There was mention on the BBC lunchtime news today of a "hole" in the
Microsoft OS that has recently been discovered, and the patch for this
available today.
Can anyone throw any light on just what this security hole actually
is. Keep it simple for a non-anorak. Thanks
--

Peter James
Change AT to @ to reply

On Wed, 11 Feb 2004 16:14:24 +0000, Peter James
<nospam@petefjames.clara.co.uk> wrote:

from what i can gather all the AV products , spyware and trojan
scanners and firewalls in the world is not enough to protect you if
you are using a MS operating system - especially the ones built on NT
code.
home users will have to adopt the tactics of the big internet cafes
such as easyinternet. what happens there is that a fresh image is
written to the computer every time it is rebooted.
this may be impractical for home users but wiping the disk with a
fresh ghost image every day may be the only way to keep it virus free.
of course that will require the user to have two PCs .
one connected to the net which is wiped afresh every day and another
one where he keeps his work and data and which NEVER UNDER ANY
CIRCUMSTANCES connects to the internet.

"sam1967@hetnet.nl" <sam1967@hetnet.nl> seems to think in
news:np3l20hd2kk5e6m6hklcilnteiplukni9b@4ax.com:


Microsoft released a new security bulletin yesterday re: an exploit
against Virtual Win for Mac. It's another one of the elevation of
privilge type exploits, but the cracker must have a valid system
credental to utilize effectively this "hole".

However, I doubt if the press would have been reporting on this
articular problem...it's too current and has little wide impact.

The worst thing to come along on Windows in a while has been this MYDOOM
virus/worm. No doubt you've seen the emails with the subject lines, Hi,
hello , Status, Server Report, Error, Mail Transaction Failed, etc. This
is MYDOOM.A propagating. For more info, see Trend Micro, or Norton, or
Kaspersi or any of the other antiV sites.

Sometimes those press guys simply have nothing else to write about, so
why not open their website and report on any one of dozens of so-called
"holes" in the OS?

If you have questions about M$ security exploits, visit
www.microsoft.com/security where you'll find extensive info. You can
sign up to be notified when they release a new security bulletin,
download patches, research security issues, get whitepapers on best
practices.

What is the best defense against a cracker seizing hold of your machine?

a) firewall
b) antivirus
c) antispyware
d) software patches
e) anon remailer
f) proxy server


All of the above are important to use, and appropriate for different
reasons and exploits and/or threats.

However, the best defense is a working knowledge of how and what can be
done to crack your system or network. Only then can you put the above
tools to proper use.

-- ipgrunt

On Wed, 11 Feb 2004 21:02:41 GMT, Leythos <void@nowhere.com> wrote:

because I nearly fell ill after supporting them for 6 years for big
corporates (nazis).
The software is junk and I am switching to Linux when I get the chance
and ripping up my M$ certs as well.
I was a sysadmin and I get a headache just thinking about all the
updates that have to be applied to patch this shit software.,
what chance does an average user have ? the answer is not a chance in
hell. the least they can do is switch to opera/mozilla and ditch OE as
well.
I connected a WinXP (cursed sw) box to the internet for a friend and
within 5 minutes it was BLASTERed. i wiped it and put on Windows 98.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sam1967@hetnet.nl wrote:
I've met my share of MCPs and MCSEs over the years. Most of them, while
having a nice paper to show, couldn't form a creative thought to save their
lives. Point being, certifications don't automatically lend you any
credence in the practical world.

Any OS is only as good as its tech guy. You can have a Linux server so full
of holes you can drive a car through it just as well as you can with an MS
system.

Good going. That'll make people take you seriously.

Not too long ago I had to upgrade openssl (hm, or was it openssh, I forget)
two or was it three times within a single week or so. Considering my rather
old distro that meant downloading a tarball, configuring and compiling each
time. I'd take a windows update like system over that any day (some distros
do have that).

Just as much as they have with installing a Linux distro. While I haven't
done an exhaustive test, virtually all distros I've tested come with way
more daemons enabled than can be considered in any way secure, not to
mention versions with known security holes.


- --
Frode


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQCqlyOXlGBWTt1afEQJZ2gCdHtwWFOnch5u2CSHB+E8yvt xUfrQAmwXM
VuEWpzwzQosYVS0cVR2JA9OR
=oZ8+
-----END PGP SIGNATURE-----

"sam1967@hetnet.nl" <sam1967@hetnet.nl> wrote in
news:np3l20hd2kk5e6m6hklcilnteiplukni9b@4ax.com:

Nonsense. Pure, utter poppycock.

Tbe average home user needs only to practice "safe computing" to be 99%
immune to any of the recent exploits.

"Safe computing:"

1. Do not use Outlook Express. I recommend not using Internet Explorer
either, but those who do should make sure it's patched up to date, disable
"install on demand" and javascript, and configure the security settings to
a high level. However, I highly recommend using a Gecko based browser like
Mozilla, Firefox or Netscape, since doing so automatically makes these
exploits null and void.

2. Never open unknown attachments.

3. Stay away from P2P networks.

4. Use a simple software firewall that will alert you to changes in
programs, and when disallowed programs try to call out. It simply doesn't
get any better than Kerio 2.1.5 for this.

5. Use a simple free AV program that will alert you if something you
downloaded is infected. I use AVG, and it has alerted me twice in the past
to infected files.

6. Scan occasionally for trojans and viruses: but if you practice safe
computing, there is really no chance of getting any.

7. Be very careful about purchased CD with games, programs, etc. on them.
Many contain spy and adware.

That's basically it. If 100% of the people who contracted and spread the
Lovsan worm (or any of the others) used Eudora (just an example) rather
than OE, worms would be almost nonexistent. They use the built in
insecurities in OE (and the built in ignorance of the average computer
user) to proliferate.

I am speaking of the single home user, not those running a network, or who
allows others to access and use their computer.

Frode <news@mascot.REMOVETOREPLY.dyndns.org> wrote in
news:3r8l20lipij6qrbnjtqrj6meo6b8cmguh5@4ax.com:

a mcse cert. does not mean competence. what it does mean is that you have
bothered to learn how microsoft want you to use their products and study
and sit through 7 exams. just like anything else in life. there are good
and bad tech. people. i have been in the industy for a little over 6 years.
i have yet to meet a mcse who does not know what the hell he is doing.

most paper mcse's snuck into the workplace thanks to the insanity of the
..com era. paper mcse's are slowly dwindling out of the work place.

also, most mcse's hold a bunch of other certs as well. usually whatever
platfrom they work on.



--
Rowdy Yates
MCSE, MCSA, MCP, CNA, Secrity+, Linux+, IT Project+, LPIC1
I am Against-TCPA
http://www.againsttcpa.com

Rowdy Yates <rowdy.yates@no-spam.lycos.com> wrote in
news:Xns948CE4A0C8387rowdyyatesnospamlyco@66.185.9 5.104:

lastly. if you really have met incompetent paper mcse's who screwed up a
network. someone had to have made the decision to hire this guy, right?
perhaps your HR department is full of "paper" HR's?


--
Rowdy Yates
"Command prompt's make me horny!"
I am Against-TCPA
http://www.againsttcpa.com

On Wed, 11 Feb 2004 16:14:24 +0000, Peter James
<nospam@petefjames.clara.co.uk> wrote:

According eEye there was to errors in the ASN.1 library.

I'll try to explain it a little easy, but try reading the URL's below.
Anyway: Roughly speaking it is the code that MS uses to verify security
permissions on your computer.
That is access to your computer from the net. (among other things)
The error exists in all MS OS (98, NT, 2K, XP, 2K3 osv).

http://www.eeye.com/html/Press/PR20040210.html
http://www.eeye.com/html/Research/Ad...D20040210.html
http://www.eeye.com/html/Research/Ad...0040210-2.html

Jon

(Hey guys don't shoot me for over-simplifying it)
(And english is not my native language so please excuse any typos and
grammatical errors)

On Wed, 11 Feb 2004 23:20:32 GMT, Leythos <void@nowhere.com> wrote:

<snipped>

Bwahahahahaha. I think you just gave yourself away. :-)

I have come across many MCSE's that don't have a clue about how to
*secure* a system, let alone fix a problem when it occurs.

