Slashdot Mirror

Back in 2000 Netscape did a despo gamble like this and its implementation of some java classes was bad. It allowed websites to create classes derived from the server side of the browser and access all the info in the hard disk.
Google for Netscape and Brown Orifice for more details.

http://www.securityfocus.com/news/70

These were Java bugs from 2000, not something Netscape intentionally allowed. A desperate gamble, WTF?

Such a security hole is waiting to happen. It is really a dumb idea from Apple. One of the biggest plus point of MacOS is that, it is safe and it does not have vulnerabilities. To put that reputation at risk by allowing the browser to dish out data to the outside world is really really a dumb idea.

Yes, there are security features. Yes there are things the user must enable for it to work. Despite all this, having server code loaded up in the memory of a browser is stupid.

From Apple? Who is Apple? Opera? Are you lost? It was Apple's idea? WTF?

Have /. mods gone completely fucking insane?

Google for Netscape and Brown Orifice for more details.

http://www.securityfocus.com/news/70

Such a security hole is waiting to happen. It is really a dumb idea from Apple. One of the biggest plus point of MacOS is that, it is safe and it does not have vulnerabilities. To put that reputation at risk by allowing the browser to dish out data to the outside world is really really a dumb idea.

Yes, there are security features. Yes there are things the user must enable for it to work. Despite all this, having server code loaded up in the memory of a browser is stupid.

See my subject and this Oliver Day's SECURITYFOCUS.COM article titled "Resurrecting the Killfile" by Oliver Day, 2009-02-04 http://www.securityfocus.com/columnists/491 It seems that security experts tend to agree with you apk. Whoever modded you down is nothing more than some ignorant troll.

See my subject and this Oliver Day SECURITYFOCUS.COM article titled "Resurrecting the Killfile" by Oliver Day, 2009-02-04 http://www.securityfocus.com/columnists/491 It seems that security experts tend to agree with you apk. Whoever modded you down is nothing more than some ignorant troll.

See my subject and this Oliver Day's SECURITYFOCUS.COM article titled "Resurrecting the Killfile" by Oliver Day, 2009-02-04 http://www.securityfocus.com/columnists/491 It seems that security experts tend to agree with you apk. Whoever modded you down is nothing more than some ignorant troll.

Heh yeah... it's (obviously) something I still feel passionately about.

Just really reinforced to me that I am not equipped to work for the government. Some good benefits yes, but sooo much hierarchy, inter-department, inter-agency sniping, politicking, not to mention the military vs civilian hierarchies which gave many agencies VERY different atmospheres.

I actually think that is part of the reason why some Intelligence people don't like cia ... did you know that there is a table of rank equivalence for GS pay scales? That is, if you work for the government and you are paid according to the GS scale as a GS-12 you're supposed to be treated like a lieutenant [I'm not sure that's the exact translation..but something like that]. How ludicrous that your pay grade is supposed to determine protocol.

Whenever I read articles on slashdot about NSA, CIA, etc I just have to shake my head...if only more people knew what 99% of those agencies were like...

(Sorry to let you down...no Bond references...there might be a super secret spy catfish though!)

Devices with any OS can come with malware. Even iPods and picture frames have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.

Interestingly, the incidents you linked to involved malware for windows machines. Yes any storage system can contain malware, be it for the host OS or an alternate, but a lot of it is targeted at windows as your examples show.

Devices with any OS can come with malware. Even iPods and picture frames have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.

This is for the previous Reader vulnerability. The new one is very much in the Javascript functions:

http://www.securityfocus.com/bid/34736

... when an organization claims that they're going to provide something that's unbreakable The claim is usually an open invitation to reduce the "unbreakable" object to ashes.

This one has already been under discussion and review by the cryptologic community for several years now. It has received a lot of attention by the top academic cryptographers, as well as by government organizations like the NSA.

Never say never, and I'm sure the "unbreakable" word came from management or from news agencies, not the authors of the protocol, but I'll be very surprised if this is broken.

... when an organization claims that they're going to provide something that's unbreakable

So I guess neither Oracle nor Slashdot moderation is unbreakable.

... when an organization claims that they're going to provide something that's unbreakable

The claim is usually an open invitation to reduce the "unbreakable" object to ashes.

From an interview with authors:

http://www.securityfocus.com/columnists/442/2

"How can an attacker deploy it?

Nitin & Vipin: An attacker doesn't need to install, that's the way it has been designed. Just boot the system by placing the vbootkit media (containing vbootkit in bootsectors) in the drive, and start booting. After Vista boots, you can verify that you are running vbootkit, by checking the privilege of any running cmd.exe, the sample converts all low-privileged cmd.exe process to SYSTEM privileges. It also supports system compromise via PXE booting.

It doesn't need any privileges only physical access to the machine. It can also be installed to a remote system under some conditions (without physical access)."

but can root, make a file he himself can't (re)move?
The answer ofc is yes
.'. root > god
QED

You bring up a very important argument : trust. Who do you trust in the cases of you being the Dalai Lama and you're using linux or windows.

Windows : you're trusting Microsoft, the State of Massachusetts and the Federal Government of America. All of these organizations vet their people, every step up the ladder means more thorough checks. This means that Microsoft has the option of ratting out just about everything you know to the chinese

Linux : you're trusting everyone, everywhere with the basic smarts of getting code accepted in an open source project.

This is the story of a "slightly better than average" attempt at backdooring the linux kernel was thwarted :

http://www.securityfocus.com/news/7388
http://www.linuxtoday.com/news_story.php3?ltsn=1999-01-22-005-10-SC
http://www.opennet.ru/base/sec/p52-18.txt.html

How can this be prevented ? Simple : vet your contributors BEFORE accepting code from them.

"1) Hard coding your favourites into your hosts file will save time on lookups, I've never debated that fact. What I've said is the time invested isn't worth it. You still refuse to address that other than saying its your time and you'll do with what you like. Fine... but others should be aware that in the long run it won't save them any time and could cost them time." - by Nos. (179609) on Wednesday April 15, @01:12AM (#27582533) Homepage

SO: Gee I wonder - Are YOU the kind of person who would've said that to say, Jonas Salk, as he spent time on curing POLIO, too?

STRANGE YOU OMIITED THIS -> That I also stated it was FOR THE BENEFIT OF OTHERS (quit skimming - OR, rather "conveniently omitting", this ->) also, in THIS quote in my last post above:

http://tech.slashdot.org/comments.pl?sid=1185815&threshold=1&commentsort=0&mode=thread&cid=27581413

----

I built my app for HOSTS file mgt. (removes repeat entries, alphabetizes ALL entries, changes BLOCKING entries from the larger/slower 127.0.0.1 or 0.0.0.0 to the smaller/faster/more efficient 0 blocking IP address, & also pings my favs to put into the HOSTS file w/ their current IP address, to avoid the 30++ ms it takes to call out to a remote DNS server) so others could gain by its use (in security, and YOU agreed to that right off) AND to also get better speed online also

(Which you conceded happens, ONLY after YOUR seeing Mr. Oliver Day's reply from securityfocus.com here -> http://www.securityfocus.com/columnists/491 [securityfocus.com] )...

All, so OTHERS USING MY SECURITY GUIDE gain by it, & it works for BOTH added security AND SPEED online (250,000++ views strong in 1 yrs.' time online, often HIGHLY rated or made an "essential guide" etc. or is most viewed across 20++ forums online, such as here -> http://www.tcmagazine.com/forums/index.php?s=395376e859fcee5140c0853e11b8fc8f&showtopic=2662 )...

So THEY could save time in building a GOOD HOSTS FILE, & use the file I distribute for them to in HOSTS files!

(AND AGAIN? Folks using my security guide, and YES MY HOSTS FILE, are showing 1++ yr. of time w/ NO MALWARE INFESTATIONS NO LESS, & going faster online and locally also - so, see my last post in fact as to testimonies to that (or, I can provide them w/ URL's & PERTINENT QUOTES as proof thereof))...

(Man - It's the "techies" out there, just like YOU, that "f things up" badly: Your kind's unwilling to do necessary work for security because you say it's "too much time burned", & that's B.S. - I say YOU'RE LAZY (or unqualified to write code), is more like it - I mean, per the bottom of my P.S. below? Do YOU EVEN KNOW WHAT "layered security" means? I don't think so...)" - by Anonymous Coward on Tuesday April 14, @10:06PM (#27581413)

----

AND? THUS - ANOTHER "UNTRUTH" FROM YOU IS REVEALED, ONCE MORE, IN THIS PORTION OF THE ABOVE QUOTE (of MY OWN WORDS, above, & from my earlier post here, no less, as proof) , vs. YOUR UNTRUTHFUL STATEMENT BELOW I quote next:

"You still refuse to address that other than saying its your time" - by Nos. (179609) on Wednesday April 15, @01:12AM (#27582533) Homepage

Hey - It IS my "own time" & how I use it? Is to help others out in security in this field (and a LOT more, like coding or network engineering tasks, & over 16++ yrs. professionally, & 26++ yrs. TOTAL time...):

(Folks can & HAVE + DO USE the HOSTS file I build each day, & successfully... some even stating no malware infestations for m

"Even the security benefits you claim can be had far easier" - by Nos. (179609) on Tuesday April 14, @02:05PM (#27573945) Homepage

You know, for a guy that CLAIMS to have some 'security certifications'? Have YOU ever heard of the concept/term of "layered security"?

Look into it... & KNOW why I use MULTIPLER LAYERS of each of the things you noted... same reasoning as PORT FILTERING working w/ software firewalls, IP Security Policies, + hardware "NAT firewalling" & stateful packet inspecting routers, & more!

----

OK now, per my subject-line? Now - kindly answer the 3 simple questions, enumerated #1-#3 below, & IN REGARDS TO THIS STATEMENT FROM YOU:

----

"As I've said and you've agreed, you'll not recover the time you've invested" - by Nos. (179609) on Tuesday April 14, @02:05PM (#27573945) Homepage

1.) SHOW US ALL, WHERE DID I AGREE WITH YOU ONCE on hardcodes of my favorites into my HOSTS file for their URL-to-IP address resolution being slower, as you felt?

AND, which you CHANGED LATER (after question #2 below's code ONLY, that is):

"So all your "proof" of faster lookups via a hosts file I've already agreed." - by Nos. (179609) on Friday April 10, @03:25PM (#27535231) Homepage

?

(Tell us another one, ok? YOU CONTRADICTED YOURSELF IN THOSE QUOTES ABOVE, no less!)

Sheesh...

ANYHOW - The time I invested, was explained in my LAST post? (it was for the benefit of others!)

AND, again - I built my app for HOSTS file mgt. (removes repeat entries, alphabetizes ALL entries, changes BLOCKING entries from the larger/slower 127.0.0.1 or 0.0.0.0 to the smaller/faster/more efficient 0 blocking IP address, & also pings my favs to put into the HOSTS file w/ their current IP address, to avoid the 30++ ms it takes to call out to a remote DNS server) so others could gain by its use (in security, and YOU agreed to that right off) AND speed online also

(Which you conceded happens, ONLY after YOUR seeing Mr. Oliver Day's reply from securityfocus.com here -> http://www.securityfocus.com/columnists/491 )...

All, so OTHERS USING MY SECURITY GUIDE gain by it, & it works for BOTH added security AND SPEED online (250,000++ views strong in 1 yrs.' time online, often HIGHLY rated or made an "essential guide" etc. or is most viewed across 20++ forums online, such as here -> http://www.tcmagazine.com/forums/index.php?s=395376e859fcee5140c0853e11b8fc8f&showtopic=2662 )...

So THEY could save time in building a GOOD HOSTS FILE, & use the file I distribute for them to in HOSTS files!

(AND AGAIN? Folks using my security guide, and YES MY HOSTS FILE, are showing 1++ yr. of time w/ NO MALWARE INFESTATIONS NO LESS, & going faster online and locally also - so, see my last post in fact as to testimonies to that (or, I can provide them w/ URL's & PERTINENT QUOTES as proof thereof))...

(Man - It's the "techies" out there, just like YOU, that "f things up" badly: Your kind's unwilling to do necessary work for security because you say it's "too much time burned", & that's B.S. - I say YOU'RE LAZY (or unqualified to write code), is more like it - I mean, per the bottom of my P.S. below? Do YOU EVEN KNOW WHAT "layered security" means? I don't think so...)

SO, since you said I "agreed with you"? Well then - do what I do, & provide us a quote of MY agreeing w/ you on that, since you said I have... ok??

----

2.) Did the coded illustration ->

http://tech.slashdot.org/comments.pl?sid=1185815&cid=27513545

there, of loading 250

"3. The most you will save in time is 30 milliseconds per site per day. - by Nos. (179609) on Monday April 06, @02:49PM (#27479429) Homepage

Well, like I said before: Again here now in that quote from you, just like from you earlier/above?

You DO concede a gain

Albeit, only a small one...

Still, I never said it was "huge" in doing that alone in HOSTS files (hardcodes of favorites), because, imo??

Yoo "open up more bandwidth" via blocking adbanners &/or stalling out indiscriminate usage of javascript (which both also secure you as well). The nicest gain of hardcodes is that you can still reach your favs, even IF your DNS server goes down, or is poisoned.

(However, as far as favorites hardcoded into a HOSTS file, bypassing the need for 30++ns or more lookups from a potentially down or poisoned DNS server?? Hey - that harcoding of favs into a HOSTS file really only gets better/faster, once the diskcache kicks in on my favs. (which are only 8k in size going to the LAST entry of 250 of them I personally use... this only takes 2 reads by the memmgt. subsystem to cache it all from my HOSTS files' body (specifically, what helps most here, is the diskcache, which is a subsystem that works EXTREMELY closely to the memmgr. subsystem, which works in 4kb pages)).

APK

P.S.=> Security benefits are there, you don't doubt that, but, speed gains are possible also... again:

Resurrecting the Killfile
Oliver Day, 2009-02-04

http://www.securityfocus.com/columnists/491

----

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

----

apk

Didn't you say this earlier, conceding a speed gain exists, using a HOSTS file:

"So if you hit every site, every day for a year, you've saved yourself a whopping 9 minutes. Congratulations." - by Nos. (179609) on Thursday April 02, @06:10PM (#27437363) Homepage

Here earlier in this exchange? Sure you did... & it appears that you concede the speed gain possible, just as Mr. Oliver Day of SECURITYFOCUS.COM did here as well:

Resurrecting the Killfile
Oliver Day, 2009-02-04:

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE/EXCERPT:

----

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

----

A gain, is a gain, is a gain... &, others (reputable, professional others no less) also see & notice it as well!

(Proof's in the pudding (& quote above)).

So, even though YOU try to "minimize it"? The gain exists, & you admitted this (suddenly NOW though, lol, you don't... come on!)

(& your tests via my pinging Open DNS' name resolvers showed longer times (30ms) without using a HOSTS file for their URL-to-IP resolution, than using a hardcoded internal to HOSTS file IP-to-URL equation line in them for them in it, which was again, 0ms (as it is with ANY website you do this for)).

APK

P.S.=>

"First off, I agree with the security benefits, I never suggested there was anything wrong with those" - by Nos. (179609) on Friday April 03, @12:31PM (#27446793) Homepage

Correct, & you can't - The security benefits are UNDENIABLE, & they're the MAIN REASON I espouse the use of CUSTOM HOSTS FILES... for security!

(Speed gains they can yield, as well as efficiency ones by not running a local DNS (wasting CPU cycles, RAM, & other forms of I/O also possibly) would be a waste, considering so many have bugs (MS' own, djbdns, & even BIND), OR, can be "DNS Poisoned" as well... apk

"I'm also assuming that a look up in the HOSTS file takes 0ms (which isn't actually true, but we'll stick with it)" - by Nos. (179609) on Friday April 03, @09:48AM (#27444085) Homepage

Funny: PING says it is... & it seems you read the analysis myself & Harm Sorensen did over @ MSDN (very good), & he made the same arguments, but found that (he & I both suspect this) the local diskcache is what is making up for caching the HOSTS file's content into memory (which makes sense, it IS, just a file like any other).

Still yes, I agree - There is disk access time involved, as well as the File I/O Open-Read/Write-Close cycle, but on today's disks (especially here, because I relocate mine to a TRUE SSD, a CENATEK RocketDrive, via this parameter -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters & the DataBasePath string value) make up for that (especially say, WD Raptors OR "PRT" utilizing disks which are GREAT on readspeeds)

Additionally? By my use of a smaller blocking IP address (smallest of 0)?? My reads of my custom HOSTS file is faster, since the filemass is smaller... doing "less with more", is typically thought of, as good engineering.

However, the bottom-line is this:

YOU GO FASTER... & YOU even concede that, though you tried "lessening it"

ALSO?

Resurrecting the Killfile:
Oliver Day, 2009-02-04

http://www.securityfocus.com/columnists/491 [securityfocus.com]

PERTINENT QUOTE/EXCERPT:

----

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

----

ALSO - Per your suggestion to MEK_LoveBug, as a test?

Well - I pinged OpenDNS... 208.67.222.222 (resolver2.opendns.com) & 208.67.220.220 (208-67-200-200.coho.net), both as URL's & also as IP addys same result (which makes sense: They're really just remote computers, like any other you ping, & they're OpenDNS' resolvers for DNS URL-to-IP resolutions) - 30ms roundtrip, once more.

Again though, on speed gains (even by NOT blocking banners which helps a TON in addition to blocking javascript usage on "every site under the sun" bad move today security-wise)?

The speed gain "ancillary benefit" is the LESSER of the benefits of a custom HOSTS file, security is the greater gain, by far... funny how you avoid THAT aspect of it though (not really, it is, undeniable).

----

"If you really understand how DNS (and web surfing) works, you'll see that you're not saving any time, and you're giving up features that DNS provides." - by Nos. (179609) on Friday April 03, @09:48AM (#27444085) Homepage

You mean ones like being "DNS Poisoned"?

You mean like the recent bugs that existed for a decade++ in MS' own DNS server??

You mean like the bugs found VERY recently also, in djbdns???

(Now, don't go & try to tell us "that those never happen or don't exist", ok??)

APK

P.S.=>

"Its not a bad idea for blacklisting sites" - by Nos. (179609) on Friday April 03, @09:48AM (#27444085) Homepage

Aha - SO, you FINALLY admit that there ARE security benefits... good!

----

"but don't fool yourself, you're not saving any time." - by Nos. (179609) on Friday April 03, @09:48AM (#27444085) Homepage

Wait a second: NOW, you're "flipping the script" (reversing your statements now, suddenly, because it suits YOUR arguments)...

AFTER ALL - Earlier in this exchange, Didn't you admit to a lesser gain than PING shows you? A gain, is a gain... no matter HOW you try to lessen it, for speed... but, good to see you do NOT deny the MAIN BENEFIT of security, per my last quote of your words above... apk

"How about a round trip ping to your DNS server. I'll bet its a lot less." - by Nos. (179609) on Friday April 03, @09:40AM (#27443937) Homepage

I just tried pinging 208.67.222.222 (resolver2.opendns.com) & 208.67.220.220 (208-67-200-200.coho.net), same result (which makes sense: They're really just remote computers, like any other you ping, & they're OpenDNS' resolvers for DNS URL-to-IP resolutions) - 30ms roundtrip, once more.

(I.E.-> You'd have lost your bet...)

Regardless of that?

A savings, is a savings & a gain, is a gain... & still, as MEK_LoveBug noted?

You seem to completely avoid the safety/security benefits of a custom HOSTS file (for blocking out known bad servers)... why is that? Because it's undeniable?? Absolutely.

----

"Even if you are the same guy that wrote the script, and it took 3 days (say 20 hours)" - by Nos. (179609) on Friday April 03, @09:40AM (#27443937) Homepage

It isn't "a script"... it's a Borland Delphi Win32 Portable Executable - I'll leave the "script kiddie stuff" to script kiddies on *NIX, ok?

----

"and if it saves 45 minutes a year, it would take about 27 years for you to actually save any time. That's assuming that you never have to move or tweak your setup." - by Nos. (179609) on Friday April 03, @09:40AM (#27443937) Homepage

Whatever it saves me, speed-wise? I will GLADLY take...

(& still, you avoid the security benefits possible in customized HOSTS files... again, why is that??)

----

"Maintaining a hosts file for the purpose of speeding up DNS lookups isn't really going to help you out." - by Nos. (179609) on Friday April 03, @09:40AM (#27443937) Homepage

A custom HOSTS file doesn't "speed up DNS lookups"...

It actually acts as your own "private local DNS resolver", more-or-less...

(& it IS faster, & you even concede that, though you tried lessening its value (w/ a line of b.s. @ this point, because I did ping Open DNS' servers, & had the same 30ms return result)).

APK

P.S.=> There is also the fact that a noted security-pro, in Mr. Oliver Day (SECURITYFOCUS.COM) also notes that speed gains are possible using custom HOSTS files (& his isn't even blocking out adbanners, as mine does, for a lot more speed (as well as security, since they have been known to be infested w/ malware as well), see here:

Resurrecting the Killfile:
Oliver Day, 2009-02-04

http://www.securityfocus.com/columnists/491

PERTINENT QUOTE/EXCERPT:

----

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet particularly browsing the Web is actually faster now."

----

So, so much for YOUR "opinion"... apk

Depends on your virtual machine. Lots of virtualization software/hardware has bugs.

See:

http://www.securityfocus.com/bid/32597/discuss

And:
http://www.google.com/search?hl=en&safe=off&q=+site:www.securityfocus.com+vmware+vulnerability

I'm sure the others have problems too.

'An operator corrects the telemetry problem but forgets to restart the monitoring tool'

This from conclusions in the report by the investigating task force. This is BS, the reason the 'operator' disabled 'real-time status of the power system' was to 'conduct a manual check of the network' because they were fully aware an incident was in progress, in the middle of which he then .. incrediously ... went to lunch and forgot about it.

"We have no clue. Our computer is giving us fits, too," replied a FirstEnergy technician identified as Jerry Snickey. "We don't even know the status of some of the stuff (power fluctuations) around us."

"I called you guys like 10 minutes ago, and I thought you were figuring out what was gong on there," the MISO technician, identified as Don Hunter, complained, according to the transcripts.

'FirstEnergy's operators were unaware for over an hour that they were looking at outdated information on the status of their portion of the power grid, according to the November report'

'no such call was made or warning given. I have confirmed that by having my staff listen to control room operator tapes'

'At 14:02 EDT .. One of MISO's primary system condition evaluation tools, its state estimator, was unable to assess system conditions for most of the period between 12:37 EDT and 15:34 EDT, due to a combination of human error .. and could not issue appropriate warnings'

I think he means the screen froze ...

Also, the virus could use a commonly available BIOS utility to flash malware into the cmos. Much, much more insidious than a traditional file-based root. Then it's there on every boot.

AFAIK, it can do that from Ring 0, too. About all SM mode does is allow you to temporarily inject yourself under the kernel in an undetectable way for a single boot; if you don't delete yourself from disk, you can still be detected by virus scanners and deleted, at which point your code would go away on the next boot... unless you start sniffing disk block writes and try to hide your files from the virus scanner. Either way, AFAICT, a cold boot from a recovery disk can clean up anything you could do in SM mode that you couldn't do from ring 0.

These attacks have been around for a while. Here's an article about an attack that obtains SMM access (from user space code in that case) from way back in 2006. The only thing that's new is that this is a new/different way to get into SM mode.

"just set up a DNS server with those entries in it." - by Anonymous Coward on Friday February 27, @12:37PM (#27014013)

First of all: Why run something I do NOT need here? I have no AD network @ home currently, nor do I require the use of a local DNS server here - for how I use the internet @ home, that'd be an illogical WASTE of CPU cycles, memory, & other forms of I/O!

Also - DNS servers have KNOWN vulnerabilities in them is why...

Dan Kaminsky ring a bell?

When I use utilize DNS servers though (&, I do, still even w/ a HOSTS file (of course))? I use the 'best in the business', in OpenDNS...

NOW - IF that's NOT enough, I can produce a lot more data that seconds that as well as pointing out more possibles why reliance on DNS servers is NOT always good medicine, such as the fact that DNS servers can be "poisoned"... for example!

(&, if my DNS server doesn't have an address I need in it, URL resolved-wise to its IP address?? I'm NOT going to be able to get to said website, w/ out a HOSTS file 'hardcoding' of the URL-to-IP equation for that website to do it for me)

Fact is?

That brings up a point that is another benefit of HOSTS files usage - using a HOSTS file hardcode to a website via entering its URL-to-IP address equation in it for said site CAN substantially speed up access to that site, by ORDERS OF MAGNITUDE!

(E.G.-> Ping a website, you usually see 30-60ms return times from DNS servers... it's yet ANOTHER flexible use of them, this time not for security, but rather for superior performance!)

NOW - By contrast/way of comparison?

Determining a site from a LOCAL HOSTS FILE? 0ms return of URL-to-IP address resolutions will show, & via the same ping test I noted others to try above...

30-60 fold increases in speed manifest & evidence themselves, thus, right there, that you can realize & SEE the speed gains possible thus!

(DO try this, even if just as an experiment that you can use, to try to see my point here... it's an EASY test!)

HOWEVER, though this usage of HOSTS files SOMETIMES requires maintenance, because RARELY usually? Websites DO change HOSTING PROVIDERS, but MOST let you know they are doing so, ahead of time, to account for this (& it's NO big deal using notepad.exe, ping IF needed, & I have it RIGHT again - trivial, IF you can read english, that is))...

----

"Dude, a piece of advice: Quit the raging" - by Anonymous Coward on Friday February 27, @12:37PM (#27014013)

Secondly: Who's raging? I'm not the one libelling others, I am only responding to those types of folks here, in kind (when in ROME, do as the ROMANS DO, as apparently? It is the ONLY language they understand!)...

Hey - IF anything, I'm getting my usual "entertainment" from putting the "naysayers" (@ least ones w/ no technicals in their b.s. replies that is), in their place, easily... lol!

APK

P.S.=> LASTLY: In fact, read Oliver Day's article I posted from SECURITYFOCUS -> http://www.securityfocus.com/columnists/491 in my 1st post (he hit upon MOST everything I extolled years before, here -> http://www.tcmagazine.com/forums/index.php?s=755f63904e378882b75dfdf8b1356087&showtopic=2662 in regards to HOSTS files' role in "layered security", & FAR more)... apk

"You have 650,000 entries in your hosts file? Holy shit." - by abigor (540274) on Friday February 27, @11:36AM (#27013067)

Yes, & it's the result of nearly 12++ yrs. of 'labor' on my part... an old trick, that MS imported from the BSD IP stack, that still works for a VERY important useful networking concept for security - LAYERED security!

E.G.-> @ first, it was for blocking adbanners only, for speed - later though, when the 'online malware invasion' began (imo, circa 2004 onwards) via infected adbanners, malicious site script & such?

I.E.-> It was time to start BLOCKING OUT bogus sites & adbanners of that nature... &, I'm NOT the only 1 doing it - FAR from it!

(Even SpyBot "Search & Destroy", a reputable & noted antispyware, does so)...

ALSO - even folks like SECURITYFOCUS' own Oliver Day agree, that it MAY BE TIME TO RETURN TO THE USE OF "KILLFILES", see here -> http://www.securityfocus.com/columnists/491

HOSTS files? They work!

It's really that I just do NOT like seeing MS make a move that contributes to a LESS EFFICIENT method of using them, in the case of HOSTS files.

I mean - The way they do it/allow it, still allows for 0.0.0.0 (better than 127.0.0.1 in size, but, also in NOT having ANY processing done on such requests, where the "loopback adapter" 127.0.0.1 address? Afaik, it DOES do SOME work there, needlessly using CPU cycles imo doing so & other things like RAM + I/O) - 0.0.0.0 is the superior one, but 0 beats it on in-memory efficiency, & LOAD TIME into the local DNS cache.

----

"Windows is a basic platform to run a whole bunch of very popular software. It doesn't do "hard" things, like advanced networking." - by abigor (540274) on Friday February 27, @11:36AM (#27013067)

I think you'd be surprised @ how capable Windows Server 2003 is though, & in those very capacities...

Sure, I truly CAN conceded, that some things are HARDER to do in Windows based OS, networking-wise, than Linux (dual homed rigs being one in my experience in the past, but still doable) has that makes it very simple (netconfig - as an example, & I go into it below).

----

"Instead, buy a beige box, throw Linux/BSD on it, and use it as your firewall and gateway." - by abigor (540274) on Friday February 27, @11:36AM (#27013067)

I used to use netconfig & use a slower/older rig as a NAT routing 'firewall' more-or-less, via dual NIC configured rigs (dual homed) to do so... & yes, it worked, but that's what I use LinkSys/CISCO routers for nowadays... good point though, because it IS, doable, + a possible COSTS savings in doing so.

APK

P.S.=> Port Filtering being TOTALLY removed though? Dumb... after all, 1 of the FIRST THINGS I see malwares often do?? DISABLE SOFTWARE FIREWALLS... & this is where that next layer of defense (which works on a DIFF. layer of the driver model for this using a diff. driver than software firewalls do) helps, & it is often called "the poor man's firewall", because IF a malware knocks a software firewall 'offline'? This is in the way... just like how folks have deadbolts, door handle locks, alarms, & chain locks on their doors - a SIMPLE concept that works! apk

Is this a flaw in the Operating System or a flaw in the application like the Adobe one and who is to blame this time ...

If he's running ArpWatch he'll get an email each time an "unfamiliar" (i.e. new) MAC address is seen.

According to this Symantec blog turning on DEP for Acrobat Reader prevents this type of attack.
If you run Windows, I would recommend you run with "DEP for all programs and services" with no exceptions.

While telltale signs of the switch remain â" the Web address starts with HTTP rather than HTTPS â" most users do not even notice.

http://www.securityfocus.com/brief/910

From everything I've read about this attack, it does not present an https:/// URL on unencrypted traffic, just attempts to trick you into thinking it is encrypted by covertly changing all the https:/// links to http:/// and presenting a padlock favicon on supposedly encrypted sites. It mainly relies on the hope that you don't notice the http:/// link. I would be interested to hear where you have seen otherwise though.

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

It's all one liners until someone puts an eye out.

This seems to relate quite similarly.

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comments especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

Nancy:

https://tagmeme.com/exmachina/a/002450.html

This possible variant is out of "beta" (12 years old) it seems and truly roams "at will", those with the coding chops will understand what even a partial AI engine is capable of (SOAR).

On Macintoshes it leaves strings:

http://www.google.com/search?q=NuNV+N%5ENuNV&btnG=Search&hl=en&sa=2

PCs become junk as well:

http://www.derkeiler.com/Newsgroups/microsoft.public.security.virus/2005-09/0230.html

This Gal has a handle on it:

Joanna Rutkowska, Invisible Things Lab:

http://invisiblethingslab.com/itl/About.html

"Most users now days do have multiple PCs, behind a NAT connected to broadband." - by Anonymous Coward on Saturday February 21, @04:28PM (#26943791)

Most users I have serviced, as far as PAYING clients @ the home level the past year? DO NOT... who are you trying to fool here?

(AND, if they do? That same guide also recommends patching religiously... inclusive of the patch Microsoft issued for this very SERVER SERVICE RPC bug)

In fact, IF you read that guide you loudmouth? You'd have read the 3rd POINT in it, & it puts a loudmouth like YOU, into YOUR place... easily, you skimmer.

----

"1993 called, they want their Internet back" - by Anonymous Coward on Saturday February 21, @04:28PM (#26943791)

Well, 2009 is here, & "layered security" is THE trend out there, today, for security vs. these machinations...

OR

Doesn't this article tend to second that idea (such as using HOSTS files to block the servers these malware worms use, another idea that the article I put up notes that also works for stopping this, & other, worms like it, by stalling access to their command & control servers):

Resurrecting the Killfile: by Oliver Day of SECURITYFOCUS.COM

http://www.securityfocus.com/columnists/491

?

----

"You're an idiot. There is no 'defense'." - by Anonymous Coward on Saturday February 21, @04:28PM (#26943791)

Doesn't the A/C I am responding to sound JUST like some botmaster that my post here offends, because everything it notes (especially the guide I put up) stalls out tihs malware, & others like it... or, don't the findings of OTHERS tend to 2nd that for me?

NOW - As Far as others NOT seeing great results using said guide? Well - See here, read THRONKA's results using that guide I posted:

http://www.xtremepccentral.com/forums/showthread.php?t=28430&page=3

I'll let he (& others who have used it successfully for over a year vs. malwares no less IF NEED BE, because I can gather THEIR results, vs. your ANECDOTAL BULLSHIT w/ no proofs on your end) do so, for me...

APK

P.S.=> Some people *THINK* they can "classify" others PC use patterns, or what THEY have seen as THEIR personal sample-set, as the "end-all/be all" ultimately comprehensive solution... lol, like the fool I am replying to here ("he has seen it all", yea, right, lol), sorry to "blow your mind" wannabe, but, others I have cited here show quite otherwise vs. your mere 'anecdotal b.s.' from YOUR "vast experience" only... apk

No, Kaminsky used an interesting technique to map the spread of the Sony rootkit - http://www.securityfocus.com/news/11369

Saying "he also did research regarding the Sony rootkit" is entirely accurate.

This requires creating very specific timing conditions using SMTP connection layer commands and delivering specific email payload. Someone with specific network programming skills would be required to create a successful exploit.

My reading of this is that it took a specific email and an active attack at the same time. The Exchange vulnerability only requires specifically crafted messages.

It is true - the GP said they used BSD licensed code and the source you cite agrees:

Keep in mind there is no reason to rewrite that code. If your ftp client works fine (no comments from the peanut gallery!) then why change it? Microsoft has other fish to fry. And the software was licensed perfectly legally, since the inclusion of the copyright notice satisfied the BSD license.

Furthermore, I think the GP was thinking of the BSD licensed zlib. This library had a security issue several years back. Linux / BSD / etc were patched almost immediately (just update a single library), but MS products, including DirectX, FrontPage, Internet Explorer, Office, Visual Studio, Messenger and the Windows InstallShield program, were not patched as quickly.

Use a secure php config file - see http://www.securityfocus.com/infocus/1706

Looking for protected images is one of the ways that can be used to determine if the user is viewing the website; however there is another way apparently.

As you can see IE, Firefox, Safari & Chrome are all included on the vulnerable list.

NoScript will (as usual) keep you protected however.

Care to explain how a rootkit could be considered anything but malware?

If they do nothing else, they compromise the security of a system.

Sometimes that's desirable.

TL,DR: People were deliberately loading the rootkits from Sony cds into their computers to get around WoW's bot-checks.

Catch-22

Catch-22 is a sort of senseless, cruel, and idiotic unspoken rule.... that you have to be insane to fly a bombing mission, which means that you should be grounded (not allowed to fly a mission), but if you don't want to fly, that clearly proves that you are sane and must fly the missions.

Describing the meaning of the phrase "Catch-22".

Yeah, this is going to be long ...

I find myself (and a very few others) in a position similar to Cliff Stoll in his book:

"The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage"

http://en.wikipedia.org/wiki/Clifford_Stoll

Certified anomalies permeating the net of a hardware based logic bomb / trojan.
This is cross-platform simply because "hardware trumps root".

I have dealt with this since 1997 and have contacted through a Lawyer all the channels one would contact.
This is not your "normal" beast.

I don't require an answer here, from Representative Jim Langevin, in this forum, a contact below is provided.
This requires attention.

Required reading:
Reflections on Trusting Trust
Ken Thompson

http://portal.acm.org/citation.cfm?id=358198.358210&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

Companion:

http://portal.acm.org/citation.cfm?id=777313.777347&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

This is a good a place to start as any.
Nancy has named it:

Subversion:

Nancy's Story: (expired site certificate)
(2005-present)

https://tagmeme.com/exmachina/a/002450.html

Same situation:

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

It took me years to find anyone that was aware as some of these folks.
This is highly sophisticated, prevalent and dangerous.

I am a Systems Administrator working in the western United States.

hylas [AT] operamail {DOT} com

Catch-22

Catch-22 is a sort of senseless, cruel, and idiotic unspoken rule.... that you have to be insane to fly a bombing mission, which means that you should be grounded (not allowed to fly a mission), but if you don't want to fly, that clearly proves that you are sane and must fly the missions.

Describing the meaning of the phrase "Catch-22".

Yeah, this is going to be long ...

I find myself (and a very few others) in a position similar to Cliff Stoll in his book:

"The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage"

http://en.wikipedia.org/wiki/Clifford_Stoll

Certified anomalies permeating the net of a hardware based logic bomb / trojan.
This is cross-platform simply because "hardware trumps root".

I have dealt with this since 1997 and have contacted through a Lawyer all the channels one would contact.
This is not your "normal" beast.

I don't require an answer here, from Representative Jim Langevin, in this forum, a contact below is provided.
This requires attention.

Required reading:
Reflections on Trusting Trust
Ken Thompson

http://portal.acm.org/citation.cfm?id=358198.358210&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

Companion:

http://portal.acm.org/citation.cfm?id=777313.777347&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

This is a good a place to start as any.
Nancy has named it:

Subversion:

Nancy's Story: (expired site certificate)
(2005-present)

https://tagmeme.com/exmachina/a/002450.html

Same situation:

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

It took me years to find anyone that was aware as some of these folks.
This is highly sophisticated, prevalent and dangerous.

I am a Systems Administrator working in the western United States.

hylas [AT] operamail {DOT} com

Catch-22

Catch-22 is a sort of senseless, cruel, and idiotic unspoken rule.... that you have to be insane to fly a bombing mission, which means that you should be grounded (not allowed to fly a mission), but if you don't want to fly, that clearly proves that you are sane and must fly the missions.

Describing the meaning of the phrase "Catch-22".

Yeah, this is going to be long ...

I find myself (and a very few others) in a position similar to Cliff Stoll in his book:

"The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage"

http://en.wikipedia.org/wiki/Clifford_Stoll

Certified anomalies permeating the net of a hardware based logic bomb / trojan.
This is cross-platform simply because "hardware trumps root".

I have dealt with this since 1997 and have contacted through a Lawyer all the channels one would contact.
This is not your "normal" beast.

I don't require an answer here, from Representative Jim Langevin, in this forum, a contact below is provided.
This requires attention.

Required reading:
Reflections on Trusting Trust
Ken Thompson

http://portal.acm.org/citation.cfm?id=358198.358210&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

Companion:

http://portal.acm.org/citation.cfm?id=777313.777347&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

This is a good a place to start as any.
Nancy has named it:

Subversion:

Nancy's Story: (expired site certificate)
(2005-present)

https://tagmeme.com/exmachina/a/002450.html

Same situation:

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

It took me years to find anyone that was aware as some of these folks.
This is highly sophisticated, prevalent and dangerous.

I am a Systems Administrator working in the western United States.

hylas [AT] operamail {DOT} com

Catch-22

Catch-22 is a sort of senseless, cruel, and idiotic unspoken rule.... that you have to be insane to fly a bombing mission, which means that you should be grounded (not allowed to fly a mission), but if you don't want to fly, that clearly proves that you are sane and must fly the missions.

Describing the meaning of the phrase "Catch-22".

Yeah, this is going to be long ...

I find myself (and a very few others) in a position similar to Cliff Stoll in his book:

"The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage"

http://en.wikipedia.org/wiki/Clifford_Stoll

Certified anomalies permeating the net of a hardware based logic bomb / trojan.
This is cross-platform simply because "hardware trumps root".

I have dealt with this since 1997 and have contacted through a Lawyer all the channels one would contact.
This is not your "normal" beast.

I don't require an answer here, from Representative Jim Langevin, in this forum, a contact below is provided.
This requires attention.

Required reading:
Reflections on Trusting Trust
Ken Thompson

http://portal.acm.org/citation.cfm?id=358198.358210&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

Companion:

http://portal.acm.org/citation.cfm?id=777313.777347&coll=ACM&dl=ACM&CFID=14389570&CFTOKEN=96928429

This is a good a place to start as any.
Nancy has named it:

Subversion:

Nancy's Story: (expired site certificate)
(2005-present)

https://tagmeme.com/exmachina/a/002450.html

Same situation:

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

It took me years to find anyone that was aware as some of these folks.
This is highly sophisticated, prevalent and dangerous.

I am a Systems Administrator working in the western United States.

hylas [AT] operamail {DOT} com

When you're running everything as root, everything can be exploitable. And it looks like this is a character set or file format converter, which is considerably more than simple typing and copy/paste (the extend.) From the Security Focus page (disucssion tab), it looks like it could be a buffer overflow ("prone to a remote code-execution vulnerability because of...corrupted memory.")

The info page shows that it does indeed affect Server 2003, one of the more populat versions out there, as noted by another comment