Malware targets holes Microsoft already plugged

Discussion in 'Computer Support' started by Au79, Jul 25, 2006.

  1. Au79

    Au79 Guest

    Au79, Jul 25, 2006
    #1
    1. Advertising

  2. Au79

    Paul Guest

    "Au79" <> wrote in message
    news:3Ovxg.15953$...
    > Inquirer - Harrow,Middlesex,UK
    >
    > Microsoft had slapped a severity rating of 'critical ... on two of the
    > exploited vulnerabilities, when plugging ... experts had warned that the
    > vulnerability ...
    >
    > <http://www.theinquirer.net/default.aspx?article=33246>
    > --


    Read it carefully before making a fool of yourself:

     
    Paul, Jul 25, 2006
    #2
    1. Advertising

  3. Au79

    Au79 Guest

    Paul wrote:

    >
    > "Au79" <> wrote in message
    > news:3Ovxg.15953$...
    >> Inquirer - Harrow,Middlesex,UK
    >>
    >> Microsoft had slapped a severity rating of 'critical ... on two of the
    >> exploited vulnerabilities, when plugging ... experts had warned that the
    >> vulnerability ...
    >>
    >> <http://www.theinquirer.net/default.aspx?article=33246>
    >> --

    >
    > Read it carefully before making a fool of yourself:
    >
    >


    Read it carefully before making a fool of yourself (albeit too late):

    <quote>

    THE SANS INTERNET Storm Centre has warned of exploit code for three
    vulnerabilities Microsoft *plugged* *earlier* *this month* [meaning part of
    July's security patch].

    </quote>


    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html

    http://free.thelinuxstore.ca/
     
    Au79, Jul 25, 2006
    #3
  4. Au79

    Paul Guest

    "Au79" <> wrote in message
    news:OWvxg.15958$...
    > Paul wrote:
    >
    >>
    >> "Au79" <> wrote in message
    >> news:3Ovxg.15953$...
    >>> Inquirer - Harrow,Middlesex,UK
    >>>
    >>> Microsoft had slapped a severity rating of 'critical ... on two of the
    >>> exploited vulnerabilities, when plugging ... experts had warned that the
    >>> vulnerability ...
    >>>
    >>> <http://www.theinquirer.net/default.aspx?article=33246>
    >>> --

    >>
    >> Read it carefully before making a fool of yourself:
    >>
    >>

    >
    > Read it carefully before making a fool of yourself (albeit too late):
    >
    > <quote>
    >
    > THE SANS INTERNET Storm Centre has warned of exploit code for three
    > vulnerabilities Microsoft *plugged* *earlier* *this month* [meaning part
    > of
    > July's security patch].
    >
    > </quote>
    >
    >


    Exactly, the holes have already been plugged.
     
    Paul, Jul 25, 2006
    #4
  5. Au79

    Ponder Guest

    Hiya Au79.

    In <news:3Ovxg.15953$> you wrote:

    > Microsoft had slapped a severity rating of 'critical ... on two of the
    > exploited vulnerabilities, when plugging ... experts had warned that the
    > vulnerability ...


    Comparable to Linux vulnerabilities then.

    And just in case you don't get it, Linux is now my primary OS. I'm not
    anti-Linux I'm anti-thoughtless copy/pasting and anti-posting any URL
    pointing out competing OS vulnerabilities without making it clear that
    there are equivalent Linux vulnerabilities too.

    Do you work for a tabloid newspaper by any chance? ;)

    --
    PGP key ID - DSS:0x2661A952
    Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
    Skittles Team: http://www.ddskittles.co.uk
     
    Ponder, Jul 26, 2006
    #5
  6. It was on Wednesday 26 July 2006 12:32 am, that Ponder apparently said:

    > Hiya Au79.
    >
    > In <news:3Ovxg.15953$> you wrote:
    >
    >> Microsoft had slapped a severity rating of 'critical ... on two of the
    >> exploited vulnerabilities, when plugging ... experts had warned that the
    >> vulnerability ...

