[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Computer security


  • To: "Omega Listserver" <omega-list@xxxxxxxxxx>
  • Subject: Re: Computer security
  • From: "Glen Wallace" <gcwallace@xxxxxxxx>
  • Date: Thu, 14 Oct 1999 10:37:12 -0700
  • In-reply-to: <199910141548.JAA22780@xxxxxxxxxxxxxxx>

PureBytes Links

Trading Reference Links

I believe the site you mentioned, Gary, tests only the NetBIOS ports for
sharing.  This is an important weakness to test for, but is only the
beginning.  More sophisticated weaknesses and trojans can be identified by a
more comprehensive suite of tests like:

http://www.dslreports.com/  (Requires registration, and then click
     Secure-Me. I think the first test is still free)
http://www.e-softinc.com/  (Click on Desktop Audit)

Those using cable modems and DSL connections and those who collect data
across the internet should seriously consider a firewall and a good
anti-virus/trojan application.  Also, upgrade your IE5 regularly  --  there
have been a lot of security flaws identified and fixed recently.

This is a very serious issue.  My firewall frequently logs and blocks port
scans and NetBus and Back Orifice attempts.  And I'm still concerned about
the nasty stuff I can't prevent getting through.  One can only imagine
what's happening to you guys with no protection.

Regards.


----- Original Message -----
From: Gary Fritz <fritz@xxxxxxxx>
To: RealTraders Discussion Group <realtraders@xxxxxxxxxxxx>;
<omega-list@xxxxxxxxxx>
Sent: October 14, 1999 08:49
Subject: Re: Computer security

> I believe this will be of interest to all, especially given the
> discussion going on in RT recently.
>
> Yesterday, while digging into security issues, I found several sites
> that actively probe your system to test its security.  The one at
> http://grc.com seems to be one of the best.  Among other things, it
> includes an eye-opening (and absolutely terrifying) explanation of
> exactly what hackers can do to most systems, and how easily they can
> do it.
>
> Then, just this morning I got this referral to it in the latest
> LangaList, which is a newsletter put out by former BYTE and PCMag
> editor/columnist Fred Langa.
>
> Enjoy!  And may your system be safe.  Let's be careful out there!
>
> Gary
>
> ==============================================================
>
> From the LangaList:
>
> FREE Internet Security Check
>
> Steve Gibson is a very smart and prolific guy--- he's been
> producing very cool, very useful software for, gosh, 15
> years or more now.
>
> A lot of his stuff takes a unique spin or tack at solving
> problems, and often does a better job than some of the more
> widely-know apps from the giant software houses.
>
> Last week, I got a note from Steve describing a new free
> service he's offering:
>
>      Hey Fred,
>      I wanted to apprise you of my just-this-instant
>      finished contribution to the Internet-connected
>      Windows-based personal computer community:
>      http://grc.com/x/ne.dll?bh0bkyd2   or
>      http://grc.com/ShieldsUp
>
>      When I recently switched my office from ISDN to
>      DSL (our servers live on an off site T1 trunk), I
>      did some research into the insecurity of typical
>      Windows-based Internet connections ... which is
>      exacerbated by "persistent" connections to the Net
>      such as those now being established by DSL and
>      Cable Modem technologies. I was SHOCKED by the
>      number of people with insecure connections, and
>      then by the ease with which Internet scanners can
>      find, target, and penetrate their systems. (This
>      is all documented in tutorial form on my new web
>      site, but you can quickly peek here: <
>      http://grc.com/su-nbscan1.htm > and also here <
>      http://grc.com/su-nbscan2.htm >)
>
>      On Friday of Labor Day weekend (9/3) I realized
>      that when someone came to my web server, their
>      connection gave me the IP address of their
>      machine. This meant that I could perform an ACTIVE
>      SECURITY ANALYSIS of their system on the spot and
>      display the results as a web page. So I started
>      coding and the concept grew into a comprehensive,
>      free service and extensive tutorial -- including
>      some freeware -- to quickly secure ANY Windows
>      system.
>
>      Given the inherent "default" insecurity of most
>      Windows connections -- and the significant
>      financial gain possible for intruders who can now
>      easily install keystroke-monitoring Trojans into
>      people's computers to capture online banking
>      passwords, account numbers, etc. then eMail the
>      results -- I worry that Internet Intrusion and
>      Theft is a "growth industry." So I think this is a
>      VERY important message to get out to the
>      population at large.
>
>      The ratios of exposure as shown by the graphs on
>      the visitor history page demonstrate the extent of
>      the problem! http://grc.com/x/ne.dll?bh1akydu
>      If you agree and wanted to help me spread the word
>      that would be totally terrific!
>
> Steve's site attempts to sniff back through your internet
> connection and will show you everything it can find out
> about your system, your files, your printer and so on.