I'm sure that everyone heard about this on Thursday, but I didn't see a thread. Microsoft announced five new critical flaws in their operating systems, that could allow an attacker access to your system. These new vulnerabilities are much like last month's Blaster worm. I have automatic update enabled on my Windows Machine, and it did not automatically download the patches. I had to do it manually. I'm sitting behind a router and have DCOM disabled, so I wasn't too worried, but I would still patch these flaws. These updates affect Windows 2003, XP, 2000, NT 4.0 and Me is only affected by one. Windows 98 should be OK, unless you have add-ons of the affected services.

You can read about the updates here:

http://www.microsoft.com/security/security...015_windows.asp (http://www.microsoft.com/security/security_bulletins/20031015_windows.asp)

Here is the Reuters article on the release of the critical updates:

http://www.reuters.co.uk/newsArticle.jhtml...623434§ion=news (http://www.reuters.co.uk/newsArticle.jhtml?type=technologyNews&storyID=3623434§ion=news)

There are also a couple of nasty viruses running around out there. A couple of old ones have been surfacing this week. If you are not running an anti-virus, check out AVG Anti-virus (http://www.grisoft.com/us/us_dwnl_free.php). The free download is a basic interface, but it is better than nothing.



Last edited by girlgeek at Oct 19 2003, 02:53 PM

Originally posted by girlgeek@Oct 19 2003, 05:45 PM
I'm sure that everyone heard about this on Thursday, but I didn't see a thread. Microsoft announced five new critical flaws in their operating systems, that could allow an attacker access to your system. These new vulnerabilities are much like last month's Blaster worm. I have automatic update enabled on my Windows Machine, and it did not automatically download the patches. I had to do it manually. I'm sitting behind a router and have DCOM disabled, so I wasn't too worried, but I would still patch these flaws. These updates affect Windows 2003, XP, 2000, NT 4.0 and Me is only affected by one. Windows 98 should be OK, unless you have add-ons of the affected services.

You can read about the updates here:

http://www.microsoft.com/security/security...015_windows.asp (http://www.microsoft.com/security/security_bulletins/20031015_windows.asp)

Here is the Reuters article on the release of the critical updates:

http://www.reuters.co.uk/newsArticle.jhtml...623434§ion=news (http://www.reuters.co.uk/newsArticle.jhtml?type=technologyNews&storyID=3623434§ion=news)

There are also a couple of nasty viruses running around out there. A couple of old ones have been surfacing this week. If you are not running an anti-virus, check out AVG Anti-virus (http://www.grisoft.com/us/us_dwnl_free.php). The free download is a basic interface, but it is better than nothing.
Realistically...who do you think would ever exploit any of these vulernabilites?

In the day to day biz world this only stops many programs/services from running properly. And thats the biggest problem. Hell I know of 3 companies that have benfitted in doing nothing but anti virus and "critical updates" over the past 6 months and they are expanding.

Im more worried about Unix xploits.

It's a real problem, especially for home users. Blaster caused over $2 billion dollars of damage last month. Remember that Parson kid they picked up in Minnesota? When they found him, he owned about 6,000 boxes. That's a lot of machines. Also, it took down a DMV office, I think in Maryland. Many smaller businesses were affected as well.

Microsoft's code is so buggy, that it doesn't surprise me that your friends are making big dollars in this field. As far as the viruses go, you saw the story that was posted a few days ago about the kid who was using machines affected by trojans, as ftp servers. They use them to DDoS other machines, store their tools and games, and other activities that leech off your bandwidth. Most of the time you don't even know they are there. That is the problem. These script kiddies with too much time on their hands, are releasing all kinds of destructive code and it is a pain to clean up.

I spend a great deal of my time counseling people on fixing their computers and cleaning up these messes, when it could have all been prevented with a few basic pieces of software and hardware. At home, I run Linux, OS X and Windows. I am always attacking my own machines, to make sure they are secure. Not everyone can do this, so I try to inform as many people as possible when this stuff becomes available.

You've been quiet this weekend, any fun stories to share? :D

Originally posted by girlgeek@Oct 19 2003, 06:17 PM
It's a real problem, especially for home users. Blaster caused over $2 billion dollars of damage last month. Remember that Parson kid they picked up in Minnesota? When they found him, he owned about 6,000 boxes. That's a lot of machines. Also, it took down a DMV office, I think in Maryland. Many smaller businesses were affected as well.

