Kelly Martin, 2004-02-20
If hundreds of thousands of people are still blindly clicking on attachments in their email, is there any hope of mitigating the threat of hundreds of thousands of compromised systems with open backdoors?
Colapse all |
Post comment
Knock, Knock, Knock
2004-02-20
Dmitriy (1 replies)
Dmitriy (1 replies)
Knock, Knock, Knock
2004-02-24
Keith (4 replies)
Keith (4 replies)
Clearly, the best way to tackle this problem is to increase awareness of it. It's got to be worth trying a worldwide prime time TV advertising campaign, targeted at people who haven't a clue about the problem. I'm sure that advertising industry executives could come up with some hard hitting ideas...
[ more ] [ reply ]
[ more ] [ reply ]
Knock, Knock, Knock
2004-02-27
Farzad
Farzad
I used to think education was the way to go but to be honest I've lost faith. I've been in this game for years and I advocate security to my friends and family bordering on preaching and still some of them will open attachments from unknown senders. It seems hopeless. I agree with another comment wh...
[ more ] [ reply ]
[ more ] [ reply ]
Knock, Knock, Knock
2004-03-01
Anonymous
Anonymous
bull.. The best way to tackle this is to arrest anyone who deliberately distributes an email program which starts executable content when double clicking.
Some people have great difficulty remembering that before outlook, one of IT departments biggest problems was to distribute mails telling pe...
[ more ] [ reply ]
Some people have great difficulty remembering that before outlook, one of IT departments biggest problems was to distribute mails telling pe...
[ more ] [ reply ]
Knock, Knock, Knock
2004-03-01
www.mobasoft.com
www.mobasoft.com
I don't understand how you can say that Microsoft's programming is "responsible".
The real responsibility lies in the core fact that most computer users don't know enough about computers. They want all of their applications to work together. Get an attachment, click on it, have word open it, etc....
[ more ] [ reply ]
The real responsibility lies in the core fact that most computer users don't know enough about computers. They want all of their applications to work together. Get an attachment, click on it, have word open it, etc....
[ more ] [ reply ]
Knock, Knock, Knock
2004-02-20
Anonymous (2 replies)
Anonymous (2 replies)
"If we cannot prevent the average user from double-clicking the latest virus in his email, how will we ever stop the propagation of more advanced, stealthy code?"
trivial - disallow executable attachments entirely.
And if you also want to stop potential buffer overflow of normal attachments, d...
[ more ] [ reply ]
trivial - disallow executable attachments entirely.
And if you also want to stop potential buffer overflow of normal attachments, d...
[ more ] [ reply ]
Knock, Knock, Knock
2004-02-25
Anonymous (1 replies)
Anonymous (1 replies)
Hmm you mention skipping html to avoid buffer overflows? well adding another element will certainly increase the probability of buffer overruns, but HTML in itself is not more likely to contain buffer overflows than MIME is.. Often buffer overflows have been found in From:, To:, Date: fields etc.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
HTML/MIME vulnerability (and avoidance)
2004-02-26
Anonymous
Anonymous
Nope - MIME provides just a transport, as does SMTP headers.
Reasonably sane programming handles that.
HTML interpreters are truly horrible things to debug. Avoiding HTML flat out avoids:
a. javascript interpreters
b. image loaders
c. additional network connections
d. other interpreters ...
[ more ] [ reply ]
Reasonably sane programming handles that.
HTML interpreters are truly horrible things to debug. Avoiding HTML flat out avoids:
a. javascript interpreters
b. image loaders
c. additional network connections
d. other interpreters ...
[ more ] [ reply ]
Ok Double Sided Swords
2004-02-21
Anonymous
Anonymous
Port Knocking is also used on linux systems to hide open ports to reduce the chance of attacker finding the open port to attack.
This can be a smtp or a pop or some other protected server hiding behind ssl that you don't want anyone to see all the time.
This could be a responce to worms hunting ...
[ more ] [ reply ]
This can be a smtp or a pop or some other protected server hiding behind ssl that you don't want anyone to see all the time.
This could be a responce to worms hunting ...
[ more ] [ reply ]
Knock, Knock, Knock
2004-02-24
Jack (1 replies)
Jack (1 replies)
Sure, yeah, a worm/backdoor writer *could* implement port-knocking to protect the backdoor. But you are forgetting one important thing....
they don't /care/ about the security of their victim's machines....
[ more ] [ reply ]
they don't /care/ about the security of their victim's machines....
[ more ] [ reply ]
Knock, Knock, Knock
2004-02-28
Anonymous
Anonymous
"Sure, yeah, a worm/backdoor writer *could* implement port-knocking to protect the backdoor. But you are forgetting one important thing....
they don't /care/ about the security of their victim's machines."
When an owned machine is a commodity to be used and traded, sure you care about making ...
[ more ] [ reply ]
they don't /care/ about the security of their victim's machines."
When an owned machine is a commodity to be used and traded, sure you care about making ...
[ more ] [ reply ]
Knock, Knock, Knock
2004-02-26
fndude@hotmail.com
fndude@hotmail.com
Actually, would a port knocking trojan be more secure? The client side of the trojan would be distributed I am sure, and the ability to gain access to the trojan would be in place. Now a mass-rooter script would be wrote that would simply knock on each machine then try the port. Even if you used DES...
[ more ] [ reply ]
[ more ] [ reply ]
Knock, Knock, Knock
2004-02-27
Anonymous
Anonymous
what about disabling the possibility to send/open attachments until a proper antivirus program is installed. Checks could be included that verify if the software is still up 2 date, etc ... you would still be able to send/receive e-mail, but attachments would be blocked if there's no antivirus-softw...
[ more ] [ reply ]
[ more ] [ reply ]
Pretty easy solution
2004-02-27
Potato Head
Potato Head
About 4 years ago on NT I wrote a little application, it was simple, ran an executable in a sandbox by shimming / hooking DLLS and only allowed certain functions.
It stopped a lot of buffer over run type attacks and stopped those stupid mass emailing and the like.
The shimmy to the App returne...
[ more ] [ reply ]
It stopped a lot of buffer over run type attacks and stopped those stupid mass emailing and the like.
The shimmy to the App returne...
[ more ] [ reply ]
- With more advanced security software (IDS, firewalls, virus scanners...etc...).
There will allways be stupid people and thus ...
[ more ] [ reply ]