Windows/NetBIOS pop-up Spam:

bofus writes "This article from Wired News presents a new way to deliver unsolicited advertising content - the MS Windows Messenger service. It appears that the client software hasn't been widely distributed yet, but it's probably only a matter of time before a free clone is circulating. This method could become the delivery method of choice for all kinds of unsolicited junk, given the number of unsecured PCs out there. On the flip side, if you run a relatively secured machine and have some sort of firewall, this probably shouldn't concern you."

Just to point out the obvious...

[Dankling]

What kind of person would read and post on /. without having a secure computer with a firewall. it pretty much comes with the title of nerd to have a secure computer.

Even better fix..

[gatekeep]

Firewall your damned machine! Allow in only what you need to allow in, or responses to requests sent outbound. Not only will it protect against this, but all the other crap people will figure out in the future as well.

Good.

[forged]

Every exploit eventually produces a patch (or make people aware) to make the default OS settings a bit less brain-dead stupid open. People actually connect to the Internet these days.

Re:Does anyone here actually understand TCP/IP?

[AKnightCowboy]

You are forced to block both TCP and UDP for any given port number. Because of this, you end up blocking more than is required.

And the problem with this is what exactly? Your firewall should block everything unless you specifically exempt it. Only people living in 1994 are still trying to play the "I'll just block dangerous ports" whack-a-mole game with their firewalls. Any el-cheapo home Linksys box will block all inbound connections by default. There isn't any reason to be using NetBIOS across the Internet period. It's a horribly insecure protocol that was never designed to be used across a WAN. Keep it on the intranet where it is meant to be used.

Not to mention sniffing keystrokes

[upper]

If someone can throw windows up on your X server, they can do worse than that. They can grab a screenshot (with xwd -root) or sniff keystrokes with xkey or xspy. Nothing shows up on your screen at all.

Anyone running with xhost access control is asking for trouble. If you're security conscious, tunnel your X session over ssh.

People are reading part of the article wrong...

[michrech]

I've seen several posts now where the following text is read wrong (either by reading to fast, or skimming, or something). Figgered I'd clear up the confusion...

Zoltan Kovacs, founder of DirectAdvertiser.com, said the company has sold about 200 copies of the program since launching two months ago. According to Kovacs, the software is ideal for advertising 900-number and other telephone services.

"I have customers who call me back and tell me they love it and it generates hundreds of calls right away," said Kovacs, who noted that Direct Advertiser is a good alternative to bulk e-mail because its messages are not regulated by spam laws.

The above doesn't mean that Joe User, sitting at his desk receiving all the spam via this new method, is calling and saying how they love it -- as several posts have noted. It means that Joe Spammer, the lowest form of life on earth, is calling and saying how they love the 'product' that directadvertiser.com is selling. World of difference there.

Re:Moron

[Nerull]

I think he was refering to the fact that a new window would (i havn't tried, but most other programs do it, so....) send SC to the background, and generally annoy the hell out of other players, as well as distracting them while you march in and rush their base(s).

Re:Why Windows users use firewalls

[radish]

What the hell are you talking about? The only point of a personal firewall is to prevent outside users from contacting servers on the computer. If your servers don't have holes, you don't have any problem.


OK a few points here. (1) personal firealls are good for lots of things, personally I use one to stop applications connecting OUT not IN (i.e. stopping apps "phoning home". Show me how to do that without a firewall please. Sure if you're running only O/S apps and have personally inspected the code of all of them to look for ring backs then you're fine. I run windows on several boxes, and that isn't possible. (2) It's better to be safe than sorry. My linux router/server does have a firewall, but it's services are also tightened up nicely. Why not use both? We've seen issues recently where trojanised apps open sockets during the install process, or later on, without people expecting it. With my firewall in place I really don't have to worry about that, sure my weekly scans will find any unexpected open sockets but the firewall will have blocked hem long before that.

I'd say that someone relying on a firewall for his security is a lot fucking worse off than someone with solid servers and no firewall in place, because all a firewall is going to let you do is filter the packets based on IP. Spoof an IP and hit something that can be affected with a small amount of data or manage to take control of a machine on the local network, and your "high security" system is toast. It's like the r-services with IP-based trust all over again.


And a fundamental misunderstanding of firewalls like that doesn't make you look smart. My firewall (for instance) will allow ftp access to the server from the internal net, but not from the external one. Is it IP based? partly. Could you spoof it? Of course not. Sure you can make your packet look like it's coming from 192.168.0.5 but how the hell do you make it look like it's coming from eth1 not eth0? Routers use IP based stuff, a secure firewall does as much as possible based purely on interface.