1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Interesting but sad - OT

Discussion in 'Windows Vista' started by Richard Urban, Jun 9, 2009.

Page 2 of 2
  1. xfile

    xfile Guest

    > It sure looks to me like the perps went "through" a vulnerable application
    > to get at the servers themselves - where they deleted all files.

    I don't mean to join this OS war, but it should be the database server
    (possibly, MySQL in this case) that was under attack not the server OS, and
    it's data stored in the database were deleted. Vista and Windows 7 will not
    be able to serve as a database server, I think.


    "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
    news:OEB2r7d6JHA.3860@TK2MSFTNGP05.phx.gbl...
    > From the article:
    >
    > "Rus Foster, the company's director told The Register. He said the
    > attackers were able to penetrate his servers by exploiting a critical
    > vulnerability in HyperVM, a virtualization application made by a company
    > called LXLabs."
    >
    > "According to Foster, data for about half of the websites hosted on Vaserv
    > was destroyed all at once sometime Sunday evening, shortly after
    > administrators noticed "strangeness" on the system. The attackers had the
    > ability to execute sensitive Unix commands on the system, including
    > "rm -rf," which forces a recursive delete of all files."
    >
    >
    > It sure looks to me like the perps went "through" a vulnerable application
    > to get at the servers themselves - where they deleted all files. Vista and
    > Windows 7 would NOT allow this to happen unless a person was foolish
    > enough to run these systems with UAC disabled. The first couple of UAC
    > file deletion warnings would have been a dead give away that something was
    > going on.
    >
    > Say what you will - Linux failed miserably!
    >
    > --
    >
    > Richard Urban
    > Microsoft MVP
    > Windows Desktop Experience
    >
    >
    > "the wharf rat" <wrat@panix.com> wrote in message
    > news:h0nhgs$bn4$4@reader1.panix.com...
    >> In article <e5C514U6JHA.4116@TK2MSFTNGP04.phx.gbl>,
    >> Richard Urban <richardurbanREMOVETHIS@hotmail.com> wrote:
    >>>No one is going to gain the equivalent of root privileges from the
    >>>internet
    >>>when you are using Vista or Windows 7 with UAC enabled. Yet apparently it
    >>>is
    >>>easy to do in Linsux.
    >>
    >> They didn't gain root access to the OS. They were able to inject
    >> arbitrary commands into the console application that managed installed
    >> virtual machines.
    >>
    >
     
    xfile, Jun 11, 2009
    #21
Page 2 of 2

Share This Page