Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The First Windows 7 Zero-Day Exploit

kdawson posted more than 4 years ago | from the think-global-print-local dept.

Security 289

xploraiswakco writes with the first Microsoft-confirmed Windows 7 zero-day vulnerability, with a demonstration exploit publicly available. The problem is in SMBv2 and SMBv1 and affects Windows 7 and Windows Server 2008 R2, but not Vista, XP, or Windows Server 2003. A maliciously crafted URI could hard-crash affected machines beyond any remedy besides pushing the white button. "Microsoft said it may patch the problem, but didn't spell out a timetable or commit to an out-of-cycle update before the next regularly-scheduled Patch Tuesday of December 8. Instead, the company suggested users block TCP ports 139 and 445 at the firewall." Reader xploraiswakco adds, "As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445, too."

cancel ×

289 comments

Sorry! There are no comments related to the filter you selected.

OMG what if my computer doesnt have a white button (5, Funny)

Anonymous Coward | more than 4 years ago | (#30113394)

What are my options? New computer?

Re:OMG what if my computer doesnt have a white but (0, Offtopic)

AndGodSed (968378) | more than 4 years ago | (#30113622)

Oh come on! That is seriously funny whomever voted this flamebait. It right up there with "Where is the any key!?!?!"

Re:OMG what if my computer doesnt have a white but (3, Funny)

Vectronic (1221470) | more than 4 years ago | (#30113624)

Simply use Wite-Out, or Liquid Cover-Up, doesn't matter what button, as long as it's white.

How is this zero-day? (5, Insightful)

DNS-and-BIND (461968) | more than 4 years ago | (#30113408)

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday

OK the exploit is almost a week old already. How is this "zero-day"? In the immortal words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."

Are you trolling? (2, Informative)

Anonymous Coward | more than 4 years ago | (#30113440)

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog.

Quote whole sentences...

Re:Are you trolling? (1)

Jurily (900488) | more than 4 years ago | (#30113516)

That still doesn't make it a zero-day. Zero-days appear in the wild on the day of release.

Re:Are you trolling? (4, Insightful)

MrNaz (730548) | more than 4 years ago | (#30113582)

So you're saying that it can only be described as zero day on that day, and thereafter it cannot be called a zero day exploit, but a n-day exploit where n is the number of days since it was announced?

Sorry, but while you may be *lexically* correct, I think everyone with two brain cells that are on talking terms knows what is being referred to by a "zero day" exploit, even when referring to an exploit not released on that day.

Re:Are you trolling? (-1, Flamebait)

DNS-and-BIND (461968) | more than 4 years ago | (#30113770)

Actually, the grandparent poster is correct. Zero-day means just that. What you're talking about needs a different word. Inigo Montoya FTW!

Bonus points for stating that anyone who thinks differently from you must be stupid.

Re:Are you trolling? (-1, Troll)

webmistressrachel (903577) | more than 4 years ago | (#30113820)

You obviously have some stake in implying that 0day is still 0day several days later, even though it really is ONLY EVER 0day on that day! On following days, it was a 0day but by that definition all exploits will always be 0day and the term loses it's meaning.

You are re-writing our language. In a years' time, will you say the same weaselly thing about our brain cells to people who simply correct (i.e. read "help") you? And it's not one comment, is the GGP as well. Yeah, I've been defensive here on /. before, but that comment is worse than my normal paranoia - your plain wrong and here I am putting it right for you. Space below is for your reply, perhaps it'll be "thanks". Rachel xx

Re:Are you trolling? (3, Funny)

sproot (1029676) | more than 4 years ago | (#30113922)

On the subject of re-writing the language:

loses it's [sic] meaning

your [sic] plain wrong

That last one might be ironic.
xx

Re:Are you trolling? (0)

webmistressrachel (903577) | more than 4 years ago | (#30114040)

My grammer and punctuation go downhill when I'm ranting on a rubbish laptop keyboard. You've no idea how many times i fumbled TAB, Enter and the mousepad thing whilst writing that, and having to reposition the caret. So no, not deliberately trying to mislead people as to correct punctuation etc., but he is deliberately misleading people about meaning hence rant rant rant

lol and thanks for the correction, it is ironic isn't it? Rachel xx

Re:Are you trolling? (1)

DMiax (915735) | more than 4 years ago | (#30113952)

I fail to see any usefulness in this definition, since it depends on when the article is posted. So to know how severe was the risk I have to look at the date of the news and subtract the quantity mentioned.

