Post #193,751
2/8/05 11:27:58 PM
|
My users got hammered.
Mcafee worked with us to get a temporary dat file in place. Until then we had to disable the domain accounts of at least 20 percent of our field force. We won't be finished cleaning and re-enabling the accounts till tomorrow. The dat file was released about 18 hours after the first reports.
The symptoms I've *seen* of this so-called Sasser variant point to an unholy melding of IE and outlook code exploits with a bit of sql shenanigans thrown in for good measure. Start Outlook and IE popups start appearing with ads for some military thingie. This is only the visible effect, the exploit appears to take advantage of weak passwords (don't get me started) in sql server installs for it's replication method. Guess what tools my company uses for it's sales staff.
Let's see, MS security has cost my company the salaries of at least 60 field staff (mostly sales; byebye profits) plus about 15 support staff for around a full business day (I have no idea how hard this hit other areas of the company) for this single event. So far this year. Tell me again why we don't have a research project going to even guage replacing IE?
This has been a long day.
-----------------------------------------
"In this world of sin and sorrow there is always something to be thankful for. As for me, I rejoice that I am not a Republican."
-- H. L. Mencken
|
Post #193,752
2/8/05 11:30:16 PM
|
:-( Condolences.
|
Post #193,815
2/9/05 3:25:57 PM
|
Because the experts say that MS has lower overall CoO
Do I really need to attach the sign on this? :)
~~~)-Steven----
"I want you to remember that no bastard ever won a war by dying for his country.
He won it by making the other poor dumb bastard die for his country..."
General George S. Patton
|
Post #193,835
2/9/05 6:54:35 PM
|
Modestly OT.
I just got this "WebFacing" goober installed on a linux/apache/tomcat host. (Basically, it's a screen scraping doober for 5250 screens). At any rate, the fscking thing requires IE. I've never paid too much attention to this before, but isn't there like a ton of Javascript that will only work if the browser is IE? This app I spoke of is like that.
bcnu,
Mikem
Eine Leute. Eine Welt. Ein F\ufffdhrer.
(Just trying to be accepted in the New America)
|
Post #193,848
2/9/05 7:51:08 PM
|
Ain't so much as there used to be.
If it was originally targetting IE 5.0, then it's somewhat understandable, though lazy. Big stuff like innerHTML and all[] have made their way into the standards and therefore other browsers since so what's left is subtle things like internal layouts of certain DOM objects, various quirks in event handling, unclear points in the standards, that sort of thing (see [link|http://www.quirksmode.org|http://www.quirksmode.org] for more). Depending on how ambitious the JavaScript is and how well constructed it's own framework is, it could only take three or four extra lines to make it all work flawlessly in Mozilla/FireFox.
Can you file a bug? I'd be doing that. There's no real excuse anymore for JS to not be browser-neutral.
Wade.
Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
| |
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please
| -- "Anything but Ordinary" by Avril Lavigne. |
|
Post #193,855
2/9/05 8:30:32 PM
2/10/05 1:57:47 PM
|
I will file a bug. [Edit] I can't file a bug.
Not that I think it'll do much good - we're far too small. But thanks for the info. ;0)
The developer has an IBM Press book on WebFacing. Support for only Microsoft Internet Explorer is by design.
Nice, huh?
bcnu,
Mikem
Eine Leute. Eine Welt. Ein F\ufffdhrer.
(Just trying to be accepted in the New America)
Edited by mmoffitt
Feb. 10, 2005, 01:57:47 PM EST
|
Post #194,005
2/10/05 2:44:44 PM
|
What's that LRPD? IBM is good at two things?
1) shooting itself in the foot
2) reloading
[link|http://forfree.sytes.net|
] Imric's Tips for Living
- Paranoia Is a Survival Trait
- Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
- Even though everyone is out to get you, it doesn't matter unless you let them win.
|
Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
|
|
Post #194,009
2/10/05 3:00:48 PM
|
Try the useragent changer for Firefox and see if it works...
You know... it just might work. I seen other Microsoft only sights (really rabidly too) work just fine on FF v1.0 and the UAC.
I don't know about you, but that really chokes the chicken in the PR department. I find that a good spanking on the monkey in charge works wonders for organizations like that. Needless to say, that the meat of the arguement can't be beat.
No, but seriously, I'd try FireFox vlatest and User Agentstring Changer v.latest and see what happens.
Let us know if it works.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Miltary Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
|
Post #194,224
2/11/05 3:26:44 PM
|
Almost.
Some of it worked, but not enough. :0(
We don't get the onload:close() anymore, but not all of the Javascript works (most importantly, the Menu Items that appear in the HTML that correspond to the green screens "function key menus" don't execute).
Very weenie.
Thanks for the help anyway ;0)
bcnu,
Mikem
Eine Leute. Eine Welt. Ein F\ufffdhrer.
God Bless America.
|
Post #194,070
2/10/05 9:17:32 PM
|
File it anyway.
Bugs are bugs, by design or otherwise. :-) And if no-one tells him it's a bug, he won't have any incentive to "fix" it.
Wade.
Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
| |
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please
| -- "Anything but Ordinary" by Avril Lavigne. |
|
