Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 10-23-08, 11:50 AM   #1
mlts22 
Senior Member
Thread Starter
 
Join Date: Aug 2006
Bikes:
Posts: 998
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Update your Windows boxes -now-

More news here, here, and original notification here.

Pretty much if you have a Windows box without heavy firewalling, you might be in a world of hurt as the exploits are in the wild right now.
mlts22 is offline   Reply With Quote
Old 10-23-08, 12:07 PM   #2
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Thanks for the news.

Now I need to do quite a bit of work this weekend...

EDIT:
Looking to Slashdot, and then looking at the US-CERT and NVD, this is really really really serious. Basically, anyone can gain access to your computer (with admin privileges) by sending an SMB request of a fixed length to trigger a buffer overflow of the Server service. In other words, novice script kiddies can gain access to your box.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

Last edited by MrCrassic; 10-23-08 at 12:12 PM.
MrCrassic is offline   Reply With Quote
Old 10-23-08, 12:37 PM   #3
CliftonGK1
Senior Member
 
CliftonGK1's Avatar
 
Join Date: Jul 2006
Location: Columbus, OH
Bikes: '08 Surly Cross-Check, 2011 Redline Conquest Pro, 2012 Spesh FSR Comp EVO, 2015 Trek Domane 6.2 disc
Posts: 11,380
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by mlts22 View Post
Pretty much if you have a Windows box without heavy firewalling, you might be in a world of hurt as the exploits are in the wild right now.
If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.

Quote:
Originally Posted by MrCrassic View Post
In other words, novice script kiddies can gain access to your box.
I thought "script kiddie" implied novice. Besides, what else is new? If you don't protect your machine, someone's going to figure out how to use it to their own advantage. These latest alerts are just more in a long line of the same old crap.
CliftonGK1 is offline   Reply With Quote
Old 10-23-08, 12:38 PM   #4
rkpol7
Member
 
rkpol7's Avatar
 
Join Date: Jun 2008
Location: Back in Santa Monica
Bikes:
Posts: 40
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Y'know, maybe I should really look into getting a macbook. I don't play games as much anymore, and I mainly use adobe products anyway. It should save me a lot of "update this, update that, scan for this, scan for that" headaches.
rkpol7 is offline   Reply With Quote
Old 10-23-08, 12:42 PM   #5
redfooj
pluralis majestatis
 
redfooj's Avatar
 
Join Date: Feb 2004
Location: you rope
Bikes: 20 W/st.
Posts: 3,260
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Quote:
Originally Posted by CliftonGK1 View Post
If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
No NAT no hardware firewall no software firewall no AV programs. going on for 6+ years now
redfooj is offline   Reply With Quote
Old 10-23-08, 12:44 PM   #6
linux_author
370H-SSV-0773H
 
linux_author's Avatar
 
Join Date: May 2005
Location: Penniless Park, Fla.
Bikes: Merlin Fortius, Specialized Crossroads & Rockhopper, Serotta Fierte, Pedal Force RS2
Posts: 2,750
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by CliftonGK1 View Post
If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
the Evil Empire's own labs have determined this time period to be on the order of 30 seconds (albeit unpatched XP home boxen)...

but now, with Comcast's Extreme50, your PC can be p0wnd 10X faster!

linux_author is offline   Reply With Quote
Old 10-23-08, 12:46 PM   #7
SonataInFSharp
Senior Member
 
Join Date: Apr 2007
Location: Minneapolis, MN
Bikes:
Posts: 176
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I don't know anyone who is completely unprotected anymore. Even my inlaws have hardware and software firewalls and don't even know it.
SonataInFSharp is offline   Reply With Quote
Old 10-23-08, 12:47 PM   #8
redfooj
pluralis majestatis
 
redfooj's Avatar
 
Join Date: Feb 2004
Location: you rope
Bikes: 20 W/st.
Posts: 3,260
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Quote:
Originally Posted by linux_author View Post
the Evil Empire's own labs have determined this time period to be on the order of 30 seconds (albeit unpatched XP home boxen)...

but now, with Comcast's Extreme50™, your PC can be p0wnd 10X faster!

ugh. whatever. you exaggerating *nix geeks.
redfooj is offline   Reply With Quote
Old 10-23-08, 01:30 PM   #9
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by CliftonGK1 View Post
If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.



I thought "script kiddie" implied novice. Besides, what else is new? If you don't protect your machine, someone's going to figure out how to use it to their own advantage. These latest alerts are just more in a long line of the same old crap.
There's script kiddie and then there's the n00b script kiddie. I'm not either of them, though if I maybe spent some time learning about security when I was younger, I could have been...
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces
MrCrassic is offline   Reply With Quote
Old 10-23-08, 01:46 PM   #10
vtjim
Belt drive!
 
vtjim's Avatar
 
Join Date: Sep 2004
Location: Burlington, Vermont
Bikes: 2011 Trek Soho DLX
Posts: 2,614
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Heh - My server service is disabled. But I installed the patch anyway.
vtjim is offline   Reply With Quote
Old 10-23-08, 02:02 PM   #11
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Can't disable it; I might need it for File and Printer Sharing.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces
MrCrassic is offline   Reply With Quote
Old 10-23-08, 02:06 PM   #12
timmhaan
more ape than man
 
timmhaan's Avatar
 
Join Date: Nov 2003
Location: nyc
Bikes:
Posts: 8,093
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
script kitty?

timmhaan is offline   Reply With Quote
Old 10-23-08, 02:27 PM   #13
mlts22 
Senior Member
Thread Starter
 
Join Date: Aug 2006
Bikes:
Posts: 998
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I use file and printer sharing extremely frequently on my local LAN, although the firewall/NAT box and WPA2-PSK wireless AP limit the entry points on the network.

The people I worry about with this security issue are the people handed a DSL CSU/DSU with no firewalling capability, told to plug the power/LAN/phone cables in, and pretty much left on their own after that with only a "software firewall" separating them from major compromise and their computer's life as a botnet member. A lot at best will just let Windows Update automatically do its cycle, but others turn Windows Update off because they don't like the monthly reboot. These are one group who will be feeling the hurt big time.

The second group that will be affected, will be large enterprises which need to updated thousands of machines immediately, and update install images so that vulnerability is not present in freshly installed boxes. There are always script kiddies in every corporation who will try go pwn as many boxes as they can before they are patched.

Its not like other platforms/operating systems are perfect, but its good to have something other than Windows that is not as scrutinized by every script kiddy on earth to find a hole. Holes in Windows are bug bucks... pwn enough machines, a criminal can sell the botnet for good cash, or just run their own extortion/spam/ID theft racket by grabbing data files off of victims' PCs and selling anything juicy on the ID theft market.

Last edited by mlts22; 10-23-08 at 02:32 PM.
mlts22 is offline   Reply With Quote
Old 10-23-08, 09:29 PM   #14
iamlucky13
Footballus vita est
 
iamlucky13's Avatar
 
Join Date: Jun 2002
Location: Portland, OR
Bikes: Trek 4500, Kona Dawg
Posts: 2,118
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by CliftonGK1 View Post
If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
I've been running XP for about 2 years now without a firewall. I did finally break down and install an AV suite a month or so ago on some suspicions, but my box is still squeaky clean. Amazing what can fail to happen when you actually pay attention to the updates and don't click on things without knowing what they are.
__________________
"The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad
iamlucky13 is offline   Reply With Quote
Old 10-23-08, 10:00 PM   #15
CliftonGK1
Senior Member
 
CliftonGK1's Avatar
 
Join Date: Jul 2006
Location: Columbus, OH
Bikes: '08 Surly Cross-Check, 2011 Redline Conquest Pro, 2012 Spesh FSR Comp EVO, 2015 Trek Domane 6.2 disc
Posts: 11,380
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by redfooj View Post
No NAT no hardware firewall no software firewall no AV programs. going on for 6+ years now
My computer needs a shower just from knowing it's been on the same forum server as that.
CliftonGK1 is offline   Reply With Quote
Old 10-23-08, 10:09 PM   #16
crackerjab
WTF is that smell?
 
crackerjab's Avatar
 
Join Date: Dec 2005
Location: Charlotte, NC
Bikes:
Posts: 449
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by iamlucky13 View Post
I've been running XP for about 2 years now without a firewall. I did finally break down and install an AV suite a month or so ago on some suspicions, but my box is still squeaky clean. Amazing what can fail to happen when you actually pay attention to the updates and don't click on things without knowing what they are.
+1

Same here.
crackerjab is offline   Reply With Quote
Old 10-23-08, 10:49 PM   #17
Wordbiker
Pwnerer
 
Wordbiker's Avatar
 
Join Date: Jun 2005
Location: Pagosa Springs, CO, USA
Bikes: Road, MTB, Cruiser, Chopper, BMX
Posts: 2,907
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I've been running without a firewall, no antivirus, never update, send my credit card info in emails, forward everything without using BCC, run with scissors, ride a bike without a helmet, drive with no seatbelt, have unprotected sex, make fun of Hells Angels, talk to strangers, click on every popup, use IE and operate electrical appliances with wet hands....never had a problem yet.
__________________
Quote:
Originally Posted by ahsposo View Post
Ski, bike and wish I was gay.
Wordbiker is offline   Reply With Quote
Old 10-23-08, 11:03 PM   #18
kemmer
*****es love tarck
 
kemmer's Avatar
 
Join Date: Apr 2006
Location: Sandy, UT
Bikes: so many
Posts: 3,302
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Wordbiker View Post
I've been running without a firewall, no antivirus, never update, send my credit card info in emails, forward everything without using BCC, run with scissors, ride a bike without a helmet, drive with no seatbelt, have unprotected sex, make fun of Hells Angels, talk to strangers, click on every popup, use IE and operate electrical appliances with wet hands....never had a problem yet.
Yeah, me too...
__________________
kemmer is offline   Reply With Quote
Old 10-23-08, 11:27 PM   #19
The Figment
The Wheel is Turning
 
The Figment's Avatar
 
Join Date: May 2006
Location: Virgil Kansas
Bikes: '05 Novara (REI) Bonanza
Posts: 540
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
The Figment is offline   Reply With Quote
Old 10-23-08, 11:33 PM   #20
Wordbiker
Pwnerer
 
Wordbiker's Avatar
 
Join Date: Jun 2005
Location: Pagosa Springs, CO, USA
Bikes: Road, MTB, Cruiser, Chopper, BMX
Posts: 2,907
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I look at running windows like riding a bike: It's hard work, not everyone gets it, but going through the hassle makes you stronger, more capable and more resilient. Buying a Mac is like driving an automatic: Sure, it's less hassle, but it makes you lazy. Linux is like keeping a moped running: Yeah, it's hella efficient and cheap, but man...it makes you greasy and look like a dork.
__________________
Quote:
Originally Posted by ahsposo View Post
Ski, bike and wish I was gay.
Wordbiker is offline   Reply With Quote
Old 10-24-08, 02:30 AM   #21
mechBgon
Senior Member
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by MrCrassic View Post
Thanks for the news.

Looking to Slashdot, and then looking at the US-CERT and NVD, this is really really really serious. Basically, anyone can gain access to your computer (with admin privileges)

Ahhhh, whoa there with the "anyone" part It is a serious vulnerability in cases where it can actually be touched, but a default standalone WinXP SP2 installation with its firewall enabled would repel attacks, for example. more clarity for those interested I certainly do urge everyone to pay attention and get the patch, of course.

On the off-chance there are some people who'd like a security plan for home Windows PCs, instead of running nekkid through crocodile-infested waters with raw meat tied all over their bodies, etc, I have one that was developed from a combination of sysadmin experience and quite a lot of active malware hunting, so here ya go


Quote:
If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
A well-secured Windows system is actually a very tough cookie. I've never had a successful compromise of my malware-hunting rig yet, and it's not for lack of opportunity See steps 1, 2, 6 and 12 in particular, in the guide I linked above.