Also, it is still not true that all exploits are 0-day. Sometimes the vulnerability is announced in the changelog of a software, yet an exploit is produced that targets unpatched machines. Actually it happens quite often.

There is still the question of when to start the counting, but having a definition that depend on the current time seems unreasonable, if anything because of timezones...

Re:Are you trolling? (5, Informative)

DarkOx (621550) | more than 4 years ago | (#30113918)

I always thought that zero-day referred to the time between when an exploit was being used in the wild and the amount of time admins/endusers had to patch there systems.

In the case of an exploit floating about in the wild where there has been no patch made available is a zero day because I have had zero days to patch my systems before the potential for easy exploitation.

Re:Are you trolling? (1)

nstlgc (945418) | more than 4 years ago | (#30114030)

Zero-day refers to the age of the exploit.

Re:Are you trolling? (0, Offtopic)

Anonymous Coward | more than 4 years ago | (#30113552)

The part that you added did not change the meaning of the quotation at all. If you really don't like partial sentence quotations then you might be better off not reading anything, ever.

Re:How is this zero-day? (0)

Anonymous Coward | more than 4 years ago | (#30113454)

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday

OK the exploit is almost a week old already. How is this "zero-day"? In the immortal words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."

Dude, fucking semantics. Who cares? It's not like it's years old or anything. Chill out.

Re:How is this zero-day? (-1, Offtopic)

webmistressrachel (903577) | more than 4 years ago | (#30113832)

OH dear. Fucking semantics. Big deal if noone can ever communicate what they mean properly and we descend into a planet of the apes. Never mind everything being dumbed down in education, BUT NOT HERE. THIS IS WHERE I DRAW THE LINE. We are geeks, comms geeks no less. Get off my (only 28yo) lawn!!!!

Re:How is this zero-day? (3, Funny)

ozmanjusri (601766) | more than 4 years ago | (#30113962)

Who cares? It's not like it's years old or anything. Chill out.

Exactly.

It's not as though Windows exploits are a scarce event. There'll be plenty more where that came from, so you can be semantically correct next time.

Re:How is this zero-day? (3, Informative)

Yvanhoe (564877) | more than 4 years ago | (#30113466)

In my book "zero-day" means that the vulnerability and the first practical exploit were released the same day. "Zero-day" refers to the time the dev team had to correct the bug.

Re:How is this zero-day? (-1)

DNS-and-BIND (461968) | more than 4 years ago | (#30113716)

Nope! It's the number of days between the release date and today. So, the six-day exploit in TFA might have had a workaround or even (gasp!) a patch available already. That will not do! We need the zero-day warez, only that is the most eleet. You lamers can make do with the old outdated exploits - they usually stop working after a few days, anyway. A zero-day exploit (and every zero-day exploit that has ever existed in the history of mankind) lasts for 24 hours exactly. In this case, there's no instant patch cause it's MS - other vendors will sometimes rush out a patch to fix the vulnerability. Don't worry, all is not lost, sometimes the patch introduces a new exploitable vulnerability!

Now the real elite get unpublished exploits, although this typically requires you to know the right people or trade your own unpublished exploits. Well, that or be a female who's willing to put out. Yuk. But as soon as the unpublished exploit hits the net, it becomes a zero-day exploit and starts aging from there.

Yeah, I know I'm tilting at windmills and "zero-day" has just become yet another meaningless computer security buzzword, among all the other twisted meanings of the English language used by computer security "professionals". But still.

Re:How is this zero-day? (5, Insightful)

DMiax (915735) | more than 4 years ago | (#30114024)

Nope! It's the number of days between the release date and today.

I find little use in a definition that depends on today's date. Especially because I can read articles from saturday and they will call it 3-day, which gives me no information.

A zero-day exploit is one that is created before a fix is available. It is more severe than others because no version of the target software is safe, even if it is constantly updated. Any security expert knows the implications of this, and how to take it into account when assessing the risks.

Re:How is this zero-day? (-1, Troll)

DNS-and-BIND (461968) | more than 4 years ago | (#30114080)

Aaahh...you're a security "expert". Perhaps you can explain how a fix is created before the exploit is released? I've forgotten just how easy this is.

Refer to Inigo Montoya above as needed. Apply to forehead if necessary.

Re:How is this zero-day? (2, Informative)

Anonymous Coward | more than 4 years ago | (#30114202)

Perhaps you can explain how a fix is created before the exploit is released?

We're talking about exploits in the wild. If the developers or security researchers discover the bug and patch it before any malicious third party does, there you go. This is very frequently the case, which is why you see so many stories about exploits being crafted by reverse-engineering vendor patches.

