from the munch-munch-munch-munch-munchmunch-munch-munch-munch-munch-munch-munch-
munch
I-haz-r00t! dept.
Designated CVE-2020-0796, the bug can be exploited by an unauthenticated attacker to execute malicious code, at administrator level, on an un-patched system simply by sending the targeted system specially crafted compressed data packets. A hacker thus just needs to reach a vulnerable machine on the internet or network to fully compromise it.
[...]"While we have not observed an attack exploiting this vulnerability, we recommend that you apply this update to your affected devices with priority," Microsoft says of the update.
The SMB bug fix was a late addition to Microsoft's March edition of Patch Tuesday – after the security hole was accidentally disclosed by the Cisco Talos research team in a blog post recapping this month's updates: Cisco thought Microsoft had fixed the bug this week as part of March's Patch Tuesday, and alerted the world to the bug's presence to get people to install their updates. In reality, Microsoft hoped to patch the hole later this year, no patch was available, and now everyone knew there was a hole in the compression part of the SMBv3 code.
The revelation sent Microsoft scrambling to post a fix for the flaw just hours after it had emitted updates for 115 other CVE-listed security vulnerabilities.
Designed to allow shared access to files, printers, and hardware ports, SMBv3 is a network protocol included in desktop and server editions of Windows. The bug was particularly nasty as it did not require user interaction and thus could have been exploited by a worm to spread over an entire network.
"Worm". How many here have ever experienced an internet worm? I remember the havoc caused by the original Morris worm when it was released way back on Wednesday, November 2, 1988. We were off the net for at least a full day as our admins tried to figure out what was going on. And even when we got back on-line, things took several days to get back to anything approaching normal.
Not only has the internet grown tremendously over the past 30+ years, the world is now so much more dependent on it.
Also at: Security Week.
(Score: 2) by Gaaark on Friday March 13 2020, @03:07AM (6 children)
Security frens don't let frens use Windows.
Come on, people! What the fuck is it going to take before people stop using this shit? Seriously? Actually getting it up the backside with a cactus?
Windows is not secure. Ever. It was not designed with security in mind: security has been an add-on (it's a feature, not a bug) since the beginning, and Microsoft REALLY seems to not know what they are doing!
Stop hitting yourself! Stop hitting yourself! Stop hitting yourself! (As Microsoft keeps slapping you with your own
handmoney)--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Friday March 13 2020, @12:28PM (2 children)
Proper gaming support on Linux? And by that I mean able to play exactly same games that I can play on Windows that I can't really play on Linux.
(Score: 3, Insightful) by maxwell demon on Friday March 13 2020, @01:29PM
Of course by that definition, you will never get “proper gaming support” for Linux. But then, with an analogous definition you won't ever get proper gaming support on Windows, because I'm pretty sure there exists some game on Linux that has not been ported to Windows.
The truth is, it's not that Windows supports those games and Linux doesn't, but conversely it's that those games support Windows but don't support Linux.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Gaaark on Friday March 13 2020, @10:02PM
Let's see you use MycroftAI on your Windows system.
Yeahhhh...thought so.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Funny) by ewk on Friday March 13 2020, @12:52PM (2 children)
MS Office (and Outlook in particular) is the fuck that is going on...
Every %^&% corporate drone/secretary/pc-specialist-wannabe thinks his/her life (and the world in general) will stop if they cannot use MS Office/Outlook any more.
So, in some sort of way the shift to Office365 (you know, basically Office on somebody else's machine) might actually be a blessing in disguise once the browser that you use to access Office365 actually can run on a decent-secure-ish OS.
I don't always react, but when I do, I do it on SoylentNews
(Score: 2) by Freeman on Friday March 13 2020, @03:14PM (1 child)
Then, the only windows computer you'd need to worry about is the server . . .
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by ewk on Friday March 13 2020, @03:24PM
Like I wrote: somebody else's machine...
Therefore: Not my problem, that's what SLA's are for.
All the above in an ideal world obviously, but not holding my breath for it. :-)
Since any SLA will be more like "You pay us money, and you still get no warranty whatsoever" (Basically the way Office is working now anyway).
I don't always react, but when I do, I do it on SoylentNews
(Score: 2) by bzipitidoo on Friday March 13 2020, @03:12AM (2 children)
Naive to the max. In 1988, it was incredibly easy for any user to bring a PC network, or for that matter, a minicomputer or mainframe, to a standstill just by making an honest mistake, no malicious intent required. I did it just by making an infinite loop that scanned a networked directory for files, without any pause between scans. Oops. That was only possible because the networks of those times had nothing in the way of fair scheduling, and would happily let a rogue process like mine starve everyone else. Every other computer on the network quit responding even to keypresses, until I hit ctrl-c. Added a sleep command to the loop, and that solved that problem, whew.
And security was a joke. Passwords were stored in plaintext. No one had heard of cryptographic hashing, or salt. Anyone with admin access could simply cat /etc/password, and see everyone's login info. On the mainframe, the password checker did not bother erasing memory before returning it to the OS, and so it was quite easy to write a program to exploit that, no admin access needed. Allocate lots of RAM, string search it for your own password, and if found, notify you so you could look around that area of memory and likely see everyone's password.
(Score: 0) by Anonymous Coward on Friday March 13 2020, @01:47PM (1 child)
(Score: 0) by Anonymous Coward on Monday March 16 2020, @06:05AM
Wut?
In the early 90s, Linux's passwd file was certainly NOT salted.
(Score: 0) by Anonymous Coward on Friday March 13 2020, @08:26AM
When you have good family connections, a felony conviction is no obstacle against getting admitted to grad school and getting a professorship. You don't even have to serve time!
(Score: 3, Funny) by Bot on Friday March 13 2020, @11:51AM (4 children)
Sadly this year I had already touched windows twice (the average is once every 2y).
First time because a windows partition was unmounted uncleanly so I could not mount rw with linux. But I recall having shut the PC down normally. Turns out that win 10 does not shut down on the command shut down anymore, but does a kind of hibernation, to speed up boot time. (when I hear "speeding up boot time" I reach for my revolver, and you should, too).
So, if you touch the partition and then reboot windows, and it restores some state from who knows where to dam if I know where, then it might get messy.
Luckily the procedure to resolve the problem involves a preference item that you can easily access once in a control panel's screen II level menu , but after you have enabled advanced option, in a layout different from what was shown in the help article on the net.
Second time was somebody who couldn't decode a zip because his windows has a messed up registry. In a barely 2 months old medium range laptop.
Linux is a kit car, but windows is a car made of cardboard cutouts which is popular because it has an automatic transmission. Made of cardboard cutouts.
Account abandoned.
(Score: 2) by Freeman on Friday March 13 2020, @03:16PM
I hear that a SSD will "Speed up boot time".
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Friday March 13 2020, @03:44PM (1 child)
I set Windows to shut down instead of hibernate (it's buried somewhere in the Windows power management settings), but every time an update occurs it switches it back. Fuck Windows.
(Score: 2) by Bot on Friday March 13 2020, @11:32PM
>fuck Windows
Maybe in 20 years windows will reach beta quality levels, and we can say fuck beta again.
Account abandoned.
(Score: 3, Informative) by dwilson on Friday March 13 2020, @05:52PM
Except for the gearing in that automatic transmission. Those are actually three dimensional, because they have to at least somewhat work. But they're plastic, PLA out of a 3d printer.
- D