Build Date: Wed May 21 16:50:25 2025 UTC
Universal Studios is about as much fun as getting a summons.
-- Tjames Madison
Stupid Security Tool for Stupid SysAdmins
2001-03-13 16:01:46
As a clueful systems administrator, part of my job is to keep the 3v1l hax0rs out of my network. In fact, that's the reason why I got this job in the first place -- everyone knows computer security is dead sexy. The chicks fall all over you.
At present, I'm in an end-to-end Microsoft environment at a Really Big Computer Corporation(tm). So while part of me just laughs at each new Microsoft Security Update (in big, self-righteous HAR HAR HARs), another part (the part that gets paid), shudders in dread with every release. So, the reports of Soviet barbarians at the gates caused some initial distress for me, personally.
Of course, after a cursory read, I learned that these ex-Commies were using old, known, and easily patched exploits. I rested easy, trusting in my current (and recently audited) MS band-aids.
But, just for kicks, I downloaded Patchwork, a "program that would determine instantly whether a Windows NT system is vulnerable to the attack," distributed by the auspiciously-named Center for Internet Security(SM). My partner, "Miggidy" Mike D, ran this much-lauded and highly anticipated utility on a test box.
Thank our lucky stars, Patchwork "confirms that this system contains the patches, updates, and security configurations this 'Patchwork' program was designed to verify." Though the emphasis is mine, the message is in a big, reassuring, green font. Furthermore, if that's not misleading enough, it also proudly states, "IIS is updated and SAFE for Internet use." (Emphasis theirs, this time.)
This machine, by the way, is running W2K Advanced, with only hotfixes Q277873 and Q259728 A> installed. No Service Pack. No other hotfixes. All the default script mappings. All the services turned on. All the default virtuals. Basically, a machine which could be compromised by a half dozen other known exploits (like this one or this one), if we were dumb enough to put this on the Internet.
I'll concede that SANS, CIS, and Gibson Research pepper their README's with excuses and caveats about how no system is truly secure, the program is designed to audit for a limited set of vulnerabilities, blah blah blah. Yet, in the very title bar, it calls itself the "Windows Anti-Intrusion Patch Check & Scan." Oh, and the author crows it "was hand crafted -- byte by byte -- in 100% pure 32-bit Intel assembly language." A little hyperbole? In a MS "security" application? Perish the thought!
Let's face it: Companies which run NT as their enterprise are easy to fool. After all, they're using Windows. Programs like this -- endorsed by the FBI, by the way -- are not helping ensure America's security against an onslaught Cold War dropouts. Not one bit.
In fact, I envision a plague of panicky meetings with security administrators, wasting thousands of man-hours arguing for or against this dopey application, resulting in huge losses of productivity in an already depressed tech sector.
Talk about an ingenious Denial of Service attack.
T O P S T O R I E S
California Glory Hole attracts huge crowds
A glory hole at Napa's Lake Berryessa is drawing huge crowds. According to Chris Lee, the general manager for the Solano County Water Agency, the glory hole hasn't been active since 2019, and only restarted operations on Feb 4. (More...)
Republican State Senator busted after soliciting a teenage girl
Republican State Senator Justin Eichorn of Minnesota was arrested for soliciting a teen girl on Monday just hours after he introduced a bill proposing "Trump derangement syndrome" (TDS) as a form of mental illness. (More...)
Parents claim measles is not that bad after having only one child die
The parents of a Texas girl who died from the measles are defending their decision not to vaccinate their daughter. "She says they would still say 'Don't do the shots,'" an unidentified translator for the parents said. "They think it’s not as bad as the media is making it out to be." (More...)
Delusional rich man tries to fire town staff
"I'm mayor now" said write-in mayoral candidate and founder of Pirate’s Booty Snacks Robert Ehrlich after losing the election for Mayor of Sea Cliff, NY. Then he tried to take over the Village Hall and fire everyone. (More...)
Musk claims Xitter security is staffed by idiots
Earlier this month Xitter experienced a massive outage. In an interview, Musk told Fox Business that he believes the attack came from "IP addresses originating in the Ukraine area." (More...)
The Future Ain't What It Used To Be
Ideas have taken horrifying shape and rooted into our modern reality. (More...)
C L A S S I C P I G D O G
Australian Troops Set for Days of Debauchery to the Tunes of Kylie Minogue
This weekend Australian troops in East Timor will be able to put their feet up and push all the images of mass graves and charred remains from their minds as they relax to the giddy melodies of Kylie Minogue - including exclusive unplugged performances in the militia-ravaged and blood-spattered border towns of Balibo and Suai. (More...)
On a hot spring night after dinner and before the night's serious drinking begins, a Romulan Highball really hits the spot. (More...)
It's winter in Idaho, and Boise personality "Lego-Man" reports on how he celebrated Thanksgiving. "I fed my wife, mother and sister wine slurpies!" (More...)
The Deep Dark Underbelly of the Star Wars Myth, or Ramayana Remembered
It's a fact: Star Wars is a blatant plagiarism of an ancient Asian legend, and the long lines of devout Star Wars freaks are really unscrupulous Asian copyright busters. From Indonesia to Thailand to Nepal, videos are available for sale or rent before they're even released in the US and UK due to this nerdy camcorder-clutching bunch. (More...)
Our man Daemon Agent checks out the heavy heavy sounds of crazy space surf rockers Man or Astroman?. (More...)