Re: Então Ubuntu vem com spyware?
Acho que o problema é que isso é configuração default do systemd, e o mantenedor não quer ficar mexendo no fonte e alterando. Não por falta de conhecimento, mas pra entregar o systemd mais próximo do que existe direto do repositório. Abs, Helio Loureiro http://helio.loureiro.eng.br http://br.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro http://gplus.to/helioloureiro Em 6 de julho de 2015 22:38, Rodolfo rof20...@gmail.com escreveu: Bom, eu concordo com o que o Chystopher, de que deixaria a escolha do usuário qual DNS usar. Em 6 de julho de 2015 16:36, Leandro Henrique Stein leandro.h.st...@gmail.com escreveu: Li a discussão inteira do bug. E fica claro que a decisão é pessoal do mantenedor do pacote, de colocar o DNS do google como padrão. O que achei pior é a posição dele, de mesmo com vários usuários sendo a favor da retirada e só ele contra, de querer levar isso à um DD para que este decida a posição do Debian sobre o tema. Leandro Henrique Stein Analista de Informática Claro: (41) 9935-9960 Skype: leandro.h.stein Twitter: @leandrohstein Desculpar-se é um sinal de fraqueza. Exceto entre amigos - Leroy Jethro Gibbs Em 06/07/2015 17:06, Fred Maranhão fred.maran...@gmail.com escreveu: Em 6 de julho de 2015 13:12, Guimarães Faria Corcete DUTRA, Leandro l...@dutras.org escreveu: 2015-07-06 11:42 GMT-03:00 Fred Maranhão fred.maran...@gmail.com: difícil de defender o debian neste caso. Por quê? por que para mim parece entregar dados de navegação. nada contra, se você não se importa. cada um decide o que vai entregar ou não para o google ou para outra empresa. meu email principal mesmo é gmail. mas o problema é que vem por default. -- skype:leandro.gfc.dutra?chat Yahoo!: ymsgr:sendIM?lgcdutra +55 (61) 3546 7191 gTalk: xmpp:leand...@jabber.org +55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803 BRAZIL GMT−3 MSN: msnim:chat?contact=lean...@dutra.fastmail.fm -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/capr829nynox0_-8yh8vbtmc-kyfmt4wqo78w7wzj_-ltjxg...@mail.gmail.com
Então Ubuntu vem com spyware?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658 Que coisa... Abs, Helio Loureiro http://helio.loureiro.eng.br http://br.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro http://gplus.to/helioloureiro
Re: Então Ubuntu vem com spyware?
Li a discussão inteira do bug. E fica claro que a decisão é pessoal do mantenedor do pacote, de colocar o DNS do google como padrão. O que achei pior é a posição dele, de mesmo com vários usuários sendo a favor da retirada e só ele contra, de querer levar isso à um DD para que este decida a posição do Debian sobre o tema. Leandro Henrique Stein Analista de Informática Claro: (41) 9935-9960 Skype: leandro.h.stein Twitter: @leandrohstein Desculpar-se é um sinal de fraqueza. Exceto entre amigos - Leroy Jethro Gibbs Em 06/07/2015 17:06, Fred Maranhão fred.maran...@gmail.com escreveu: Em 6 de julho de 2015 13:12, Guimarães Faria Corcete DUTRA, Leandro l...@dutras.org escreveu: 2015-07-06 11:42 GMT-03:00 Fred Maranhão fred.maran...@gmail.com: difícil de defender o debian neste caso. Por quê? por que para mim parece entregar dados de navegação. nada contra, se você não se importa. cada um decide o que vai entregar ou não para o google ou para outra empresa. meu email principal mesmo é gmail. mas o problema é que vem por default. -- skype:leandro.gfc.dutra?chat Yahoo!: ymsgr:sendIM?lgcdutra +55 (61) 3546 7191 gTalk: xmpp:leand...@jabber.org +55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803 BRAZIL GMT−3 MSN: msnim:chat?contact=lean...@dutra.fastmail.fm -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/capr829nynox0_-8yh8vbtmc-kyfmt4wqo78w7wzj_-ltjxg...@mail.gmail.com
Re: Então Ubuntu vem com spyware?
Em 6 de julho de 2015 13:12, Guimarães Faria Corcete DUTRA, Leandro l...@dutras.org escreveu: 2015-07-06 11:42 GMT-03:00 Fred Maranhão fred.maran...@gmail.com: difícil de defender o debian neste caso. Por quê? por que para mim parece entregar dados de navegação. nada contra, se você não se importa. cada um decide o que vai entregar ou não para o google ou para outra empresa. meu email principal mesmo é gmail. mas o problema é que vem por default. -- skype:leandro.gfc.dutra?chat Yahoo!: ymsgr:sendIM?lgcdutra +55 (61) 3546 7191 gTalk: xmpp:leand...@jabber.org +55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803 BRAZIL GMT−3 MSN: msnim:chat?contact=lean...@dutra.fastmail.fm -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/capr829nynox0_-8yh8vbtmc-kyfmt4wqo78w7wzj_-ltjxg...@mail.gmail.com
Re: Então Ubuntu vem com spyware?
pois é... difícil de defender o debian neste caso. 2015-07-06 7:41 GMT-03:00 Helio Loureiro he...@loureiro.eng.br: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658 Que coisa... Abs, Helio Loureiro http://helio.loureiro.eng.br http://br.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro http://gplus.to/helioloureiro -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAPr829=xbD-eZiKo-pydBq-pARtdyqi-+YA7r77sdvik=xp...@mail.gmail.com
Re: Então Ubuntu vem com spyware?
Não acho que ambos estejam errados. Acho que é apenas ponto de vista. O que pra alguns não é problema de vigilantismo ou invasão de privacidade, pra outros é funcionalidade. Mas essa discussão acaba com a demagogia sobre o assunto. Mas, claro, o mimimi vai continuar. Abs, Helio Loureiro http://helio.loureiro.eng.br http://br.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro http://gplus.to/helioloureiro 2015-07-06 16:42 GMT+02:00 Fred Maranhão fred.maran...@gmail.com: pois é... difícil de defender o debian neste caso. 2015-07-06 7:41 GMT-03:00 Helio Loureiro he...@loureiro.eng.br: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658 Que coisa... Abs, Helio Loureiro http://helio.loureiro.eng.br http://br.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro http://gplus.to/helioloureiro
OT: C|Net's Download.com adware, spyware, malware hijinkx.
Sorry for the cross post I hadn't seen any chatter about this on the lists. It would seem that Download.com got caught with their pants down and were re-wrapping F/OSS with their own installer and bundling adware, spyware and malware with it. NMap's author, over at insecure.org got pretty hot about it and has collected considerable information on the topic since he learned about it on Monday. http://insecure.org/news/download-com-fiasco.html http://seclists.org/nmap-hackers/2011/5 http://seclists.org/nmap-hackers/2011/6 Again, sorry for the cross post, but I know how I would feel if this were done to me (I'd be pretty pissed!) So flame me later for cross-posting and if your a software developer who also makes software for Windows users, then go and check your stuff if it's listed on download.com. So far, paint.net's software, VLC, NMap and emergeDesktop were affected. Being a part of emergeDesktop's community, I know the author their has instructed the community to not download his software from download.com, I'm not sure what steps have been taken for paint.net and VLC though. -- Chris Brennan A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting frowned upon? http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C)
Re: [OT]: possible spyware?
Am 2008-06-23 10:25:08, schrieb H.S.: Andrei Popescu wrote: Debian also has this enabled by default. See README.Debian file for openssh-server for an explanation. Thanks for that pointer. I disallow it usually though. On one or two machines on my home network, I have allowed this for custom auto rsync based backup scripts. I have sshd installed on ALL of my machines and they went never hacked even if 100% exploited to the Internet. As in the README.Debian writte, disabling root access does not give any additional security... Allow root and give it a non-guessable password for at least 16 chars. Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: [OT]: possible spyware?
2008/6/22 H.S. [EMAIL PROTECTED]: So looks like in Ubuntu root login via SSH is not disabled. But IIRC root account itself is disabled in Ubuntu. So this warning also is benign ... looks like. The root account in Ubuntu is not disabled. It is given a random password at install, but that password can be changed with a simple sudo passwd. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [OT]: possible spyware?
On Wed, Jun 25, 2008 at 03:01:02PM +0200, Dotan Cohen wrote: 2008/6/22 H.S. [EMAIL PROTECTED]: So looks like in Ubuntu root login via SSH is not disabled. But IIRC root account itself is disabled in Ubuntu. So this warning also is benign ... looks like. The root account in Ubuntu is not disabled. It is given a random password at install, but that password can be changed with a simple sudo passwd. Maybe it changed, but there used to be no password for the root account... https://help.ubuntu.com/community/RootSudo no, it hasn't changed. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: [OT]: possible spyware?
2008/6/25 Andrei Popescu [EMAIL PROTECTED]: Maybe it changed, but there used to be no password for the root account... https://help.ubuntu.com/community/RootSudo no, it hasn't changed. Nowhere does that document say that there is no password for root. what it does say is this: By default, the root account password is locked in Ubuntu. There is a root password, but the user does not know it. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [OT]: possible spyware?
On Wednesday 25 June 2008 07:42:25 am Dotan Cohen wrote: 2008/6/25 Andrei Popescu [EMAIL PROTECTED]: Maybe it changed, but there used to be no password for the root account... https://help.ubuntu.com/community/RootSudo no, it hasn't changed. Nowhere does that document say that there is no password for root. what it does say is this: By default, the root account password is locked in Ubuntu. There is a root password, but the user does not know it. There is not a root password. There is a hash for the root password, but this hash matches no possible value, meaning that there is no password (the password, in order to exist as such, would have to validate against the hash stored in /etc/shadow). What Ubuntu does is nothing special: you can see for yourself by creating a dummy account and locking its password: # passwd -l dummy-account Now, look at /etc/shadow. You will see a ! character in the password hash field. All it does is set the password hash to an exclamation point. Since this is not a valid hash, no possible string will ever unlock this account through any login manager that uses said hash. -- Lee Glidewell | PGP key: D5D686A7 [EMAIL PROTECTED] | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT]: possible spyware?
On Wed, Jun 25, 2008 at 04:42:25PM +0200, Dotan Cohen wrote: 2008/6/25 Andrei Popescu [EMAIL PROTECTED]: Maybe it changed, but there used to be no password for the root account... https://help.ubuntu.com/community/RootSudo no, it hasn't changed. Nowhere does that document say that there is no password for root. Quote (emphasis mine): Since the root account password is locked, this attack becomes essentially meaningless, since *there is no password* to crack or guess in the first place. what it does say is this: By default, the root account password is locked in Ubuntu. There is a root password, but the user does not know it. There is also specified that you can re-lock your root account (in case you enabled it) with 'sudo passwd -l root' ,[ man passwd ] |-l, --lock | Lock the named account. This option disables an account by changing the password to a value which matches no | possible encrypted value, and by setting the account expiry field to 1. ` In theory you're right, the password does have a value, but there is no way you can login using that value. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: [OT]: possible spyware?
On Wed, Jun 25, 2008 at 04:42:25PM +0200, Dotan Cohen wrote: 2008/6/25 Andrei Popescu [EMAIL PROTECTED]: Maybe it changed, but there used to be no password for the root account... https://help.ubuntu.com/community/RootSudo no, it hasn't changed. Nowhere does that document say that there is no password for root. what it does say is this: By default, the root account password is locked in Ubuntu. There is a root password, but the user does not know it. Typically, in unix-type systems, a locked account has no valid password. This is easily verified with (as root, of course) a simple `grep root /etc/shadow`: - If the field between the first and second colons contains 13 characters long and begins with two characters from: a-zA-Z0-9./ then root has a (known or unknown) password hashed with crypt (and you should probably upgrade to MD5 password hashes). - If this field is $1$ followed by 31 other characters, then root has a (known or unknown) password and is using MD5 hashes. - If this field has any other value (typically starting with * or !, although it doesn't need to), then there is no valid password for the account because no possible input could ever produce a hash which matches that value. In unix terminology, a locked account falls into the third category. Debian's passwd locks an active account (passwd -l username) by prepending a ! to the hash, making it unmatchable while also preserving the ability to unlock it (by removing the !) at a later date, but, e.g., Debian's daemon account is also considered locked with that field containing only a * which, again, creates the absence of any possible valid password. I expect this to also be true of the root password in a default Ubuntu install, but do not have an Ubuntu machine available to verify this. -- News aggregation meets world domination. Can you see the fnews? http://seethefnews.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT]: possible spyware?
2008/6/25 Dave Sherohman [EMAIL PROTECTED]: This is easily verified with (as root, of course) a simple `grep root /etc/shadow`: Thank you for correcting me. I thought that the password was randomly generated at install. Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [OT]: possible spyware?
On Sun, Jun 22, 2008 at 01:46:30PM -0400, H.S. wrote: Regarding the root login via SSH, the log says: -- [13:36:44] Checking if SSH root access is allowed [ Warning ] [13:36:44] Warning: The SSH and rkhunter configuration options should be the same: [13:36:44] SSH configuration option 'PermitRootLogin': yes [13:36:44] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no -- So looks like in Ubuntu root login via SSH is not disabled. But IIRC root account itself is disabled in Ubuntu. So this warning also is benign ... looks like. Debian also has this enabled by default. See README.Debian file for openssh-server for an explanation. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: [OT]: possible spyware?
Andrei Popescu wrote: Debian also has this enabled by default. See README.Debian file for openssh-server for an explanation. Hi, Thanks for that pointer. I disallow it usually though. On one or two machines on my home network, I have allowed this for custom auto rsync based backup scripts. Regards. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT]: possible spyware?
Hello, I was cleaning up some directories in an acquaintance's machine running Ubuntu Linux (whenever needed, I SSH to his machine from my Debian Lenny) and noticed that one of the directories had a file called ik which had this in it: - $ cat ik user un22 uyxuyx binary get postal.exe bye - Any idea what this is? From google, it appears it may be a spyware attempt. -HS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT]: possible spyware?
H.S. wrote: Hello, I was cleaning up some directories in an acquaintance's machine running Ubuntu Linux (whenever needed, I SSH to his machine from my Debian Lenny) and noticed that one of the directories had a file called ik which had this in it: - $ cat ik user un22 uyxuyx binary get postal.exe bye - Any idea what this is? From google, it appears it may be a spyware attempt. It appears to be a script of commands that could be sent to a ftp client to log into a ftp server and download a file. postal.exe certianly seems unsavory on google. No idea how it could do anything on linux though. -- see shy jo signature.asc Description: Digital signature
Re: [OT]: possible spyware?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/22/08 12:07, Joey Hess wrote: H.S. wrote: Hello, I was cleaning up some directories in an acquaintance's machine running Ubuntu Linux (whenever needed, I SSH to his machine from my Debian Lenny) and noticed that one of the directories had a file called ik which had this in it: - $ cat ik user un22 uyxuyx binary get postal.exe bye - Any idea what this is? From google, it appears it may be a spyware attempt. It appears to be a script of commands that could be sent to a ftp client to log into a ftp server and download a file. postal.exe certianly seems unsavory on google. No idea how it could do anything on linux though. But why would it be *on* a Linux box? Has he been infected with a worm or rootkit? - -- Ron Johnson, Jr. Jefferson LA USA Kittens give Morbo gas. In lighter news, the city of New New York is doomed. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhei9AACgkQS9HxQb37Xmc92wCgx2c0294iB8c6GLbVs+MjmQvp SIEAoIbddbVZwvZ5U6dYgPXTxU3A6l6f =hQLk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT]: possible spyware?
Ron Johnson wrote: But why would it be *on* a Linux box? Has he been infected with a worm or rootkit? So taking cue from your message, I ran rkhunter and got two warnings. Here they are with some context: -- Performing system configuration file checks Checking for SSH configuration file [ Found ] Checking if SSH root access is allowed [ Warning ] -- -- Performing filesystem checks Checking /dev for suspicious file types [ None found ] Checking for hidden files and directories[ Warning ] -- For hidden files and directories, the rkhunter log gave: -- [13:37:07] Checking for hidden files and directories [ Warning ] [13:37:07] Warning: Hidden directory found: /dev/.static [13:37:07] Warning: Hidden directory found: /dev/.udev [13:37:07] Warning: Hidden directory found: /dev/.initramfs [13:37:07] Warning: Hidden file found: /dev/.tmp-2-0: block special (2/0) -- Nothing suspicious here, is there? Regarding the root login via SSH, the log says: -- [13:36:44] Checking if SSH root access is allowed [ Warning ] [13:36:44] Warning: The SSH and rkhunter configuration options should be the same: [13:36:44] SSH configuration option 'PermitRootLogin': yes [13:36:44] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no -- So looks like in Ubuntu root login via SSH is not disabled. But IIRC root account itself is disabled in Ubuntu. So this warning also is benign ... looks like. -HS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Are You Ready For The Next Spyware Attack?
Learn what you need to know today from industry experts at Windows IT Pro with these Web Seminars. Each event is free, and will provide you with in-depth information to help you manage your network more effectively. If you can't make it to the live Web seminar event, register anyway to get access to the full event archive. View the full listing of upcoming events from Windows IT Pro at http://list.windowsitpro.com/t?ctl=34253:7F5CF7 -- LIVE EVENTS - Ensuring User Continuity: The User Has Evolved. Have Your IT Systems? When your systems go down, your users' productivity grinds to a halt. User downtime is one of the fastest growing concerns among businesses. This free Web seminar teaches you how to keep your users continuously connected and your business up and running. Live event: Thursday, August 24 http://list.windowsitpro.com/t?ctl=34250:7F5CF7 Incorporate Virtual Machines into Your Disaster Recovery Plan Join us for this free web seminar to learn how incorporating virtual machines into your disaster recovery plan can reduce your TCO by 50% or more, reduce hardware cost, and simplify management. Attend the live web seminar and get your questions answered by industry leaders from VMware and CA XOsoft. Live Event: Tuesday, September 19 http://list.windowsitpro.com/t?ctl=3424F:7F5CF7 -- ON DEMAND EVENTS -- Are You Ready for the Next Spyware Attack? Learn about various forms of spyware including rootkits and rootkit-like technology as well as keyloggers and other forms of malware. Industry expert Mark Joseph Edwards discuss about spyware distribution methods as and how the right anti-spyware solution can help you build a stronger defense. http://list.windowsitpro.com/t?ctl=34251:7F5CF7 Best Practices for Migrating Applications to a New Operating System Take the necessary steps for application management, from conversion of legacy applications to MSI to customizing applications to fit corporate standards. Don't overlook an important component of an OS migration - join us for the free Web seminar. http://list.windowsitpro.com/t?ctl=3424E:7F5CF7 -- SPECIAL OFFER -- Hands-on Windows OS Internals and Advanced Troubleshooting Mark Russinovich and David Solomon present their hands-on Windows internals and troubleshooting class featuring the Sysinternals tools in San Francisco (Sep 18-22). Register now at http://list.windowsitpro.com/t?ctl=34252:7F5CF7 - You received this email because you requested to receive additional information about future events from Windows IT Pro. To unsubscribe, click http://list.windowsitpro.com/u?id=84073D909B009C43F0A0FD7972A32AAA View the Windows IT Pro Privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All Rights Reserved. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Virus spyware ?
