> Can you actually write a shell script that takes control of the system?
Yes, but you cannot get the user to execute it accidentally. For KMail users, the instructions are:
1. Right-click on the attachment 2. Click "Open With" 3. Type "/bin/sh" (without the quotes) 4. Click OK.
I have actually used this in the past, to run a "diagnostics" script on a customer's machine. I wanted to run various commands and have the results emailed back to me. The above method let me do that.
However, if the user simply clicks on the shell script, like any other attachment, then the user just sees the text in the script. To get round the lack of execute permission, you must tell the user how to execute it. This means asking the user to follow an off-putting sequence of scary instructions.
Furthermore, the shell script only runs with the user's permissions. The way to overcome that would be to know or guess the root password, unless the user is already root. Another possibility would be to find a buffer overflow in KMail which would allow the shell script to auto-run. However, no such vulnerability exists, as far as I know, in KMail.
Therefore, an email virus for the Linux platform is possible, but it will only work on those users brave enough to follow instructions that they probably don't understand. In other words, I believe the following statement is true now and will hold true in the future:
"To screw up Linux, you have to work at it. To screw up Windows, you just have to use it."
Very interesting, thanks for the correction. In Steve Gibson's tool, if all is well it says, "This System's TCP/IP Port 135 Is Closed". Next time I will mention that, too.
> If any of you put winxp on a machine (even with > the firewall in xp enabled) that wasn't behind > NAT/firewall it will get blaster/wachi/nachi > in 10 minutes. There's litterally nothing you > can do.
Ender, just switch off the "Windows DCOM" service. The "Windows DCOM" service is the thing that lets Blaster/Wachi/Nachi in. Turn off "Windows DCOM" and the machine won't be affected. Download Steve Gibson's "Windows DCOM Switch Off Tool" from:
http://www.grc.com/dcom/
While you're at it, also turn off "Windows Messenger Service" and "Universal Plug and Play Service". This stops future worms that target those services.
This article (South Asia Tribune) explains some of the motivation for 9/11, and possible future attacks. According to the article, the US has:
- Oppressed Palestinians by giving US$5bn per year to Sharon / Israel - Failed to rebuild Afghanistan after helping to destroy it twice - Spoken the language of Bin Laden (good vs evil, force as the method of choice) - Supported dictatorial regimes in Phillipines, Indonesia and Algeria, all countries with significant Muslim populations, while singling out Iraq - Acted with trumphalism - Lacked respect for international law - Bombed civilians such as the Afghanistan wedding party.
The writer of the article believes the above does NOT justify 9/11, although he says he knows some people that do. Here is the link:
Were We Too Hijacked On 9/11? http://www.satribune.com/archives/sep09_15_ 02/opin ion_pervezhoodbhoy.htm
> I get an ELF executable in an email, I have to save it to disk, open a terminal, chmod +x it and then type in its name.
Man, you are making way more effort than you need. Simply right-click on the email attachment, choose "Open With", type "sh" (without the quotes) and hit Enter. Works great with ELF executables and shell scripts. Works with Perl scripts too as long as the hash-bang points to the right place.
I think Microsoft's plan to disable username:password in URLs is good.
Tim Berners-Lee helped write RFC 1738 in December 1994. Being able to put username and password in a URL was great in 1994 but it's not for today's world. If we could nip back and tell Tim, "that's a tiny bit exploitable, you know", he would have said "Oh yes, well spotted!" The whole RFC was written with security in mind. Username and password in the URL is optional anyway; all Microsoft is doing is making it very optional.:-)
Good point. If the unzip app running on Windows lets the user execute programs directly from within the archive then it's "Virus 1, Mozilla Mail 0". Thank you, well spotted.:-)
I'll add that to the list of caveats. A computer running Windows with Mozilla Mail is unfortunately still a computer running Windows...
I've found Mozilla Mail is great for stopping Windows email viruses. Not protecting people from them, but stopping them. I've written an article about it, "Avoiding Windows email viruses with Mozilla Mail". Would you like to have a look? I'd appreciate some feedback. The URL is:
A lot of people here have suggested Mozilla as a solution. That is a partial answer. But a proper solution has not been implemented yet in Mozilla. See Bugzilla bug 122445, "Spoof prevention: Warn if username/password in link (url) looks like a hostname". The bug has been outstanding for two years now and it's still not been fixed in Mozilla. There is a proposed patch planned to go into 1.7a.
For the full discussion see: http://bugzilla.mozilla.org/show_bug.cgi?id=122445
I tried that in PC World. I put in the Knoppix CD and restarted the computer. I was quite sure the sales people would pay no attention to me. But to my surprise within moments I was surrounded by curious sales people wondering what I was doing.
Then a security guy came along. He asked me what I was up to and if I had asked if I could do that. I sort of fumbled around for an answer, so I thought I'd better go. I left feeling a bit sheepish and behind me a member of staff said "Rebuild that".
Hey, January 16 is my birthday. Way to go Bill. Thanks for a great pressie.
