praxis22 opened this issue on Jan 25, 2003 ยท 10 posts
praxis22 posted Sat, 25 January 2003 at 1:48 PM
Trouble always comes in three's :( This one: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-072.asp Is a bug in the XP shell that could give an attacker control of your computer just by doing a "mouse over" of an suitably kinked media file. More on that here: http://www.extremetech.com/article2/0,3973,815962,00.asp This one is more generic, it's a vulnerability in one of the base HTTP protocols that could lead to all kinds of mischief, especially spoofing SLL and ecommerce sites, real bad news: http://www.extremetech.com/article2/0,3973,841159,00.asp And finally, I wondered whay the web was so slow last night, it appears that there had been a mass attack across the entire internet, (supposedly every machine on the net was scanned) it's a Microsoft SQL server vulnerability, you can read about it here: http://www.nextgenss.com/advisories/mssql-udp.txt But the traffic put such a strain on the 'net that at one point 5 of 13 of the 'net root nameservers were down, (and 5 others were losing a lot of packets) you can check the state of the internet here: http://www.internetpulse.net/ last time I looked UUnet was still down, but it's latency was improving. you can check slashdot, (and any other major news site I imagaine) for more, on the what and why. It never rains but it pours... later jb
cooler posted Sat, 25 January 2003 at 3:04 PM
Attached Link: http://www.cnn.com/2003/TECH/internet/01/25/internet.attack.ap/index.html
the link is to a CNN report about what happened...
Little_Dragon posted Sat, 25 January 2003 at 4:52 PM
I was actually surprised whenever I successfully reached any website last night. My firewall registered over 130 hits in less than two hours.
Charlie_Tuna posted Sat, 25 January 2003 at 5:43 PM
ANYONE running a SQL setup got hit another example of how secure M$ software isn't
Why shouldn't speech be free? Very little of it is worth anything.
doldridg posted Sat, 25 January 2003 at 6:25 PM
My firewall got banged hard, too, though the port was stealthed right out, so it must have cost the seekers a bit of waiting time to hit me. But it bothered me enough that I checked some things and found a couple of holes in the firewall (now patched).
ryamka posted Sat, 25 January 2003 at 9:46 PM
Well, in Microsoft's defense, they issued a patch when the original vulnerability was discovered back in July 2002. It is the fault of all the network admin's who did not apply the patch. The patch is free to download, and that is the responsibility of those IT professionals to take care of. ANd before you make any comments about testing before releasing software, try doing that into the numerous diverse IT environments that are out there. It is almost impossible, given the amount of port, protocol, and hardware confirguations that exist. Testing consumer apps is a pice of cake compared to that.
LaurieA posted Sat, 25 January 2003 at 9:51 PM
And here I just thought it was my machine...LOL. I had major problems this morning. Seemed nothing was working and those that were reminded me of my pre-DSL days when I still had a 33.6k modem. Aaaarrrgh!! Laurie
Spit posted Sun, 26 January 2003 at 2:01 AM
The big problem was the packets seeking out the servers that had not been patched. Flooded the 'net that way. Not that many servers actually succumbed to the worm. I didn't even know anything had happened. Except I knew this site was down. Downloaded a 40 meg file from DAZ and that kept me occupied all night with my dialup. LOL
Spit posted Sun, 26 January 2003 at 2:11 AM
BTW, checked the first link posted. I have XP. I do have the security patch for it which came in an automatic update. I love the automatic updating.
LaurieA posted Sun, 26 January 2003 at 2:41 AM
40 meg on a dialup???!! I feel for you Spit...been there ;o). Thank goodness for my DSL :oD! Laurie