Build Date: Wed Jul 9 00:30:50 2025 UTC
i may outwardly seem like an antiquated mushball, but actually i have superpowers that allow me to control heartstrings and electrical cicuitousness.
-- rotten elf
Stupid Security Tool for Stupid SysAdmins
2001-03-13 16:01:46
As a clueful systems administrator, part of my job is to keep the 3v1l hax0rs out of my network. In fact, that's the reason why I got this job in the first place -- everyone knows computer security is dead sexy. The chicks fall all over you.
At present, I'm in an end-to-end Microsoft environment at a Really Big Computer Corporation(tm). So while part of me just laughs at each new Microsoft Security Update (in big, self-righteous HAR HAR HARs), another part (the part that gets paid), shudders in dread with every release. So, the reports of Soviet barbarians at the gates caused some initial distress for me, personally.
Of course, after a cursory read, I learned that these ex-Commies were using old, known, and easily patched exploits. I rested easy, trusting in my current (and recently audited) MS band-aids.
But, just for kicks, I downloaded Patchwork, a "program that would determine instantly whether a Windows NT system is vulnerable to the attack," distributed by the auspiciously-named Center for Internet Security(SM). My partner, "Miggidy" Mike D, ran this much-lauded and highly anticipated utility on a test box.
Thank our lucky stars, Patchwork "confirms that this system contains the patches, updates, and security configurations this 'Patchwork' program was designed to verify." Though the emphasis is mine, the message is in a big, reassuring, green font. Furthermore, if that's not misleading enough, it also proudly states, "IIS is updated and SAFE for Internet use." (Emphasis theirs, this time.)
This machine, by the way, is running W2K Advanced, with only hotfixes Q277873 and Q259728 A> installed. No Service Pack. No other hotfixes. All the default script mappings. All the services turned on. All the default virtuals. Basically, a machine which could be compromised by a half dozen other known exploits (like this one or this one), if we were dumb enough to put this on the Internet.
I'll concede that SANS, CIS, and Gibson Research pepper their README's with excuses and caveats about how no system is truly secure, the program is designed to audit for a limited set of vulnerabilities, blah blah blah. Yet, in the very title bar, it calls itself the "Windows Anti-Intrusion Patch Check & Scan." Oh, and the author crows it "was hand crafted -- byte by byte -- in 100% pure 32-bit Intel assembly language." A little hyperbole? In a MS "security" application? Perish the thought!
Let's face it: Companies which run NT as their enterprise are easy to fool. After all, they're using Windows. Programs like this -- endorsed by the FBI, by the way -- are not helping ensure America's security against an onslaught Cold War dropouts. Not one bit.
In fact, I envision a plague of panicky meetings with security administrators, wasting thousands of man-hours arguing for or against this dopey application, resulting in huge losses of productivity in an already depressed tech sector.
Talk about an ingenious Denial of Service attack.
T O P S T O R I E S
California Glory Hole attracts huge crowds
A glory hole at Napa's Lake Berryessa is drawing huge crowds. According to Chris Lee, the general manager for the Solano County Water Agency, the glory hole hasn't been active since 2019, and only restarted operations on Feb 4. (More...)
Republican State Senator busted after soliciting a teenage girl
Republican State Senator Justin Eichorn of Minnesota was arrested for soliciting a teen girl on Monday just hours after he introduced a bill proposing "Trump derangement syndrome" (TDS) as a form of mental illness. (More...)
Parents claim measles is not that bad after having only one child die
The parents of a Texas girl who died from the measles are defending their decision not to vaccinate their daughter. "She says they would still say 'Don't do the shots,'" an unidentified translator for the parents said. "They think it’s not as bad as the media is making it out to be." (More...)
Delusional rich man tries to fire town staff
"I'm mayor now" said write-in mayoral candidate and founder of Pirate’s Booty Snacks Robert Ehrlich after losing the election for Mayor of Sea Cliff, NY. Then he tried to take over the Village Hall and fire everyone. (More...)
Musk claims Xitter security is staffed by idiots
Earlier this month Xitter experienced a massive outage. In an interview, Musk told Fox Business that he believes the attack came from "IP addresses originating in the Ukraine area." (More...)
The Future Ain't What It Used To Be
Ideas have taken horrifying shape and rooted into our modern reality. (More...)
C L A S S I C P I G D O G
Paranoid Strippers & Psychotic Crack Dealers (Tales of Christmas Eve)
Christmas day, for the last 17 or so years has bored me. I find that the real fun and excitement always takes place on Christmas Eve. Every other year, it's the excitement of the metaphorical hunt instead of the kill. Otherwise, it's just plain bad craziness. (More...)
We here in SMRL's Beverage Research Lab realize that there is more to life than just drinking spocktails. It's important to have other activities. One such activity that we wholeheartedly support is dancing six or more hours to Trance music. So we have designed a drink to accommodate this. (More...)
Johnnie Royale's Guide to Wakes
Wakes can present problems for Bad People of the Future. (If you don't know what a BPotF is, you need to read more of the PDJ.) Sure, your friend is gone and you miss him and that really sucks; it does, I know. But all Bad People of the Future are gonna die, and they have all accepted that fact. They do deserve, however, to have one final kickass party to celebrate all the bad things they've done in the past, present and future. And you, as a friend, have to make sure that their desire for a final send off is well executed (sorry for the pun). That's just the way of BPotFdom. (More...)
This week: another fine spocktail from the beverage researchers at SMRL! Drink it in peace, because WE DID THE RESEARCH! (More...)
The Cross Canadian Ragweed Red Dirt Roundup
Went to one of the only really enjoyable outdoor concerts I can remember (maybe I didn't enjoy it enough). The finest in dirty hillbilly music: The Cross Canadian Ragweed Red Dirt Roundup. For those ignorants, Cross Canadian Ragweed is a horrendous allergan in Texas, and it's also a band. In a great show of humility, CCR was the worst major act in their line up. Fortunately, they have talented friends. (More...)
A Day in the Life of a Beverotologist
It was starting to look like a very boring Saturday, trapped as I was in the suburban wastelands of the outer Bay Area, so I called my Able Assistant (AA) and proposed that we perform some Spocktail field tests. For some time I've been working on creating the quintessential cinematic beverage and even tho' SMRL does most of its testing during nocturnal hours, this seemed an opportune time to roll up the sleeves of our labcoats and get some science done. While the beverotology creation tested this day (The Neurotoxin) must be deemed a success, this article focuses more the journey of the experimenters, rather then the science of beverotology. (More...)