DDOS attack Microsoft

Discussion in 'Computer Security' started by Manoj Paul Joseph, Sep 7, 2003.

  1. As User so eloquently gibbered on Sun, 14 Sep 2003 at 06:48 GMT:
    I wouldn't know. I install Mandrake these days for my own use. I did
    install Redhat and made sure it's functional on some machines I've
    built for sale in the recent past, and I used to use it regularly over
    several years. I decided to move along a few months back, though. And
    I'm likely going to go with Mandrake on future machines I sell.

    For my own use, either Gentoo (likely) or Debian will be next.
     
    Sinister Midget, Sep 14, 2003
    1. Advertisements

  2. Then they still haven't got it right. If they don't know the
    difference between viewing a data file and executing arbitrary
    code then they are even more clueless than I thought.
     
    Chris F.A. Johnson, Sep 14, 2003
    1. Advertisements

  3. Manoj Paul Joseph

    Max Burke Guest

    Ed Murphy scribbled:
    It's a default block on all attachments; The user has to explicitly
    allow certain file types through by deleting the file extensions from
    the IE unsafe files list. (the hard way)
    More info at:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;291387

    The easy way is to go to:

    Tools
    Options
    Clear do not allow attachments...

    (use at your own risk....)
    I dont think it does that now as OE automatically runs in IE's
    restricted zone and that is blocked in this zone.
    Yes it does, so it again relies on the user to know what they're doing,
    and that the link is safe.
    As far as I'm aware though it will only allow the links to be
    'clickable' if the website is listed in IE as a trusted website, one
    that the user has added to the trusted zone.
    OE will display full HTML in the preview pane, but again only for
    websites loaded in IE's trusted zone.
    Yes.

    To read in plain text:
    Tools
    Options
    Read
    Read all messages in plain text.

    To send in plain text:
    Tools
    Options
    Mail & news sending format
    Plain text
    It doesn't, and still has the annoying habit/bug that when dragging a
    message to a new newsgroup (to reply to) of over-riding plain text
    settings with the default font (Unicode UTF8) which stuffs up text
    formating/quoting when using third party add ons like OE Quote fix...

    Another bug MS fixed in OE and IE recently was the one where a simple
    html instruction would crash IE and OE when going to a website or
    opening an e-mail reading a newsgroup message that had the html code in
    it.

    They still haven't fixed the 'begin' bug in OE though....
     
    Max Burke, Sep 14, 2003
  4. Manoj Paul Joseph

    Max Burke Guest

    scribbled:

    I dont play the numbers game......
    Just because one OS has bug reports at any particular time does not
    alter the fact that other OS'es have bugs as well.....

    I could suggest that MS has so many 'reported' bugs because so many are
    looking for them, just to have their 15 minutes of fame in the IT world.
    ROTFLOL
     
    Max Burke, Sep 14, 2003
  5. Manoj Paul Joseph

    Mike Byrns Guest

    It's amazing to watch you two jerk each other off like this.

     
    Mike Byrns, Sep 14, 2003
  6. As Mike Byrns so eloquently gibbered on Sun, 14 Sep 2003 at 21:26 GMT:
    We were wainting for a pivot man.

    Now that you're here......

    As an aside, I was going to snip everything below that last bit. But I
    looked at what it did to the wrapping and formatting, and decided you'd
    get a kick out of looking at it and knowing you *paid* for the right to
    get that behavior!

    Only the professional Outhouse-family of products give that signature
    "3-paragraphs-from-one" effect.

    Enjoy!
     
    Sinister Midget, Sep 15, 2003
  7. Manoj Paul Joseph

    Alan Connor Guest

    Yeh. What else could you say?

    M$ made one BIG mistake, right in the beginning:

    They tacked the poorly cloned (and un-attributed) X-Window functionality
    on the DOS kernel, which it was not equipped to handle.


    And called it what? (X-)Windows.

    What they should have done is re-write the OS from the ground up.

    They, and all of their customers, have been paying for this mistake every since.


    AC
     
    Alan Connor, Sep 15, 2003
  8. Manoj Paul Joseph

    Alan Connor Guest

    .....and it still is a bloated and baroque travesty of an OS.


