Immunity from the Pop-Up Plague
One lesson from the Internet bust: If something seems too good to be true, it probably is. Take those thousands of pieces of "free" software available on the Net for everything from file sharing and instant messaging to e-mail and calendar applications. The catch? Many come with code or components that allow companies to track your surfing habits, profile your shopping preferences, and sell that data to unprincipled marketers. They can also hijack your browser start page or alter important system files -- all without your knowledge.
The problem could get a lot worse. On Sept. 5, District Judge Gerald Bruce Lee ruled that Gator, a company whose software plasters its own pop-up ads and banners over any that might be contained on a Web site, was legal. But he admitted it's annoying. "Alas, we computer users must endure pop-up advertising along with her ugly brother 'spam' as a burden of using the Internet," Judge Lee wrote in his final ruling. "Ultimately, it is the computer user who controls how windows are displayed on the computer desktop."
UNDERCOVER AGENTS. It sure doesn't feel like that sometimes. Ad-ware like Gator's GAIN network -- which displays various forms of pop-up ads based on the types of Web sites you've visited before and what you click on -- can seriously slow your computer. There have been reports that it can even cause computers to crash. Its more insidious cousin, spyware, which covertly gathers personal information, usually for advertising purposes, can keep track of e-mail addresses and passwords, monitor every keystroke, even dial 900 numbers on the sly, leaving you to pay the price.
Computer experts fear that the Gator ruling will embolden less reputable software firms to bundle or just plain sneak their software onto unsuspecting users' PCs. Already, there's plenty of evidence that programmers are finding ever-more devious ways to spy on cyber-surfers.…
There are, however, several simple software programs to help you scan and destroy both pesky adware and sinister spyware. Two of the most popular are Ad-Aware, published by Swedish firm Lavasoft, and Spybot Search & Destroy from German firm PepiMK Software's. Both work much like an antivirus tool. You can set them up to scan when you boot the computer or request only manual checks. After scanning, the programs will show suspicious files and programs in red and give you the chance to delete them.…
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2914680,00.html
Saturday, September 20, 2003
Thursday, September 18, 2003
SSH security glitch exposes networks
SSH security glitch exposes networks
By Patrick Gray
ZDNet Australia
September 17, 2003, 5:06 AM PT
URL: http://zdnet.com.com/2100-1105-5077796.html
A critical security flaw in SSH has been revealed that threatens servers worldwide.
SSH is a widely used encrypted remote management shell for Unix, Linux and BSD platforms. Experts say attackers have been exploiting the vulnerability to gain access to systems illegally for months.
What started as quiet mumblings and rumors turned into screaming warnings yesterday as the security community slowly learned of the threat. Chief hacking officer of U.S.-based eEye Digital Security told ZDNet Australia by phone the vulnerability should be taken very seriously. "It's pretty close to a skeleton key to most networks," he said.
It's not uncommon for vulnerabilities in Unix-style systems to be exploited for months by the underground community, Maiffret said. "It's definitely happened in the past with SSH vulnerabilities ... it's definitely a recurring theme for Unix vulnerabilities."
…there are actually two vulnerabilities in the software. "[Version] 3.7 was released early this morning, and then 3.7.1 was released about a couple of hours ago," he said. "The thing was just the way the two bugs work.... It looks like the first one was probably fixed with 3.7 and the other one was fixed with 3.7.1."
There are, however, suggestions that some mitigating factors may apply. "There are rumors going around that you need to allow remote root SSH login for the exploit to work," he said. "That's the thing, there are all these rumors going around." Loveless says people should patch to 3.7.1 as soon as they can. "Exploit code will surface within hours," he warned.
CERT published an advisory, however it was issued prior to the release of the 3.7.1 version upgrade. The OpenSSH patch and advisory has been updated. "All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively," it reads.
http://www.openssh.com/txt/buffer.adv
http://zdnet.com.com/2100-1105_2-5077796.html
SSH security glitch exposes networks
By Patrick Gray
ZDNet Australia
September 17, 2003, 5:06 AM PT
URL: http://zdnet.com.com/2100-1105-5077796.html
A critical security flaw in SSH has been revealed that threatens servers worldwide.
SSH is a widely used encrypted remote management shell for Unix, Linux and BSD platforms. Experts say attackers have been exploiting the vulnerability to gain access to systems illegally for months.
What started as quiet mumblings and rumors turned into screaming warnings yesterday as the security community slowly learned of the threat. Chief hacking officer of U.S.-based eEye Digital Security told ZDNet Australia by phone the vulnerability should be taken very seriously. "It's pretty close to a skeleton key to most networks," he said.
It's not uncommon for vulnerabilities in Unix-style systems to be exploited for months by the underground community, Maiffret said. "It's definitely happened in the past with SSH vulnerabilities ... it's definitely a recurring theme for Unix vulnerabilities."
…there are actually two vulnerabilities in the software. "[Version] 3.7 was released early this morning, and then 3.7.1 was released about a couple of hours ago," he said. "The thing was just the way the two bugs work.... It looks like the first one was probably fixed with 3.7 and the other one was fixed with 3.7.1."
There are, however, suggestions that some mitigating factors may apply. "There are rumors going around that you need to allow remote root SSH login for the exploit to work," he said. "That's the thing, there are all these rumors going around." Loveless says people should patch to 3.7.1 as soon as they can. "Exploit code will surface within hours," he warned.
CERT published an advisory, however it was issued prior to the release of the 3.7.1 version upgrade. The OpenSSH patch and advisory has been updated. "All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively," it reads.
http://www.openssh.com/txt/buffer.adv
http://zdnet.com.com/2100-1105_2-5077796.html
Exploit Code Arises for Latest Windows Flaws
Adding more fuel to the fears that another Windows worm is on the horizon, security experts said Tuesday afternoon that they have seen working exploit code in the wild for the latest pair of vulnerabilities in the Windows RPC DCOM interface.
The discovery of the code, which can be used to attack the two buffer overrun flaws in the interface, comes just two days after someone posted to a security mailing list exploit code for a denial-of-service weakness in the same interface. The RPC DCOM problems are particularly troubling and potentially dangerous because they affect nearly every current version of Windows, including the new Windows Server 2003.
A previously discovered buffer overrun in the interface was exploited by the Blaster worm that tore through the Internet in August.
The newly released exploit code gives attackers the ability to get privileged access to vulnerable machines and also allows for the creation of a new account with a preset password. The exploit tool also gives attackers the option of targeting specifically configured machines, i.e., Windows 2000 Service Pack 3 or machines that have the patch for the original RPC DCOM flaw installed but not the fix for the more recent vulnerabilities, according to an analysis by iDefense Inc., based in Reston, Va.
Ken Dunham, malicious code manager at iDefense, said he expects to see widespread compromise of vulnerable PCs in the next few days and also anticipates the release of a worm based on this code. The exploit code has been posted to at least one well-known cracker Web site.
"We've seen it, we've brought it into the lab and it works. We haven't seen any infections yet, but it's only a matter of time before it gets going in the wild," said Bruce Schneier, CTO and founder of Counterpane Internet Security Inc., in Cupertino, Calif., a managed security monitoring provider. "When [a new worm] hits, it's likely to be a fast-spreader. Someone could just take the old Blaster code, rip out the old infection mechanism, drop this one in, and you're done."
The new code exploits two buffer overruns in the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) interface in Windows. Specifically, the problems lie in the portion of the service that handles RPC messages for the activation of the DCOM. Microsoft Corp. released a patch for the flaws last week.…
http://www.eweek.com/article2/0,4149,1270468,00.asp
Adding more fuel to the fears that another Windows worm is on the horizon, security experts said Tuesday afternoon that they have seen working exploit code in the wild for the latest pair of vulnerabilities in the Windows RPC DCOM interface.
The discovery of the code, which can be used to attack the two buffer overrun flaws in the interface, comes just two days after someone posted to a security mailing list exploit code for a denial-of-service weakness in the same interface. The RPC DCOM problems are particularly troubling and potentially dangerous because they affect nearly every current version of Windows, including the new Windows Server 2003.
A previously discovered buffer overrun in the interface was exploited by the Blaster worm that tore through the Internet in August.
The newly released exploit code gives attackers the ability to get privileged access to vulnerable machines and also allows for the creation of a new account with a preset password. The exploit tool also gives attackers the option of targeting specifically configured machines, i.e., Windows 2000 Service Pack 3 or machines that have the patch for the original RPC DCOM flaw installed but not the fix for the more recent vulnerabilities, according to an analysis by iDefense Inc., based in Reston, Va.
Ken Dunham, malicious code manager at iDefense, said he expects to see widespread compromise of vulnerable PCs in the next few days and also anticipates the release of a worm based on this code. The exploit code has been posted to at least one well-known cracker Web site.
"We've seen it, we've brought it into the lab and it works. We haven't seen any infections yet, but it's only a matter of time before it gets going in the wild," said Bruce Schneier, CTO and founder of Counterpane Internet Security Inc., in Cupertino, Calif., a managed security monitoring provider. "When [a new worm] hits, it's likely to be a fast-spreader. Someone could just take the old Blaster code, rip out the old infection mechanism, drop this one in, and you're done."
The new code exploits two buffer overruns in the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) interface in Windows. Specifically, the problems lie in the portion of the service that handles RPC messages for the activation of the DCOM. Microsoft Corp. released a patch for the flaws last week.…
http://www.eweek.com/article2/0,4149,1270468,00.asp
Tuesday, September 16, 2003
Product Documentation
Get easy access to product documentation and online Help resources here for Windows, Office, Servers and Visual Studio.
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/itsolutions/proddocs/default.asp
Get easy access to product documentation and online Help resources here for Windows, Office, Servers and Visual Studio.
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/itsolutions/proddocs/default.asp
Microsoft Security Bulletin MS03-034
Flaw in NetBIOS Could Lead to Information Disclosure
Who should read this bulletin: Customers using Microsoft® Windows®
Impact of vulnerability: Information disclosure
Maximum Severity Rating: Low
Recommendation: Users should evaluate whether to apply the security patch to affected systems.
End User Bulletin:
An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-034.asp.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-034.asp
Flaw in NetBIOS Could Lead to Information Disclosure
Who should read this bulletin: Customers using Microsoft® Windows®
Impact of vulnerability: Information disclosure
Maximum Severity Rating: Low
Recommendation: Users should evaluate whether to apply the security patch to affected systems.
End User Bulletin:
An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-034.asp.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-034.asp
Monday, September 15, 2003
Listutorial
Listutorial takes you through the basics of building CSS lists with "background images for bullets" and "simple rollovers" with a few variations along the way.
http://www.maxdesign.com.au/presentation/listutorial/
Listutorial takes you through the basics of building CSS lists with "background images for bullets" and "simple rollovers" with a few variations along the way.
http://www.maxdesign.com.au/presentation/listutorial/
Why you must install a firewall NOW
If you haven't already installed a personal firewall on your Windows computer, consider this your last warning.
MSBlast, the recent worm that exploited the buffer overflow in Windows's DCOM RPC protocol, wasn't the sort of e-mail-borne pest that antivirus software is good at catching. Instead, it infiltrated computers directly through their Internet connections.
Although installing the latest Microsoft patches should prevent infections from this sort of worm, a simple software firewall will do the trick, too, whether or not you have antivirus software installed.
I MENTION THIS because Microsoft announced last week another critical flaw affecting DCOM RPC, and released a new patch to fix it that supercedes the previous patch for this protocol. While there are still no public exploits that take advantage of this flaw (exploits are often precursors to major worms), the clock is ticking. History has shown that worms are usually released within 30 days of a major vulnerability announcement.
In July, for example, Microsoft reported and patched a buffer overflow vulnerability in RPC based on the work of the Last Stage of Delirium Research Group. The MSBlast worm, which capitalized on this vulnerability, appeared on Aug. 12.
Last Wednesday, based on additional research by the companies eEye Digital Security, NSFOCUS, and Tenable Network Security, Microsoft reported two more buffer overflows and one denial-of-service vulnerability within its RPC protocol. The fact that it is similar to the first flaw could mean a shorter timeline to the next major RPC worm.
The Remote Procedure Call (RPC) is a protocol used by the Windows operating system. It's based on an RPC protocol from the Open Software Foundation, but it's the Microsoft-specific parts that are afflicted with vulnerabilities. The Distributed Component Model (DCOM), previously called Network Object Linking and Embedding (OLE), is a service that allows software on one computer to communicate directly with software on other computers over a network. In short, DCOM RPC in Windows allows a program on one machine to run code on another machine. To do so, a Windows computer must first listen on a dedicated port, usually 135.
…RPC, like other services that use DCOM, is turned on by default for all Windows versions, whether or not you are working on a network. Also, when your system's connected to the Internet, DCOM makes Windows automatically listen on port 135 (and others) for remote signals. This means a hacker need only construct a special message and aim it at port 135 on your Windows computer to cause a buffer overflow error. The buffer overflow, in turn, could replace part of a program's original code with new code.
That's how a hacker could use this flaw to take over your computer remotely. Upon seizing control of your computer, a hacker could then reformat the hard drive, use the computer to damage other computers, or steal personal data. (Note that this description makes it sound easier than it truly is to execute.)
http://www.zdnet.com/anchordesk/stories/story/0,10738,2914667,00.html
If you haven't already installed a personal firewall on your Windows computer, consider this your last warning.
MSBlast, the recent worm that exploited the buffer overflow in Windows's DCOM RPC protocol, wasn't the sort of e-mail-borne pest that antivirus software is good at catching. Instead, it infiltrated computers directly through their Internet connections.
Although installing the latest Microsoft patches should prevent infections from this sort of worm, a simple software firewall will do the trick, too, whether or not you have antivirus software installed.
I MENTION THIS because Microsoft announced last week another critical flaw affecting DCOM RPC, and released a new patch to fix it that supercedes the previous patch for this protocol. While there are still no public exploits that take advantage of this flaw (exploits are often precursors to major worms), the clock is ticking. History has shown that worms are usually released within 30 days of a major vulnerability announcement.
In July, for example, Microsoft reported and patched a buffer overflow vulnerability in RPC based on the work of the Last Stage of Delirium Research Group. The MSBlast worm, which capitalized on this vulnerability, appeared on Aug. 12.
Last Wednesday, based on additional research by the companies eEye Digital Security, NSFOCUS, and Tenable Network Security, Microsoft reported two more buffer overflows and one denial-of-service vulnerability within its RPC protocol. The fact that it is similar to the first flaw could mean a shorter timeline to the next major RPC worm.
The Remote Procedure Call (RPC) is a protocol used by the Windows operating system. It's based on an RPC protocol from the Open Software Foundation, but it's the Microsoft-specific parts that are afflicted with vulnerabilities. The Distributed Component Model (DCOM), previously called Network Object Linking and Embedding (OLE), is a service that allows software on one computer to communicate directly with software on other computers over a network. In short, DCOM RPC in Windows allows a program on one machine to run code on another machine. To do so, a Windows computer must first listen on a dedicated port, usually 135.
…RPC, like other services that use DCOM, is turned on by default for all Windows versions, whether or not you are working on a network. Also, when your system's connected to the Internet, DCOM makes Windows automatically listen on port 135 (and others) for remote signals. This means a hacker need only construct a special message and aim it at port 135 on your Windows computer to cause a buffer overflow error. The buffer overflow, in turn, could replace part of a program's original code with new code.
That's how a hacker could use this flaw to take over your computer remotely. Upon seizing control of your computer, a hacker could then reformat the hard drive, use the computer to damage other computers, or steal personal data. (Note that this description makes it sound easier than it truly is to execute.)
http://www.zdnet.com/anchordesk/stories/story/0,10738,2914667,00.html
JavaScript tips & how-tos
You'll find details and tips on writing cross-platform code, debugging,
using reusable components, and much more.
http://builder.cnet.com/webbuilding/0-7264.html?tag=dir
You'll find details and tips on writing cross-platform code, debugging,
using reusable components, and much more.
http://builder.cnet.com/webbuilding/0-7264.html?tag=dir
Sunday, September 14, 2003
Internet Scout Project > NSDL Scout Reports > Math, Engineering, and Technology >Topic In Depth >Voice over Internet Protocol
Voice over Internet protocol (VoIP) is a technology that integrates voice services, such as those provided by long distance telephone carriers, into data networks. VoIP has received considerable attention in recent years since it blurs the line between telecommunications and Internet. Among other things, it has the potential for enabling virtually free person-to-person communication for anyone with an Internet connection.
Copyright 1994-2003 Internet Scout Project - http://scout.wisc.edu
http://scout.wisc.edu/Reports/NSDL/MET/2003/met-030912-topicindepth.php
Voice over Internet protocol (VoIP) is a technology that integrates voice services, such as those provided by long distance telephone carriers, into data networks. VoIP has received considerable attention in recent years since it blurs the line between telecommunications and Internet. Among other things, it has the potential for enabling virtually free person-to-person communication for anyone with an Internet connection.
Copyright 1994-2003 Internet Scout Project - http://scout.wisc.edu
http://scout.wisc.edu/Reports/NSDL/MET/2003/met-030912-topicindepth.php
Subscribe to:
Posts (Atom)
Posts
