Clever Code Red version 4...

Well, any of you read Steve's post about the newest incarnation of Code Red
? Clever skiddies or malicious hackers are really having a field day ! So is
Code Red.  What a f***king mess man ! Now its disabling W98 "en masse" !!

Maybe its the revenge of Linux and Mac in disguise, ha ha !

At least I hope this teaches M$ a little lesson on further testing before
releasing code.

We've all seen movies of benevolent (or malicious) aliens that come to
earth... now would be a good time for them to show up, as they usually also
cause power failures once they get here. If the whole planet went into a
power failure, it would reset everything and thus slow down the progression
for a while :)

Jay Dee
0
Jay
8/7/2001 9:15:00 AM
grc.security 16608 articles. 3 followers. Follow

2 Replies
6370 Views

Similar Articles

[PageSpeed] 11
Get it on Google Play
Get it on Apple App Store

How come we don't hear much about hacker activists?  The ones who hack in
and PATCH holes?  All you security buffs out there now have a glaring string
"XXXXXXX" telling you to patch the system for them!  You even have a remote
shell to do it with!  Go patch!

 ...perhaps this may lead to a "Code Blue", a security worm?

-But don't do anything you're not supposed to!

"Jay Dee" <jaydee0@hotmail.com> wrote in message
news:9ko13t$1buf$1@news.grc.com...
> Well, any of you read Steve's post about the newest incarnation of Code
Red
> ? Clever skiddies or malicious hackers are really having a field day ! So
is
> Code Red.  What a f***king mess man ! Now its disabling W98 "en masse" !!
>
> Maybe its the revenge of Linux and Mac in disguise, ha ha !
>
> At least I hope this teaches M$ a little lesson on further testing before
> releasing code.
>
> We've all seen movies of benevolent (or malicious) aliens that come to
> earth... now would be a good time for them to show up, as they usually
also
> cause power failures once they get here. If the whole planet went into a
> power failure, it would reset everything and thus slow down the
progression
> for a while :)
>
> Jay Dee
>
>
>
0
Tedman
8/7/2001 6:40:00 AM
Unless you are hacking into your OWN machines, there's no difference in what
you call 'hacktivism' and generic hacking.  I mean, is it somehow better if
you break into someone else's home just to show them how it could be done?
At least I don't think they'd appreciate it.

The real fact of the matter is this:
    SysAdmins need to wake the hell up.  Particularly those admins running
networks with Windows boxes in them.  The patch had been out there for OVER
A MONTH before codered started blowing up our world.  If everyone in
responsible positions just monitored that SANS or CERT pages along with the
MS Bulletins when they first sit down to their machine, NONE of us would be
here.

Don't get me wrong, I am not mad about people trying to 'hack to save'.  I
just think it promotes the same attitude amongst sysadmins.... "I don't have
to worry or work".

Peace,
D


"Tedman Eng" <tedmaneng@(REMOVE_THIS_TO_EMAIL)home.com> wrote in message
news:9ko2eg$1dbq$1@news.grc.com...
> How come we don't hear much about hacker activists?  The ones who hack in
> and PATCH holes?  All you security buffs out there now have a glaring
string
> "XXXXXXX" telling you to patch the system for them!
0
The
8/7/2001 12:35:00 PM
Reply:

Similar Artilces:

[ANN] Security Advisory for Bugzilla Versions Prior to 3.4.12, 3.6.6, 4.0.2, and 4.1.3
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of malicious code in the attachment. * It is possible to determine whether or not certain group names exist while creating or updating bugs; and in Bugzilla 4.1.1 and 4.1.2, also by using custom se...

security issue
Greetings list, I am in process of upgrading from Bugzilla v 3.4.5 to 4.4.2. For the most = part the upgrade has gone well. A product manager raised concern when she = noticed describecomponents.cgi returned all products, even though the user = was restricted to only one product. In describecomponents.cgi I found v3.4.5 used get_enterable_products, where= v4.4.2 uses get_accessible_products. I modified this value in v4.4.2 to u= se the older variable. The change now only returns the single product as e= xpected. However, she found a similar issue with query.cgi. Diff of th...

Code Red #4
I have been monitoring 5 different Linux base boxes and it appears that Code Red 2 is picking up 60-144 hits per server in the last 24 hrs and Code Red 1 is dropping off. 5-10 hits per 24 hrs My poor ADSL linked server is been the one to get hit the most I wonder Why ?? -- Franklin S. Werren, webmaster@bagpipes.net www.bagpipes.net Modem Madness Ringmaster at www.madbbs.com/webring/ ICQ 8556386 or fswerren46 on AOL's IM or fswerren46 for MSN Messenger Frank's Radio, P.O. Box 990, Sherman NY 14781-0990 www.franksradio.net For the best ISP in Chautauqua County NY and...

KDE 4.4.4
Ok, if i say not secure i mean the screen. Problem is this, i have two users logged in at the same time. So ones there is a switch from one user to the other, the last screen (it appears) will be displayed prior to login in. So everyone can see what the user was doing before.>:( Is this a bug or is this a thing you can adjust in KDE perhaps. I rather would have a blank screen to login or a KDE picture but not anything else like my desktop or the document i was working on. Does somebody else have the same issue? I run btw. Suse 11.3 64bit. Thank you :) -- -= 2600 =- ---...

