Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

HomeSec Warns Again About Microsoft's Insecurity

michael posted more than 11 years ago | from the repatch-and-sin-no-more dept.

Microsoft 497

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

cancel ×

497 comments

Sorry! There are no comments related to the filter you selected.

How big a threat is this? (4, Interesting)

mjmalone (677326) | more than 11 years ago | (#6587028)

The security people at my office were talking about this vulnerability yesterday in our monthly meeting, they were saying it is likely going to be worse than slammer/code red/etc (which the article seems to back up)... Do you guys think this is that serious of a threat? A lot of what they were saying sounded like worst case scenario kind of stuff, hopefully it will not be that large of an issue. One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.

Re:How big a threat is this? (-1, Flamebait)

digitalunity (19107) | more than 11 years ago | (#6587072)

Yawn. Looked like any other Microsoft security advisory. DCOM isn't new. Neither is this security threat.

When will people learn?

Switch campaign kick-off (5, Insightful)

SgtChaireBourne (457691) | more than 11 years ago | (#6587124)

One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.
A second interesting thing is why just this particular bug is getting the publicity. There's been no shortage of remote exploits for that product line, old or new, this year. Is it part of the new marketing campaign that's just kicking in?

Along those lines, since most of the design flaws are downplayed for weeks/months/years after exploits are found. Apple, RedHat and SuSe have a good lead time to prepare switch campaigns.

I'm sure a dollar value can be put on the peace of mind and increase productivity that goes with moving to a better workstation platform.

Re:How big a threat is this? (4, Funny)

rde (17364) | more than 11 years ago | (#6587132)

windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.#

So upgrade to Windows XP, or the 73rr0r1575 \/\/1ll win.

Re:How big a threat is this? (0, Funny)

mjmalone (677326) | more than 11 years ago | (#6587165)

ah, I can see it now.

You are either with US, or you are with the TERRORISTS. We want YOU to upgrade to Windows XP!

Re:How big a threat is this? (-1)

Anonymous Coward | more than 11 years ago | (#6587197)

in soviet russia, windows xp upgrades YOU!

Re:How big a threat is this? (5, Interesting)

tlovie (603161) | more than 11 years ago | (#6587156)

I'm not sure if Windows98/se is vulnerable since microsoft's knowledge base specifically states that Windows ME is not vulnerable. The vulnerability is based on a buffer overflow of the RPC service. Does windows 95/98 even offer the RPC service?

Re:How big a threat is this? (2, Informative)

Anonymous Coward | more than 11 years ago | (#6587182)

they just suck. Windows 98/98SE doesn't enter non support phase until Jan 16 next year.

Re:How big a threat is this? (0)

Anonymous Coward | more than 11 years ago | (#6587184)

"A lot of what they were saying sounded like worst case scenario kind of stuff..."

A competent hacker should always be able to find the "worst case scenario"!!!

Well engineered worms (5, Insightful)

Catskul (323619) | more than 11 years ago | (#6587185)

I think it is going to be worse if someone actually has an objective (ie terrorists) because all of the worms I have heard of have been fairly poorly engineered.

A well engineered worm would:

Work on many different system.

Use more than one security flaw. (spread by email, + kazaa, + IE hole, + sendmail hole)

Patch that flaw once compromised, and open a separate hole

Have at least different attack modes (slow and quiet and local sub nets, fast and hard and whole internet)

Build up to critical mass before initiating fast attack mode.

Attempt to hide itself from scans. (maybe randomly stop functioning for a while to offer false sense of security)

Adjust its fingerprint so that it isn't simple to find computers which have the worm (use different ports, different protocols, send some different data when filling buffers etc)

Offer a payload that makes patching difficult, goes after security websites that often offer patches, targets financial institutions, etc.

Patch other programs on the system, back to previous insecure versions.

And that's just off the top of my head. If someone really is sitting down and thinking about this, Im sure they could come up with much more dangerous specifications.