This isn't to say that I haven't met some very good MCSE's, but the
majority that I have come across think they know it all, simply
because they've read some books and sat some exams.

When it comes to real life situations, an MCSE cert doesn't mean shit.

I hope this doesn't burst your little bubble.

I think you should re-write that first sentence to read "What the heck
kind of a person with any common-sense ..."

Dazz

On Wed, 11 Feb 2004 16:14:24 +0000, Peter James
<nospam@petefjames.clara.co.uk> wrote:

basic and picked up as I go along. But I don't use IE or Outlook, and
I do scan for virus and malware, and so far I've been lucky. Thanks
again.
--

Peter James
Change AT to @ to reply

On Thu, 12 Feb 2004 08:54:07 GMT, Leythos <void@nowhere.com> wrote:

So very true.

Excellent. :-)

I think the IT industry needs more people like you to weed out "paper"
MCSE's, and then maybe certification will begin to mean something.

Maybe then, I'll *actually* get off my butt and get a certification
that I can be *proud* to hold. :-)

Dazz

On Wed, 11 Feb 2004 23:20:32 GMT, Leythos <void@nowhere.com> wrote:

I only connect windows 98 boxes to the internet as a rule as I know
how insecure the other platforms are.
This person wanted XP and I knew it was a shit product.
I was SURPRISED to discover just how SHIT it is.
I maybe should say ex-MCSE since I have not studied any M$ stuff for
well over a year and would like to forget it even exists.
I have deliberately tried to remove all traces of the propagandistic,
crippled, biased teaching methods and ideologies from my mind.
As you are well aware security is not taught in any meaningful form as
M$ try and pretend security is not an issue with their products.

I am currently involved with ADSL projects and will be setting up a
VPN using Draytek Vigor routers shortly.
Hopefully they will not ask me anything about M$ shit as I really want
to forget it all.

You are asking the wrong questions.
The question you should be asking is WHY should a user need to install
spybot, spyblaster, ad-aware, kerio pf, avast, avg and e-trust just
before they can dare to connect to the internet ?
answer is they shouldnt and if you were honest - and intelligent - you
would admit this.
But I fear you are neither.

On 11 Feb 2004 23:10:52 GMT, donutbandit <none@none.com> wrote:

all excellent points. but the chances of the above happening are about
a million to one.

On Thu, 12 Feb 2004 17:06:52 GMT, Leythos <void@nowhere.com> wrote:

modem do I ?
I certainly dont need to prove them to such an opinionated blowhard as
yourself do I ?

* Leythos <void@nowhere.com>:
Related to tracker?? Ouch thats brutal.

Jason

"sam1967@hetnet.nl" <sam1967@hetnet.nl> wrote in
news:e7vm20dt547g4fpupbbqvkrnp8m8gbg937@4ax.com:

Then hopefully you will give up talking about it in this newsgroup. Just a
new, offhand way for a Linux troll to get attention.

On Thu, 12 Feb 2004 18:12:31 GMT, Leythos <void@nowhere.com> wrote:

I am an MCSE - twice over. More fool me for going through the MS shit
not once but twice.
Security was non-existant in the curriculum and their coverage of
TCP-IP was/is a bad joke.

My opinion that the SW is shit is one that more and more people are
reaching after the debacle that is Windows XP, RCP , Dcom , blaster ,
Lovesan etc etc
I will certainly encourage people to take up Linux.

user. You have to be a sysadmin just to contain Windows XP on the
net. I certainly am not going to waste my time explaining to everyone
how Kerio PF works.
Far better to just give them Windows 98 and make sure they keep their
virus defs up to date.
I think the past few months may have seen the beginning of the end for
M$hit.

On Thu, 12 Feb 2004 17:06:52 GMT, Leythos <void@nowhere.com> wrote:

Oh shit he used the "T" word.

On Thu, 12 Feb 2004 18:02:22 +0000, "sam1967@hetnet.nl"
<sam1967@hetnet.nl> wrote:

Leythos is one of the most technically competent, and least
opinionated, inhabitants of this community.

You, sir, are a troll. And an ignorant one, if you are actually
posting your email address so blatantly.
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.