Advertise on Bikeforums.net



User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 34
  1. #1
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Update your Windows boxes -now-

    More news here, here, and original notification here.

    Pretty much if you have a Windows box without heavy firewalling, you might be in a world of hurt as the exploits are in the wild right now.

  2. #2
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the news.

    Now I need to do quite a bit of work this weekend...

    EDIT:
    Looking to Slashdot, and then looking at the US-CERT and NVD, this is really really really serious. Basically, anyone can gain access to your computer (with admin privileges) by sending an SMB request of a fixed length to trigger a buffer overflow of the Server service. In other words, novice script kiddies can gain access to your box.
    Last edited by MrCrassic; 10-23-08 at 12:12 PM.
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  3. #3
    Gears? CliftonGK1's Avatar
    Join Date
    Jul 2006
    Location
    Atlanta, GA
    My Bikes
    '08 Surly Cross-Check, 2011 Redline Conquest Pro, 2012 Spesh FSR Comp EVO, 2009 Spesh Singlecross, 2011 RM Flow1
    Posts
    11,304
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mlts22 View Post
    Pretty much if you have a Windows box without heavy firewalling, you might be in a world of hurt as the exploits are in the wild right now.
    If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.

    Quote Originally Posted by MrCrassic View Post
    In other words, novice script kiddies can gain access to your box.
    I thought "script kiddie" implied novice. Besides, what else is new? If you don't protect your machine, someone's going to figure out how to use it to their own advantage. These latest alerts are just more in a long line of the same old crap.

  4. #4
    Member rkpol7's Avatar
    Join Date
    Jun 2008
    Location
    Back in Santa Monica
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Y'know, maybe I should really look into getting a macbook. I don't play games as much anymore, and I mainly use adobe products anyway. It should save me a lot of "update this, update that, scan for this, scan for that" headaches.

  5. #5
    pluralis majestatis redfooj's Avatar
    Join Date
    Feb 2004
    Location
    DEN
    My Bikes
    blue fuji, black khs, yellow giant, and a little red 'Rosa
    Posts
    2,547
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CliftonGK1 View Post
    If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
    No NAT no hardware firewall no software firewall no AV programs. going on for 6+ years now

  6. #6
    370H-SSV-0773H linux_author's Avatar
    Join Date
    May 2005
    Location
    Penniless Park, Fla.
    My Bikes
    Merlin Fortius, Specialized Crossroads & Rockhopper, Serotta Fierte, Pedal Force RS2
    Posts
    2,760
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CliftonGK1 View Post
    If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
    the Evil Empire's own labs have determined this time period to be on the order of 30 seconds (albeit unpatched XP home boxen)...

    but now, with Comcast's Extreme50, your PC can be p0wnd 10X faster!


  7. #7
    Senior Member
    Join Date
    Apr 2007
    Location
    Minneapolis, MN
    Posts
    176
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know anyone who is completely unprotected anymore. Even my inlaws have hardware and software firewalls and don't even know it.

  8. #8
    pluralis majestatis redfooj's Avatar
    Join Date
    Feb 2004
    Location
    DEN
    My Bikes
    blue fuji, black khs, yellow giant, and a little red 'Rosa
    Posts
    2,547
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by linux_author View Post
    the Evil Empire's own labs have determined this time period to be on the order of 30 seconds (albeit unpatched XP home boxen)...

    but now, with Comcast's Extreme50™, your PC can be p0wnd 10X faster!

    ugh. whatever. you exaggerating *nix geeks.

  9. #9
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CliftonGK1 View Post
    If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.



    I thought "script kiddie" implied novice. Besides, what else is new? If you don't protect your machine, someone's going to figure out how to use it to their own advantage. These latest alerts are just more in a long line of the same old crap.
    There's script kiddie and then there's the n00b script kiddie. I'm not either of them, though if I maybe spent some time learning about security when I was younger, I could have been...
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  10. #10
    Belt drive! vtjim's Avatar
    Join Date
    Sep 2004
    Location
    Burlington, Vermont
    My Bikes
    2011 Trek Soho DLX
    Posts
    2,615
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Heh - My server service is disabled. But I installed the patch anyway.

  11. #11
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can't disable it; I might need it for File and Printer Sharing.
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  12. #12
    more ape than man timmhaan's Avatar
    Join Date
    Nov 2003
    Location
    nyc
    Posts
    8,093
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    script kitty?


  13. #13
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I use file and printer sharing extremely frequently on my local LAN, although the firewall/NAT box and WPA2-PSK wireless AP limit the entry points on the network.