    >
    > Comparable to Linux vulnerabilities then.
    >
    > And just in case you don't get it, Linux is now my primary OS. I'm not
    > anti-Linux I'm anti-thoughtless copy/pasting and anti-posting any URL
    > pointing out competing OS vulnerabilities without making it clear that
    > there are equivalent Linux vulnerabilities too.


    And what are these "equivalent Linux vulnerabilities", & which distros? What may
    affect one linux distro would not necessarily affect others.

    > Do you work for a tabloid newspaper by any chance? ;)
    >


    --
    Disk full - remove Windows?
    Y - Yes!
    F - FFS YES!
     
    William Poaster, Jul 26, 2006
    #6
  7. Au79

    Ponder Guest

    Hiya William Poaster.

    In <news:2.eu> you wrote:

    > And what are these "equivalent Linux vulnerabilities", & which distros? What may
    > affect one linux distro would not necessarily affect others.


    How about the ssh one that got me some years ago? Yes it's been plugged
    but it affected all distros. I was hit because it required a massive amount
    of work to upgrade ssh due to glibc being split in the rpm repository. That
    took a lot of hacking to upgrade, let me tell you.

    Debian's apt-get system is far more constant and no trouble to keep up to
    date but if there were no bugs or vulnerabilities why update perfectly
    functional software? I still see updates for some pretty core functions so
    something must be happening. Don't get blinkered and think you're secure
    just because you're running Linux, if it's not maintained you could fall
    prey to a rootkit or two.

    --
    PGP key ID - DSS:0x2661A952
    Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
    Skittles Team: http://www.ddskittles.co.uk
     
    Ponder, Jul 26, 2006
    #7
  8. It was on Wed, 26 Jul 2006 12:50:13 +0000, that Ponder wrote:

    > Hiya William Poaster.
    >
    > In <news:2.eu> you wrote:
    >
    >> And what are these "equivalent Linux vulnerabilities", & which distros? What may
    >> affect one linux distro would not necessarily affect others.

    >
    > How about the ssh one that got me some years ago? Yes it's been plugged
    > but it affected all distros. I was hit because it required a massive amount
    > of work to upgrade ssh due to glibc being split in the rpm repository. That
    > took a lot of hacking to upgrade, let me tell you.


    Yes, that's one example, & I bet it did. However it seems to me that the
    big difference in vulnerabilities between GNU/linux & Windows, is that
    GNU/linux is less prone to remote ones than windows...which appears to be
    backed up by security experts:
    http://searchwindowssecurity.techta...0,289142,sid45_gci1103761,00.html?bucket=NEWS

    http://www.techenclave.com/forums/how-secure-is-your-computer-694.html

    Also, don't forget the Honeypot Project report:
    http://www.eweek.com/article2/0,1895,1752343,00.asp

    > Debian's apt-get system is far more constant and no trouble to keep up to
    > date but if there were no bugs or vulnerabilities why update perfectly
    > functional software? I still see updates for some pretty core functions so
    > something must be happening.


    Just because something works perfectly well, doesn't mean there shouldn't
    be ongoing improvements.

    > Don't get blinkered and think you're secure just because you're running
    > Linux, if it's not maintained you could fall prey to a rootkit or two.


    Of course, *if* it's not maintained. I run chkrootkit periodically to
    check for any rootkits. Also in SuSE linux 10.1, AppArmor is enabled by
    default. http://en.opensuse.org/Apparmor (I believe it is also available
    for Ubuntu now).

    I've been using GNU/linux distros for a long time, & security was one of
    the things that attracted me to use it, after a *lot* of research on the
    matter.

    --
    If a cell phone call was to fall into a black hole,
    would it be a cingularity?
     
    William Poaster, Jul 26, 2006
    #8
  9. Au79

    Jimchip Guest

    On 2006-07-26, Ponder <> wrote:
    > Hiya William Poaster.
    >
    > In <news:2.eu> you wrote:
    >
    >> And what are these "equivalent Linux vulnerabilities", & which distros? What may
    >> affect one linux distro would not necessarily affect others.

