keep you hands off My Gibson dude!
Printable View
keep you hands off My Gibson dude!
Is that really him? I dunno too much about the guy...I just know that when I read his site ("The Hidden Webserver Inside Your Computer!!!") I feel like someone is trying to get my to sign up for Amway, or get me to come to a group discussion about Rev. Sun Myung Moon and his church of Unification. Koolaid, anyone?
Hi zencoder,
I think Tedob1 was responding to gore's comments on Hax0ring Gibson...the pict is from Tedob's profile...and says he hax0red Gibson.
Didn't even see gore's post till now...apparently he posted the same time I did...so I never made the connection till now.
Eg ;)
A Fender is better than a Gibson anyway?
:p :cool: :D
If you aren't going to use CIFS, then don't hinge your security on a software firewall. Disable the service (advanced section of TCP/IP properties, no NetBIOS over TCP). After that, use netstat -an at the command line to verify that nothing is listening on port 445.Quote:
out of curiousity...how can I check to see if my firewall blocks port 445?
Also, while Gibson research is kinda cool, it's certainly not the way to ultimately base the response of your software firewall. Think of them as the McDonalds of security testers. You're going to get a test, it will be fast and in the long run it wont be good for you.
That would be .:Shrekkie:. :)Quote:
Originally posted here by Tedob1
eg if you have a fw it's probably closed but if you want to be sure...one of our members has an nmap you could use online to get a remote scan.
http://www.michiels.nu/nmap_body.php
<forgot to put the address>
nice links hesperus
Can also be made available over IRC if shrekkie bothers to use my nmap-cygnus module. :p
So it seems that the clueless, uninformed, and lazy have already begun to feel the pain.Quote:
Source
New worm Zotob detected and spreading quickly
Keep antivirus software updated warns Trend Micro
Tamlin Magee: Monday 15 August 2005, 14:33
A NEW MALICIOUS WORM which effects Windows users has been detected, according to Reuters.
The worm appeared soon after Microsoft warned of the three new critical security flaws, which the latest Windows Update had supposedly fixed. The new worm uses holes in the security of Windows 95 all the way through to XP and will allow malicious attackers access to your PC.
Security company Trend Micro said in a release, "hundreds of infection reports were sighted in the United States and Germany." Supposedly the infection is spreading, and quickly.
The worm burrows itself into your windows system folder as BOTZOR.EXE and tinkers with the system host file to stop users from getting access to security websites. It can connect itself up to IRC and give attackers control over your system.
The big security companies are warning to leave your firewalls on high alert and to keep your anti-virus software updated.
This makes me feel all nasty about Microsoft's recent decision on patching. What their decision means is that, many of us, the dilligent, the short-of-sleep-from-marathon-patching-sessions, the ones who work in the trenches, will be largely unaffected in a direct way. But the lazy, the uninformed, and the general masses who buy second hand or cheap computers, will be wide open, and infected, and their traffic (and DDoS botnet attacks) will impact us.
How can this make things better, except for the fact that a handful of folks will be buying windows, instead of scouring google links for working Serialz?!?
m$ decided that my version of XP was not legit... I'm unsure why they think this because it is OEM.
I've been using the same cd code for years now... but anyway...
If you have automatic updates turned on, you can still get the updates, AFAIK.
If you're going directly to the windows update site and get an invalid product code message... simply disable the windows genuine active x control and run windows update again...
(tools, manage add ons, find windows genuine and change from enable to disable)
No cracks needed... lol... at least for now.
Thats a lot easier than spending hours on the phone on hold trying to get m$ to issue me a new key or whatever they have to do to get my legit version to be recognized as legit.
Wow! We couldn't have asked for a better PR nightmare for Windows Genuine Ass-Plundering^UAdvantage.Quote:
Originally posted here by phishphreek80
m$ decided that my version of XP was not legit... I'm unsure why they think this because it is OEM.
I've been using the same cd code for years now... but anyway...
If you have automatic updates turned on, you can still get the updates, AFAIK.
If you're going directly to the windows update site and get an invalid product code message... simply disable the windows genuine active x control and run windows update again...
(tools, manage add ons, find windows genuine and change from enable to disable)
No cracks needed... lol... at least for now.
Thats a lot easier than spending hours on the phone on hold trying to get m$ to issue me a new key or whatever they have to do to get my legit version to be recognized as legit.
It's not that I officially and outspokenly condone piracy...but they are behaving very hardcore with this, and they aren't hurting financially from it (still profitable, and Bill Gates is still richer than God), and their response is causing more harm (and no good) for the Internet population in general. This is irresponsible. There are better solutions, methinks.
An Update...hope you read it...
http://isc.sans.org/diary.php?date=2005-08-15Quote:
McD's Bomber Message Malware
We've had several reports from folks reporting receipt of messages with the subject line "McDonald's bomber jailed for life". This message includes a link to various sites with the common domain lastrez_DONOTCLICK_.com. (_DONOTCLICK_ added for emphasis!)
Visiting the site redirects to a page "mc.html" on the same site that attempts to exploit the MS05-038 bug, creating a file called w.hta. Handler David Goldsmith has called upon the Yesnic registry to stop resolving this domain, and the China-Netcom ISP to stop hosting this site, but at the time of this writing, the site is still operational. Organizations may want to consider blocking the site at 210.22.50.80 to prevent click-happy users from infecting their systems.
Zotob Update
New and improved Zotob(?): Now with mass mailer. Our malware team (mostly Tom and Lorna) are faced with an increasing flood of PNP bots and worms. The most recent one looks like a Zotob. However, it does include a mass mailer.
This Zotob variant connects to the same IRC server as others, but to a different channel. Strings taht are likely to be used in the Subject line for e-mail sent by this variant: Warning!!, **Warning**, Hello, Confirmed..., Important!, We found a photo of you in ..., That's your photo!!?, Hey!!, OK here is it!. The attachemnet included in the email looks like a zip file.
Other notable strings: Botzor2 pnp+asn+mail spread. Greetz to good friend Coder. Based On HellBot3. f-secure,sophos ok wait bitchs!!!
URLs set to 127.0.0.1 via the hosts file: most AV vendors and paypal, moneybookers, ebay and amazon.com.
More MS05-039 fun'ness
Over the course of the day we've seen what appears to be more than a handful of new bots exploiting the PnP bug (Note: PnP is not the same as UPnP, and we wonder who thought adding network-aware capabilities to PnP was a good idea). While TCP/445 scanning hasn't increased significantly, it's always a popular target, so we assume attackers are exploiting pre-populated lists of TCP/445 targets now that a "dot-slash" exploit is readily available and reliable.
Part of the uptick in compromises is likely due to existing bots being configured with the new PnP exploit code, highlighting the "blended threat" problem. Existing malware that has been making the rounds for a while receives a new breath of life when new exploit code becomes available, turning up lots of compromised systems.
A few salient points regarding the current PnP attack threat:
+ There are lots of additional 'bots' in addition to Zotob, directly targeting systems or making use of prepopulated target lists;
+ Ensure all systems have NULL session disabled to block the current threats;
+ Block TCP/445 ingress and egress whenever possible to stop incoming attacks, and to detect infected systems leaving your network;
+ Do not rely on TCP/33333 FTP service detection to identify compromised systems as this port is not used consistently in later bot variants;
+ Ensure AV signatures are up-to-date;
+ Patch!
New Zotob variant (Zotob.b)...read on...
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis