixed"?

Greed drives the Commercial software industry.

I have a client with a Network infected by W32.Licum and right now they
are "living with the virus" (it's actually a worm but for this purpose
"virus" sounds better). This is just like the Pharma Industry. They
don't what to CURE or to PREVENT they want people to PAY for monthy
PRESCRIPTIONS (read SUBSCRIPTIONS) to keep alive (or WINDOWS running).

It is criminal. It is neglegance.

Windows can be fixed rather easily. Like making the WINDOWS and
WINDOWS\SYSTEM32 folders readonly except by verified Microsoft
processes. No application needs to put EXEs or DLLs in the system
folders, they can put them in their PROGRAM FILES folder.

Microsoft is just plain lazy, They make BILLIONS due to shoody design.
So what incentive do they have to change?

What is making things worse are the Mircosoft apologists.

 

[Leythos]

What is making things worse are the Mircosoft apologists.

No, what makes things worse is the people that don't know how to
properly secure a network or node so that even exploits don't impact
them no matter how much they run in the wild.

I've never had a customer compromised, but we design with the idea that
NO OS/Service IS SECURE (since none are) and with that in mind, we've
never had a compromised server, workstation, node, nada.

 

[NoStop]

Actually, I had a website that was hosted on Linux servers, and had my
home page replaced.

Well Kurty old boy, after seeing your web sites, I must congratulate anyone
who could hack in and change it. A hacked website is not what we're talking
about when we're talking about malicious code compromising an *operating
system*. Your website was probably hacked by a simple dictionary attack
that allowed a hacker to ftp onto your site and plant a new index.html file
there.

 

[Ed]

Microsoft Corporate Officers should be brought before Congress

Some of them including the stud duck himself already have, remember?
And they have the nerve to question honest purchasers of their product
that never have been subpoenaed for any acts of skullduggery as to if
they are thieves and pirates while the real thieves and pirates are
laughing their arses off... including the whole damned country of
China which is running a Kazillion copies of a mass distributed volume
licensed version of XP.

 

[NoStop]

It is criminal. It is neglegance.

Windows can be fixed rather easily. Like making the WINDOWS and
WINDOWS\SYSTEM32 folders readonly except by verified Microsoft
processes. No application needs to put EXEs or DLLs in the system
folders, they can put them in their PROGRAM FILES folder.

Microsoft is just plain lazy, They make BILLIONS due to shoody design.
So what incentive do they have to change?

What is making things worse are the Mircosoft apologists.

Right On! Problem is the simple Wintards around here are too busy sucking
off MickeyMouse to see reality. They must either hold MickeyMouse shares or
as I suspect, they're just your typical unquestioning sheep who want to be
spoonfed as they use their computers.

 

[Ed]

what makes things worse is the people that don't know how to
properly secure a network or node so that even exploits don't impact
them no matter how much they run in the wild.

I have to agree with that statement. Even a perfect, no buggy holes
found here type system can be compromised if the network it resides on
is freely open to the sewer.

Someone a while back suggested that the only way to be safe was have
your networks closed to the outside world. Of course that will never
go in the information age we now live in but... that reminds me of
that commercial where the IT was wondering how a nasty virus got on
their network being that he had covered all the security bases when
his little girl came up and told him he just had to check out the new
game she had loaded on his office computer........

Even with my home network, I seem to spend more and more time checking
and back-checking my security, pulling maintenance on all my security
apps and making sure they are all up to date each day. That is time I
use to spend on more productive things not all that long ago. At the
present evolution of skullduggery on the web, we will all be spending
all our time guarding our back, front and side doors by 2010.

As to your statement "people that don't know how to properly secure a
network or node".......... Even if they do, someone still has to
maintain it. The problem I am seeing is that a lot of companies and
even government agencies are dropping their ITs in favor of "Rent an
IT" only when they need one in order to save money. Well they aren't
saving much money if they are getting help after the deed is done but
tell that to some brainless CEO or Bean Counter (people with no common
sense).

I have a friend that has outsource some work to me that was outsource
to him by a "Rent an IT" company that was called by a local state
government agency that not 2 month ago closed out their IT department
to save money. In those two months, their individual systems and
their whole network is in shambles because... well you know why.....

Sooooo, you not only have OS's with holes and networks with holes but
you are now getting systems and networks flopping by on autopilot
because the department that use to maintain, baby and nourish them
have been closed down.

Excuse my French but the whole ****ing system is going to hell in a
hand basket! No one's minding the store any more.

Sorry about getting up on my soapbox but.....

Regards,
Ed