Sorry for the cross post I hadn't seen any chatter about this on the lists.
It
would seem that Download.com got caught with their pants down and were
re-wrapping F/OSS with their own installer and bundling adware, spyware
and malware with it.
NMap's author, over at insecure.org got
2008/6/25 Dave Sherohman <[EMAIL PROTECTED]>:
> This is easily verified with (as root, of course) a simple `grep root
> /etc/shadow`:
>
Thank you for correcting me. I thought that the password was randomly
generated at install.
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה
On Wed, Jun 25, 2008 at 04:42:25PM +0200, Dotan Cohen wrote:
> 2008/6/25 Andrei Popescu <[EMAIL PROTECTED]>:
> > Maybe it changed, but there used to be no password for the root
> > account...
> >
> > https://help.ubuntu.com/community/RootSudo
> >
> > no, it hasn't changed.
>
> Nowhere does that do
On Wed, Jun 25, 2008 at 04:42:25PM +0200, Dotan Cohen wrote:
> 2008/6/25 Andrei Popescu <[EMAIL PROTECTED]>:
> > Maybe it changed, but there used to be no password for the root
> > account...
> >
> > https://help.ubuntu.com/community/RootSudo
> >
> > no, it hasn't changed.
> >
>
> Nowhere does tha
On Wednesday 25 June 2008 07:42:25 am Dotan Cohen wrote:
> 2008/6/25 Andrei Popescu <[EMAIL PROTECTED]>:
> > Maybe it changed, but there used to be no password for the root
> > account...
> >
> > https://help.ubuntu.com/community/RootSudo
> >
> > no, it hasn't changed.
>
> Nowhere does that documen
2008/6/25 Andrei Popescu <[EMAIL PROTECTED]>:
> Maybe it changed, but there used to be no password for the root
> account...
>
> https://help.ubuntu.com/community/RootSudo
>
> no, it hasn't changed.
>
Nowhere does that document say that there is no password for root.
what it does say is this:
"""B
On Wed, Jun 25, 2008 at 03:01:02PM +0200, Dotan Cohen wrote:
> 2008/6/22 H.S. <[EMAIL PROTECTED]>:
> > So looks like in Ubuntu root login via SSH is not disabled. But IIRC root
> > account itself is disabled in Ubuntu. So this warning also is benign ...
> > looks like.
> >
>
> The root account in
2008/6/22 H.S. <[EMAIL PROTECTED]>:
> So looks like in Ubuntu root login via SSH is not disabled. But IIRC root
> account itself is disabled in Ubuntu. So this warning also is benign ...
> looks like.
>
The root account in Ubuntu is not disabled. It is given a random
password at install, but that
Am 2008-06-23 10:25:08, schrieb H.S.:
> Andrei Popescu wrote:
> >Debian also has this enabled by default. See README.Debian file for
> >openssh-server for an explanation.
> Thanks for that pointer. I disallow it usually though. On one or two
> machines on my home network, I have allowed this for
Andrei Popescu wrote:
Debian also has this enabled by default. See README.Debian file for
openssh-server for an explanation.
Hi,
Thanks for that pointer. I disallow it usually though. On one or two
machines on my home network, I have allowed this for custom auto rsync
based backup scripts
On Sun, Jun 22, 2008 at 01:46:30PM -0400, H.S. wrote:
> Regarding the root login via SSH, the log says:
> --
> [13:36:44] Checking if SSH root access is allowed [ Warning ]
> [13:36:44] Warning: The SSH and rkhunter configuration options should be
> the same:
> [13:36:44]
Ron Johnson wrote:
But why would it be *on* a Linux box? Has he been infected with a
worm or rootkit?
So taking cue from your message, I ran rkhunter and got two warnings.
Here they are with some context:
--
Performing system configuration file checks
Checking for SSH con
----
>>
>>
>> Any idea what this is? From google, it appears it may be a spyware attempt.
>
> It appears to be a script of commands that could be sent to a ftp client
> to log into a ftp server and download a file.
