Fri, Nov 8, 8:22 PM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Nov 08 7:12 pm)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: top 20 security risks


Jaqui ( ) posted Wed, 05 January 2005 at 12:51 AM ยท edited Fri, 08 November 2024 at 8:20 PM

10 for windows, 10 for all flavours of unix. http://www.sans.org/top20/


Ardiva ( ) posted Wed, 05 January 2005 at 9:07 PM

Attached Link: http://bcheck.scanit.be/bcheck/

Check your browsers vulnerability. :) http://bcheck.scanit.be/bcheck/



Jaqui ( ) posted Wed, 05 January 2005 at 9:50 PM

~ROTFLMAO~ that tester just throws an error for me. the script don't exist on the server. guess you have to have an insecure browser for it to test. no 3rd party cookies, no clientside scripting, no plugins. no risks of infestation. ( on linux so even more secure )


Ardiva ( ) posted Wed, 05 January 2005 at 9:54 PM ยท edited Wed, 05 January 2005 at 9:56 PM

I use Firefox 1.0 and I tested out with 0 errors. :)

Message edited on: 01/05/2005 21:56



Jaqui ( ) posted Wed, 05 January 2005 at 10:04 PM

mozilla here and can't get tested. throws: Not Found The requested URL /bcheck/sid-950126f6cdbd15bab145685006ef33a0cript.php was not found on this server.


Ardiva ( ) posted Wed, 05 January 2005 at 10:07 PM

Hmmmm..Try your IE and see if you can get in there. Testing for IE is something else and it would serve you to see what problems it has.



Jaqui ( ) posted Wed, 05 January 2005 at 10:14 PM

what ie? I'm on linux. no ie.


Ardiva ( ) posted Wed, 05 January 2005 at 10:27 PM

Oh...oh yeah! LOL!!



Jaqui ( ) posted Wed, 05 January 2005 at 10:34 PM

~lmao~ besides I would never have that malware on a computer I own. ( or any other software issued by or for ms )


Ardiva ( ) posted Wed, 05 January 2005 at 10:47 PM

I don't like having an MS system either, but at this point I don't have much of a choice. I'm just happy as a bug snuggled in a rug that I can use FireFox. :)



elizabyte ( ) posted Wed, 05 January 2005 at 11:29 PM

The Browser Security Test is finished. Please find the results below: High Risk Vulnerabilities 0 Medium Risk Vulnerabilities 0 Low Risk Vulnerabilities 0

Just what I expected. :-) Firefox 1.0, fully updated Windows with custom security settings (turning off certain features, etc.), personal firewall. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


Ardiva ( ) posted Wed, 05 January 2005 at 11:39 PM

B.I.N.G.O Bonni! :)



FrenchToast ( ) posted Thu, 06 January 2005 at 1:08 AM

My security is down... tsk I just bought a "Home-made" computer from my friend, but it's equipt with such new technology that Service Pack 2 makes it crash. I'm hoping that the anti-spyware/firewall stuff that he's installed is up to par with the computer itself, but I have a fealing that it's all freeware from what I have seen.


Jumpstartme2 ( ) posted Thu, 06 January 2005 at 2:21 AM

High Risk Vulnerabilities 0 Medium Risk Vulnerabilities 0 Low Risk Vulnerabilities 0 Love my Firefox :)

~Jani

Renderosity Community Admin
---------------------------------------




Jaqui ( ) posted Thu, 06 January 2005 at 2:47 AM

well, since mozilla is firefox. and I turned off anything that could remotely cause seciruty risk, I know I wouls get same results...or better if it will show negatives. ~wink~


bonestructure ( ) posted Fri, 07 January 2005 at 8:17 AM

#1 security eisk = stupid computer users

Talent is God's gift to you. Using it is your gift to God.


Jaqui ( ) posted Sat, 08 January 2005 at 8:34 AM ยท edited Sat, 08 January 2005 at 8:38 AM

hey bone,
what's an eisk?

Windows WINS Service Buffer Overflow

Description: Exploit code has been publicly posted for the buffer
overflow in the Windows WINS service that has been discussed in the
Microsoft security bulletin MS04-045. Note that this overflow can be
leveraged to execute arbitrary code with 'SYSTEM' privileges. Any domain
controllers running WINS should be patched immediately.

Council Site Actions: Most of the reporting council sites are running
the affected software and have already patched their systems or are in
the process of patching their systems.

References:
Exploit Code
http://www.securiteam.com/exploits/5EP020KEKW.html Windows NetDDE Service Buffer Overflow Description: Exploit code has been publicly posted for the buffer overflow vulnerability in the Windows NetDDE service that has been discussed in the Microsoft Security Bulletin MS04-031. The service is not enabled by default. However, if this service is being used, ensure that the systems are properly patched. Note that the overflow can be leveraged to execute arbitrary code with 'SYSTEM' privileges. Council Site Actions: Most of the reporting council sites are running the affected software and have already patched their systems or are in the process of patching their systems. References: Exploit Code http://www.securiteam.com/exploits/5FP030KEKS.html Previous @RISK Newsletter Posting (Item #4) http://www.sans.org/newsletters/risk/vol3_41.php 05.1.5 CVE: Not Available Platform: Other Microsoft Products Title: Internet Explorer FTP Client Directory Traversal Description: Microsoft Internet Explorer FTP client allows users to transfer files. The client is vulnerable to a directory traversal vulnerability due to a failure of the application to sanitize user-supplied input. A remote attacker could place files in an arbitrary location without the user's knowledge or consent. Microsoft Internet Explorer 6.0 and 6.0 SP1 are reported to be vulnerable. Ref: http://www.7a69ezine.org/node/view/176 05.1.7 CVE: Not Available Platform: Third Party Windows Apps Title: Mozilla/Firefox File Download Dialog Spoofing Vulnerability Description: Mozilla and Firefox are vulnerable to an issue that may permit a malicious web page to spoof the source of a download. Mozilla versions 1.7.x and Firefox versions 1.x are reported to be vulnerable. No solution available, but the vendor states a fix will be included in the next release. Ref: http://secunia.com/secunia_research/2004-15/advisory/

Message edited on: 01/08/2005 08:38


FrenchToast ( ) posted Sat, 08 January 2005 at 9:06 PM

Now, what are you using to figure your security status? I've been using the Microsoft Baseline Security Analyzer, and it ALWAYS tells me that I'm missing SP2. I could load any browser.


bonestructure ( ) posted Sat, 08 January 2005 at 9:57 PM

A good antivirus package like Nortons helps. A firewall is good too. A lot of people like Zonealarm. I don't. I use Sygate. http://www.sygate.com/ They have a free firewall I find works very effectively and runs unobtrusively. One thing I do above all. Turn of the windows messenger. That puppy keeps a port open and it's so easy to hack into it. You can get a nice little freeware program that does this at http://grc.com/stm/ShootTheMessenger.htm Why messenger? It's a pipeline for spyware, which may be the most insidious new hacking tool around. As far as service packs, well, I downlaod a few of the security updates, but the service packs are 100s of megs each. Come on, I'm on dial-up, what was microsoft thinking with downloads that big? I don't even download MP3s, let alone something that huge. Just because a program like anti spyware of a firewall is free doesn't mean it's not good. As far as firewalls, personal users don't have the advanced needs that business users with multiple computers face, so a freeware firewall, from a good company, suffices quite well. As far as spyware, well, eliminate windows messenger and you cut that down considerably. As for the rest of it, I'm not sure any program, freeware of not is able to keep up with it all that well.

Talent is God's gift to you. Using it is your gift to God.


Ardiva ( ) posted Sat, 08 January 2005 at 10:10 PM

If you are using Nortons...and using it's firewall along with FireFox browser. You must tell Norton to allow FF access. Otherwise you won't be able to connect.



Jaqui ( ) posted Sat, 08 January 2005 at 11:19 PM

French Toast,
and if you look at reports from independant sources, majority of risks are ms based.

so never trust microsoft to tell you the truth.
they will lie through their teeth to keep your money coming in.

after all money is god.

ya lost respect by saying you use microsoft security advisor.


spothmann ( ) posted Sun, 09 January 2005 at 7:45 PM

Just because a program like anti spyware of a firewall is free doesn't mean it's not good. No, but it's useless if the user doesn't know what it does or how it works. Imagine you have the best firewall in the world, but somehow get a trojan on your computer (friend's CD?). How, do you think, would your firewall tell you that this trojan is trying to access the internet? a) "Hi, here's the very bad big Trojan IWILLCRACKYOU and it's trying to access the internet. Would you like to allow that?" OR rather b) "Hi, this is the Internet Explorer / Windows Update / any-internet-requiring-useful-software-on-your-computer, and it would like to access the internet. Would you like to allow that?" and, if b) would pop up from your firewall - would you allow it? A virus scanner is nice. But remember that if you 'just' update it once a day with new virus definitions, a cracker still has at least 24 hours in between to create a virus / worm / backdoor / trojan which your virus scanner won't detect. And I'm speaking of updating it every single day, plus the aforementioned virus / worm / backdoor / trojan would have to be recognized by the virus scanner programmers within that time, so that they are able to write a virus definition - which is often not the case. So - to make it short: If you have no idea of the internet and its risks, and if you have no idea how to avoid them, then, by all means, stay off the internet. However, if you know what you're doing, if you know that you must not click on and download everything that doesn't jump away fast enough, then you don't need either a virus scanner or a firewall. I've been on the net since 1995, up to twenty-four hours per day, and in all that time, I have caught one virus - through a friend's CD ("100% virus free!" - Haha!). And I neither have a firewall nor a virus scanner. BTW, Bones: SOOOO glad to read something from you again!


bonestructure ( ) posted Sun, 09 January 2005 at 8:12 PM

I'm pretty darn glad to be back myself, thanks to the help of a lot of friends.

Talent is God's gift to you. Using it is your gift to God.


FrenchToast ( ) posted Tue, 18 January 2005 at 5:28 PM

Well, what I was wondering is which program people are using to assess thier security rating.


Jaqui ( ) posted Wed, 19 January 2005 at 4:36 AM

check the link in post 2


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.