http://www.vnunet.com/vnunet/news/2141224/windows-worm-knocks
It owned "CNN, ABC and the New York Times. DaimlerChrysler, United Parcel Service and Kraft Foods too reported that they were affected."
Make sure you all apply patch MS05-039. This worm only affects Win2k, but xp is still vulnerable!
CNN was actually hit pretty hard. All thier broadcasts were pushed back 30 minutes.
/me gives up on moving things to the security board.
This is more "News" than "Security"
I saw this on the Today show.
Also, the worm only hits you if you download stupid files, i think i'm fine. :)
Edit: not to mention Trend Micro kills it.
h0h0h0~
If it only effects Win2k computers then my question is obvious: why the hell are they still using Windows 2000?!
A lot of companies still use Windows 2000. Plus it only affected unpatched Windows 2000.
Our MAN's (Metropolian Area Network) Cisco Avvid IP Phone servers still run windows 2000. Both the one for the phones and the voicemail.
Are they patched?
deadly7 - it's an automated attack, like Blaster or Sasser. You don't have to download anything, it uses a flaw in Windows to get in.
whoever complained about win2k - Moving to new systems, especially Windows ones, in large corporations is very difficult and expensive. It's not like upgrading a single computer, it's more like upgrading 50,000 computers. And it's not just reimaging, software and data have to be saved, too.
Oh I can see the logic now.
It would be very expensive to drop a hundred a computer x 50,000!
The next obvious question is then: why don't they use Linux?!
Quote from: GameSnake on August 17, 2005, 01:26:29 PM
The next obvious question is then: why don't they use Linux?!
Because they aren't iago.
It's because... They NEVER do tech support themselves. They'll get like that expensive Red Hat thingy... so they have tech support, which ends up more expensive than Windows.
Quote from: rabbit on August 17, 2005, 05:21:53 PM
Quote from: GameSnake on August 17, 2005, 01:26:29 PM
The next obvious question is then: why don't they use Linux?!
Because they aren't iago.
Even at work iago has to use Windows.
Nah, iago uses Slackware at work.
I use both. Our managed desktops are Windows, because there is currently no good central Linux management solution (like Active Directory). But my laptop and the servers I look after are all Slackware.
Active Directory are teh pwn!
Quote from: Ergot on August 17, 2005, 06:09:23 PM
It's because... They NEVER do tech support themselves. They'll get like that expensive Red Hat thingy... so they have tech support, which ends up more expensive than Windows.
LOL! You sound like my dad.
That's his only argument as to why Windows > Linux in business / servers.
"Sure, it's free, but in the end, ti's more expensive to maintain."
I would just get Slackware or some other free distro and hire an iago or something.
Actually, Red Hat is less expensive than Windows in many businesses.
And yes, Red Hat is a logical choice for corperations.
Quote from: Quik on August 22, 2005, 12:19:06 AM
Actually, Red Hat is less expensive than Windows in many businesses.
And yes, Red Hat is a logical choice for corperations.
So is windows. :)
( Not saying Windows is better, but you just said it was a logical choice. )
Well, no. Most software companies which develop platform-independant software choose Red Hat because of the enormous amount of support that comes with it, and the small amount of resources required to upkeep it (security, IT team, etc etc).
Well, any company in this world (that uses computers) has a security department to take care of things. Linux and Windows are both logical choices for companys. However, in most offices, windows is used because it's what most people are adapted to. People are lazy, they don't want to learn something new. Also Ergot's point, Linux is free, however for the training that would be required, and the constant tech support, it would become expensive.
Quote from: Krazed on August 22, 2005, 08:40:17 AM
Well, any company in this world (that uses computers) has a security department to take care of things.
Actually, very few companies have security departments. Most of them will hire a consultant, pay them big $$$ for a couple weeks to assess/design/implement/document security measures, then they part ways.
Quote from: Krazed on August 22, 2005, 08:40:17 AM
Well, any company in this world (that uses computers) has a security department to take care of things. Linux and Windows are both logical choices for companys. However, in most offices, windows is used because it's what most people are adapted to. People are lazy, they don't want to learn something new. Also Ergot's point, Linux is free, however for the training that would be required, and the constant tech support, it would become expensive.
Corperate linux is NOT free, but gets many of the features, plus its own, of Windows and not being Windows, yet doesn't lose functionality. And many computer professionals know how to use all types of operating systems.
However, many average people do not. That an unfortunate downside. It's just that not too many people are exposed to Linux at ALL. Even a bit of DOS would help them out, but Microsoft doesn't like people using command line ;/ ?
Installing drivers is NOT something that is easy in Linux....
