Unpatched PCs compromised in 20 minutes

eMpTy-1 Aug 21, 2004

?

How often do you update your computer software?

  1. Auto

    0 vote(s)
    0.0%
  2. Daily

    0 vote(s)
    0.0%
  3. Weekly

    0 vote(s)
    0.0%
  4. Monthly

    0 vote(s)
    0.0%
  5. Half Yearly

    0 vote(s)
    0.0%
  6. Do what now?

    0 vote(s)
    0.0%
  1. eMpTy-1

    eMpTy-1 Junior Members

    Threads:
    36
    Messages:
    294
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Various
  2. opia

    opia locus solus

    Threads:
    53
    Messages:
    1,826
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    wales
    paid for? what kind crazy idea do you call that! :hehe:
     
  3. twistedjc

    twistedjc Guest

    Nudge, nudnge :Wink3: :Wink3:
     
  4. martin_e

    martin_e Pantheistic Cyberneticist

    Threads:
    217
    Messages:
    9,057
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Living in a shed in Broadstairs
    Um... most reports say XP SP2 totally fucks your computer and still leaves huge security holes. Use LINUX - you get what you pay for. Use M$ you pay what they charge you ...
     
  5. generaljoe

    generaljoe Member

    Threads:
    19
    Messages:
    507
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    East of Lyra, north west of Pegasus.
    And use firewalls. Let's be careful out there...
     
  6. soliptic

    soliptic whirling mathematician

    Threads:
    59
    Messages:
    1,303
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    sw19
    martin - linux - nice idea and all ... but this is the media production forum. i think most people are probably somewhat attached to Cubase, Logic, Sonar, Pro Tools, Nuendo, Soundforge, Wavelab, Fruity Loops, Reason, Reaktor, Recycle, Kontakt, etc, etc.... precisely none of which are available on linux.

    Believe me from almost every perspective i cant wait to ditch MS (and not because i think its clever to use something obscure and write "M$", not even really becuase of the often woeful security and stability of MS products, more becase of the philosophies. MS is heading DRM and for me the entire attraction of the PC has always been freedom. If I'd wanted a machine that could only perform a limited range of operations I'd have got a calculator; if I wanted someone to dictate what was and wasnt kosher for my computer I'd have bought an Apple. The whole point of PCs is that they are turing machines so they can do anything, and they're controlled by no-one, so you can do anything. if u see what i mean.
     
  7. soliptic

    soliptic whirling mathematician

    Threads:
    59
    Messages:
    1,303
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    sw19
    Oh... and for the record... I went for the last option. I'm on a 56k modem which is automatically disconnected every 2 hours, so the notion of downloading large patches all the time = blah.

    I did get the fixes for the Blaster stuff obviously, because then you didnt even have 20 minutes.... u had about 30 seconds if u were lucky. As for the rest.... if you dont use outlook, dont use IE, and you're not a retard, you really dont have much to fear.
     
  8. norty303

    norty303 Member (Todger)

    Threads:
    48
    Messages:
    1,998
    Likes Received:
    28
    Trophy Points:
    48
    Location:
    East Sussex
    I think XP is the bollocks personally but then I live with it all day, daily and i'm not 733t.....L337... or something like that anyhow....
     
  9. RezN8

    RezN8 Ave it !!!!!!

    Threads:
    57
    Messages:
    1,089
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Gobsport
    Sorry to burst your bubble mate, but as soon as you connect to the Internet, the world connects to you! Even if you're not using Outlook or IE, as soon as that modem connects to your ISP, unless you're running a firewall, you have exposed ~65,000 ports (ways for people to connect to your computer) to every spotty script kiddie out there.

    Admittedly, if they want to take control of your PC in any way, they have to trick you into loading their client software onto your PC, which no-one is daft enough to do. But then this code can relatively easilly hidden, and often is, inside cracked versions of software & 'freeware' utilities.

    And we haven't even mentioned all the other nice things they can do to you, like denial of service attacks, etc.

    The only sure way to stay protected is not to connect to the Internet at all. If you want/need to connect, best get yourself a firewall (ZoneAlarm, etc) as the absolute minimum of protection. XP even has one built in.

    Historically, MS have had a bad rap because of security, which was hurting Bill's bottom line. This was simply because these OSs were architected and written years before they were released, yet the script kiddies all have modern tools at their disposal. About 2 years ago, MS were suffering so much (and let's be honest about it, nothing happens in business unless it affects the bottom line) that Bill ordered the setup of a whole division with MS to deal with the problem. Since then, these guys have had the first and last say in *everything* MS push out the door. I've met some of these guys, and they rank amongst the world's best crackers and security experts, and have free license to attack MS products at will.

    The upshot is, XP SP2 is a major update, fixing vulnerabilities that the average user wouldn't even know about (switching services off, switching the firewall on, etc). We've got XP SP2 running on our machines at work, and we've only come across 1 issue - VS.Net remote debugging of SQL Server stored procedures - but there's a patch for this.

    Security on PCs, as with anything in life, is about managing the risk. As I mentioned earlier, the only sure way is to stay protected is not to connect your PC to anything, and not to load untrusted software on there. Beyond this, you run the risk of attack. However, as it's all shades of grey, you have to make a judgement as to the level of risk you are willing to take. Again, as in life, to everything, there is a price to pay, you have to ask yourself, "Am I willing to pay that price?"

    Bottom line, if I had a 'true' choice of OS, closed source (MS, Apple, etc) or open source (where every spotty herbert knows exactly what is going on within the kernal, drivers, etc, and how to exploit that knowledge), for me, it's a no-brainer.

    FWIW, I'm trying to ensure you see both sides of the argument so that you can make an informed decision, which is truly yours to make. :Wink3:

    PLUR

    :smokingr:
     
  10. soliptic

    soliptic whirling mathematician

    Threads:
    59
    Messages:
    1,303
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    sw19
    Hehe , I do know that, but people arent very interested in hacking someone on dialup.

    When my broadband arrives I'll pay a lot more attention to firewalls.
     
  11. generaljoe

    generaljoe Member

    Threads:
    19
    Messages:
    507
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    East of Lyra, north west of Pegasus.
    <begin two penn'orth>

    It is true, there's not much use compromising dialup PCs as part of your botnet; however, going out onto the Internet without protection (dialup, broadband, piece of wet string or T1) is dangerous and should be avoided... and that goes for Linux, Mac, PC, QNX, OS/2, or anything. If you go out there unprotected YOU CANNOT BE SURE that your PC is not thereafter spewing emails with mortgage offers, porn, spam, threats, viruses etc.

    Be sure. Don't be silly. And if you don't know about Internet security, find out. It's not rocket science.

    And if this post seems rude, you wait till your ISP finds out your PC's been compromised and cut you off - they'll be ruder than this. There really is no excuse for this sort of behaviour...

    </two penn'orth>
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice