New Windows Worm Inching Around Internet 706
helixcode123 writes "The Register is reporting a Windows Worm that
takes advantage of weak default passwords. This
looks pretty nasty, as it mucks with the registry
and disables network sharing." Basically if it finds SMB shares with weak passwords, it drops an executable in the startup folder... for once a security problem that isn't really Microsoft's fault.
What were those commons passwords in Hackers? (Score:5, Funny)
Not again... (Score:5, Funny)
Re:What were those commons passwords in Hackers? (Score:2, Funny)
A cold day in... (Score:5, Funny)
Taco: Hell just called. They want you turn back on the heat.
Re:Celeb Commentary, not just on DVDs! (Score:5, Funny)
You must be new here.
ACK!!! (Score:5, Funny)
What!! On Slashdot!! a story that absolves Microsoft of guilt when blind-eyed finger pointing would have been so easy...
Who are you and what have you done with the slashdot editors?!?
--
Dilbert - "If aliens take over your boss's body, is that a bad thing?"
Wally - "It depends on the aliens"
Phew! I'm safe! (Score:3, Funny)
xyzzy
on the list of passwords it tries. Guess I don't have to worry about this one.
Ack! It's the Rapture! (Score:4, Funny)
Dammit, I knew I should have built that bomb shelter...
Re:What were those commons passwords in Hackers? (Score:5, Funny)
Re:I wonder if that is why my router is not happy (Score:5, Funny)
Thats normal. There are two solutions;
1. Design, build and spread a virus or trojan which will irrevocably destroy all Windows boxes which are connected to the internet without a firewall.
Or
2. Stop logging UDP port 137.
Re:Microsoft's fault? (Score:5, Funny)
Because this is slashdot. The fact that your aunt has breast cancer is Microsoft's fault.
Re:What were those commons passwords in Hackers? (Score:2, Funny)
Re:What were those commons passwords in Hackers? (Score:5, Funny)
Shit, I should go change my root password now.
Re:Dictionary attack + 1 (Score:3, Funny)
Maybe. If implemented by a security guard with a pair of calipers that he measures your skull with every time you want to log on, then he logs on for you and if your skull doesn't match the numbers on his clipboard he shoots you.
So, progressive administration? (Score:5, Funny)
-RB
WRONG! (Score:5, Funny)
NO CARRIER
love of the Irish. (Score:3, Funny)
Happy Saint Patrick's day!
I can see the headlines now: (Score:2, Funny)
Re:Microsoft's fault? (Score:5, Funny)
It's a good thought, but consider this:
You should be warned that ena*click*
Are you sure that you want*click*
Sweet. My files are shared.
Re:What were those commons passwords in Hackers? (Score:5, Funny)
Re:love of the Irish. (Score:5, Funny)
Hey! My son Temp123 would take offense at that!
-T
Re:What were those commons passwords in Hackers? (Score:2, Funny)
Re:What were those commons passwords in Hackers? (Score:2, Funny)
It's all those redundant or offtopic spelling and grammar corrections of CmdrTaco. It's a tough job, but someone's got to do it.
well...maybe...but (Score:3, Funny)
For 99.997% (Manhattan Project, anyone?) of the cases, I'd agree wholeheartedly. The rest of them, like our Network Admin where I work, are under the thumb of some stupid BEEYOTCH of an IT Director who wants to continue to use the same passwords used by the old Network Administrator (who was shitcanned by her), and refuses to allow the new guy to set newer, more secure passwords. And believe me, it's not a matter of people just not getting along. For Pete's sake, she's even yelled at me for encrypting DSN strings and sticking them in the registry of the server, instead of plopping them in a text file like everyone else, open to the world. And she totally f*cking flipped (when she read the documentation I wrote about the procedure) upon hitting the section that described how every time the DSN was accessed, read, edited, or yelled at sternly the code modified and scrambled it with a new, different algorithm. She described it as "unsafe, and taking things to an extreme that was unnecessary". She also said made some asinine comment about how we would never be able to recover the passwords if the code were ever lost, to which I recall thinking "Well first, that's job security for me, second, don't forget your goddamn passwords, and third, that's what sa access is for, you dumb bitch."
Yep, this type of commentary coming from someone who not only has no business being an IT Director, but swears on a stack of bibles she can reverse engineer MD5 in her head (we have another application that uses MD5 to hash passwords, she simply recognizes the default password hash).
I swear to God I'm not making this shit up. I wish the nasty bitch would stick to pushing pencils and leave the real work to those of us who know.
