Results 1 to 3 of 3
  1. #1
    Adam Greatrix
    Guest
    "Mike H" <[email protected]> wrote in message
    news:[email protected]
    > Outgoing mail could be Virus Free, but then again we could be lying.
    > Who knows, who cares? It's only and advertisement after all.
    > Chequed by AVG anty-vyrus sistem (http://www.willysoft.com).
    > Verzion: 13.0.395 / Vyrus Databaze: 2350 - Releaze Date: 31/02/04


    LOL, I like that.... but if you had the latest super-leet version of the
    virus killer it would read:

    OU+9oinG M01l C0Uld b3 viRU5 FR33, BUt then AGAiN w3 c0ULD be lyIN9.
    wHo KNOW5, WHO CAre5? I+'$ 0nlY 4nD 4dv3RT15emEn+ @pht3R 4lL.
    cH3kw3d 8Y @v9 4NTy-VyrU$ 515T3M (hT+p://WWw.W1lly$of+.com).
    vErZI0n: 13.0.395 / vyRU$ Da+4b4zE: 2350 - reLE4Z3 daTE: 31/02/04

    Also, I've noticed that most viruses that have caused any significant
    problem this year exploit security holes/features that have had official
    patches released by MS months before they become a big problem... like MS
    Blaster... The patch was released in early July. The virus hit big time
    towards the end of August. People should try updating their OS as well!

    Even more alarming is that the domain name in your virus sig exists!

    Ahh... those script kiddies!

    Anyway...

    Adam





    See More: rip off (now totally OT)




  2. #2
    G.T
    Guest

    Re: rip off (now totally OT)

    Hello,

    > patches released by MS months before they become a big problem... like MS
    > Blaster... The patch was released in early July. The virus hit big time
    > towards the end of August. People should try updating their OS as well!

    What ? The Blaster worm ran on early August, as I was informed by my ISP on
    08/15/2003. I had some friends' computers to clean up on 08/13 (being myself
    under W98 I had no problem).
    The M$ patch was a joke... Having to clean up a computer running W2k and
    searching this f**king patch showed me that the hole (FYI, port 135 being
    opened, no one knows why) was present since Win NT4 (released late '95-early
    '96). So what ?
    And support for W2k SP2+ only, had SP1 stations, had to order the (free) SP4
    update CD, wait for it (4 weeks) and then only install the patch...
    Why waiting, say, 6 years before pathing a safety hole ? Did they really
    change everything with XP, as they said ? Obviously not, since this matter
    existed for ages.

    OK, a bit OT, but see : your example was not a good one, IMO.

    Regards,
    G.T
    [email protected]
    205 Diesel & turbo-Diesel : http://205d.fr.st





  3. #3
    Adam Greatrix
    Guest

    Re: rip off (now totally OT)

    "G.T" <[email protected]> wrote in message
    news:[email protected]
    > What ? The Blaster worm ran on early August, as I was informed by my ISP

    on
    > 08/15/2003. I had some friends' computers to clean up on 08/13 (being

    myself
    > under W98 I had no problem).


    Yeah, but the patch was available in early July. Windows 98 is not immune,
    but you do have to install a program that also installs the DCOM Endpoint
    Mapper, Visual Studio for one example.

    > The M$ patch was a joke... Having to clean up a computer running W2k and
    > searching this f**king patch showed me that the hole (FYI, port 135 being
    > opened, no one knows why) was present since Win NT4 (released late

    '95-early
    > '96). So what ?


    I know why that port is open... Port 135 is open as it's used by the DCOM
    RPC Endpoint Mapper (or Service Control Manager) for several things. One is
    as an initial connection and negotiation point to establish what higher
    ports other DCOM services are running on (such as the net messenger
    service). It is similar to what port 111 does on Sun Unix machines. However,
    although many programs are DCOM aware, I'm yet to come across many that are
    dependent on it to run. One of the first things I do after installing a new
    OS is to shutdown services that I'm not going to use, or don't want to be
    used. DCOM is one of them. No point in having them running and taking up
    resources if you're not going to use them.

    Another thing I would do is make sure that a firewall, somewhere, is
    blocking (among many other things) 135 to 139 from the internet. This might
    be a firewall on my local machine (such as ZoneAlarm Pro), a hardware
    firewall, or the ISPs firewall. Most *decent* ISPs will block a port for you
    if you ask them nicely. It is extremely rare that you'd want ports 135 to
    139 open to the internet.

    Yes, the vulrnarability has existed for ages. But then so has to knowledge
    to block 135 to 139 from everything but your intranet for the same amount of
    time. However, what the REAL problem is that using a specially crafted
    message sent to this port you can overflow the buffer and execute arbitary
    code. This wasn't discovered until recently, and it was only a very short
    time before MS released the patch. The patch doesn't close port 135, it just
    stops the buffer overflow. Port 135 is still needed.

    > Did they really change everything with XP, as they said ? Obviously not,

    since this matter
    > existed for ages.


    No, those services still have an important role to play. However, the
    standard internet connection firewall that is active by default on Windows
    XP can block these ports.

    > OK, a bit OT, but see : your example was not a good one, IMO.



    Yes, but that's based on your incorrect assumption that the problem was that
    port 135 is open (and has been for many years). This was not the problem.
    The problem was the buffer overflow you can cause if you do very bizarre
    things to this port. To use an analogy, it would be like saying cars have
    tyres (we've known this for years), and somebody a few years later realised
    that you can mess up a car if you stab a knife through the tyre. The problem
    is not the tyre, nor would people start saying cars should never have had
    tyres - they need them. The problem is the fact that somebody thought up a
    way to maliciously exploit the fact that cars have tyres. If it became a big
    enough problem then tyre manufacturers may then make their tyres knife proof
    (in the same way MS fixed the buffer overflow problem). But it would be
    unfair to say that tyres have existed for many years and hence should have
    been made knife proof from the start. Some things just aren't that obvious.
    It took well over half a decade for somebody to figure out this exploit of
    port 135.

    Adam





  • Similar Threads