Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon
Community Center F.A.Q (Last Updated: 2024 Nov 08 7:12 pm)
Attached Link: http://bcheck.scanit.be/bcheck/
Check your browsers vulnerability. :) http://bcheck.scanit.be/bcheck/The Browser Security Test is finished. Please find the results below: High Risk Vulnerabilities 0 Medium Risk Vulnerabilities 0 Low Risk Vulnerabilities 0
Just what I expected. :-) Firefox 1.0, fully updated Windows with custom security settings (turning off certain features, etc.), personal firewall. bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
My security is down... tsk I just bought a "Home-made" computer from my friend, but it's equipt with such new technology that Service Pack 2 makes it crash. I'm hoping that the anti-spyware/firewall stuff that he's installed is up to par with the computer itself, but I have a fealing that it's all freeware from what I have seen.
hey bone,
what's an eisk?
Windows WINS Service Buffer Overflow
Description: Exploit code has been publicly posted for the buffer
overflow in the Windows WINS service that has been discussed in the
Microsoft security bulletin MS04-045. Note that this overflow can be
leveraged to execute arbitrary code with 'SYSTEM' privileges. Any domain
controllers running WINS should be patched immediately.
Council Site Actions: Most of the reporting council sites are running
the affected software and have already patched their systems or are in
the process of patching their systems.
References:
Exploit Code
http://www.securiteam.com/exploits/5EP020KEKW.html Windows NetDDE Service Buffer Overflow Description: Exploit code has been publicly posted for the buffer overflow vulnerability in the Windows NetDDE service that has been discussed in the Microsoft Security Bulletin MS04-031. The service is not enabled by default. However, if this service is being used, ensure that the systems are properly patched. Note that the overflow can be leveraged to execute arbitrary code with 'SYSTEM' privileges. Council Site Actions: Most of the reporting council sites are running the affected software and have already patched their systems or are in the process of patching their systems. References: Exploit Code http://www.securiteam.com/exploits/5FP030KEKS.html Previous @RISK Newsletter Posting (Item #4) http://www.sans.org/newsletters/risk/vol3_41.php 05.1.5 CVE: Not Available Platform: Other Microsoft Products Title: Internet Explorer FTP Client Directory Traversal Description: Microsoft Internet Explorer FTP client allows users to transfer files. The client is vulnerable to a directory traversal vulnerability due to a failure of the application to sanitize user-supplied input. A remote attacker could place files in an arbitrary location without the user's knowledge or consent. Microsoft Internet Explorer 6.0 and 6.0 SP1 are reported to be vulnerable. Ref: http://www.7a69ezine.org/node/view/176 05.1.7 CVE: Not Available Platform: Third Party Windows Apps Title: Mozilla/Firefox File Download Dialog Spoofing Vulnerability Description: Mozilla and Firefox are vulnerable to an issue that may permit a malicious web page to spoof the source of a download. Mozilla versions 1.7.x and Firefox versions 1.x are reported to be vulnerable. No solution available, but the vendor states a fix will be included in the next release. Ref: http://secunia.com/secunia_research/2004-15/advisory/
Message edited on: 01/08/2005 08:38
A good antivirus package like Nortons helps. A firewall is good too. A lot of people like Zonealarm. I don't. I use Sygate. http://www.sygate.com/ They have a free firewall I find works very effectively and runs unobtrusively. One thing I do above all. Turn of the windows messenger. That puppy keeps a port open and it's so easy to hack into it. You can get a nice little freeware program that does this at http://grc.com/stm/ShootTheMessenger.htm Why messenger? It's a pipeline for spyware, which may be the most insidious new hacking tool around. As far as service packs, well, I downlaod a few of the security updates, but the service packs are 100s of megs each. Come on, I'm on dial-up, what was microsoft thinking with downloads that big? I don't even download MP3s, let alone something that huge. Just because a program like anti spyware of a firewall is free doesn't mean it's not good. As far as firewalls, personal users don't have the advanced needs that business users with multiple computers face, so a freeware firewall, from a good company, suffices quite well. As far as spyware, well, eliminate windows messenger and you cut that down considerably. As for the rest of it, I'm not sure any program, freeware of not is able to keep up with it all that well.
Talent is God's gift to you. Using it is your gift to God.
Just because a program like anti spyware of a firewall is free doesn't mean it's not good. No, but it's useless if the user doesn't know what it does or how it works. Imagine you have the best firewall in the world, but somehow get a trojan on your computer (friend's CD?). How, do you think, would your firewall tell you that this trojan is trying to access the internet? a) "Hi, here's the very bad big Trojan IWILLCRACKYOU and it's trying to access the internet. Would you like to allow that?" OR rather b) "Hi, this is the Internet Explorer / Windows Update / any-internet-requiring-useful-software-on-your-computer, and it would like to access the internet. Would you like to allow that?" and, if b) would pop up from your firewall - would you allow it? A virus scanner is nice. But remember that if you 'just' update it once a day with new virus definitions, a cracker still has at least 24 hours in between to create a virus / worm / backdoor / trojan which your virus scanner won't detect. And I'm speaking of updating it every single day, plus the aforementioned virus / worm / backdoor / trojan would have to be recognized by the virus scanner programmers within that time, so that they are able to write a virus definition - which is often not the case. So - to make it short: If you have no idea of the internet and its risks, and if you have no idea how to avoid them, then, by all means, stay off the internet. However, if you know what you're doing, if you know that you must not click on and download everything that doesn't jump away fast enough, then you don't need either a virus scanner or a firewall. I've been on the net since 1995, up to twenty-four hours per day, and in all that time, I have caught one virus - through a friend's CD ("100% virus free!" - Haha!). And I neither have a firewall nor a virus scanner. BTW, Bones: SOOOO glad to read something from you again!
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
10 for windows, 10 for all flavours of unix. http://www.sans.org/top20/