Now, imagine installing drivers on 50,000 Linux boxes.
Sound like something a corporation wants to do?
Now, installing drivers on 50,000 Windows boxes is phenemonally easier. Windows Update makes it damn near impossible to fuck up installing drivers!
Quote from: Quik on August 22, 2005, 12:55:58 AM
Well, no. Most software companies which develop platform-independant software choose Red Hat because of the enormous amount of support that comes with it, and the small amount of resources required to upkeep it (security, IT team, etc etc).
Quote from: Quik on August 22, 2005, 12:19:06 AM
Actually, Red Hat is less expensive than Windows in many businesses.
And yes, Red Hat is a logical choice for corperations.
Are you saying that software companies are the only types of corporations or something? :-\
Software companies are corperations, too. The second one was meant at all companies, as an alternative to Windows. First one was specifically from the business point-of-view: Would it make sense to use Linux? If your business is based around Windows programs, that's most likely not a path for you.
Your crazy Newby if you think someone actually installs all the security updates and jazz by hand for companys. You do it once, make an image of that harddrive, and then just use that image on all the other ones.
Quote from: Blaze on August 23, 2005, 02:45:26 AM
Your crazy Newby if you think someone actually installs all the security updates and jazz by hand for companys. You do it once, make an image of that harddrive, and then just use that image on all the other ones.
Or you use tools like CA Unicenter or WSUS or others.
For patching corporations, the problem isn't actually rolling out the patches, it's compatibility issues. Windows patches tend to do things that Microsoft doesn't tell us, and occasionally it conflicts with installed software. So before patches are rolled out, they have to be tested. That leaves a window for worms. As soon as we see an exploit, we tell them to hurry up and get the patch out. If we see a worm, like last Monday, we tell them to put on the patch _NOW_.
Quote from: iago on August 23, 2005, 07:47:39 AM
Quote from: Blaze on August 23, 2005, 02:45:26 AM
Your crazy Newby if you think someone actually installs all the security updates and jazz by hand for companys. You do it once, make an image of that harddrive, and then just use that image on all the other ones.
Or you use tools like CA Unicenter or WSUS or others.
For patching corporations, the problem isn't actually rolling out the patches, it's compatibility issues. Windows patches tend to do things that Microsoft doesn't tell us, and occasionally it conflicts with installed software. So before patches are rolled out, they have to be tested. That leaves a window for worms. As soon as we see an exploit, we tell them to hurry up and get the patch out. If we see a worm, like last Monday, we tell them to put on the patch _NOW_.
Yeah, which they do neither of. :(
Quote from: Scr33n0r on August 25, 2005, 06:19:28 AM
Quote from: iago on August 23, 2005, 07:47:39 AM
Quote from: Blaze on August 23, 2005, 02:45:26 AM
Your crazy Newby if you think someone actually installs all the security updates and jazz by hand for companys. You do it once, make an image of that harddrive, and then just use that image on all the other ones.
Or you use tools like CA Unicenter or WSUS or others.
For patching corporations, the problem isn't actually rolling out the patches, it's compatibility issues. Windows patches tend to do things that Microsoft doesn't tell us, and occasionally it conflicts with installed software. So before patches are rolled out, they have to be tested. That leaves a window for worms. As soon as we see an exploit, we tell them to hurry up and get the patch out. If we see a worm, like last Monday, we tell them to put on the patch _NOW_.
Yeah, which they do neither of. :(
Which "they" are you talking about?
If you mean the people we tell to patch, then yes, it gets done. Being in a security department, we have some level of influence.
Quote from: iago on August 25, 2005, 08:51:50 AM
Quote from: Scr33n0r on August 25, 2005, 06:19:28 AM
Quote from: iago on August 23, 2005, 07:47:39 AM
Quote from: Blaze on August 23, 2005, 02:45:26 AM
Your crazy Newby if you think someone actually installs all the security updates and jazz by hand for companys. You do it once, make an image of that harddrive, and then just use that image on all the other ones.
Or you use tools like CA Unicenter or WSUS or others.
For patching corporations, the problem isn't actually rolling out the patches, it's compatibility issues. Windows patches tend to do things that Microsoft doesn't tell us, and occasionally it conflicts with installed software. So before patches are rolled out, they have to be tested. That leaves a window for worms. As soon as we see an exploit, we tell them to hurry up and get the patch out. If we see a worm, like last Monday, we tell them to put on the patch _NOW_.
Yeah, which they do neither of. :(
Which "they" are you talking about?
If you mean the people we tell to patch, then yes, it gets done. Being in a security department, we have some level of influence.
I was talking about Microsoft, and their updates.