Various pinhead pundits have weighed in on a purported plan by DARPA to set up a bookie system where up to 10000 experts can bet on such things as the next major terrorist event. The liberal talking heads are chattering about how horrible or useless or stupidly moronic or waste of money, yadda yadda. Not only is the purported program (personally, I think it is an _Onion_ article behind all the nattering) based on sound scientific grounds that in the past has found a sunk sub and a lost nuke-bomb but something like it is already in place at the Dept. of Homeland Security for example although privately funded. I'm sure it is not particularly exceptional. As of last friday the official word on when a viral or worm exploit of the M$ RPC dick-stomp was 7 to 10 days. However, the most bet of the pool where real people put up real money was 5 days. Its like betting the track favorite to show. Thus all of you running a modern M$ OS have about 24 to 48 hours to download and install the "service pak". Happy Hunting. If I wuz to bet, I would bet on the track favorite to show in that race. If I were to bet in the case of the Pentagon terrorist line being accurate if such a program of collective intelligence of 10K area experts ever gets off the ground assuming its not an _Onion_ in the first place - I would bet the track favorite to show.62 responses total.
Heinlein used/demonstrated that technique in _Friday_: Ask an intelligent, capable person to prove/disprove that the outbreak(s) of the Black Plague in the Middle Ages were the result of conspiracy. Give her some time to look into the matter, then wake her up in the middle of the night, from a sound sleep, and ask, "When will plague next break out?" The answer is likely to be accurate, because based on a lot of information processed in an "interesting" way.
Sounds a bit like the Foresight Exchange (http://www.ideosphere.com/fx/docs/FXdocs.cgi) which has been around since I believe 1994. Though FX is more of a trading market than just a straight bet.
Pentagon Abandons Plan for Futures Market on Terror From the New York Times WASHINGTON, July 29 - The Pentagon office that proposed spying electronically on Americans to monitor potential terrorists has quickly abandoned an idea in which anonymous speculators would have bet on forecasting terrorist attacks, assassinations and coups in an online futures market. Senator John W. Warner, the Virginia Republican who heads the Senate Armed Services Committee, said today that he had conferred with the program's director at the Pentagon, ``and we mutually agreed that this thing should be stopped.'' The senator's announcement - made during a confirmation hearing for retired Gen. Peter J. Schoomaker, who has been nominated to be Army chief of staff - signaled the end of a program that was met with astonishment and derision almost from the moment it was disclosed. Under the discarded plan, traders bullish on a biological attack on Israel, say, or bearish on the chances of a North Korean missile strike would have had the opportunity to bet on the likelihood of such events on a new Internet site established by the Defense Advanced Research Projects Agency.
I wonder what the odds would have been for assassination of the president.
It wasn't really a place to "bet". What it was going to be (from what I understand) was a place to trade stock in oil markets in the mideast. By doing so and watching the market, they would be able to tell wheen something was likely to happen and where. If 40% of the stock in iran suddenly switched to saudi arabian oil, you could assume something was going to happen in Iran that would disrupt the flow of oil from that state. The Betting angle was derived because if you were able to make the right purchase at the right time and then get out before whatever "it" was happened, you could make a killing. The same inetelligence could be garnered by watching actual stock market trends and knowing who was investing where and pulling out when, but that would require legal wrangleing that the DARPA program would have avoided. I think it might have worked, but was to fazr outside the box for mass acceptance.
bdh in resp:0 :: > As of last friday the official word on when a viral or worm exploit of > the M$ RPC dick-stomp was 7 to 10 days. However, the most bet of the > pool where real people put up real money was 5 days. Its like betting > the track favorite to show. Thus all of you running a modern M$ OS have > about 24 to 48 hours to download and install the "service pak". Systems at Michigan State started getting probed Monday, it looks like, and use of the RPC exploit went ballistic today. I "lost" a Win2000 laptop, at least until I make time to rebuild it.
re #5:
Just like lots and lots of people putting money into into etoys.com
stock accurately predicted the huge longstanding success of etoys.com, right?
;)
Hmmm, would Zone Alarm protect a WinXP machine from this exploit?
Have you installed the free patch from M$? If not the answer is unfortunately well, sorta kinda probably definately no. Any M$ current OS prior to the release of the patch on 071603 that doesn't have the patch installed is vulnerable OOB (out of the box). This means that every new Wintel box you buy at the store is likely vulnerable. Personal FW software helps but doesn't solve the problem. I haven't checked today, was too busy, to see who won the pool as today was supposed to be zero day for 1st generation bad stuff. Its too bad liberal democrats torpedoed an initiative that might have set up a system to give quidance where actual lives are at stake - you kinda wonder who's side they are on exactly. (Some call it treason) (I mean you get criticized for not predicting the future and then get criticized for proposing a system based on proven technology to do exactly that - you can't win.) Instead, the time proven tech will continue to be applied to protecting computers instead of protecting people. Botton line, people. Times up. You really need to have already installed this patch. Sure it will break things and it will be fixed in the future but thats the biz, sweetheart.
Proven technology?? How so?
I have an example of how betting affects the outcome. Bookies bet on the outcome of a cricket match. Then bookies fix the match by paying off a few players!! So much for proven *technology*.
re#11: the exception that proves the rule. (Hint: bookies don't gamble) I don't off the top of my pointy geek head know how old the Bayesian statistic stuff is - seems to me that the specific math is quite old. Current art is rather active. Google Bayesian, Monte-Carlo, and Casino for lots of references. For a day or so I had a nice check from the buyout of a company that used the tech in my wallet before it was diposited - 50 cent per share turning into over 17$US over the course of ten years or so plus all the dividend payments.
"Bookies don't gamble". Says who? Are you saying you haven't heard of match fixing ever?
Re #9: It wasn't liberal Democrats that torpedoed it. Read the newspaper.
It doesn't matter remmers. The header is correct. Liberals ARE stupid.
Re #7: On the average, better than apparatchiks were able to run the economy of the USSR with their Marxist wisdom.
re#13: Ok, you are right, I should rephrase that. Professional bookies don't gamble.
Hehehehe ..... you think people who want to make money care about professional ethics??!!!!
Not everyone who wants to make a good living is without ethics. We just hear a lot more about those who are, which tends to color our perceptions of the whole lot.
I have a report that the Microsoft patch for the RPC exploit is ineffective in protecting Windows 2000; it was reported to work in Windows XP Home, however.
There are apparently now two variants, dcom.c and dcom48.c, as well as "worms" in the wild (none particularly effective apparently nor have I personally seen any nor have I a copy of dcom48.c and only seen analysis of (seeing source to dcom.c was enough to cause my heart to skip a beat)). Folk, there is the potential here for a _Perfect Storm_, a confluence of factors. There is this fundamental flaw across the board in the M$ OS's as well as a particularly well developed methodology for propagation. Along with it is the high speed interconnectivity of the global Internet (heck, there are Internet cafe's operating in mosul and baghdad as we speak only - this Internet thingy is widespread and cheap.)
Word. In case you haven't already bothered, right about now would be a good time to install the latest patches from M$. Sure they might not be perfect, and will probably break other things. But the betting pool is rather pessimistic in certian circles.
re: 22 . . . as long as you're not installing the ones going around by email. dcat, who had 40 of the damn (220KB) things today
Instead of installing the latest M$ patches, why not drop Linux or OpenBSD boxes in wherever they can be substituted and eliminate the problem at the source? Hmmm. Run Windows as a virtual OS under OpenBSD. Keep an installed image around. Whenever the image shows signs of infection, shut it down and restore from the backup.
re#24: Thats not a particularly helpful suggestion. There are many orgs where even if the individual wanted to replace M$ OS entirely the org rules specify approved OS and that is M$. And further, 'virtual' M$ OS would in this case be equally vulnerable to the exploit (I gather you have not seen the exploit code) and whats worse, the ISS free tool for scanning for vulnerable machines won't find it. (I have personal knowlege of this) Word. Folk, install the update before its too late.