    >
    > How about the ssh one that got me some years ago? Yes it's been plugged
    > but it affected all distros. I was hit because it required a massive amount
    > of work to upgrade ssh due to glibc being split in the rpm repository. That
    > took a lot of hacking to upgrade, let me tell you.
    >
    > Debian's apt-get system is far more constant and no trouble to keep up to
    > date but if there were no bugs or vulnerabilities why update perfectly
    > functional software? I still see updates for some pretty core functions so
    > something must be happening. Don't get blinkered and think you're secure
    > just because you're running Linux, if it's not maintained you could fall
    > prey to a rootkit or two.


    Debian apt-get (I use Synaptics as the Gnome 2.14 interface to it) has
    regular security source and package updates at a different location than
    the typical distro download mirrors. It's all automatic if one does a
    standard install, for example. I switched to Etch...don't ask me why but
    it is doing OK, for me.
    ------------------------
    partial Sources.list

    deb http://ftp.us.debian.org/debian/ etch main contrib non-free
    deb-src http://ftp.us.debian.org/debian/ etch main

    deb http://security.debian.org/ etch/updates main
    deb-src http://security.debian.org/ etch/updates main
    ------------------------

    --
    "One Architecture, One OS" also translates as "One Egg, One Basket".
     
    Jimchip, Jul 26, 2006
    #9
  10. It was on Wed, 26 Jul 2006 15:31:32 +0000, that Jimchip wrote:

    > On 2006-07-26, Ponder <> wrote:
    >> Hiya William Poaster.
    >>
    >> In <news:2.eu> you wrote:
    >>
    >>> And what are these "equivalent Linux vulnerabilities", & which distros? What may
    >>> affect one linux distro would not necessarily affect others.

    >>
    >> How about the ssh one that got me some years ago? Yes it's been plugged
    >> but it affected all distros. I was hit because it required a massive amount
    >> of work to upgrade ssh due to glibc being split in the rpm repository. That
    >> took a lot of hacking to upgrade, let me tell you.
    >>
    >> Debian's apt-get system is far more constant and no trouble to keep up to
    >> date but if there were no bugs or vulnerabilities why update perfectly
    >> functional software? I still see updates for some pretty core functions so
    >> something must be happening. Don't get blinkered and think you're secure
    >> just because you're running Linux, if it's not maintained you could fall
    >> prey to a rootkit or two.

    >
    > Debian apt-get (I use Synaptics as the Gnome 2.14 interface to it) has
    > regular security source and package updates at a different location than
    > the typical distro download mirrors. It's all automatic if one does a
    > standard install, for example. I switched to Etch...don't ask me why but
    > it is doing OK, for me.
    > ------------------------
    > partial Sources.list
    >
    > deb http://ftp.us.debian.org/debian/ etch main contrib non-free
    > deb-src http://ftp.us.debian.org/debian/ etch main
    >
    > deb http://security.debian.org/ etch/updates main
    > deb-src http://security.debian.org/ etch/updates main
    > ------------------------


    I have to say, after using apt-get in Kubuntu & Debian, I rather like it!
    apt-get is also available for SuSE linux. :)

    --
    98% of linux problems *windows* users whine about,
    emanate from somewhere between the chair and the PC.
    Either the person cannot read, doesn't understand
    what they read, or they can't be bothered.
     
    William Poaster, Jul 26, 2006
    #10
  11. Au79

    Ponder Guest

    Hiya William Poaster.

    In <news:2.eu> you wrote:

    > Yes, that's one example, & I bet it did. However it seems to me that the
    > big difference in vulnerabilities between GNU/linux & Windows, is that
    > GNU/linux is less prone to remote ones than windows...which appears to be
    > backed up by security experts:


    Of course it is, this wasn't my argument. My argument is Au79's blind
    posting of problems without doing any research himself.

    > Just because something works perfectly well, doesn't mean there shouldn't
    > be ongoing improvements.


    True, but Linux vulnerabilities don't make the public eye so much and
    they're also fixed a damned sight quicker. Doesn't mean they can't exist.

    >> Don't get blinkered and think you're secure just because you're running
    >> Linux, if it's not maintained you could fall prey to a rootkit or two.

