I can't believe I still subscribe to slashdot RSS feeds. All I get is crap like this and stories that I saw two days ago on other sites. Talk about going down hill...
We looked at deploying DirectAccess, but after months of talks and discussions with Microsoft, they finally came out and told us that it wouldn't work unless we rolled out IPV6 (and pushed other MS services (CA, DC) externally). We passed. We decided to stick with SSL VPN for most and Cisco AnyConnect client for our Win7 64 bit rollouts. Maybe next time, Microsoft?
I'm not totally against jamming as long as it is clearly stated upon entering a facility that jamming is taking place. Not making such information available could cost lives.
Also found Infostealer CbEvtSvc.exe in System32 directory, so you have to kill this and delete as well.
You also need to remove a registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\[random name from above] (for machines infected with XP Antivirus 2008).
Also, you need to ask the user who actually clicked on the message to get the machine infected to to run these commands then have them reboot (basically resets display preference tabs, disables active desktop (what was Microsoft thinking; but what a great way to load BHO's at login)):
Solution to unintelligent users was to block all downloads of "get_flash_update.exe" on our proxy server.
Removal process was fairly trivial; All processes/files were > 10 chars randomized like a362b462da6.exe/scr. Processes were easily killable and removable without having to do anything fancy like boot off a Linux CD.
The only things we found that it installed was XP AntiVirus 2008 under C:\program files\[random > 10 digit name]. Again, fairly easy to remove.
Another day, another spam mail getting through our crappy anti-spam service.
I'm also very satisfied with the service, but I'm not satisfied with their innovation. I've been a customer for 3 years since June and not once have they introduced a new feature. They said that e911 was going to be here last fall - it's still not here. I'm looking at moving to ViaTalk (their features rock, they have good reviews, and they even have a demo control panel so you can check out their features that blow the pants off of Vonage). As soon as Vonage lets me know if I can port my number, I'll be saying bye.
You're thinking of Cisco Security Agent, not Cisco Trust Agent. They are not the same, though CSA comes bundled with CTA. CTA is just the network access piece, it doesn't shim the OS to prevent infections like CSA.
IE only, no Mozilla/Firefox support. No support for anything other than Windows XP & Vista. Windows Media Player required.
Give me DRM-free movie downloads and you'll get my business. This will never happen until Apple decides to get rid of DRM, which would allow everyone else to follow suit. This may be a pipe dream, but until it happens, Amen for Bittorrent.
... Like Deutsche did for the VA Linux IPO. The money for the shares was required to be sent to them beforehand and be in the account prior to purchasing the IPO shares. I guess Vonage didn't have enough time to require this and preferred fast-tracking their IPO. Looks like the number of IPO shares sold looked a whole lot better on paper not requiring the money up front.
Give me another VA Linux IPO...
on
Vonage going IPO
·
· Score: 0
and I'll gladly opt-in once again. I was on the phone with Deutsche Bank during the VA IPO in order to execute my options. The lady told me that the execute price would be $30/share. She asked how many I wanted. We were given a max amount of 50 (?) shares, so I was going to say 50, but she said that they had increased the alotment to 90 (again, could have been more/less as my memory and the money is gone). I was going to turn down 90 and stick with 50 but she said that the stock was already at $300. So I excuted my 90 options at $30 a share, then executed a sale of all shares and walked away. Uncle Sam loved me that year. I'd totally do it again if there was as much hype as there was back in the day. Something is telling me to stay away from this one.
Put a bunch of email addresses in the source file, and dest will be your clean list.
Scanning emails records in email addresses file... 100% file complete, 100% total complete
Success: addresses.txt: OK, processed 6 addresses, 3 protected addresses found Done. Output file clean.txt created (Scanned 6 records, found 3 protected addresses)
The files are easily diffed to expose the registered addresses. Also remember that bluesecurity allows users to register a full domain to be protected. It will allow every address within the domain to be excluded (or in the spammers case, included if they are doing a diff).
Publicity is exactly what a situation like this needs, so I'm glad Slashdot finally picked up on it. Hopefully those of you who don't use Bluesecurity will decide to join in (when the DDoS stops), and for the folks that do use it continue to do so. The fact that the Spammers have recognized Bluesecurity obviously means that it is working. Hopefully things will work out in the end...
Wow, does this guy think he's 1337 or what. If this had been on my network, this guy's office would be in a box in the back of his car. He should consider himself lucky if he isn't fired. We had people like this when I worked at a university who always thought they were above the law and never had to comply with the rules. They are always the ones that end up leaving the university for some pie-in-the-sky position somewhere else, then seem to fall even harder when they violate non-university policy (since we all know corporate world is a bit different than education). Hopefully the lesson has been learned.
The FortiGate(TM) Enterprise Series, which includes the FortiGate-300A, 400, 400A, 500, 500A, and 800 Antivirus Firewall models, meets enterprise-class requirement for performance, availability and reliability. They include all of the key capabilities provided by other FortiGate models, with integrated, real-time antivirus, firewall, VPN, network intrusion detection and prevention, and traffic-shaping services. With throughputs up to 1Gbps, high-availability features including automatic failover with no session loss, and multi-zone capabilities, units in the FortiGate Enterprise Series are the choice for mission critical applications.
A Real Estate company has to have money to spend on security, right?
So I wrote my own password storage program. Written in Perl; uses AES encryption. Setup a few aliases "getpass" and "addpass" and you've got password management. Simple, yet effective.
Slashdot Mirror
I can't believe I still subscribe to slashdot RSS feeds. All I get is crap like this and stories that I saw two days ago on other sites. Talk about going down hill...
We looked at deploying DirectAccess, but after months of talks and discussions with Microsoft, they finally came out and told us that it wouldn't work unless we rolled out IPV6 (and pushed other MS services (CA, DC) externally). We passed. We decided to stick with SSL VPN for most and Cisco AnyConnect client for our Win7 64 bit rollouts. Maybe next time, Microsoft?
Mod parent up. Rsync with brains. Unison is the key.
Eitherway, it's a better buzzword than crowdsourcing.
until you jam the signal of a doctor on-call.
I'm not totally against jamming as long as it is clearly stated upon entering a facility that jamming is taking place. Not making such information available could cost lives.
For those that care for more information,
Also found Infostealer CbEvtSvc.exe in System32 directory, so you have to kill this and delete as well.
You also need to remove a registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\[random name from above] (for machines infected with XP Antivirus 2008).
Also, you need to ask the user who actually clicked on the message to get the machine infected to to run these commands then have them reboot (basically resets display preference tabs, disables active desktop (what was Microsoft thinking; but what a great way to load BHO's at login)):
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v NoDispBackgroundPage /t REG_DWORD /d 0 /v NoDispScrSavPage /t REG_DWORD /d 0 /v NoDispSettingsPage /t REG_DWORD /d 0 /v NoChangingWallPaper /t REG_DWORD /d 0 /v NoActiveDesktop /t REG_DWORD /d 0
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System"
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System"
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
Hopefully some of my sample submissions made it to your vendors by today...
HTH,
Bubba
Solution to unintelligent users was to block all downloads of "get_flash_update.exe" on our proxy server.
Removal process was fairly trivial; All processes/files were > 10 chars randomized like a362b462da6.exe/scr. Processes were easily killable and removable without having to do anything fancy like boot off a Linux CD.
The only things we found that it installed was XP AntiVirus 2008 under C:\program files\[random > 10 digit name]. Again, fairly easy to remove.
Another day, another spam mail getting through our crappy anti-spam service.
surbey sez know.
I'm also very satisfied with the service, but I'm not satisfied with their innovation. I've been a customer for 3 years since June and not once have they introduced a new feature. They said that e911 was going to be here last fall - it's still not here. I'm looking at moving to ViaTalk (their features rock, they have good reviews, and they even have a demo control panel so you can check out their features that blow the pants off of Vonage). As soon as Vonage lets me know if I can port my number, I'll be saying bye.
You're thinking of Cisco Security Agent, not Cisco Trust Agent. They are not the same, though CSA comes bundled with CTA. CTA is just the network access piece, it doesn't shim the OS to prevent infections like CSA.
IE only, no Mozilla/Firefox support.
No support for anything other than Windows XP & Vista.
Windows Media Player required.
Give me DRM-free movie downloads and you'll get my business. This will never happen until Apple decides to get rid of DRM, which would allow everyone else to follow suit. This may be a pipe dream, but until it happens, Amen for Bittorrent.
You don't need to use rulesdujor for the sare rules. Daryl O'Shea has setup mirror channels for them all: http://daryl.dostech.ca/sa-update/sare/sare-sa-upd ate-howto.txt
You can simply add the required rules to your regular channel update file and get all the updates with one run of sa-update.
... Like Deutsche did for the VA Linux IPO. The money for the shares was required to be sent to them beforehand and be in the account prior to purchasing the IPO shares. I guess Vonage didn't have enough time to require this and preferred fast-tracking their IPO. Looks like the number of IPO shares sold looked a whole lot better on paper not requiring the money up front.
and I'll gladly opt-in once again. I was on the phone with Deutsche Bank during the VA IPO in order to execute my options. The lady told me that the execute price would be $30/share. She asked how many I wanted. We were given a max amount of 50 (?) shares, so I was going to say 50, but she said that they had increased the alotment to 90 (again, could have been more/less as my memory and the money is gone). I was going to turn down 90 and stick with 50 but she said that the stock was already at $300. So I excuted my 90 options at $30 a share, then executed a sale of all shares and walked away. Uncle Sam loved me that year. I'd totally do it again if there was as much hype as there was back in the day. Something is telling me to stay away from this one.
http://sourceforge.net/project/showfiles.php?group _id=153754
Yep, you can download the tool yourself and try it: http://download.bluesecurity.com/registry/linux/rc t-1.3.3.1041.i386.tar.gz
rct --use-wget
Put a bunch of email addresses in the source file, and dest will be your clean list.
Scanning emails records in email addresses file...
100% file complete, 100% total complete
Success:
addresses.txt: OK, processed 6 addresses, 3 protected addresses found
Done.
Output file clean.txt created (Scanned 6 records, found 3 protected addresses)
The files are easily diffed to expose the registered addresses. Also remember that bluesecurity allows users to register a full domain to be protected. It will allow every address within the domain to be excluded (or in the spammers case, included if they are doing a diff).
Publicity is exactly what a situation like this needs, so I'm glad Slashdot finally picked up on it. Hopefully those of you who don't use Bluesecurity will decide to join in (when the DDoS stops), and for the folks that do use it continue to do so. The fact that the Spammers have recognized Bluesecurity obviously means that it is working. Hopefully things will work out in the end...
Wow, does this guy think he's 1337 or what. If this had been on my network, this guy's office would be in a box in the back of his car. He should consider himself lucky if he isn't fired. We had people like this when I worked at a university who always thought they were above the law and never had to comply with the rules. They are always the ones that end up leaving the university for some pie-in-the-sky position somewhere else, then seem to fall even harder when they violate non-university policy (since we all know corporate world is a bit different than education). Hopefully the lesson has been learned.
http://www.fortinet.com/
The FortiGate(TM) Enterprise Series, which includes the FortiGate-300A, 400, 400A, 500, 500A, and 800 Antivirus Firewall models, meets enterprise-class requirement for performance, availability and reliability. They include all of the key capabilities provided by other FortiGate models, with integrated, real-time antivirus, firewall, VPN, network intrusion detection and prevention, and traffic-shaping services. With throughputs up to 1Gbps, high-availability features including automatic failover with no session loss, and multi-zone capabilities, units in the FortiGate Enterprise Series are the choice for mission critical applications.
A Real Estate company has to have money to spend on security, right?
IMAP.
SAS does. Actually, all employees have offices. All 10,000 of them.
Welcome to last week! It's not even the top item on Google's blog anymore: http://googleblog.blogspot.com/
So I wrote my own password storage program. Written in Perl; uses AES encryption. Setup a few aliases "getpass" and "addpass" and you've got password management. Simple, yet effective.
http://bubba.org/fcrypt
as a door stop.
Gundeep Hora thinks, I wonder what Uriah Heep thinks.