[194568] in North American Network Operators' Group
RE: Please run windows update now
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat May 13 01:21:56 2017
X-Original-To: nanog@nanog.org
Date: Fri, 12 May 2017 23:21:51 -0600
In-Reply-To: <CA+zb_vGHn2HZbEeduyk1Nw2Wu8s17UPEHWX3wn+O15UsW1=gzw@mail.gmail.com>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Not to mention of course that the version of Windows 10 that actually has a=
ll Microsoft's wonder-dunder-touted-all-and-fro security features is the on=
e that most mere mortals cannot buy.
I wunder.
When there are these wunderful fluffings of the security of Windows 10, sho=
uld one be suing Microsoft for not explicitly stating in the opening senten=
ce that the features touted do not apply to any version of Windows that can=
be purchased at whim (ie, retail) and only applies to the "Enterprise" ver=
sion which is *only* available with a minimum purchase quantity and the sel=
ling of the first (and second) born to Microsoft, and at that only after en=
tering into a really nasty contract with Microsoft?
Or should one be suing all the "security fools and newsfrothers" that promu=
lgate the story without specifying that the emperors "new secure clothing" =
is only available to "Enterprise" customers with special contracts to Micro=
soft and failing to warn that Microsoft has deliberately left everyone else=
"naked and unprotected"?
Or should one simply sue them all and let God (or a judge) sort it out?
--
=CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =C9=B9=
no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=8E =
=C9=9F=C4=B1
> -----Original Message-----
> From: Joe [mailto:jbfixurpc@gmail.com]
> Sent: Friday, 12 May, 2017 23:08
> To: Keith Medcalf
> Cc: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> One word. Linux.
>
> After this we'll probably see (yet more) additional processes running on
> windows boxes safe guarding against issues like this, forcing windoze
> users to upgrade memory/processor/disk space. I, for one, am not looking
> at Windoze 10 S as it locks too many applications needed for work to the
> Windoze store.
>
>
> Getting kind of ridiculous if you ask me.
>
>
> -Joe
>
>
> On Fri, May 12, 2017 at 11:56 PM, Keith Medcalf <kmedcalf@dessus.com>
> wrote:
>
>
>
> Well, this one was patched (or more accurately, undone). Perhaps.
> Maybe.
>
> How many other "paid defects" do you estimate there are in Microsoft
> Windows waiting to be exploited when discovered (or disclosed) by someone
> other than the "Security Agency" buying the defect?
>
> Almost certainly more than just this one ... and almost certainly
> there is more than a single "payor agency" independently purchasing the
> deliberate introduction of code defects.
>
> --
> =CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =C9=
=B9no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=8E=
=C9=9F=C4=B1
>
>
> > -----Original Message-----
> > From: Nathan Brookfield [mailto:Nathan.Brookfield@simtronic.com.au
> <mailto:Nathan.Brookfield@simtronic.com.au> ]
> > Sent: Friday, 12 May, 2017 22:48
> > To: Keith Medcalf
> > Cc: nanog@nanog.org
> > Subject: Re: Please run windows update now
> >
> > Well it was patched by Microsoft of March 14th, just clearly
> people
> > running large amounts of probably Windows XP have been owned.
> >
> > Largely in Russia.
> >
> > Nathan Brookfield
> > Chief Executive Officer
> >
> > Simtronic Technologies Pty Ltd
> > http://www.simtronic.com.au
> >
> > On 13 May 2017, at 14:47, Keith Medcalf <kmedcalf@dessus.com>
> wrote:
> >
> >
> > The SMBv1 issue was disclosed a year or two ago and never patched.
> > Anyone who was paying attention would already have disabled SMBv1.
> >
> > Thus is the danger and utter stupidity of "overloading" the
> function of
> > service listeners with unassociated road-apples. Wait until the
> bad guys
> > figure out that you can access the same "services" via a
> connection to the
> > DNS port (UDP and TCP 53) on windows machines ...
> >
> > --
> > =CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =
=C9=B9no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=
=8E =C9=9F=C4=B1
> >
> >
> > > -----Original Message-----
> > > From: NANOG [mailto:nanog-bounces+kmedcalf <mailto:nanog-
> bounces%2Bkmedcalf> =3Ddessus.com@nanog.org] On
> > Behalf
> > > Of Karl Auer
> > > Sent: Friday, 12 May, 2017 18:58
> > > To: nanog@nanog.org
> > > Subject: Re: Please run windows update now
> > >
> > >> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > >> - In parallel, consider investigating low-hanging fruit by OU
> > >> (workstations?) to disable SMBv1 entirely.
> > >
> > > Kaspersky reckons the exploit applies to SMBv2 as well:
> > >
> > > https://securelist.com/blog/incidents/78351/wannacry-ransomware-
> used-in <https://securelist.com/blog/incidents/78351/wannacry-ransomware-
> used-in>
> > > -widespread-attacks-all-over-the-world/
> > >
> > > I thought it was a typo in para 2 and the table, but they
> emailed back
> > > saying nope, SMBv2 is (was) also broken. However, they also say
> (same
> > > page) that the MS patch released in March this year fixes it.
> > >
> > > Assuming they are right, I wonder why Microsoft didn't mention
> SMBv2?
> > >
> > > Regards, K.
> > >
> > > --
> > >
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > Karl Auer (kauer@biplane.com.au)
> > > http://www.biplane.com.au/kauer
> <http://www.biplane.com.au/kauer>
> > > http://twitter.com/kauer389
> > >
> > > GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C
> 6A3A
> > > Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB
> C38B
> > >
> >
> >
> >
>
>
>
>
>
>
