Absolutely. MS08-067 raised the SANS ISC InfoCon to Yellow
http://isc.sans.org/infocon.html
and that doesn't happen every month.
When you look into payload of Win32/Gimmiv.A Trojan the motivation behind the
exploitation is very clear.
This vulnerability has been reportedly the weapon of targeted
Wiped out my routers here right after the update ... thought Verizon had
dropped the ball since it happens often here. Wasn't until I shut off all of
the routers and rekicked them that everything came back. Wired as well as WiFi
here ...
At 06:22 PM 10/23/2008, Paul Ferguson wrote:
>-BEGIN
> How? (This is hypothetical here) I am running XPSP2 and my firewall is
> on. I don't have file and print sharing on, as is the case with the
> overwhelming majority of XPSP2 users.
Change the perspective at which you look at it. Plant the seed (think
drive-by, think rouge antivirus/antispyware
Oh clearly it's a real threat. It's just not the threat it would have
been a few years ago.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From: Paul Fer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Oct 23, 2008 at 6:33 PM, Paul Ferguson <[EMAIL PROTECTED]>
wrote:
>
> On Thu, Oct 23, 2008 at 6:29 PM, Larry Seltzer <[EMAIL PROTECTED]>
> wrote:
>
Default?
And what might those rulesets be, pray tell?
>>
>> http://support.microsoft.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Oct 23, 2008 at 6:29 PM, Larry Seltzer <[EMAIL PROTECTED]>
wrote:
>>> Default?
>>>And what might those rulesets be, pray tell?
>
> http://support.microsoft.com/default.aspx?scid=fh;ln;xpsp2swhw and a
> hundred other URLs at Microsoft.com: "By
>> Default?
>>And what might those rulesets be, pray tell?
http://support.microsoft.com/default.aspx?scid=fh;ln;xpsp2swhw and a
hundred other URLs at Microsoft.com: "By default, Windows Firewall is
enabled and blocks unsolicited connections to your computer."
That's the default configuration afte
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Oct 23, 2008 at 6:20 PM, Larry Seltzer <[EMAIL PROTECTED]>
wrote:
> All XP SP2 and later users have the firewall on by default. Surely this
> is an immense percentage of users by now.
>
Default?
And what might those rulesets be, pray tell?
All XP SP2 and later users have the firewall on by default. Surely this
is an immense percentage of users by now.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Mess
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Oct 23, 2008 at 6:17 PM, Larry Seltzer <[EMAIL PROTECTED]>
wrote:
> << If you have a system that is not patched against this threat, you
> will be pwned in the same fashion as the MS05-039 exploit spread like
> wildfire -- that was my point.
>
<< If you have a system that is not patched against this threat, you
will be pwned in the same fashion as the MS05-039 exploit spread like
wildfire -- that was my point.
How? (This is hypothetical here) I am running XPSP2 and my firewall is
on. I don't have file and print sharing on, as is the cas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Oct 23, 2008 at 4:58 PM, Larry Seltzer <[EMAIL PROTECTED]>
wrote:
> IIRC, MS05-039 didn't hit XP SP2 users as hard as those of earlier
> versions for the same reasons MS08-067 doesn't. Back then XPSP2 was
> relatively new, about a year old and
IIRC, MS05-039 didn't hit XP SP2 users as hard as those of earlier
versions for the same reasons MS08-067 doesn't. Back then XPSP2 was
relatively new, about a year old and met with a lot of resistance, so
the world was full of vulnerable systems. How many pre-XP SP2 systems
are out there in the wil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Oct 23, 2008 at 4:03 PM, Larry Seltzer <[EMAIL PROTECTED]>
wrote:
>>>-Block TCP ports 139 and 445 at the firewall
> So it's serious, about as serious a bug as we've seen from Microsoft in
> at least 2 or 3 years, but it's no Blaster. People a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Oct 23, 2008 at 3:35 PM, Nick FitzGerald <[EMAIL PROTECTED]>
wrote:
> ferg wrote:
>
>> Sure, I believe this. Why wouldn't I want to download and use software
>> from Estdomains?
>
> But _where_ is the download link?
>
>
I have a few malware l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For what it's worth, I just tried again and it seems to work okay.
Granted, I'm now on an _open_ wifi vs. a WPA/WPA2 or WEP connection, but
I'm not sure if that makes any difference.
Greetz from the bar in D.C. :-)
- - ferg
On Thu, Oct 23, 2008 a
I'm on Wifi and it didn't mess with me. The bug has to do with resolving
canonical names in shares (see
http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx), so I can't
see why it would have the effect you describe, but everyone knows this
shit's too complicated.
Larry Seltzer
eWEEK.com Sec
>>-Block TCP ports 139 and 445 at the firewall
This is critical, but note that any firewall not written by a complete
idiot will block these ports. So as a practical matter a very large
percentage of users are effectively protected by their router firewall
and/or by Windows Firewall or a 3rd party
ferg wrote:
> Sure, I believe this. Why wouldn't I want to download and use software from
> Estdomains?
But _where_ is the download link?
Regards,
Nick FitzGerald
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Was just wondering if anyone else has experienced WiFi (?) connectivity
problems after installed MS08-067 today...
I have two valid instances (myself :-) and a colleague) where after
rebooting, we cannot successfully retrieve the proper DHCP informati
And it is
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
Recommended workarounds:
-Disable the Server and Computer Browser services
-Block TCP ports 139 and 445 at the firewall
Go and patch ASAP this RPC vulnerability, folks.
Juha-Matti
Juha-Matti Laurio [EMAIL PROTECTED] kirj
On Thu, 23 Oct 2008 17:25:41 +0100, Tomas L. Byrnes <[EMAIL PROTECTED]>
wrote:
> Labour were sure to ban guns before moving on to biometrically linking
> the personally owned tracking and listening device.
Apologies for dragging out the old firearms ban stuff again; but contrary
to popular kno
Paul Ferguson wrote:
> Today EstDomains, Inc (http://www.estdomains.com) is glad to introduce to
> the internet-oriented community advanced software created especially for
> browsing through the World Wide Web in order to detect corrupted and
> potentially dangerous websites.
Well, they fscking o
You grossly overestimate the effectiveness of air power and other
weapons designed for use against mechanized forces in the field against
an insurgency.
Aks, ARs, Garands, and any semi-auto handgun would be very effective in
any revolution.
>-Original Message-
>From: [EMAIL PROTECTED] [
AKs are popguns, and not very effective outside 100M, however, except
for a few fascist states, you can own a Barrett, and .50 BMG is NOT a
popgun.
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>On Behalf Of quispiam lepidus
>Sent: Monday, October 20, 2008 3:25 P
We've exercised all of them in the past 200 years. While Johnny Reb may
have lost the Civil War, he made the point that the Federal Government
can only push the people so far.
See also the LA Riots.
>-Original Message-
>From: Drsolly [mailto:[EMAIL PROTECTED]
>Sent: Monday, October 20,
Labour were sure to ban guns before moving on to biometrically linking
the personally owned tracking and listening device.
Gun bans are usually one of the first steps towards tyranny, for your
and the children's safety, of course.
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EM
It's worked better than in France, Germany, and the UK, which have each,
in the same period, had some pretty tyrannical governments, and the UK
seems to be heading down that path again.
>-Original Message-
>From: Drsolly [mailto:[EMAIL PROTECTED]
>Sent: Sunday, October 19, 2008 11:54 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sure, I believe this. Why wouldn't I want to download and use software from
Estdomains?
[snip]
Wilmington, DE (PRWEB) October 23, 2008 -- After several fruitful years on
online services market, EstDomains, Inc (http://www.estdomains.com) is
proud to
"Microsoft will rush out an emergency security patch for Windows users on
Thursday.
The company offered few details on why it was releasing the software update,
which is rated critical for users of Windows 2000, Windows XP, and Windows
Server 2003.
A critical flaw is worrisome, however, because
30 matches
Mail list logo
