On Wed, Aug 08, 2001 at 12:09:07PM -0600, Robert L. Harris wrote:
> Yes the best patch would be if all the IIS boxes were patched but it doesn't
> appear to be working all that well.
s/patched/replaced by debian/
--
DEBIAN NEWBIE TIP #50 from Will Trillich <[EMAIL PROTECTED]>
:
Want to specify
On Thu, Aug 09, 2001 at 03:21:43AM -0400, William T Wilson wrote:
> On Thu, 9 Aug 2001, Sebastiaan wrote:
>
> > Is M$ really thinking about this? That would really be the end of the
> > internet.
>
> I doubt it. There's no real thing that Microsoft can offer that would
> make end-users *want* to
> "Sebastiaan" == Sebastiaan <[EMAIL PROTECTED]> writes:
Sebastiaan> We did not ask for a broken OS either, and yet they
Sebastiaan> made it. We did not ask for a securityless OS, yet
Sebastiaan> they made it. They have money, they can push.
That's true but by replacing TCP/IS w
On 8 Aug 2001, John Hasler wrote:
>Dave Sherohman writes:
>> According to the Microsoft EULA, they could put code into the startup
>> routines of any of their software that causes it to break into the
>> Pentagon's computers, search out the nuclear launch codes, and blow up
>> the planet while dis
#! On Thu, Aug 09, 2001, Matthew Sackman wrote:
>Yes, but I think the point that Cringely was making is that MS could
>deliberately cause the internet to become crippled with DDoS attacks
>with the Windows XP. So if they've already built in a new version of
>TCP/IP without telling anyone then when
Yes, but I think the point that Cringely was making is that MS could
deliberately cause the internet to become crippled with DDoS attacks
with the Windows XP. So if they've already built in a new version of
TCP/IP without telling anyone then when the internet 'crashes',
everyone using winXP could d
Sebastiaan wrote:
> We did not ask for a broken OS either, and yet they made it. We did not
> ask for a securityless OS, yet they made it.
You're ignoring history. Windows 2000 is vastly more secure than MS-DOS,
which was no less secure than CP/M, and CP/M had no security because it
was a single-
on Wed, Aug 08, 2001 at 12:43:17PM -0500, John Hasler ([EMAIL PROTECTED]) wrote:
> Dave Sherohman writes:
> > According to the Microsoft EULA, they could put code into the
> > startup routines of any of their software that causes it to break
> > into the Pentagon's computers, search out the nuclear
Lets suppose that someone launches a proprietary version of the
Interent, called MSN or AOL for the sake of example. It will have to be paid
for. The free Internet will remain free. It cannot be taken away from
us. And even if the new proprietary version were subsidised for a few
years and thus g
This is quickly departing from the realms of topic :}
On Thu, 9 Aug 2001, John Griffiths wrote:
> Cisco are in BIG financial trouble, MS have LOTS of money, don't bank
> on Cisco stopping them. MS could buy Cisco pretty soon (of course that
Cisco's not in as big of trouble as all that. It's not
On Thu, 9 Aug 2001, William T Wilson wrote:
> On Thu, 9 Aug 2001, Sebastiaan wrote:
>
> > Is M$ really thinking about this? That would really be the end of the
> > internet.
>
> I doubt it. There's no real thing that Microsoft can offer that would
> make end-users *want* to use their proprietar
At 03:21 AM 8/9/01 -0400, William T Wilson wrote:
>On Thu, 9 Aug 2001, Sebastiaan wrote:
>
>> Is M$ really thinking about this? That would really be the end of the
>> internet.
>
>I doubt it. There's no real thing that Microsoft can offer that would
>make end-users *want* to use their proprietary
On Thu, 9 Aug 2001, Sebastiaan wrote:
> Is M$ really thinking about this? That would really be the end of the
> internet.
I doubt it. There's no real thing that Microsoft can offer that would
make end-users *want* to use their proprietary protocol. On the other
hand, there are a lot of people t
>>
>> You would think the major router manufacturers would object to the idea
>> of replacing TCP/IP with a proprietary Microsoft protocol. Which
>> probably means it can't happen.
>>
>Is M$ really thinking about this? That would really be the end of the
>internet.
>
>Greetz,
>Sebastiaan
>
Remem
On Wed, 8 Aug 2001, Craig Dickson wrote:
> Robert L. Harris wrote:
>
> > Did you see this yet?
> >
> > http://www.pbs.org/cringely/pulpit/pulpit20010802.html
> >
> > Was going around one of my local mailing lists. Pretty scary read.
>
> This was discussed on Slashdot recently. I get the impr
Shriram Shrikumar writes:
> If someone was to distribute actual loaded weapons to someone who is
> almost certainly going to use it to cause harm - would that not be
> considered aiding and abetting of criminal behaviour ?
They would have to know or have reason to believe that a specific
individua
> > In theory, is it not their product that is "hacking" into other
> computers
> > - as opposed to the operator who may not even be aware of the
> infection.
>
> Unfortunately it is seen as a law enforcement problem, not a
> software bug.
> The authorities, the media, and the public seem to belie
How much do you think it'll take for MS to make it's TCP backward compatable
so router vendors don't just work with it. If they don't you get another
$12Billion advertisint blitz "We want to make the net safer and more secure
but Cisco is working against us" type deal. Cisco stock drops, and th
Robert L. Harris wrote:
> Did you see this yet?
>
> http://www.pbs.org/cringely/pulpit/pulpit20010802.html
>
> Was going around one of my local mailing lists. Pretty scary read.
This was discussed on Slashdot recently. I get the impression Cringely
has never heard of IPv6. He also refers to "
On Wed, 8 Aug 2001, Dave Sherohman wrote:
> On Wed, Aug 08, 2001 at 02:08:57PM -0600, Bruce Sass wrote:
> > Has anyone asked the NatCops what they think of vermicidal and
> > antibiotic software? (i.e., has it come up before and elicited an
> > official response from any organisation)
>
> Late last
Did you see this yet?
http://www.pbs.org/cringely/pulpit/pulpit20010802.html
Was going around one of my local mailing lists. Pretty scary read.
Thus spake Craig Dickson ([EMAIL PROTECTED]):
> Robert L. Harris wrote:
>
> > You'd think within 12 days people would figure out how to download a
Robert L. Harris wrote:
> You'd think within 12 days people would figure out how to download and
> install a service pack. Kinda scary how long this has been going on
> in the first place.
Indeed. The basic problem, I think (not that this is anything terribly
revelatory), is that the Internet is
You'd think within 12 days people would figure out how to download and
install a service pack. Kinda scary how long this has been going on
in the first place.
Thus spake Craig Dickson ([EMAIL PROTECTED]):
> Dave Sherohman wrote:
>
> > Based on the anaylses I've read, CR2 doesn't have a 'stop
Dave Sherohman wrote:
> Based on the anaylses I've read, CR2 doesn't have a 'stop growing and
> DDOS' phase at all. It's set to shut down at the end of this month
> and, until then, it's just propagating and spreading back doors as fast
> as it can.
That's my understanding, too. Nice of the auth
On Wed, Aug 08, 2001 at 01:14:44PM -0700, Craig Dickson wrote:
> Code Red II is, according to published reports, a new worm that borrows
> Code Red's infection mechanism but is otherwise completely different. I
> have not seen any statement that Code Red II cares about the White
> House's web site.
On Wed, Aug 08, 2001 at 02:08:57PM -0600, Bruce Sass wrote:
> Has anyone asked the NatCops what they think of vermicidal and
> antibiotic software? (i.e., has it come up before and elicited an
> official response from any organisation)
Late last month, news reports say that there was much discussi
Bruce Sass writes:
> Here in Canada it would be the RCMP
Except that the US purports to have no national police, police power being
one of those powers supposedly reserved to the States by the Constitution.
--
John Hasler
[EMAIL PROTECTED]
Dancing Horse Hill
Elmwood, Wisconsin
Robert L. Harris wrote:
> Ok, so your thinking is so much better than everyone else's. You take
> over the world and be the benevelant dictator.
Hardly my point. Apparently you consider it perfectly normal to start
proposing workarounds and solutions when you don't understand the
problem and hav
On 8 Aug 2001, John Hasler wrote:
> Bruce Sass writes:
>
> > The NetCops ("Nat" was a typo?)
>
> No. 'NatCops' == 'National Police': FBI, BATF, DEA, Treasury Agents, etc.
> It comes from an old alternate-worlds sf story I disremember the name of.
> In that world one did _not_ call a NatCop 'NatCop
Bruce Sass writes:
> The NetCops ("Nat" was a typo?)
No. 'NatCops' == 'National Police': FBI, BATF, DEA, Treasury Agents, etc.
It comes from an old alternate-worlds sf story I disremember the name of.
In that world one did _not_ call a NatCop 'NatCop' to his face.
--
John Hasler
[EMAIL PROTECTE
Thus spake Craig Dickson ([EMAIL PROTECTED]):
> Robert L. Harris wrote:
>
> > 2 thoughts.
>
> If you want to call them that, okay.
>
> Sorry, I'm getting mildly annoyed by the conversation at this point.
> We seem to be dividing into two groups: those with a clue, and those
> who neither h
dwidth right now.
>
> Y.Kelly
>
>
>
> -Original Message-
> From:Robert L. Harris [EMAIL PROTECTED]
> Sent:Wed, 8 Aug 2001 12:09:07 -0600
> To: [EMAIL PROTECTED]
> CC: debian-user@lists.debian.org,
> [EMAIL PROTECTED]
> Subject: Re: F
Robert L. Harris wrote:
> 2 thoughts.
If you want to call them that, okay.
Sorry, I'm getting mildly annoyed by the conversation at this point.
We seem to be dividing into two groups: those with a clue, and those
who neither have one nor seem able to catch one when it floats by.
By now, I thin
t now.
Y.Kelly
-Original Message-
From:Robert L. Harris [EMAIL PROTECTED]
Sent:Wed, 8 Aug 2001 12:09:07 -0600
To: [EMAIL PROTECTED]
CC: debian-user@lists.debian.org,
[EMAIL PROTECTED]
Subject: Re: FW: Careful. This is for information only.
Agree with the ethics problem
> IP address used to be the White House's, but they've long
> since gotten that changed!
>
> Y.Kelly
>
>
>
> -Original Message-
> From: Robert L. Harris [EMAIL PROTECTED]
> Sent:Wed, 8 Aug 2001 11:35:16 -0600
> To: debian-user@lists.debia
On 8 Aug 2001, John Hasler wrote:
> Bruce writes:
> > If someone put a vermicide package in Debian,...
>
> Such a package cannot go into Debian. Besides, such a thing should not be
> used by anyone not prepared to build it from source.
>
> > I think the time is right for software antibiotic and ve
be the White House's, but they've long
since gotten that changed!
Y.Kelly
-Original Message-
From:Robert L. Harris [EMAIL PROTECTED]
Sent:Wed, 8 Aug 2001 11:35:16 -0600
To: debian-user@lists.debian.org
Subject: Re: FW: Careful. This is for information only
Dave Sherohman writes:
> According to the Microsoft EULA, they could put code into the startup
> routines of any of their software that causes it to break into the
> Pentagon's computers, search out the nuclear launch codes, and blow up
> the planet while displaying the splash screen and it wouldn'
2 thoughts.
1) Write a script that instead of shutting down the system
applies a hot-fix or shuts the wurm off, maybe a cron type, at job that
removes the files the wurm puts in place and then emails the admin
with a "hey your box is hacked, fix it"...
2) My understanding is that this was ma
--- Dave Sherohman <[EMAIL PROTECTED]> wrote:
> On Wed, Aug 08, 2001 at 09:09:29AM -0700, Shriram Shrikumar wrote:
> > On the other hand, could one sue Microsoft (do they provide
> implied
> > warranties with regards to their suitability for certain tasks ?
> like
> > hosting websites without hack
On Wed, Aug 08, 2001 at 08:36:53AM +0200, Sebastiaan wrote:
> How about this? [ "white" worm ]
You're missing the point.
No one here is saying you would be a bad person if you {shut
off/nuked/notified} a remote site that is already affected with the
worm du jour.