    > Of course, *if* it's not maintained. I run chkrootkit periodically to
    > check for any rootkits. Also in SuSE linux 10.1, AppArmor is enabled by
    > default. http://en.opensuse.org/Apparmor (I believe it is also available
    > for Ubuntu now).


    Yup, you're not complacent, which means you know it's possible to let
    stuff through if you're not careful ;)

    > I've been using GNU/linux distros for a long time, & security was one of
    > the things that attracted me to use it, after a *lot* of research on the
    > matter.


    Same here. Security is *far* better but as I've said time and time again
    you can never be too sure.

    --
    PGP key ID - DSS:0x2661A952
    Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
    Skittles Team: http://www.ddskittles.co.uk
     
    Ponder, Jul 26, 2006
    #11
  12. Au79

    Au79 Guest

    Paul wrote:

    >
    > "Au79" <> wrote in message
    > news:OWvxg.15958$...
    >> Paul wrote:
    >>
    >>>
    >>> "Au79" <> wrote in message
    >>> news:3Ovxg.15953$...
    >>>> Inquirer - Harrow,Middlesex,UK
    >>>>
    >>>> Microsoft had slapped a severity rating of 'critical ... on two of the
    >>>> exploited vulnerabilities, when plugging ... experts had warned that
    >>>> the vulnerability ...
    >>>>
    >>>> <http://www.theinquirer.net/default.aspx?article=33246>
    >>>> --
    >>>
    >>> Read it carefully before making a fool of yourself:
    >>>
    >>>

    >>
    >> Read it carefully before making a fool of yourself (albeit too late):
    >>
    >> <quote>
    >>
    >> THE SANS INTERNET Storm Centre has warned of exploit code for three
    >> vulnerabilities Microsoft *plugged* *earlier* *this month* [meaning part
    >> of
    >> July's security patch].
    >>
    >> </quote>
    >>
    >>

    >
    > Exactly, the holes have already been plugged.


    It means that the SANS Internet Storm Centre has warned of exploit code for
    three vulnerabilities ALREADY plugged. There's no information on these
    being RE-plugged.

    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html

    http://free.thelinuxstore.ca/
     
    Au79, Jul 26, 2006
    #12
  13. Au79

    Jimchip Guest

    On 2006-07-26, Ponder <> wrote:
    > Hiya William Poaster.
    >
    > In <news:2.eu> you wrote:
    >
    >> Yes, that's one example, & I bet it did. However it seems to me that the
    >> big difference in vulnerabilities between GNU/linux & Windows, is that
    >> GNU/linux is less prone to remote ones than windows...which appears to be
    >> backed up by security experts:

    >
    > Of course it is, this wasn't my argument. My argument is Au79's blind
    > posting of problems without doing any research himself.


    I'll stop my follow-up with my agreement "here". :)
    [snip]

    --
    "One Architecture, One OS" also translates as "One Egg, One Basket".
     
    Jimchip, Jul 26, 2006
    #13
  14. Au79

    Jimchip Guest

    On 2006-07-26, William Poaster <> wrote:
    [snip]

    > I have to say, after using apt-get in Kubuntu & Debian, I rather like it!
    > apt-get is also available for SuSE linux. :)


    There are .rpm/.deb conversion tools, also. I'm pretty impressed with
    modern compatibility between different distros...It weren't always that
    way.


    --
    "One Architecture, One OS" also translates as "One Egg, One Basket".
     
    Jimchip, Jul 26, 2006
    #14
  15. It was on Wed, 26 Jul 2006 16:46:36 +0000, that Ponder wrote:

    > Hiya William Poaster.
    >
    > In <news:2.eu> you wrote:
    >
    >> Yes, that's one example, & I bet it did. However it seems to me that the
    >> big difference in vulnerabilities between GNU/linux & Windows, is that
    >> GNU/linux is less prone to remote ones than windows...which appears to be
    >> backed up by security experts:

    >
    > Of course it is, this wasn't my argument. My argument is Au79's blind
    > posting of problems without doing any research himself.


    Agreed. :)

    >> Just because something works perfectly well, doesn't mean there shouldn't
    >> be ongoing improvements.

    >
    > True, but Linux vulnerabilities don't make the public eye so much and
    > they're also fixed a damned sight quicker. Doesn't mean they can't exist.
    >
    >>> Don't get blinkered and think you're secure just because you're running
    >>> Linux, if it's not maintained you could fall prey to a rootkit or two.


    >> Of course, *if* it's not maintained. I run chkrootkit periodically to
    >> check for any rootkits. Also in SuSE linux 10.1, AppArmor is enabled by
    >> default. http://en.opensuse.org/Apparmor (I believe it is also
    >> available for Ubuntu now).

    >
    > Yup, you're not complacent, which means you know it's possible to let
    > stuff through if you're not careful
    >
    >> I've been using GNU/linux distros for a long time, & security was one
    >> of the things that attracted me to use it, after a *lot* of research on
    >> the matter.

    >
    > Same here. Security is *far* better but as I've said time and time
    > again you can never be too sure.


    True. :)

    --
    98% of linux problems *windows* users whine about,
    emanate from somewhere between the chair and the PC.
    Either the person cannot read, doesn't understand
    what they read, or they can't be bothered.
     
    William Poaster, Jul 26, 2006
    #15
  16. Au79

    sloblocks Guest

    Au79 laid this down on his screen :
    > Paul wrote:
    >
    >>
    >> "Au79" <> wrote in message
    >> news:OWvxg.15958$...
    >>> Paul wrote:
    >>>
    >>>>
    >>>> "Au79" <> wrote in message
    >>>> news:3Ovxg.15953$...
    >>>>> Inquirer - Harrow,Middlesex,UK
    >>>>>
    >>>>> Microsoft had slapped a severity rating of 'critical ... on two of the
    >>>>> exploited vulnerabilities, when plugging ... experts had warned that
    >>>>> the vulnerability ...
    >>>>>
    >>>>> <http://www.theinquirer.net/default.aspx?article=33246>
    >>>>> --
    >>>>
    >>>> Read it carefully before making a fool of yourself:
    >>>>
    >>>>
    >>>
    >>> Read it carefully before making a fool of yourself (albeit too late):
    >>>
    >>> <quote>
    >>>
    >>> THE SANS INTERNET Storm Centre has warned of exploit code for three
    >>> vulnerabilities Microsoft *plugged* *earlier* *this month* [meaning part
    >>> of
    >>> July's security patch].
    >>>
    >>> </quote>
    >>>
    >>>

    >>
    >> Exactly, the holes have already been plugged.

    >
    > It means that the SANS Internet Storm Centre has warned of exploit code for
    > three vulnerabilities ALREADY plugged. There's no information on these
    > being RE-plugged.


    No it doesn't:
    "It's as if malware writers wait for teh Vole to tell them where the
    holes are, then race to expolit them before ordinary mortals hit the
    update button."

    See? the exploits released are to try and catch machines that haven't
    been patched, just like most of the recent virus(s); patches were
    available before the problem arose.

    As for people not patching their systems.. well, that's another story.



    --
    I'd have a fancy signature, but I haven't thought of one yet.
     
    sloblocks, Jul 26, 2006
    #16
  17. Au79

    sloblocks Guest

    on 26/07/2006, William Poaster supposed :
    ....
    > Also in SuSE linux 10.1, AppArmor is enabled by
    > default. http://en.opensuse.org/Apparmor (I believe it is also available
    > for Ubuntu now).


    "AppArmor is an application security tool designed to provide an
    easy-to-use security framework for your applications. AppArmor
    proactively protects the operating system and applications from
    external or internal threats, even zero-day attacks, by enforcing good
    behavior and preventing even unknown application flaws from being
    exploited."


    Bang goes the argument that Linux is more secure by design then....

    --
    I'd have a fancy signature, but I haven't thought of one yet.
     
    sloblocks, Jul 26, 2006
    #17
  18. Au79

    Jimchip Guest

    On 2006-07-26, sloblocks <> wrote:
    > on 26/07/2006, William Poaster supposed :
    > ...
    >> Also in SuSE linux 10.1, AppArmor is enabled by
    >> default. http://en.opensuse.org/Apparmor (I believe it is also available
    >> for Ubuntu now).

