Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

FBI, Pentagon Quiz Microsoft on XP
dailynews.yahoo.com ^

Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!

FBI, Pentagon Quiz Microsoft on XP

WASHINGTON (AP) - The FBI (news - web sites)'s top cyber-security unit warned consumers and corporations Friday night to take new steps beyond those recommended by Microsoft Corp. to protect against hackers who might try to attack major flaws discovered in the newest version of Windows software.

The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.

The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.

The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.

The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.

A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.

Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.

The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.

During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.

Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.

Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.

Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.

``The patch is effective,'' said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.

Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.

Several experts said they had already managed to duplicate within their research labs so-called ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.

Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.

The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.

-

On the Net:

NIPC.gov

Microsoft Security


TOPICS: Front Page News; News/Current Events
KEYWORDS: techindex
Navigation: use the links below to view more comments.
first previous 1-20 ... 81-100101-120121-140 ... 241-247 next last
To: ALL
All the news articles point to XP as the bad guy that needs a patch from a fight but they fail to mention WINDOWS ME also needs a patch from a medium rated cat fight.This info. seems to only be known at the MS download patch web page.
101 posted on 12/23/2001 9:42:51 AM PST by TaRaRaBoomDeAyGoreLostToday!
[ Post Reply | Private Reply | To 99 | View Replies]

To: Balding_Eagle
I automatically recieved noticfication a few day ago that an important patch was already downloaded and was waiting for instruction from me to be installed,

Cool!

What happens with the stuff it DOESN'T notify you about? And is that pipe bi-directional? Just something else for the crackers to exploit; it's only a matter of time.

102 posted on 12/23/2001 9:44:58 AM PST by AFreeBird
[ Post Reply | Private Reply | To 12 | View Replies]

To: rdb3
There was a link in post 26, and a quote in post 31.

These people don't seriously doubt the laws exist. They're using Clintonista defense tactic #452 -- ask for proof, then find a single detail of that proof to argue with, and try and divert the topic to that detail.

From my experience, MS defenders don't believe what they're saying. They're just defending the 'popular' entity they like, for argument's sake.

103 posted on 12/23/2001 9:48:55 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 100 | View Replies]

To: Dominic Harr
All products are defective. A person with a crowbar can break into your house or car. Doesn't that make your house and car defective?

I can destroy a frame house with gasoline and a match does that not make the house defective?

If drunk runs into your car and it kills you does that make your car defective?

If someone dropped you off the empire state building and you landed on some people and it killed them does that not make you defective?

There is no proof that Microsoft's softare does harm. A product that by iteself does harm is the legal definition of defective. Being vulnerable to attack is not a definition of defective.

XP is vulnerable to attack. Just as the place you live is.

If I attack an XP computer it will fail. If I threw gasoline and match on you, you would burn. Would that make you defective too? By your definition you certainly are.

104 posted on 12/23/2001 9:51:03 AM PST by Common Tator
[ Post Reply | Private Reply | To 21 | View Replies]

To: Mixer
If this doesnt wake up the world and make them all switch to Linux I dont know what will.

Well, we know Microsoft is trying to stop that with its persecution of Lindows.


105 posted on 12/23/2001 9:52:17 AM PST by rdb3
[ Post Reply | Private Reply | To 48 | View Replies]

To: rdb3
I have been somewhat following this debate/argument on this thread but the news article itself implies that microsoft was aware of the critical flaw.An elitely good lawyer could possibly argue the lapsed time was spent creating the patch. But the lack of alerts to brand newly bought Christmas puters is apparent.

I did notice the Madonna song commercial promo was on constantly everywhere and then the marketing died down seemingly...If XP was launched with knowledge of a huge privacy flaw (as all news articles of the past weeks seem to insinuate) Someone may have a case.:::A lady sued Mickey D's with less basis of common sense:::

Me thinks Bill Gates ought to do some good PR -but quick- and offer free useful freebies and promos.I'd like MS Office for free -to start- Available ASAP on the download page. Then my inconvience and the seemingly outright deception will seem --not that bad--.

106 posted on 12/23/2001 9:54:30 AM PST by TaRaRaBoomDeAyGoreLostToday!
[ Post Reply | Private Reply | To 100 | View Replies]

To: TaRaRaBoomDeAyGoreLostToday!
In our society GREAT MARKETING triumphs over GREAT PRODUCTS every time !!

That is why and how Microsoft and other purveyors of crap products and policies have done so well.

107 posted on 12/23/2001 10:32:01 AM PST by hoosierham
[ Post Reply | Private Reply | To 106 | View Replies]

To: Common Tator
All products are defective.

You *must* understand product liability laws. You're just being obtuse on purpose, trying to find some way to distract the subject.

It's a 'fraud' thing.

To quote: When you buy a product from a merchant, by state law it comes with an automatic warranty which says that the product will function normally, for its intended purpose, for a reasonable period of time. This is an implied warranty of merchantability.

108 posted on 12/23/2001 10:35:25 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 104 | View Replies]

To: dpwiener
I'm afraid you're wrong on both counts.
  1. UPnP is for detecting network devices, not Plug & Play hardware in your PC.
  2. This exploit has nothing to do with Raw Sockets, because the two ports involved (1900 and 5000) are greater than 1024.

109 posted on 12/23/2001 10:44:12 AM PST by TechJunkYard
[ Post Reply | Private Reply | To 45 | View Replies]

To: rdb3;Dominic Harr
Do us all a favor and just state the law. That would clear up any and all doubt.

He can't. I also predict that he will defend his? not posting by calling you lazy, pointing to some obscure webpage that speaks in babble, or by dancing on the head of a pin. But I suspect that he will never disclose the figment of his imagination that contains the law of which he speaks.

From a non-techie whose life has been made simpler, easier, and better by Microsoft.

110 posted on 12/23/2001 11:08:41 AM PST by Balding_Eagle
[ Post Reply | Private Reply | To 100 | View Replies]

To: Balding_Eagle
Well, I am a techie, geek, and any other adjective to describe a computer/networking loyalist. I'm just not a knee-jerk Microsoft detractor.

At least you are honest. You admit that Microsoft products have made your life easier, which is the point of computing anyway, right?

Your choice is fine with me, my man. Just fine. As for me, well . . .


111 posted on 12/23/2001 11:13:07 AM PST by rdb3
[ Post Reply | Private Reply | To 110 | View Replies]

To: Balding_Eagle
a non-techie whose life has been made simpler, easier, and better by Microsoft.

Microsoft loves your money, babe.

112 posted on 12/23/2001 11:18:18 AM PST by TechJunkYard
[ Post Reply | Private Reply | To 110 | View Replies]

To: Balding_Eagle
He can't.

We *did*.

Links and quotes have been posted. Look at posts 26 and 31. You simply refused to look, and then claimed it wasn't posted. So you can continue to repeat the lines you know aren't true in the first place.

Are you Bush2000, by chance?

Want it *again*?

Mass. Consumer Protection Laws

There's one from every state. Want them all?

***********************************************

Full quote:

Disclosure of Facts

Mass. Gen. Law Chapter 93A

940 Code of Mass. Regs. 3.05

When you buy from a merchant, you are entitled to all the key facts about the purchase before you buy.

A merchant is obligated under the law to disclose any fact, the disclosure of which may have influenced the buyer not to enter into the transaction to start with.

Similarly, sellers are required in advertising to disclose all material facts concerning the product or service which, if not disclosed, might directly or by implication, mislead the consumer.

Private party sellers, except in car sales, do not have the same obligation to disclose material facts unless asked.

And there's more. Want it all?

The truly sad thing is that I know you don't doubt this. You're just trying to obfuscate the point, hoping to confuse some people.

113 posted on 12/23/2001 11:22:08 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 110 | View Replies]

To: AFreeBird
What happens with the stuff it DOESN'T notify you about?

The answer seems obvious, I have to go look for those updates. I'm guessing that I recieve ALL updates that affect my computer/configuration, but I don't know that for a fact.

And is that pipe bi-directional?

Non-techie here, BUT, I think the downloads occur as a result of my registering the product, they keep track of what updates occur, and which ones I have received. Thats my estimation of what happens. I don't think it's a two way pipe.

Just something else for the crackers to exploit; it's only a matter of time.

Without a doubt, which is why I use a firewall. Not that it can't be broken through, but frankly, I don't have anything worth stealing. Just like in real(physical) life, those who have more to protect need to spend more money to protect their assets. A bank, for example, needs to spend more on security to protect the money they have on hand than I do. I have a $100 lock on my front door, the bank a $100,000 lock on their vault.

I like the feature, as I've said before, MS has made my life simpler. I suspect that posters like DH have some sort of axe to grind.

114 posted on 12/23/2001 11:24:24 AM PST by Balding_Eagle
[ Post Reply | Private Reply | To 102 | View Replies]

To: All

When you buy from a merchant, you are entitled to all the key facts about the purchase before you buy.

Does anyone out there really not know this is the law?

Will anyone argue this is *bad* law?

Can anyone deny that MS just spent 5 weeks *breaking* this law?

115 posted on 12/23/2001 11:25:59 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 113 | View Replies]

To: All

A merchant is obligated under the law to disclose any fact, the disclosure of which may have influenced the buyer not to enter into the transaction to start with.

Anti-trust laws don't apply to MS. Consumer protection laws don't apply to MS.

How far does this go?

116 posted on 12/23/2001 11:27:48 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 115 | View Replies]

To: TechJunkYard
Microsoft loves your money, babe.

I'm sure they do. I'm also pleased that they do, because it is that healthy self interest on the part of MS that brought us XP. Just like new technology, financed in part by anticipated sales, is bringing us always better 4 wheel drive vehicles.

It's called capitalism, something I believe in.

I'll keep sending them money, because (broken record here) they've made my life, simpler, easier, better. All for a couple hundred dollars.

117 posted on 12/23/2001 11:30:35 AM PST by Balding_Eagle
[ Post Reply | Private Reply | To 112 | View Replies]

To: Balding_Eagle
Did Mickey D's put a disclaimer on their coffee that 'one' could spill it in their stupid lap and burn themselves?

Does Microsoft have a disclaimer saying 'our product could be a piece of crappola -and- a hackers delight, we just don't know how will know till you are robbed blind and your identity is stolen.'

:-)

118 posted on 12/23/2001 11:35:12 AM PST by TaRaRaBoomDeAyGoreLostToday!
[ Post Reply | Private Reply | To 114 | View Replies]

To: rdb3
No problem here with Linux loyalists. Right now I'm a MS loyalist, and will remain so until the competition (perhaps Linux) pulls ahead.

I bought only Intel until AMD made something that was better/cheaper for me, then AMD got my business.

To Linux, I say go for it! Thats an integral part of capitalism and the fierce, unforgiving competition that results.

119 posted on 12/23/2001 11:38:18 AM PST by Balding_Eagle
[ Post Reply | Private Reply | To 111 | View Replies]

To: Balding_Eagle

Under Massachusetts law, a merchant cannot sell a product "as is." A store's regular return policy does not apply in the case of defective goods.

Want More?

120 posted on 12/23/2001 11:38:27 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 117 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 81-100101-120121-140 ... 241-247 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson