Homeland Security: Fix your Windows

In a rare alert, the U.S. Department of Homeland Security has urged Windows users to plug a potential worm hole in the Microsoft operating system.

The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft's MS06-040 patch as quickly as possible. The software maker released the "critical" fix Tuesday as part of its monthly patch cycle.

"Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement. The patch fixes a serious flaw that, if exploited, could enable an attacker to remotely take complete control of an affected system, the agency said.

Microsoft on Tuesday issued a dozen security bulletins, nine of which were tagged "critical," the company's highest severity rating. However, the flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction.

The flaw has some similarities to the Windows bug that enabled the notorious MSBlast worm to spread in 2003. Both security vulnerabilities are related to a Windows component called "remote procedure call," which provides support for networking features such as file sharing and printer sharing.

"Blaster took advantage of a vulnerability in the same service. We recognize that this is something that is easily exploitable," said Amol Sarwate, the manager of vulnerability research lab at Qualys. "It is excellent that DHS sent out this alert, because I think a lot of people are vulnerable."

Microsoft has seen a "very limited attack" that already used the newly disclosed flaw, the software maker said Tuesday.

Overnight, some hacker toolkits were updated with code that allows researchers to check for the flaw and exploit it, said Neel Mehta, a security expert at Internet Security Systems in Atlanta.

"This is a very serious vulnerability," Mehta said. "At the moment, this exploit is being used in targeted attacks to compromise specific systems. However, there is nothing about the nature of the vulnerability that prevents it from being used in a much more widespread fashion as part of a worm."

Microsoft worked with the Department of Homeland Security on the alert, a company representative said. "Microsoft...encourages customers to deploy this update on their systems as soon as possible, given that we are aware of targeted exploitation of the vulnerability," the representative said.

Microsoft deems the vulnerability critical for all versions of Windows. However, users of Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 should be protected by the Windows Firewall if they do not use file sharing and printer sharing, Christopher Budd, a security program manager at Microsoft, said in an interview Tuesday.

The Microsoft updates are available via the Windows Update and Automatic Updates tools as well as from Microsoft's Web site. Temporary workarounds are outlined in the security bulletins for those who can't immediately apply the patches.

[airwalkery2k]

I am not sure.

I somehow don't think I have enough duct tape and plastic sheets to patch my windows up.

[rcrusoe]

Easy fix

See that black wire running from your computer's power supply to
the wall? Unplug it and throw it away.

It's the only successful method of securing Windows I've ever
found.

[sneezy--2008]

Suggestion

Check out Home Depot
They say "You can do it. We can help"

[sneezy--2008]

Help

Check out Home Depot.
"You can do it. We can help"

[kenfretz]

Homeland Security: Fix your Windows

You know it would be great if the DHS were one hundredth as concerned with the holes in our countrys borders as they seem to be about a problem that the solution to has already published by Microsoft.

[sneezy--2008]

DHS

Don't be such a simpleton, if I saw your shoe laces unraveled wouldn't you want some one to point it out before you fell on your face.

Why take such an afront to their suggestion?

When we stop hiring illegals there might be a light at the end of the tunnel.
Who are cleaning, building and cutting our grass?

[n3td3v]

Department of Hopeless Security

Are they in any position to criticize anyone, even Microsoft, or give out advice to anyone?

What a joke America has become.

You've got to love Bush and his DHS.

[Macsaresafer]

Exactly.

He has us borrowing billions to pay for a useless DHS, and he
called the Democrats Tax and Spenders!

The funniest part is, DHS computers will be easy for cyber terrorists
to hack. You'd think that department wouldn't have chosen to use
the world's least secure OS, but they did.

[freqmd5]

eagle steals the liver...

liver helps you cough up hair balls... hair balls happens when someone sprays coke-cola all over your coat... molashis is some sticky stuff.. cough cough cough cough cough cough cough cough cough cough cough cough cough cough cough cough

praise Bush, and his dept of human services...

[n3td3v]

cnet advert revenue in exchange for worm

give us half the profit that you'll make out of articles talking about a worm exploiting the vulnerability and its a deal.

deal?

you know my e-mail address Joris...

i look forward to it

[technewsjunkie]

Windows is a National Security risk. Duh.

