[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: intruders [Fw: Today's WinInfo: July 12]



PureBytes Links

Trading Reference Links

<x-html><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3401" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>To clear some myths..........................</FONT></DIV>
<DIV><FONT size=2></FONT>&nbsp;</DIV>
<DIV><FONT size=2>For as long as you do not "Share" any files, disks, 
printers,&nbsp;folders or even Net-adapters, you are save from</FONT></DIV>
<DIV><FONT size=2>anyone entering </FONT><FONT size=2>your PC.</FONT></DIV>
<DIV><FONT size=2>
<DIV><FONT size=2>If you haven't done any of the&nbsp;file, folder, disk, 
printer and netadapter </FONT><FONT size=2>sharing (also in the Control Panel's 
Nethood/</FONT></DIV>
<DIV><FONT size=2>Networking and the Win95/98 Context Menu's options for 
"Sharing", then no-one can intrude onto your PC</FONT></DIV>
<DIV><FONT size=2>with you in command (and as otherwise is described in the 
article below).</FONT></DIV></FONT></DIV>
<DIV><FONT size=2>This "Sharing", apart from the Control Panel's Nethood and the 
Win95/98 Context Menu's options,</FONT></DIV>
<DIV><FONT size=2>are privaleges you can also set for any of the "Users" 
of&nbsp;your PC's Windows sessions. </FONT><FONT size=2>The program&nbsp;to do 
so</FONT></DIV>
<DIV><FONT size=2>is "C:\Windows\Poledit.exe".</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT size=2>The above is for Win95/98 only, for as WIN-NT4/2000 requires a 
top secret "NTconfig.pol" file stored on server for</FONT></DIV>
<DIV><FONT size=2>setting the&nbsp;"Sharing of the Network's NetHood, Server 
and&nbsp;WKS's </FONT><FONT size=2>files, folders, printers and 
disks".</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT size=2>Regards,<BR>Ton Maas<BR><A 
href="mailto:ms-irb@xxxxxxxxxxxxx";>ms-irb@xxxxxxxxxxxxx</A><BR>Dismiss the 
".nospam" bit (including the dot) when replying.<BR><BR><BR></FONT><FONT 
size=3>___________________________________________________________________________<BR><BR>WinInfo: 
Windows news and information -- Copyright (c) 1995-9 Paul Thurrott<BR>Visit 
WinInfo on the Web at WUGNET: <A 
href="http://www.wugnet.com/wininfo";>http://www.wugnet.com/wininfo</A><BR>___________________________________________________________________________<BR><BR>Today's 
WinInfo:<BR>&nbsp; Microsoft challenges BackOrifice myths<BR>&nbsp; Microsoft 
bringing USB hardware to the Macintosh<BR><BR><BR>Microsoft challenges 
BackOrifice myths<BR><BR>With the release this week of Windows NT hacking tool 
"BackOrifice 2000,"<BR>Microsoft has launched an informational campaign of its 
own, designed to<BR>derail myths about the malicious program. According to a 
report on<BR>Microsoft's Security Advisor Web site, BackOrifice 2000 is a remote 
control<BR>application that must be stealthily installed so that attackers can 
take<BR>over a Windows NT-based network. The program enables remote hackers to 
do<BR>anything they could do were they to be logged onto the machine locally: 
Run<BR>programs, delete files, and the like.<BR><BR>"BackOrifice 2000 is a 
remote-access tool that was developed with the intent<BR>of harming users," says 
Jason Garms, the lead product manager for Windows NT<BR>security at Microsoft. 
"It is a tool that has no legitimate purpose other<BR>than exposing users' 
machines to people on the Internet. Users who are<BR>tricked into getting this 
thing installed on their system are vulnerable to<BR>the attacker, who can then 
do anything that the victim can do--move the<BR>mouse, open files, run programs, 
etc.--which is little different from what<BR>legitimate remote-control software 
can do. Back Orifice, however, is<BR>designed to be stealthy and evade detection 
by the user."<BR><BR>For BackOrifice to find its way onto your system the hacker 
must have<BR>physical access to the machine with a valid login or you must be 
tricked<BR>into installing it; typically this is accomplished by sending users 
the<BR>program as an email attachment that must be executed. To prevent 
this<BR>program from taking over your system, just use common sense: Always run 
an<BR>anti-virus program with up-to-date virus definitions and don't let 
anyone<BR>gain unauthorized physical access to your machine. Perhaps most 
importantly,<BR>don't execute email attachments from unknown people.<BR><BR>One 
of the biggest myths perpetrated by the makers of BackOrifice is that<BR>program 
takes advantage of security inadequacies that are inherent in<BR>Windows and 
Windows NT. This is simply not true: BackOrifice could have been<BR>written to 
attack *any* kind of computer system. The hackers that wrote it<BR>simply 
decided to attack Windows, which is the most popular computing<BR>platform by 
far. In fact, as Microsoft notes, BackOrifice doesn't actually<BR>target Windows 
per se at all: It targets users, who often don't understand<BR>security issues 
well enough to not execute email attachments from 
unknown<BR>sources.<BR><BR>Another common myth centers on the goal for 
BackOrifice: In an attempt to<BR>protect themselves from legal problems, the 
creators of BackOrifice are<BR>pretending that it is a legitimate remote control 
application. However, this<BR>is not the case: BackOrifice is designed to escape 
detection and exceeds the<BR>needs of remote control software. And it doesn't 
prompt the user when it<BR>installs on the system.<BR><BR>"The creators [of 
BackOrifice] claim that this is a useful administration<BR>tool, but it doesn't 
even prompt people when it installs itself on the<BR>system. It doesn't warn 
them that it's getting installed. And, once it's<BR>installed, it makes the 
system available to other people on the Internet.<BR>That is a malicious act," 
says Garms. "I am personally unaware of any major<BR>customers of ours who 
consider this to be a remote administration tool as<BR>the folks who created it 
claim. Quite the contrary, they consider it a piece<BR>of malicious code. 
Unfortunately, there are some users who were duped by the<BR>press releases from 
the organization that released the software, and did<BR>install it on their 
systems."<BR><BR>For more information about Microsoft's response to BackOrifice 
2000, please<BR>visit the Microsoft Security Advisor Web site:<BR>&nbsp; <A 
href="http://www.microsoft.com/security/bulletins/bo2k.asp";>http://www.microsoft.com/security/bulletins/bo2k.asp</A><BR><BR><BR><BR><BR>Microsoft 
bringing USB hardware to the Macintosh<BR><BR>Microsoft Corporation will 
announce the availability of its first USB<BR>hardware for the Macintosh, the 
IntelliMouse Explorer, a "no ball" mouse<BR>that the company will release this 
fall for Windows as well. According to<BR>rumors, Microsoft will also be porting 
other USB hardware to the Macintosh,<BR>including possibly all of the company's 
joystick/entertainment hardware,<BR>such as the FreeStyle Pro GamePad and the 
Sidewinder Precision Pro joystick.<BR><BR>Expect an official announcement from 
Microsoft at MacWorld New York 
next<BR>week.<BR><BR>___________________________________________________________________________<BR><BR>Visit 
WinInfo on the Web at WUGNET: <A 
href="http://www.wugnet.com/wininfo";>http://www.wugnet.com/wininfo</A><BR><BR>To 
unsubscribe from the WinInfo list, simply send an E-mail message to<BR><A 
href="mailto:listserv@xxxxxxxxxxxxxxxxxxxx";>listserv@xxxxxxxxxxxxxxxxxxxx</A> 
with the phrase "unsubscribe wininfo" (no<BR>quotes) in the body. If you are 
having problems unsubscribing or any other<BR>problems with the list, please 
write Keith Furman at <A 
href="mailto:listadmin@xxxxxxxxxx";>listadmin@xxxxxxxxxx</A>.<BR>___________________________________________________________________________<BR></DIV></FONT></BODY></HTML>
</x-html>From ???@??? Tue Jul 13 20:43:16 1999
Return-Path: <majordom@xxxxxxxxxxxxxxxxxx>
Received: from listserv.equis.com (listserv.equis.com [204.246.137.2])
	by purebytes.com (8.8.7/8.8.7) with ESMTP id RAA15868
	for <neal@xxxxxxxxxxxxx>; Tue, 13 Jul 1999 17:13:17 -0700
Received: (from majordom@xxxxxxxxx)
	by listserv.equis.com (8.8.7/8.8.7) id HAA29980
	for metastock-outgoing; Wed, 14 Jul 1999 07:59:42 -0600
X-Authentication-Warning: listserv.equis.com: majordom set sender to owner-metastock@xxxxxxxxxxxxx using -f
Received: from freeze.metastock.com (freeze.metastock.com [204.246.137.5])
	by listserv.equis.com (8.8.7/8.8.7) with ESMTP id HAA29976
	for <metastock@xxxxxxxxxxxxxxxxxx>; Wed, 14 Jul 1999 07:59:39 -0600
Received: from basecamp1.netquest.net (netquest.net [204.140.219.1])
	by freeze.metastock.com (8.8.5/8.8.5) with ESMTP id RAA03300
	for <metastock@xxxxxxxxxxxxx>; Tue, 13 Jul 1999 17:46:10 -0600 (MDT)
Received: from p400 (dsl0037.netquest.net [206.117.109.37]) by basecamp1.netquest.net (8.8.8/8.8.6) with SMTP id QAA02631 for <metastock@xxxxxxxxxxxxx>; Tue, 13 Jul 1999 16:33:23 -0700 (PDT)
From: "Guy Tann" <grt@xxxxxxxxxxxx>
To: <metastock@xxxxxxxxxxxxx>
Subject: RE: intruders
Date: Tue, 13 Jul 1999 16:33:21 -0700
Message-ID: <001e01becd88$182e81e0$256d75ce@xxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
In-Reply-To: <378B9FCD.1A9934CF@xxxxxxxxxxxxx>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
Sender: owner-metastock@xxxxxxxxxxxxx
Precedence: bulk
Reply-To: metastock@xxxxxxxxxxxxx
Status:   

Vitaly

Worked for me as well.  I didn't do the download yet since I want to make
sure it isn't hacked.  I'm using IE5.0.

As an aside, for visiting their site they gave me a copy of Bonzi Buddy
(7+Mb) which took a whole couple of minutes at DSL speed (784kbs) to
download.

Thanks

Guy


-----Original Message-----
From:	owner-metastock@xxxxxxxxxxxxx [mailto:owner-metastock@xxxxxxxxxxxxx]
On Behalf Of Vitaly Larichev
Sent:	Tuesday, July 13, 1999 1:22 PM
To:	metastock@xxxxxxxxxxxxx
Subject:	Re: intruders

Walter Lake wrote:

>...If anyone ... can't get through to Bonzi (none
>..of the addresses work for me) ...

The following works for me all right (on Netscape 4.6):
http://www.bonzi.com/intruderalert/ia99.asp

Cheers, Vitaly