    The people I worry about with this security issue are the people handed a DSL CSU/DSU with no firewalling capability, told to plug the power/LAN/phone cables in, and pretty much left on their own after that with only a "software firewall" separating them from major compromise and their computer's life as a botnet member. A lot at best will just let Windows Update automatically do its cycle, but others turn Windows Update off because they don't like the monthly reboot. These are one group who will be feeling the hurt big time.

    The second group that will be affected, will be large enterprises which need to updated thousands of machines immediately, and update install images so that vulnerability is not present in freshly installed boxes. There are always script kiddies in every corporation who will try go pwn as many boxes as they can before they are patched.

    Its not like other platforms/operating systems are perfect, but its good to have something other than Windows that is not as scrutinized by every script kiddy on earth to find a hole. Holes in Windows are bug bucks... pwn enough machines, a criminal can sell the botnet for good cash, or just run their own extortion/spam/ID theft racket by grabbing data files off of victims' PCs and selling anything juicy on the ID theft market.
    Last edited by mlts22; 10-23-08 at 02:32 PM.

  14. #14
    Footballus vita est iamlucky13's Avatar
    Join Date
    Jun 2002
    Location
    Portland, OR
    My Bikes
    Trek 4500, Kona Dawg
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by CliftonGK1 View Post
    If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
    I've been running XP for about 2 years now without a firewall. I did finally break down and install an AV suite a month or so ago on some suspicions, but my box is still squeaky clean. Amazing what can fail to happen when you actually pay attention to the updates and don't click on things without knowing what they are.
    "The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad

  15. #15
    Gears? CliftonGK1's Avatar
    Join Date
    Jul 2006
    Location
    Atlanta, GA
    My Bikes
    '08 Surly Cross-Check, 2011 Redline Conquest Pro, 2012 Spesh FSR Comp EVO, 2009 Spesh Singlecross, 2011 RM Flow1
    Posts
    11,304
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by redfooj View Post
    No NAT no hardware firewall no software firewall no AV programs. going on for 6+ years now
    My computer needs a shower just from knowing it's been on the same forum server as that.

  16. #16
    WTF is that smell? crackerjab's Avatar
    Join Date
    Dec 2005
    Location
    Charlotte, NC
    Posts
    449
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by iamlucky13 View Post
    I've been running XP for about 2 years now without a firewall. I did finally break down and install an AV suite a month or so ago on some suspicions, but my box is still squeaky clean. Amazing what can fail to happen when you actually pay attention to the updates and don't click on things without knowing what they are.
    +1

    Same here.

  17. #17
    Pwnerer Wordbiker's Avatar
    Join Date
    Jun 2005
    Location
    Pagosa Springs, CO, USA
    My Bikes
    Road, MTB, Cruiser, Chopper, BMX
    Posts
    2,880
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've been running without a firewall, no antivirus, never update, send my credit card info in emails, forward everything without using BCC, run with scissors, ride a bike without a helmet, drive with no seatbelt, have unprotected sex, make fun of Hells Angels, talk to strangers, click on every popup, use IE and operate electrical appliances with wet hands....never had a problem yet.
    Quote Originally Posted by ahsposo View Post
    Ski, bike and wish I was gay.

  18. #18
    *****es love tarck kemmer's Avatar
    Join Date
    Apr 2006
    Location
    Sandy, UT
    My Bikes
    so many
    Posts
    3,325
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Wordbiker View Post
    I've been running without a firewall, no antivirus, never update, send my credit card info in emails, forward everything without using BCC, run with scissors, ride a bike without a helmet, drive with no seatbelt, have unprotected sex, make fun of Hells Angels, talk to strangers, click on every popup, use IE and operate electrical appliances with wet hands....never had a problem yet.
    Yeah, me too...

  19. #19
    The Wheel is Turning The Figment's Avatar
    Join Date
    May 2006
    Location
    Virgil Kansas
    My Bikes
    '05 Novara (REI) Bonanza
    Posts
    540
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  20. #20
    Pwnerer Wordbiker's Avatar
    Join Date
    Jun 2005
    Location
    Pagosa Springs, CO, USA
    My Bikes
    Road, MTB, Cruiser, Chopper, BMX
    Posts
    2,880
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I look at running windows like riding a bike: It's hard work, not everyone gets it, but going through the hassle makes you stronger, more capable and more resilient. Buying a Mac is like driving an automatic: Sure, it's less hassle, but it makes you lazy. Linux is like keeping a moped running: Yeah, it's hella efficient and cheap, but man...it makes you greasy and look like a dork.
    Quote Originally Posted by ahsposo View Post
    Ski, bike and wish I was gay.