    >
    > "AppArmor is an application security tool designed to provide an
    > easy-to-use security framework for your applications. AppArmor
    > proactively protects the operating system and applications from
    > external or internal threats, even zero-day attacks, by enforcing good
    > behavior and preventing even unknown application flaws from being
    > exploited."
    >
    >
    > Bang goes the argument that Linux is more secure by design then....


    Bang goes your point...*pow*, it's dead. Linux is more secure by design
    and AppArmor is even *extra* protection for super-secure types. The
    biggest threat to a Linux system is one used as a mail server for a
    Windows client. Nothing bad will happen to the Linux system but it does
    take more than an out-of-the-box install to make sure that the mail
    server doesn't pass on an infected email to a windows client. The
    user/client may want attachments forwarded to their inbox but it still
    is the postmaster's responsibility to catch the bad ones.

    --
    "One Architecture, One OS" also translates as "One Egg, One Basket".
     
    Jimchip, Jul 26, 2006
    #18
  19. Au79

    Ponder Guest

    Hiya sloblocks.

    In <news:> you wrote:

    > Bang goes the argument that Linux is more secure by design then....


    Wrong, but it never hurts to be cautious.

    --
    PGP key ID - DSS:0x2661A952
    Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
    Skittles Team: http://www.ddskittles.co.uk
     
    Ponder, Jul 26, 2006
    #19
  20. Au79

    sloblocks Guest

    Jimchip formulated on Wednesday :
    > On 2006-07-26, sloblocks <> wrote:
    >> on 26/07/2006, William Poaster supposed :
    >> ...
    >>> Also in SuSE linux 10.1, AppArmor is enabled by
    >>> default. http://en.opensuse.org/Apparmor (I believe it is also available
    >>> for Ubuntu now).

    >>
    >> "AppArmor is an application security tool designed to provide an
    >> easy-to-use security framework for your applications. AppArmor
    >> proactively protects the operating system and applications from
    >> external or internal threats, even zero-day attacks, by enforcing good
    >> behavior and preventing even unknown application flaws from being
    >> exploited."
    >>
    >>
    >> Bang goes the argument that Linux is more secure by design then....

    >
    > Bang goes your point...*pow*, it's dead. Linux is more secure by design
    > and AppArmor is even *extra* protection for super-secure types. The
    > biggest threat to a Linux system is one used as a mail server for a
    > Windows client. Nothing bad will happen to the Linux system but it does
    > take more than an out-of-the-box install to make sure that the mail
    > server doesn't pass on an infected email to a windows client. The
    > user/client may want attachments forwarded to their inbox but it still
    > is the postmaster's responsibility to catch the bad ones.


    Really? Strange how the website doesn't say anything about that.. it
    says:

    "AppArmor security policies, called "profiles", completely define what
    system resources individual applications can access, and with what
    privileges. A number of default profiles are included with AppArmor,
    and using a combination of advanced static analysis and learning-based
    tools, AppArmor profiles for even very complex applications can be
    deployed successfully in a matter of hours."

    Which to me says it sand boxes applications. And here's me thinking
    that Linux effectively did that by design anyway.

    Oh well. You live and learn.

    --
    I'd have a fancy signature, but I haven't thought of one yet.
     
    sloblocks, Jul 26, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tech

    Virus Finds Holes In Microsoft System

    Tech, Jul 23, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    433
  2. Imhotep

    Backdoor Trojan targets Microsoft Access

    Imhotep, Oct 7, 2005, in forum: Computer Security
    Replies:
    0
    Views:
    444
    Imhotep
    Oct 7, 2005
  3. Au79
    Replies:
    12
    Views:
    587
    Ponder
    Apr 19, 2006
  4. Au79
    Replies:
    2
    Views:
    443
  5. Jonathan Walker

    Malware targets OpenOffice users

    Jonathan Walker, May 23, 2007, in forum: NZ Computing
    Replies:
    41
    Views:
    1,058
    Unknown
    Jun 2, 2007
Loading...

Share This Page