On 30-jan-04, at 7:20, Alexei Roudnev wrote:
Second problem is directory structure. In Unix, when I configure IDS
(osiris
or Tripwire or Intact), I can just be sure, that 'bin' and 'etc' and
'sbin'
and 'libexec' directories does not have any variable files - all
non-static
files are in /var
On Fri, 30 Jan 2004, Iljitsch van Beijnum wrote:
Actually IMO putting all their crap in their own dir is a feature
rather than a bug. I really hate the way unix apps just put their stuff
all over the place so it's an incredible pain to get rid of it again.
Putting all crap in the working
On Wed, Jan 28, 2004 at 07:37:09PM -0800, [EMAIL PROTECTED] said:
Scott Francis [EMAIL PROTECTED] wrote:
I've been wondering lately, after about 10 years of email worms spreading in
exactly the same manner with every incarnation ... why do you think people
haven't learned not to open
Most Windows boxes are running with administrative privledges. That makes
Windows a willing accomplice. The issue isn't that people click on
attachments, but that there are no built in safeguards from what happens
next.
This is problem #1. Unfortunately, Windose is too complex and have
On Wed, 28 Jan 2004, Alexei Roudnev wrote:
Most Windows boxes are running with administrative privledges. That makes
Windows a willing accomplice. The issue isn't that people click on
attachments, but that there are no built in safeguards from what happens
next.
This is problem
Please pardon my ignorance, but I am *mightily* confused.
In a message from Michel Py is the following:
snip
and ISTR one patch for Outlook 2000 that blocked
your ability to save executables was released)
It default in Outlook XP and Outlook 2003, which has prompted large
numbers of
Christopher Bird wrote:
Please pardon my ignorance, but I am *mightily* confused.
In a message from Michel Py is the following:
snip
and ISTR one patch for Outlook 2000 that blocked
your ability to save executables was released)
It default in Outlook XP and Outlook 2003, which has
On Thu, 29 Jan 2004 07:41:20 -0500 (EST), you wrote:
...
When NTFS came out an ordinary user could not write the system directory
tree Hence most users are running as Administrator or equivalent so that
they can write into the system tree. This was a bad design decision by
MS _and_ application
[EMAIL PROTECTED] wrote:
But, regardless, Win2K and WinXP do have restricted-user
modes that tie this stuff down quite well. They tend to
be used in corporate environments.
Indeed, and the one reason being that the last thing the IT staff wants
is users installing apps, because even if the
In-line...
Christopher Bird wrote:
Please pardon my ignorance, but I am
*mightily* confused.
Vivien M. wrote:
and ISTR one patch for Outlook 2000 that blocked
your ability to save executables was released)
Michel Py wrote:
It default in Outlook XP and Outlook 2003, which
has prompted
: They rate of it is quite surprising. By the description, the trick /
: method of infection does not seem all that different than past worms
: viri. Makes me wonder how many people in a room would reach into their
: purse/pocket on hearing, Wallet inspector
Every single person
On Mon, Jan 26, 2004 at 09:00:40PM -0500, [EMAIL PROTECTED] said:
We are seeing 2 wide spread worms right now, mydoom and dumaru.*
NAI has info at
http://vil.nai.com/vil/content/v_100983.htm
and
http://vil.nai.com/vil/content/v_100980.htm
They rate of it is quite surprising.
I've been wondering lately, after about 10 years of email worms spreading in
exactly the same manner with every incarnation ... why do you think people
haven't learned not to open unexpected attachments yet? It would seem to me
that even the most clueless user would modify his/her behavior after,
Anyone heard/seen press coverage that labeled it A Microsoft worm
vice computer worm..???
NPR, nyet; pcworld.com, nyet; NYT, nyet.
WashPost buried it 75% of the way in:
The virus was written to run on Windows software, and the
worm could not be launched by users of other
At 07:17 AM 1/28/2004 -0800, Scott Francis wrote:
I've been wondering lately, after about 10 years of email worms spreading in
exactly the same manner with every incarnation ... why do you think people
haven't learned not to open unexpected attachments yet? It would seem to me
that even the most
Dave Temkin wrote:
snip
So? Had the virii been an application compiled for RedHat and
everyone ran RedHat instead of Windows and they downloaded it using
Evolution and double clicked on it, it would suddenly be RH's fault
instead of MIcrosoft's? Or is it sendmail's fault because it was
listening
: So? Had the virii been an application compiled for RedHat and
: everyone ran RedHat instead of Windows and they downloaded it using
: Evolution and double clicked on it, it would suddenly be RH's fault
: instead of MIcrosoft's?
I suspect the skill set/clue of RH users is at least an order
It's not completely the fault of anything except the end-user. It's like
the Jimmy Buffet song says:
Evolution is mean, there's no dumbass vaccine
scott
On Wed, 28 Jan 2004, Dave Temkin wrote:
: : They rate of it is quite surprising. By the description, the trick
: :
On Jan 28, 2004, at 11:56 AM, james wrote:
: So? Had the virii been an application compiled for RedHat and
: everyone ran RedHat instead of Windows and they downloaded it using
: Evolution and double clicked on it, it would suddenly be RH's fault
: instead of MIcrosoft's?
I suspect the skill
RedHAT do not allow to run an attachment, even if attachment wish to be
runned - it uses 'x' flag which is not attachment's attribute. Linus useers
are niot Administrator's, so virus can not infect the whole system,... Etc
etc
(Why RedHAT? It is the worst Lunux amongs all. Use SuSe or
On Wed, Jan 28, 2004 at 12:07:36PM -0500, Patrick W.Gilmore said something to the
effect of:
On Jan 28, 2004, at 11:56 AM, james wrote:
Not sure why that is the case. Web browsers know better than to
execute things, or at least to execute them in a sandbox, and there
seems to be much
Unfortunately, Microsoft products seem to have a default which is set to hide
file extensions and to make it very difficult to see 'multiple extensions' like
the '.docmany spaces.pif' in the current worm, it is somewhat easier to dress
a vampire in gerbil clothing in these systems than in others.
On Wednesday 28 January 2004 08:37, Dave Temkin wrote:
So? Had the virii been an application compiled for RedHat and
everyone ran RedHat instead of Windows and they downloaded it using
Evolution and double clicked on it, it would suddenly be RH's fault
instead of MIcrosoft's?
If RedHat, by
: Also, for reference to other people - the preview pane does *not* allow
: the execution of attachments unless they're double-clicked on and
: acknowledged. Again - we're not talking about another OS or Outlook
: exploit, only a stupid user exploit.
The feature has been fixed but it **did** at
: Also, for reference to other people - the preview pane does *not*
allow
: the execution of attachments unless they're double-clicked on and
: acknowledged. Again - we're not talking about another OS or Outlook
: exploit, only a stupid user exploit.
The feature has been fixed but it **did**
: What's that got to do with today?
I might be reaching here, but I understand some people never upgrade or patch.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
james
Sent: Wednesday, January 28, 2004 4:02 PM
To: [EMAIL PROTECTED]
Subject: Re: Misplaced flamewar... WAS: RE: in case nobody else noticed
it, there was a mail worm released today
: What's
Scott Francis [EMAIL PROTECTED] wrote:
I've been wondering lately, after about 10 years of email worms spreading in
exactly the same manner with every incarnation ... why do you think people
haven't learned not to open unexpected attachments yet?
Blaming it on end users is one way to look at
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Roger Marquis
Sent: January 28, 2004 10:37 PM
To: [EMAIL PROTECTED]
Subject: Re: in case nobody else noticed it, there was a mail
worm released today
(Note: I really do not want
At 11:05 PM 1/28/2004 -0500, Vivien M. wrote:
Let me put it this way: if you know one bank has 100 million dollars in the
vault, and another has 5000 dollars, wouldn't you expect most of the bank
robbers to focus on robbing the first bank, irrelevant of whether the first
bank's fault is better
On Wed, 28 Jan 2004, Vivien M. wrote:
And, care to tell me why, as someone else pointed out, if I were to switch
to Evolution on your random GNU/Linux distribution, someone couldn't write a
similar worm.
Rhetorical questions illustrate a lack of technical rational, thanks.
But do re-read the
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Roger Marquis
Sent: January 28, 2004 11:31 PM
To: [EMAIL PROTECTED]
Subject: RE: in case nobody else noticed it, there was a mail
worm released today
The reason they don't do it is
because
Vivien M. wrote:
Someone made the argument to me privately that the
problem is that MS lets you run attachments from
Outlook, while other clients would require you to
save the files to disk. That's not a solution: if
these people are like my parents used to be, they'd
dutifully save the
I suspect the skill set/clue of RH users is at least an order
higher that windows users.
really, based on experience that would be surprising, rh is now so easy to get
and install, securing it is still problematic for most users
The main problem I see is many e-mail readers default to
This lovely little worm will start beating on the door at www.sco.com come
Feb 1/04. Interesting huh?
At 09:01 PM 26/01/2004 -0500, Wojtek Zlobicki wrote:
The worm is being talked about on news.com and all the major virus vendors
already have advisories on their websites. The worm in my case
This lovely little worm will start beating on the door at www.sco.com come
Feb 1/04. Interesting huh?
Wonder if we should all be proactive to prevent the DoS attack,
and drop the A records for www.sco.com now? Just in case any
customers' clocks are set forward ;-)
This virus, so far, has
: They rate of it is quite surprising. By the description, the trick /
: method of infection does not seem all that different than past worms
: viri. Makes me wonder how many people in a room would reach into their
: purse/pocket on hearing, Wallet inspector
Every single person that still
Paul Vixie [1/27/2004 7:22 AM] :
my copies (500 or so, before i filtered) are in a ~7MB gzip'd mailbox file
called http://sa.vix.com/~vixie/mailworm.mbox.gz (plz don't fetch that unless
you need it for comparison or analysis). there's a high degree of splay in
the smtp/tcp peer address, and the
We are seeing 2 wide spread worms right now, mydoom and dumaru.*
NAI has info at
http://vil.nai.com/vil/content/v_100983.htm
and
http://vil.nai.com/vil/content/v_100980.htm
They rate of it is quite surprising. By the description, the trick /
method of infection does not seem all that
The worm is being talked about on news.com and all the major virus vendors
already have advisories on their websites. The worm in my case masqueraded
as a Mailer Daemon bounce. Source email address appeared to be valid and
matching a domain of a website I visited recently (but have not for a
40 matches
Mail list logo