Does this mean that new peripherals such as printers will not be compatible with Windows 98? I guess those that write printer drivers or suchlike need help from MS, or at least need the option to get help from MS.
> The only people I see with desktops infested > with bonzo and popups and spyware are retarded > IE sheep anyway.
One of my local computer suppliers puts IE (and no other browser) on his hand-built computers on purpose. He *wants* the customers to bring the machines back after 12 months, full of bonzo and popups and spyware. Then he gets extra money for doing a format and reload.
These customers are not retarded IE sheep. They're exploited victims who buy in good faith and find their innocence cynically used against them for private commercial gain.
Maybe the reason there is stuff like that still floating around in Windows is Bill helped to write it. If we could see the headers or main code of the Messenger Service, I bet there are comments by "Bill G" in there. Wherever Bill G has been, other developers fear to tread. Maybe that's the reason why they haven't done sensible things like disable access to the service from non-LAN interfaces. Anyone inside Microsoft care to confirm this?
Daniel Lyons Forbes.com 28 W. 23rd Street NY, NY 10010
Dear Daniel,
Re: Linux's Hit Men
I was very encouraged to read your article which I heard about on Slashdot (http://slashdot.org/). My conclusions are:
- Free Software is world class technically. - Free Software is strong enough to protect itself legally.
I believe this means Free Software has a wonderful and secure future. I am looking forward to it!
In your next article, please mention that the GPL requires release of source code only on redistribution. A company can do anything they like with Free Software internally. There is no need to release source code in that case.
Also, you forgot to mention that Linksys/Cisco made a mistake, they should have used the loadable kernel module mechanism if they wanted to run proprietary code within the Linux kernel. For example, Intel have done that with their 536EP line of internal modems. Intel have done it correctly and there is no problem. I have bought a lot of their pretty good, if semi-proprietary, modems as a result.
Slashdot Mirror
I found the treasure of Monkey Island and all I got was a lousy T-shirt.
> Can you actually write a shell script that takes control of the system?
Yes, but you cannot get the user to execute it accidentally. For KMail users, the instructions are:
1. Right-click on the attachment
2. Click "Open With"
3. Type "/bin/sh" (without the quotes)
4. Click OK.
I have actually used this in the past, to run a "diagnostics" script on a customer's machine. I wanted to run various commands and have the results emailed back to me. The above method let me do that.
However, if the user simply clicks on the shell script, like any other attachment, then the user just sees the text in the script. To get round the lack of execute permission, you must tell the user how to execute it. This means asking the user to follow an off-putting sequence of scary instructions.
Furthermore, the shell script only runs with the user's permissions. The way to overcome that would be to know or guess the root password, unless the user is already root. Another possibility would be to find a buffer overflow in KMail which would allow the shell script to auto-run. However, no such vulnerability exists, as far as I know, in KMail.
Therefore, an email virus for the Linux platform is possible, but it will only work on those users brave enough to follow instructions that they probably don't understand. In other words, I believe the following statement is true now and will hold true in the future:
"To screw up Linux, you have to work at it. To screw up Windows, you just have to use it."
Very interesting, thanks for the correction. In Steve Gibson's tool, if all is well it says, "This System's TCP/IP Port 135 Is Closed". Next time I will mention that, too.
> If any of you put winxp on a machine (even with
t tp://www.grc.com/UnPnP/UnPnP.htm
> the firewall in xp enabled) that wasn't behind
> NAT/firewall it will get blaster/wachi/nachi
> in 10 minutes. There's litterally nothing you
> can do.
Ender, just switch off the "Windows DCOM" service. The "Windows DCOM" service is the thing that lets Blaster/Wachi/Nachi in. Turn off "Windows DCOM" and the machine won't be affected. Download Steve Gibson's "Windows DCOM Switch Off Tool" from:
http://www.grc.com/dcom/
While you're at it, also turn off "Windows Messenger Service" and "Universal Plug and Play Service". This stops future worms that target those services.
http://www.grc.com/stm/ShootTheMessenger.htm
h
This article (South Asia Tribune) explains some of the motivation for 9/11, and possible future attacks. According to the article, the US has:
_ 02/opin ion_pervezhoodbhoy.htm
- Oppressed Palestinians by giving US$5bn per year to Sharon / Israel
- Failed to rebuild Afghanistan after helping to destroy it twice
- Spoken the language of Bin Laden (good vs evil, force as the method of choice)
- Supported dictatorial regimes in Phillipines, Indonesia and Algeria, all countries with significant Muslim populations, while singling out Iraq
- Acted with trumphalism
- Lacked respect for international law
- Bombed civilians such as the Afghanistan wedding party.
The writer of the article believes the above does NOT justify 9/11, although he says he knows some people that do. Here is the link:
Were We Too Hijacked On 9/11?
http://www.satribune.com/archives/sep09_15
You forgot the last one!
.. the machines
Man Against
>I don't see doctors making websites about what
p id_patient. htm
>idiots we are when we call them for medical advice.
Here's a page about stupid patients!
http://personal.coslink.net/kpezzi/stu
> I get an ELF executable in an email, I have to save it to disk, open a terminal, chmod +x it and then type in its name.
Man, you are making way more effort than you need. Simply right-click on the email attachment, choose "Open With", type "sh" (without the quotes) and hit Enter. Works great with ELF executables and shell scripts. Works with Perl scripts too as long as the hash-bang points to the right place.
Good point. It's about avoiding Windows viruses that come by email. No defence against the Blaster worm, floppy disk infectors, etc.
I have written a how-to about using Mozilla Mail to avoid Windows viruses. I hope it's useful, please have a look. I'd appreciate any feedback.
l a/
http://www.pjls16812.pwp.blueyonder.co.uk/mozil
I think Microsoft's plan to disable username:password in URLs is good.
:-)
Tim Berners-Lee helped write RFC 1738 in December 1994. Being able to put username and password in a URL was great in 1994 but it's not for today's world. If we could nip back and tell Tim, "that's a tiny bit exploitable, you know", he would have said "Oh yes, well spotted!" The whole RFC was written with security in mind. Username and password in the URL is optional anyway; all Microsoft is doing is making it very optional.
Good point. If the unzip app running on Windows lets the user execute programs directly from within the archive then it's "Virus 1, Mozilla Mail 0". Thank you, well spotted. :-)
I'll add that to the list of caveats. A computer running Windows with Mozilla Mail is unfortunately still a computer running Windows...
I've found Mozilla Mail is great for stopping Windows email viruses. Not protecting people from them, but stopping them. I've written an article about it, "Avoiding Windows email viruses with Mozilla Mail". Would you like to have a look? I'd appreciate some feedback. The URL is:
http://www.pjls16812.pwp.blueyonder.co.uk/
A lot of people here have suggested Mozilla as a solution. That is a partial answer. But a proper solution has not been implemented yet in Mozilla. See Bugzilla bug 122445, "Spoof prevention: Warn if username/password in link (url) looks like a hostname". The bug has been outstanding for two years now and it's still not been fixed in Mozilla. There is a proposed patch planned to go into 1.7a.
5
For the full discussion see: http://bugzilla.mozilla.org/show_bug.cgi?id=12244
It is a virus delivery mechanism.
I tried that in PC World. I put in the Knoppix CD and restarted the computer. I was quite sure the sales people would pay no attention to me. But to my surprise within moments I was surrounded by curious sales people wondering what I was doing.
Then a security guy came along. He asked me what I was up to and if I had asked if I could do that. I sort of fumbled around for an answer, so I thought I'd better go. I left feeling a bit sheepish and behind me a member of staff said "Rebuild that".
Hey, January 16 is my birthday. Way to go Bill. Thanks for a great pressie.
Does this mean that new peripherals such as printers will not be compatible with Windows 98? I guess those that write printer drivers or suchlike need help from MS, or at least need the option to get help from MS.
> The only people I see with desktops infested
> with bonzo and popups and spyware are retarded
> IE sheep anyway.
One of my local computer suppliers puts IE (and no other browser) on his hand-built computers on purpose. He *wants* the customers to bring the machines back after 12 months, full of bonzo and popups and spyware. Then he gets extra money for doing a format and reload.
These customers are not retarded IE sheep. They're exploited victims who buy in good faith and find their innocence cynically used against them for private commercial gain.
Maybe the reason there is stuff like that still floating around in Windows is Bill helped to write it. If we could see the headers or main code of the Messenger Service, I bet there are comments by "Bill G" in there. Wherever Bill G has been, other developers fear to tread. Maybe that's the reason why they haven't done sensible things like disable access to the service from non-LAN interfaces. Anyone inside Microsoft care to confirm this?
At least our dystopian future comes with a funky graphic logo to introduce itself.
In that case, it's like:
Stallman: How are you gentlemen?
PHB: Somebody set up us the bomb!
Stallman: All your source are belong to us.
Sent by paper-post:
Daniel Lyons
Forbes.com
28 W. 23rd Street
NY, NY 10010
Dear Daniel,
Re: Linux's Hit Men
I was very encouraged to read your article which I heard about on Slashdot (http://slashdot.org/).
My conclusions are:
- Free Software is world class technically.
- Free Software is strong enough to protect itself legally.
I believe this means Free Software has a wonderful and secure future. I am looking forward to it!
In your next article, please mention that the GPL requires release of source code only on redistribution. A company can do anything they like with Free Software internally. There is no need to release source code in that case.
Also, you forgot to mention that Linksys/Cisco made a mistake, they should have used the loadable kernel module mechanism if they wanted to run proprietary code within the Linux kernel. For example, Intel have done that with their 536EP line of internal modems. Intel have done it correctly and there is no problem. I have bought a lot of their pretty good, if semi-proprietary, modems as a result.
Yours sincerely,
Phil Jones
Director
Phil Jones Computers
The cracking/hacking underworld has its own full disclosure mechanism. Example: http://www.xfocus.org/
From the article: "Whatever OS becomes the most widely used will be attacked with the same frequency."
Not with the same success rate.
This story belongs in the category, "It's funny. Laugh."