Last edited by mechBgon; 10-24-08 at 03:02 AM.
mechBgon is offline   Reply With Quote
Old 10-24-08, 07:36 AM   #22
Psydotek
Body By Nintendo
 
Psydotek's Avatar
 
Join Date: Sep 2006
Location: Videogames ruined my life. Good thing i have 2 extra lives.
Bikes: Giant TCR2, Giant TCX, IRO BFSSFG SE, Salsa Casseroll, IRO Rob Roy.
Posts: 3,187
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Wordbiker View Post
I look at running windows like riding a bike: It's hard work, not everyone gets it, but going through the hassle makes you stronger, more capable and more resilient. Buying a Mac is like driving an automatic: Sure, it's less hassle, but it makes you lazy. Linux is like keeping a moped running: Yeah, it's hella efficient and cheap, but man...it makes you greasy and look like a dork.
Ya'know, that's probably the best analogy i've heard. The people who ***** and moan about Windows are usually those who don't want to put in the effort of learning it.

I actually have automatic updates turned off on my computer, but i manually check every other month.

I don't keep an antivirus installed, but i'll periodically install a free one (AVG or something) and run a scan. I do keep a spyware filter installed (Spybot Search & Destroy) and our DSL modem/router has a built in firewall.

If you're smart about surfing the intr4w3bz and installing programs, you'll have very few problems really.
__________________

Quote:
Originally Posted by jsharr View Post
A girl once asked me to give her twelve inches and make it hurt. I had to make love to her 3 times and then punch her in the nose.
Psydotek is offline   Reply With Quote
Old 10-24-08, 08:18 AM   #23
Psydotek
Body By Nintendo
 
Psydotek's Avatar
 
Join Date: Sep 2006
Location: Videogames ruined my life. Good thing i have 2 extra lives.
Bikes: Giant TCR2, Giant TCX, IRO BFSSFG SE, Salsa Casseroll, IRO Rob Roy.
Posts: 3,187
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by mechBgon View Post
...On the off-chance there are some people who'd like a security plan for home Windows PCs, instead of running nekkid through crocodile-infested waters with raw meat tied all over their bodies, etc, I have one that was developed from a combination of sysadmin experience and quite a lot of active malware hunting, so here ya go .
I'm bookmarking that. Good tips. Also you mentioned the Windows Vista UAC on your "making a limited a limited account..." page. That seems to be one of the gripes people have about Vista and they turn it off.

BAD IDEA!

It only adds one or two extra clicks when it asks for your permission to do something and it'll save you from a headache sometimes by letting you quickly review what's going on before it happens.
__________________

Quote:
Originally Posted by jsharr View Post
A girl once asked me to give her twelve inches and make it hurt. I had to make love to her 3 times and then punch her in the nose.
Psydotek is offline   Reply With Quote
Old 10-24-08, 08:57 AM   #24
mlts22 
Senior Member
Thread Starter
 
Join Date: Aug 2006
Bikes:
Posts: 998
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Wordbiker View Post
I look at running windows like riding a bike: It's hard work, not everyone gets it, but going through the hassle makes you stronger, more capable and more resilient. Buying a Mac is like driving an automatic: Sure, it's less hassle, but it makes you lazy. Linux is like keeping a moped running: Yeah, it's hella efficient and cheap, but man...it makes you greasy and look like a dork.
I wonder where Solaris and AIX are in that analogy.
mlts22 is offline   Reply With Quote
Old 10-24-08, 11:59 AM   #25
redfooj
pluralis majestatis
 
redfooj's Avatar
 
Join Date: Feb 2004
Location: you rope
Bikes: 20 W/st.
Posts: 3,260
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 28 Post(s)
Quote:
Originally Posted by Wordbiker View Post
I look at running windows like riding a bike:
Yeah, in the biking world, there are spandex-helmet nazis who upgrade components every week and then fall down the first time they get on clipless, and then there are guys riding bikes for 40 years without ever taking a spill....
redfooj is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 09:09 PM.