Hmmm. If you have the source to the worm it should be really easy to hack it into a scanner for vulnerable machines, no? It should also be really easy to use that source to see what kinds of attack packets the worm uses, and hack up some firewall software to drop any coming from outside and ID any infected machines inside.
re#26: Just like everybody else that bothered to look I had the dcom.c to the initial exploit and did exactly as you describe. I don't have the source *yet* to the worm to do the same. My point was that your virtual windows scenario in fact prevented the ISS scanner from functioning and things like ISS etc are what most orgs have to rely on. Thus your suggestion to eliminate M$ OS may in fact be technically correct, but meaningless as in the real world the environment in user space is M$ OS and unfortunately to an increasing extent in server space as well. Install the Update before it is Too Late.
Last year M$ released 70 patches. This year its been 30 and we're still counting.
Look, there is no debate that M$ OS's suck. Thats irrelevent. Its what you have to use on a PC. Install the Update before it is Too Late.
Re #29, True that you must patch it asap. "Its what you have to use on a PC." - Increasingly becoming debatable.
I use Linux or BSD on most of my PC's. I don't see where you "have" to use MS unless your boss forces you to.
This response has been erased.
yeah, I have that on the one Windows computer I use at work as well. Fortunately my admins are Unix buffs, so they usually don't complain.
I wonder why an emulator would defeat the vulnerability scanner. If it makes that much of a difference, I wonder how much more of a tweak it might take to make the emulator defeat the worm... The point of running the M$ OS under emulation isn't to prevent infection, it is to allow faster (perhaps automated) purging of this or any future worm. You KNOW that M$ code is crap, so you might as well take measures to minimize your damages. Is IBM still working on the "digital immune system" scheme?
re#34: The vulnerability scanner attempts to detect the presence of the vulnerability without subverting the machine and relies among other things on the ability to detect the tcp stack implementation. By definintion, in order to emulate/interoperate the emulated Wintel would be equally vulnerable to the DCOM/RPC exploit(s). Thus the emulated and vulnerable machine was even more of the threat since it was hidden. From a pure tech play the emulated M$OS environment with an ids running in the native OS is clearly superior. Unfortunately its more expensive and the emulation runs slower than the cheaper native system so its not likely to be implemented. --- Depending on the size of the organization there are simple support issues with allowing anything other than a "standard" build of an OS to run. It is a management issue not a technical one. And often there a requirements such that an independent auditor be able to sign off on an org's compliance with legal standards that they would obviously not be willing to do so if the org's users all had "pink ones" - hand built hardware/software systems. From a technical perspective the geek users get this "approved build" and notice many "flaws" - not realizing for example that downlevel code in some area may be to allow a specific legacy application to function that only a small number of critical users even know about and so naturally "fixes" it, goes on his/her merry way, and lies to support if there is ever an issue and has a generally poor opinion of the process not having all the technical details. An observation that even Russ probably hasn't noticed. Often the process of "installing an approved load" of an OS involves literally cloning a clone of an approved and working "seed" machine rather than an actual OS load of a distribution by its nature resulting in a fragmented filesystem that degrades from there. I have personally seen as high as 50% fragmentation and so often the first thing one can do to improve things is to defragment your drive (this is Wintel specific advice obviously). There is a slight possibility it may break things but these days not as likely - things tend to work better not worse if they work faster. Again, this tends to not exactly give the geekly a high opinion of the process. (Obviously the solution is to defragment the seed machine before its "load" is approved and cloned - but the geeks invariably are not inclined to share that information with those building the approved machines.) Install the Update before its Too Late.
A friend of mine had his XP Home system get hit by this worm last night. He ran Symantec's removal tool and then patched his system, and it's stable again now. The main symptom was that svchost.exe kept crashing repeatedly, forcing reboots. The patch has been out for almost a month, so there aren't many good excuses for getting hit by this one. Running Windows Update every couple of weeks would have kept you safe.
and mysteriously broken stuff from time to time - been there, got the hat and the t-shirt. Consider for a moment that you are trusting the "automatic update" function to the same folk that brought you the shitty OS in the first place. Like Duh. How stupid is that?