Microsoft's code is so buggy, that it doesn't surprise me that your friends are making big dollars in this field. As far as the viruses go, you saw the story that was posted a few days ago about the kid who was using machines affected by trojans, as ftp servers. They use them to DDoS other machines, store their tools and games, and other activities that leech off your bandwidth. Most of the time you don't even know they are there. That is the problem. These script kiddies with too much time on their hands, are releasing all kinds of destructive code and it is a pain to clean up.

I spend a great deal of my time counseling people on fixing their computers and cleaning up these messes, when it could have all been prevented with a few basic pieces of software and hardware. At home, I run Linux, OS X and Windows. I am always attacking my own machines, to make sure they are secure. Not everyone can do this, so I try to inform as many people as possible when this stuff becomes available.

You've been quiet this weekend, any fun stories to share? :D
I totally agree. The sheer mangnatured of patching nad cleaning and etc etc is mind boggling. I spent the entire early morning at the data center cleaning up our NT servers having cases of blaster and welchia on them. I didnt get all of them either. Keep in mind that a lot of these machines have been powered off for 3 months or more. We got new video projects spining up so I had to turn them on and start getting ready.

I usually share all my good stories on my BLOG. See your not the only one that has one. Im a couple of weeks behind on it as well. Last weekend we had a world famous 'hacker" of sorts show up along with his tech celebrity girlfriend...and I had been stirring the shit on that one so I had to follow it thru. Then they decided that I was indeed fucked up enough to drive this battlecruiser called Oprano so Ive been busy with that ever since.

Ill message you the blog url once I've updated it right now I hear the Godfather Serge calling my name. So Ive got to find a telephone booth to call him from about that thing...y'know.

How about you...have you picked out your ballroom outfit? More importantly is it going to be a thong or bikini?

I heard about it Thursday when the little ballon popped on my task bar tha told me there were updates to download for XP.

Cool, good to know they got it up and running on the same day. I didn't get the balloon that morning, so I just manually downloaded them. I wonder if this is going to be like Blaster. A lot of people had to download the patch a few times before it actually worked.

Gonzo, you're bad. I think that Kevin is going to the only one who knows the answer to that one, for sure. Can't wait to get the URL, this should be a very interesting blog.

We were running around a lot this weekend, too. That's the bad thing about living in Vegas, people are always coming into town and want to get together. Plus, Kevin is leaving again to pick up his worldly travels, so it's been crazy.

good stuff - yeah i took care of mine at home and here at HQ just this morning - good advice, girlgeek! AVG is my virus software of choice too! :ph34r:

Y'know, I know that many of you think these flaws were built in to Windows; but there IS another way to look at it. When an OS is released, its' level of technology is static. The bad guys immediately start engineering ways to hack it. Microsoft is not able to anticipate every avenue of attack; but I believe they do a great job of creating patches and getting them out (free, I might add!). :agrin:

BTW, Solo antivirus is pretty good, also. Check out www.smmicro.com



Last edited by Torone at Oct 21 2003, 05:49 AM

Originally posted by Torone@Oct 21 2003, 06:47 AM
Y'know, I know that many of you think these flaws were built in to Windows; but there IS another way to look at it. When an OS is released, its' level of technology is static. The bad guys immediately start engineering ways to hack it. Microsoft is not able to anticipate every avenue of attack; but I believe they do a great job of creating patches and getting them out (free, I might add!). :agrin:

BTW, Solo antivirus is pretty good, also. Check out www.smmicro.com
snif sniff...Is it raining again?

Originally posted by Torone@Oct 21 2003, 06:47 AM
Y'know, I know that many of you think these flaws were built in to Windows; but there IS another way to look at it. When an OS is released, its' level of technology is static. The bad guys immediately start engineering ways to hack it. Microsoft is not able to anticipate every avenue of attack; but I believe they do a great job of creating patches and getting them out (free, I might add!). :agrin:

BTW, Solo antivirus is pretty good, also. Check out www.smmicro.com
Don't let Torone know that I personally agree with him on this. I have a reputation to protect, you know.

update once a week, it helps!