December 12, 2007 at 11:44 pm
Comments posted to this topic are about the item Another Reason to Hate Ads
December 13, 2007 at 7:52 am
We're actually already there. There's a recent exploit in Quicktime files that allow for remote code execution and privilege escalation. It's already surfaced at least once, targeted at a Virtual community (SecondLife).
One of these days - the exploits are going to get so bad we'll be back to text-only browsers.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
December 13, 2007 at 8:31 am
Amazing how many vulnerabilities our computers have. I spent a considerable amount of time explaining to one of our mainframe programmers the difference between FTP and SFTP, having to get in to the fact that Unix was not designed for security, thus programs like FTP and Telnet are inherently insecure.
So when are we going to get an OS designed for security from the ground up? Do we all have to convert to Plan 9 from Bell Labs? I know of no compromises for Plan 9, but guaranteed that as soon as it gains appreciable market share, or starts running things like Flash or other compromised add-ins, the exploits will start popping up.
I really need to figure out where/what the equivalent of the hosts file is on my Mac so I can shunt all of the ad servers into the bit bucket.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
December 13, 2007 at 8:44 am
It will never happen. When will we eliminate shoplifting? Never. As long as we want the richness and flexibility, there will be issues.
What we can do is do a better job so there's relatively few people that can attack us. All software could be written slightly better, but they'll still be holes.
Or we could move to more dedicated machines. One for email, one for web, etc. Hey, that's an idea. Build a VM just for email. That way it can't attack you. Course, you'll need to cut and paste all those links into your web VM 🙂
December 13, 2007 at 9:05 am
Sadly, I agree. We won't have utopia, at least not in our lifetimes: there are simply too many people who want to make money the easy or malicious way, too many people with twisted senses of ethics.
I'm not terribly vulnerable to email attacks as I do everything (at home) via webmail. At work, I have to use Outlook, so there's a bit of a vulnerability there.
But the VM/sandboxing idea has merit. If you could have a VM engine for anything internet related, you'd be reasonably secure. You'd have to work out how to ensure security for your regular computer for safe file transfer, perhaps through some sort of connection filtering? Something along the lines of "must originate from the microsoft.com domain" perhaps?
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
December 13, 2007 at 9:49 am
The one time I contracted a virus / malware was this way. It was the GDI+ exploit, before Microsoft released the patch, I got infected through an ad on a trusted web site. I had temporarily turned off my virus monitoring because it was "slowing things down". I could tell right away I was infected, and it cleaned up pretty easily. But needless to say, I don't turn that off anymore. My other computer with the virus protection on (I use AVG Free) detected and stopped it when I tested visiting the web site again.
December 13, 2007 at 10:32 am
Just yesterday, our HR contacted me with a problem. A user had entered part of the URL to the online benefits page (3rd party) into the Google search box and pressed the "feeling lucky" button.
Oh-oh.
He was redirected to a porn site with absolutely no warning and with in your face graphics. HR also tried it and was very much shocked. It somehow managed to get past our normally very effective web filter. The user later told me that a female employee was standing behind him at the time so he jumped up to block her view while he scrambled to get off that site. Corporate policy is very clear about web use.
In following up, I used Google's cached text version for that site and found something alarming. Buried in it was the complete address including the HTTPS for the Webpage the user was trying to get to. I also found other legitimate address in there like SBC, Disney and gophers.com (Minnesota college team). It had a reference to Google earth.
Further research found that URL address in many other sites but not all of them where completely correct. The URL name is not a common name so its was intentional.
So just when you think you've done all the things you can to prevent this, another method or trap is used. Just think if all that energy to do bad was put to good use, how great of Internet experience it could be.
December 13, 2007 at 10:37 am
One time my company got an virus for the email system, I did not know how it got it because we used Lotus notes as email, we had to shut the system to get rid of it. You should look at the Computer Operation director's face. He was about to kill someone.
In another company we used outlook but the company had a fire wall and also it put in virus check all the time. Unfortunately, they let people to go to web site hotmail.com. One employee went there and opened the email, it had a virus, the next thing you knew, the whole company got it. Again the director sent out an email to warn employee to check their email.
Some companies did not allow employees to go hotmail.com, gmail.com or other website to check their emails.
December 13, 2007 at 10:43 am
What I don't get is why people allow attachments pass through an Exchange server. I'm not an Exchange admin, don't know a thing about it, but I know I've encountered sites where you couldn't email an attachment, you had to upload it to a server with a notification email address of whom the attachment was for. It wouldn't stop someone from bombing your network from the inside through Yahoo or Gmail or Hotmail, but it'd certainly cut down on the attacks for Exchange platforms, assuming they kept their virus protection up to date. I don't understand why more sites don't have that feature enabled.