One size fits all?

Dept of Homeland Stupidity

Homeland Stupidity now resorting to posting messages
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/603/43/" target="_newWindow">http://www.techknowcafe.com/content/view/603/43/</a>
in support of Microsoft. When did M$ buy the Dept. of Homeland Stupidity?

[n3td3v]

hehe

when they thought we would lift our fingers and code a worm to give them credibility in their 'alerts'

stoopid dhs indeed

[btvsrcks]

Duh.. when you voted Bush into office

Microsoft (as all big businesses do) love it when Republicans are in office. They reap the rewards. Shame on those who voted for him thinking he would help the people. The repubs don't care about the people, and they never have. Money money money...

[The_Nirvana]

Stop spamming

don't put irrelevant links

[btljooz]

Dept of Hopeless Stupidity? or Brainwashed Sheeple...

I think you have it a bit backwards. Think about the possibility that the 'Gov' and M$ are actually in CAHOOTS!!!!!

DoHS says, "Patch!...for 'your [i]safety[/i]!!!"

Brainwashed sheeple patch, then DoHS, NSA and [i]GOD[/i]...[b]OOOOOOOPS!!!![/b].......[u]GOP[/u] can spy inside of EVERYONE'S computers. Or at least those running Windoze platforms. ;)

[JFDMit]

Last week, I was passing through LAX.

I got pulled for one of those 'random searches' the Customs guys like to do to pass the time. The search itself took about 30 seconds, then I stood around for 20 minutes while the Customs agent tried to get his computer to work so that it would accept my details.

After waiting and waiting for his PC to even recognize his mouse inputs, he called over three coworkers to stupidly gaze at the unresponsive screen. Finally, he said to them, "Huh! I guess we got another one of them viruses in the system. Better get that guy we had last week back in to fix it."

I piped up at this point that I was a bit uncomfortable having my passport details entered into a compromised system. All four bovine heads lifted and turned toward me at the same time, with the same look of uncomprehending incredulity on their faces that a mere Citizen had dared to speak to them. Finally, one of them said, "I suggest you leave this to us...sir."

Looks like the DHS isn't the only bunch who haven't clue one about how to do their jobs.

[maxwis]

The Shadow Government Needs Useful Idiots

The shadow government that is running things needs useful dolts at the bottom to blindly enforce policy and not think for themselves. For every Major Hochstetter there are 1,000 Sgt. Schultzs.

[scwoods]

The proper response

In this case is to say, politely, but firmly. I wish to speak to your supervisor. This gets you away from Sgt Schultz, and perhapsto Lt. Asch. In anycase you'll get to somone with a little real authority, who probably isn't suffering from 'Storm Trooper' syndrom. "These aren't the droids we want, you can go, Move along."

[sneezy--2008]

August 10

Aren't you glad you were not in LAX today?
Don't be such a jackass..
Count you blessings instead of your inconveniences

[OneWithTech]

Just another reason to by a Mac.

You know, I don't want to stir anything up, but what good is
Windows without the ability to share computers and printers?

I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?

Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.

I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.

VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!

J Gund
Tech01
www.Tech01.net

[OneWithTech]

Just another reason to talk to Steve Jobs

You know, I don't want to stir anything up, but what good is
Windows without the ability to share computers and printers?

I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?

Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.

I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.

VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!

J Gund
Tech01
www.Tech01.net

[Macsaresafer]

Steve would also tell you

that all Macs have the ability to create encrypted disk images, so
should you need to take confidential data with you, at least it can
have reasonable security if you use a strong password. MS
however, removed their "locked" folders feature at the request of IT
departments!

[OneWithTech]

Just another reason to talk to Steve Jobs

You know, I don't want to stir anything up, but what good is
Windows without the ability to share computers and printers?

I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?

Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.

I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.

VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!

J Gund
Tech01
www.Tech01.net

Buggy Whips

When MicroSoft stops making buggy software Symantec will stop
making buggy whips.

Jim

[thedreaming]

Whaaaat?

Why is Homeland Security interested in Microsoft? This patch tuesday is no different than last months? There's always some hole that needs to be patch and they always provide the patch and we always apply the patch. Why does the DHS all of the sudden feel that they have to tell us to apply the patch?

[Fireweaver]

Sgt Schultz

It's my experience that the supervisor all too often is simply the Sgt Schultz who has been there the longest and thus was promoted.
The security forces at airports are some of the most indignant and self-righteous workers in America. They may as well have a sign that reads: "Have a complaint? Please fill out this 5 page form and file in the trash on your way out"
They don't have to care about what you think or want or whether or not they do their job well or efficiently. When you're with them there's only one person who gets an opinion.
Don't like it? You can always drive your car instead.

[Steve Hirst]

or use new technology notme.com

Fix your windows. People don't want to do the simplest updates and yet want total privacy and security. Now they can have it. A New US Patent is being launched soon www.notme.com Fix their windows, they are users, normal people who want to surf the internet in complete privacy and do nothing to attain complete privacy. I have 7 programs on my computer to protect me yet I still get all that junk mail on anything I look at on the internet...

NO MORE !!!
Simply put:
Any person, from any PC, can visit any website... even purchase from that website, completely anonymous, completely secure, leaving absolutely no history nor tell tale information anywhere, with one click.

The NotMe "Patented Indirect Portal" Advantage:

Complete privacy and security at the website visited, they have no way of identifying you, nor any way to pass Cookies, Trojans, a Virus or any kind of Spyware to you.

Complete privacy and security from any PC or device connected to the internet that you happen to be using at the time with absolutely no way for the PC to track where you have been.

Complete privacy and security on your credit card statement.

And, there is absolutely no software needed, it is ISP based, so it works from any and all PC's today!

The US Patent is Located:
<a class="jive-link-external" href="http://portal.uspto.gov/external/portal/!ut/p/_s.7_0_A/7_0_CH/.cmd/ad/.ar/sa.getBib/.ps/N/.c/6_0_69/.ce/7_0_3AB/.p/5_0_341/.d/5?selectedTab=detailstab&#38;isSubmitted=isSubmitted&#38;dosnum=09753714" target="_newWindow">http://portal.uspto.gov/external/portal/!ut/p/_s.7_0_A/7_0_CH/.cmd/ad/.ar/sa.getBib/.ps/N/.c/6_0_69/.ce/7_0_3AB/.p/5_0_341/.d/5?selectedTab=detailstab&#38;isSubmitted=isSubmitted&#38;dosnum=09753714</a>

And all information regarding this technology is located at www.notme.com, its brand name soon to launch.

Solves all the problems and the user does nothing... because users want to do nothing... the user wants all kind of protection but wants to do nothing to attain that. Now they can.


Privacy whenever or wherever an internet user deems appropriate, is what NotMe provides.One click and forget about.


Disclaimer...If a user utilizes NotMe to break or circumvent national or international law,
NotMe will cooperate fully with any and all law enforcement agencies. We will enjoy catching you and assisting in your prosecution. Think G-Mail.

[ausburn]

NOTME.COM

Disclaimer...If a user utilizes NotMe to break or circumvent national or international law,
NotMe will cooperate fully with any and all law enforcement agencies. We will enjoy catching you and assisting in your prosecution. Think G-Mail.WHAT does this mean? how can the help?If you surf annonymusly and people and maybe them to are claiming they dont keep any records.I READ you can use your credit card securely how is that ? If they can help the law they can tell about your credit and where you been surfing.How can they claim you can surf annoymusly?What does Think gmail mean? thanks

[Kublaitrain]

The real deal

From our local governments to our local neighbors everyone is always pointing fingers at Microsoft and their software. The honest truth is that more incompetent IT staff and uneducated computer users are behind these keyboards. Take a good look at our educational system from the very begging we are victims of these digital lines. I see students at high college levels that cant even use or open a piece of software like Power Point. Yet they get government jobs and even become IT graduates. The sanity of a nation has to be looked at its roots, in our case education. From that we can fix many of our flaws and learn to close the door to our friend the robber.

[rcrusoe]

Dear Homeland Security

I'd love to "Fix my windows".

But no one, including Microsoft, knows how to make the OS secure.