[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Windoze almost managed to 200x repeat 9/11
- To: "Michal Zalewski" <lcamtuf@xxxxxxxxxxx>, "ASB" <abaker@xxxxxxxxx>
- Subject: RE: [Full-Disclosure] Windoze almost managed to 200x repeat 9/11
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Fri, 24 Sep 2004 14:08:49 -0500
But you just said, there was a patch for the OS. It isn't like some one
month ago patch...this is years and years and years. The company decided
not to patch and to make the tech do a reboot every 30 days. He didn't
do his job, it states it right there.
Does Microsoft have crappy coding in Windows 95? Yep. But can they
really be blamed for a company that decided to not patch?
You are right about the old software, I think every large corporate has
a Windows 95 box running something and one piece of software holds up
the upgrade each year. If this system is that important, it shouldn't
have been maintained so poorly.
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Michal
Zalewski
Sent: Friday, September 24, 2004 1:32 PM
To: ASB
Cc: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Windoze almost managed to 200x repeat
9/11
On Fri, 24 Sep 2004, ASB wrote:
> "The servers are timed to shut down after 49.7 days of use in order to
> prevent a data overload, a union official told the LA Times."
>
> How you managed to read "OS failure" into this is rather astounding...
The statement above, even though either cleverly disguised by the
authorities, or mangled by the press, does ring a bell. It is not about
applications eating up too much memory, hence requiring an occassional
reboot, oh no.
Windows 9x had a problem (fixed by Microsoft, by the way) that caused
them to hang or crash after a jiffie counter in the kernel overflowed:
http://support.microsoft.com/support/kb/articles/q216/6/41.asp
It would happen precisely after 49.7 days. Coincidence? Not very likely.
It seems that the system was running on unpatched Windows 95 or 98, and
rather than deploying a patch, they came up with a maintenance procedure
requiring a scheduled reboot every 30 days.
This is one hell of a ridiculous idea, and any attempt to blame a
failure on a technician who failed to reboot the box is really pushing
it.
It is not uncommon for telecommunications, medical, flight control,
banking and other mission-critical applications to run on terribly
ancient software (and with a clause that requires them NOT to be
updated, because the software is not certified against those patches).
In the end, the OS and decision-makers that implemented the system and
established ill-conceived workarounds should split the blame.
/mz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html