>
> postal.exe certianly
ik"
> which had this in it:
> -
> $ cat ik
> user un22 uyxuyx
> binary
> get postal.exe
> bye
> -
>
>
> Any idea what this is? From google, it appears it may be a spyware attempt.
It appears to be a s
-
$ cat ik
user un22 uyxuyx
binary
get postal.exe
bye
-
Any idea what this is? From google, it appears it may be a spyware attempt.
->HS
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sun, 2005-07-17 at 18:31 -0700, Karsten M. Self wrote:
> on Sun, Jul 17, 2005 at 06:19:41PM -0700, Karsten M. Self
> (kmself@ix.netcom.com) wrote:
> > on Sun, Jul 17, 2005 at 11:47:17AM -0500, Ron Johnson ([EMAIL PROTECTED])
> > wrote:
> > > On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self w
on Sun, Jul 17, 2005 at 06:19:41PM -0700, Karsten M. Self
(kmself@ix.netcom.com) wrote:
> on Sun, Jul 17, 2005 at 11:47:17AM -0500, Ron Johnson ([EMAIL PROTECTED])
> wrote:
> > On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self wrote:
> > > on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL
on Sun, Jul 17, 2005 at 11:47:17AM -0500, Ron Johnson ([EMAIL PROTECTED]) wrote:
> On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self wrote:
> > on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote:
> > > Carl Fink wrote:
> > > >On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty w
On Sun, 2005-07-17 at 02:32 -0700, Karsten M. Self wrote:
> on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote:
> > Carl Fink wrote:
> > >On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote:
[snip]
> Well, for a few months there (roughly March - May) it was inordinately
> p
on Fri, Jul 08, 2005 at 11:34:53PM -0400, Marty ([EMAIL PROTECTED]) wrote:
> Carl Fink wrote:
> >On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote:
> >
> >>Windoze XP box on my LAN is sending http requests to
> >>a site named movies.go.com, although there is no web
> >>client running on the XP
analyzing the LAN traffic and appreciate any
ideas about where to go next.
The XP box regularly runs a major brand virus and spyware
checker, and it otherwise shows no signs of misbehaving.
I checked the Windows Explorer history and movies.go.com
has not been accessed in weeks, at least, although it
is on
Carl Fink wrote:
On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote:
Windoze XP box on my LAN is sending http requests to
a site named movies.go.com, although there is no web
client running on the XP box (at least none obvious).
[major snippage]
FWIW, go.com is a real, non-scam site run b
On Fri, Jul 08, 2005 at 08:52:55PM -0400, Marty wrote:
> Windoze XP box on my LAN is sending http requests to
> a site named movies.go.com, although there is no web
> client running on the XP box (at least none obvious).
[major snippage]
FWIW, go.com is a real, non-scam site run by Disney.
--
C
gt; you can use transparent proxying to force all HTTP requests to the
> Linux box and run it through Squid. You can then monitor the
> traffic to see what is happen and even block it.
Or you can use sniffit to watch the requests in real time or log it to
a file.
> > I've heard all th
can then monitor the traffic to see what is
happen and even block it.
> I've heard all the chilling spyware stories, but this is
> an eye opener for the sheer volume of data being passed
> 24/7 to or from this box. But what data and to whom?
It is often a good idea to isolat
traffic and appreciate any
ideas about where to go next.
The XP box regularly runs a major brand virus and spyware
checker, and it otherwise shows no signs of misbehaving.
I checked the Windows Explorer history and movies.go.com
has not been accessed in weeks, at least, although it
is on the favorites
Hal Vaughan wrote:
> On Wednesday 11 May 2005 12:43 am, Brandon Richards wrote:
>
>>Anyone on this list still running windows might want to check it for
>>spyware. I got about 8-9 hits on mine which is not good. I think it
>>came from the woman who asked about the wind
On Wednesday 11 May 2005 12:43 am, Brandon Richards wrote:
> Anyone on this list still running windows might want to check it for
> spyware. I got about 8-9 hits on mine which is not good. I think it
> came from the woman who asked about the windows key. She definitely
> needs
it
> for spyware. I got about 8-9 hits on mine which is not good.
Only 8 or 9? That's *really* good for a Windows box, and yet a good
reason not to keep that copy of Windows around either.
> Actually I am running dual boot on my laptop and windows
> with thunderbird and firefox on
Anyone on this list still running windows might want to check it for
spyware. I got about 8-9 hits on mine which is not good. I think it
came from the woman who asked about the windows key. She definitely
needs to check cuz her system is messed up major big time. Actually I
am running
The only virus I ever had the pleasure of cleaning up after was the
Stoned virus back in 1991. It had this propensity for putting itself
into the book record of every floppy and, as I recall, it couldn't
infect my hard drive. It was a bugger to get rid of and one of the
locals came up with an ant
us or spyware on
my computer was when I was running Windows. And the more I think about
it, the only time I ever had any REAL problems with my computer, it was
while running Windows. (Well, I did have a few kernel panics over the
years, but those have been mostly my fault.) Gee, I'm seeing a pa
On Sat, 2004-11-13 at 14:11 -0500, William Ballard wrote:
--snip--
> The two only time I ever got a virus were (1) a floppy at the university
> in 1993 and (2) Code Red when my machine was on CorpNet at Microsoft.
Come to think of it, the only time I've ever had a virus or spyware on
[quote]
It's also a problem that has affected Gates personally. He said his home
PCs have had malware, although he has personally never been affected by
a virus.
"I have had malware, [adware], that crap" on some home machines, he
said. [/quote]
http://software.silicon.com/malware/0,383100,
nstall ANY Microsoft security or critical patches,
SOME, ALL or NONE on Win98SE in Win4Lin? Is Win4Linux essentially protected
by Linux and its kernel and, of course, the fact that I use Win4Lin
exclusively as user?
What about installing Norton anti-virus or any spyware programs? Do I need any
Title: Message
Accurate Software
[EMAIL PROTECTED]
www.accuratesoftware.com
Europe . North America . Australasia . Africa
Title: Message
Hiya,
Ipchains is a
packet filtering firewall. All packets that pass through the machine are
examined for the source, destination any type. The packets your appliactions
sent to the linux box are not stamped with the appliation that sent
them.
The mechanism for
this level of
wsa <[EMAIL PROTECTED]> writes:
wsa> My question was about linux and how to accomplish security
wsa> on application level, like what happens in windows with a personal
wsa> firewall.
wsa> Because i don't understand how i can achieve full security when opening
wsa> ports...like port 80 for the web
* wsa ([EMAIL PROTECTED]) spake thusly:
> HI,
>
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
>
> I wasn't asking what to do in windows...although i did mention
> windows which probably made everyone run for the hills:)
>
> My que
run software I don't trust and
prevent it from talking on the network? The answer is you can't, really.
The best policy is to only run software for which the source code is
available. Spyware and open source don't mix very well.
-jwb
On Sun, 30 Dec 2001, wsa wrote:
> HI,
Hey,
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
I don't seem to have your first mailing around, but no worries.
> I wasn't asking what to do in windows...although i did mention
> windows
HI,
Maybe in my original mail i wasn't very clear judging from the
responses i got...so i'll try one more time.
I wasn't asking what to do in windows...although i did mention
windows which probably made everyone run for the hills:)
My question was about linux and how to accomplish security
on a
Uhmmm...
I said i was using tiny personal firewall on windows...
My question was about linux...not about windows...
cheerios
Willem.
At 14:41 30-12-2001 +0100, you wrote:
>You should use a personal firewall on your Windoze system for that.
wsa <[EMAIL PROTECTED]> writes:
> feature, collects
wsa <[EMAIL PROTECTED]> writes:
> feature, collects info on my system and sends it home via port
> 80which in my ruleset
>
> is an allowed port because i need that port for the web.
> How would i ever block such a thing(without knowing in advance that it
> will call home and
>
> to which adr
hine which is connected via a cross
cable to a second
NIC in my PC...
For the sake of the argument lets say i installed some linux thing which
has a spyware
feature, collects info on my system and sends it home via port 80which
in my ruleset
is an allowed port because i need that port for t
45 matches
Mail list logo
