Slashdot Mirror


User: YrWrstNtmr

YrWrstNtmr's activity in the archive.

Stories
0
Comments
5,357
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,357

  1. Re:Good bit of social engineering on Microsoft Mail Worms Gang War? · · Score: 1

    Yes, the damage is minimized to your home dir.

    But if I, as a 'friend' (or your boos or ISP), hand you a floppy and say "Run this script", you might do it. You also might take it apart and inspect it first, but you might jut run it without looking.
    And when that script sends everything to /dev/null/....whose fault is that?

    Or if it asks to change some settings, and pops up the admin pw box...hey...the keystroke logger that it started in a previous routine just captured your admin pw, and now the program is running in admin space. And will now send that back to home base. You are now owned inside and out.

    Whose fault is it? Linux for allowing [something] to run in user (or even admin) space? No...in this case, it's the user being spoofed into running a file given to them by a 'trusted' source. In this case, their ISP.

    Yes, *nix is very much more secure. But this exact same thing could have been done to JoeUser running whatever. If JoeUser can be fooled into running this in the first place, they can be fooled into coughing up admin rights to it.

    try it sometime. hand a co-worker a floppy that will cause some small problem. Pop up a box on the screen that says "Ha..gotcha!" What's to prevent that script from doing something else much more malicious? Only your good graces.
    This is exactly the same, except it comes as an email.

  2. Re:MS Address Book lock down? on Microsoft Mail Worms Gang War? · · Score: 3, Informative

    err...Outlook2003 and Exchange2000 do exactly that. If a program tries to access the Address Book, it pops up an approval dialogbox. You can't click yes for 5 seconds.

    But since these worms also searches in a wide range of other filetypes (.txt,.doc,.html,etc etc) for valid email addresses to send to, it makes little difference.

  3. Re:"Microsoft" mail worms? on Microsoft Mail Worms Gang War? · · Score: 1

    The first time a program wants to change files outside a protected directory or use the network (be it exe, pif, et al) Windows should ask permission

    Exactly what ZoneAlarm does. And the workaround for that exists in some of these viruses.
    If [SoftwareFirewll] exists, TurnItOff then run [NetworkAccess].

    If an OS can access the network, a spoof will be built to go around or through or over whatever firewall exists at the local machine. If you can convince the user to run it. Which is apparently what these are doing.

  4. Re:There is only one solution to the virus problem on Microsoft Mail Worms Gang War? · · Score: 1

    Right, but the concept is the same. You get an 'official' notification of a problem/infection, from your ISP, and the 'fix' for it.

  5. Re:There is only one solution to the virus problem on Microsoft Mail Worms Gang War? · · Score: 1

    quarantine your likely-infected customer so that the only webpage they can see is one served from your network explaining that they are infected. Until they take steps to clean their machines, you quarantine all outgoing traffic on their connection.

    This is exactly what this email simulates.
    "Hi, we think your system is compromised. Here's the fix for it. Until then, we're cutting you off. Thanks"

    your email server/isp.

  6. Good bit of social engineering on Microsoft Mail Worms Gang War? · · Score: 4, Insightful

    This is only a Microsoft worm/virus/trojan in the sense that it runs a Windows exe. This is NOT a failing with Outlook or Outlook Express. This code can be run from ANY client that allows attachments

    [paraphrased email text below]
    "Hi, I'm the admin from [YourEmailServer]. We've been getting complaints about your account, and we think you have a virus. Please open the attachment, and run the file. Password is 12345
    Cheers, [YourEmailServer]

    Haven't we been asking the ISP's to get on top of the virus problem? Well...here comes an email, supposedly doing just that!

    "We think you have a problem, and here's how to fix it"

    This exact same thing could have been targeted to the OSX environment, or a *nix script.
    "Hi, due to the traffic we've noticed, we think your Mac/Linux box has been compromised. Please run this script to identify and fix the problem."

    Now...most *nix users are a bit more clueful and suspicious. But, more than a few would be caught out.