I think someone should be writing a competing worm that patches all vulnerable systems, just in case this breaks out in to a chrisis.

Re:How big a threat is this? (4, Informative)

diersing (679767) | more than 11 years ago | (#6587220)

It could be bad if the Windows admins out there aren't paying attention. But, most sysadmins in MS shops realize the frequency of these kind of patches and are good about applying them timely. This was released over 10 days ago (I got notified on the 19th), and have already applied it to the 350+ MS servers on our network. If the lazy admin has configured auto-update they are protected as well.

The primary vehicle for spreading this type of exploit, are all the MS clients of broadband users, many untechy PC owners will be to blame if this things hits hard. And yes, I think it could be worst then slammer/code red because its RPC. Pretty much all the MS client out there are going to have it running (versus an IIS exploit).

Re:How big a threat is this? (2, Insightful)

dreamchaser (49529) | more than 11 years ago | (#6587292)

The primary vehicle for spreading this type of exploit, are all the MS clients of broadband users, many untechy PC owners will be to blame if this things hits hard. And yes, I think it could be worst then slammer/code red because its RPC. Pretty much all the MS client out there are going to have it running (versus an IIS exploit).


Perhaps ISP's should just block RPC at their routers that feed broadband users. I can't think of any good reason most people would want it to be exposed anyways, on a residential broadband account at least.

Re:How big a threat is this? (1, Flamebait)

TedCheshireAcad (311748) | more than 11 years ago | (#6587261)

expoit here [packetstormsecurity.nl]

why not, i got karma to burn...

Re:How big a threat is this? (2, Interesting)

iabervon (1971) | more than 11 years ago | (#6587277)

It's reasonable to expect this to be worse than some of the other worms, because it is part of a more central and common service. It seems unlikely that future worms will be less effective than past ones, for that matter, since the past ones have generally been disassembled and discussed, and someone writing a worm is unlikely to start from scratch.

Of course, the vulnerability requires that it be possible to reach the machine with an inbound connection, so firewalled networks will be protected until someone combines this with a document-based vulnerability to attack these networks from inside.

Linux is a joke, a mess, a waste of time. (-1, Flamebait)

Michael's a Jerk! (668185) | more than 11 years ago | (#6587029)

Linux?
Are you Loonies kidding?
Please tell me why a Windows user that is using state of the art
software and hardware to it's limit, would be interested in
downgrading his system just to run Linux?

Why?

The computing world is headed toward multimedia in a big way and Linux
is so far behind the curve it's pathetic.
Sure Pixar generates it's wire frame models using Linux, but it's
pretty said when Linux users can't even view the trailers to Pixar
movies because they are Windows/Mac only formats.

What about iTunes?

Any mp3 programs like Cooledit out there for Linux?
DVD copy for Linux?

Nope.
Linux is a fucking joke.

Linux is difficult, if not impossible to install on common hardware
and even when it IS installed, it just sucks because nothing works.

View common web pages?
Linux falls flat on it's face.
In fact many Linux tutorial websites actually use Windows media player
format files and Linux can't view them.
Now that is real smart :(

Waste time with Linux?

Risk being put out of business when SCO wins the suit?
Not me.

I deep sixed Linux a long time ago because it sucks.

Re:Linux is a joke, a mess, a waste of time. (-1, Offtopic)

proj_2501 (78149) | more than 11 years ago | (#6587062)

Wow. You're a dork.

Re:Linux is a joke, a mess, a waste of time. (0)

Anonymous Coward | more than 11 years ago | (#6587073)

Here's someone with his head on straight...
Hey, how does it smell with your head so far up your ass that you can see your colon? When was the last time you used Linux...5 years ago?

FYI, it sounds like you have some personal issues...but there's hope for you! I hear that they have a pill you can take to increase the size of your penis, maybe if you had a dick you would act so much as one!

Re:Linux is a joke, a mess, a waste of time. (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#6587111)

YHBT HAND

You stupidass loser!

Re:Linux is a joke, a mess, a waste of time. (-1, Offtopic)

Zemran (3101) | more than 11 years ago | (#6587173)

Michael

A good troll needs to have some foundation in truth. It needs to at least sound as if you believe your arguement. Anyone that has used Linux recently will know that what you say is patently untrue and that all you are trying to do is inflame people. If you want to get a good flame war going you have to have a plausible and defendable arguement. If you had focused solely on the ability to copy DVDs and accepted that although it is possible it is so difficult that it makes the use of Linux ridiculous, then you would have got lots of people going who think you are wrong or simplifying the arguement too much. Because you make so many statements about things like MP3s etc. for which Linux has more options than Windows, you sound as if you do not know what you are talking about and no one is going to bite.

Better luck next time.

First Post? (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#6587030)

Couldn't resist!

Re:First Post? (-1)

Anonymous Coward | more than 11 years ago | (#6587097)

Y0U FAlL lT!!!!!!!!!!

Microsoft really did it this time.. (5, Interesting)

Tirel (692085) | more than 11 years ago | (#6587031)

This is turning out to be a huge problem, we got the exploit a bit *cough*early*cough* and by simply joining a channel on IRC you get a handful of IPs, of which at least a few are exploitable. And then they wonder why there are a thousands of ddos zombie machines running windows!

But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

Re:Microsoft really did it this time.. (4, Interesting)

BWJones (18351) | more than 11 years ago | (#6587240)

But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

Shoot, this was a problem years ago leading me to never enable automatic updates after more than one Windows machine was completely FUBAR'ed after an update. We fought with security issues on Windows for a while, then dealt with the expense and hassle of IRIX (although IRIX is impressively stable), went back to Windows due to the cost and then simply migrated our servers to Apache on OS X. Safe, simple, stable, affordable and secure.

Re:Microsoft really did it this time.. (1)

kasperd (592156) | more than 11 years ago | (#6587297)

Windows, IRIX, OS X.... How often do you replace your hardware?

GNAA EARLY POST SYSTEM (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6587036)

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it.

Second, you need to succeed in posting a GNAA "first post" on slashdot.org [slashdot.org] , a popular "news for trolls" website

Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.isprime.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here [nero-online.org] .

If you have mod points and would like to support GNAA, please moderate this post up.

This post proudly brought to you by the GNAA president

________________________________________________
| ______________________________________._a,____ |
| _______a_._______a_______aj#0s_____aWY!400.___ |
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ |
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ |
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ |
| ________"#,___*@`__-N#____`___-!^_____________ |
| _________#1__________?________________________ |
| _________j1___________________________________ |
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ |
| ____!4yaa#l___________________________________ |
| ______-"!^____________________________________ |
` _______________________________________________'

How long? (5, Funny)

Voltas (222666) | more than 11 years ago | (#6587048)

2 years / millions of dollars and the Home Land Security people tell me that people like to attack Microsoft Products.

I'm glad I pay all those taxs!

Re:How long? (4, Interesting)

rusty0101 (565565) | more than 11 years ago | (#6587076)

And what's the OS Vendor of choice for the Department of Homeland Security? I seem to recall a story or something [slashdot.org] about it.

Anyone want to talk to their representative or senators about that decision?

Re:How long? (4, Interesting)

sniggly (216454) | more than 11 years ago | (#6587235)

The sad part is that the NSA itself already was far ahead developing a secure OS [nsa.gov] that would do just fine for the dept of HS. Instead tax monies go to bill gates and his dancing monkeys.

Re:How long? (5, Funny)

Jonsey (593310) | more than 11 years ago | (#6587113)

I'm glad I pay all those taxs!

And I'm glad our "edjacashun" budget keeps rising to make the US more smarterer.

Now if we can get them to arrest (2, Funny)

MECC (8478) | more than 11 years ago | (#6587050)

If ew can get them to arrest the board of MS directors, in cluding BIll Gates, and treat them as POWs, that would help things considerably.

Re:Now if we can get them to arrest (4, Funny)

Zemran (3101) | more than 11 years ago | (#6587087)

The whole Microsoft staff end up in Gauntanamo bay without trail or legal representation :) Seems fair to me...

Re:Now if we can get them to arrest (0)

Anonymous Coward | more than 11 years ago | (#6587241)

No way man. Lot's of good people who work at Microsoft who you would be unfairly punishing. If you punish anybody, punish the upper management who allow the bad stuff to happen and make the critical (re: illegal/immoral) decisions.

Too many rights! (1)

littleghoti (637230) | more than 11 years ago | (#6587203)

Imprison them as "illegal combatants" at camp x-ray and that way you don't even have to follow the Geneva convention! You can break any human rights they have!

This is bound to be interesting... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6587052)

I wondwer if RIAA and SCO already patched their machines...

*rubs hands*

Pretty Bad (5, Insightful)

the.jedi (212166) | more than 11 years ago | (#6587054)

My friend works at MIT's network security.
From wednesday to thursday they're compromise rate
went from 3 computers an hour to 30.
Right now they're just blocking the RPC port
but the routers are starting to take some heavy
traffic. Looks like this one is going to be pretty
bad.

Re:Pretty Bad (1)

mjmalone (677326) | more than 11 years ago | (#6587069)

Which port is it that you need to block?

Re:Pretty Bad (1, Informative)

Type_O_Negative (627577) | more than 11 years ago | (#6587105)

Port 135.

Re:Pretty Bad (0)

Anonymous Coward | more than 11 years ago | (#6587139)

TCP, UDP, or both?

Re:Pretty Bad (1)

Type_O_Negative (627577) | more than 11 years ago | (#6587221)

TCP should do the trick.

Re:Pretty Bad (5, Funny)

tarquin_fim_bim (649994) | more than 11 years ago | (#6587148)

"Which port is it that you need to block?"

To make windows secure?

All of them.

Which ports are they? (0, Redundant)

bobbotron (688193) | more than 11 years ago | (#6587077)

Which ports do you need to block to keep the RPC requests out?

Re:Which ports are they? (0)

Anonymous Coward | more than 11 years ago | (#6587133)

80 and 8080

Re:Which ports are they? (0)

Anonymous Coward | more than 11 years ago | (#6587188)

Thank you much sir, I just blocked these on my router. Is this RPC service resonsible for connecting people to the interweb though because it seems that when I blocked it people say they can no longer connect to my internet site.

Re:Which ports are they? (-1)

Anonymous Coward | more than 11 years ago | (#6587256)

Have you considered that you may be a little under qualified, to be operating a computer?

Re:Pretty Bad (0)

Anonymous Coward | more than 11 years ago | (#6587122)

some folks trashed my univ's firewalls
for about 24 hours a week ago. they
never managed to get a trace on em.
big earthquake a comin I can feels it,
in me bones.

Ugh. (5, Funny)

JohnGrahamCumming (684871) | more than 11 years ago | (#6587057)

Could we not go around referring to The Department of Homeland Security as HomeSec? The last thing we need is /. popularizing a cool sounding name for this behemoth.

If we need to refer to it then use the initial letters of its name... DoHs.

Somehow appropriate when they put out warnings like the last one.

John.

Re:Ugh. (4, Funny)

glwtta (532858) | more than 11 years ago | (#6587082)

I just tend to call it MiniPax - is that better?

Re:Ugh. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6587236)

Ha ha you're so funny. No wait, you're still an idiot. Yay you read 1984. What do you want, a cookie? Er, mod points? I guess you got them. If you want to be taken seriously though by intelligent people and not Slash-idiots then you might want to try dropping the name calling so you appear older than 12.

Re:Ugh. (1)

GoofyBoy (44399) | more than 11 years ago | (#6587177)

HomeSec sounds like some sort of home-office networking product.

HomeSec. Ingsoc. MiniPax. Double-plus good. (5, Funny)

thelandp (632129) | more than 11 years ago | (#6587198)

The name "HomeSec" reminds me of a few similar terms from George Orwell's important (and never more appropriate) book, 1984.

Most government departments actually are designed to achieve the opposite of their names. For example, the "Department of Homeland Security" is in fact designed to control the level of insecurity that people feel. Likewise, the ministry of defence is really about offence, and in 1984 the Ministry of Information is about disinformation and so on.

In the book, the language was controlled to the point of creating new terms like IngSoc, MiniPax (ministry of peace, really designed to perpetuate war), and Double-plus good.

The whole point here is to justify the actions of the government. Because it becomes alot easier to justify removing civil rights when there is the perceived threat of some common enemy.

Re:Ugh. (0)

Anonymous Coward | more than 11 years ago | (#6587229)

As I wrote here, (before it instantly got -1 overrated, [slashdot.org] and also pointed out here, [slashdot.org] 'HomeSec' seems to be a completely made-up term created solely by Michael for the sole purpose of belittling them.

We should call out Michael for his newspeak.

Re:Ugh. (1)

TedCheshireAcad (311748) | more than 11 years ago | (#6587283)

If we need to refer to it then use the initial letters of its name... DoHs

Sounds too much like DOS.

oh, wait....

The Department of Homeland Security? (5, Insightful)

Wacky_Wookie (683151) | more than 11 years ago | (#6587060)

Sounds more like The Department of Homeland in-security :)

Joking aside I find the US media's "fear hyping" to be outrageous.

"It could happen to you" Is a major catch phrase for the US media, and they are not talking about winning the lottery.

Re:The Department of Homeland Security? (1)

admbws (600017) | more than 11 years ago | (#6587218)

Why do they beat around the bush with a purely hypothetical statement such as "It could happen to you". If you are running an unpatched Windows (as most people are) and somebody releases a worm that exploits it, it WILL happen to you!!

hmm Bill Gate's advice (0)

linuxislandsucks (461335) | more than 11 years ago | (#6587065)

Bill Gate's advice was that there was no knowledge or lack of knowledge in writing secure applications and OSes..

I beg to differ in that UNix has been progressing and practing secure code writing for nearly 20 years..

Mybe Bill Gates shoudl send his programmers back to school and unix programming classes?

Let the bashing begin (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6587070)

50% of posts bashing Microsoft, the other 50% blaming stupid sysadmins who don't patch their servers. Next story please.

Re:Let the bashing begin (-1)

Anonymous Coward | more than 11 years ago | (#6587219)

No just %100 lamers like you.

They should know! (3, Funny)

jocknerd (29758) | more than 11 years ago | (#6587071)

After all, they're giving Microsoft $90 million to run their computers.

Affect Win98? (0)

Anonymous Coward | more than 11 years ago | (#6587075)

Just a question. Does this affect Win95, Win98 systems as well? All the advisories I've seen have only mentioned Win2K and up, but I think MS is no longer supporting the Win95, Win98 series. Basically, does anyone know if Win98 has this RPC call thing that is at the root of the trouble?

Re:Affect Win98? (1)

mjmalone (677326) | more than 11 years ago | (#6587119)

According to the security people at my work Win98 is affected, and since Microsoft no longer supports it they didn't bother to write a patch.

Re:Affect Win98? (1)

GoofyBoy (44399) | more than 11 years ago | (#6587226)

But if you have a software based firewall should that protect you?

How about hardware based firewall?

Homeland Security? Don't make me laugh... (-1, Interesting)

NineNine (235196) | more than 11 years ago | (#6587079)

Homeland Security are the new American Nazis. I'm sure they'll have their own SS troops, soon, if they don't already. Not only would I never believe a word these bastards have to say, but I'm waiting for the next sane administration to dismantle this bunch of jackbooted thugs. So what is this, a "code orange" for web sites? oooh. Well, next thing we know, they'll start arresting webmasters of unpatched web servers for terrorism. Homeland Security can suck my dick (ooops, that's illegal too, isn't it?)

