blaster and microsoft's "fix" for itself.

http://www.theinquirer.net/?article=11067

"...As we've recently seen, these certifications don't guarantee that
these platforms are secure. These Microsoft "certified" operating
systems have just been compromised on a massive international scale by
the "LoveSAN" or "MSBlaster" worm. Microsoft has had to front-end its
"WindowsUpdate" site with about 15,000 Akamai servers this weekend (and
very ironically, those Akamai servers are all running Linux)...."



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg

"Colonel Flagg" <> wrote in
message news:.. .
> http://www.theinquirer.net/?article=11067
>
> "...As we've recently seen, these certifications don't guarantee that
> these platforms are secure. These Microsoft "certified" operating
> systems have just been compromised on a massive international scale by
> the "LoveSAN" or "MSBlaster" worm. Microsoft has had to front-end its
> "WindowsUpdate" site with about 15,000 Akamai servers this weekend (and
> very ironically, those Akamai servers are all running Linux)...."
>
>

Not ironic in the least Colonel. I do not know a single web developer (and
I know a ton of them) that would put so much as a one-page website on an MS
box. Even the MS programmer I happen to know, who earns his living
programming software specifically for MS products and beta tests every
version of Windows to come down the pike, hosts his own website on Linux and
has for years. Website + Windows = problems, problems and many more
problems

In article <>,
ks says...
>
> "Colonel Flagg" <> wrote in
> message news:.. .
> > http://www.theinquirer.net/?article=11067
> >
> > "...As we've recently seen, these certifications don't guarantee that
> > these platforms are secure. These Microsoft "certified" operating
> > systems have just been compromised on a massive international scale by
> > the "LoveSAN" or "MSBlaster" worm. Microsoft has had to front-end its
> > "WindowsUpdate" site with about 15,000 Akamai servers this weekend (and
> > very ironically, those Akamai servers are all running Linux)...."
> >
> >
>
> Not ironic in the least Colonel. I do not know a single web developer (and
> I know a ton of them) that would put so much as a one-page website on an MS
> box. Even the MS programmer I happen to know, who earns his living
> programming software specifically for MS products and beta tests every
> version of Windows to come down the pike, hosts his own website on Linux and
> has for years. Website + Windows = problems, problems and many more
> problems

You are so full of **** - I've got more than 100 sites running ASP,
ASP.Net, html, and dhtm running on IIS 5 and IIS 6 that have never been
hacked. We've built many web applications for state government that are
in use across the state (with public access) that have never been
hacked.

If you know how to secure a web site, on any OS, you can keep it from
being hacked! MS IIS is not really any worse than the others.

--
--

(Remove 999 to reply to me)

In article <>,
says...
> In article <>,
> ks says...
> >
> > "Colonel Flagg" <> wrote in
> > message news:.. .
> > > http://www.theinquirer.net/?article=11067
> > >
> > > "...As we've recently seen, these certifications don't guarantee that
> > > these platforms are secure. These Microsoft "certified" operating
> > > systems have just been compromised on a massive international scale by
> > > the "LoveSAN" or "MSBlaster" worm. Microsoft has had to front-end its
> > > "WindowsUpdate" site with about 15,000 Akamai servers this weekend (and
> > > very ironically, those Akamai servers are all running Linux)...."
> > >
> > >
> >
> > Not ironic in the least Colonel. I do not know a single web developer (and
> > I know a ton of them) that would put so much as a one-page website on an MS
> > box. Even the MS programmer I happen to know, who earns his living
> > programming software specifically for MS products and beta tests every
> > version of Windows to come down the pike, hosts his own website on Linux and
> > has for years. Website + Windows = problems, problems and many more
> > problems
>
> You are so full of **** - I've got more than 100 sites running ASP,
> ASP.Net, html, and dhtm running on IIS 5 and IIS 6 that have never been
> hacked. We've built many web applications for state government that are
> in use across the state (with public access) that have never been
> hacked.
>
> If you know how to secure a web site, on any OS, you can keep it from
> being hacked! MS IIS is not really any worse than the others.
>
>


even Microsoft didn't trust it during this recent blaster worm incident,
why should you?



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

In article <>,
says...
> In article <>,
> says...
> > In article <>,
> > ks says...
> > >
> > > "Colonel Flagg" <> wrote in
> > > message news:.. .
> > > > http://www.theinquirer.net/?article=11067
> > > >
> > > > "...As we've recently seen, these certifications don't guarantee that
> > > > these platforms are secure. These Microsoft "certified" operating
> > > > systems have just been compromised on a massive international scale by
> > > > the "LoveSAN" or "MSBlaster" worm. Microsoft has had to front-end its
> > > > "WindowsUpdate" site with about 15,000 Akamai servers this weekend (and
> > > > very ironically, those Akamai servers are all running Linux)...."
> > > >
> > > >
> > >
> > > Not ironic in the least Colonel. I do not know a single web developer (and
> > > I know a ton of them) that would put so much as a one-page website on an MS
> > > box. Even the MS programmer I happen to know, who earns his living
> > > programming software specifically for MS products and beta tests every
> > > version of Windows to come down the pike, hosts his own website on Linux and
> > > has for years. Website + Windows = problems, problems and many more
> > > problems
> >
> > You are so full of **** - I've got more than 100 sites running ASP,
> > ASP.Net, html, and dhtm running on IIS 5 and IIS 6 that have never been
> > hacked. We've built many web applications for state government that are
> > in use across the state (with public access) that have never been
> > hacked.
> >
> > If you know how to secure a web site, on any OS, you can keep it from
> > being hacked! MS IIS is not really any worse than the others.
> >
> >
>
>
> even Microsoft didn't trust it during this recent blaster worm incident,
> why should you?
>
If you have a flaw in your operating system, it would be better to
disconnect it from the Internet until it was fixed. As far as Leythos
trusting IIS, I can say from just knowing him through his postings: he
doesn't trust any operating system and or application. He does his job
and makes sure there are no external problems. (Key Word: external).

