• STOCKTALK
• POLITICS
• PASTIMES

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

---

To: Ed Forrest who wrote (12865) 10/28/2000 10:13:28 PM From: mr.mark   Respond to of 110652   Microsoft can't spin this worm Updated 1:25 PM ET October 27, 2000 by Steven J. Vaughan-Nichols, Sm@rt Partner "There's no ignoring the huge security holes the Microsoft crack reveals. Common lies: This won't hurt a bit. I'll respect you in the morning. The Microsoft security break-in was "not very" damaging. Come on, Ballmer! That's beyond spin; that ranks right down there with Clinton's "I never had sex with that woman." Cracking Microsoft's internal network is the biggest computer break-in ever. OK, let's say you were born yesterday and you buy Microsoft President and CEO Steve Ballmer's story that no secrets were laid bare and no real harm was done. So what? Microsoft wants you to entrust everything on your network to its operating systems, their applications -- and oh yes, its security measures. After all, the ultimate goal of .Net is to replace the existing Internet's infrastructure programs with Microsoft's own software. And now we find that this giant of software companies, the self-proclaimed and de facto leader of desktop software, is vulnerable to a garden-variety worm? Oh yeah, this really makes me want to put all my business eggs into a Microsoft basket. Child's play You see, while it looks like there was a well-organized conspiracy attempting to exploit Microsoft vulnerabilities, the actual attack wasn't anything special. A script kiddie working off a recipe could have done it. Heck, I could have done it in my sleep. The smoking gun appears to have been a simple Windows-only worm named W32.HLLW.Qaz.A, or the QAZ Worm to friends. It works by -- scream if you've heard this before -- someone opening an e-mail attachment. Once in place, it replaces the notepad application, but it keeps Notepad's functionally around by renaming the real notepad program note.com and running it whenever you bring up Notepad. The result? Every time you write a quick note, you get Notepad on your screen while the Trojan tries to infect other machines on the network. Now this is annoying but relatively harmless. The nasty part is that QAZ also creates a backdoor to your system using TCP port 7597, and it then e-mails your computer's IP address to the cracker. Once in, the cracker can take over your computer and (as appears to be the case at Microsoft) start chasing passwords for bigger and better targets -- say, servers containing the source code for Office 10 or your payroll files. Oh, QAZ is a baddie, but there's nothing new about its approach. And it's pretty easy to detect and fix. After all, it first showed up in early July, and by July 18, Symantec's Norton AntiVirus programs for both e-mail gateways and PCs could find it, fry it or fix it. So could everyone's anti-viral programs. So what's Microsoft's excuse? Answer: Microsoft doesn't have one. First, it's clear that Microsoft doesn't have adequate internal or e-mail gateway anti-viral protection. Second, Microsoft wasn't protecting their network with basic firewall security. There is absolutely no sane reason why port 7597, or any unused TCP port, should have been open in the first place. A bad trade And now a point I have beaten to death but that people still don't get: Microsoft's own fundamental operating system principles of enabling data and programs to interoperate at a low level does provide unparalleled ability for programs to interoperate with each other, but it also offers crackers unparalleled access to break into your systems. To me, it's not a trade worth making. Microsoft's inter-application communication (IAC) leads to Outlook Transmitted Diseases (OTD)s such as Melissa and makes it possible to build Trojans such as QAZ. Lest we forget, this also makes it easier -- in systems that aren't properly guarded against viruses -- for a worm like QAZ to work for months without being detected. In Microsoft's own case, it took the company three months to find that crackers were raiding Microsoft's data vaults using swiped user IDs and passwords. Worse still, from early descriptions, it seems Microsoft didn't actually spot the infection itself; its security staff only woke up to what was happening when they saw user logs that didn't make sense. It's bottom-line time: I don't care if not a single Microsoft secret was stolen. The real point is that Microsoft -- Microsoft, of all companies! -- with a combination of bad security practice and its own software, can't protect its own internal machines from crackers. Not only is it time for Microsoft to take security seriously. It's time for everyone who uses Microsoft products to rethink exactly what they're doing to shield their own crown jewels." news.excite.com

To: Ed Forrest who wrote (12865) 10/28/2000 10:18:15 PM From: Susie924   Read Replies (1) | Respond to of 110652   Ed, Tonight is the first time in a long time that I have not had a problem. I don't know if it's a coincidence or if what you had me do fixed the problem. I didn't want to change the modems right away because then I wouldn't know which suggestion helped. I'll try this for awhile and if the problem comes back I will switch the modems. Thanks again to all! Susie

Home

Mail

Hot

SubjectMarks

PeopleMarks

Keepers

Settings

Terms Of Use

Contact Us

Copyright/IP Policy

Privacy Policy

About Us

FAQ

Advertise on SI

© 2026 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News