    (and if you, the writer(s) of these things are out there reading this...this is NOT a compliment. You are not cute, nor are you inventive. You are merely a fool. And one that will be caught. Hopefully for you, by the authorities. They will be much easier on you than we will be...we won't be using vaseline)

  7. Re:hmmm on Next Generation Mail Clients Reviewed · · Score: 1

    Plain text. Forwarding a message from Outlook to a text only client results in, guess what....text only. No tags, nothing but the straight text.

  8. Re:hmmm on Next Generation Mail Clients Reviewed · · Score: 4, Insightful

    But doesn't Outlook 2003 have MS' nasty DRM technology built into it?

    No. The DRM, if implemented, is more of an Office thing. And then only in a corporate environment, at the server.

    User A creats a doc, and assigns it certain restrictions.
    He sends it to user B. When user B tries to open it, it authenticates back to the server, and asks "I am allowed to let user B see me?"
    If the server says yes, then good.
    User C gets a copy, and it asks again. "No. Your creator wishes only user B to see it. Run away and hide."


    Outlook, indeed Office, is not telling you what to do with your stuff. This is strictly voluntary, chosen by the document creator, and set up by the system admin.

  9. Re:Look at how fast they adapted on Tracking Via Anonymous SIM Cards · · Score: 1

    As you rightly put it, Navy is full of young kids, who can be easily made quite confident that nothing happened, that this missile was launched but that nothing wrong happened to it. They may have known that a missile had been launched, how would they know that it hit the plane ? No clue for them, it's just a question of persuasion.

    Oh please.

    "Wow...did you hear about that plane crash last night?"
    "Yeah. Bad news, huh."
    "Hey, Ralph. What time did we launch that missile last night??
    "8:42"
    "And what time did that plane crash?"
    "8:43"
    "And weren't we in the same area?"
    "Yeah. So?"
    "Nothin' Just wondering. C'mon...let's finish playing cards."

    P.S. The Navy is also full of old crusty NCO's, who can actually figure out 2 + 2.

  10. Re:Just the reason. on Tracking Via Anonymous SIM Cards · · Score: 1

    This is also why I refuse to use the key cards that the school provides for us to open the doors.

    And by doing so, you have placed yourself at the top of the list for 'special attention'. If (and they probably aren't) there is a periodic review of key card useage, a simple sort of the data places your name right at the top.
    "hmmm...student PeaceTank has only used his card twice in the last 4 months. Why? Maybe we should keep an eye on him. Ralph, follow him for a couple of days."

    Want to be anonymous? Become one of the faceless masses in the middle, not an outlier.

  11. Re:law & border on Tracking Via Anonymous SIM Cards · · Score: 1

    But leaving him on a leash for a few days/weeks may lead to others in the group. In an ambush, you don't just take out the first guy you see. You then warn all the others and they will fade into the bush, or change tactics. Wait til the leader/commander comes along, fat, dumb and happy, and get him too.

  12. False on Interacting with Onboard Car Computers? · · Score: 1

    The code readings are standard, and well known. Each manufacturer also has extended code sets, but they are not magic. $100-$300 will tell you more about your car than you will ever care know.

  13. Here ya go on Interacting with Onboard Car Computers? · · Score: 5, Informative

    I'm designing something similar for my truck.

    Inexpensive Free software for Win or Mac. Inexpensive cable.
    Expensive. Very pro display, and you can get all the extended codes sets.
    Opensource(you still need to build/buy the cable)

    There are others out there. Google for obdii

    All you need do is hook this up to the serial port of whatever car PC you make, and run the s/w. Presto, virtual dashboard, with more readings than you will ever use.

    Friend of mine at work has the cheaper one, and it works quite well. You can even record a drive, and play it back later. Output to OO.org or excel compatible csv for further analysis.

  14. Re:It's just the first step on MSN Search Blocking Results For XFree86? · · Score: 1

    MSFT is going to block all websites containing the letter "X",

    XP
    ActiveX
    DirectX
    Xbox
    XML

  15. Google on Do You Have A License For Those Facts? · · Score: 2, Interesting

    Google has a database of a large part of the web and usenet. Some of the fields in that database are the pages and images themselves.

    Does this mean that Google can have copyright over just about everything online and in the retail sector?

    All your pages are belong to Google?

  16. Re:US citizen prefered party registration on Avi Rubin's Thoughts On e-Voting · · Score: 1

    So that, theoretically, the people can choose who they want to be the party candidate. Instead of the party bosses sitting around in a room, and saying "Ok, Joe...you're it."

  17. Re:Legal Defense Fund on SCO Names 1st Lawsuit Target: AutoZone [Updated] · · Score: 4, Funny

    Autozone already has this covered. Over the last few years, they've been setting up Legal Defense Fund establishments all over the country. You can actually go into one of these LDF drop-off points, and give the nice people there some money. They will even give you one or more prizes in return! And if you really want, you can choose the actual prize, instead of just hoping for something good. These LDF dropoff points are in most major cities, and some small ones. Easily identified with the word AutoZone in large letters on the front of the building, usually in red neon.

    They even have a website where you can do the same thing. Send in some money, help Autozone defeat the evil SCO, get a free prize to boot!

    Donate your $$ today!

  18. Re:Line of Sight? on Gyroscopic Wireless Mouse · · Score: 2, Insightful

    Cause you just know that's a useful feature for your mouse!

    Actually, it can be quite useful. Don't have to worry about walking around in a conference room, and having something block the receiver.

  19. Re:Why for games? on Gyroscopic Wireless Mouse · · Score: 1

    Why for games?

    Because it makes good /. copy.

  20. ummm... on Gyroscopic Wireless Mouse · · Score: 1

    The TouchStream from ThinkGeek does this more or less.

  21. I have one of these combos on Gyroscopic Wireless Mouse · · Score: 1

    Bought the kybd/mouse a few months ago. Not too bad, but assuredly not for gyro gaming. Not even, IMHO, for daily use.

    Pros:
    Good RF range. I have the 25' model, and have used every bit of it.
    Great for conference room presentations.
    The gyro action does work.
    Smooth feel on the buttons and wheel.
    Quiet clicks.
    Good battery life on the kybd

    Cons:
    Mouse is too narrow and tall
    Too heavy in relation to other rodents
    Terrible battery life on the mouse before it needs recharge. Have to recharge at least daily.
    Finicky recharger. Sometimes the mouse contacts don't contact correctly, and the mouse doesn't charge.
    Kind of tricky to hold it and left/right click at the same time. You have to cradle it between thumb and ring finger. Hold it wrong, and you might unlink the gyro and revert to normal optical ops.
    Kybd is laptop size. Cramped, but OK for travel. They do make a full$ize wirele$$.
    kybd feel is so-so, even compared to a laptop.

    bottom line:
    It's good for untethered presentations, but for normal use, an IntelliMouse or MX700 is better. The Gyro isn't my daily favorite.

  22. Re:Outsourcing is bad for companies too on The Full Outsourcing Discussion · · Score: 1

    The problem is not outsourcing, per se. It's where that outsourcing is going to.

    BoA could have outsourced to a software house in Baltimore instead of Bangalore.

  23. Re:No need for this to be in every car... on Ford Testing a New 'Traffic Monitoring' Device · · Score: 1

    There is no point for every driver on the highway to have this system in their car.

    No reason for us. Plenty of reasons for them.

    Just like RFID's, there would incredible tie-ins in the future. Driving past the mall? "Hey...come on in. The Gap is having a sale!"
    or
    Selling the speed info to your insurance company. Both companies make a profit on that one...one selling your data, and the other raising your rates.

    And it would be cheaper to put it in every car, rather than only a few and have to keep track of which ones.

  24. Re:However... on Ford Testing a New 'Traffic Monitoring' Device · · Score: 3, Insightful

    However, if they try to put this in my car...it will be disconnected quickly.

    And your anti-lock fails to work, your speedo is stuck on zero, your wipers lock in the upright position, your fancy nav system is stuck at due North...

    Hard to remove only part of a chip and still leave the rest working.

  25. Doesn't matter on Open-Source Software and "The Luxury of Ignorance" · · Score: 4, Insightful

    Fedora, CUPS, whatever...

    PC here. Printer there. Make it so.
    In clear, precise, EASY directions.