How often do you rebuild your Hard Drive?

Discussion in 'Computer Information' started by Bill, Aug 9, 2004.

  1. Bill

    Robert Baer Guest

    Because of these same "reality check" reasons, that the public CERT
    has become private, and the government version is struggling.
    I have left out the economic factor; if one collects exploit info,
    then one can sell the info to gusinesses that need to be kept as up to
    date as possible. Make it a freebie and it then has no commercial
    value.
     
    Robert Baer, Aug 11, 2004
    #21
    1. Advertisements

  2. Bill

    Robert Baer Guest

    .....and these "automatic update" doors are *rather* inviting to the
    malware kiddies....
     
    Robert Baer, Aug 11, 2004
    #22
    1. Advertisements

  3. Bill

    DeMoN LaG Guest

    I fail to see how Firefox automatically checking for an updated version is
    open to exploit. I also fail to see how running up2date on a linux box is
    open to exploit. Sure, someone could hack ftp.mozilla.org and put a
    compromised version of Firefox up, but what are the odds of that?
     
    DeMoN LaG, Aug 11, 2004
    #23
  4. Bill

    Michael-NC Guest

    So if I use an older version of Linux or the FF browser I'm vulnerable???

    Who woulda thunk it!!!
     
    Michael-NC, Aug 11, 2004
    #24
  5. Bill

    Michael-NC Guest

    I just did a deep scan on my system, WinXP Pro patched with the latest IE
    and came up with 0.
     
    Michael-NC, Aug 11, 2004
    #25
  6. Bill

    DeMoN LaG Guest

    Sure. Like anything else, you need reasonably up to date versions of
    software to be protected. Except if I don't update Firefox on my RH9 or
    Fedora Core 2 server, it doesn't allow someone to compromise my server with
    the same ease that people do it on Win32. Do you remember recently when
    IIS was compromised to insert code that exploited IE, and everyone up to
    and including major banking sites had their servers compromised and were
    distributing a virus/worm to all their IE users? Never heard of that
    problem with Apache or Firefox.
     
    DeMoN LaG, Aug 12, 2004
    #26
  7. Bill

    Duane Arnold Guest

    Anyone who knows how to secure an NT based O/S using IIS didn't have the
    exploit either. Why was ADODB even on a Web server? ADODB has no business
    being on the Web Server that is secured properly with a chance for it to
    be instantiated through program code. If the O/S along with its file
    system, registry, user accounts and IIS are not secured properly, the Web
    Server is not secure.

    Duane :)
     
    Duane Arnold, Aug 12, 2004
    #27
  8. Bill

    Michael-NC Guest

    Besides practicing good security, wasn't that vulnerability already
    discovered and a patch available? I remember some article that polled sys
    admins and their security practices were abysmal. a good portion of them had
    unpatched boxes running, just waiting to be hit. That's why the hackers go
    after MS ware, like Willie Sutton said, "that's where the money is."
     
    Michael-NC, Aug 12, 2004
    #28
  9. Bill

    Duane Arnold Guest

    Lazy admins are always a day late and dollar short, blowing things off or
    don't know how or what they are doing to begin with. Over in the
    comp.securty.firewall NG a few months back, I had an admin using a
    Windows Small Business server that had IIS compromised with a Trojan on
    the computer. At least the person knew that much. I had to instruct the
    admin on how to find the exploit, which all the little AV and Trojan
    detection crap was thrown at it and not found, with the proper tools and
    then provide the information such as books and links on how to properly
    secure the O/S and IIS that is being exposed to the public Internet.

    How many admins are out there like that?

    Duane :)
     
    Duane Arnold, Aug 12, 2004
    #29
  10. Bill

    Michael-NC Guest

    Judging by the state of the Internet and how fast some of these nasties are
    able to propagate, way too many.
    SP2 for XP tries to make home PCs a little safer but it's a Band-Aid
    approach as well. MS should have done a better job with this SP.
     
    Michael-NC, Aug 12, 2004
    #30
  11. Bill

    Duane Arnold Guest

    All I want out of SP2 is IE, which I would like to implement some of its
    new features like enabling security features and not have IE ask to allow
    or disallow the security feature action, which are pop-up windows that
    have been moved out of the way, from what I understand. I will wait a
    couple of months and let things settle down before I implement SP 2 on
    the machines. The pop-up add blocker I would like to use too. Other than
    that, I'll secure the NT based O/S(s) to fit my needs.

    Well, at least MS is trying to make XP a closed O/S and hopefully will
    get better with closed MS O/S(s) releases in the future. I don't care
    what O/S is being used out there. The *clue less* will find a way to get
    themselves compromised.

    Duane :)
     
    Duane Arnold, Aug 12, 2004
    #31
  12. Bill

    Robert Baer Guest

    Aer you trying to say that the update adderss and/or procedure cannot
    be compromised (in the computer by virii)?
     
    Robert Baer, Aug 12, 2004
    #32
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.