UnixA is NOT a smaller target audience, it is in the Desktop, but not on the server. And let me tell you, servers with a fixed IP address, open well known ports listening, and lots of domains pointing to it are the most common target. I have a fixed IP address, on a Unix machine, and you should just see my logs. Tons of break-in attempts everyday, and my Slackware just resists all of them. 99% of these break-in attempts are portscans. Any machine on the net, running any OS, fixed IP or not, is subjected to this barrage on a daily basis. The people doing this generally don't care what kind of machines they get in their botnet, they'll be used for the same purpose one way or another.
Desktop machines with windows with variable IP addresses are the target of bots. Unix servers with fixed IP addresses are the target of real crackers and wannabes trying to break in 24/7. Unix is a far more secure platform than Windows; and it has been proved since it's more exposed to heavy attacks all the time. Any machine connected to the net has the same exposure to these general attacks. The difference is not Unix/Windows/whatever; the difference is the setup and administration. Most servers are managed by professionals who know how to configure, maintain and monitor a machine properly. Most desktops are not.
I dunno what PeerGuardian you're using, mine works just fine.
The only thing I did find is that HTTP blocking is on by default, and depending on what blocklists you use it can block a few legitimate sites. But I don't want to use it for blocking ads so I just toggle that option and all's good.
That's interesting.. the Compaq notebook I got a few months ago not only didn't come with a Windows CD, it didn't even come with restore disks. It has an app on the machine that you need to run to generate your restore disks and burn to your own DVDs. A few hours later you have restore disks.
Either HP/Compaq have changed their practices recently or it's something to do with which line of notebook you get (mine was towards the budget end of the spectrum).
So set it to something other than 127.0.0.1 -- 127.0.0.2 for example:)
Even better set it to the IP of a webserver that throws up an information page explaining why you can't browse to the site you're trying to visit, and who to contact if you think it's a mistake/problem.
Of course that won't help anything other than web traffic, but I'm guessing that's the main point of this exercise.
You haven't behaved unprofessionally, you've done the right things. If your company wanted you to resign in any other way, they should have told you so.
I think the real lesson here is to make sure you've done everything you need to do on your soon-to-be-ex-employer's systems *before* you hand in your resignation:)
The submitter asks "couldn't they do this anonymously?"
Err.. probably not. Even if you only gave them a phone number, or an e-mail address, you wouldn't be anonymous any more. And if you didn't give them any personally identifying information, how would they be able to contact you?
Besides, I think I'd want to know that I'd possibly contracted some deadly disease, rather than remain anonymous:)
About 2 or 3 years ago, the Victorian government subsidised the hookup of a 64k ISDN line to every school where it was possible - which basically amounts to nearly all of them as most of the schools are in the greater Melbourne area.
Along with this came a free e-mail address for every teacher in the state.
Three different levels of filtering have been available - none, restrictive (no porn/warez/hotmail) and very restrictive (selected educational sites only).
The sad thing is that the links were provided by Telstra, who have now decided to more than triple the price.. for schools that have enough trouble paying their teachers and buying resources already.
And to think that all those CPU cycles could have been used on a project that might actually find something one day.. like Seti@home or RC5:)
Not to mention that those clients are a bit nicer about not stealing cycles from user apps.
I think i might still have it lying around on disk somewhere at home... if there's enough interest i might put it up for download (and cripple my ISP with the slashdot effect... well maybe not:P)
Slashdot Mirror
And let me tell you, servers with a fixed IP address, open well known ports listening, and lots of domains pointing to it are the most common target. I have a fixed IP address, on a Unix machine, and you should just see my logs. Tons of break-in attempts everyday, and my Slackware just resists all of them. 99% of these break-in attempts are portscans. Any machine on the net, running any OS, fixed IP or not, is subjected to this barrage on a daily basis. The people doing this generally don't care what kind of machines they get in their botnet, they'll be used for the same purpose one way or another. Desktop machines with windows with variable IP addresses are the target of bots. Unix servers with fixed IP addresses are the target of real crackers and wannabes trying to break in 24/7.
Unix is a far more secure platform than Windows; and it has been proved since it's more exposed to heavy attacks all the time. Any machine connected to the net has the same exposure to these general attacks. The difference is not Unix/Windows/whatever; the difference is the setup and administration. Most servers are managed by professionals who know how to configure, maintain and monitor a machine properly. Most desktops are not.
I'll make sure to get one when they're released so I can play Duke Nukem Forever :)
Is Latest-Fad-Tech-Widget-Buzzword-Laden related to Osama-bin-Laden at all? :)
I dunno what PeerGuardian you're using, mine works just fine.
The only thing I did find is that HTTP blocking is on by default, and depending on what blocklists you use it can block a few legitimate sites. But I don't want to use it for blocking ads so I just toggle that option and all's good.
So you're going to generate electricity and clean water out of think air. Next you'll be turning lead bars into gold :)
That's interesting.. the Compaq notebook I got a few months ago not only didn't come with a Windows CD, it didn't even come with restore disks. It has an app on the machine that you need to run to generate your restore disks and burn to your own DVDs. A few hours later you have restore disks.
Either HP/Compaq have changed their practices recently or it's something to do with which line of notebook you get (mine was towards the budget end of the spectrum).
I doubt it would be eligible for a bounty, as it won't run under Vista's default configuration. It can be made to run though :)
When Slashdot get their hands on it :)
Neither the linked article, or the eEye alert, say that there is an exploit available, just that it's a flaw.
And eEye somehow missed listing "upgrade to the unaffected WMP11" as a form of mitigation.
So set it to something other than 127.0.0.1 -- 127.0.0.2 for example :)
Even better set it to the IP of a webserver that throws up an information page explaining why you can't browse to the site you're trying to visit, and who to contact if you think it's a mistake/problem.
Of course that won't help anything other than web traffic, but I'm guessing that's the main point of this exercise.
You haven't behaved unprofessionally, you've done the right things. If your company wanted you to resign in any other way, they should have told you so.
:)
I think the real lesson here is to make sure you've done everything you need to do on your soon-to-be-ex-employer's systems *before* you hand in your resignation
At the risk of ruining my karma, can anyone explain what this story has to do with my (or your) Rights Online?
:)
As far as I'm aware stealing things from Target doesn't count as either online or a right
The submitter asks "couldn't they do this anonymously?"
:)
Err.. probably not. Even if you only gave them a phone number, or an e-mail address, you wouldn't be anonymous any more. And if you didn't give them any personally identifying information, how would they be able to contact you?
Besides, I think I'd want to know that I'd possibly contracted some deadly disease, rather than remain anonymous
So you want to tap into the thoughts of hundreds of internet users.. then what? Collate the information and sell it to online advertisers?
:)
Sure beats cold-calling or trying to trap people at shopping centres
By default, IE6 has TLS 1.0 switched off, and SSL 2.0 and 3.0 switched on.
It is a statewide thing.
About 2 or 3 years ago, the Victorian government subsidised the hookup of a 64k ISDN line to every school where it was possible - which basically amounts to nearly all of them as most of the schools are in the greater Melbourne area.
Along with this came a free e-mail address for every teacher in the state.
Three different levels of filtering have been available - none, restrictive (no porn/warez/hotmail) and very restrictive (selected educational sites only).
The sad thing is that the links were provided by Telstra, who have now decided to more than triple the price.. for schools that have enough trouble paying their teachers and buying resources already.
Gawd.. I hadn't read that far down the page yet. Gimme a break :)
This just plain annoys me.
And to think that all those CPU cycles could have been used on a project that might actually find something one day.. like Seti@home or RC5 :)
Not to mention that those clients are a bit nicer about not stealing cycles from user apps.
I think i might still have it lying around on disk somewhere at home... if there's enough interest i might put it up for download (and cripple my ISP with the slashdot effect... well maybe not :P)