Goog le Error We're sorry... ... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected. We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software. We apologize for the inconvenience, and hope we'll see you again on Google. To continue searching, please type the characters you see below: Merhaba.Son birkac saattir actigim her yeni tab'dan google'a girmek istedigimde yukardaki sayfa cikiyor.Sizler de bu sorunu yasiyor musunuz?Debian icin kullanabilecegim ucretsiz antivirus ve de spyware programlari onerebilir misiniz ? Saygilar.Hoscakalin...
Re: OT: Windoze spyware?
on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote: Carl Fink wrote: On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote: Windoze XP box on my LAN is sending http requests to a site named movies.go.com, although there is no web client running on the XP box (at least none obvious). [major snippage] FWIW, go.com is a real, non-scam site run by Disney. Disney? The perfect cover! (2/3 wink, 1/3 paranoid) Well, for a few months there (roughly March - May) it was inordinately popular among 419 spammers, with a handful of go.com MXs becoming my second leading spam source (following KORnet). I managed to bring this to Disney's attention, the situation's improved markedly. Peace. -- Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/ What Part of Gestalt don't you understand? NBC will not be able predict the winner at 8:32 or report from 29 districts. signature.asc Description: Digital signature
Re: OT: Windoze spyware?
On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self wrote: on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote: Carl Fink wrote: On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote: [snip] Well, for a few months there (roughly March - May) it was inordinately popular among 419 spammers, with a handful of go.com MXs becoming my second leading spam source (following KORnet). I managed to bring this to Disney's attention, the situation's improved markedly. How the heck did you get a hold of them? -- - Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats. Howard Aiken, IBM engineer signature.asc Description: This is a digitally signed message part
The art of turboing (was: Re: OT: Windoze spyware?)
on Sun, Jul 17, 2005 at 11:47:17AM -0500, Ron Johnson ([EMAIL PROTECTED]) wrote: On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self wrote: on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote: Carl Fink wrote: On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote: [snip] Well, for a few months there (roughly March - May) it was inordinately popular among 419 spammers, with a handful of go.com MXs becoming my second leading spam source (following KORnet). I managed to bring this to Disney's attention, the situation's improved markedly. How the heck did you get a hold of them? See: http://www.leaders.net/for/Rick/art-of-turboing/ Googled on CIO/CTO, tested likely name combinations at their MX, and emailed _both_, thereby invoking any possible internal political issues between the two positions. Copied a number of major news organizations, and pointing to my existing cites with The New York Times, Wired, and The Register. Took another week or so, but they fixed it. I've found that this method works remarkably well for getting issues addressed. My own ISP's no-op support has resulted in my directing issues directly to its CTO as well, though I do give tier-one an opportunity to address the issue, request escalation, and notify them that I will escalate myself (with a full copy of all correspondence) if they don't. Got my GSM Cingular phone unlocked (had been told it was roamable, bought the Ericson World Phone specifically for that) when travelling in Australia a few years ago with a similar trick. Emailed the CEO directly. Phone call 5am the next morning (Sydney time). Peace. -- Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/ What Part of Gestalt don't you understand? IANAL, but from what I've read on slashdot... - File under famous last words signature.asc Description: Digital signature
Re: The art of turboing (was: Re: OT: Windoze spyware?)
on Sun, Jul 17, 2005 at 06:19:41PM -0700, Karsten M. Self (kmself@ix.netcom.com) wrote: on Sun, Jul 17, 2005 at 11:47:17AM -0500, Ron Johnson ([EMAIL PROTECTED]) wrote: On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self wrote: on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote: Carl Fink wrote: On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote: [snip] Well, for a few months there (roughly March - May) it was inordinately popular among 419 spammers, with a handful of go.com MXs becoming my second leading spam source (following KORnet). I managed to bring this to Disney's attention, the situation's improved markedly. How the heck did you get a hold of them? See: http://www.leaders.net/for/Rick/art-of-turboing/ Googled on CIO/CTO, tested likely name combinations at their MX, and emailed _both_, thereby invoking any possible internal political issues between the two positions. Copied a number of major news organizations, and pointing to my existing cites with The New York Times, Wired, and The Register. ...oh yeah, and filed a complaint with the Washington State AG's office, as Go.com's MXs appear to be located in the Seattle area, mentioning this in the email as well. I believe the shorthand reference for this is applying a sufficiently large cluebat. ...checking... No AS8137 (Infoseek) spam mails at all this month. Peace. -- Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/ What Part of Gestalt don't you understand? Rodents of unusual size? I don't think they exist. - Princess Bride signature.asc Description: Digital signature
Re: The art of turboing (was: Re: OT: Windoze spyware?)
On Sun, 2005-07-17 at 18:31 -0700, Karsten M. Self wrote: on Sun, Jul 17, 2005 at 06:19:41PM -0700, Karsten M. Self (kmself@ix.netcom.com) wrote: on Sun, Jul 17, 2005 at 11:47:17AM -0500, Ron Johnson ([EMAIL PROTECTED]) wrote: On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self wrote: on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote: Carl Fink wrote: On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote: [snip] [snip] I believe the shorthand reference for this is applying a sufficiently large cluebat. That's not a clue *bat*, that's a clue carpet bombing... -- - Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. The laws of probability, so true in general, so fallacious in particular. Edward Gibbon signature.asc Description: This is a digitally signed message part
Re: OT: Windoze spyware?
Marty wrote: This is for readers who are unfortunate enough to have more Windows administration knowledge than I. The sole Windoze XP box on my LAN is sending http requests to a site named movies.go.com, although there is no web client running on the XP box (at least none obvious). I am analyzing the LAN traffic and appreciate any ideas about where to go next. The XP box regularly runs a major brand virus and spyware checker, and it otherwise shows no signs of misbehaving. I checked the Windows Explorer history and movies.go.com has not been accessed in weeks, at least, although it is on the favorites list and has been accessed several times in the last year. I've heard all the chilling spyware stories, but this is an eye opener for the sheer volume of data being passed 24/7 to or from this box. But what data and to whom? Could be fairly innocent, but I expect any application that wants to phone home to ask me first: common courtesy. It's generally felt that no single anti-spyware program can do a proper job. Microsoft itself now does what is considered quite a good one, but you never know what deals they might do (especially with Disney, which has been mentioned) and a certain amount of money might move a program from the 'spyware' to the 'adware' category. McAfee calls them all 'potentially unwanted programs'. I use AdAware and Spybot, but I've seen problems that neither would fix. A session with the task manager, regedit and Google may be called for. Then a few reboots to make sure it doesn't sneak back. The nastier ones are even harder, but even slightly legitimate programs don't actually disable the task manager. Something that does that belongs in the 'virus' class. I might note in passing that since Win95 there has been no version that has 'no web client running', as from W98 on they all have Internet Explorer built in. IE is only too pleased to assist any passing application which would like some HTML rendered. The days when IE would run executable files if told that they were sound files are long gone, but it's still pretty gullible. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
OT: Windoze spyware?
This is for readers who are unfortunate enough to have more Windows administration knowledge than I. The sole Windoze XP box on my LAN is sending http requests to a site named movies.go.com, although there is no web client running on the XP box (at least none obvious). I am analyzing the LAN traffic and appreciate any ideas about where to go next. The XP box regularly runs a major brand virus and spyware checker, and it otherwise shows no signs of misbehaving. I checked the Windows Explorer history and movies.go.com has not been accessed in weeks, at least, although it is on the favorites list and has been accessed several times in the last year. I've heard all the chilling spyware stories, but this is an eye opener for the sheer volume of data being passed 24/7 to or from this box. But what data and to whom? Below I've pasted some tcpdump output. Thanks for any insights. # tcpdump -i eth0 |grep movies tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 18:55:59.975958 IP movies.go.com.www ibmpc.2540: . ack 3671296053 win 8192 18:55:59.976516 IP ibmpc.2540 movies.go.com.www: . ack 1 win 63732 19:01:00.057588 IP movies.go.com.www ibmpc.2540: . ack 1 win 8192 19:01:00.059724 IP ibmpc.2540 movies.go.com.www: . ack 1 win 63732 19:03:48.957857 IP ibmpc.2541 movies.go.com.www: S 3863221253:3863221253(0) win 64240 mss 1460,nop,nop,sackOK 19:03:49.054013 IP movies.go.com.www ibmpc.2541: S 1727266786:1727266786(0) ack 3863221254 win 57344 mss 1460 19:03:49.054664 IP ibmpc.2541 movies.go.com.www: . ack 1 win 64240 19:03:49.055808 IP ibmpc.2541 movies.go.com.www: P 1:539(538) ack 1 win 64240 19:03:49.204283 IP movies.go.com.www ibmpc.2541: P 1:515(514) ack 539 win 56806 19:03:49.220199 IP movies.go.com.www ibmpc.2541: . 515:1967(1452) ack 539 win 56806 19:03:49.222909 IP ibmpc.2541 movies.go.com.www: . ack 1967 win 64240 19:03:49.234411 IP movies.go.com.www ibmpc.2541: . 1967:3419(1452) ack 539 win 56806 19:03:49.330945 IP movies.go.com.www ibmpc.2541: . 3419:4871(1452) ack 539 win 56806 19:03:49.332397 IP movies.go.com.www ibmpc.2541: P 4871:4932(61) ack 539 win 56806 19:03:49.333634 IP ibmpc.2541 movies.go.com.www: . ack 4871 win 64240 19:03:49.498236 IP ibmpc.2541 movies.go.com.www: . ack 4932 win 64179 19:03:51.503424 IP ibmpc.2540 movies.go.com.www: F 1:1(0) ack 1 win 63732 19:03:51.596330 IP movies.go.com.www ibmpc.2540: . ack 2 win 56805 19:03:51.597541 IP movies.go.com.www ibmpc.2540: F 1:1(0) ack 2 win 56805 19:03:51.598137 IP ibmpc.2540 movies.go.com.www: . ack 2 win 63732 19:08:49.518574 IP movies.go.com.www ibmpc.2541: . ack 539 win 8192 19:08:49.520708 IP ibmpc.2541 movies.go.com.www: . ack 4932 win 64179 19:13:49.580800 IP movies.go.com.www ibmpc.2541: . ack 539 win 8192 19:13:49.582745 IP ibmpc.2541 movies.go.com.www: . ack 4932 win 64179 19:16:39.075708 IP ibmpc.2542 movies.go.com.www: S 4055189517:4055189517(0) win 64240 mss 1460,nop,nop,sackOK 19:16:39.169102 IP movies.go.com.www ibmpc.2542: S 2726985494:2726985494(0) ack 4055189518 win 57344 mss 1460 19:16:39.169779 IP ibmpc.2542 movies.go.com.www: . ack 1 win 64240 19:16:39.172793 IP ibmpc.2542 movies.go.com.www: P 1:539(538) ack 1 win 64240 19:16:39.314199 IP movies.go.com.www ibmpc.2542: P 1:511(510) ack 539 win 56806 19:16:39.329757 IP movies.go.com.www ibmpc.2542: . 511:1963(1452) ack 539 win 56806 19:16:39.332466 IP ibmpc.2542 movies.go.com.www: . ack 1963 win 64240 19:16:39.339350 IP movies.go.com.www ibmpc.2542: P 1963:2968(1005) ack 539 win 56806 19:16:39.443947 IP movies.go.com.www ibmpc.2542: . 2968:4420(1452) ack 539 win 56806 19:16:39.446660 IP ibmpc.2542 movies.go.com.www: . ack 4420 win 64240 19:16:39.448862 IP movies.go.com.www ibmpc.2542: P 4420:4928(508) ack 539 win 56806 19:16:39.620652 IP ibmpc.2542 movies.go.com.www: . ack 4928 win 63732 19:16:41.527799 IP ibmpc.2541 movies.go.com.www: F 539:539(0) ack 4932 win 64179 19:16:41.624785 IP movies.go.com.www ibmpc.2541: . ack 540 win 56805 19:16:41.626892 IP movies.go.com.www ibmpc.2541: F 4932:4932(0) ack 540 win 56805 19:16:41.627498 IP ibmpc.2541 movies.go.com.www: . ack 4933 win 64179 19:21:39.579441 IP movies.go.com.www ibmpc.2542: . ack 539 win 8192 19:21:39.581429 IP ibmpc.2542 movies.go.com.www: . ack 4928 win 63732 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: Windoze spyware?
On Fri, 8 Jul 2005, Marty wrote: This is for readers who are unfortunate enough to have more Windows administration knowledge than I. The sole Windoze XP box on my LAN is sending http requests to a site named movies.go.com, although there is no web client running on the XP box (at least none obvious). I am analyzing the LAN traffic and appreciate any ideas about where to go next. If the traffic from the Winbox is passing through a Linux box then you can use transparent proxying to force all HTTP requests to the Linux box and run it through Squid. You can then monitor the traffic to see what is happen and even block it. I've heard all the chilling spyware stories, but this is an eye opener for the sheer volume of data being passed 24/7 to or from this box. But what data and to whom? It is often a good idea to isolate any Winboxes in their own LAN and firewall them from the other boxes as much as possible (including the aforementioned transparent proxy and squid cache :). Then the users of the non-Win boxes can be less worried about network sniffing, attacks, etc. Rob -- Robert Brockway B.Sc. Phone: +1-416-669-3073 Senior Technical Consultant Email: [EMAIL PROTECTED] OpenTrend Solutions Ltd.Web:www.opentrend.net We are open 24x7x365 for technical support. Call us in a crisis. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: Windoze spyware?
On Friday July 8 2005 6:40 pm, Robert Brockway wrote: On Fri, 8 Jul 2005, Marty wrote: This is for readers who are unfortunate enough to have more Windows administration knowledge than I. The sole Windoze XP box on my LAN is sending http requests to a site named movies.go.com, although there is no web client running on the XP box (at least none obvious). I am analyzing the LAN traffic and appreciate any ideas about where to go next. If the traffic from the Winbox is passing through a Linux box then you can use transparent proxying to force all HTTP requests to the Linux box and run it through Squid. You can then monitor the traffic to see what is happen and even block it. Or you can use sniffit to watch the requests in real time or log it to a file. I've heard all the chilling spyware stories, but this is an eye opener for the sheer volume of data being passed 24/7 to or from this box. But what data and to whom? It is often a good idea to isolate any Winboxes in their own LAN and firewall them from the other boxes as much as possible (including the aforementioned transparent proxy and squid cache :). Then the users of the non-Win boxes can be less worried about network sniffing, attacks, etc. In addition to that squid, I strongly recommend the adzapper package as well. -- Paul Johnson Email and Instant Messenger (Jabber): [EMAIL PROTECTED] http://ursine.ca/~baloo/ pgpzC7GGNNeuf.pgp Description: PGP signature
Re: OT: Windoze spyware?
On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote: Windoze XP box on my LAN is sending http requests to a site named movies.go.com, although there is no web client running on the XP box (at least none obvious). [major snippage] FWIW, go.com is a real, non-scam site run by Disney. -- Carl Fink [EMAIL PROTECTED] If you attempt to fix something that isn't broken, it will be. -Bruce Tognazzini -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: Windoze spyware?
Carl Fink wrote: On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote: Windoze XP box on my LAN is sending http requests to a site named movies.go.com, although there is no web client running on the XP box (at least none obvious). [major snippage] FWIW, go.com is a real, non-scam site run by Disney. Disney? The perfect cover! (2/3 wink, 1/3 paranoid) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Eliminar Spyware desde Linux (KlamAV) OT
Wow!!! genial Iñaki :) *salto de emoción* Ya tomé nota del KlamAV para cuando pueda cambiar el servidor de mail de RedHat Fedora Core3 a Debien Sarge con KDE que me encantaaa :) Ya leí las instrucciones, se ven bastante inocuas...jejejpero habrá alguna recomendación o truco escondido???, algún consejo??? Atte. Normiux :) Iñaki dijo: El Martes, 14 de Junio de 2005 16:48, Lic.Norma Angélica Ruiz Servín escribió: || Hola :) || || Tengo una inquietud parecida a la tuya, lo que he medio visto es que el || ClamAV puede furular ;) || || En lo particular lo he usado para un servidor de mail empresarial y ha || servido bien :) mhh...no para SPAM pero sí para código mailicioso || (gracias a Dios) || || Pero le pregunté a mi gurú en Linux si existía algo para mi ordenandor || personal en Linux y me dijo que también con el ClamAV...por si te sirve: || http://www.clamav.net Clamav es un antivirus, pero no sé si vale también para el spyware en Windows, es más, reconozco que no tengo ni idea de virus ni spyware desde hace mucho tiempo (casualmente desde que uso esto de Linux). No obstante, ayer mismo probé el Klamav, que es un bonito interfaz gráfico para clamav: http://klamav.sourceforge.net/ Y va bien. Lo del spyware repito que ni idea. -- que a mí ni me va ni me viene... pero por comentar... Atte. Lic. Norma Angélica Ruiz Servín - Salva un árbol usa [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Eliminar Spyware desde Linux (KlamAV) OT
El Miércoles, 15 de Junio de 2005 17:08, Lic.Norma Angélica Ruiz Servín escribió: || Wow!!! genial Iñaki :) *salto de emoción* || || Ya tomé nota del KlamAV para cuando pueda cambiar el servidor de mail de || RedHat Fedora Core3 a Debien Sarge con KDE que me encantaaa :) || || Ya leí las instrucciones, se ven bastante inocuas...jejejpero habrá || alguna recomendación o truco escondido???, algún consejo??? Ni idea, yo uso desde hace mucho spamassasin y clamav integrado en Kmail, sin necesidad del klamav. Pero parece que klamav también permite configurarlo (pues me parece bien). En cuanto al uso del klamav sólo te puedo decir que no es más que un gui para clamav, por lo que te podría ayudar un man clamav (aunque me parece que las opciones son bastante intuitivas en klamav, pero ya te digo que lo instalé hace 2 días sólo por curiosidad y no he probado demasiado). -- que a mí ni me va ni me viene... pero por comentar...
Eliminar Spyware desde Linux
Me explico lo que intento es que el ordenador con Debian analice los ordenadores en una red local con ordenadores windows para detectar y eliminar spyware, dialers y demas programas espias. En google todo lo que he encontrado es para windows :( Muchas gracias. Debido al tiempo que llevo buscando me conformaria con algun software que unicamente me dijese si esta o no infectado, lo de eliminar ya lo veo mas dificil. Gracias de nuevo por las sugerencias. Saludos
Re: Eliminar Spyware desde Linux
Hola :) Tengo una inquietud parecida a la tuya, lo que he medio visto es que el ClamAV puede furular ;) En lo particular lo he usado para un servidor de mail empresarial y ha servido bien :) mhh...no para SPAM pero sí para código mailicioso (gracias a Dios) Pero le pregunté a mi gurú en Linux si existía algo para mi ordenandor personal en Linux y me dijo que también con el ClamAV...por si te sirve: http://www.clamav.net SUERTE!!! Atte. Normiux ;) Aitor Fernandez dijo: Me explico lo que intento es que el ordenador con Debian analice los ordenadores en una red local con ordenadores windows para detectar y eliminar spyware, dialers y demas programas espias. En google todo lo que he encontrado es para windows :( Muchas gracias. Debido al tiempo que llevo buscando me conformaria con algun software que unicamente me dijese si esta o no infectado, lo de eliminar ya lo veo mas dificil. Gracias de nuevo por las sugerencias. Saludos Atte. Lic. Norma Angélica Ruiz Servín - Salva un árbol usa [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Eliminar Spyware desde Linux
El Martes, 14 de Junio de 2005 16:48, Lic.Norma Angélica Ruiz Servín escribió: || Hola :) || || Tengo una inquietud parecida a la tuya, lo que he medio visto es que el || ClamAV puede furular ;) || || En lo particular lo he usado para un servidor de mail empresarial y ha || servido bien :) mhh...no para SPAM pero sí para código mailicioso || (gracias a Dios) || || Pero le pregunté a mi gurú en Linux si existía algo para mi ordenandor || personal en Linux y me dijo que también con el ClamAV...por si te sirve: || http://www.clamav.net Clamav es un antivirus, pero no sé si vale también para el spyware en Windows, es más, reconozco que no tengo ni idea de virus ni spyware desde hace mucho tiempo (casualmente desde que uso esto de Linux). No obstante, ayer mismo probé el Klamav, que es un bonito interfaz gráfico para clamav: http://klamav.sourceforge.net/ Y va bien. Lo del spyware repito que ni idea. -- que a mí ni me va ni me viene... pero por comentar...
Re: Eliminar Spyware desde Linux
El Martes, 14 de Junio de 2005 11:33, Aitor Fernandez escribió: Me explico lo que intento es que el ordenador con Debian analice los ordenadores en una red local con ordenadores windows para detectar y eliminar spyware, dialers y demas programas espias. En google todo lo que he encontrado es para windows :( Muchas gracias. Debido al tiempo que llevo buscando me conformaria con algun software que unicamente me dijese si esta o no infectado, lo de eliminar ya lo veo mas dificil. Gracias de nuevo por las sugerencias. Saludos Hola: No se si te sera util, pero lo que se me ocurre es : instalar wine y dentro de wine instalar las herramientas antispyware que desees, quien dice wine dice crossover o cualquiera de los programas que permitan ejecutar aplicaciones ruindos en Linux. Un saludo. Peter Holm.
Re: Sobre Clamav y Spyware
Peter.Holm wrote: Hola: Leo en Slashdot que una firma rusa paga por inyectar spyware (http://yro.slashdot.org/article.pl?sid=05/06/11/1842215from=rss) miro con Whois y veo que las direcciones son desde 195.95.218.0 hasta 195.95.219.255 bajo (por casualidad) Clamav desde SourceForge y me dispongo a actualizar usando Klamav. la gracia esta en que la IP desde donde actualiza esta dentro del rango de esa empresa Clamav es de las que cobran por colar spyware?.. esto es solo un comentario, me ha mosqueado que bajara las firmas de virus desde ahi. Alguna idea?yo me vuelvo a F-Prot otra vez. Un saludo. Peter Holm. Acojonado me has dejado. Alberto Rial Admin. Sistemas Odastic -- Windows makes noise, Linux plays music but... BSD Rocks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sobre Clamav y Spyware
El Lunes, 13 de Junio de 2005 13:41, alberto rial escribi: Peter.Holm wrote: Hola: Leo en Slashdot que una firma rusa paga por inyectar spyware (http://yro.slashdot.org/article.pl?sid=05/06/11/1842215from=rss) miro con Whois y veo que las direcciones son desde 195.95.218.0 hasta 195.95.219.255 bajo (por casualidad) Clamav desde SourceForge y me dispongo a actualizar usando Klamav. la gracia esta en que la IP desde donde actualiza esta dentro del rango de esa empresa Clamav es de las que cobran por colar spyware?.. esto es solo un comentario, me ha mosqueado que bajara las firmas de virus desde ahi. Alguna idea?yo me vuelvo a F-Prot otra vez. Un saludo. Peter Holm. Acojonado me has dejado. Alguien sabe algo mas? Alberto Rial Admin. Sistemas Odastic -- Windows makes noise, Linux plays music but... BSD Rocks -- Este mensaje se dirige exclusivamente a su destinatario y puede contener informacin privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado de que la utilizacin, divulgacin y/o copia sin autorizacin est prohibida en virtud de la legislacin vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma va y proceda a su destruccin. This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it.
Sobre Clamav y Spyware
Hola: Leo en Slashdot que una firma rusa paga por inyectar spyware (http://yro.slashdot.org/article.pl?sid=05/06/11/1842215from=rss) miro con Whois y veo que las direcciones son desde 195.95.218.0 hasta 195.95.219.255 bajo (por casualidad) Clamav desde SourceForge y me dispongo a actualizar usando Klamav. la gracia esta en que la IP desde donde actualiza esta dentro del rango de esa empresa ¿Clamav es de las que cobran por colar spyware?.. esto es solo un comentario, me ha mosqueado que bajara las firmas de virus desde ahi. ¿Alguna idea?yo me vuelvo a F-Prot otra vez. Un saludo. Peter Holm. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Spyware - NO!
Process Security feature that prevents unwanted application from execution. http://www.antispywarecash.com/bill/ If you can't stand the heat, get out of the kitchen. Too many pieces of music finish too long after the end. I am not young enough to know everything. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
spyware x proxy
Pessoal estou acumulando nomes e endereços de spywares que normalmente entram no winXX, pois alem de pornografia pretendo bloquear independente de qualquer coisa o spywares da vida, tipo hotbar etc... Assim evitaria muita dor de cabeça para todos Agradeço a ajuda e segue nome de alguns que achei P2P Networking.exe http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll Nwiz.exe Winampa.exe CMESys Points Magager GMT.exe Atenciosamente,Allan Patrick KsiaskiewczAdvantage Consultoria em InformaticaVisite nosso site:http://www.advantagenet.com.br
Re: spyware
Hal Vaughan wrote: On Wednesday 11 May 2005 12:43 am, Brandon Richards wrote: Anyone on this list still running windows might want to check it for spyware. I got about 8-9 hits on mine which is not good. I think it came from the woman who asked about the windows key. She definitely needs to check cuz her system is messed up major big time. Actually I am running dual boot on my laptop and windows with thunderbird and firefox on main computer. Glad I didnt check my mail when I was at work today. I might have gotten fired. Anyways talk to ya soon. Brandon I'm not trying to pick a fight or start an argument, but I don't think there was anything attached to that request for the Windows key. I'm using KMail, and I went back and did a View Source on that e-mail, and there were no attachments or anything extra than excessive HTML tags. Hal Same here. The source of email looked pretty normal with no attachments. It also showed that the email originated from the aol.com domain. Most probably this is just another spam message from a hijacked aol account. /KS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
spyware
Anyone on this list still running windows might want to check it for spyware. I got about 8-9 hits on mine which is not good. I think it came from the woman who asked about the windows key. She definitely needs to check cuz her system is messed up major big time. Actually I am running dual boot on my laptop and windows with thunderbird and firefox on main computer. Glad I didnt check my mail when I was at work today. I might have gotten fired. Anyways talk to ya soon. Brandon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spyware
Please don't hit reply to start a new thread. Use Post to Mailing List or compose a new message to debian-user@lists.debian.org instead to start a new thread. On Tuesday May 10 2005 9:43 pm, Brandon Richards wrote: Anyone on this list still running windows might want to check it for spyware. I got about 8-9 hits on mine which is not good. Only 8 or 9? That's *really* good for a Windows box, and yet a good reason not to keep that copy of Windows around either. Actually I am running dual boot on my laptop and windows with thunderbird and firefox on main computer. Sounds like a serious personal problem. Seek help. -- Paul Johnson Email and Instant Messenger (Jabber): [EMAIL PROTECTED] http://ursine.ca/~baloo/ pgpTFZNqrc1Dl.pgp Description: PGP signature
Re: spyware
On Wednesday 11 May 2005 12:43 am, Brandon Richards wrote: Anyone on this list still running windows might want to check it for spyware. I got about 8-9 hits on mine which is not good. I think it came from the woman who asked about the windows key. She definitely needs to check cuz her system is messed up major big time. Actually I am running dual boot on my laptop and windows with thunderbird and firefox on main computer. Glad I didnt check my mail when I was at work today. I might have gotten fired. Anyways talk to ya soon. Brandon I'm not trying to pick a fight or start an argument, but I don't think there was anything attached to that request for the Windows key. I'm using KMail, and I went back and did a View Source on that e-mail, and there were no attachments or anything extra than excessive HTML tags. Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] Gates has spyware on his home machines
[quote] It's also a problem that has affected Gates personally. He said his home PCs have had malware, although he has personally never been affected by a virus. I have had malware, [adware], that crap on some home machines, he said. [/quote] http://software.silicon.com/malware/0,383100,39124637,00.htm I always had a feeling he acted more like a luser at home. I wonder he he's on CorpNet. The two only time I ever got a virus were (1) a floppy at the university in 1993 and (2) Code Red when my machine was on CorpNet at Microsoft. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Gates has spyware on his home machines
On Sat, 2004-11-13 at 14:11 -0500, William Ballard wrote: --snip-- The two only time I ever got a virus were (1) a floppy at the university in 1993 and (2) Code Red when my machine was on CorpNet at Microsoft. Come to think of it, the only time I've ever had a virus or spyware on my computer was when I was running Windows. And the more I think about it, the only time I ever had any REAL problems with my computer, it was while running Windows. (Well, I did have a few kernel panics over the years, but those have been mostly my fault.) Gee, I'm seeing a pattern here. :) -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837 signature.asc Description: This is a digitally signed message part
Re: [OT] Gates has spyware on his home machines
Alex Malinovich wrote: On Sat, 2004-11-13 at 14:11 -0500, William Ballard wrote: --snip-- The two only time I ever got a virus were (1) a floppy at the university in 1993 and (2) Code Red when my machine was on CorpNet at Microsoft. Come to think of it, the only time I've ever had a virus or spyware on my computer was when I was running Windows. And the more I think about it, the only time I ever had any REAL problems with my computer, it was while running Windows. (Well, I did have a few kernel panics over the years, but those have been mostly my fault.) Gee, I'm seeing a pattern here. :) I had windows-95 back in 1995 and I was plagued by the vivo mexico virus that kept enlarging command.com, killing win95, needing a reinstall. I reinstalled that baby at least 50 times, before I found why that was happening... As I recall you would find it when you started a DOS-box. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Gates has spyware on his home machines
The only virus I ever had the pleasure of cleaning up after was the Stoned virus back in 1991. It had this propensity for putting itself into the book record of every floppy and, as I recall, it couldn't infect my hard drive. It was a bugger to get rid of and one of the locals came up with an anti-virus program that detected and cleaned it from one of the shareware sites. It was spread by sharing floppies as none of us had access to a BBS within local calling distance. This was in the days when MS-DOS 5.0 was the big thing, or 386 BSD if a person had one of those high end 386 machines (I had an 8 MHz XT clone). Never got infected after that. It's bizarre that the chairman of Microsoft just seems to accept that malware is a way of life. No wonder the company doesn't get it. - Nate -- Wireless | Amateur Radio Station N0NB | Successfully Microsoft Amateur radio exams; ham radio; Linux info @ | free since January 1998. http://www.qsl.net/n0nb/ | Debian, the choice of My Kawasaki KZ-650 SR @| a GNU generation! http://www.networksplus.net/n0nb/ | http://www.debian.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Win4Lin -- Security patches, anti-virus, spyware?
