Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Windows Worm Inching Around Internet

CmdrTaco posted more than 11 years ago | from the dance-the-samba dept.

Microsoft 706

helixcode123 writes "The Register is reporting a Windows Worm that takes advantage of weak default passwords. This looks pretty nasty, as it mucks with the registry and disables network sharing." Basically if it finds SMB shares with weak passwords, it drops an executable in the startup folder... for once a security problem that isn't really Microsoft's fault.

cancel ×

706 comments

What were those commons passwords in Hackers? (5, Funny)

Eese (647951) | more than 11 years ago | (#5481463)

I bet they just made a program that tried, "Love, sex, and god".

Re:What were those commons passwords in Hackers? (2, Funny)

MadocGwyn (620886) | more than 11 years ago | (#5481511)

There was another one, but I can't tell you waht it is, its a secret.

Re:What were those commons passwords in Hackers? (1)

Jacer (574383) | more than 11 years ago | (#5481547)

Hey, you forgot about secret, that was on the list too!!! 1 L1\/3 []V[]y l1f3 ây th4t []v[]0\/i3

Re:What were those commons passwords in Hackers? (5, Informative)

mumkin (28230) | more than 11 years ago | (#5481579)

According to F-secure [f-secure.com] , these are the passwords it tries :

[empty], xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, admin, Admin, password, Password, 1, 12, 123, 1234, 12345, 123456, 1234567, 12345678, 123456789, 654321, 54321, 111, 000000, 00000000, 11111111, 88888888, pass, passwd, database, abcd, abc123, oracle, sybase, 123qwe, server, computer, Internet, super, 123asd, ihavenopass, godblessyou, enable, xp, 2002, 2003, 2600, 0, 110, 111111, 121212, 123123, 1234qwer, 123abc, 007, alpha, patrick, pat, administrator, root, sex, god, foobar, a, aaa, abc, test, test123, temp, temp123, win, pc, asdf, secret, qwer, yxcv, zxcv, home, xxx, owner, login, Login, pwd, pass, love, mypc, mypc123, admin123, pw123, mypass, mypass123, pw

the pat / patrick is rather weird, eh? only name in the list.

He was right! (1)

EverStoned (620906) | more than 11 years ago | (#5481612)

Love Sex And God are actually in there!

root, sex, god,
pass, love, mypc, ..I hate that movie.

Re:What were those commons passwords in Hackers? (0)

mumkin (28230) | more than 11 years ago | (#5481614)

doh! @^%$#^ submit button.

anyway, as you can see, the list does include love, sex, god, and secret.

Re:What were those commons passwords in Hackers? (5, Funny)

ackthpt (218170) | more than 11 years ago | (#5481632)

Thank goodness it didn't include 'cowboyneal4ever', since I use that for everything and it has never let me down for security purposes.

Re:What were those commons passwords in Hackers? (1)

Malcolm Scott (567157) | more than 11 years ago | (#5481633)

And how many people really have 42 x's as their password?

not in there? (3, Informative)

ackthpt (218170) | more than 11 years ago | (#5481668)

And how many people really have 42 x's as their password?

What's the maximum or mininum limit for password? I generally go with 6-8 with a combination of letters and numbers, often defering to foreign languages, rather than english.

I was surprised that it didn't include:

Months (i.e. january, february, ...) since I catch people using those a lot

system (i.e. another favorite)

xyzzy

plugh

Tho I do not 'foobar' is in there, but I generally use that on internet sites where I could care less if someone assumes my identity.

pat/patrick (5, Insightful)

Anonymous Coward | more than 11 years ago | (#5481638)

St. PAtricks day is this month.

For employees that are forced to change the password monthly picking a holiday from the month is easy to remember...

Re:What were those commons passwords in Hackers? (2, Funny)

bmorris (562872) | more than 11 years ago | (#5481647)

crap, now I have to change the password on my suitcase.

Re:What were those commons passwords in Hackers? (4, Funny)

carpe_noctem (457178) | more than 11 years ago | (#5481660)

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Shit, I should go change my root password now.

Re:What were those commons passwords in Hackers? (-1, Redundant)

Fishstick (150821) | more than 11 years ago | (#5481670)

>1, 12, 123, 1234, 12345,

ok, what's the password?

one...

one!

two...

two!

three...

three!

four.

four!? That's the password!? 1234!? That's the stupidest password I've ever heard!

Hey, that's the same password as my server!


...or something like that (apologies to Mel)

Re:What were those commons passwords in Hackers? (2, Interesting)

tjhanley (338322) | more than 11 years ago | (#5481606)

how about JamesTKirk, JLPicard, JanewaySmokesPole, ShuttlePod1 (for the alpha numeric pwd)

FIRST post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481466)

inching around my pants!

FP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481467)

I FaiL IT.

Microsoft's fault? (1, Insightful)

thriver (186661) | more than 11 years ago | (#5481469)

Please tell me why isn't it Microsoft's fault? Shouldn't the service be turned off by default and when it is turned on, FORCE the user to set a proper password?

Re:Microsoft's fault? (5, Insightful)

Anonvmous Coward (589068) | more than 11 years ago | (#5481518)

"Please tell me why isn't it Microsoft's fault? "

Please tell me how it's MS's fault that people pick easy to guess passwords?

Re:Microsoft's fault? (5, Funny)

Anonymous Coward | more than 11 years ago | (#5481637)


Because this is slashdot. The fact that your aunt has breast cancer is Microsoft's fault.

Re:Microsoft's fault? (0)

Anonymous Coward | more than 11 years ago | (#5481522)

Yes, because it definitely makes sense to not have an option to have a passwordless share - especially in an office environment. [/sarcasm]

Re:Microsoft's fault? (1)

MattCohn.com (555899) | more than 11 years ago | (#5481526)

Does it in Linux? First off shares arn't shared UNTILL YOU SHARE THEM. Secondly, in all Windows versions before NT/2K when you made a share with no password it warned you and yelled at you but it would let you do it. I wan't to be able to do what I want, even if it meens a share w/o a pass. And in the later versions of Windows when network shares are linked w/ username/login combo's, the default is to only allow the creator access. All other users must be spacifically set. It's not Microsoft's fault this time, sorry.

Re:Microsoft's fault? (4, Interesting)

AvitarX (172628) | more than 11 years ago | (#5481652)

what about c$? or admin$?

not all shares are manually set.

if the admnistrator password is weak then the system can be comprimised this way with no shares being set (unless things have changed since NT4.0 that I don't know about.

Re:Microsoft's fault? (3, Interesting)

fshalor (133678) | more than 11 years ago | (#5481656)

Um, actually there are a lot of "default" shares laying around ripe for the picking. In win98, I believe it's only the system root and all the drives. I think the same are enabled in win2k. You can disable them, but they come back upon reboot. In win2k, by default, you the service which must run isn't enabled, but under win98, it's trivial to hack around and get any of the default shares. These are ones which you don't see, by the way.

Re:Microsoft's fault? (3, Informative)

lavalyn (649886) | more than 11 years ago | (#5481665)

Go look at your computer's C$ share. This is the default share on a fresh 2K install.

Even if it requires local admin accounts to access this share, just that it is available, and HIDDEN, is a grave security fault!

Re:Microsoft's fault? (0)

Anonymous Coward | more than 11 years ago | (#5481532)

For all of slashdot that bitches about choice, I can't believe this was said. I don't want anyone forcing me to do anything. If I want a share with a weak password on my network, for my family to gain easy access, then I want to do it. I'll make sure that the systems get used properly so worms like this one don't cause any trouble.

Re:Microsoft's fault? (0)

Anonymous Coward | more than 11 years ago | (#5481553)

Name 1 version of RedHat Linux that didn't have a remote root hole. This includes 8.0. Every version of RedHat has had a remote root hole in the default install. If you can find one version that did not please let the world know.

Re:Microsoft's fault? (4, Insightful)

zCyl (14362) | more than 11 years ago | (#5481582)

If I want to set a stupid password, who is the programmer to tell me I shouldn't do that? There are times when you want a lousy password, like when you want to share something with a large group of people, it isn't very important, but you don't want a random passerby to stumble upon it.

There are some environments and situations where maliciousness simply isn't a concern, and security is used for other purposes.

Re:Microsoft's fault? (1)

jcr (53032) | more than 11 years ago | (#5481671)

I concur. Mac OS X, for example, doesn't have any default passwords. When you first turn on the machine after installing the OS, you have to create an account and choose a pasword.

This is just lame, but I'm not at all surprised.

-jcr

Cut the commentary, CmdrTaco, you shithead. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481470)

Jesus fucking christ, why must you be so pointlessly opinionated?