    Well said, SM


    AC
     
    Alan Connor, Sep 15, 2003
  9. Look at all the buffer overrun problems that have been patched in
    Look at this too...
    http://www.linuxsecurity.com/advisories/index.html
    Regards,
    Manoj
     
    Manoj Paul Joseph, Sep 15, 2003
  10. Manoj Paul Joseph

    User Guest

    I don't think its any use pointing out things to those (few) linux people
    who have recently converted to linux/unix and don't yet know all the
    vunerabilities. They simply come out attacking everyone else. Have a read
    of the thread.

    They attack M$ for making money - they attack M$ users because M$ users have
    a real life away from the computer - they compare systems designed for home
    use against systems managed by paid administrators

    They claim that Unix is a *real* multiuser system and often don't
    acknowledge that it is a cut down version of a proper OS and has had to be
    hacked over the last 30 years with a whole lot of "add ons" to make it
    usable.
     
    User, Sep 15, 2003
  11. True enough.
    Sloppy, though not unusual.
    I think you are being quite unfair here. The only cut down part of UNIX
    was that they removes some of the parts of MULTICS (that ran on dual
    GE-645 computers when it first came out) so it would fit a DEC PDP-7
    IIRC. They pretty quickly moved it to a PDP-11, and it really got going
    when I got a PDP-11/45 with a memory management unit in it (I think Ken
    and Dennis had a PDP-11/20). So they could try out the memory management
    on it. They pretty soon got a real machine too.

    In the early 1970s when UNIX really took off, it compared very favorably
    with competing operating systems. Remember OS/360 PCP, MFT, and MVT?
    UNIX may not have had the throughput because it ran on smaller
    processors. But when Steve Johnson came out with the Portable C Compiler
    and Ken and Dennis rewrote the kernel in C, it became a fairly simple
    matter to run UNIX on larger machines such as IBM System/360 and the
    Amdahl clones.

    The only thing I did not like about UNIX in the early days was that it
    would not handle real-time process control, something I was doing at the
    time. Normal versions of UNIX still do not. DEC's RSX-11D did that far
    better. But you would probably consider RSX-11D even worse than UNIX
    from the point of view of a casual user. You could really shoot yourself
    in the foot with that one. If you forgot to lock the memory manager to
    core, it could get swapped out, and only the memory manager could swap
    anything in, so pretty soon after that happened, the system would
    deadlock and you had to reboot it. Not nice for casual users who would
    not even know what happened.

    The networking we are so familiar with now is much like the early UNIX
    stuff. True, few use uucp anymore, which was how a lot of what is now
    USENET and e-mail worked in the early days.

    But what hacking of UNIX over the last 35 years, and what "add ons" were
    needed for UNIX that the other OSs did not also need? There has been
    some progress in operating systems since those early days. In fact, at
    the risk of a flame war, it seems to me that Windows, when it came out,
    was about 15 years behind what UNIX was delivering at the time. For
    example, when Windows 95 came out in about 1996, it still did not have
    the functionality (other than a graphical point-and-click interface)
    that UNIX had in 1980. And by 1995 UNIX supported the X Window System
    already.
     
    Jean-David Beyer, Sep 15, 2003
  12. Manoj Paul Joseph

    Trog Dog Guest

    Wasn't the Worm as devised by RTM the first of it's kind, and didn't it
    exploit weaknesses in *nix, including the GNU Emacs buffer overflow?
     
    Trog Dog, Sep 15, 2003
  13. IIRC, it was a bug in sendmail as delivered (with back door for
    maintenance that should have been turned off in productions systems).
     
    Jean-David Beyer, Sep 15, 2003
  14. It is acknowledged to be the first true worm that got loose.

    None of the vulnerabilities were in the Unix kernel. None were in
    GNU-Emacs.

    The exploits were:

    - It took advantage of a publicized, hard-wired back door left in
    sendmail.

    - It took advantage of a buffer overflow in the finger daemon.

    Craig
     
    Craig A. Finseth, Sep 15, 2003
  15. There are some areas of weakness to this day vis-a-vis some of the
    "mainframey" sorts of functionality.

    I have yet to see a flexible enough batch scheduling system on Unix to
    correspond to the batching systems on systems like VMS.