Code Access Security #4
 how to impose restrictions and security during execution of programes using CAS( code Access Security) model.What is type safety? venki Genimisetty yenky.g: how to impose restrictions and security during execution of programes using CAS( code Access Security) model. First of all your need to understand the concept of Code Access Security. All .NET code that runs on the computer is subjected to CAS by the runtime environment. CAS inspects what evidence the .NET assembly is supplying and thereby grants the appropriate permissions.Evidence can be things like where the code is...

New Code Red version?
Just had another CR scan.. decided to have a peek (again)... http://212.171.30.120/c/ tells me the following: sex0r lowd l33tn3ss sex0r geeklab.org contact:lowd@geeklab.org Old news? Or maybe a CR infected machine manipulated by "hax0rs"? Greets, Kuifmans ...

switching kde versions 4.4.4 -> 4.1.3
Hi, After getting used to my personal laptop running openSUSE 11.3 and kde 4.4.4 I thought I'd get clever and install kde 4.4.4 on my work PC running openSUSE 11.1. I found the 'KDE stable' (http://tinyurl.com/2dbu3s5) repo and promptly started updating packages in yast. As I now find this is the non-openSUSE branded version of kde and pretty much looks out of place on my PC. What I want to do now is switch back to the kde version that came with openSUSE 11.1. I know with newer versions of yast this is easy to do but is there any way of achieving this with the ve...

Invalid version format
Hello, When upgrading from Bugzilla 4.4.1 to 4.4.2 using tarball, I am receiving t= he following error when running checksetup.pl: "Invalid version format (non-numeric data) at Bugzilla/Install/Requirements= ..pm line 707" I did see a comment in the release notes that the version module must be in= stalled prior to running checksetup.pl if using Perl 5.10.0 or older. I am= using Perl 5.14.2, so I assume I do not need to install the version module= .. Please see below for entire checksetup.pl output. * This is Bugzilla 4.4.2 on perl 5.14.2 * Running on Win2008...

KDE 4.4 Platform Version 4.3.98 (KDE 4.3.98 (KDE 4.4 RC3)) "
Just installed kde latest version rc3 all is working as far as i use it :) -- susegebr ------------------------------------------------------------------------ Thanks for the nudge on this. I've been so busy on internal stuff I forgot about this. Running update now. -- Box: openSUSE 11.2 | (KDE4.3.5) | M2N4-SLI | AMD 64 X2 5200+ | nVidia 8500GT | 4GB RAM Lap: openSUSE 11.2 | Celeron 550 | KDE 4.4 RC2 "release 214" | Intel 965 GM | Lenovo R61e | 3GB RAM ------------------------------------------------------------------------ caf4926's Pro...

Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * The login form had no CSRF protection, meaning that an attacker could force the victim to log in using the attacker's credentials. * Dangerous control characters can be inserted into Bugzilla, notably into bug comments, which can then be used to execute local commands. All affected installations are encouraged to upgrade as soon as possible. Vuln...

Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * An attacker can get access to some bug information using the victim's credentials using a specially crafted HTML page. All affected installations are encouraged to upgrade as soon as possible. Vulnerability Details ===================== Class: Cross Site Request Forgery Versions: 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5...

Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who aren't in the insider group * Specially formatted values in a CSV search results export c...

Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 #2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who aren't in the insider group * Specially...

Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: * A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only can lead to a bug being edited without the user consent. * A CSRF vulnerability in attachment.cgi can lead to an attachment being edited without the user consent. * Several unfiltered parameters when editing flagtypes can lead to XSS. * Due to an incomplete fix for CVE-2012-4189, some i...

Web resources about - Clever Code Red version 4... - grc.security

Android version history - Wikipedia, the free encyclopedia
Global Android version distribution since December 2009. As of September 2013, Android 4.1/4.2 Jelly Bean is the most widely-used Android version, ...

App Store now mentions when iOS apps have Apple TV versions
Apple is rolling out a way to see if an app in the App Store also has an Apple TV version. From this morning, App Store listings have included ...

Food for thought: Does the average user care about Android versions? Should they?
... are only interested in superlatives from within the entire spectrum. Software Knowledge The average customer has no idea what software version ...

The App Store now indicates if an Apple TV version of an app is available
Apple is rolling out an interesting new feature that should help better inform users about Apple TV apps. Currently, through the iOS version ...

Every version of Internet Explorer other than IE11 will be vulnerable next month
On January 12th, 2016, Microsoft will end support for every version of Internet Explorer but the latest once and for all. Although you might ...

Apple is allowing massive discounts on the Apple Watch — suggesting a new version is on the way
Apple is letting retailers, such as BestBuy and Target, cut the price of the Apple Watch by up to $100 which could signal a new version is on ...

Apple Watch price drops; ss a new version on the way?
Best Buy is slashing Apple Watch prices by $100 for all models

Apple releases Arabic version of Siri
This move could potentially make iPhones more attractive in an affluent market of more than 30 million people.

Samardzija: Bumgarner 'like a lefty version of me'
... Home Giants A's Sharks Warriors Kings 49ers Raiders Quakes Insiders More Tickets Shop Watch Samardzija: Bumgarner 'like a lefty version of me' ...

Apple’s latest version of its Lightning to SD card adapter now supports USB 3.0 transfer speeds if y
Apple’s latest version of its Lightning to SD card adapter now supports USB 3.0 transfer speeds if you use it with the iPad Pro. It costs $30. ...

Resources last updated: 12/13/2015 5:42:33 PM