What I'm trying to say (and John
Shri writes:
> Considering most people agree that it IS Illegal to be accessing someone
> elses computer for "good" or bad ? why then, can we not at least threaten
> to sue the people who are trying to get into our boxes at our cost ?
I suppose you can. You just have to figure out who to snail-ma
On Wed, Aug 08, 2001 at 09:09:29AM -0700, Shriram Shrikumar wrote:
> On the other hand, could one sue Microsoft (do they provide implied
> warranties with regards to their suitability for certain tasks ? like
> hosting websites without hacking into someones elses boxes ?) In
> theory, is it not th
On 0, Shriram Shrikumar <[EMAIL PROTECTED]> wrote:
>
>Considering most people agree that it IS Illegal to be accessing
>someone elses computer for "good" or bad ? why then, can we not at
>least threaten to sue the people who are trying to get into our boxes
>at our cost ?
>
Another answer may li
Considering most people agree that it IS Illegal to be accessing
someone elses computer for "good" or bad ? why then, can we not at
least threaten to sue the people who are trying to get into our boxes
at our cost ?
Don't get me wrong - I am not saying that some poor sod should be
sued just cos h
Sebastiaan <[EMAIL PROTECTED]> writes:
> Suppose we make such a torjan, worm or whatever to take action against the
> red one? Let's say, the white worm does not do any damage on the system on
> which it is installed, it only pops up a message on a red wormed
> machine.
That's easy to say... but
Bruce writes:
> If someone put a vermicide package in Debian,...
Such a package cannot go into Debian. Besides, such a thing should not be
used by anyone not prepared to build it from source.
> I think the time is right for software antibiotic and vermicide packages,
> and I think anything that
Sebastiaan writes:
> How about this [a white counter-worm]?
It would still be illegal and I would not want to go on record as
supporting the idea.
--
John Hasler
[EMAIL PROTECTED]
Dancing Horse Hill
Elmwood, Wisconsin
> Ian writes:
> > Seems like a pretty grey area though. He is ultimately responsible for
> > it. There has been enough publicity about CR to ascertain that the
> > system admin was negligent in his duty.
>
> Someone on Advogato just pointed out another risk. What if you only popped
> up a messa
On 7 Aug 2001, John Hasler wrote:
> Ian writes:
> > Seems like a pretty grey area though. He is ultimately responsible for
> > it. There has been enough publicity about CR to ascertain that the
> > system admin was negligent in his duty.
>
> Someone on Advogato just pointed out another risk. Wha
> From: John Griffiths [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 08, 2001 9:12 PM
> >True... Seems like a pretty grey area though.
> >He is ultimately responsible for it. There has been enough
> publicity about
> >CR to ascertain that the system admin was negligent in his duty.
> >
>
At 2001-08-07T22:30:23Z, John Galt <[EMAIL PROTECTED]> writes:
> Naaaw, Kirk doesn't have a Foreign Power to release Americans as a
> bargaining chip
What ever happened to the whole "Internet citizenry" movement that Wired
magazine-types were pushing a few years ago? A meta-union would be h
At 2001-08-07T20:26:53Z, John Hasler <[EMAIL PROTECTED]> writes:
> Possibly. Do you want to be the test case? From recent events it appears
> that you could expect to be out on $50,000 bail after three or four weeks.
At this point, it's tempting. I really wish I had the $$$ to spend the time
Ian writes:
> Seems like a pretty grey area though. He is ultimately responsible for
> it. There has been enough publicity about CR to ascertain that the
> system admin was negligent in his duty.
Someone on Advogato just pointed out another risk. What if you only popped
up a message but someone
>True... Seems like a pretty grey area though.
>He is ultimately responsible for it. There has been enough publicity about
>CR to ascertain that the system admin was negligent in his duty.
>
>Ian
>
We're not dealing with sysadmins.
In the most part it's home users who bought shady computers with
>
> Ian writes:
> > Consider this case A web page /default.ida exists on a
> server which when
> > requested (via Code Red)pops up a message on the affected
> computer. How
> > can it be illegal when it was the affected machine which
> requested the
> > script in the first place ?
>
> It was not t
for Windoze NT use net stop "Service Name" and net start to list running
services, something like
net stop "WWW Publishing Service" should stop IIS, might be different name but.
dman wrote:
> On Mon, Aug 06, 2001 at 09:07:41AM -0700, Gilger.John wrote:
> | Forwarded Message -
Ian writes:
> Consider this case A web page /default.ida exists on a server which when
> requested (via Code Red)pops up a message on the affected computer. How
> can it be illegal when it was the affected machine which requested the
> script in the first place ?
It was not the owner or authorize
>
> On 7 Aug 2001, John Hasler wrote:
>
> > William T Wilson writes:
> > > In states with "Good Samaritan" laws you are likely to be
> shielded from
> > > liability as long as any action you take is clearly
> intended as help.
> >
> > State laws are irrelevant. It's a Federal law, enforced by
> th
On 7 Aug 2001, John Hasler wrote:
>Kirk Strauser writes:
>> OK, it's a stretch to compare laws concerning physical real-world assault
>> to the virtual assault committed by these infected servers, but could at
>> least a little bit of the principle apply?
>
>Possibly. Do you want to be the test c
Kirk Strauser writes:
> OK, it's a stretch to compare laws concerning physical real-world assault
> to the virtual assault committed by these infected servers, but could at
> least a little bit of the principle apply?
Possibly. Do you want to be the test case? From recent events it appears
that
At 2001-08-07T03:24:04Z, John Hasler <[EMAIL PROTECTED]> writes:
> Making any use at all of the backdoor, even just to send the admin a
> message, is probably a crime under US law.
Another possibility would be to consider it the smallest amount of force
necessary to prevent an assault. Merely i
On Tue, 7 Aug 2001, allen wayne best just ramblin in his amx wrote:
awbjri> taking a cue from various posts on this subject, i tar'd up a *lot* of
gnu
awbjri> software tars into one heck of large file. i put this in my webserver
html
awbjri> section as default.ida, thinking, well, if the infec
on Tue, Aug 07, 2001 at 09:44:50AM -0700, allen wayne best just ramblin in his
amx ([EMAIL PROTECTED]) wrote:
> taking a cue from various posts on this subject, i tar'd up a *lot* of gnu
> software tars into one heck of large file. i put this in my webserver html
> section as default.ida, think
taking a cue from various posts on this subject, i tar'd up a *lot* of gnu
software tars into one heck of large file. i put this in my webserver html
section as default.ida, thinking, well, if the infected machine wants a file,
give it to it!
transferring hundreds of megabytes should get the a
I wrote:
> State laws are irrelevant. It's a Federal law, enforced by the same people
> who are prosecuting Sklyarov.
Sebastiaan writes:
> What about world law?
Fortunately, there is no such animal.
> But laws are only made to help people,...
ROFL.
--
John Hasler
[EMAIL PROTECTED]
Dancing Hor
So creating a fifo for apache to write its access log to and a script
like this would be a faux pas then?...
-Max
#!/usr/bin/perl
#
# Script to retaliate against Code Red Attacks.
# the author is not responsible for how you use this educational script.
use Socket;
$fifo = "/var/log/apache/ap
On 7 Aug 2001, John Hasler wrote:
> William T Wilson writes:
> > In states with "Good Samaritan" laws you are likely to be shielded from
> > liability as long as any action you take is clearly intended as help.
>
> State laws are irrelevant. It's a Federal law, enforced by the same people
> who
William T Wilson writes:
> In states with "Good Samaritan" laws you are likely to be shielded from
> liability as long as any action you take is clearly intended as help.
State laws are irrelevant. It's a Federal law, enforced by the same people
who are prosecuting Sklyarov.
--
John Hasler
[EMAI
Ian Perry wrote:
> Its a pity those people are so lame and irresponsible that they are not
> doing anything about it.
A lot of them are dialup or PPPOE (cable/DSL) machines owned by Joe
Consumer, who probably doesn't even know that Windows NT/2000 came with
a free web server. He also doesn't know
on Mon, Aug 06, 2001 at 10:54:10PM -0500, Nathan E Norman ([EMAIL PROTECTED])
wrote:
> On Mon, Aug 06, 2001 at 10:24:04PM -0500, John Hasler wrote:
> > Ian Perry writes:
> > > You could, but wouldn't be better to alert then than shutting them
> > > down... there could be legal ramifications in lo
On Tue, 7 Aug 2001, Ian Perry wrote:
> Oh damn... looking at the logs looks like here comes another one...
> "GET /robots.txt HTTP/1.0"... repeat.
That's usually from a search engine. robots.txt is an (advisory) control
method so that search engines don't try to index, for example, dynamical
>
>Its a pity those people are so lame and irresponsible that they are not
>doing anything about it.
>
>I actually began looking at the web pages, and emailing the web admin or
>contact point but with a packet coming in every few minutes it became
>impossible. It also seemed to be a waste of time
> -Original Message-
> From: William T Wilson [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 07, 2001 2:01 PM
> To: Nathan E Norman
> Cc: debian-user@lists.debian.org
> Subject: Re: FW: Careful. This is for information only.
>
>
> On Mon, 6 Aug 2001, Nat
On Mon, 6 Aug 2001, Nathan E Norman wrote:
> I have to agree with John ... using a security hole in someone else's
> server for good or evil is probably not a good idea legally. I'd
> advise against it.
In states with "Good Samaritan" laws you are likely to be shielded from
liability as long as
On Mon, Aug 06, 2001 at 10:24:04PM -0500, John Hasler wrote:
> Ian Perry writes:
> > You could, but wouldn't be better to alert then than shutting them
> > down... there could be legal ramifications in lost income etc etc for a
> > public server.
>
> Making any use at all of the backdoor, even ju
Ian Perry writes:
> You could, but wouldn't be better to alert then than shutting them
> down... there could be legal ramifications in lost income etc etc for a
> public server.
Making any use at all of the backdoor, even just to send the admin a
message, is probably a crime under US law.
--
Joh
> -Original Message-
> From: Titus Barik [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 07, 2001 12:06 PM
> To: Ian Perry
> Cc: debian-user@lists.debian.org
> Subject: RE: FW: Careful. This is for information only.
>
>
> On Tue, 7 Aug 2001, Ian Perry wr
>
> | What about just popping a message onto the console ?
>
> What console? (It's windows, not dos)
DOS... I remember the time... :)
OK point taken... monitor, screen, window, TV, visual display, LCD...
Did I miss any ? ;)
>
> I saw it on /. :
>
> net send
>
> will pop up a dialo
On Tue, 7 Aug 2001, Ian Perry wrote:
> > > rundll32 user32.dll,ExitWindows
You might want to consider this:
http://support.microsoft.com/support/kb/articles/Q202/0/13.ASP
Which allows you to use IISRESET to start and stop the IIS server.
Titus Barik ([EMAIL PROTECTED])
AIM: TBarik ICQ: 160
On Tue, Aug 07, 2001 at 10:17:28AM +1000, Ian Perry wrote:
| > > rundll32 user32.dll,ExitWindows
| >
| > Meh. Doesn't quite work, even on 95.
| > For one, it's ExitWindowsEx. And then it only shuts down if you click
| > OK. And then it only really logs out if there's more than one account.
A
>
> >
> > rundll32 user32.dll,ExitWindows
>
> Meh. Doesn't quite work, even on 95.
> For one, it's ExitWindowsEx. And then it only shuts down if you click
> OK. And then it only really logs out if there's more than one account.
>
> There might be some other way like that that works, but it's p
>
> rundll32 user32.dll,ExitWindows
Meh. Doesn't quite work, even on 95.
For one, it's ExitWindowsEx. And then it only shuts down if you click
OK. And then it only really logs out if there's more than one account.
There might be some other way like that that works, but it's probably
a lot e
>
> | Amazing! Someone on /. proposed writing a script that whenever
> | anyone hits your web server with , you automatically connect
> | back and halt the attacking machine, thus stopping the spread.
>
> I would ike to see something like this . I was thinking of
> putting a CGI script as /
On Mon, Aug 06, 2001 at 09:07:41AM -0700, Gilger.John wrote:
| Forwarded Message -
| According to incidents.org, for any machine that hits your webserver
| with X, you can telnet back to that machine on port 80 and get
| cmd line access to that m
85 matches
Mail list logo