If you're going to be a little sarcastic douchebag, at least be right about something.

Re:How is this zero-day? (2, Informative)

DMiax (915735) | more than 4 years ago | (#30114220)

Simple: malware writer downloads the patch for $SOFTWARE, reverse-engineers it, understands the bug and creates the malware. If he is fast, there is still a large number of vulnerable machines around that it is worth it, and is a much cheaper than finding the bug, which generally involves having an illegal peek at the code or very good intuition.

And BTW your repeated references to the movie are not making you look a geek, more like a wannabe that does not know the first thing.

Re:How is this zero-day? (3, Funny)

Ed Avis (5917) | more than 4 years ago | (#30113530)

'When I use a word,' Humpty Dumpty said, in rather a scornful tone, 'it means just what I choose it to mean -- neither more nor less.'

Re:How is this zero-day? (1)

PCM2 (4486) | more than 4 years ago | (#30113536)

Replying to undo an accidental moderation that didn't deserve it.

Agreed that "zero day" has almost no meaning these days. Pretty bizarre when companies actually brag about their "zero day exploits" and promise a fix... several days from now?

That's setting a dangerous precident. (1, Funny)

CFD339 (795926) | more than 4 years ago | (#30114090)

The very idea of undoing your own powerful moderation use -- even if (especially if) you used it mistakenly is very un-slashdot of you. You're supposed to stay completely anonymous in your abusive mistake, and use those points to call all opinions you don't agree with either redundant or flamebait. Didn't you read the destructions the first time you got mod points?

on or before the vendor knows about it (0)

Anonymous Coward | more than 4 years ago | (#30113634)

From the infallible wikipedia:

A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security fix to users of the software. (In computer science, numbering often starts at zero instead of one.)

Re:on or before the vendor knows about it (0)

Anonymous Coward | more than 4 years ago | (#30113646)

Thank you. Terms do have meaning. I have no idea what the GP thinks "zero-day" actually means.

It is 0-day, i think (1)

antivoid (751399) | more than 4 years ago | (#30113758)

I believe that, in a company with OS rollout cycles of 2 years or more like Microsoft, 1 week is considered 0-day, given the frequency with which the average home user updates their OS with patches.

I am not here to troll/bash in general, but I quite like Windows 7. So far IMHO its the best Windows version released to date, and I haven't heard of many bugs and crashes and vulnerabilities, besides this one.

Windows Vista is to Windows 2000 as Windows Me is to Windows 98. Windows 7 <3 :)

Re:How is this zero-day? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#30113890)

A zero day exploit is an exploit that exists before the developers of the application are aware of the bug/flaw being exploited. It does not seem unreasonable to keep refering to it as a zero day exploit even after the details of the bug and exploit have been published, how else would you refer to it, e.g. "the exploit formerly known as zero day";

Re:How is this zero-day? (0)

Anonymous Coward | more than 4 years ago | (#30114176)

+1 insightful or +1 funny? I cannot decide, someone mod him instead.

Why are ports 139 and 445 still open? (5, Interesting)

concernedadmin (1054160) | more than 4 years ago | (#30113416)

I remember once trying to see what it takes to make Windows not have any ports open and it resulted in severely reduced access to just about anything that wasn't local. Why is it that these ports are necessary? Why is NETBIOS necessary?

Re:Why are ports 139 and 445 still open? (4, Informative)

ledow (319597) | more than 4 years ago | (#30113444)

Even weirder - on a machine which isn't on a domain, but which has a software firewall, you can open *every* port to a destination machine (e.g. a fileserver) and it *will* access the SMB shares of that fileserver (\\ipaddress\c$ etc.) but takes forever the first time because the broadcasts have been blocked by the firewall. So it doesn't need the broadcasts, or to be on that domain, or to do anything that isn't direct IP with the target machine - but it still takes forever to realise that and just start listing files.

And once you've done it once, that file sharing will run at full speed for the rest of the day. I'm imagining some sort of name resolution etc. issue (but the PC in question can actually use the same machine for DNS and still have the problem) but if it's not *required* to connect to the machine, why does it try anyway and hold everything up? And the firewall only ever reports NetBIOS traffic while that's happening.

