Strange this in the logs for my firewall I keep getting "portsentry[]: attackalert: connect from host slashdot.org/66.35.250.150 to TCP port 1080".
What is source port?
If source port looks like 80, then your firewall
is just blocking some return packed from
your http connection, when you surf on
slashdot.org. It is just 'mistaken' direction
of connection.
"....and regularly use it for running demanding applications like Apache, PostgreSQL and Mozilla."
That's kinda funny, lumping a web browser in the same category as server apps designed to handle gazillions of users.
Come on, it's not THAT bloated!
Well, actual text is:
We have a fully functional port of Linux 2.4 running over Xen, and regularly use it for running demanding applications like MySQL, Apache and PostgreSQL. Any Linux distribution should run unmodified over the ported OS.
I'm still waiting, though, because after 'xfs' rendered all the fonts required for ShowLetter.exe, 'top' shows that the process 'wine' just took up 100% cpu time for the last couple hours or so.
It is not safe to run these worms / viruses on wine.
We've been through this discussion before too. Wine is not a VM, and the
isolation between Win32 and Unix code is the result of application's
ignorance, rather than a deliberate design decision. As such, it is
highly NOT recommended for cases where hostile code of unknown qualities
is tested.
For all you know, sobig may be checking whether it is runnning on wine,
and then issuing the correct interrupts (static linking dlopen) and
infecting your Unix system.
That old mail is refering to sobig, but you
can replace "sobig" on text with "swen".
The worm also can search for e-mail addresses in various newsgroups. It connects to NNTP servers listed in the SWEN1.DAT file, gets a list of all newsgroups on that server and searches recent messages in these newsgroups for 'nfrom:' and 'nreply-to:' tags. When such tags are found, the worm gets e-mail addressed after them and writes them to the GERMS0.DBV file. This way the worm can harvers a lot of e-mail addresses to send itself to.
The worm can post its e-mails to newsgroups, the names of which it finds during searching process. The worm sends the same kind of messages as it sends via e-mail.
So it collect addresses from usenet news and propagates via usenet news.
nice if the new scheme resembled the old one as much as possible. What the heck was the idea of making it 128 bits, so no human can deal with the raw numbers? Simply grafting on another 8 bit section boosts it to a trillian addresses. THAT'S PLENTY! You'd still have a hope of being able to deal with the raw number when you have to.
Well, purpose of multiply length of address was make routing easier. When address is long enough you can 'encode' routing to address. In other words routing is possible to do more than nowdays just with simple prefixes. This method is nowdays also used, but number if different prefixes what is needed for routing is bigger when address space is more near of full.
It's up to 69663 at the moment - lucky it's AOL we're slashdotting:-)
AOL seems limit slashdotting:
Web Site Not Displayed
Sorry, We Can't Display That Page
This member has exceeded their bandwith for the day. Please check back after 4 am EST to access this page
Execute in Place (EIP)- currently, your system will copy the program to RAM. Here, you'd copy everything from volatile ram to Non-volatile ram - a rather wasteful operation don't you think?
And then "RAM" on execution is replaced with
just one more cache (after all programs are not
executed from RAM directly, but instead there is
usually two different speed cache (ie faster ram)
between CPU (or on CPU) and main memory.
Now they just leave the passwords on a post-it-note on their monitor and still share it with everyone else.
Sounds like they need to have a "Hey, Asshole!" note e-mailed to the boss from their account. Then let them try to figure out which of their trusted co-workers sent it.
Sending of mail do not require authentication.
So nobody believes that mail was really sent from
their account.
There's nothing in the U.N resolutions that said that would be a consequence if Iraq didn't comply with it's U.N. obligations.
Allow me to quote the resolution to you:
13.
Recalls, in that context, that the Council has repeatedly warned Iraq
that it will face serious consequences as a result of its continued
violations of its obligations.
I'm not sure what you thought Serious Consequences
meant but it didn't mean we would send them milk and cookies and ask
them to play nice! To remove the WMD you must remove those that wish to
build and use them. Otherwise what will stop them from doing it
again???
Serious Consequences was not ==
Permission to start war
It was more like next resolution may be
permission to start war.
(Remember that US have not got that resolution -- at least yet.)
GPS (Global Position System) is not necessary
for locate phone. At least on Finland certain phone
company provides location service which can
locate GSM phone with just by receiving phone's
signal via several link. Resolution is not as good
as GPS, but is able to tell location better than
on which "cell" user is. On towns resolution is quite good, on coutry side error is much larger.
From: Michal Zalewski <lcamtuf@ghettot.org> To: <bugtraq@securityfocus.com>
<...> The impact is believed to be a root compromise. I've confirmed this is a local issue, and my initial impression is that a remote attack possibility is not that unlikely. Only platforms with 'char' type signed by default are vulnerable as-is, <...>
Does anybody know of a good mailserver written in a higher-level language?
This is what, the 82nd remote root-exploit in sendmail due to C coding problems? Let's see something written in Perl or Python or Java, even.
I do not think that there exists full Mail Transport Agents written with
perl or
python.
However, some written with
java exists, I think.
SECURITY: Fix a buffer overflow in address parsing due to
a char to int conversion problem which is potentially
remotely exploitable. Problem found by Michal Zalewski.
Note: an MTA that is not patched might be vulnerable to
data that it receives from untrusted sources, which
includes DNS.
Is that something to do with
char == signed char versus
char == unsigned char ?
Slashdot Mirror
Well, multipart/related is that kind file format or content type although it is not mean for that purpose.
For other resons, is is likely that webmasters want use that type. I think about stylesheets.
(Mozilla browser do not support multipart/related. See bug 18764 or http://bugzilla.mozilla.org/show_bug.cgi?id=18764 .)
What is source port?
If source port looks like 80, then your firewall is just blocking some return packed from your http connection, when you surf on slashdot.org. It is just 'mistaken' direction of connection.
Which exploit exists in Mozilla? Is it in Bugzilla?
Depends what you define to be "exploit".
There is
/ Kari Hurtta
Perhaps same reason than why mozilla do not do that filtering?
And with some Intel's compiler?
Some more proposals are on http://www.irtf.org/asrg/asrg_documents.htm/.
Well, actual text is:
Mozilla is not mentioned :-)
It was:
There is no MX record for MIT-MC.ARPA
Also no A record:
I guess that there is only in-addr.arpa left on .arpa domain.
It is not safe to run these worms / viruses on wine.
http://www.winehq.org/hypermail/wine-devel/2003/08 /0488.html:
That old mail is refering to sobig, but you can replace "sobig" on text with "swen".
Currently Netscape is standard MUA, but it is probable that it is going to change to microsoft's product.
(Personally I do not use Netscape as MUA -- I use my own MUA...)
[MUA = Mail User Agent]
AOL seems limit slashdotting:
Web Site Not Displayed
Sorry, We Can't Display That Page
This member has exceeded their bandwith for the day. Please check back after 4 am EST to access this page
Hometown Community Guidelines
500 Unknown Host
And then "RAM" on execution is replaced with just one more cache (after all programs are not executed from RAM directly, but instead there is usually two different speed cache (ie faster ram) between CPU (or on CPU) and main memory.
Who says that you need to have pagefile? (Or is that A MS Gripe refering some certain Operating System?)
Sending of mail do not require authentication. So nobody believes that mail was really sent from their account.
Serious Consequences was not == Permission to start war
It was more like next resolution may be permission to start war.
(Remember that US have not got that resolution -- at least yet.)
GPS (Global Position System) is not necessary for locate phone. At least on Finland certain phone company provides location service which can locate GSM phone with just by receiving phone's signal via several link. Resolution is not as good as GPS, but is able to tell location better than on which "cell" user is. On towns resolution is quite good, on coutry side error is much larger.
From: Michal Zalewski <lcamtuf@ghettot.org>
To: <bugtraq@securityfocus.com>
<...>
The impact is believed to be a root compromise. I've confirmed this is a
local issue, and my initial impression is that a remote attack possibility
is not that unlikely. Only platforms with 'char' type signed by default
are vulnerable as-is,
<...>
Is that worth of it?
I do not think that there exists full Mail Transport Agents written with perl or python. However, some written with java exists, I think.
But check it yourself, of course.
Changelog says:
Is that something to do with char == signed char versus char == unsigned char ?
Well, perhaps Bush is going to start World War.
Sweden, Finland, and so on
You forgot:
trigger(killed) { create new terrorist; }
Infinite loop?