Securing your computer

[Dark Phoenix Rising]

[Alrik]

I just read on a web site about computer security, that the WMF-exploit was available much earlier than it became public : Russian hackers had developed it, not quite understanding it, and sold it for 4000 $ to a more sophisticated hacker who used it for specific attacks.
Source : www.heise.de/security/news/meldung/69207

Lady Rain in the Larian Forum wore a strange message about a possible virus : Read here!

[Alrik]

An article on a German-language web site sais that there is a severe vulnerability in FIrefox 1.5 . They strongly suggest to update to Firefox 1.5.1 .

More holes in Internet Explorer and in Windows xp.

Some more security-related things (Sorry, everything in German, but there are a few key-words which might inform you a bit):

Unpatched risk in Firefox - currently there doesn't exist a patch for it.

New hole in Internet Explorer - it is affected while Flash tries to call a VBA script, if I've understood it correctly.

Spyware uses leak in Winamp - specially prepared playlists can force Winamp to execute code. No antivirus program knows this, so far.
More about it, has English-language links, too.

[Alrik]

Got a notification by Windows Update today : There is a patch for fixing a hole in the windows media player.

Phishers have managed to get SSL certificates : isc.sans.org/diary.php?storyid=1118

[Alrik]

Hello, everyone.

I just read it in an German article : www.heise.de/newsticker/meldung/71030

There is an automated registering going on in massess of forums with the user name being "FuntKlakow".

It is not knows what's this for, but a possible hack or exploit of a secutity leak seems to be planned - or simply spam mass mailing.

You can read more about it in English language here :

www.issociate.de/board/post/312809/phpBB_mass-hack_being_prepared_

I don't know what will become of this, but I see that a certain line has been crossed.

Al least Funt Klakjow will be at one point *very* famous ...

Alrik

[Alrik]

Someone in a forum I know has just posted this : www.heise.de/newsticker/meldung/73846

Avast-Scanners can receive a buffer overflow by scanning .CHM files (Microsoft "compiled HTML" help files are these).


A hacker could use this for insertinbg a damaging or otherwise malware-like code into that, and use then the Avast virus scanner as a trojan horse "through the buffer overflow) to get this code executed.

[Alrik]

There is a Yahoo mass mailer worm out there : "Yahoo mass mailer", Description of Trend Micro, Description of Symantec.

[Alrik]

Good news : The english-language news from "Heise Security" have *all* been translated into English !

This will make linking easier !

I recommend looking into it once in a while : www.heise-security.co.uk/

Right now there are several articles about vulnerability risks in MS Office.

Together with the general English News, this makes the site more international.

[Alrik]

Very interesting site : www.firewallleaktester.com
It's about tests for possible leaks of firewalls.
If you visit it, you should take a look at the News, the FAQ und the test results.

[Alrik]

I'm currently looking into some newsgroups. A snippet I found on a rather new trojan variant (source : alt.comp.anti-virus) :

Just thought I should tell everyone about a new Haxdoor variant I found
this morning, it appears to do everything just as Haxdoor does now ie:
Keylog's, opens a port for remote access and restarts the computer if
it is tampered with.
In addition it uses a silly looking "Google" screen block to prevent
access to any antivirus site referring to Haxdoor.
Turning off the automatically restart on error function in Windows XP
shows the below BSOD if your antivirus trys to clean it:

Stop 0x0000008E
rxx6ot.sys

The file names I have identifyed as part of this variant are:
rxx6ot.sys
rxx5ot.dll
rxx5ot.sys (mabey)

The service in the registry is registered as MMX Virtualization and
MMX2 Virtualization just as they are in the original Haxdoor

I have a copy of the first two if any antivirus firms want me to email
them to you.

In addition to the above problems this variant also uses Rootkit
functionality to prevent you from diagnosing it, I used the rootkit
uninstaller to locate them and then booted into a recovery console to
delete the rogue files.

If I can be of any other help feel free to email me:
Deane Jessep
Senior Systems Engineer
GCT
Hastings
New Zealand
deane@jessep.co.nz

Just wanted to inform you, although this might not necesasarily be that important.

I see, however, that newsgroups can be quite fast.

An Addition : www.virusbtn.com/news/virus_news/index

More serious : Interpol site spoofed

And this one : Vietnamese bot-keeper arrested (launched DDos attacks "just for fun")

Supermarket scammed by hacking employees

[winlok]

Is this a serious discussion, because I know of a sure fire way to secure your computer.

If you have any tips on securing a Windows PC from danger on the internet or for safer surfing, please feel free to post them here.

Just don't buy one.

[Alrik]

Yeah, a Gameboy is much safer.

[Dark Phoenix Rising]

But then you're not securing your computer

As a point of note. When NT4 was around microsoft managed to get it level 4 security certified by the US MOD.



...







....






...



...
They did this by unplugging it from the network and disabling all the network hardware.

[Alrik]

LOL

[Alrik]

A Phishing site (URL came with my e-mail) :
bankofamerica.com.state-cgi.account.sso.login.controller.signin.jxlemirbssurcomtuqp.presentation.gotoenrollwithssnpinpage.liberation.gr/

Totally open, the only interesting thing is the *extremely* long URL.

I wonder what a WHOIS might say ...

[Dark Phoenix Rising]

You'll probably find that the server is liberation.gr and everything else just tells the server what to pretend to be.

[Alrik]

Nice. I've got an pseudo-ebay phishing mail.

Link ul95.maple.jp/.change/index.php?MfcISAPICommand=ChangeFPP
Short it to Link ul95.maple.jp and see what happens !

This guy even provides us with his system information ! ;D

[Alrik]

Hackers broke into fantasy game

[Alrik]

McAfee is against Vista, others, too.

(This is in German language.)

These developers of anti virus software are against the vista protection system called "Windows Security Center", and Microsofts development of it. They claim that MS is trying to hinder other developers of security related software to bring in their products into vista.

Especially alarming is this sentence by McAfee : (translated) : "If this protection system fails, then it fails on 97 % of all desktop systems."

[Alrik]

Trojan installs its own antivirus-software