Also, this guy [slashdot.org] has made a complete ass out of you. Good thing you're married, you'd be hard pressed getting a date with that attitude!

Re:Cut the commentary, CmdrTaco, you shithead. (0, Troll)

circletimessquare (444983) | more than 11 years ago | (#5481537)

yeah, but since he started slashdot, he gets to do what he wants, doesn't he?

don't like cmdrtaco? fine, no problem

then go start your own goddamn metablog, ungrateful asswipe, and stop whining about him here

what does "biting the hand that feeds you" mean to you?

Hello, CmdrTaco's alternate account! (0)

Anonymous Coward | more than 11 years ago | (#5481572)

Maybe not. Your spelling and grammar are too good to be Taco's.

Either way, please eat a dick you fawning sycophant.

Re:Hello, CmdrTaco's alternate account! (-1, Offtopic)

circletimessquare (444983) | more than 11 years ago | (#5481642)

fawning sycophant!

kewl, thanks

the eat a dick part is typical of the trolls, but when an extra 5 watts of brain power pushes those big SAT words onto your post, i gotta claim a small amount of pleasure at what is wasted for my benefit ;-)

Re:Cut the commentary, CmdrTaco, you shithead. (0, Offtopic)

Lukano (50323) | more than 11 years ago | (#5481607)

Here Here!!! I agree completely...

Just as bad as those fuktards that walk into a computer store, start asking about their wireless telephone and wonder why the fuck the COMPUTER salesperson can't fix it!

You don't like the moderators, don't like the posts, or don't like the way the place is run... then get lost and find your own hole to sit in.

Re:Cut the commentary, CmdrTaco, you shithead. (0)

Anonymous Coward | more than 11 years ago | (#5481639)

I wish he really gave out Taco's. Sometimes when I'm hungry and reading Slashdot, and I see his name I get the craving for Taco's. Was that his intent with the name? The make you crave Taco's?

Re:Cut the commentary, CmdrTaco, you shithead. (0)

Anonymous Coward | more than 11 years ago | (#5481672)


what does "biting the hand that feeds you" mean to you?

The Register?

Not again... (5, Funny)

Paranoid Cheese Sand (655174) | more than 11 years ago | (#5481476)

If we had a report on EVERY worm that showed up, we'd be flooded. Redundant; FP.

Re:Not again... (1)

lavalyn (649886) | more than 11 years ago | (#5481653)

Even worms that don't affect Linux / Slashcode at all can DoS /.!

FP! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481477)

wow, LogicX with the first post for once!

FP!!!! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481482)

frist p0st bitch.

Thank you (3, Insightful)

MattCohn.com (555899) | more than 11 years ago | (#5481486)

Thank you Taco for your accurate and profesional attitude. I just hope this thread isn't littered with "Yah it is!!!" posts. I've actually been yelled at by my Network Admin when a computer I used had a share on the whole drive w/ no pass. Well it wasn't me that set it, and while browsing the network I realised the network share folder was accessable with the default password for our school... student/student. Including confedential internal memo's and reports...

Re:Thank you (1, Interesting)

geekoid (135745) | more than 11 years ago | (#5481546)

The fact that you where yelled at by something you didn't do has nothing at all with the fact that MS should force you to select a password for SMB.
Now if people select password of password, thats a different issue.
This goes for any operating systems.

Re:Thank you (1)

MattCohn.com (555899) | more than 11 years ago | (#5481608)

The OS warns you, and throws a fuss (this is pre-NT/2K versions) but it will let you set it. There are places (offices and closed intranets, as well as home networks) where I'm sure many people would WANT a no pass share. And yes this decreases security, and it warns you of this, but there are casses you WANT it set like that. And I'm glad it lets me set it like that. As for 2K/NT/XP the default is for the creator to have access, and you must add every user you want.

Re:Thank you (0)

Anonymous Coward | more than 11 years ago | (#5481593)

Sounds like a combination of:

Your account is an Administrator.

Your Administrator account has no password.

The default administrative share C$ can be accessed with no password.

Yes that is your fault.

Re:Thank you (1)

MattCohn.com (555899) | more than 11 years ago | (#5481620)

It was more a combination of:

Wasn't my computer.

Used by many people.

I didn't set the share.

Win 98, so there isn't such thing as Admin accounts.

No that isn't my fault.

Blah blah (0)

Anonymous Coward | more than 11 years ago | (#5481487)

Slashdot... unbiased reporting!

This is a problem? (4, Interesting)

Quasar1999 (520073) | more than 11 years ago | (#5481488)

I think its great... think about it... you have a crappy password, this worm hits you and it disables file sharing? What could be better? No damage, it forces the admin/user to notice the problem, and possibly set up a proper password, or better still a firewall... This causes minimal damage, minimal downtime, and it helps prevent others from exploiting the same weakness this worm exploits..

Anyone want to tell me why this is a problem? It forces the person to act, unlike a security posting about good passwords in an employee handbook.

Re:This is a problem? (3, Informative)

tedrlord (95173) | more than 11 years ago | (#5481581)

The worm installs a backdoor into the system. Apparently the disabled file sharing is just a side effect.

Doh! (1)

Lukano (50323) | more than 11 years ago | (#5481490)

Stupid me, hit enter.

First off... "of weak of default..."? Holy grammatical nightmare.

But poor samba and share passwords have been an issue for a LONG time. It's not suprising at all that there's a worm that finally exploits this. Heck, any windows user who enables filesharing (and netbios) and doesn't password protect it is RIPE to be nailed. At the very least people can see the full listing of shared files (and if a whole drive, then EVERYTHING) and secondly netbios can be easily exploited to WRITE to these drives. Even under XP Pro and 2k.... So this should be the warning flag to have MS wake up and fix this @#^ problem now, even when it should have been done 8 years ago!

Re:Doh! (2, Informative)

jhunsake (81920) | more than 11 years ago | (#5481625)

Hey, dumbass, Samba is an open-source project, it is not part of Windows!

Affect? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481500)

How will the affect CmdrTaco?

It's still Microsoft's Fault. (0)

Anonymous Coward | more than 11 years ago | (#5481502)

You forgot .. this is ./
Weak Passwords must be M$ fault too!!

Dear Apple (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481503)

Dear Apple,

I am a homosexual. I bought an Apple computer because of its well earned reputation for being "the" gay computer. Since I have become an Apple owner, I have been exposed to a whole new world of gay friends. It is really a pleasure to meet and compute with other homos such as myself. I plan on using my new Apple computer as a way to entice and recruit young schoolboys into the homosexual lifestyle; it would be so helpful if you could produce more software which would appeal to young boys. Thanks in advance.

with much gayness,

Father Randy "Pudge" O'Day, S.J.

FP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481504)

First POST!~?

1234567890

20 seconds is a long time...

what's SMB?

How isn't it microsoft's fault? (0)

Anonymous Coward | more than 11 years ago | (#5481507)

I don't think they're fully responsible, no, but why do they allow folders to be shared with a default password?

Granted - users and administrators shouldn't be that fscking stupid.

However, Microsoft should make an effort to not allow default passwords.

Celeb Commentary, not just on DVDs! (3, Insightful)

Jacer (574383) | more than 11 years ago | (#5481508)

for once a security problem that isn't really Microsoft's fault Was that really nessecary? I mean come on, news isn't supposed to be slanted, it's supposed to be factual. Who cares how witty Taco thinks he is?

Re:Celeb Commentary, not just on DVDs! (1)

tedrlord (95173) | more than 11 years ago | (#5481540)

Are you just now realizing that this site isn't unbiased? In fact, most news sources are slanted. At least slashdot is pretty upfront about it.

Re:Celeb Commentary, not just on DVDs! (4, Funny)

banky (9941) | more than 11 years ago | (#5481544)

> I mean come on, news isn't supposed to be slanted, it's supposed to be factual. Who cares how witty Taco thinks he is?

You must be new here.

Re:Celeb Commentary, not just on DVDs! (1)

dotgain (630123) | more than 11 years ago | (#5481600)

For that matter, who cares what you think?

Okay, it says "News for Nerds..." but it isn't a news site. There's a link to a hopefully impartial article for you to read, but if you come to /. you'll get nothing but peoples opinions.

amazing (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481509)

I click on the link, and actually get a page. No Slashdot effect yet haha

FP!
Maybe?

"I had this FP, and it was, like, a really good FP, then the computer went "beep beep beep", and, like, I lost my FP. Those darn editors. Bummer."

A cold day in... (5, Funny)

asparagus (29121) | more than 11 years ago | (#5481514)

...for once a security problem that isn't really Microsoft's fault...

Taco: Hell just called. They want you turn back on the heat.

The Most Open Security Hole.... (5, Interesting)

scottm52 (544690) | more than 11 years ago | (#5481515)

Is the one left open by an Admin who has no business being an Admin....

But (more seriously), doesn't is just scare the hooey out of you that brute force password cracking is now running around as an autonamous virus on the Net???

Yeesh, I get the willies thinking of every user that I've told "you can't use password as the password".

Re:The Most Open Security Hole.... (1)

dotgain (630123) | more than 11 years ago | (#5481615)

Hmm, having a /usr/share/dict/words file might be an insecurity in itself in this case. No doubt it'd be just as easy for a windows worm to access Office's dictionary for brute force entry, thus keeping the worm itself nice and lean.

Simple solution... (4, Insightful)

mrjive (169376) | more than 11 years ago | (#5481521)

Unbind network sharing from your external tcp/ip settings.

This should be done by default (but of course, it isn't), and I'm sure 90% of home users don't even realize their network shares are available on the internet. A lot of them probably don't even realize that they have network shares enabled in the first place.

And let's not forget the default hidden shares under win2k....if your admin password is blank, then blamo - full access to your machine.

Re:Simple solution... (2, Informative)

MondoMor (262881) | more than 11 years ago | (#5481549)

And let's not forget the default hidden shares under win2k....if your admin password is blank, then blamo - full access to your machine.


Unless you disable the "server" service (this is NOT ISS). Then those shares are disabled. Home users and many business users don't need the Server service running.

Google for Win2k Services Tweak guide and follow the many happy descriptions.

Re:Simple solution... (1)

lavalyn (649886) | more than 11 years ago | (#5481630)

Better yet, go through the entire hardening process of disabling Alerter, Messenger, Server, Print Spooler (unless necessary), Indexing Service, Uninterruptible Power Supply, Telnet, Universal Plug and Play, Fax Service, Network DDE, QoS RSVP, Remote Registry Service, and whatever else you don't need.

(Those listed above tend not to be useful for 90% of users out there)

Then change the password policies, login audit policies, and a whole mesh of other things :)

[blackviper.com]
Windows 2000 Professional and Server Services Configuration 411

Re:Simple solution... (1)

geekoid (135745) | more than 11 years ago | (#5481574)

hell, a lot of them don't relize there sharing there drive with me.... ;)

Huh? (0)

Anonymous Coward | more than 11 years ago | (#5481523)

Okay, so it drops inst.exe into the folder... and then just waits for some mouth-breather to come along double-clicking all the .exe's he can find?

Well, I suppose if you're stupid enough to leave a default password on a shared folder, perhaps you'll fall for it, but I don't see this being a cause for widespread alarm.

huh? (2, Insightful)

Dynedain (141758) | more than 11 years ago | (#5481525)

I don't remeber there being default passwords on Windows file sharing (have setup multiple filesharing networks, both w/ Win domains/active directory and w/out)....weak passwords I'd expect, but default?

Not Microsofts Fault? (3, Insightful)

tarogue (84626) | more than 11 years ago | (#5481534)

If the worm is using default passwords to get in, then I would say that it *is* the fault of Microsoft. There should be no default password. When antype of networking is setup, you should be prompted to create a password. If no password is provided, no service is provided.

I wonder if that is why my router is not happy (1)

AssFace (118098) | more than 11 years ago | (#5481536)

I just installed a new Netgear router that has a security logging feature. It is filling up in a big way with SMB requests and UDP cals.

It is currently set to ignore anything on any port that is trying to come in - and it also apparently looks for things like DOS attacks and it is listing a lot of stuff.

I just set it up yesterday, so I don't know how much of this I would have seen prior since I never logged the attempted contections before.

Re:I wonder if that is why my router is not happy (4, Funny)

myowntrueself (607117) | more than 11 years ago | (#5481635)

Let me guess, UDP port 137 is producing lots and lots of logged events?

Thats normal. There are two solutions;

1. Design, build and spread a virus or trojan which will irrevocably destroy all Windows boxes which are connected to the internet without a firewall.

Or

2. Stop logging UDP port 137.

Re:I wonder if that is why my router is not happy (1)

ColaMan (37550) | more than 11 years ago | (#5481658)

I've had smb port logging on in my firewall for the last two years, connected to a modem with a static IP.

Not a day goes past without at least a dozen attempted netbios connections from various different IP's. I also get about the same amount of people trying to telnet / ftp / ssh in as well.

Glancing through the emails from logwatch over the years, it definately seems to be increasing.

Risks of default passwords (5, Insightful)

ma++i+ude (580592) | more than 11 years ago | (#5481543)

Default passwords [phenoelit.de] are of course a problem, especially when many of these systems are operated by people who probably don't even know they are running an SMB server.

Also, even those who know better often seem to leave passwords to default if the system shouldn't be accessible from the outside. A typical example of such a system is an ADSL router / firewall. I know several of these whose password is left as standard. Granted, attacking them will be more difficult (and probably cannot be automated like in this case) but once one of the hosts inside is rooted, it's easy to connect to the router from within the LAN and gain access to the rest of the services.

Might be MS's fault. (1, Informative)

gmplague (412185) | more than 11 years ago | (#5481548)

Actually, this might just be MS's fault. Windows 95/98 prior to 98SE and NT4 prior to service pack 4 (i think) all shipped with samba enabled by default, without a password. That means probably at least some of the hosts affected by this worm were affected because of MS's bungling.

Re:Might be MS's fault. (1)

lavalyn (649886) | more than 11 years ago | (#5481578)

I doubt the non-existent and certainly not distributed open-source SAMBA suite had many security holes in Windows 95.

Re:Clue by four (1, Insightful)

Anonymous Coward | more than 11 years ago | (#5481617)

I wasn't aware that any versions of Windows shipped with Samba.

What the hell are you talking about?

Right.... (1)

Dragon213 (604374) | more than 11 years ago | (#5481552)

Right....this one definatly can't be laid at the feet of MS...this is definatly a user problem :p

The weakest link (3, Insightful)

lavalyn (649886) | more than 11 years ago | (#5481555)

There is a reason why intelligent password crackers (dictionary attack) will first try passwords such as "password", "secret", "administrator", "root" or its variants before going through the main database.

It isn't only at the PHB's desk that PEBKAC can occur.

Unfortunately, in an employment environment where complicated passwords are just another encumberance and annoyance for most people, this is not going to change any time soon. /.ers are young (mostly). Most users never needed to know passwords longer than a 4 digit PIN until the last decade.

ummm.... (3, Interesting)

oliverthered (187439) | more than 11 years ago | (#5481556)

New UNIX password: oliver
BAD PASSWORD: it is based on your username

New UNIX password: jp821968i
BAD PASSWORD: it looks like a National Insurance number.

New UNIX password: rg78kn
BAD PASSWORD: is too simple

Yeh, nothing to do with the password system.

Ok, so that's how my linux box is setup (without post install configuration), why isn't windows setup this way?

Re:ummm.... (0)

Anonymous Coward | more than 11 years ago | (#5481594)

I forgot, I have a crap password at work(lots of people do). They make me change it so frequently that if I had a complex password, It'd be post-it noted to my monitor.

Re:ummm.... (2, Interesting)

seanadams.com (463190) | more than 11 years ago | (#5481659)

Yeah, but it'll take passwords like 123!@#qwe!@#
Hint: look at your keyboard.

ACK!!! (5, Funny)

revery (456516) | more than 11 years ago | (#5481559)

for once a security problem that isn't really Microsoft's fault.

What!! On Slashdot!! a story that absolves Microsoft of guilt when blind-eyed finger pointing would have been so easy...

Who are you and what have you done with the slashdot editors?!?

--

Dilbert - "If aliens take over your boss's body, is that a bad thing?"
Wally - "It depends on the aliens"

VB App to help? (4, Insightful)

Anonvmous Coward (589068) | more than 11 years ago | (#5481560)

I think I'm going to write myself a little VB app that deletes everything (except itself) in the startup folder once in a while. I'd like to make my own list of things that are permitted in there so I'm not 'surprised' by bs like that.

Note to Microsoft: How about providing the user with a "Are you sure you want this here?" dialog every time something's copied in there?

How does it "find" the password? (0)

weetabix (320476) | more than 11 years ago | (#5481562)

Little bit of brute force coding? Or a very tiny dictionary? Would be interesting to see how it's done, really.

Doesnt say if it affects SAMBA, and i couldnt really find anything out. anyone else found or heard anything?

Dictionary attack + 1 (5, Insightful)

ObviousGuy (578567) | more than 11 years ago | (#5481567)

I'd hate to see a worm built with a password guessing algorithm that just used a dictionary attack with a capitalized first letter and '1' appended at the end.

When the admin requires a password that must be at least 6 characters long, mixed case, and contain both numbers and letters, this is the most standard type of password that is generated by users. Easy to remember.

