Posted on 08/11/2003 2:33:46 PM PDT by STFrancis
All,
Here a scoop to Freepers which is just now hitting us security pro's.
There is a first vulnerability that uses the MS Bug that MS addressed with MS 03-026 two weeks ago.
It is calling itself MSBLAST.exe and is spreading in the wild unbelievably fast. http://isc.sans.org/diary.html?date=2003-08-11
A first advisory from McAffee has just been published: http://us.mcafee.com/virusInfo/defa...&virus_k=100547 Once it finds a vulnerable system, it will spawn a shell on port 4444 and use it to download the actual worm via tftp. The exploit itself is very close to 'dcom.c' and so far appears to use the "universal Win2k" offset only.
In other words we need to make sure port 4444 is blocked inbound AND outbound.
Of course this is in addition to the MS03-026 patch being installed which Microsoft released two weeks ago (more info regarding the patch here: http://www.microsoft.com/technet/tr...n/MS03-026.asp.
Another advisory was JUST posted by Symantec: http://www.symantec.com/avcenter/ve...aster.worm.html
Just thought everyone ought to know.
Thanks...
Last time I checked, unsing unix is far from Barbie's First computer - http://www.apple.com/macosx/jaguar/unix.html
If anything, you go defrag your HD, and fix your registry(WTF is that?!?!) because you have actually used your computer for a week.
I must admit, I am a little upset with Mac OS X because sometimes it makes you reboot after installing something(too windows like for me). With the old OS X Server(development environment before the public OS X release) I had a max uptime of 222 days(power outage ended the streak) of 60+ hour a week hard core developing. Try doing that with your Barbie OS.
But, how do I save the URL when I want to store pictures on my OSX?
I use Camino as my primary browser(I'll give Safari a try when you can drag links onto the tabs). In Camino, if you right click on a image, you get a pulldown with "View Image". Using this option will display only the image with the appropriate URL in the same window.
You mean you have to worry about emails while using a PC? I'm afraid I do not understand the problem.
I don't recall that it was easier in OS 9.
when simply dragging the graphic to the desktop (or downloading most any file in any way) automatically caused the orignating URL to be put in the Get Info box.
It was probably the application - not the operating system - that was setting the Get Info comment with the URL.
LOL..what is WRONG with us!!! I just got a FLYING new computer in March and I'm already looking around!
If you have Norton, you can remove it.
Actually you probably can anyhow.
It is MSBLAST.exe
When your machine starts, kill that process. Then update Norton definitions -- live update.
You'll have to reboot. Then kill the process again immediately.
Run Norton using the 8-11-03 updated definitions you just downloaded. It will find it.
Then use regedit to remove the call for it to start:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"windows auto update"="msblast.exe"
From http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
If you have antivirus program you could probably delete msblast.exe yourself in safe mode then do the regedit.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
Above linked
A G4 800MHz just doesn't compare to a G5 dual 2Ghz. How soon our gadgets become obsolete...
What do UDP and TCP mean? What do they do?
I FREQUENTLY & unexpectedly get "TCP (Inbound)" attacks and sometimes get "UDP (Inbound)" attacks, with a "High Risk" warning...I'll just be sitting there reading something (not doing anything to trigger a popup screen). I have also gotten some ":bootpc (68) UDP" and ":bootps (67) UDP" attacks.
I've got nearly TWENTY-EIGHT (28) PAGES of line-by-line listings of attacks, citing date and time of when they happened, the IP Address involved and the type of attack (TCP/UDP). Who can I send them to to have something done about them? How can I know if any are "safe" when they show up?
I made the mistake of "permitting" one of the ":bootpc" attacks (it had MY IP address on it so I thought it was safe to permit). I LOST ALL CONTROL OVER MY COMPUTER AS ADMINISTRATOR (actually OWNER)! Norton Security was turned OFF and I---the owner, administrator, and bottlewasher---no longer had "authority" to turn MY OWN security software ON or remove it and reload it!!!!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.