DHS and M$ and more BS

[H_TeXMeX_H]

Kind of a strange, twisted article I found on slashdot:

            Terror Plot, NASA, DHS Patch Alert


Here's the part dealing with M$:
http://www.dhs.gov/dhspublic/display?content=5789

The Department of Homeland Security (DHS) is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible. This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights.

more from slashdot:

[indent]  This update is as important as it gets. There are vulnerabilities in every major MS program which allow remote code execution, which means that as soon as the exploit is discovered, it can take advantage of holes all over your system.

   Affected programs and services:

 

• MS Server Services (TCP 139 and 445)
• DNS servers
• Internet Explorer
• Outlook Express
• Microsoft Management Console
• HTML Help
• Visual Basic
• Microsoft Office
• Windows kernel

What puzzles me is why the Dept. of Homeland Security would bother with this shit ? Don't they have more important things to do ?
 
 

[/indent]

[GenuineAdvantage]

http://news.bbc.co.uk/2/hi/technology/4782811.stm

I'd just like to know if I'm just not that smart but doesn't it seem like every windows security update is always about 'a malicious user taking control of your PC'? Isn't all of it just a matter of windows being designed to be exploited? Not just Homeyland Security but why would anyone bother with this? New exploits right after this security update just like before.

[WMD]

What puzzles me is why the Dept. of Homeland Security would bother with this shit ? Don't they have more important things to do ?

Well, Windows is on 90-something percent of all computers.  Maybe they want that to be the next "terrorist threat," after the whole airplanes thing goes out of style.

[pofnlice]

What puzzles me is why the Dept. of Homeland Security would bother with this shit ? Don't they have more important things to do ?

Ummm...dept of homeland SECURITY

Knowing that almst ALL US Govt Computers have Windows as it's OS..Do you think National Security could possibly be a concern. Especially if the exploit takes full control of the computer?

[worker201]

Despite all the hype, I'm pretty sure that someone can take remote control of your computer through a Windows flaw only if you get caught with your pants down, the outside temperature is over 75F, there's a sale at Target, and somebody who is really intent on personally fucking you over has been sitting in front of his computer hacking away for at least 42 hours straight.  More than likely, even these conditions won't guarantee success.

Still, there is that tiny little window of opportunity that someone might think it is worthwhile to take, so best to cover your ass.

When Bill Maher was on Jay Leno the other night, he defended George Bush's endorsement of wiretaps by proclaiming that George Bush was an idiot who didn't know how to properly fight a war on terrorism.  Instead of using the right weapons against the right enemies, he does things like, well, what he's done.  Wiretaps on private innocent citizens are a shitty thing to do, but considering what George Bush's bag of tricks looks like, it's to be expected.  I think the same thing is going on here.  They aren't willing to do the right thing, but they are willing to take idiotic little countermeasures that seem like they would help a lot.  In effect, freaking out about the latest overhyped Windows flaw is exactly what you would expect from Homeland Security.

I guess you'd have to hear Bill Maher's words yourself to see what I'm getting at.  Well, whatever.

[mobrien_12]

Despite all the hype, I'm pretty sure that someone can take remote control of your computer through a Windows flaw only if you get caught with your pants down, the outside temperature is over 75F, there's a sale at Target, and somebody who is really intent on personally fucking you over has been sitting in front of his computer hacking away for at least 42 hours straight.  More than likely, even these conditions won't guarantee success.

Wow.  You don't remember Code Red at all do you?

[mobrien_12]

Despite all the hype, I'm pretty sure that someone can take remote control of your computer through a Windows flaw only if you get caught with your pants down, the outside temperature is over 75F, there's a sale at Target, and somebody who is really intent on personally fucking you over has been sitting in front of his computer hacking away for at least 42 hours straight.  More than likely, even these conditions won't guarantee success.

Let me tell you from someone who has had to deal with network admins who don't know what the fuck they are doing.

It's EXTREMELY possible.

And then the network admins will freak out because they totally fucked up in the first place and now they have a nightmare.  They tell you do do shit with your boxen when you weren't the problem, THEY WERE, and everyone  else in the building was.  You politely tell them to go fuck themselves and they don't know what the fuck they are talking about.  They insist.  YOu tell them to find you $20,000 to implement the changes they want.  THey grumble and go away.  They get hacked again because they are fucking morons and they shut off your boxen assuming it was you because you wouldn't listen to their stupid shit when they don't know what they are talking about.  You go up to them and show them how to look at their own fucking logs and they find out what morons they are because it's THEIR boxen that were hacked and they were too fucking stupid to read their own logs.


Sorry... I'm still bitter over that.

Anyhow, I agree, people should cover themselves.  IT's ironic though.  DHS is saying to do this, when they have gotten very very low marks for computer security.

[pofnlice]

You think that's bad? Most local servers in the army are administered by a 2nd lieutenant from communications branch who's only knowledge is asking the sergeants to get something done for them. Fortunately, At the higher levels of the network, the Govt hires civilian professionals to maintain the installation wide network servers...usually. Unfortunately, I one is doing a favor for a buddy and gets him hire, but buddy has no idea of what to do, the govt will put them through a 2 week course and call them expert.

[H_TeXMeX_H]

Well if government computers run Window$ (how foolish of them, not that I ever thought highly of them) ... then I suppose they should be concerned. Really it doesn't matter, Window$ will never be secure no matter what you do to it. It's like patching a dam full of holes, it just won't work.

[piratePenguin]

The US DHS puts some money into securing free software products too: http://news.com.com/Homeland+Security+helps+secure+open-source+code/2100-1002_3-6025579.html

There's plenty of important computers that run this software, so it's not a huge surprise (but it is good of them).

[H_TeXMeX_H]

Well that's good to see ... and I though all the money that went to them was a waste.

[worker201]

Sadly, all that money gets spent on enemies of the state.  The US need to spend more on people we like than people we hate.
(unless we don't actually like anyone)

[Jack2000]

i thought that Us govt used its own os??
well if they use MS then ms can as well command the US govt :]
we all know mr gates has his own back door
what if he wants to crush the oposition ??
:scared like shit: :running around paranoyd:

[Orethrius]

i thought that Us govt used its own os??
well if they use MS then ms can as well command the US govt :]
we all know mr gates has his own back door
what if he wants to crush the oposition ??
:scared like shit: :running around paranoyd:

 Last I checked, they used backend servers running HP-UX and IRIX with individual workstations running Windows or DOS.  I've tried to picture the U.S. government justifying the continual TCO of Win Server and, ya know, I just can't do it.

[worker201]

The US government is just like any other business, where profit is the bottom line.  Just kidding, haha, what I meant to say is that the federal government is just like any other business, mostly filled with incompetent computer users.  Incompetent computer users demand Windows.