  21. #21
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,958
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MrCrassic View Post
    Thanks for the news.

    Looking to Slashdot, and then looking at the US-CERT and NVD, this is really really really serious. Basically, anyone can gain access to your computer (with admin privileges)

    Ahhhh, whoa there with the "anyone" part It is a serious vulnerability in cases where it can actually be touched, but a default standalone WinXP SP2 installation with its firewall enabled would repel attacks, for example. more clarity for those interested I certainly do urge everyone to pay attention and get the patch, of course.

    On the off-chance there are some people who'd like a security plan for home Windows PCs, instead of running nekkid through crocodile-infested waters with raw meat tied all over their bodies, etc, I have one that was developed from a combination of sysadmin experience and quite a lot of active malware hunting, so here ya go


    If you have a Windows box that survives, uninfected by something, more than a week online without even a basic NAT wall I'd be surprised.
    A well-secured Windows system is actually a very tough cookie. I've never had a successful compromise of my malware-hunting rig yet, and it's not for lack of opportunity See steps 1, 2, 6 and 12 in particular, in the guide I linked above.

  22. #22
    Body By Nintendo Psydotek's Avatar
    Join Date
    Sep 2006
    Location
    Videogames ruined my life. Good thing i have 2 extra lives.
    My Bikes
    Giant TCR2, Giant TCX, IRO BFSSFG SE, Salsa Casseroll, IRO Rob Roy.
    Posts
    3,191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Wordbiker View Post
    I look at running windows like riding a bike: It's hard work, not everyone gets it, but going through the hassle makes you stronger, more capable and more resilient. Buying a Mac is like driving an automatic: Sure, it's less hassle, but it makes you lazy. Linux is like keeping a moped running: Yeah, it's hella efficient and cheap, but man...it makes you greasy and look like a dork.
    Ya'know, that's probably the best analogy i've heard. The people who ***** and moan about Windows are usually those who don't want to put in the effort of learning it.

    I actually have automatic updates turned off on my computer, but i manually check every other month.

    I don't keep an antivirus installed, but i'll periodically install a free one (AVG or something) and run a scan. I do keep a spyware filter installed (Spybot Search & Destroy) and our DSL modem/router has a built in firewall.

    If you're smart about surfing the intr4w3bz and installing programs, you'll have very few problems really.

    Quote Originally Posted by jsharr View Post
    A girl once asked me to give her twelve inches and make it hurt. I had to make love to her 3 times and then punch her in the nose.

  23. #23
    Body By Nintendo Psydotek's Avatar
    Join Date
    Sep 2006
    Location
    Videogames ruined my life. Good thing i have 2 extra lives.
    My Bikes
    Giant TCR2, Giant TCX, IRO BFSSFG SE, Salsa Casseroll, IRO Rob Roy.
    Posts
    3,191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mechBgon View Post
    ...On the off-chance there are some people who'd like a security plan for home Windows PCs, instead of running nekkid through crocodile-infested waters with raw meat tied all over their bodies, etc, I have one that was developed from a combination of sysadmin experience and quite a lot of active malware hunting, so here ya go .
    I'm bookmarking that. Good tips. Also you mentioned the Windows Vista UAC on your "making a limited a limited account..." page. That seems to be one of the gripes people have about Vista and they turn it off.

    BAD IDEA!

    It only adds one or two extra clicks when it asks for your permission to do something and it'll save you from a headache sometimes by letting you quickly review what's going on before it happens.

    Quote Originally Posted by jsharr View Post
    A girl once asked me to give her twelve inches and make it hurt. I had to make love to her 3 times and then punch her in the nose.

  24. #24
    Senior Member
    Join Date
    Aug 2006
    Posts
    998
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Wordbiker View Post
    I look at running windows like riding a bike: It's hard work, not everyone gets it, but going through the hassle makes you stronger, more capable and more resilient. Buying a Mac is like driving an automatic: Sure, it's less hassle, but it makes you lazy. Linux is like keeping a moped running: Yeah, it's hella efficient and cheap, but man...it makes you greasy and look like a dork.
    I wonder where Solaris and AIX are in that analogy.

  25. #25
    pluralis majestatis redfooj's Avatar
    Join Date
    Feb 2004
    Location
    DEN
    My Bikes
    blue fuji, black khs, yellow giant, and a little red 'Rosa
    Posts
    2,547
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Wordbiker View Post
    I look at running windows like riding a bike:
    Yeah, in the biking world, there are spandex-helmet nazis who upgrade components every week and then fall down the first time they get on clipless, and then there are guys riding bikes for 40 years without ever taking a spill....

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •