David L. Farquhar, computer security professional, train hobbyist, and landlord
The symptom: If you install more than 512 MB of RAM in a system running Windows 9x (that’s any version of Windows 95, 98, 98SE, or ME), you get weird out of memory errors. Here’s how to get around those memory limitations to make Windows 95 and Windows 98 work with 2 GB of RAM.
The culprit is a bug in Windows 9x’s disk cache. The solution is to limit the cache to use 512MB of memory, or less, which is a good thing to do anyway.
The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.
Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.
Windows 10 is out today. Of course I’ve been getting questions about whether to upgrade from Windows 7 to 10, and I’ve been seeing mixed advice on upgrading, though some of that mixed advice is regarding Microsoft history that isn’t completely relevant today.
My advice is to upgrade immediately if you’re running Windows 8 or 8.1, and to wait, perhaps six months, if you’re running Windows 7, but I still think you should do it. I’ll explain.
I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to two other servers. Is there any reason to scan a server like that?
In my sysadmin days, I asked a similar question. Nobody could give me an answer that was any better than “because reasons.” So I’ll answer the question and give the reasons.
I was on a conference call discussing the Microsoft product lifecycle with several coworkers and our Microsoft-assigned support engineers when someone asked if a server version of Windows 10 was going to come out.
The Microsoft rep said no comment. Then I chimed in.
“We need to assume they will release a server version, probably about six months after the desktop version, and we need to start testing and preparing to deploy it when it comes out,” I said.
“Shouldn’t we wait for Service Pack 1?”
I went in for the kill. Read more
Corporations are in business to make money. That’s the premise of the classic business book The Goal, and the point of The Goal is that a lot of companies forget that.
That also means they’re not exactly happy to spend money unless there’s an obvious reason why spending that money is going to help them make more money. So that’s why you see 30-year-old minicomputers in data centers. That old system is still making the company money and with no clear financial benefit to replacing it, most businesses are perfectly happy to run the machine until the minute before it will no longer power up anymore.
That’s what makes quitting Windows XP so difficult for businesses. At this point, Windows XP and that 30-year-old minicomputer are both about as sexy as a Plymouth Volare station wagon. But they get the job done, and they’re much better than what they replaced, so the business leaders are content to just keep right on using what’s already paid for. Read more
A few months ago I bought a Gigabyte GA-Z77M-D3H to learn computer forensics on, because at the time I thought that was the direction my career was going. I dropped it into a neglected Compaq case and installed Linux on it, since most of the free forensics tools run on Linux. The current version of Debian loaded effortlessly and ran nicely, as you would expect on a dual-core CPU with 16 gigs of RAM.
Then my career went another direction. Today I analyze Windows threats and vulnerabilities for a living. That’s a better match for my experience and the pay is the same, so I’m perfectly fine with that. But my mind turned to that hotrod computer in the basement. I suppose I could still use it to learn forensics, but I probably won’t, so why not see how Windows runs on it and bring it upstairs? Read more
Glaurung brought up a good point in a comment yesterday. If you never go online and/or you’re really careful, do you really need to update your OS to something new?
In my professional opinion, it depends. Didn’t you know that would be my answer? Read more
Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.
And that led to a question in the comments, that sounds like it came from an IT professional:
don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….
The commenter right, it shouldn’t be. But it doesn’t need to be, either. Read more