Date: Tue, 04 May 2004 17:50:13 -0300
From: Dexter J <lamealameadingdongnospamlamelame.org>
Subject: Re: OT- Heads Up - Sasser plug


Salutations: On 4 May 2004 14:57:56 GMT, Dave Hinz <davehinznospamcop.net> wrote: <snipped for length - not for spite - scan the thread for Sasser detail> > It's Unix. FreeBSD, specifically, with a nice GUI on top of it. I use > it > to prototype stuff for work fairly frequently, even though the systems > there are mostly Solaris or Linux - same compilers, same tools, same > procedures for nearly everything. I never considered Mac before it > went to a Unix core, but they did that right about the time my 'doze98 > box was being _particularly_ annoying, and my kid was just starting to > get interested in computers, so we abandoned windows in favor of > something that didn't involve frequent 3-finger salutes and scandisk > sessions. > >> Anyway - thought I'd better kick it out there in case any of the droids >> are interested. > > Good writeup. Regardless of the OS, keeping things up to date prevents > most if not all problems of this nature. > > Dave Hinz Thank you kindly brother Hinz, I went about the MAC - win2000 upgrade call slightly differently in that I had a lot of fairly pricey applications that I would have needed to replace - so I installed W2K, boarded everything up completely - replaced all the server points with Win32 versions of standing UNIX software, customized TCP and IPsec to my needs and opened Radio Free Dexterdyne to an unsuspecting public - bwah-ha-ha-ha.. :) .. Actually - it has been a very effective model in that I have most of the reliability and open source aspects of UNIX warez at the traditional server ports - but - I can still operate the workstation as my workstation daily as these apps have proved to be infinitely smaller in RAM than the equivalent MicroSoft Apps. Hence 'Thin Server prototype' I keep droning on about and the reason that I have survived all the CodeRed - Klez - Blaster - MyDoom and now Sasser variants. The security model has the benefit that I can run a complete domain infrastructure as background services on my machine rather the other way around. Interestingly - once you get deep enough in - there is much about Windows 2K that is very UNIX like. Well - except for winsock and the fact it's all wrapped up in MicroSoft-ese. You can almost see where they had a greater plan for selling Certification when the product was being built actually. As to brother Ben's observations - you are sort of correct. Basically - the time lag is that someone reports an anomaly and then they issue a patch which usually predates any public 'exploit' report by some weeks or months. However - if you think about it - it isn't the patch that is at issue in that very few compromised machines are actually using the exploitable driver or port as envisioned in the OS design. They shouldn't have embedded the driver in the OS in the first place - you should 'have to turn it on' as brother Dave correctly points out. For example - almost everyone had open port 80 on install with supporting IIS drivers awaiting a licensed install of IIS server. This greatly eased the detailed configuration needed to properly set up IIS to work properly with the windows Operating System. However, because the core drivers were already set to run and the NIC port was/is open - but not being controlled by a properly set-up IIS server and supporting security model - all that was/is needed to trip an exploit is to figure out what you can bounce off the driver and port to affect change or damage on third party machines or the victim machine itself. GREAT marketing (everyone can be a webmaster) - questionable OS design (not everyone can really be a webmaster) - but all based in the vision that at the end of the day everyone is using MicroSoft or properly securing other operating systems so as not to hurt MicroSoft nodes. Like I said - if they were an automobile manufacturer - they would have been put out of business years ago in my mind. Enough of this OT I agree - back to things that really matter - anyone got a rust free 89/90 9000 5 speed/5 door with a dead engine stinking up the place who is willing let go for a song? -- J Dexter - webmaster - http://www.dexterdyne.org/ all tunes - no cookies no subscription no weather no ads no news no phone in - RealAudio 8+ Required - all the Time Radio Free Dexterdyne Top Tune o'be-do-da-day Joe Cocker - Bird on a Wire http://www.dexterdyne.org/888/060.RAM

Return to Main Index

The content on this site may not be republished without permission. Copyright © 1988-2019 - The Saab Network - saabnet.com.
For usage guidelines, see the Saabnet.com Mission and Purpose Page.
[Contact | Site Map | Saabnet.com on Facebook | Saabnet.com on Twitter | Shop Amazon via TSN | Site Donations]