Dear friends: [Using Xandros 2.0/Debian] I'd appreciate advice from those of you who are using Win4Linux: One big question I've never been clear about. The Win4Lin FAQ says NOT to install any Microsoft security patches or updates. Could you please clarify this for me. Should I install ANY Microsoft security or critical patches, SOME, ALL or NONE on Win98SE in Win4Lin? Is Win4Linux essentially protected by Linux and its kernel and, of course, the fact that I use Win4Lin exclusively as user? What about installing Norton anti-virus or any spyware programs? Do I need any of these programs? Thank you so much. Benjamin [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: application level firewalling in linux?(was:ipchains...masq..spyware)
Title: Message Hiya, Ipchains is a packet filtering firewall. All packets that pass through the machine are examined for the source, destination any type. The packets your appliactions sent to the linux box are not stamped with the appliation that sent them. The mechanism for this level of control is to have a second firewall that is application aware. Runnin a packet filtering firewall on your linux bos and something like zone alarm etc on your windows box will achieve the effect you are after. The two types of firewall have their own pro's and cons, If you have a look at packet filtering and session aware firewall configurations you will see the benefits of both types Accurate Software [EMAIL PROTECTED] www.accuratesoftware.com Europe . North America . Australasia . Africa The information in this email is confidential and privileged and is intended only for the use of the individual or entity listed above. If you are neither the intended individual, or entity listed above, nor the person responsible for the delivery of this email to the intended recipients, you are hereby notified that any unauthorised distribution, copying or use of this email is prohibited. If you have received this email in error, please notify the Accurate system manager at [EMAIL PROTECTED] or on +44 (0)118 977 3889. The views expressed in this communication may not necessarily be the views held by the Accurate Group. This e-mail has been virus checked by 'Knowledge Checker' www.imhotek.com �
Re: application level firewalling in linux?(was:ipchains...masq..spyware)
Title: Message Accurate Software [EMAIL PROTECTED] www.accuratesoftware.com Europe . North America . Australasia . Africa The information in this email is confidential and privileged and is intended only for the use of the individual or entity listed above. If you are neither the intended individual, or entity listed above, nor the person responsible for the delivery of this email to the intended recipients, you are hereby notified that any unauthorised distribution, copying or use of this email is prohibited. If you have received this email in error, please notify the Accurate system manager at [EMAIL PROTECTED] or on +44 (0)118 977 3889. The views expressed in this communication may not necessarily be the views held by the Accurate Group. This e-mail has been virus checked by 'Knowledge Checker' www.imhotek.com �
Re: Spyware
David Castellanos Serrano dijo: El mar, 20-01-2004 a las 15:01, Jose Carlos Jordan Martin escribió: Afecta este tambien en Linux? debian-casa:/home/david# apt-get install spyware Leyendo lista de paquetes... Hecho Creando árbol de dependencias... Hecho E: No se pudo encontrar el paquete spyware debian-casa:/home/david# Por ahora no tenemos de eso en Debian - David Castellanos Serrano davidcaste_geropa_ono.com Usuario Registrado de GNU/Linux #328789 DSA ID 4DFF2DEC No, no es un paquete de Debian, David. Yo me estoy refiriendo al software espia que afecta normalmente a Hasefroch . Ese 'spyware' envia info de tu hard, soft, perfil, etc... todos los datos de tu maquina al propietario del spyware que te lo ha colado por medio de algun programa ,juego,etc. Googlea un poco para saber mas de que te hablo. En hasefroch existen el Lavasoft y el Spybot para intentar destruir ese soft dañino. Mi pregunta era que si hay spyware tambien para Linux ò no tenemos problemas con eso Saludos, No, no es un paquete de stjordan.com , precedido del asunto.
Re: Spyware
El mié, 21-01-2004 a las 15:52, José Carlos Jordan Martín escribió: No, no es un paquete de Debian, David. Yo me estoy refiriendo al software espía que afecta normalmente a Hasefroch . Ese 'spyware' envía info de tu hard, soft, perfil, etc... todos los datos de tu maquina al propietario del spyware que te lo ha colado por medio de algún programa ,juego,etc. Jejejejeje, lo mismo no te percibiste de la fina ironía del mensaje... si quieres te lo marco bien irónico debian-casa:/home/david# apt-get install spyware Leyendo lista de paquetes... Hecho Creando árbol de dependencias... Hecho E: No se pudo encontrar el paquete spyware debian-casa:/home/david# Por ahora no tenemos de eso en Debian /irónico Ahora en serio, que yo sepa no hay _nada_ de eso... pero que no quita para que alguna vez hubiera... Si no te quedas convencido, vamos a hacer una prueba... vete p.e. a cualquier página porno que tengas seguridad que tenga dialers y spyware. No te puedo decir ninguna, porque no suelo frecuentar esas latitudes (ein, más ironía!). Pues primero la visitas con Mozilla, o Firebird, me da igual el S.O., miras el escritorio y pasas p.e. el Spybot, que cuando usaba windows me venía muy bien. Verás que sólo te sacará como mucho las cookies y tal. Ahora, haz lo mismo con Internet Explorer, métete en páginas guarrillas, sin cortarte. Mira después el escritorio y pásale el Spybot. Aún siendo las dos veces Hasefroch, verás la diferencia Según lo veo yo, la cuestión es esta: El 99% del spyware, cookies trazadoras y demás mierda varía que puedas encontrar, aprovechan agujeros de seguridad del software de M$. Y lamentablemente, el 99% de esas ocasiones, M$ tiene noticia y directamente pasa de repararlos, o poner las cosas más difíciles para que una mierda de página, con su mierda de publicidad, te deje el escritorio hecho un auténtico asco. Será que no existen desde hace años los bloqueadores de pop-ups, tanto como programa externos como en el propio Mozilla... por fin ha anunciado M$ que su próximo IE los va a bloquear. Además, si te das cuenta, el 100% de los dialers y programitas puñeteros (tipo Gain, o Razor) son binarios para Hasefroch. A estas alturas creo que ya me habrás pillado la idea. Y respecto a las cookies trazadoras... a eso eres tú el que tiene que estar al loro, con el gestor de cookies de Mozilla p.e. P.e., no hay más que ver los ordenadores de mi Campus. Tenemos por aquí cerca dos aulas de libre acceso. Una son Hasefroch 2000... a los 3 días estaban de dialers, mierdas, emules... ect. hasta los ojos, es alucinante. Y tenemos otra con Red Hat... impoluta. Estan los problemas típicos de tener un ordenador al acceso de todo quisqui, casi siempre que arrancan los teclados o se llevan monitores, pero a lo que se refiere de virus y tal ninguno. Otra cuestión importante en los Hasefroch es que cualquier usuario puede instalar software en la máquina (ok, ya sé que los NT tienen cuentas administrador y cuentas restringidas... pero el 99% de los equipos domésticos, siempre son cuentas administrador), cambiar las propiedades del Acceso telefónico a redes... ect, ect, y vamos, se lo estan poniendo en bandeja a todo el gentuzo que vive de los dialers, ect. Pero si estas usando Linux, tú estate tranquilo, mientras no instales mierda foránea, y te limites a instalar paquetes o bien de los repositorios de Debian, o desde las fuentes controlando lo que estas compilando, no vas a tener problemas de privacidad. Pero si estas descargando basura del [emule/xmule/amule/del que sea], y luego vas y la instalas como root, no te asustes si infectas tu Debian con algún gusano (que los hay), o que tengas problemas de privacidad. La mejor herramienta para esos casos es el sentido común. Normalmente esa mierda no viene hacia ti, sino que es el usuario el que va a ella. Por lo tanto, cuantos menos privilegios tenga el usuario, mucho mejor. Googlea un poco para saber mas de que te hablo. Idem, como dicen mis chiquillos ;) Hasta otra :) -- - David Castellanos Serrano davidcaste_geropa_ono.com Usuario Registrado de GNU/Linux #328789 DSA ID 4DFF2DEC signature.asc Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
Re: Spyware
David Castellanos Serrano wrote: [snip] Estan los problemas típicos de tener un ordenador al acceso de todo quisqui, casi siempre que arrancan los teclados o se llevan monitores, pero a lo que se refiere de virus y tal ninguno. Casi no me lo creo... ¡¿Que arrancan los teclados y se llevan monitores?! [snip] Pero si estas descargando basura del [emule/xmule/amule/del que sea], y luego vas y la instalas como root, no te asustes si infectas tu Debian con algún gusano (que los hay), o que tengas problemas de privacidad. Esta es una duda personal. ¿Todos los problemas de seguridad vienen a partir de cuando tienen privilegios de superusuario, no? Es decir, ¿no puede haber problemas antes? Eso es lo que he leído de los sistemas Unix, que como los usuarios no pueden acceder ni al hardware ni a los procesos, que nada de nada de basura. [snip] La mejor herramienta para esos casos es el sentido común. Normalmente esa mierda no viene hacia ti, sino que es el usuario el que va a ella. Por lo tanto, cuantos menos privilegios tenga el usuario, mucho mejor. Otra cuestión de novato, ¿entonces no me puedo fiar de todo lo que baje del xmule? Bueno, siempre es recomendable: #apt-get install sentido-comun Bueno, hasta otra!! Pau Rul·lan Ferragut
Re: Spyware
