1) Delete msblast.exe (usually found at: winnt\system32\msblast.exe)
2) delete the Registry key: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run\windows auto update" . That key should contain the "msblast.exe" process, and is what starts it up again on reboot.
3) Patch DCOM, or you'll just get this again.
The worm isn't buggy...Windows is. (well, they both have issues, but your machine going down isn't necessarily the worm coder's fault.)
Apparently there are two problems with RPC: one is a DCOM overflow, which this worm is exploiting...the other is a DoS, which shuts RPC down. Once RPC goes down, Windows wants to reboot. Microsoft has not yet offered a patch for the DoS yet, which means this worm is going to suck.
Oh, please. Do you really want to swap one multi-definition word (explorer, malicious attacker) for another (malicious attacker, snack food, derogative term for caucasian)? Why bother? Every time someone mentions a cracker breaking in somewhere, all I can think of is some Nabisco saltine typing away at a keyboard and laughing manically. (of course, where it got arms and fingers I'm not as clear on.)
Look, the whole hacker/cracker thing is pointless. Lots of words, especially some of the derogatory ones for homosexuals, have changed meanings with the times, hacker is no different. Hacker is now in the popular lexicon as meaning an someone who breaks into computer systems. Get used to it.
Re:Use of FormFucker to spam spammers' web sites
on
Following the Spam Trail
·
· Score: 2, Interesting
Very interesting. Thanks. I had thought about writing something like that for a while, but never got around to it.
I think one of the big problems with FormFucker, which I'm trying to avoid, is that it's really a vigilante justice system. For some reason, which I can't totally put my finger on, having lots of people fill out one order form each (but with all of them lying) just seems less abusive than one person flooding the site with orders...even if the total number of fake orders comes out the same.
I guess having each person just fill out one fake order each, and trying to get lots of people to do that together makes the attack seem more like a community protest akin to a sit-in, rather than vigilante justice.
Thanks for the link, though. If I lose the "I really should behave" inhibition, it's entirely likely I'll use that.
You're right, but I'm not hoping for a 1% phony rate...I'm aiming much higher.
Basically, I'm counting on the real reply rate for spam being very low to begin with, so any measureable response by an annoyed populace will almost by default be at or near the real response rate. From what I've read so far, the real response rate for spam is on the order of 0.05% or so. They make money from volume, obviously. So, if 1% of the people who recive the spam respond falsely, that's a 200:1 ratio of bad:good data. Clearly, that's not going to happen, but given that the real response rate for spam is very low to begin with, I don't think it will take that much active dilution by people like me to cause real headaches for the spammers.
I'm becoming more and more convinced that the only effective way to fight back is to spam the spammers. Not via email, but via their customer databases. Take the example of from this article: the spammers get paid for every lead they generate. But, if just 1% of the people who got the spam went to the site and *lied* about their identity, and their interest, the value of the list containing their info would go down so much as to make it worthless. Even if.1% of the people did this, it would dramatically reduce the value of such customer lists. That's the only way to stop spam, from what I can see: make it no longer economically viable.
Ah, but that's the whole point: people outside the cage are affected by your cage. A Farraday cage does not just affect signals inside it. It affects all signals attempting to pass through it. So, your cage affects anyone that is downcast to it, which means that you are affecting other's ability to get a signal.
As to whether or not building a house out of steel is illegal, I don't know. Obviously steel rebar in concrete is legal, even though it makes a great cage for certain frequencies. But, if you're intentionally building a cage to keep certain frequencies from propogating, you are breaking the law. Whether the feds come find you or not is their choice.
Yes, since you asked, restaurants, theaters, etc that are jamming cell broadcasts *are* breaking the law. A quick google search will bring up lots of sites that confirm this. There are problems with both active and passive systems, especially when it comes to cell phones.
The problem with the passive jamming systems that just take a particular signal and dump it to ground, is that you can't operate them in a "limited" way, the way you want to. They block all access to downstream folks as well as your area, which means that there is suddenly a large area of blockage behind your passive system. There's really no way to prevent this, as there will always be some large area where your passive system is in between the broadcasting tower and the user.
As you mentioned, active systems for cell phones have all sorts of licensing problems...you're not allowed to broadcast there...only the "owner/leasee" of that bit of the spectrum is.
In some ways, you can't even limit a signal's access to your property. The Farraday cage idea is actually illegal.
The FCC takes a very dim view of people cutting out certain frequencies from the public spectrum, and for good reason. If you cut a broadcast off in your property, you've just blackholed everyone that sits downstream (down-cast?) from you. That makes it interference with the public airwaves, and therefore a crime.
Imagine this scenario: two radio stations compete for listeners...one of them buys a house very near the competitors broadcast towers and then black-holes their broadcast to huge sections of the city. Under your argument this would be legal, as the person owning the house doesn't want this signal in their property.
"Coming crisis?" We've presently got about 100/8's unallocated to anyone right now. According to a previous slashdot story, we go through them at a rate of 2/8's per year. Goign by that math, we've got 10 years left. In reality, it'll happen before that, but in two years? No way. There's just no way in hell that we're going to allocate 100/8's worth of IP space in two years.
Don't get me wrong, IPv6 is kinda cool, but there's no rush. Anyone who tells you otherwise is selling something (like this guy).
As I mentioned in your other post about this, this is *not* the CatOS patch. Cisco discovered this themselves. The discoverers did have to work with Cisco, since they were Cisco.
No one outside Cisco had seen this until a few days ago. The problem is, once Cisco announced it, there were only so many combinations that could cause the problems they were mentioning, and someone found them, and posted it to Full-Disclosure.
This is not the CatOS vulnerability, which was announced a week ago. This is a vulnerability in IOS (not CatOS), that Cisco discovered themselves (apparently a while ago, based on some of the build dates). It has been on the public lists for about 2 days now.
If you're going to mock someone, make sure you have your fact straight.
As I mentioned to the other responder, there are other systems. My best example are rockoons. (I don't mean to keep harping on them, but they're a good example.) They're much slower at stage one, but use very little fuel(almost none if you can recover the balloon) to cover the first dozen or so kilometers of altitude. Why should we ignore those just for NASCAR race-style speed?
Heh. Apparently I didn't make my point very well. Let me try again.
My point was that a "race" style system strongly disadvantages slower systems like "rockoons", (which use a balloon instead of a first stage rocket). Now, whether rockoons are actually a better/cheaper way to get to space is still an open question, but I'm a bit bothered that this whole class of launch systems would be discarded in favor of old-style rockets simply because we want to be like NASCAR.
I don't think I totally agree with this. Part of the point of the X-Prize is finding the cheapest way to space, not necessarily the fastest way to space. Remember: good, cheap, fast, pick two. If we pick cheap and fast, we get deathtraps.
I'd much rather see the X-Prize lead to something good and cheap that takes 2 days to get to orbit than have some over-engineered phallic symbol dominating the space race for the next 50 years.
It's unlikely you'll ever reach motoway speeds: wind resistance against a moving person at that speed will cause lots of problems (translation: you'll be on your butt somewhere around 40km/h). Also, it should be noted that the "bus speed" they list in the article is 9km/h. That's not exactly speedy by open road standards, but is probably pretty fast by congested downtown standards.
At some point Microsoft has got to get tired of all the stuff they go through and deploy some hackers themselves, to protect their interests.
Microsoft is already doing this. One of the guys I used to work with in the security realm is now at Microsoft, checking for exploitable code & paths in Palladium. I expect he'll to see this & prevent it in any Trusted system release.
Totally and completely? That depends. For straight inventory in a store, I can see lots of advantages (heck, I can see an advantage in a server room as well...instant inventory). But, having someone be able to tell exactly what kind of underwear I'm wearing just by coming near me with a reader would creep me out. (That will be possible with this system, since you can't "degauss" RFID tags the way you can with present theft-deterrent systems.) Admit it, you all know one freak who would find it really funny to walk up to complete strangers & say "wow...you never struck me as a Hanes type of guy."
Also, there have been proposals for other uses besides inventory, and some of those are not going to work. One example I've seen talked about was using them for employee ID tags. There have all sorts of issues (passive scanning for authorized badges on subways, office lobbies), and would be a very bad idea.
What people seem to be missing in this is that there's a lot of space still around (100/8's if the Director is to be believed), which is not allocated to *anyone* right now. If Asias use of IP space grows more rapidly than the US', then APNIC will simply ask for new allocations more often than ARIN would.
I can see running out of space being a concern during the 'net boom, since routing tables and IP space requests were growing exponentially during that time. But, the growth of the routing table has slowed down from that rate (see http://bgp.potaroo.net/), so the time when we'll run out has moved much farther back. We'll need to move to v6 eventually, sure, but I don't think it'll happen for 10 or so years.
As someone else has mentioned, the backbone is a terrible place to do filtering. The backbone has better things to do with its CPU time (like, routing between multiple DS3s, etc). Filtering is best done at the edge, meaning at the point where the customer is actually connected. If you filter there, you should have a good idea of exactly which sources are allowed to exist on this network, and should be able to build very strict filters on a router that isn't seeing massive amounts of traffic.
The problems with this are: 1) it relies on everyone behaving & having a clue. As we've seen with patches, that just doesn't happen. 2) There are all sorts of situations (like customers multi-homing) that make these filters not scale well, so some ISPs just leave them off entirely.
This subject has come up on NANOG about every other month for the past few years. It's not been resolved yet.
Patience. I suspect that the Chinese will give the US plenty of "competition" fairly soon....that is, if you believe the intelligence reports indicating that the Chinese want to be on the moon in a few years, and have permanent residence there in a decade or so.
Slashdot Mirror
Oh, yeah, and reboot, since the worm binds a command shell to port 4444...but then, you'll have to reboot to patch RPC anyway.
1) Delete msblast.exe (usually found at: winnt\system32\msblast.exe)r rentVersion\Run\windows auto update" . That key should contain the "msblast.exe" process, and is what starts it up again on reboot.
2) delete the Registry key: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu
3) Patch DCOM, or you'll just get this again.
The worm isn't buggy...Windows is. (well, they both have issues, but your machine going down isn't necessarily the worm coder's fault.)
Apparently there are two problems with RPC: one is a DCOM overflow, which this worm is exploiting...the other is a DoS, which shuts RPC down. Once RPC goes down, Windows wants to reboot. Microsoft has not yet offered a patch for the DoS yet, which means this worm is going to suck.
Oh, please. Do you really want to swap one multi-definition word (explorer, malicious attacker) for another (malicious attacker, snack food, derogative term for caucasian)? Why bother? Every time someone mentions a cracker breaking in somewhere, all I can think of is some Nabisco saltine typing away at a keyboard and laughing manically. (of course, where it got arms and fingers I'm not as clear on.)
Look, the whole hacker/cracker thing is pointless. Lots of words, especially some of the derogatory ones for homosexuals, have changed meanings with the times, hacker is no different. Hacker is now in the popular lexicon as meaning an someone who breaks into computer systems. Get used to it.
Very interesting. Thanks. I had thought about writing something like that for a while, but never got around to it.
I think one of the big problems with FormFucker, which I'm trying to avoid, is that it's really a vigilante justice system. For some reason, which I can't totally put my finger on, having lots of people fill out one order form each (but with all of them lying) just seems less abusive than one person flooding the site with orders...even if the total number of fake orders comes out the same.
I guess having each person just fill out one fake order each, and trying to get lots of people to do that together makes the attack seem more like a community protest akin to a sit-in, rather than vigilante justice.
Thanks for the link, though. If I lose the "I really should behave" inhibition, it's entirely likely I'll use that.
You're right, but I'm not hoping for a 1% phony rate...I'm aiming much higher.
Basically, I'm counting on the real reply rate for spam being very low to begin with, so any measureable response by an annoyed populace will almost by default be at or near the real response rate. From what I've read so far, the real response rate for spam is on the order of 0.05% or so. They make money from volume, obviously. So, if 1% of the people who recive the spam respond falsely, that's a 200:1 ratio of bad:good data. Clearly, that's not going to happen, but given that the real response rate for spam is very low to begin with, I don't think it will take that much active dilution by people like me to cause real headaches for the spammers.
I'm becoming more and more convinced that the only effective way to fight back is to spam the spammers. Not via email, but via their customer databases. Take the example of from this article: the spammers get paid for every lead they generate. But, if just 1% of the people who got the spam went to the site and *lied* about their identity, and their interest, the value of the list containing their info would go down so much as to make it worthless. Even if .1% of the people did this, it would dramatically reduce the value of such customer lists. That's the only way to stop spam, from what I can see: make it no longer economically viable.
Ah, but that's the whole point: people outside the cage are affected by your cage. A Farraday cage does not just affect signals inside it. It affects all signals attempting to pass through it. So, your cage affects anyone that is downcast to it, which means that you are affecting other's ability to get a signal.
As to whether or not building a house out of steel is illegal, I don't know. Obviously steel rebar in concrete is legal, even though it makes a great cage for certain frequencies. But, if you're intentionally building a cage to keep certain frequencies from propogating, you are breaking the law. Whether the feds come find you or not is their choice.
So, what, they don't use GOTO?
Yes, since you asked, restaurants, theaters, etc that are jamming cell broadcasts *are* breaking the law. A quick google search will bring up lots of sites that confirm this. There are problems with both active and passive systems, especially when it comes to cell phones.
The problem with the passive jamming systems that just take a particular signal and dump it to ground, is that you can't operate them in a "limited" way, the way you want to. They block all access to downstream folks as well as your area, which means that there is suddenly a large area of blockage behind your passive system. There's really no way to prevent this, as there will always be some large area where your passive system is in between the broadcasting tower and the user.
As you mentioned, active systems for cell phones have all sorts of licensing problems...you're not allowed to broadcast there...only the "owner/leasee" of that bit of the spectrum is.
In some ways, you can't even limit a signal's access to your property. The Farraday cage idea is actually illegal.
The FCC takes a very dim view of people cutting out certain frequencies from the public spectrum, and for good reason. If you cut a broadcast off in your property, you've just blackholed everyone that sits downstream (down-cast?) from you. That makes it interference with the public airwaves, and therefore a crime.
Imagine this scenario: two radio stations compete for listeners...one of them buys a house very near the competitors broadcast towers and then black-holes their broadcast to huge sections of the city. Under your argument this would be legal, as the person owning the house doesn't want this signal in their property.
"Coming crisis?" We've presently got about 100 /8's unallocated to anyone right now. According to a previous slashdot story, we go through them at a rate of 2 /8's per year. Goign by that math, we've got 10 years left. In reality, it'll happen before that, but in two years? No way. There's just no way in hell that we're going to allocate 100 /8's worth of IP space in two years.
Don't get me wrong, IPv6 is kinda cool, but there's no rush. Anyone who tells you otherwise is selling something (like this guy).
As I mentioned in your other post about this, this is *not* the CatOS patch. Cisco discovered this themselves. The discoverers did have to work with Cisco, since they were Cisco.
No one outside Cisco had seen this until a few days ago. The problem is, once Cisco announced it, there were only so many combinations that could cause the problems they were mentioning, and someone found them, and posted it to Full-Disclosure.
WRONG.
This is not the CatOS vulnerability, which was announced a week ago. This is a vulnerability in IOS (not CatOS), that Cisco discovered themselves (apparently a while ago, based on some of the build dates). It has been on the public lists for about 2 days now.
If you're going to mock someone, make sure you have your fact straight.
As I mentioned to the other responder, there are other systems. My best example are rockoons. (I don't mean to keep harping on them, but they're a good example.) They're much slower at stage one, but use very little fuel(almost none if you can recover the balloon) to cover the first dozen or so kilometers of altitude. Why should we ignore those just for NASCAR race-style speed?
Heh. Apparently I didn't make my point very well. Let me try again.
My point was that a "race" style system strongly disadvantages slower systems like "rockoons", (which use a balloon instead of a first stage rocket). Now, whether rockoons are actually a better/cheaper way to get to space is still an open question, but I'm a bit bothered that this whole class of launch systems would be discarded in favor of old-style rockets simply because we want to be like NASCAR.
I don't think I totally agree with this. Part of the point of the X-Prize is finding the cheapest way to space, not necessarily the fastest way to space. Remember: good, cheap, fast, pick two. If we pick cheap and fast, we get deathtraps.
I'd much rather see the X-Prize lead to something good and cheap that takes 2 days to get to orbit than have some over-engineered phallic symbol dominating the space race for the next 50 years.
Battlestar Galactica line: Cylons at 10 Angstroms!
Friends mom: Wow, that's close enough for sex.
Us (ignorant kids): huh?
It's unlikely you'll ever reach motoway speeds: wind resistance against a moving person at that speed will cause lots of problems (translation: you'll be on your butt somewhere around 40km/h). Also, it should be noted that the "bus speed" they list in the article is 9km/h. That's not exactly speedy by open road standards, but is probably pretty fast by congested downtown standards.
MCP - Master Control Program
--- end of line ---
At some point Microsoft has got to get tired of all the stuff they go through and deploy some hackers themselves, to protect their interests.
Microsoft is already doing this. One of the guys I used to work with in the security realm is now at Microsoft, checking for exploitable code & paths in Palladium. I expect he'll to see this & prevent it in any Trusted system release.
Totally and completely? That depends. For straight inventory in a store, I can see lots of advantages (heck, I can see an advantage in a server room as well...instant inventory). But, having someone be able to tell exactly what kind of underwear I'm wearing just by coming near me with a reader would creep me out. (That will be possible with this system, since you can't "degauss" RFID tags the way you can with present theft-deterrent systems.) Admit it, you all know one freak who would find it really funny to walk up to complete strangers & say "wow...you never struck me as a Hanes type of guy."
Also, there have been proposals for other uses besides inventory, and some of those are not going to work. One example I've seen talked about was using them for employee ID tags. There have all sorts of issues (passive scanning for authorized badges on subways, office lobbies), and would be a very bad idea.
What people seem to be missing in this is that there's a lot of space still around (100 /8's if the Director is to be believed), which is not allocated to *anyone* right now. If Asias use of IP space grows more rapidly than the US', then APNIC will simply ask for new allocations more often than ARIN would.
I can see running out of space being a concern during the 'net boom, since routing tables and IP space requests were growing exponentially during that time. But, the growth of the routing table has slowed down from that rate (see http://bgp.potaroo.net/), so the time when we'll run out has moved much farther back. We'll need to move to v6 eventually, sure, but I don't think it'll happen for 10 or so years.
As someone else has mentioned, the backbone is a terrible place to do filtering. The backbone has better things to do with its CPU time (like, routing between multiple DS3s, etc). Filtering is best done at the edge, meaning at the point where the customer is actually connected. If you filter there, you should have a good idea of exactly which sources are allowed to exist on this network, and should be able to build very strict filters on a router that isn't seeing massive amounts of traffic.
The problems with this are: 1) it relies on everyone behaving & having a clue. As we've seen with patches, that just doesn't happen. 2) There are all sorts of situations (like customers multi-homing) that make these filters not scale well, so some ISPs just leave them off entirely.
This subject has come up on NANOG about every other month for the past few years. It's not been resolved yet.
Patience. I suspect that the Chinese will give the US plenty of "competition" fairly soon....that is, if you believe the intelligence reports indicating that the Chinese want to be on the moon in a few years, and have permanent residence there in a decade or so.