Win 7 Firewall (3, Informative)

carp3_noct3m (1185697) | more than 4 years ago | (#30113578)

I decided that unlike Vista, I would beta Windows 7 and be ahead of the curve by the time it came out. I've been running it for roughly a year now (midnight snacktime is not condusive to memory) . Overall I am actually quite impressed (gasp! shoot me now). One thing I really like is the granular firewall abilities, which has clearly defined and seperate inbound/outbound rules. I currently have both set to a PIX style ACL type deny all except ports I explicitly state. Now this can be a pain to evaluate a new program to figure out which ports it needs open for proper function, but is definitely something that should be done ona group policy level at the domain, just because you have a supertight internet facing firewall, you still need to prevent LAN and VPN security issues as well.

Re:Win 7 Firewall (-1)

Anonymous Coward | more than 4 years ago | (#30113778)

Thank you for this advertisement.

Commercial endorsements are always very welcome on Slashdot.

Ball kicking time (5, Insightful)

Rogerborg (306625) | more than 4 years ago | (#30113422)

Don't they do code reviews at Microsoft? Loops 101: prove that the loop terminates under all conditions, even and especially when passed garbage.

Seriously, that's the difference between a hacker and a software engineer right there. If you don't take the time to fix it early, you'll just have to fix it later.

Re:Ball kicking time (2, Interesting)

ShooterNeo (555040) | more than 4 years ago | (#30113514)

People make mistakes. Perhaps the coders of the loop thought that input protection located in code elsewhere would prevent this from ever being a problem. Maybe the person who was supposed to write the input protection piece forgot to do it because of a miscommunication. (one of the downsides of working on a project where the job is split between thousands of developers)

Given that Windows has more lines of code than just about any other software in existence, it's actually fairly impressive how well it holds up the majority of the time.

Re:Ball kicking time (3, Interesting)

ozmanjusri (601766) | more than 4 years ago | (#30113818)

Given that Windows has more lines of code than just about any other software in existence

Why is that?

Does an OS really need to be so complicated? ReactOS, for example, provides a significant proportion of the functionality of Windows in a fraction of the size.

Surely fewer lines of code mean a smaller attack surface for exploits and vulnerabilities.

Re:Ball kicking time (1, Funny)

nstlgc (945418) | more than 4 years ago | (#30114050)

But nobody actually uses ReactOS!

Re:Ball kicking time (1, Informative)

Anonymous Coward | more than 4 years ago | (#30114146)

Your point being what?

That GP was simply stating that you can get equivalent functionality to current Windows versions using less code then what exists in those current Windows versions. They then extrapolated the usual (but not always) truth that less code equals less vulnerabilities given approximately equivalent quality.

Re:Ball kicking time (1)

ShooterNeo (555040) | more than 4 years ago | (#30114158)

Maybe it needs to be this complex, maybe it doesn't. Fact is, the majority of the desktop apps in the world are still run using a variant of windows, and for the moment it does not look like that fact is going to ever change.

Microsoft cannot remove much code and maintain compatibility with legacy apps.

Well, they COULD, but using emulation....

Re:Ball kicking time (0)

Anonymous Coward | more than 4 years ago | (#30113656)

You find stupid errors in every non-trivial program. I still can't conceive the one Linux had this year.

Pointers 101: Don't check for NULL after you already dereferenced the pointer. That is like putting the condom on after the sex.

And unlike the termination of a loop that kind of error could be found with static analysis.

Re:Ball kicking time (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30114068)

You're using a condom/sex analogy? On slashdot? Are you just trying to confuse the majority of the audience?

Re:Ball kicking time (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#30113744)

Keep raging at that machine Rogerborg. But I'm sure the basement-dwelling college crowd will mod you up, whose only experience with development is that 5-line shell script they put together to compile a Linux kernel. Pathetic.

Re:Ball kicking time (3, Informative)

1s44c (552956) | more than 4 years ago | (#30113796)

Seriously, that's the difference between a hacker and a software engineer right there. If you don't take the time to fix it early, you'll just have to fix it later.

The Microsoft approach is to collect the money and get their customers to agree that everything that goes wrong is their fault. It's at least as good protection for them as writing decent code and many times cheaper.

That will be some code review (2, Interesting)

Kupfernigk (1190345) | more than 4 years ago | (#30113836)

"Under all conditions" for a piece of complex code is often far from easy. I am still smarting from a problem we had recently (not a vulnerability) where the system was sporadically failing to output messages, a problem never seen before. Unit testing was no good. We spent a week reviewing the code: found a bug, fixed it. Now there were fewer sporadic missed messages, but the number was nonzero. We used a simulator to test under every condition we could think of: no errors. Back on customer site, missed messages. It turned out there was a tiny corner case in an algorithm that was being occasionally triggered by two devices on the network that had a firmware error.

I hate Microsoft with the best of them, but give their software engineers credit where it's due: how often have you delivered completely bugfree networking software?

Re:Ball kicking time (1)

DrXym (126579) | more than 4 years ago | (#30114058)

Don't they do code reviews at Microsoft? Loops 101: prove that the loop terminates under all conditions, even and especially when passed garbage.

Every OS in existence has received patches. OS X, Windows, Linux, Unix, BSD (even OpenBSD). Ubuntu Linux 9.10 has been out less than a month and I've already been received 90 odd patches and it still has a critical ext4 file corruption bug.

I expect that even if MS rigorously tested the code (and I expect they did), used code coverage tools to ensure good quality testing, that the bug could still have slipped past. That's the real world. It doesn't excuse MS from promptly making a patch to fix the issue though.

Not much of an exploit.. (3, Funny)

Anonymous Coward | more than 4 years ago | (#30113424)

No remote code execution? Boring. Let's see if some people out there could weaponize it and throw it into a metasploit module. Then it's interesting.

Re:Not much of an exploit.. (0)

Anonymous Coward | more than 4 years ago | (#30113652)

My concern is that if an exploit causes a crash, eventually someone can find a way to make the exploit run on injected code. It is likely only a matter of time before someone does this. Externally, it makes sense to block SMB/CIFS, but this leaves a lot of internal servers vulnerable if they are running Windows Server 2008 R2. So, I hope MS gets a fix out for this ASAP.

People have to keep in mind that there are numerous blackhat organizations going after every single byte of code in Windows 7 with a fine-toothed comb looking for any single bugs that can be used. It only takes one show stopper bug, and this can easily cause billions of dollars in losses, perhaps trillions. So, Microsoft has a very tough game to play.

Of course, this goes for any OS, but blackhats have Windows operating systems under the microscope due to the market share, as it is the biggest bang for the buck.

Re:Not much of an exploit.. (1)

RiotingPacifist (1228016) | more than 4 years ago | (#30114214)

My concern is that if an exploit causes a crash, eventually someone can find a way to make the exploit run on injected code. It is likely only a matter of time before someone does this.

It is my understanding that because any such method would immediately turn a whole load of DOS attacks into arbitrary code execution, that all OSes take great care to prevent that (well apart from Linux where ASLR is broken and wine prevents high address space protection). I mean it is possible that an exploit will be found but such an exploit is going to be tricky to develop (something akin to the null certificate, rather than just a windows exploit of the week attack), so don't let it keep you up at night!

Well researched article, that... (3, Funny)

EMN13 (11493) | more than 4 years ago | (#30113428)

From the article:
  "Instead, the company suggested users block TCP ports 139 and 445 at the firewall. Doing so, however, would disable browsers as well as a host of critical services, including network file-sharing and IT group policies."

Good to know that blocking ports 139 and 445 will block browsers, we wouldn't want people actually doing that, after all!

Re:Well researched article, that... (4, Informative)

EMN13 (11493) | more than 4 years ago | (#30113442)

The author probably confused the browser service - which is for lan filesharing - with a webbrowser. Not that that confusion gives me much faith in the rest of the article; what other "details" are equally mangled?

Secured by Default (5, Interesting)

Toreo asesino (951231) | more than 4 years ago | (#30113430)

Public networks have all inbound ports blocked by default. Changing a network type to anything other than public requires admin rights, so this would have to be an internal DOS attack realistically.

Re:Secured by Default (0)

Anonymous Coward | more than 4 years ago | (#30113452)

Those who use Windows file sharing services need those ports open to the network. It is highly unusual to have the LAN and the internet connection on different network devices, so opening the ports to the LAN also opens them to the internet, unless you block access to these ports at the firewall, which is what the article says.

Also, what if my computer does not have a white button? What are my options? New computer?

Re:Secured by Default (1)

andyjb (1625561) | more than 4 years ago | (#30113480)

yes, but that's still not great is it? esp when it could be safer by design. It doesn't seem as if it would take a more-easy-to-spot DOS attack either - just a lightweight process occasionally spamming these bad URIs to Server 2008 and win7 boxes on the network.

Re:Secured by Default (1)

Malc (1751) | more than 4 years ago | (#30113498)

Yeah, I was wondering which firewall was being referred to: at the network level, or at the machine (i.e. Windows firewall) level? Would doing at the machine level make it hard for others to access shared folders? It seems these days that most of the computer issues (viruses, trojans, etc) have come from other machines on the corporate network, so a network level firewall is only have the story.

Re:Secured by Default (0)

Anonymous Coward | more than 4 years ago | (#30113676)

Really,

    So I should only be worried about folks from China ? Not someone who just plugs into my local lan ?
And up till now I thought I had to restrict access to shares and take away administrative permissions to protect from internal threats ?

Which one is it - China or internal ? Methinks both and that is why this and any other similar (many) issue aren't just "block at the firewall"

Re:Secured by Default (1)

sam0737 (648914) | more than 4 years ago | (#30113814)

Even for Home or Work / Domain profile, the default for "Network discovery" may be on, but "File and printer sharing" is off.

(I could be wrong because it could be my company's group policy turned it off...someone could cross check)

Re:Secured by Default (1)

solevita (967690) | more than 4 years ago | (#30114060)

so this would have to be an internal DOS attack realistically.

Just the thing you need if you don't like your IT staff and they've just rolled out a Windows Server 2008 box...

pushing the white button?? what does that mean? (5, Insightful)

DigitalReverend (901909) | more than 4 years ago | (#30113450)

The summary states "A maliciously crafted URI could hard-crash affected machines beyond any remedy besides pushing the white button."

I checked all the Windows machines here. None of them have a white button on them anywhere. What does this mean? Does the poster just mean powering the machine off and then on again?

Too many times on Slashdot, when people should be informative, they obfuscate the information it in failed attempts at being clever.

Re:pushing the white button?? what does that mean? (1)

EkriirkE (1075937) | more than 4 years ago | (#30113458)

I don't have Windows 7, but maybe its some UI component?

Re:pushing the white button?? what does that mean? (1)

uwnav (1009705) | more than 4 years ago | (#30113492)

yeah I'm sure he/she's referring to the power or reset button. maybe the poster was having a nostalgic day about old white desktop cases

Re:pushing the white button?? what does that mean? (0)

Anonymous Coward | more than 4 years ago | (#30113548)

Old desktops weren't white, they were beige, so it still doesn't make any sense.

Re:pushing the white button?? what does that mean? (2, Funny)

Hamsterdan (815291) | more than 4 years ago | (#30113508)

The only white button here is the buzzer on my front door. But I don't see how ringing the bell will solve that problem.

Re:pushing the white button?? what does that mean? (5, Funny)

Linker3000 (626634) | more than 4 years ago | (#30113692)

#3043-001 USB White Button Kit........34.99 + Shipping

Ideal for computers not shipped by the manufacturer with a White Button pre-installed.

A White Button is essential for all Windows Users. Upon a system failure, Denial of Service attack or crash, pressing the White Button releases a scientifically-formulated, airborne scent of soothing essential oil fragrances, including: Verbena, Sweet Orange, Roman Camomile and Ylang Ylag.

At the same time, one of a number of pre-programmed actions are triggered while you listen to a random selection of 10 relaxing 'mood music' tracks.

Basic actions include:

1) Reboot
2) Call my IT Support department
3) Call the manufacturer's support department and cancel my evening dinner arrangements
4) Reinstall current OS
5) Reinstall current OS after backing up all user data
6) Wipe and install CentOS
7) Wipe and install Ubuntu
8) Order me a Mac
9) Order me a Big Mac, fries and a Coke

Secondary actions can also be triggered from:

A) Call Microsoft HQ every 'x' minutes and shout 'Fuck it' down the line.
B) Post my CV to Linux-only job sites
C) Rub my shoulders (Requires optional add-on #RS01)
D) Dial local suicide help line

A deluxe version of this item is available (#3043-002, 139.99 + Shipping). This model includes an external 10" LCD panel that can display random pages from a number of Web sites (slashdot.org, fark.com, silicon.com, cloudappreciationsociety.org and todaysbigfail.com)

Extras and consumables:

* #3043-S01 Replacement aromatherapy scent cartridge - pack of 12
* #3043-S02 Replacement mustard gas scent cartridge sold singly, no returns
* #3043-M01 Extended play music ROM - an extra 4 hours of music (for Dell Support customers)
* #3043-P01 Enlarged White Button with face of Steve Ballmer on top. Comes complete with real wood mini hammer and elastic band-powered mini crossbox with safe-tip(TM) arrows (pack of 12 buttons)

I have a dream ... (1)

clyde_cadiddlehopper (1052112) | more than 4 years ago | (#30113718)

that one day all (buttons) will be just by the content of their character and not by the color of their skin.

Terrifyingly potent (5, Funny)

Sockatume (732728) | more than 4 years ago | (#30113460)

A maliciously crafted URI could hard-crash affected machines beyond any remedy

Oh no! A PC-killer!

besides pushing the white button

A reboot? Well, it's an unorthodox and extreme solution to a machine crashing, we'll have a hard time convincing Windows users to do that.

Re:Terrifyingly potent (1)

Spad (470073) | more than 4 years ago | (#30113510)

The point is that it requires a hard reboot; the machine becomes unresponsive and doesn't throw a BSOD so you can't restart it with a three finger salute.

Re:Terrifyingly potent (0)

Anonymous Coward | more than 4 years ago | (#30113588)

um..a ctrl-alt-del doesn't reset from a bsod either. at least not for xp/2k/nt.

Re:Terrifyingly potent (1)

Skapare (16644) | more than 4 years ago | (#30113590)

Any bets on whether the reset button will wear out before the 'D' key?

I have to ask (2, Interesting)

NoobixCube (1133473) | more than 4 years ago | (#30113470)

In my ignorance, I have to ask: What's so special about 139 and 445? What do they do normally, and why would blocking them help? No, I didn't RTFA. I'm too tired for this :P

Re:I have to ask (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30113502)

you just copy comments you fucking troll

Re:I have to ask (4, Informative)

Spad (470073) | more than 4 years ago | (#30113520)

139 is NETBIOS, 445 is SMB.

139 is used for discovery and browsing of network shares (Primarily on legacy machines), 445 is the "current" port for accessing network shares.

Answer (4, Informative)

AliasMarlowe (1042386) | more than 4 years ago | (#30113666)

What's so special about 139 and 445? What do they do normally, and why would blocking them help?

Here's a list of assigned port numbers: https://www.arin.net/knowledge/rfc/rfc1700.txt [arin.net]

Re:I have to ask (2, Informative)

Krneki (1192201) | more than 4 years ago | (#30114008)

Port 139, 445, .. aka Netbios port, aka Virus port.

This ports are always closed, if they aren't your system is already infected.

Re:I have to ask (1)

XedLightParticle (1123565) | more than 4 years ago | (#30114014)

getent services | grep 139
getent services | grep 445

buttons (1)

nozzo (851371) | more than 4 years ago | (#30113474)

I'm OK then, my power button is beige.

Re:buttons (5, Funny)

BrightSpark (1578977) | more than 4 years ago | (#30113630)

Does it have Digital or DG written on it too? Happy days. From the time when a cluster was better than a cloud? When computers were "managed" by people who knew how they worked and who knew Netbios was for something only a friend would share (with another friend). If you wanted a file over a network you sent a request to the Operator for a kind lady to haul your disc pack to the big washing machine thingy and mount it for you. Promotion meant getting system privileges like clearing your own printer queue. Goodbye PDP-11. Mourn not for AOS-VS II. Farewell DG/UX. No more CLI. Welcome to the nouveau "geek" who needs to know why it's bad to have port 139 open but kicks ass in Gears 2. To quote Ripley from "Aliens", "Did IQs suddenly drop while I was gone?"

Re:buttons (-1, Offtopic)

webmistressrachel (903577) | more than 4 years ago | (#30113904)

I get mod points far too often for my karma, and waste them on "Get off my lawn" trolls for the giggles. Now I wish I hadn't. I was always mature for my age, and finally along comes a really good get off my lawn and I can't mod you up! You're either informative or insightful, but not both lol (work that out, it's a joke at the mod system, not a dig at you!). Here, have a reply point!

Re:buttons (1)

nozzo (851371) | more than 4 years ago | (#30113950)

Not goodbye PDP-11, merely au revoir since I shall see you again in emulator heaven.

Re:buttons (0)

Anonymous Coward | more than 4 years ago | (#30113830)

I'm OK then, my power button is beige.

that just means you can't recover

block ports? (1)

orange47 (1519059) | more than 4 years ago | (#30113546)

aren't those two ports necessary for 'file and print sharing'/SAMBA? the computers at work are almost useless without that.

Re:block ports? (1)

Skapare (16644) | more than 4 years ago | (#30113556)

So just block them at the firewall going to the internet, instead of in the core office switch.

My computer doesn't have a white button (2, Funny)

Skapare (16644) | more than 4 years ago | (#30113574)

... they're all black ... you insensitive clod.

Re:My computer doesn't have a white button (1)

Fotograf (1515543) | more than 4 years ago | (#30113644)

my pc doesnt have any button or LED. it runs linux and power on or off is triggered only by power failure.