Re:SAMBA protocol (Score:3, Funny)
Re:What were those commons passwords in Hackers? (Score:5, Funny)
Whew! For a second there I thought it was trying xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
disables network sharing. (Score:4, Funny)
Thank you god. Now all it has to do is infect our network and all those open Sharedocs shares that WinXP automaticially creates that are full of Nimda are history. Although the PC would most likely be history too.
Either way nimda would be off the network
Re:What were those commons passwords in Hackers? (Score:2, Funny)
Yeah, but... (Score:5, Funny)
Re:not in there? (Score:3, Funny)
Re:WRONG! (Score:5, Funny)
<dream sequence>
ARTHUR:
What does it say?
MAYNARD:
It reads, 'Here may be found the last words of Joseph of Arimathea. He who is valiant and pure of spirit may find the Holy Grail in the Castle of aaarrrrggh'.
ARTHUR:
What?
MAYNARD:
'...The Castle of aaarrrrggh'.
BEDEVERE:
What is that?
MAYNARD:
He must have died while carving it.
LAUNCELOT:
Oh, come on!
MAYNARD:
Well, that's what it says.
ARTHUR:
Look, if he was dying, he wouldn't bother to carve 'aarrggh'. He'd just say it!
MAYNARD:
Well, that's what's carved in the rock!
GALAHAD:
Perhaps he was dictating.
ARTHUR:
Oh, shut up. Well, does it say anything else?
MAYNARD:
No. Just 'aaarrrrggh'.
LAUNCELOT:
Aaaauugggh.
ARTHUR:
</dream sequence>
No, that's just stupid. Too bad I hit submit already...
Re:Yeah, but... (Score:5, Funny)
Re:love of the Irish. (Score:5, Funny)
(*: True in the general case, since the XOR trick only works in certain circumstances.)
Re:What were those commons passwords in Hackers? (Score:5, Funny)
Re:Microsoft's fault? (Score:5, Funny)
The fact that your aunt has breast cancer is Microsoft's fault.
THAT is what I have been telling everyone! Of course they don't believe me, and that is Microsoft's fault too!
DAMN YOU MICROSOFT
Problem with my own machine. Mozilla into my HD! (Score:2, Funny)
who's on first? (Score:5, Funny)
Re:What were those commons passwords in Hackers? (Score:4, Funny)
Re:What were those commons passwords in Hackers? (Score:5, Funny)
53: 123456
21: password
keep in mind we require a >= 6 char password. We only have about 4,000 users.
After reading your post, I thought I would try a few myself. Sure it's a small sample, although probably not statistically valid it certainly adds to the anecdotal evidence
mysql> select count(*) from auth;
count(*)
873
Total Users
mysql> select count(*) from auth where password = md5(username);
count(*)
90
username same as password
mysql> select count(a.username) from auth as a, contact as b where a.password = md5(b.fname);
count(a.username)
44
password is first name
mysql> select count(a.username) from auth as a, contact as b where a.password = md5(b.lname);
count(a.username)
24
Password is last name
mysql> select count(*) from auth where password = md5('password');
count(*)
10
hmmm, only 10 users with a password of password
Some more
mysql> select count(*) from auth where password = md5('12345');
count(*)
10
I've got to put some text here to break up the queries, hopefully it will help out a little bit. Does anyone who has read through the slashcode know what criteria is used for the lameness filter? Is is the ratio of junk characters to nonjunk characters or is there something else to it?
It seems like it causes problems.
mysql> select count(*) from auth where password = md5('1234');
count(*)
2
Now I suppose I must do a very lengthy conclusion because the lame
Jesus, what a fucking pain in the ass. Is it really that painful to the community to have a few ASCII porn pics posted? Damn I hate to have to go through this huge fucking ordeal just to post a simple fucking comment. How about a goddamn lameness filter exemption for people with excellent karma? How many ASCII goatse.cx picxtures have you seen posted with a plus 1 bonus?
It still will not post. I have stripped just about every nonletter from my post and it still will not fucking go up. what next do i need to strip the punctuation and caps so that i can get more non motherfucking bullshit junk characters in my post i guess it just goes back to the saying often quoted on slashdot i will paraphrase those who give up essential posting liberties for a little temporary safety from goatsex deserve goatsex twentyfour seven i wonder if it has ever occured to the nitwits that run this site that people might actually want to post something that is meaningful to the conversation that is not plain old text sometimes it makes things much more readable if you have some formatting and punctuation in there to break things up a bit gee its news for nerds cant these guys forsee that some geeks are going to want to post code and other things that may have more punctuation and special characters than your standard text
motherfuckers
Re:What were those commons passwords in Hackers? (Score:1, Funny)
118 2112
116 letmein
Lol. I love to see that the RUSH geeks represent. -geddy (no, really)
Re:Ack! It's the Rapture! (Score:5, Funny)
Along with that, this post [slashdot.org] observes that Taco posted a story about a worm that did not contain a snide comment about Microsoft.