Fuck off, opium den.
I've actually only had one update that broke anything. (Q328310 -- it causes random BSODs on some NT 4.0 Workstation systems.) Anyway, if you'd rather get hit by a worm, be my guest. ;>
...on the other hand, by *not* running windows update every couple of weeks and keeping the WindowsMe, I'm not vulnerable to the worm. Spent a fair amount of time looking for the patch before I figured that one out.
(obligatory Linux zealot gloating)
yeah, it doesnt affect us unix/linux users, right?
Nor even us Mac weenies. :)
Do you think there are enough of us weenies here, on Grex, to support a Mac conference?
<prepares for flame war born of endless PC/Mac conversions problems on work demanded by boss>
Re #40: True, but I still recommend running Windows Update because there are bugs in WiniME, too. They just haven't been widely exploited yet.
I dunno, mary; right now, the micros conference is kinda dull. We could start a few items and see. :)
Of course, I don't suppose it would help if people stopped using programs that automatically open e-mail attachments, would it? Nah, didn't think so.
In this case, it wouldn't have. The current worm doesn't spread through email, it scans for vulnerable machines and infects them directly.
This response has been erased.
re#39: Have you patched your NT4.0 for the DCOM Rpc vulnerability? Or didn't you notice its now on the list... re#42&43: Not directly, but if you are on a network with M$ users the potential for problems is there, especially if infrastructure such as DNS servers or DHCP servers run on vulnerable M$ OS. Also current thinking is that the current M$ critical patch only patches one vulnerability and either creates a new one, there was one hidden, or there was an unnoticed one. Symptom is supposedly patched system rebooting when attacked. The truely paranoid are thinking that the scheduled DDOS attack this weekend is the one of a one two punch - they suspect there is a second exploit scheduled to be triggered during the DDOS attack preventing M$ users from downloading a patch against it. Also the current worm is polite enough to warn you that you have 60 seconds... Immediately set your date to a year or more ago and proceed with the cleanup at your leasure (but do it quickly). All the major vendors have free cleanup tools that seem to work. VPN users who's software vendor supposedly protects you via a 'shim' at a low level should be aware that you are totally vulnerable during the authentication and setup phase - I have personally seen an infection of dialup user during this small open window. Update now, its already too late.
* sniiiiiiiiif *
hu
* snuff*
"[Thick] Asiatic eyebrows, encrusted with latex au opium..."
"O, "
"O, pee-U",, O-P-U-Um.
Re #51: Most of the NT 4.0 systems have been patched. None of our Windows systems provide Internet services, and they're all firewalled off, so it's not urgent to patch them all immediately. The last Windows system we had providing an Internet service to the outside world was our IIS web server, which we replaced with a Linux system running Apache not long after Code Red. (Not as a direct result, though. We'd been planning it for some time.)
Nobody bothers infecting WinMe anymore--doesn't irritate enough people. If I weren't so lazy, I might go check manually for patches, but I'm enough of a control freak that I'd want to go through and examine each update before installing--dunno if windows update offers this option or not. I use pine almost exclusively for mail, so viruses aren't a problem.
well, then at least back your stuff up.
Windows Update does give you the opportuity to individually approve or decline updates.
This response has been erased.
You mean, it's too late for anyone dumb enough to run an M$ OS.
Re 57: There's a blurb over on the Register about an MS patch for WinNT which was apparently worse than the hole it was trying to fix. A new patch fixes that patch.
Fucking opium addicts.
What polytarp said. :) I tend not to upgrade unless there's a dire need for it. Somewhere between not trusting MS and not fixing what ain't broken lies the reason...Yes, I backup files pretty regularly. In fact, that reminds me...
Re #57: Some patches have side effects. Installing Q328310 for Windows NT 4.0, for example, causes random bluescreens on most (but not all) of the machines at work.
You have several choices: