202/8 and 203/8 covers a lot of Class C networks in Australia. Is this just going to be a block at your mail server ?? or are you going to can all access at your router..
I have not looked at the code, but I can have a guess about why the virus now implements it's own SMTP outbound capability.
The virus works off the concept that the "infected" system has a means to send messages directly to the "internet". Ie. can connect to any mail server that exists and send mail on port 25.
As complex as this sounds... we are comparing the need to perform DNS MX lookups and implement your own SMTP transmission code, verses simply calling the Outlook API to send a message.
There is a reason why the virus writer decided to do this and that is to prevent patched Outlook systems from displaying a dialog box to the user to explain that a program "other than outlook" is attempting to use outlook to send mail. This is a little tidbit that Microsoft introduced recently.
However the virus assumes that all infected computers are not behind a network that implements draconian limitations on how their users can use the mail system (specific Mail gateway, no "default route" pointing at Firewall/external router). Once the virus is inside a network such as that, it probably won't be able to easily get out.
The end result is that the virus is limited to the home user base to a large extent.
I remember watching an article on Television about 12 years ago about the amount of effort it took to program/teach robots in factories how to operate within their envionment. Back then imaging for computers was very primative, and has probably evolved a lot since then.
As the presenter put it "take a pair of sunglasses, smear them with light machine oil, put on the sunglasses, put on thick gloves, and then use a pair of chopsticks (alone) to try and pick something up". It was not clear at the time if they were using anything steroscopic or not. However it was shown that video inputs for the computers were from multiple angles.
One of the robots (an arm) that was under-development was made for use in a car factory to perform point spot welding. One of these things could easily punch a hole through the side of a car, so distance measurement was important at that time.
How much this has progressed since is unknown (to me at least). However the technology featured was specific and not necessarily within the price range that someone can just grab off the shelf.
Hopefully this imaging technology will give someone who wants to make their own robot a head start (somewhere). However I would rather stay away from it if it has any of the "capacity" of the robot in the Television article that I saw.
I was watching the messages on bugtraq about this one. The exploit is certainly visable with Ie5.5 and Ie6.0. However I seem to recall at least on post where someone said that they tried this against Ie5.0 and could not replicate the intended results.
This does not mean that the "flaw" does not exist for Ie5.0, because the method of exploiting the "flaw" had to be changed slightly between exploiting Ie5.5 and Ie6.0 as it was.
It just means that Ie5.0 is not considered to be important anymore.
This is a nightmare for any SysAdmin who has to maintain hundreds of computers running this software (lucky me I only maintain an office of 20 computers). Ie5.0 was unsupported only recently, so there are a number of computers in my office that have been patched up to Ie5.0 sp2 as well as a small number that have Ie5.5 sp2 loaded.
It looks as if I will be doing another round of upgrades on Monday morning. Hopefully we will know of some of the dangerous side effects of this hotfix by then!!!!.
This sounds like a good idea, however you still need to take a "full backup" every now and then.
One of the easiest ways to do an "incremental" backup is to use the "archive" bit marked on the files in the file system. This makes the task easy, as you only have to copy the files with this bit set, and then clear the archive bit on the file that you have just copied. It is via this method that many backup products actually worked.
I have also seen some backup solutions not clear the "archive" bit so that the only restorations that you need to do are the "full" backup and the latest "incremental" (although would it still be called an "incremental" backup then).
The importance of performing a regular "full" backup is apparent when you loose one of your incremental backups.
You would not want to live anywhere near the coast. Sometimes mould gathers on the magnetic surface of the floppy disk rendering it useless.
Also the idea of using a backup solution is that you can actually find a means to restore the data. 5 1/4" floppy drives are getting harder to find nowdays. 3 1/2" "stiffies" would take up more space.
The activity of beating people up because they are better than someone else at something is nothing really new. Soccer riots are usually between the fans, and don't involve the players (most of the time). The players are sometimes told to "not get excited" by sucessfully/unsucessfully pulling off "anything" on the field, because it will result in fighting in the stadium afterwards between the fans of the two teams.
This does not mean that players don't get caught up in activities that involve people being "professionally" killed afterwards. There was a case of one goal keeper being "eliminated" after accidentally scoring a goal for the other side in a soccer match.
In the Korean on-line case, people have been bashed and killed due to the results of the on-line game. The people who run the game servers had to implement security measures such as fingerprint locks and regular auditing to prevent their own personnel from accessing the game servers and altering the game after accepting bribes from players.
In both the soccer match and on-line games above, there was always prestiege at stake more than anything else. There was probably money at stake as well (although it is not as possible in the case of the on-line game).
In a "game" such as that described in the original story posted, there is the potential gambling to take place.
The installation of Microsoft SQL Server 7.0 does tell or force you to set a "sa" (SQL Administrator) password.
Howerver Microsoft did start to pick up on the fact that this is not a good practise until they put out service pack 3 for SQL server 7.0. You have to select a lot of things to tell the system to not set a "sa" password if one does not already exist. If you tell the system to not use a "sa" password, then it will set the default on changing the security authentication to NOT use SQL authentication, but the builtin authentication of the NT/2000 OS instead.
However the usage and installation of the SQL service packs are not as widespread as the ones of the OS, and I don't think that it is something that will be applied for you automatically via the Windows Update facility. So you actually have to go and download it and install it.
However if an Admin canot bother to eliminate access to their SQL database from the web, or set a "sa" password, then they are not even going to think about applying service packs.
According to one of my colleagues, it is now illegal (in Australia) to develop web sites for public access that are not accessible by the blind. A Federal Law came about as a result of this little incident. Applying this law to how HTML is constructed means that to layout a page it is necessary to use DIV tags now instead of tables (probably for specific image breakdowns etc). This is because using the table method may look ok to people who have no real problem with their eyesight, but from the "blind browser" perspective it is near impossible to workout what is going on.
Because it is a law by which people can actually be prosecuted (in Australia). Some web sites have now updated their content to use the DIV tags now. The side effect is that whilst these sites had some ability to work in the older browsers before, they absolutely no chance now. I don't think that you can really be prosecuted under the law if the questionable pages were in existence before it came into effect, resulting in some sites that use DIVs for the newer pages, and tables for the old ones (that are not updated).
There is a more descriptive article within Australia about this [abc.net.au].
The Fire Ants that have shown up appear to be from two different parts of the world. What makes this article stand out is that it shows how the authorities in Queensland are planning on dealing with the problem. Also it shows the reports of how the Fire Ants have affected the lives of some people already. It is possible that the BBC ariticle was based upon some of the sources that were used to produce this one.
Personally I hope that they reduce this problem to an "acceptable" level. Given that erradication is going to be near impossible. Queensland already has problems with "cane toads", which were originally indtroduced to deal with something else (it was a plant from memory). All 3 levels of Government (local, state, federal) are fully aware of that mistake and the affect it has made.
Slashdot Mirror
Ahem..
202/8 and 203/8 covers a lot of Class C networks in Australia. Is this just going to be a block at your mail server ?? or are you going to can all access at your router..
The virus works off the concept that the "infected" system has a means to send messages directly to the "internet". Ie. can connect to any mail server that exists and send mail on port 25.
As complex as this sounds... we are comparing the need to perform DNS MX lookups and implement your own SMTP transmission code, verses simply calling the Outlook API to send a message.
There is a reason why the virus writer decided to do this and that is to prevent patched Outlook systems from displaying a dialog box to the user to explain that a program "other than outlook" is attempting to use outlook to send mail. This is a little tidbit that Microsoft introduced recently.
However the virus assumes that all infected computers are not behind a network that implements draconian limitations on how their users can use the mail system (specific Mail gateway, no "default route" pointing at Firewall/external router). Once the virus is inside a network such as that, it probably won't be able to easily get out.
The end result is that the virus is limited to the home user base to a large extent.
As the presenter put it "take a pair of sunglasses, smear them with light machine oil, put on the sunglasses, put on thick gloves, and then use a pair of chopsticks (alone) to try and pick something up". It was not clear at the time if they were using anything steroscopic or not. However it was shown that video inputs for the computers were from multiple angles.
One of the robots (an arm) that was under-development was made for use in a car factory to perform point spot welding. One of these things could easily punch a hole through the side of a car, so distance measurement was important at that time.
How much this has progressed since is unknown (to me at least). However the technology featured was specific and not necessarily within the price range that someone can just grab off the shelf.
Hopefully this imaging technology will give someone who wants to make their own robot a head start (somewhere). However I would rather stay away from it if it has any of the "capacity" of the robot in the Television article that I saw.
This does not mean that the "flaw" does not exist for Ie5.0, because the method of exploiting the "flaw" had to be changed slightly between exploiting Ie5.5 and Ie6.0 as it was.
It just means that Ie5.0 is not considered to be important anymore.
This is a nightmare for any SysAdmin who has to maintain hundreds of computers running this software (lucky me I only maintain an office of 20 computers). Ie5.0 was unsupported only recently, so there are a number of computers in my office that have been patched up to Ie5.0 sp2 as well as a small number that have Ie5.5 sp2 loaded.
It looks as if I will be doing another round of upgrades on Monday morning. Hopefully we will know of some of the dangerous side effects of this hotfix by then!!!!.
One of the easiest ways to do an "incremental" backup is to use the "archive" bit marked on the files in the file system. This makes the task easy, as you only have to copy the files with this bit set, and then clear the archive bit on the file that you have just copied. It is via this method that many backup products actually worked.
I have also seen some backup solutions not clear the "archive" bit so that the only restorations that you need to do are the "full" backup and the latest "incremental" (although would it still be called an "incremental" backup then).
The importance of performing a regular "full" backup is apparent when you loose one of your incremental backups.
Also the idea of using a backup solution is that you can actually find a means to restore the data. 5 1/4" floppy drives are getting harder to find nowdays. 3 1/2" "stiffies" would take up more space.
This does not mean that players don't get caught up in activities that involve people being "professionally" killed afterwards. There was a case of one goal keeper being "eliminated" after accidentally scoring a goal for the other side in a soccer match.
In the Korean on-line case, people have been bashed and killed due to the results of the on-line game. The people who run the game servers had to implement security measures such as fingerprint locks and regular auditing to prevent their own personnel from accessing the game servers and altering the game after accepting bribes from players.
In both the soccer match and on-line games above, there was always prestiege at stake more than anything else. There was probably money at stake as well (although it is not as possible in the case of the on-line game).
In a "game" such as that described in the original story posted, there is the potential gambling to take place.
Resulting in gangs visiting people in Internet Cafes to beat them up. Only because a member of the gang was beaten in an online game.
Howerver Microsoft did start to pick up on the fact that this is not a good practise until they put out service pack 3 for SQL server 7.0. You have to select a lot of things to tell the system to not set a "sa" password if one does not already exist. If you tell the system to not use a "sa" password, then it will set the default on changing the security authentication to NOT use SQL authentication, but the builtin authentication of the NT/2000 OS instead.
However the usage and installation of the SQL service packs are not as widespread as the ones of the OS, and I don't think that it is something that will be applied for you automatically via the Windows Update facility. So you actually have to go and download it and install it.
However if an Admin canot bother to eliminate access to their SQL database from the web, or set a "sa" password, then they are not even going to think about applying service packs.
Because it is a law by which people can actually be prosecuted (in Australia). Some web sites have now updated their content to use the DIV tags now. The side effect is that whilst these sites had some ability to work in the older browsers before, they absolutely no chance now. I don't think that you can really be prosecuted under the law if the questionable pages were in existence before it came into effect, resulting in some sites that use DIVs for the newer pages, and tables for the old ones (that are not updated).
This law only applies to sites in Australia.
The Fire Ants that have shown up appear to be from two different parts of the world. What makes this article stand out is that it shows how the authorities in Queensland are planning on dealing with the problem. Also it shows the reports of how the Fire Ants have affected the lives of some people already. It is possible that the BBC ariticle was based upon some of the sources that were used to produce this one.
Personally I hope that they reduce this problem to an "acceptable" level. Given that erradication is going to be near impossible. Queensland already has problems with "cane toads", which were originally indtroduced to deal with something else (it was a plant from memory). All 3 levels of Government (local, state, federal) are fully aware of that mistake and the affect it has made.