It's very clear to me now, obviously the
Re:What were those commons passwords in Hackers? (Score:5, Funny)
Re:who's on first? (Score:5, Funny)
lUSER: BOB! MY USERNAME IS BOB! WHAT'S MY PASSWORD.
BOFH: "no", Bob.. But I'm looking further into this, and it seems you may have a problem.
lUSER: Ya? What kind of problem? Everything was fine til you changed my password.
BOFH: Did you have any files in your directory?
lUSER: I just finished the annual fiscal reports!.
BOFH: [click][click][click].. Hmmmm, I don't see anything here.
lUSER: WHAT!!!!!!!!
BOFH: Hold on, lets look at the backups...
lUSER: Thank god..
BOFH: PFY, you made backups right?
PFY: there's right here in the tape degausser.
BOFH: Bob, I'm sorry, it seems there was a terrible accident with the backups..
[degausser mysteriously turns on]
lUSER: What about my Email, is it safe?
[lightbulb appears over BOFH's head]
BOFH: Lets have a look, shall we? [click][click][click] So, you've been writing to the bosses wife an awful lot.. Hmmm
lUSER: Ya, we're old friends.
BOFH: Are these nudes of her? Close friends, aren't you?
lUSER: BUT! No! Don't look at those!
PFY (whispers to BOFH): what if......
[click][click][click][click] No problem, I've removed all those nasty pictures from your box.
BOFH hangs up the phone, un plugs it from the wall, and gracefully sets it on top of the bookshelf where it won't be in the way.
"Where did you send the pics?", PFY asks...
"From: Mr. Luser
To: Bosses Wife
Bcc: to the boss, the boss's mother-in-law, luser's wife, and of course a copy in our files.", BOFH cites.
"Have we arranged for our monthly raises yet? I think it's about time. Lets check accountings database, and see how much Mr. Luser was earning us."
----
I'd love to be a BOFH writer.. But until then, I live the part in real life.
Just imagine the fun a BOFH could have with say an ex-girlfriend's new boyfriend, an ounce of cocaine (mixed in with 5 pounds of filler), superglue, epoxy, and a few "anonymous" phone calls to his boss, neighbors, and the police, all while being the nicest guy in the world to him too..
I've just never had a good outlet for my stories..
Re:What were those commons passwords in Hackers? (Score:3, Funny)
I wish I could do something with those refrigerators with the touch screen WinCE/XP thing to do anything.. Every time I touch one it crashes, so I don't even know if they have connectivity.
Ahhhh, the perfect diet.. Every time you go to the fridge, you see
Re:love of the Irish. (Score:1, Funny)
What, like when your data isn't a string of bits? When was the last time that happened?
In any case, that sounds like a pretty nasty threesome.
Re:who's on first? (Score:3, Funny)
Now, if they were smart, they'd know I have a cheap suitcase, 'cause they don't pay me enough to have good luggage to go anywhere with. I've been using the same olive drab duffle bag for the past 12 years, and it doesn't have a lock. As for the vault at home, all I have to hide in it is my clean socks, and right now I only have one pair of those.
Re:What were those commons passwords in Hackers? (Score:3, Funny)
the list does include love, sex, god, and secret.
That, of course, is because they are all frequently confused with one another, and none of them truly exist.
Luckily the world is safe... (Score:5, Funny)
Re:who's on first? (Score:5, Funny)
Re:What were those commons passwords in Hackers? (Score:2, Funny)
Re:not in there? (Score:3, Funny)
Nothing happens.
Re:What were those commons passwords in Hackers? (Score:3, Funny)
Yeah. Those bugs that only occur sporadically are the hardest to debug.
Re:What were those commons passwords in Hackers? (Score:3, Funny)
Re:who's on first? (Score:2, Funny)
Me: What's your root password?
User: what.
Me: The password for the root user, the superuser.
User: what.
Me: Look, I can't get into your desktop to fix [problem] without the root password.
User: No, no, it's w-h-a-t.
My favorite was the applications person, who after being lectured for having a crackable password (daisy1) showed up the next time around with... daisy2. *grr* This was someone who had full control to a rather important application's internals. Sigh.