    When I need to do anything where queueing and/or load balancing is
    needed, I find I need to construct Yet Another Batch System from
    scratch. (No, "cron" and friends are NOT satisfactory.)

    Of course, that isn't something that naturally lends itself to pretty
    pointy-clicky tools, and Windows is about as bad...
    --
    select 'cbbrowne' || '@' || 'ntlug.org';
    http://www3.sympatico.ca/cbbrowne/nonrdbms.html
    "Cars move huge weights at high speeds by controlling violent
    explosions many times a second. ...car analogies are always fatal..."
    -- <>
     
    Christopher Browne, Sep 15, 2003
  16. Manoj Paul Joseph

    mjt Guest

    .... then you havent done enough research.
    ..
     
    mjt, Sep 15, 2003
  17. Manoj Paul Joseph

    Mike Byrns Guest

    So how come this backdoor was written into sendmail in the first place? I
    thought only Microsoft products had backdoors. :) If it was so well
    publicized, why didn't more UNIX admins patch reconfigure it to "close the
    door" so to speak? Do you see any parallels between this and your Microsoft
    vulnerability of the week? I mean, look, 1) it was put there on purpose 2)
    everyone supposedly knew about it 3) nobody did squat to protect themselves
    4) it spread like wildfire or prehaps more accurately *ahem* code red ;-)
    So how come such a simple daemon, with so few lines of source code, that had
    been around so long, with so many, many eyes making all bugs shallow, could
    contain a travesty such as gets(line); rather than fgets(line, sizeof(line),
    stdin);?
     
    Mike Byrns, Sep 15, 2003
  18. It was a debug mode.
    This worm was released in 1987. It was a different world then, one in
    which protecting yourself against the net was simply not a big concern.

    As a point of fact, this worm marked the turning point after which people
    had to start protecting themselves against the network. It was a sad
    day, indeed.
    There was no reason to protect ourselves at the time.
    It was impressive, indeed.
    Same reason as above: no one had gone around looking for these things
    because no one had a reason to.

    Also, this was _before_ the open source movement go to Unix. For
    example, even though I was a Unix admin (along with other things), I
    did not have legal access to any Unix source code. The same applied
    to many others.

    If you're going to bring up historical issues, you need to analyze
    them in the context of the day.

    FWIW, I was one of the few people advocating securing systems _before_
    the Morris worm hit. But it was a definite uphill battle.

    Craig
     
    Craig A. Finseth, Sep 15, 2003
  19. Manoj Paul Joseph

    mjt Guest

    .... you're showing your age :) back in this timeframe,
    exploits were not something anyone thought of or took
    advantage of. the OS (open-source) movement hadnt really
    been frame yet, so all this "source is open to all eyes
    examination didnt apply."
    ..
     
    mjt, Sep 15, 2003
  20. Manoj Paul Joseph

    Max Burke Guest

    Craig A. Finseth scribbled:
    Like so many OSS/Linux users/advocates claim today? That it's not a
    concern for them to protect themselves from viruses, because they're
    using OSS/Linux?
    Just like so many OSS/Linux user claim today because they're using *nix?
    I guess that's why so many OSS/Linux users like to say *nix is
    inherently secure because it's *nix..... Why look for things that cant
    possibly be there....
    So lets stick with today's reality's in the OSS/Linux world......

    FYI (repost YET AGAIN....)
    Just some of last weeks bugs and flaws in OSS/*nix.

    FYI....
    http://www.partyvibe.com/flavour/linux/security.htm
    http://www.linuxsecurity.com/advisories/index.html
    http://www.opennet.ru/base/linux/
    http://www.securityfocus.com/news/19
    http://lists.debian.org/debian-security-announce/

    Linux and the virus/worm risk:
    FYI
    http://networking.earthweb.com/netos/article.php/625211
    http://www.viruslist.com/eng/viruslistfind.asp?findWhere=011&findTxt=linux
    http://www.claymania.com/unix-viruses.html
    http://www.zdnet.com.au/itmanager/technology/story/0,2000029587,20275738,00.htm
    http://www.virusbtn.com/magazine/archives/200304/linux.xml
     
    Max Burke, Sep 16, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.