We use a Barracuda filtering system, I have no idea if we've ever been hit since that system went live.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
December 13, 2007 at 11:19 am
Bob Hoffman (12/13/2007)
Just yesterday, our HR contacted me with a problem. A user had entered part of the URL to the online benefits page (3rd party) into the Google search box and pressed the "feeling lucky" button.Oh-oh.
He was redirected to a porn site with absolutely no warning and with in your face graphics. HR also tried it and was very much shocked. It somehow managed to get past our normally very effective web filter. The user later told me that a female employee was standing behind him at the time so he jumped up to block her view while he scrambled to get off that site. Corporate policy is very clear about web use.
We had the same kind of problem - except it happened on a dedicated machine for doctors to retrieve lab results...in an OR. Let's just say the nurse wasn't too thrilled to be looking at someone's "anatomy" while they're checking for specimen results.
And the worst part about it - the machine was running DeepFreeze, and shouldn't have had access to the internet. But the DHCP assigned had failed to put it in the restricted zone, so it was getting "whacked" almost immediately after the DeepFreeze reboot (which restores a static, read-only image of the PC each time it reboots).
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
December 13, 2007 at 4:06 pm
What I don't get is why people allow attachments pass through an Exchange server.
...We use a Barracuda filtering system, I have no idea if we've ever been hit since that system went live.
We also use a Barracuda which does a good job. Behind that, I have a Trend product as a second layer of filtering. The Exchange program has further controls.
But because of the versions of Exchange and Office we use are dated and past support life, I have to block nearly all types of attachments. It's a problem and a work around is in place for some things but it's a hassle. However, on the upside, if I get one spam a week, I am surprised and consider that too much.
We also have a usually strong web filter. While it may have a lapse now and then on new sites, its quickly configurable and upgraded nightly with new definitions like the 'cudda does.
Despite all thats in place, about a year and half ago, one got through to a server. Fortunately, we are terminal server based and the user did not have install permissions so the virus could not complete it's task. Turns out it was something brand new and a fix came out the next day.
It came from a trusted vendors website that had been compromised. :unsure:
December 14, 2007 at 8:34 am
For my part, I typically use FireFox with Adblock enabled and the "Filterset G" add-on for AdBlock as well. Together, the ads don't even download. I've added a "flashblock" extension as well that shows a little green "play" button in a larger box for any Flash components that aren't ads (including online video). Together those catch an awful lot of the entries that would give me trouble. Admittedly, they won't stop pages that are coded badly or porn, but they'll block the majority of bad things.
Also of interest, SpyBot now has an innoculate option for Firefox as well as IE. Well worth checking out for web browsing.
I agree that all of these measures are only effective while the hackers don't care about them, but they work at the moment and that's pretty useful. I definitely prefer this over a corporate censor server like Websense. While effective, it also can be a pain because it can block legit sites or sites that you actually need on a rare basis.
-Pete
December 14, 2007 at 8:50 am
Peter Schott (12/14/2007)
... Also of interest, SpyBot now has an innoculate option for Firefox as well as IE. Well worth checking out for web browsing. ...
I've used Spybot and Tea Timer for years on my personal PCs, love the programs. But I have the same problem with them that I do with Zone Alarm Pro: noisy, and the average (not highly/reasonably skilled) user will get flustered or simply can't deal with these alerts, or won't remember to run Program X on a regular basis to make sure their computer is free of whatever. If I had a lot of Windows updates to install, I'd wait until they are downloaded then disconnect my PC from the network and shut off Zone Alarm and Tea Timer so that the updates could install without interaction from me.
It boils down to our operating systems need more effective sandboxing so that malware can't plant itself. We know that Vista is allegedly more secure than XP based on the number of exploits and patches (though that might also be a Mac-like fallacy in that it does not yet have the full attention of the hacker community hammering it), but for a variety of reasons a lot of us won't go to it. I just found out a reason why performance in Vista frequently sucks and why you need more hardware: it uses DirectX to draw the screen, rather than GDI. So Word is now a video game.
I would like to know who thought that was a good idea. I guess it's a good idea for Intel and the makers of high-end graphics cards, but it will definitely slow down adoption rates in business: I'm writing this on a P4 with 1.5gig of ram, there's no way I would try installing Vista on this machine.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
Viewing 13 posts - 1 through 12 (of 12 total)
You must be logged in to reply to this topic. Login to reply