lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27171515@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: Windoze almost managed to 200x repeat 9/11

But you just said, there was a patch for the OS. It isn't like some one
month ago patch...this is years and years and years. The company decided
not to patch and to make the tech do a reboot every 30 days. He didn't
do his job, it states it right there.

Does Microsoft have crappy coding in Windows 95? Yep. But can they
really be blamed for a company that decided to not patch?

You are right about the old software, I think every large corporate has
a Windows 95 box running something and one piece of software holds up
the upgrade each year. If this system is that important, it shouldn't
have been maintained so poorly.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Michal
Zalewski
Sent: Friday, September 24, 2004 1:32 PM
To: ASB
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Windoze almost managed to 200x repeat
9/11

On Fri, 24 Sep 2004, ASB wrote:

> "The servers are timed to shut down after 49.7 days of use in order to

> prevent a data overload, a union official told the LA Times."
>
> How you managed to read "OS failure" into this is rather astounding...

The statement above, even though either cleverly disguised by the
authorities, or mangled by the press, does ring a bell. It is not about
applications eating up too much memory, hence requiring an occassional
reboot, oh no.

Windows 9x had a problem (fixed by Microsoft, by the way) that caused
them to hang or crash after a jiffie counter in the kernel overflowed:

  http://support.microsoft.com/support/kb/articles/q216/6/41.asp

It would happen precisely after 49.7 days. Coincidence? Not very likely.
It seems that the system was running on unpatched Windows 95 or 98, and
rather than deploying a patch, they came up with a maintenance procedure
requiring a scheduled reboot every 30 days.

This is one hell of a ridiculous idea, and any attempt to blame a
failure on a technician who failed to reboot the box is really pushing
it.

It is not uncommon for telecommunications, medical, flight control,
banking and other mission-critical applications to run on terribly
ancient software (and with a clause that requires them NOT to be
updated, because the software is not certified against those patches).

In the end, the OS and decision-makers that implemented the system and
established ill-conceived workarounds should split the blame.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