Godwin's Law! Godwin's Law! (1, Funny)

Anonymous Coward | more than 11 years ago | (#6587093)

Worst Thread Ever. (TM)

Re:Homeland Security? Don't make me laugh... (-1, Troll)

pair-a-noyd (594371) | more than 11 years ago | (#6587154)

You are a retard.
They are the STASI and the KGB..

You are an immature child that knows not of what he speaks..

Grow up, boy...

I feel bad for the Poor slob(s).... (4, Insightful)

curtisk (191737) | more than 11 years ago | (#6587080)

....that works at Dept. of Homeland Security whose entire job will consists of keeping up to date with MS security advisories....

wonder how they (DoHS) are feeling about their OS investment already? :)

Are you kidding me? (1)

Jagasian (129329) | more than 11 years ago | (#6587298)

That "poor slob" has some of the best job security I have ever seen in an IT job these days. Is it really that hard of work to read USENET and hang out on IRC?

windows at the office?? (5, Interesting)

chef_raekwon (411401) | more than 11 years ago | (#6587095)

i could have sworn that 2 weeks ago, here on this very same slashdot....there was a story about HomeLand Security securing a very large purchase from Microsoft....aka 100 million, or some outrageous number like that..

isn't this a bit irresponsible of them, now that they are declaring Windows a vulnerability?

UNPATCHED systems (-1)

yatest5 (455123) | more than 11 years ago | (#6587193)

are vulnerable, is that easy enough for you to understand dickwap?

Re:UNPATCHED systems (-1)

Anonymous Coward | more than 11 years ago | (#6587251)

As vulnerable as your unpatched ass. But you'd know that since it's been reamed so often you don't really mind it any more, n'est pas?

Re:windows at the office?? (1)

akiaki007 (148804) | more than 11 years ago | (#6587238)

Indeed they did, and 2 days (maybe 1?) later this security hole was announced. It received national coverage on all the major news players and the implicaitons of security.

I, personally, am rather angry that my fucking tax money is being spent by the DoHS and all they have come up with is a dependency on an insecure OS and a stupid colour coded system that NO ONE understands!

Re:windows at the office?? (0)

Jagasian (129329) | more than 11 years ago | (#6587247)

You better shut your pro-terrorist mouth you unpatriotic liberal! HOW MANY FINGERS AM I HOLDING UP?!? WRONG! FIVE! NOT FOUR!

Re:windows at the office?? (1)

cliffiecee (136220) | more than 11 years ago | (#6587275)

Think of it as "Homeland Security eats its own dog food..." In other words, they are using the same operating system that the vast majority of people use, so they will experience the same vulnerabilities. They'll be able to advise people about computer security from first-hand experience, not just from a few pristine 'test lab' machines.

Hilarious! (5, Funny)

Wilersh (237791) | more than 11 years ago | (#6587100)

Microsoft is now officially a threat to Homeland Security. Maybe George should drop some bombs on Redmond! We know where they are and they keep putting out a product that threatens our security. Oh wait, the government saw fit to give them a slap on the wrist and turn around and contracted even more unsafe software from them. They'll undoubtedly be mentioned in future hindsight publications from congress but on blanked out pages for national security reasons. That's what we do for "friends".

Ugh.

Wilersh

Re:Hilarious! (2, Funny)

kinnell (607819) | more than 11 years ago | (#6587233)

Maybe George should drop some bombs on Redmond

...or maybe he should summon the giant penguin of the apocalypse [penguincomputing.com] .

From the "WTF" files (1, Redundant)

Mikey-San (582838) | more than 11 years ago | (#6587104)

The Department of Homeland Security has issued a warning regarding the security of Microsoft's products.

Does this seem fairly stupid to anyone else? I mean, didn't "HomeSec" (please, no catchy names for this terrible organization) just partner with these idiots [google.com] ?

Re:From the "WTF" files (0)

Anonymous Coward | more than 11 years ago | (#6587271)

Yes, please don't use that term. Except that you just used it. Thanks.

Remember, they bought MS software! (0, Redundant)

gatesh8r (182908) | more than 11 years ago | (#6587107)

Your tax dollars at work demonstrating a good example... :-)

HomeSec???? (-1)

Anonymous Coward | more than 11 years ago | (#6587109)

Nobody I know or nothing I have read have referred to the Department of Homeland Security as 'HomeSec'.

Yet Michael continually calls them HomeSec for no apparent reason. Why is this? Why can't michael call Homeland Security?

Michael has a nasty habit of making up new terms and words to slag on his favorite targets.

Call him out on this and don't let him to continue it. If he can control language, he can control people. That is what he's trying to do.

Color scale? (5, Funny)

Elendil (11919) | more than 11 years ago | (#6587114)

On the DHS alert color code [dhs.gov] , blue means "guarded", just one notch lower than the alert level the USA have been living in for the last few months (with occasional orange flares). Should this color be reconsidered in sight of the well known Blue Screen of Death?

HomeSec (-1)

Anonymous Coward | more than 11 years ago | (#6587115)

Since we've established that HomeSec is a term michael made up because he wants to spread FUD, I suggest that michael be known as "dishonest mike" from now on. And any mention of his real name will be modded down -1:Troll because around here the truth doesn't matter.

Why are they even working on this? (1, Funny)

slusich (684826) | more than 11 years ago | (#6587117)

Shouldn't the Department of Fatherland Security be working to eliminate terrorists and Democrats instead of pointing out the obvious?

Slashdot - "Anti-Microsoft" not "Pro-Open Source" (-1)

MondoMor (262881) | more than 11 years ago | (#6587128)

CmdrTaco and employees, you should be ashamed. This site is no longer about open source advocacy. You've crossed the line and become anti-microsoft zealots. What a shame.

Again.. (4, Insightful)

NetJunkie (56134) | more than 11 years ago | (#6587136)

Patch your stuff and for goodness sake put up a firewall! RPC port open to the word? Why?!

how long has the patch been available? (1, Interesting)

*weasel (174362) | more than 11 years ago | (#6587144)

*boggle*

would every geek please walk over to their nearest 4 non-geek's MS boxes and flick 'autoupdate' on? maybe we can spare a few routers in the future?

i mean, if they insist on having those boxes, the least we can do is make sure they're patched up.

say what you will about MS - but these big exploits don't usually hit until weeks after the patch has been available.

and if you're relaxed enough with control over your box to run MS in the first place, autoupdate ain't any worse.

Didn't They (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#6587150)

Didn't HomSec recently name Microsoft as its chief technology supplier. Can anyone else see the irony in this?

so what? (1)

shaklee (631847) | more than 11 years ago | (#6587152)

They post other vulnerabilities like BIND [nipc.gov] , not just windows advisories. Was this just a bad attempt to make a cheap shot at microsoft?

Futures market for network insecurity (1, Interesting)

The Fun Guy (21791) | more than 11 years ago | (#6587164)

I wonder what kind of odds John Poindexter would offer on "MS-based systems will be the subject of a successful cyberattack resulting in significant economic impact in lost data, functionality, uptime and manhours." Any bets? Anyone? C'mon, no body wants to take this bet?

Seriously, if they wanted to take bets on which national leader would get hit, couldn't they do the same for which OS will fail first/most? Or bet on how much the next big expolit will cost, to the nearest $10M?

Contract? (0, Funny)

WPIDalamar (122110) | more than 11 years ago | (#6587166)

Didn't the department of homeland injustices sign a big fat contract with MS to provide a bunch of software a little while ago? Wouldn't announcing this be againse the EULA of microsoft products or something =)

Govt should use its own OS. (5, Insightful)

sniggly (216454) | more than 11 years ago | (#6587170)

It's time the government started to realize its own linux version [nsa.gov] has been developed to preclude vulnerabilities such as these that are caused mostly by sloppy programming.

