Microsoft Out-of-Band Security Bulletin - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: Microsoft Out-of-Band Security Bulletin

  1. #11
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    Quote Originally Posted by HTRegz View Post
    Also, kudos to phernandez for the superb article. He manages to get quotes from some pretty incredible people heh.
    LOL, thanks!

    Agreed, patch and update those signatures. If MS is this concerned it should give you a clue as to the severity of the attacks they've been observing.

  2. #12
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by morganlefay View Post
    phew....luckly I have both

    who would have the server service pointing to the www anyway....you are just asking for trouble

    MLF
    You'd be surprised at how many people just plug their computer into their cable modem still, or directly into their DSL. When I was home last christmas, I discovered that was how my sisters internet was setup... I unplugged it and went straight out and got a linksys router to put in between.

    One of my other quotes, which didn't make the article, was along the lines of hoping that a worm wouldn't spread to much because hopefully not to many people are using computers that are directly connected to the net. However I have seen it quite a bit.

    I think one of the places that this will be a problem is college / university residences... many of them forbid NAT devices in front of your computer.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #13
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    XP SP2 turns on the firewall and blocks this by default...no?

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #14
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by morganlefay View Post
    XP SP2 turns on the firewall and blocks this by default...no?

    MLF
    That it does... but you're thinking way to logically.

    People want to share files and run bittorrent clients (which test for them to have an open port in many cases). Disabling the windows firewall is extremely common.

    I spent almost 2 years doing student support... and XP SP2 came out during that time... I'm willing to bet for every 100 students we saw, maybe 5 of them had the firewall turned on.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #15
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    That it does... but you're thinking way to logically.
    I tend to do that.... I ama 1 and 0 kinda girl.

    specifically when assessing a threat...as to run around and apply patches untested to a production environment is risky to say the least and I like to see what the mitigating factors are before I patch.

    I have seen some hasty patches totally fubar a server \application....

    I err on the side of caution usually

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #16
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by HTRegz View Post
    That it does... but you're thinking way to logically.

    People want to share files and run bittorrent clients (which test for them to have an open port in many cases). Disabling the windows firewall is extremely common.
    Also, if you enable file and printer sharing the windows firewall will automagically poke a hole in itself to allow traffic in from the local network. Even third party (personal) firewalls usually "trust" the local network.

    Guess what that worm scans first?
    Last edited by SirDice; October 25th, 2008 at 03:24 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #17
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Ports 138 139 and 445

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #18
    Senior Member C:\Saw's Avatar
    Join Date
    Jan 2008
    Posts
    125
    Quote Originally Posted by HTRegz View Post
    You'd be surprised at how many people just plug their computer into their cable modem still, or directly into their DSL. When I was home last christmas, I discovered that was how my sisters internet was setup... I unplugged it and went straight out and got a linksys router to put in between.

    One of my other quotes, which didn't make the article, was along the lines of hoping that a worm wouldn't spread to much because hopefully not to many people are using computers that are directly connected to the net. However I have seen it quite a bit.

    I think one of the places that this will be a problem is college / university residences... many of them forbid NAT devices in front of your computer.
    You'll find a majority of college students using OSX these days (at least in the more prestigious universities)

    Its trendy dont ya know
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
    --Socrates

    *Einstein Would Be Proud*

  9. #19
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    t34b4g5: Neg posted that on the third post.

    SirDice: Good point

    morganlefay: I believe SirDice was getting at the fact that your subnet is going to be scanned before it starts randomly scanning the internet, and your subnet is where it will find most of it's victims

    C:\Saw: I doubt that it's a majority yet , but either way I've found that most OS X users tend to be running Windows along side of it because OS X doesn't do everything they need it to do.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #20
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    HT...I know what Sir Dice was saying.....but if all the workstations are patched ...how does the worm get into the subnet...rogue laptops...dont have any. Unauthorized access to the network...not likely

    All I am saying is there is now way in hell I will patch my server until I am confident it not going to break something.

    Browsing the forums as we speak...looking to see if there are any issues with applying the patch in my environment.

    All the workstation have had the update pushed on them ....

    actually ....I had an issue with my laptop after the patch was applied...it knocked out both my nics....until I logged in with admin priviledges...and the patch was then fully incorporated....nics came back on line... Logged back in with the limited account...and voila..both nics worked again.

    MLF
    Last edited by morganlefay; October 25th, 2008 at 07:51 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

Similar Threads

  1. August security hotfixes
    By mohaughn in forum Microsoft Security Discussions
    Replies: 1
    Last Post: August 9th, 2005, 07:37 PM
  2. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 07:47 PM
  3. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 04:31 AM
  4. Securing Windows 2000 and IIS
    By spools.exe in forum Microsoft Security Discussions
    Replies: 0
    Last Post: September 15th, 2003, 09:47 PM
  5. Lol Now I Know Why Everyone Hates Microsoft!!!
    By NUKEM6 in forum Non-Security Archives
    Replies: 10
    Last Post: January 24th, 2002, 05:21 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides