Antionline Forums - Maximum Security for a Connected World

Antionline Forums - Maximum Security for a Connected World http://www.antionline.com/ AntiOnline Forums - Computer security community for internet safety and trusted networks en Fri, 30 Jul 2010 10:37:59 GMT vBulletin 60 http://antionline.com/images/misc/rss.jpg Antionline Forums - Maximum Security for a Connected World http://www.antionline.com/ <![CDATA[Anyone else observing change in "explorer.exe" settings in HKLM]]> http://www.antionline.com/showthread.php?t=279033&goto=newpost Thu, 29 Jul 2010 22:13:42 GMT I'm dealing with a "probable" infection affecting 2 large network segments with around 4000 odd machines. Our firewalls and IPS show no major activity in last 2 weeks. I went through VM copies of machines currently deployed but I've found nothing. I'm to an extent convinced that this is not due to infection, however there is one thing which has changed on ALL the machines (when i say all - around 400 machines where load load point analysis was done are being considered.)

Registry value: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" is set to "". but it should be "explorer.exe".

Is anyone else noticing the same in their environment? Ill check with my counterparts in different group companies today morning (4 AM here) but i wanted to see if anyone else is going through a network clog and is seeing this same registry change. ]]> Microsoft Security Discussions ByTeWrangler http://www.antionline.com/showthread.php?t=279033 Australian Politicians? http://www.antionline.com/showthread.php?t=279032&goto=newpost Thu, 29 Jul 2010 08:55:50 GMT So this is why they try to win the Americas Cup and the Ashes? http://news.yahoo.com/s/afp/20100727/wl_asia_afp/australiatimoranimalratscience ... So this is why they try to win the Americas Cup and the Ashes?

http://news.yahoo.com/s/afp/20100727...imalratscience

Seems like the good old Aussies had politicians before us? :lildevil:

Pretty big guys as it seems?

EDIT:

However, you Yanks needn't worry............I probably have the NYT cutting from 30 years ago, where they found this dead animal in the East River...........it weighed 96 pounds, and was identified as a sewer rat (rattus norvegicus?)

Not that I have anything against McDonalds...............:D ]]> General Computer Discussions nihil http://www.antionline.com/showthread.php?t=279032 Security Suites Review http://www.antionline.com/showthread.php?t=279031&goto=newpost Wed, 28 Jul 2010 20:35:01 GMT This might be of interest to some? 9 latest suites reviewed (Hey, *cider*..........even Panda gets a mention this time:D) I must admit that I... This might be of interest to some? 9 latest suites reviewed (Hey, cider..........even Panda gets a mention this time:D)

I must admit that I don't normally set much store by reviews, because they are very subjective, but sometimes the nitpicking is useful? ;)

http://www.securitynewsportal.com/cg...minimum%20fuss ]]> Network Security Discussions nihil http://www.antionline.com/showthread.php?t=279031 Dell ship infected MoBos http://www.antionline.com/showthread.php?t=279030&goto=newpost Wed, 28 Jul 2010 20:23:36 GMT Yep, the mighty Dell have shipped virus infected replacement server motherboards............must be something wrong with their HR and/or IT security... Yep, the mighty Dell have shipped virus infected replacement server motherboards............must be something wrong with their HR and/or IT security processes?

http://www.securitynewsportal.com/cg...20with%20Virus

"Human error"..............is that the new euphemism for "they will never find the body"???? :lildevil: ]]> Hardware nihil http://www.antionline.com/showthread.php?t=279030 Bing+Yahoo!+Twitter = Google/2 http://www.antionline.com/showthread.php?t=279029&goto=newpost Wed, 28 Jul 2010 20:03:38 GMT Yep................Google has more than twice the malware links than those three put together:rolleyes: ... Yep................Google has more than twice the malware links than those three put together:rolleyes:

http://www.realwire.com/release_deta...eleaseID=23384

I know it is the biggest but that is no excuse for not paying attention to detail.:( ]]> Miscellaneous Security Discussions nihil http://www.antionline.com/showthread.php?t=279029 Fake FF Update http://www.antionline.com/showthread.php?t=279028&goto=newpost Wed, 28 Jul 2010 19:49:12 GMT There is a fake FireFox update doing the rounds: http://news.yahoo.com/s/zd/20100728/tc_zd/253167 Would you buy a flash player from this man? :D There is a fake FireFox update doing the rounds:

http://news.yahoo.com/s/zd/20100728/tc_zd/253167

Would you buy a flash player from this man? :D ]]> Miscellaneous Security Discussions nihil http://www.antionline.com/showthread.php?t=279028 Making IIS Sites available thru Internet http://www.antionline.com/showthread.php?t=279027&goto=newpost Wed, 28 Jul 2010 04:23:34 GMT Hi I have a DSL connection installed in my office. I have a LAN network and I have a requirement of making the sites published on IIS on one of... Hi

I have a DSL connection installed in my office. I have a LAN network and I have a requirement of making the sites published on IIS on one of the machines available thru internet. I'll explain the setup below:

1. I have a DSL Modem from my ISP Provider (Airtel, India) - the provider has given me an static IP address, its something like 122.172.xxx.xxx and assigned it to this modem.

2. I have a Netgear Router which connect to this DSL Modem via LAN cable. It is this router to which all my machines in the network connect either thru LAN cables or thru Wireless. This router manages its own IP addresses from the range 10.0.0.1 - 10.0.0.255 (where 10.0.0.1 is the address of the router itself).

3. I have a Windows Server 2008 R2 machine, which is also the Active Directory and the DNS server of the company. The IP Address configuration of this machine has been hard-coded to:

Quote:

IP Address: 10.0.0.250
Subnet Mask: 255.0.0.0
Default Gateway: 10.0.0.1

Primary DNS: 10.0.0.1
Secondary DNS: blank

All the machines in the network also have hard-coded IPs and there setting are as follows:

Quote:

IP Address: 10.0.0.2 - 10.0.0.255 (except 10.0.0.250)
Subnet Mask: 255.0.0.0
Default Gateway: 10.0.0.1

Primary DNS: 10.0.0.250
Secondary DNS: blank

In the AD machine I have IIS installed and it has multiple sites published on it. All these sites are available in the network thru the IP 10.0.0.250 (the IP of the AD machine). Now, I wish to make the same websites available online and I think I can use the Static IP provided to me for the purpose.

Can you please help regarding this matter. What steps I should take to make this possible?

Thanks ]]> codenamevirus http://www.antionline.com/showthread.php?t=279027 Remote desktop ? http://www.antionline.com/showthread.php?t=279026&goto=newpost Tue, 27 Jul 2010 18:41:40 GMT Hello everyone, It has been a while since i have been here..good to be back though..:D Guys i have to set up a remote user for accessing a pc... Hello everyone,
It has been a while since i have been here..good to be back though..:D

Guys i have to set up a remote user for accessing a pc about 5 clicks away from me..All i want to know is what software..like vnc,hamachi,ultra vnc, or whatever you guys think should be the safest one to use..Should the operating systems be the same or not?Could normal remote desktop also be considered?How and what security issues should i be aware of..

thx in advance:)
vanman ]]> Network Security Discussions vanman http://www.antionline.com/showthread.php?t=279026 Let the finger pointing begin http://www.antionline.com/showthread.php?t=279025&goto=newpost Tue, 27 Jul 2010 13:43:18 GMT http://www.itworldcanada.com/news/te...campaign=enews

Quote:

Williams, who has filed a multi-million dollar federal lawsuit against Transocean, also said that five weeks before the April 20 explosion, he had been called to check a computer system that monitored and controlled drilling.

The machine had been locking up for months, Williams said, producing what he and others on the crew called a "blue screen of death." "It would just turn blue. You'd have no data coming through," Williams said today, according to the New York Times' story.

Well in my everso humble experience....when a critical machine regularly starts misbehaving in this manner....there is a serious issue that needs to be addressed asap...and the machine should be repaired\replaced\reinstalled.

Obviously a bad driver...or failing piece of hardware....

To blame MS on this is just wrong....

"A poor workman blames his tools"

MLF ]]> Operating Systems morganlefay http://www.antionline.com/showthread.php?t=279025 Backtrack on a 64 bit machine? http://www.antionline.com/showthread.php?t=279024&goto=newpost Tue, 27 Jul 2010 02:58:33 GMT Will Backtrack not work on a 64 bit machine? I currently have a Toshiba A505 with the intel corei7 processor running windows 7. I've a backtrack live cd that works on my old 32 bit xp laptop, but will not work on the new 64 bit machine. ARGH!!!! Help, comments, suggestions? ]]> Newbie Security Questions bpitt http://www.antionline.com/showthread.php?t=279024 <![CDATA['Jailbreaking' Now Legal]]> http://www.antionline.com/showthread.php?t=279023&goto=newpost Mon, 26 Jul 2010 21:44:37 GMT There has been an exception made to the DMCA that now allows users to unlock their mobile devices. From EFF: ---Quote--- San Francisco - The... There has been an exception made to the DMCA that now allows users to unlock their mobile devices. From EFF:

Quote:

San Francisco - The Electronic Frontier Foundation (EFF) won three critical exemptions to the Digital Millennium Copyright Act (DMCA) anticircumvention provisions today, carving out new legal protections for consumers who modify their cell phones and artists who remix videos — people who, until now, could have been sued for their non-infringing or fair use activities.

~~

In its reasoning in favor of EFF's jailbreaking exemption, the Copyright Office rejected Apple's claim that copyright law prevents people from installing unapproved programs on iPhones: "When one jailbreaks a smartphone in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses."

http://www.eff.org/press/archives/2010/07/26 ]]> Hardware westin http://www.antionline.com/showthread.php?t=279023 Timing Attacks http://www.antionline.com/showthread.php?t=279020&goto=newpost Mon, 19 Jul 2010 21:04:06 GMT I found this article rather interesting: http://www.itbusiness.ca/it/client/en/home/News.asp?id=58406 ---Quote--- They crack passwords by... I found this article rather interesting:

http://www.itbusiness.ca/it/client/e...s.asp?id=58406

Quote:

They crack passwords by measuring the time it takes for a computer to respond to a login request. On some login systems, the computer will check password characters one at a time, and kick back a "login failed" message as soon as it spots a bad character in the password. This means a computer returns a completely bad login attempt a tiny bit faster than a login where the first character in the password is correct. By trying to log in again and again, cycling through characters and measuring the time it takes for the computer to respond, hackers can ultimately figure out the correct passwords.

This has been around as a concept for 25 years or so, but a couple of guys reckon that it is not so difficult as previously thought. ]]> Web Security nihil http://www.antionline.com/showthread.php?t=279020 Damn Vulnerable Linux http://www.antionline.com/showthread.php?t=279019&goto=newpost Mon, 19 Jul 2010 20:55:59 GMT This is a new distro to me :D

http://www.hackinthebox.org/index.ph...icle&sid=37086

Quote:

Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

:) ]]> Operating Systems nihil http://www.antionline.com/showthread.php?t=279019 <![CDATA[Apple beats Oracle & M$]]> http://www.antionline.com/showthread.php?t=279018&goto=newpost Mon, 19 Jul 2010 20:15:46 GMT But I don't think that Steve Jobs will be bragging about it to his fanbois :lildevil:

http://www.theregister.co.uk/2010/07...threat_report/

Quote:

The number of vulnerabilities in the first half of 2010 was close to the number recorded in the whole of 2009, security notification firm Secunia reports.
Apple ranks first, ahead of runner-up Oracle, and Microsoft in the number of security bugs found in all their products in 1H 2010. During the first six months of 2010, Secunia logged 380 vulnerabilities within the top-50 most prevalent packages on typical end-user PCs, or 89 per cent of the figure for the entire year of 2009.

:)

EDIT:

Sort of related: FireFox have increased their bug detection bounty from $500 to $3,000. ]]> Miscellaneous Security Discussions nihil http://www.antionline.com/showthread.php?t=279018 <![CDATA[Curried Sheep & Cows?]]> http://www.antionline.com/showthread.php?t=279017&goto=newpost Mon, 19 Jul 2010 20:00:35 GMT I kid you not!.........article is here: http://www.theregister.co.uk/2010/07/07/sheep_curry/ Apparently, feeding curry spices to ruminants... I kid you not!.........article is here:

http://www.theregister.co.uk/2010/07/07/sheep_curry/

Apparently, feeding curry spices to ruminants significantly reduces their methane emissions :D ]]> nihil http://www.antionline.com/showthread.php?t=279017