This isn't a problem with Windows, per se. It's a problem with braindead network administration that requires either nothing in the way of password requirements or such outrageously difficult "strong" passwords that users have to write them on Post-Its stuck on the monitor.

Perhaps the best solution would be biometrics?

Re:Dictionary attack + 1 (3, Funny)

myowntrueself (607117) | more than 11 years ago | (#5481664)

"Perhaps the best solution would be biometrics?"

Maybe. If implemented by a security guard with a pair of calipers that he measures your skull with every time you want to log on, then he logs on for you and if your skull doesn't match the numbers on his clipboard he shoots you.

White-hat worm? (1)

EverStoned (620906) | more than 11 years ago | (#5481584)

"..as it mucks with the registry and disables network sharing." Okay, a worm entering you system and messing with the registry is very bad. But isn't network (file and print) sharing the number 1 windows security risk? It would be preventing potentially more malicious attacks, or at least alering the user to the problem.

Re:White-hat worm? (3, Informative)

tedrlord (95173) | more than 11 years ago | (#5481609)

Read the article. In addition to turning off file sharing, it installs a backdoor into the system.

Re:White-hat worm? (1)

EverStoned (620906) | more than 11 years ago | (#5481649)

Yeah, I saw that, the IRC backdoor. Icky. But when the user noticies that he can't share files anymore, he's gonna notice somethings up and hopefull install a firewall...

Re:White-hat worm? (1)

tedrlord (95173) | more than 11 years ago | (#5481676)

Yeah, I'd hope so. Your average user probably wouldn't make the connection between broken file sharing and virus, though.

Phew! I'm safe! (3, Funny)

callipygian-showsyst (631222) | more than 11 years ago | (#5481587)

I didn't see my password:

xyzzy

on the list of passwords it tries. Guess I don't have to worry about this one.

once? (1)

LBArrettAnderson (655246) | more than 11 years ago | (#5481588)

for once a security problem that isn't really Microsoft's fault

this is the first time it's not Microsoft's fault? This is just another one where the user has a choice. He/She can choose a bad password, or they can be smarter than that. He/She can choose to use Windows, or they can be smarter than that.

It's about time... (2, Interesting)

evronm (530821) | more than 11 years ago | (#5481589)

It's about time someone wrote a worm like this.

If it does enough damage, maybe people will learn, through aversive conditioning, not to use stupid passwords.

I once worked as an SA at a bank. I could guess 90% of peoples passwords in 3 tries. I'd say about 30% were the default "welcome". And the users would bitch (and occasionally get someone fired) if we told them to change them.

If it is clearly communicated that this thing is spread because of weak passwords, maybe people will wake up and start using real passwords.

Or is it just wishful thinking?

Ack! It's the Rapture! (3, Funny)

Guppy06 (410832) | more than 11 years ago | (#5481590)

This is the seventh posting on the front page in a row by Taco. And none of them are dupes!

Dammit, I knew I should have built that bomb shelter...

Symantec's hint (4, Interesting)

very (241808) | more than 11 years ago | (#5481592)

On Sunday, March 09th 2003, Symantec posted AntiVirus updates on their site as well as the LiveUpdate.

LiveUpdate:
Virus Definitions released March 9
Norton AntiVirus Corp. Edition Defs Version: 50309h
Norton AntiVirus Corp. Edition Sequence Number: 21592
Total Viruses Detected: 63225


This is peculiar since Symantec does not post any regular updates to their AntiVirus software on the weekends.

They know something, definitely.

Re:Symantec's hint (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5481669)


I bet they don't know that I gotta take a shit. A big stinky one, too. Nothing like a soft fecal log sliding out of my anus with a satisfying plop. Into your mom's mouth.

Admit it... (1)

SubliminalLove (646840) | more than 11 years ago | (#5481604)

How many of you read that article and went and changed your share password from eight asterisks in a row? How many of you thought that was so clever?

~SL

My meaningful posts keep getting modded down... all incentive to contribute fading.... fading....

Worm Itchin' (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5481616)


I've got a worm itching in my pants.

Good (0, Troll)

secondsun (195377) | more than 11 years ago | (#5481622)

My login password is a 30 digit alpha numeric with special characters in it. I don't even know what my farking admin password (except it is of equal insanity and yes I am su). It is annoying to type it in but goth damn I feel like a secure guy, then I read somthing like this and feel even better.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...