-Caveat Lector-
----Original Message Follows----
From: "Don Carnage" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: utanews: Security on Cable and DSL...
Date: Tue, 24 Oct 2000 15:51:16 -0000
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
...
However, there are some simple ways to make your broadband connection
a little bit less like swiss cheese:
1) Disable file sharing and remote login - Running Windows? Take a
look for any folder or file with that little hand icon, and un-share
them. Even better, just go into Control Panel -> Network and shut it
off completely. Don't think passwords on your shares will help you,
as a recent bug was discovered in Win9X share-level password
protection where a one-byte character string can be used to bypass a
protected share should that byte happen to match the first byte of
the actual password. If you're on Linux/*BSD, for the love of Bob
shut off NFS, ftpd, telnetd, Apache, and the like until you know what
you're doing! Can you say "backdoor"? Even experienced admins leave
the occasional hole, and default installs aren't often known for
being secure (OpenBSD people, stuff it while I make a point for
everyone else:).
2) Don't let anything run automatically - Java and ActiveX in IE and
Netscape installing and running automagically? Kill it. Auto-DCC in
IRC clients? Un-auto it. Run attachments on preview in Outlook, or
run macros in Word documents? You know the drill. Don't let a damn
thing run automatically unless you actually know what's taking place.
If I ever see LIFE-STAGES.TXT offered to me by DCC again, I'm going
to reach through the monitor and shove a virus scanner up the patoot
of the victim. The world doesn't need another Melissa or backdoor
being passed around just by opening an e-mail in a brain-dead-by-
default program.
3) Check for patches and follow directions - MS didn't tell people to
change their Outlook settings while it took them a month to patch the
program in the wake of ILOVEYOU because it was fun for everyone. Red
Hat isn't releasing megs of updates for Red Hat 7 so you can sit
there and kvetch about buggy .0 releases. You don't think the latest
macro virus craze can get you? Think again, spam-boy; why do you
think Unix/Linux vendors have been going batshit looking for format
string holes in their software offerings? The exploits may be merely
theoretical, but it's best to close them up before the theoretical
becomes practical (with apologies to the L0pht).
4) Extra steps if you're really careful and/or paranoid - Old
486: $50. Geek on a caffeine high: $5, $0 if s/he's already jacked on
coffee. OpenBSD or Slackware burned on a CD: $0. A kickass firewall to
confound the kiddiez with the latest 'sploits and nmap: priceless.
5) Ignore the DSL/cable pissing contest - Nothing to see here, move
along...
I'm glad to say most cable installers where I live have a brain, and
hence make sure filesharing is turned off in Win9x when they set up
your system. Linux/BSD geeks usually have to take matters into their
own hands, but most usually know enough to at least kill nfsd and
ftpd if they're not going to be used. (Incidentally, this is also why
Red Hat and others need to stop enabling every conceivable service by
default.)
Closing your box off to kiddies is acutallly pretty easy. However,
back-patting fluff like this Excite dropping does way more harm than
good by instilling that false sense of security that leads people to
think its OK to let attachments run automatically, or leave all those
services running on their new Mandrake box. Hard advice is better
than press releases and misrepresenting technologies as security
measures.
http://www.slip.net/~knabb/index1.htm
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
<A HREF="http://www.ctrl.org/">www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance—not soap-boxing—please! These are
sordid matters and 'conspiracy theory'—with its many half-truths, mis-
directions and outright frauds—is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
<A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of
[EMAIL PROTECTED]</A>
http:[EMAIL PROTECTED]/
<A HREF="http:[EMAIL PROTECTED]/">ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
