The Penguin Ping.
Wanna be Penguified? Just holla!
Got root?
Posted on 08/11/2003 2:33:46 PM PDT by STFrancis
All,
Here a scoop to Freepers which is just now hitting us security pro's.
There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.
It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11
A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.
In other words we need to make sure port 4444 is blocked inbound AND outbound.
Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.
Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html
Just thought everyone ought to know.
Thanks...
Wanna be Penguified? Just holla!
Got root?
Seven. Powerbook G4, here. Fantastic piece of hardware.
I've got root, dualies and a G5 in my sights as soon as I can get my paws on one.
| Internet infection that drew gov't warnings spreading rapidly TED BRIDIS, AP Technology Writer |
 |
 |
|
|
||
|
(08-11) 15:35 PDT WASHINGTON (AP) -- A virus-like infection that was the subject of urgent U.S. government and industry warnings spread rapidly Monday across the Internet, causing computers to mysteriously restart and coordinating an electronic attack against Microsoft Corp. Security experts said the infection, which exploits an unusually dangerous flaw in Windows software, wasn't yet seriously disrupting Internet traffic but posed that risk as it was expected to continue spreading quickly overnight. Researchers discovered it about 3 p.m. EDT, and reported tens of thousands of infected computers inside universities, businesses and homes. "It seems to be taking off fairly quickly," said Johannes Ullrich of Boston, who runs the D-Shield network of computer monitors. Infected computers were programmed to automatically launch an attack on a Web site operated by Microsoft on Saturday. The site, windowsupdate.com, is used to deliver repairing software patches to Microsoft customers to prevent against these types of infections. Microsoft offers a free patch on the Web site to protect Windows users. The infection was quickly dubbed "LovSan" because of a love note left behind on vulnerable computers: "I just want to say LOVE YOU SAN!" Researchers also discovered another message hidden inside the infection that appeared to taunt Microsoft Chairman Bill Gates: "billy gates why do you make this possible? Stop making money and fix your software!" Government and industry experts have anticipated such an outbreak since July 16, when Microsoft acknowledged that the flaw affected nearly all versions of its flagship Windows operating system software. "It's much too early to expect to see any (Internet slowdowns) whatsoever," said Vincent Gullotto, a vice president at Network Associates Inc. "It really depends on how much it spreads." The Microsoft flaw affects Windows technology used to share data files across computer networks. It involves a category of vulnerabilities known as "buffer overflows," which can trick software into accepting dangerous commands. Network Associates: vil.nai.com/vil/content/v_100547.htm Symantec: www.symantec.com/avcenter/venc/data/w32.blaster.worm.html Microsoft warning: www.microsoft.com/security/security_bulletins/ms03-026.asp Government warning: www.nipc.gov/warnings/advisories/2003/Potential7302003.htm |
||
Good to know there are at least five of us smart people in the world!!!!!!
PS I just got a PC last month, and Windows is clunky! And slow. You guys don't know what you are missing, but we aren't gonna tell ya.
Did you know that there were vulnerabilities in Mac OS X where by someone could actually get root access to you system? After 6 months or more of complaining, Apple finally decided to address some of these issues. The Apple folks may know hardware, but are way behind the curve on UNIX. If you really want UNIX, go with a vendor that specializes in it.
Source please. I'm not aware of any remote root exploits for Mac OS X, and certainly not one that was known and unpatched for 6 months.
CERT's a good place to start. The problem with Apple's answers on CERT is that APPLE will usually say: "does not effect us"-- which is complete bull, thereby highlighting their own ignornace. The Apple folk just don't know UNIX.
Ok, what is a specific example of this?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.