Alanis, where are you? (-1, Troll)

harley_frog (650488) | more than 11 years ago | (#6587201)

The Office of Homeland Security is warning all Microsoft users of a security hole. Excuse me, but aren't they the some ones who chose to adopt M$ [slashdot.org] in the first place?

Isn't it ironic, don't you think -- Alanis Morissette

Free patches! (1)

idiotnot (302133) | more than 11 years ago | (#6587216)

So much for "journalism" from CNN. That story is sucking up to MS. I guess the AOL/MS lovefest continues.

Yeah, they're offering the patches free of charge. But it wouldn't be that big of a deal if their junk wasn't broken so much to begin with! If MS actually *charged* for security patches, okay, it needn't be MS necessarily -- any proprietary software vendor, they'd take a hit in sales.

Notice that Server 2k3 is affected, too. Keeping count, the rate of vulnerabilities is slowing down a bit, but they're still very much there.

How shocking. (0)

Srass (42349) | more than 11 years ago | (#6587234)

And in other news, the Department of Homeland Security also warned that the sun may rise in the east tomorrow. . .

DoHS is anti-Internet anyway (1)

Dynamoo (527749) | more than 11 years ago | (#6587239)

The Department of Homeland Security is dead against the internet anyway, as stated in this press release [subj.com] . ;)

The World is Ending!!! (1)

RDosage (694318) | more than 11 years ago | (#6587250)

Does anyone else in the security industry worry about the amount of publicized security vulnerabilities not having an effect on the general population? When CNN.com is running stories like this one, and then nothing happens, will people just start ignoring the problem? If people start ignoring these advisories, we will be in much greater trouble when something bad really does happen.

the patch is really a trojan (funny) (2, Funny)

number6x (626555) | more than 11 years ago | (#6587258)

The patch [microsoft.com] from MS is really a trojan!

Go to this link [chartertn.net] to learn more!

Download Bush's Executables? (1)

Jagasian (129329) | more than 11 years ago | (#6587267)

So wait, the government is recommending that I download an executable and run it. Is that supposed to make me feel more safe? After being repeatedly lied to by this government, I am supposed to bend over and run their executables? I already run Linux at work. Seems the home computer needs a little conversion too.

Hired Pathetc Web Developer? (0, Offtopic)

Jerk City Troll (661616) | more than 11 years ago | (#6587273)

Is it just me, or do the web pages of our GroBartige Abteilung der Vaterland-Sicherheit look like it was made by a 14 year old?

Just because i'm paranoid... (1)

rice krispy (694015) | more than 11 years ago | (#6587280)

is it just me (and my imaginary friends) who thinks this just a game of cat-and-mouse that the fear mongers at the DOHS like to play with the media, knowing full well that even the smallest rumor will be inevitably amplified in stentorian tones on the national stage? is it just me who thinks that this is merely a glorious and dramatic means of self-justification on the part of DHS? is it just me who thinks that the DHS is doing a wonderful job... at spreading terror?

security through obscurity (2, Funny)

BigBir3d (454486) | more than 11 years ago | (#6587286)

I guess that is why our IT Department doesn't want to update the desktops beyond Windows 98. "Hackers target the newest OS" is what he said. Apparently system stability is not a high concern :(

Time to be happy... (1)

bangalla (648729) | more than 11 years ago | (#6587290)

....if you're a Linux or Mac user.

This isn't a surprise is it? What's worse is that so many MS patches are uninstalled from peoples' systems because they break something important.

I'm so over these types of problems, put all of these crappy windows boxes behind great big firewalls, switch whatever you can to other platforms and let the other suckers bear the consequenses of the disaster. Hopefully if a large proportion of the worlds IT infrastructure grinds to a halt often enough peoples' eyes will be opened.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>