Colonel Flagg wrote:
> In article <>,
> says...
>> In article <>,
>> ks says...
>>>
>>> "Colonel Flagg" <>
>>> wrote in message news:.. .
>>>> http://www.theinquirer.net/?article=11067
>>>>
>>>> "...As we've recently seen, these certifications don't guarantee
>>>> that these platforms are secure. These Microsoft "certified"
>>>> operating
>>>> systems have just been compromised on a massive international
>>>> scale by the "LoveSAN" or "MSBlaster" worm. Microsoft has had to
>>>> front-end its "WindowsUpdate" site with about 15,000 Akamai
>>>> servers this weekend (and very ironically, those Akamai servers
>>>> are all running Linux)...."
>>>>
>>>>
>>>
>>> Not ironic in the least Colonel. I do not know a single web
>>> developer (and I know a ton of them) that would put so much as a
>>> one-page website on an MS box. Even the MS programmer I happen to
>>> know, who earns his living programming software specifically for MS
>>> products and beta tests every version of Windows to come down the
>>> pike, hosts his own website on Linux and has for years. Website +
>>> Windows = problems, problems and many more problems
>>
>> You are so full of **** - I've got more than 100 sites running ASP,
>> ASP.Net, html, and dhtm running on IIS 5 and IIS 6 that have never
>> been hacked. We've built many web applications for state government
>> that are
>> in use across the state (with public access) that have never been
>> hacked.
>>
>> If you know how to secure a web site, on any OS, you can keep it from
>> being hacked! MS IIS is not really any worse than the others.
>>
>>
>
>
> even Microsoft didn't trust it during this recent blaster worm
> incident,
> why should you?


Microsoft needed to mirror their site in a hurry and Akamai had the capacity
and server distribution to do the job. A distributed system such as this is
inherently less susceptible to DDoS attacks.The fact they use a Linux OS is
irrelevant.
--
Winerr 012 - Cash Underflow - Credit Card Number Will Be Assimilated

In article <> ,
says...
[snip]
> If you have a flaw in your operating system, it would be better to
> disconnect it from the Internet until it was fixed. As far as Leythos
> trusting IIS, I can say from just knowing him through his postings: he
> doesn't trust any operating system and or application. He does his job
> and makes sure there are no external problems. (Key Word: external).

I must say thanks - I don't know who you are, but I appreciate the
comments. I strive to provide the best service to my clients, never
install anything we've not already tested, and have never had a client
been compromised by an worm/virus/external hacker ever (almost 20
years).

Thanks again,
Mark

--
--

(Remove 999 to reply to me)

"Colonel Flagg" <> wrote in
message news:.. .
>
>
> You are, for the most part, correct. However, it is relevant to the
> point that THE hosting solution Microsoft picked, over all of the
> others, uses Linux.
>
> 1) I am sure Microsoft knew this to begin with.
>
> 2) Akamai chooses Linux for a reason.
>
> 3) Linux saved Microsoft's ass
>
>
>

Well actually if you want to be technical about it all the MS sites were and
are still on Windows 2003/IIS

The caching/load balancing solution they use is on Linux not the actual
sites.

Also they saved their asses by removing the dns record for windowsupdate.com

They used Akamai before all of this happened, I'd guess they save MS's ass
every day.

--

-+ Shaolin +-
Discard what is useless, absorb what is not and
add what is uniquely your own.

.: http://www.security-forums.com :.

In article <>, abuse@127.0.0.1 says...
> "Colonel Flagg" <> wrote in
> message news:.. .
> >
> >
> > You are, for the most part, correct. However, it is relevant to the
> > point that THE hosting solution Microsoft picked, over all of the
> > others, uses Linux.
> >
> > 1) I am sure Microsoft knew this to begin with.
> >
> > 2) Akamai chooses Linux for a reason.
> >
> > 3) Linux saved Microsoft's ass
> >
> >
> >
>
> Well actually if you want to be technical about it all the MS sites were and
> are still on Windows 2003/IIS
>

That's not what the article said.



> The caching/load balancing solution they use is on Linux not the actual
> sites.
>


So you're saying the actual Windows server can't handle the load so they
use linux?



> Also they saved their asses by removing the dns record for windowsupdate.com
>

x2 actually.... their DNS servers were run on Win2k, their website *was*
Win2k/IIS, by removing the DNS they saved themselves by not killing the
Win2k DNS and the webservers from overload.




> They used Akamai before all of this happened, I'd guess they save MS's ass
> every day.
>
>


Cool. Microsoft runs on linux all the time.

Nice info to store in the M$ bashing side of my brain




--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

"Colonel Flagg" <> wrote in
message news:.. .
<snip>
> >
> > Well actually if you want to be technical about it all the MS sites were
and
> > are still on Windows 2003/IIS
> >
>
> That's not what the article said.

Check this out: http://www.theregister.co.uk/content/4/32385.html

>
>
>
> > The caching/load balancing solution they use is on Linux not the actual
> > sites.
> >
>
>
> So you're saying the actual Windows server can't handle the load so they
> use linux?
>

Yes

>
>
> Cool. Microsoft runs on linux all the time.
>
> Nice info to store in the M$ bashing side of my brain
>

The best one for me personally is that Hotmail ran on BSD last time I looked
and they use Postfix as an MTA not Exchange


--

-+ Shaolin +-
Discard what is useless, absorb what is not and
add what is uniquely your own.

.: http://www.security-forums.com :.