On Wednesday 21 January 2004 18:52, Pau Rul·lan Ferragut wrote: David Castellanos Serrano wrote: [...] Bueno, siempre es recomendable: #apt-get install sentido-comun # apt-get install sentido-comun Leyendo lista de paquetes... Hecho Creando árbol de dependencias... Hecho E: No se pudo encontrar el paquete sentido-comun XD. Tienes el sourcer.list? Lo siento, no he podido evitarlo :D -- Miguel Rodriguez Penabad[EMAIL PROTECTED] Laboratorio de Bases de Datos http://emilia.dc.fi.udc.es/labBD Despacho 0.01 Tel. 981 167000 ext. 1333 Facultade de InformáticaUniversidade da Coruña (Spain)
Re: Spyware
El mié, 21-01-2004 a las 18:52, Pau Rul·lan Ferragut escribió: Casi no me lo creo... ¡¿Que arrancan los teclados y se llevan monitores?! Si :P, con los teclados y ratones... lo típico, siempre hay un desgraciao que se la roto el suyo y coge el del aula de libre acceso... pero respecto a los monitores es otra historia. ¿A quién se le ocurre comprar monitores tft de 15 pulgadas (poco más o menos que una carpeta de grande) y meterlo en un aula sin cámaras? No se los llevaron todos, pero si se han llevado un par. Esta es una duda personal. ¿Todos los problemas de seguridad vienen a partir de cuando tienen privilegios de superusuario, no? Es decir, ¿no puede haber problemas antes? Eso es lo que he leído de los sistemas Unix, que como los usuarios no pueden acceder ni al hardware ni a los procesos, que nada de nada de basura. Yo tampoco es que sea un analista de seguridad ni nada por el estilo, pero un gusano en un s.o. tipo Unix lo tiene mucho más difícil. Si un dispositivo no lo puede leer, pues no se lee y punto, e igual con los ficheros. Por lo visto una forma que tendría un gusano o un virus en un s.o. tipo Unix sería el de usar algún exploit para a partir del cual ganar privilegios de superusuario. Los exploits se podría decir que caducan; transcurre relativamente poco tiempo entre una vez descubierta una vulnerabilidad y su anuncio y los parches/nuevas versiones posteriores. Otra cuestión de novato, ¿entonces no me puedo fiar de todo lo que baje del xmule? Yo no me fiaría mucho... sobre todo con el nivel de joputismo que hay por ahí fuera. Sin ir mas lejos, el intento de colar una puerta trasera en el código del 2.6.0... Procura que todas las fuentes y programas que uses, provengan de la página del proyecto, o de repositorios de confianza, p.e. el de Debian. Y si no queda otro remedio que instalar algo de alguna fuente sospechosa, estar al loro del comportamiento del programa y el del sistema p.e., un hipotético programa de p2p no tendría que cargar ningún módulo en el sistema :P Bueno, siempre es recomendable: #apt-get install sentido-comun Pozi Hasta luego :) -- - David Castellanos Serrano davidcaste_geropa_ono.com Usuario Registrado de GNU/Linux #328789 DSA ID 4DFF2DEC signature.asc Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
Re: Spyware
David Castellanos Serrano wrote: Si :P, con los teclados y ratones... lo típico, siempre hay un desgraciao que se la roto el suyo y coge el del aula de libre acceso... pero respecto a los monitores es otra historia. ¿A quién se le ocurre comprar monitores tft de 15 pulgadas (poco más o menos que una carpeta de grande) y meterlo en un aula sin cámaras? No se los llevaron todos, pero si se han llevado un par. Joder, se ha de tener mala leche... Debe ser por ser como soy, pero no me cabe en la cabeza la idea de robar cualquier cosa ( ¡y menos de una aula común! ). Simplemente, si se me ha roto una cosa la intento arreglar ( o substituir ) e iré con más cuidado la próxima vez. No me cabe en la cabeza la idea... Yo tampoco es que sea un analista de seguridad ni nada por el estilo, pero un gusano en un s.o. tipo Unix lo tiene mucho más difícil. Si un dispositivo no lo puede leer, pues no se lee y punto, e igual con los ficheros. Por lo visto una forma que tendría un gusano o un virus en un s.o. tipo Unix sería el de usar algún exploit para a partir del cual ganar privilegios de superusuario. Los exploits se podría decir que caducan; transcurre relativamente poco tiempo entre una vez descubierta una vulnerabilidad y su anuncio y los parches/nuevas versiones posteriores. Por eso lo preguntaba, el único tipo de vulnerabilidades de las que había oido hablar era de exploits que conseguian acceder a la cuenta de superusuario y luego, no es difícil de imaginar... Yo no me fiaría mucho... sobre todo con el nivel de joputismo que hay por ahí fuera. Sin ir mas lejos, el intento de colar una puerta trasera en el código del 2.6.0... Procura que todas las fuentes y programas que uses, provengan de la página del proyecto, o de repositorios de confianza, p.e. el de Debian. Y si no queda otro remedio que instalar algo de alguna fuente sospechosa, estar al loro del comportamiento del programa y el del sistema p.e., un hipotético programa de p2p no tendría que cargar ningún módulo en el sistema :P Hombre, como los del software libre no tenemos problemas de licencias, podemos bajar las cosas de sitios oficiales de manera legal ( veáse rollo apt-get, urpmi, emerge...) o compilarlo nosotros mismos. Eso si, compartir ( habría que documentarme, pero creo que es legal) películas o música ( cosas como animes que aquí es imposible conseguir ) no tendría que llevar problema, ¿no? No he sabido de ficheros avi, mpge, mp3... con exploits ( si alguien sabe más sobre el tema por favor, lo considero muy interesante y podría escribir algo a la lista). ¡¡Hasta luego!! Pau Rul·lan Ferragut
Spyware
Afecta este tambien en Linux? Saludos,
Re: Spyware
El mar, 20-01-2004 a las 15:01, Jose Carlos Jordan Martin escribió: Afecta este tambien en Linux? debian-casa:/home/david# apt-get install spyware Leyendo lista de paquetes... Hecho Creando árbol de dependencias... Hecho E: No se pudo encontrar el paquete spyware debian-casa:/home/david# Por ahora no tenemos de eso en Debian - David Castellanos Serrano davidcaste_geropa_ono.com Usuario Registrado de GNU/Linux #328789 DSA ID 4DFF2DEC signature.asc Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
gusano, troyano, spyware... o qué? errores accesso apache desde funfreepages
Hola... Entre diversos intentos de incursión de nimda y red code, me encuentro con estas líneas en el error.log de apache: [Fri Feb 7 19:09:45 2003] [error] [client 207.164.54.204] File does not exist: /var/www/ad/id=newscoreopt=hhncv=210uid=1 [Fri Feb 7 19:16:52 2003] [error] [client 207.164.54.204] File does not exist: /var/www/ad/id=funfreepagesopt=hhncv=210uid=1 [Fri Feb 7 19:43:26 2003] [error] [client 207.164.54.204] File does not exist: /var/www/ad/id=funfreepagesopt=hhncv=210uid=1 [Fri Feb 7 19:49:49 2003] [error] [client 207.164.54.204] File does not exist: /var/www/click.cgi [Fri Feb 7 20:08:45 2003] [error] [client 207.164.54.204] File does not exist: /var/www/ad/id=funfreepagesopt=hhncv=210uid=1 [Fri Feb 7 20:19:54 2003] [error] [client 207.164.54.204] File does not exist: /var/www/click.cgi [Fri Feb 7 21:00:11 2003] [error] [client 207.164.54.204] File does not exist: /var/www/ad/id=funfreepagesopt=hhncv=210uid=1 [Fri Feb 7 21:07:01 2003] [error] [client 207.164.54.204] File does not exist: /var/www/ad/id=funfreepagesopt=hhncv=210uid=1 [Fri Feb 7 22:22:42 2003] [error] [client 207.164.54.204] File does not exist: /var/www/ad/id=newscoreopt=hhncv=210uid=1 ... y así sucesivamente cada una o dos horas durante ciertos períodos de tiempo. Luego, a lo mejor tarda dos días en volver a insistir. ... - ¿Tenéis idea de que son estos intentos de acceso? Los mismos intentos se producen desde varias IP's diferentes. Lo de /var/www/ad/id=funfreepages me hace pensar en algún troyano publicitario, spyware o algo por el estilo. He buscado en internet y la única referencia encontrada en las news es un mensaje de alguien preguntando lo mismo que yo, pero nadie le respondió. Por otra parte he visitado la página www.funfreepages.com y no me ha parecido nada raro. Bueno, ya comentaréis que os parece Saludos, -- Ismael Sólo el conocimiento nos hace libres
ipchains...masq..spyware..etc..etc
Hi, I've read most that i could find about firewalling/masqing/ipchains etc.. It's not all completely clear yet but i'm getting there...i think. I have to say that i find this one of the biggest barriers of being comphy with linux. I'm runnning a dual boot with XP and although the goal is to ditch windows all together and stick with linux at least with windows and tiny personal firewall i know nothing is gonna get past. With linux i don't really get it...i have my own machine connected to the web via cable and it acts as a router for another machine which is connected via a cross cable to a second NIC in my PC... For the sake of the argument lets say i installed some linux thing which has a spyware feature, collects info on my system and sends it home via port 80which in my ruleset is an allowed port because i need that port for the web. How would i ever block such a thing(without knowing in advance that it will call home and to which adress it will connect)and how would i even find out that app actually did something i dind't like. In other wordsis there such a thing as allowing defined applications to communicate while keeping the door closed for other apps unless i ass a rule for that app. And if there is no such thingwhy not... Or am i totally missing the point and still too much in a windows state of mind? Cheers, Willem
Re: ipchains...masq..spyware..etc..etc
wsa [EMAIL PROTECTED] writes: feature, collects info on my system and sends it home via port 80which in my ruleset is an allowed port because i need that port for the web. How would i ever block such a thing(without knowing in advance that it will call home and to which adress it will connect)and how would i even find out that app actually did something i dind't like. You should use a personal firewall on your Windoze system for that.
Re: ipchains...masq..spyware..etc..etc
Uhmmm... I said i was using tiny personal firewall on windows... My question was about linux...not about windows... cheerios Willem. At 14:41 30-12-2001 +0100, you wrote: You should use a personal firewall on your Windoze system for that. wsa [EMAIL PROTECTED] writes: feature, collects info on my system and sends it home via port 80which in my ruleset is an allowed port because i need that port for the web. How would i ever block such a thing(without knowing in advance that it will call home and to which adress it will connect)and how would i even find out that app actually did something i dind't like.
application level firewalling in linux?(was:ipchains...masq..spyware)
HI, Maybe in my original mail i wasn't very clear judging from the responses i got...so i'll try one more time. I wasn't asking what to do in windows...although i did mention windows which probably made everyone run for the hills:) My question was about linux and how to accomplish security on application level, like what happens in windows with a personal firewall. Because i don't understand how i can achieve full security when opening ports...like port 80 for the web or 110 and so on. Cause as far as i can understand reading all the IPchains documentation if i open that port in linux it wil be open for any application which uses that portand i can't specify that only mozzila or netscape can use that port and any other app can use that port to transfer information. And if there is no need for security on application level why is that? Cheers, Willem
Re: application level firewalling in linux?(was:ipchains...masq..spyware)
On Sun, 30 Dec 2001, wsa wrote: HI, Hey, Maybe in my original mail i wasn't very clear judging from the responses i got...so i'll try one more time. I don't seem to have your first mailing around, but no worries. I wasn't asking what to do in windows...although i did mention windows which probably made everyone run for the hills:) My question was about linux and how to accomplish security on application level, like what happens in windows with a personal firewall. Generally, Linux/Unix doesn't handle firewalling this way, although there is some measure of it, see below... Because i don't understand how i can achieve full security when opening ports...like port 80 for the web or 110 and so on. Cause as far as i can understand reading all the IPchains documentation if i open that port in linux it wil be open for any application which uses that portand i can't specify that only mozzila or netscape can use that port and any other app can use that port to transfer information. I shall assume you are setting up a connection tracking firewall, as is the common practice now. In this setup, no local apps can bind to ports (see below for exceptions), so just block all incoming traffic on all ports. Applications can send outgoing data anywhere (This is the standard, and is not a security concern. Windows personal firewalls tend to disagree, and maybe it really is a concern there...). Once a connection is made, the connection tracking firewall will know to allow the reply traffic back to that application. If you wish, you can block outgoing to traffic in a few ways, for example only allowing destination ports of 80, or only allowing certain protocols, but this will probably not enhance your security. Finally, note that only root can bind to ports lower than 1024. As long as port 1025 and above are blocked for incoming connections, you don't have to worry about users binding things on those ports - it's useless to do so - and they can't bind to lower ports without root priviledges. And if there is no need for security on application level why is that? You want users to be able to connect to resources over the network. This is not usually a security hazard. I can understand you not wanting users binding to ports, but I think that's well taken care of. Cheers, Willem I hope this helps, I'm not a writer of any kind and sometimes I find my explainations to be confusing, and I hope this is not the case here. -Tech -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: application level firewalling in linux?(was:ipchains...masq..spyware)
On Sun, 30 Dec 2001, wsa wrote: HI, Maybe in my original mail i wasn't very clear judging from the responses i got...so i'll try one more time. I wasn't asking what to do in windows...although i did mention windows which probably made everyone run for the hills:) My question was about linux and how to accomplish security on application level, like what happens in windows with a personal firewall. Because i don't understand how i can achieve full security when opening ports...like port 80 for the web or 110 and so on. Cause as far as i can understand reading all the IPchains documentation if i open that port in linux it wil be open for any application which uses that portand i can't specify that only mozzila or netscape can use that port and any other app can use that port to transfer information. And if there is no need for security on application level why is that? Well, if you think that Windows can block ports based on the name of an application, you are fooling yourself. It was recently shown on bugtraq that *any* application can bypass popular personal firewalls simply by reaching down a little lower into the networking stack. Linux at least doesn't have this problem: no application can bypass iptables unless it runs as root. Iptables has the ability to block or allow outgoing traffic (OUTPUT table) based on process or session id. Thus, you could block all outgoing traffic on port 80, but allow port 80 traffic from Mozilla. You could achieve this using a script to start Mozilla. The script would start mozilla, add an iptables rule, and when Mozilla exits, remove the rule again. Your larger question seems to be: How can I run software I don't trust and prevent it from talking on the network? The answer is you can't, really. The best policy is to only run software for which the source code is available. Spyware and open source don't mix very well. -jwb
Re: application level firewalling in linux?(was:ipchains...masq..spyware)
* wsa ([EMAIL PROTECTED]) spake thusly: HI, Maybe in my original mail i wasn't very clear judging from the responses i got...so i'll try one more time. I wasn't asking what to do in windows...although i did mention windows which probably made everyone run for the hills:) My question was about linux and how to accomplish security on application level, like what happens in windows with a personal firewall. ... And if there is no need for security on application level why is that? Because in Windows you (a generic you) can double-click on an e-mail attachment and that will install a trojan server without you knowing anything about it. Plus, Windows is targeted at users who wouldn't have a clue about port numbers, so we better tell them which *application* is trying to connect to the Internet. It doesn't work, BTW: comp.sercurity.misc was full of people who deleted RPCss.exe because I didn't install that, and it tried to connect to the Internet. Must be an Evil Hack(tm)! But I digress... A Unix/Linux sysadmin, OTOH, is supposed to know about ports and how TCP/IP works. For one thing, they understand the difference between outgoing and incoming connections. Because i don't understand how i can achieve full security when opening ports...like port 80 for the web or 110 and so on. Cause as far as i can understand reading all the IPchains documentation if i open that port in linux it wil be open for any application which uses that portand i can't specify that only mozzila or netscape can use that port and any other app can use that port to transfer information. Because this is about *incoming* connections. You open port 80 and start Apache to listen on it. No other application can use the port now, it's already taken. Netscape can open any unprivileged port (except those already taken) for its *outgoing* connection. It will try to talk to port 80 on remote side (or FTP port, or whatever). So when you set up egress (outgoing) filtering, you specify what remote services your applications can connect *to*. Combined with IP/MAC address matching, this gives you far more flexibility, and probably better security, too. Anyway, netfilter in 2.4.x kernels comes with user-space hooks, so implementing per-application tracking shouldn't be too hard. If anyone really needed it, it'd be there by now. Read about stateless vs stateful packet filtering somewhere (e.g. IPtables howto). You are reading the docs for stateless filter (IPchains), and part of your confusion is due to limitations of steless filtering. Dima -- Well, lusers are technically human.-- Red Drag Diva
Re: application level firewalling in linux?(was:ipchains...masq..spyware)
wsa [EMAIL PROTECTED] writes: wsa My question was about linux and how to accomplish security wsa on application level, like what happens in windows with a personal wsa firewall. wsa Because i don't understand how i can achieve full security when opening wsa ports...like port 80 for the web or 110 and so on. What behavior do Windows personal firewalls have that you'd like to replicate? [1] What are you trying to protect yourself from -- what entails full security on an arbitrary outgoing HTTP connection? (And, have you read the Firewall-HOWTO? It looks informative, if a bit political at times.) [1] The people I talk to regularly seem convinced that the primary purpose of this sort of software is to generate extra calls to various institutions' technical support lines; the answer to why are you attacking my machine seems to always be because you're running broken software that doesn't correctly do TCP or because you're running broken software that's configured to get NTP information from our Web server by default for no terribly good reason. -- David Maze [EMAIL PROTECTED] http://people.debian.org/~dmaze/ Theoretical politics is interesting. Politicking should be illegal. -- Abra Mitchell