Re:My computer doesn't have a white button (3, Funny)

webmistressrachel (903577) | more than 4 years ago | (#30113932)

Yeah, great. I use a screwdriver to short pins on the array of motherboards hanging off the power supplies at the back of my bench. Just don't nudge the hard drives with the mouse whilst playing games, and watch out for that massive graphics card just wobbling there when you change the monitor lead!!

I call it Computing with Thrills (TM) ;)

UN; billion+ starving (0)

Anonymous Coward | more than 4 years ago | (#30113654)

nothing to do with us, of course?

starving? one would think we could do better, as there are really no shortages of anything...yet, perhaps besides compassion/responsibility.

who is to tell those starving kids that they've made their own mess, & will have to 'get busy' or else they'll starve to death, which sometimes takes many months due to the occasional discovery of something digestible?

as is stated in ALL of the manuals; the innocents will be protected. if not by us,.....?

interesting, (1)

nimbius (983462) | more than 4 years ago | (#30113684)

I didnt know we were now officially referring to the power button as "the white button"

or maybe everyone has a white button and i dont?

Re:interesting, (2, Informative)

webmistressrachel (903577) | more than 4 years ago | (#30113954)

I didn't either. The common term was always Big Red Switch. This white button thing has really brought out the trolls, I can't blame them. It doesn't half wind me up that these people have a job and that having a brain disqualifies people from employment these days, God thinking is such a bad thing in the workplace today!!! They'd rather we lolcat the day away and show them nice performace statistics than actually make money for the firm to protect all our incomes. Pride and ego before logic and common sense - welcome to the Noughties.

Re:interesting, (1)

Smask (665604) | more than 4 years ago | (#30114042)

In the eighties it was known as TRSR (The Red Switch Reset)

"Pay packet?" (3, Funny)

Shag (3737) | more than 4 years ago | (#30113694)

Mine turned out to be maliciously crafted.

Click on something that crashes my computer? (0)

Anonymous Coward | more than 4 years ago | (#30113792)

Wait! EA has been doing the same thing to my computer every time I double click to launch on of their games!

Firewall wont help. (3, Informative)

miffo.swe (547642) | more than 4 years ago | (#30114020)

Since the exploit is possible without any user interaction all it takes to bring down a corporate network is one single machine running the xploit locally. A simple broadcast and every machine running w2kr2 or Vista7 will be dead until someone pulls the plug.

Im also very surprised that Micorosft didnt audit the code properly after the last hole. You would think that the former xploit would ring a couple of bells since it was big enough for a truck to run through. Im beginning to suspect all the talk about SDL, reviews and stuff are nothing but PR.

File-Server (0)

Anonymous Coward | more than 4 years ago | (#30114044)

I just blocked those ports, now my users say that they can't access file-services on the server.

Zero day (2, Interesting)

Jeremy Visser (1205626) | more than 4 years ago | (#30114064)

Well, this may be the first "zero day" exploit, but this one [seclists.org] ("Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.") was around for much longer, and it's truly amazing that it still works on a majority of machines I try it out [dereenigne.com] on.

Erm... no. Not quite. (4, Insightful)

jimicus (737525) | more than 4 years ago | (#30114102)

"As important as this the mentioned article is, it should also be pointed out that any IT staff worth their pay packet should already have port 139 blocked at the firewall, and probably port 445. too."

I respectfully disagree.

Any IT staff worth their pay packet should have EVERYTHING blocked at the firewall, then open holes for things that you can be certain you need. Ideally, those holes don't go direct to systems on the company LAN but instead to a DMZ.

It's not as bad as it sounds (0)

Anonymous Coward | more than 4 years ago | (#30114126)

Calm down, everybody.

This bug cannot be exploited from the outside without user interaction.

It can only be exploited from the outside *if* the user clicks a malicious link (like \\12.34.56.78\crash) for example in a browser.

Arghh! (1)

Dreadrik (1651967) | more than 4 years ago | (#30114166)

I'm on a macbook! All my buttons are white!

Yes, any admin... (1)

erroneus (253617) | more than 4 years ago | (#30114208)

...but what about home users?

This reminds me of the days of "winnuke" and blue screening IRC users back in the dialup days. Port 139 is probably already blocked at the firewall on even most of the most trivial configurations. But attack vectors aren't always direct. At times attacks are relayed through a malware infected machine giving a remote attacker local, "behind the router/firewall" access to all the other machines on the network.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>