|
Re: Newfangled rootkits survive hard disk wiping
On Apr 1, 11:30*am, "FromTheRafters" <erra...@nomail.afraid.org>
wrote: > "BoaterDave" <BoaterD...@hotmail.co.uk> wrote in message > > news:03d5c564-eb2c-4548-a1bd-76710dce5097@w9g2000yqa.googlegroups.com... > > > This article > >http://www.theregister.co.uk/2009/03...bios_rootkits/ > > refers to "unfettered root access" > > > Perhaps a silly question - if one connects to another server > > deliberately for the purpose of sending and receiving messages in a > > newsgroup (thus making a hole in one's defences?) > > When a legitimate path is made, I wouldn't call it a hole in one > defenses. > Just to be clear about this, FTR - if I connect to the newsgroups at annexcafe.com (a private server) using Outlook Express, or any another Newreader, have I a created a 'way in' to my computer in spite of having a NAT router between me and the Internet? > > might this be > > giving *"unfettered root access" if one is operating with > > Administrator privileges? > > This is why you should *not* be running with administrative privileges > unless you are doing administrative tasks. So, again to be clear, is your answer "yes"? I value your opinions, FTR - thank you for posting in reply to my queries. :) FYI - I started responding to you using Thunderbird but an error message from Thunderbird appeared before I had completed all I had to say. The only way out was to force the programme to quit, thus losing all I had written. It has happened before. It's as if someone is reviewing my message as I write it to decide if I should or should not be allowed to send it. That could never be the case ........ could it? *This* message is being sent through Google groups using the Internet rather than from a newsreader - that's why I use BoaterDave when posting from Google Groups and ~BD~ when using a newsreader - it helps me to remember from whence I actually posted! -- Dave |
Re: Newfangled rootkits survive hard disk wiping
Tim Jackson wrote:
> BoaterDave wrote: > >> FYI - I started responding to you using Thunderbird but an error >> message from Thunderbird appeared before I had completed all I had to >> say. The only way out was to force the programme to quit, thus losing >> all I had written. It has happened before. It's as if someone is >> reviewing my message as I write it to decide if I should or should not >> be allowed to send it. That could never be the case ........ could it? > > > Set a short auto-save period in Thunderbirds options > (composition/general), or use File/Save regularly to ensure a copy of > what you were typing is retained in Drafts if it crashes. > > If the error is repeatable maybe you could track down the event that > causes the crash, and report it. > > > Tim Jackson Thanks for the advice, Tim. :) Auto-save was set to the default of 5 mins - I've reduced it to 2 mins. The drop-down 'error' message was something like "this message cannot be saved in you Drafts folder" - but wouldn't let me cancel *or* continue. i.e. not crashed exactly - but stuffed! -- Dave |
Re: Newfangled rootkits survive hard disk wiping
BoaterDave <BoaterDave@hotmail.co.uk> writes:
>On Apr 1, 11:30=A0am, "FromTheRafters" <erra...@nomail.afraid.org> >wrote: >> "BoaterDave" <BoaterD...@hotmail.co.uk> wrote in message >> >> news:03d5c564-eb2c-4548-a1bd-76710dce5097@w9g2000yqa.googlegroups.com... >> >> > This article >> >http://www.theregister.co.uk/2009/03...bios_rootkits/ >> > refers to "unfettered root access" >> >> > Perhaps a silly question - if one connects to another server >> > deliberately for the purpose of sending and receiving messages in a >> > newsgroup (thus making a hole in one's defences?) >> >> When a legitimate path is made, I wouldn't call it a hole in one >> defenses. >> >Just to be clear about this, FTR - if I connect to the newsgroups at >annexcafe.com (a private server) using Outlook Express, or any another >Newreader, have I a created a 'way in' to my computer in spite of >having a NAT router between me and the Internet? A NAT router is not very much of a protection. You should also have a firewall on your computer or on your router. >> > might this be >> > giving =A0"unfettered root access" if one is operating with >> > Administrator privileges? Yes, it might be. Anything you download and which runs runs as administrator and can thus do anything. Now usually news is not that that dangerous-- it tends not to run things. But if there is a bug in your newsreader, all bets are off. It is called defence in depth. You do not rely on just one thing to defend you. >> >> This is why you should *not* be running with administrative privileges >> unless you are doing administrative tasks. >So, again to be clear, is your answer "yes"? >I value your opinions, FTR - thank you for posting in reply to my >queries. :) >FYI - I started responding to you using Thunderbird but an error >message from Thunderbird appeared before I had completed all I had to >say. The only way out was to force the programme to quit, thus losing >all I had written. It has happened before. It's as if someone is >reviewing my message as I write it to decide if I should or should not >be allowed to send it. That could never be the case ........ could it? Who knows. Yes, you could be running a rogue version of Thunderbird. >*This* message is being sent through Google groups using the Internet >rather than from a newsreader - that's why I use BoaterDave when >posting from Google Groups and ~BD~ when using a newsreader - it helps >me to remember from whence I actually posted! |
Re: Newfangled rootkits survive hard disk wiping
On Wed, 1 Apr 2009 05:12:15 -0700 (PDT), BoaterDave wrote:
> Just to be clear about this, FTR - if I connect to the newsgroups at > annexcafe.com (a private server) using Outlook Express, or any another > Newreader, have I a created a 'way in' to my computer in spite of > having a NAT router between me and the Internet? Yes. -- A fireside chat not with Ari! http://tr.im/holj Motto: Live To Spooge It! |
Re: Newfangled rootkits survive hard disk wiping
On Wed, 01 Apr 2009 17:23:47 GMT, Unruh wrote:
> Yes, it might be. Anything you download and which runs runs as > administrator and can thus do anything. Now usually news is not that that > dangerous-- it tends not to run things. But if there is a bug in your > newsreader, all bets are off. It is called defence in depth. You do not > rely on just one thing to defend you. So never turning your computer on won't work? -- A fireside chat not with Ari! http://tr.im/holj Motto: Live To Spooge It! |
Re: Newfangled rootkits survive hard disk wiping
=?iso-8859-1?Q?Ari=AE?= <AriSilverstein@army.com> writes:
>On Wed, 01 Apr 2009 17:23:47 GMT, Unruh wrote: >> Yes, it might be. Anything you download and which runs runs as >> administrator and can thus do anything. Now usually news is not that that >> dangerous-- it tends not to run things. But if there is a bug in your >> newsreader, all bets are off. It is called defence in depth. You do not >> rely on just one thing to defend you. >So never turning your computer on won't work? Nope. Because your wife comes in one morning and says, what is this computer doing here switched off. I can use it, and switches it on. |
Re: Newfangled rootkits survive hard disk wiping
Ari® wrote:
> On Wed, 1 Apr 2009 05:12:15 -0700 (PDT), BoaterDave wrote: > >> Just to be clear about this, FTR - if I connect to the newsgroups at >> annexcafe.com (a private server) using Outlook Express, or any another >> Newreader, have I a created a 'way in' to my computer in spite of >> having a NAT router between me and the Internet? > > Yes. Thank you, Ari :) Ever been there? The User2User group (one in the USA, one in the UK). They'd tear you to pieces! *Very* clever folk there! -- Dave |
Re: Newfangled rootkits survive hard disk wiping
On Wed, 01 Apr 2009 22:48:18 +0100, ~BD~ wrote:
> Ari® wrote: >> On Wed, 1 Apr 2009 05:12:15 -0700 (PDT), BoaterDave wrote: >> >>> Just to be clear about this, FTR - if I connect to the newsgroups at >>> annexcafe.com (a private server) using Outlook Express, or any another >>> Newreader, have I a created a 'way in' to my computer in spite of >>> having a NAT router between me and the Internet? >> >> Yes. > > Thank you, Ari :) > > Ever been there? The User2User group (one in the USA, one in the UK). Yes. > They'd tear you to pieces! *Very* clever folk there! Yeah. -- A fireside chat not with Ari! http://tr.im/holj Motto: Live To Spooge It! |
Re: Newfangled rootkits survive hard disk wiping
"Tim Jackson" <tim@tim-jackson.co.uk> wrote in message news:Q92dnTEfSY2PO07UnZ2dnUVZ8q6WnZ2d@posted.plusn et... > ~BD~ wrote: >> Tim Jackson wrote: >>> BoaterDave wrote: >>> >>>> FYI - I started responding to you using Thunderbird but an error >>>> message from Thunderbird appeared before I had completed all I had to >>>> say. The only way out was to force the programme to quit, thus losing >>>> all I had written. It has happened before. It's as if someone is >>>> reviewing my message as I write it to decide if I should or should not >>>> be allowed to send it. That could never be the case ........ could it? >>> >>> >>> Set a short auto-save period in Thunderbirds options >>> (composition/general), or use File/Save regularly to ensure a copy of >>> what you were typing is retained in Drafts if it crashes. >>> >>> If the error is repeatable maybe you could track down the event that >>> causes the crash, and report it. >>> >>> >>> Tim Jackson >> >> Thanks for the advice, Tim. :) >> >> Auto-save was set to the default of 5 mins - I've reduced it to 2 mins. >> >> The drop-down 'error' message was something like "this message cannot be >> saved in you Drafts folder" - but wouldn't let me cancel *or* continue. >> i.e. not crashed exactly - but stuffed! >> >> -- >> Dave > > That's usually something to do with embedded images getting screwed up, eg > if you copy one out of another message it only copies the link, not the > image body, but the link is intra-message so it gets left hanging and > can't be attached on save. (You have to save a copy to your HD and attach > from there.) But that shouldn't happen in a Usenet post. > > It could possibly having two edited versions of the same message open, > contending for the same Drafts file. > > You could always try sending it to yourself instead of saving it. > > > Tim I missed your reply, Tim - sorry for not responding. I'll bear in mind what you have said. It did happen again and this is exactly what happened:- A dropdown window said 'Confirm' "There was an error coppying the message to the Sent folder. Retry?" Options were 'Cancel' or 'OK' Clicking on 'OK' just re-issued the same 'Confirm' dropdown window. Clicking on 'Cancel' initiated another dropdown window - 'Save Draft Error' "Unable to save your message as a draft. Please verify that your Mail and Newsgroup account settings are correct and try again". Only one option 'OK' Clicking 'OK' resulted in the previous 'Confirm' dropdown window!! Stuck in a loop - the only way out was to shut down Thunderbird (and lose what had been written - grrr!) Cheers David |
Re: Newfangled rootkits survive hard disk wiping
My thanks to 'Unruh' for his/her comments.
Maybe I have misunderstood - but I thought that a NAT router provided a complete barrier between a computer and the Internet - a hardware firewall. You seem to suggest that a software firewall is needed too. Is that correct? -- Dave "Unruh" <unruh-spam@physics.ubc.ca> wrote in message news:DqNAl.19551$Db2.864@edtnps83... > BoaterDave <BoaterDave@hotmail.co.uk> writes: > >>On Apr 1, 11:30=A0am, "FromTheRafters" <erra...@nomail.afraid.org> >>wrote: >>> "BoaterDave" <BoaterD...@hotmail.co.uk> wrote in message >>> >>> news:03d5c564-eb2c-4548-a1bd-76710dce5097@w9g2000yqa.googlegroups.com... >>> >>> > This article >>> >http://www.theregister.co.uk/2009/03...bios_rootkits/ >>> > refers to "unfettered root access" >>> >>> > Perhaps a silly question - if one connects to another server >>> > deliberately for the purpose of sending and receiving messages in a >>> > newsgroup (thus making a hole in one's defences?) >>> >>> When a legitimate path is made, I wouldn't call it a hole in one >>> defenses. >>> > >>Just to be clear about this, FTR - if I connect to the newsgroups at >>annexcafe.com (a private server) using Outlook Express, or any another >>Newreader, have I a created a 'way in' to my computer in spite of >>having a NAT router between me and the Internet? > > A NAT router is not very much of a protection. You should also have a > firewall on your computer or on your router. > > >>> > might this be >>> > giving =A0"unfettered root access" if one is operating with >>> > Administrator privileges? > > Yes, it might be. Anything you download and which runs runs as > administrator and can thus do anything. Now usually news is not that that > dangerous-- it tends not to run things. But if there is a bug in your > newsreader, all bets are off. It is called defence in depth. You do not > rely on just one thing to defend you. > > >>> >>> This is why you should *not* be running with administrative privileges >>> unless you are doing administrative tasks. > >>So, again to be clear, is your answer "yes"? > >>I value your opinions, FTR - thank you for posting in reply to my >>queries. :) > >>FYI - I started responding to you using Thunderbird but an error >>message from Thunderbird appeared before I had completed all I had to >>say. The only way out was to force the programme to quit, thus losing >>all I had written. It has happened before. It's as if someone is >>reviewing my message as I write it to decide if I should or should not >>be allowed to send it. That could never be the case ........ could it? > > Who knows. Yes, you could be running a rogue version of Thunderbird. > > >>*This* message is being sent through Google groups using the Internet >>rather than from a newsreader - that's why I use BoaterDave when >>posting from Google Groups and ~BD~ when using a newsreader - it helps >>me to remember from whence I actually posted! > |
| All times are GMT. The time now is 07:42 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.