Basic computer security

Erik Soderquist | 2 May 2005 21:38

RE: VNC Security

if the VNC data is unencrypted, *any* password you type during the
session (domain admin to update drivers for example) is also sent
unencrypted. and the attacker would not likely be some random hacker,
but rather someone who is targeting the company already. it isn't that
difficult to connect sniffing hardware to say the T1 line to look for
weak points. after a few days surveillance, everything unencrypted is
then captured and analyzed for login/password information. it isn't so
much "low hanging fruit" as it is simply a chink in the armor that can
be exploited. the fewer chinks the better.

as to odds, here is a more common example of overblown paranoia
surrounding a real possibility (the last time I checked this was a while
ago, it may have shifted some):

due to the technological differences, it is far more likely that someone
will steal your credit card number by eavesdropping on an order placed
by phone than by someone sniffing it from an unencrypted internet
transaction.

please note this only examines an actual sniffing attack. phishing and
spyware are not examined in this.

-----Original Message-----
From: vnc-list-admin <at> realvnc.com [mailto:vnc-list-admin <at> realvnc.com] On
Behalf Of Steve Bostedor
Sent: Tuesday, April 19, 2005 20:57
To: Alexander.Bolante <at> gmail.com
Cc: security-basics <at> securityfocus.com; vnc-list <at> realvnc.com
Subject: RE: VNC Security

(Continue reading)

Erik Soderquist | 2 May 2005 21:58

RE: VNC Security

alternative method: you have listening viewer available to the internet
when helping someone, someone installs VNC (in 3.3.7 if you don't put a
password in, it refuses incoming connections) and adds you as a client.
no VNC password is even needed at that point, and the server is never
exposed to the internet if it is behind a NAT router. (also saves the
port forwarding troubles) 

-----Original Message-----
From: vnc-list-admin <at> realvnc.com [mailto:vnc-list-admin <at> realvnc.com] On
Behalf Of Andy Bruce - softwareAB
Sent: Monday, April 25, 2005 19:47
To: Mike Miller
Cc: Steve Bostedor; security-basics <at> securityfocus.com; VNC List
Subject: Re: VNC Security

First--I believe we're talking apples and oranges. VNC is not an 
appropriate solution for a true corporate network unless a firewall and 
a secure link is available (and even then is dodgy). My scenario is
this:

  a. Random user in cyberspace has a problem.

  b. User installs VNC under direction of tech support:
      i. strong password
      ii. not installed as service
      iii. temporary port forwarding only

  c. User allows remote person to login, generally for 20-30 mins.

  d. User stops VNC server process and disables port forwarding

(Continue reading)

Ailton Caetano | 3 May 2005 00:06

Picon

Re: File Integrity / IDS

I could suggest you a very good one written in perl hosted on sourceforge.net

http://sourceforge.net/projects/labrador-ids/

Kelly Martin | 3 May 2005 00:08

Picon

SF new column announcement: Sarbanes Oxley for IT Security?

The following columnist commentary was published on Symantec's
SecurityFocus today:

Sarbanes Oxley for IT Security?
By Mark Rasch
May 02 2005 03:00PM

"Sarbanes Oxley seems wholly focused on the accuracy of a company's
financial records and controls around these records, so where does IT
security come into the picture?"

http://www.securityfocus.com/columnists/322

Jafet Macallin | 3 May 2005 08:03

Picon

Folder Permission Dumpsec


Hello Im using dumpsec to extract the vulnerabilities from multiple domains, but what I need is only the
information of the shared folders who has everyone permision as a default security level,,  I dont need the
files inside the folders ...  this is  part of the script that im using but is giving me the folders and
subfolders ...  I need only the main folder,,
------------------------

Set objFile = objFS.OpenTextFile(ServerListFile, 1)
Do While Not objFile.AtEndOfStream
   strLine = Trim(objFile.ReadLine)     
   if strLine <> "" then
      WScript.Echo "Running report for " & strLine
      objShell.Run "C:\WINNT\system32\cmd.exe /c c:\PROGRA~1\SYSTEM~1\dumpsec.exe /rpt=allsharedirs
/outfile=" & strLine & ".tmp /computer=" & strLine & " /saveas=tsv /showdirsonly", 0, true
   end if
Loop

Paul Guibord | 3 May 2005 14:54

Unrestricted Outbound Web Server Access Opinion


Hello All,

Someone within our company wants our Internet facing web servers to have
unrestricted outbound access. Port 80 is the only port permitted from
the outside coming in. I need the experts opinion why we do not want to
permit this PLEASE. Two things I could think of are if the web servers
were compromised, then the hacker would have the ability offload any
data they want. Another being if they were infected with a worm they
would bring down the Internet T1 in their attempt to find other devices
to infect.

Thanks in advance for everyone's input.

Paul

James Fryman | 3 May 2005 17:11

Picon

Re: what's this (email question)


I'm pretty sure that by the time that this makes the list, it will be
answered, but my .02 anyway!

It is very easy to forge an address! Check out RFC 821.
http://www.faqs.org/rfcs/rfc821.html

The localhost could be spoofed simply by sending the
'HELO localhost'
before the e-mail. This is why the header showed 'Received from
"localhost'. One could make this header say anything, something stupid
like 'YourMamma.pwn3d', to 'mail1.microsoft.com' or 'smtp.paypal.com'...
designed specifically for phishing attacks.

The only SMTP commands that need to be defined are: (Straight from RFC)

MAIL <SP> FROM:<reverse-path> <CRLF>
RCPT <SP> TO:<forward-path> <CRLF>

After that, telling the SMTP server to begin receiving data for the
actual message, where any of the headers can be changed, including:

From:, To:, Subject:, Reply-To:, etc... the list goes on.

E-Mail is not the most secure medium around. A good place to learn more
about this would be by reading the RFC, as well as delving into some
scripting. I learned quite a bit about SMTP after doing some Perl
scripting using Net::SMTP. There are plenty of books and whitepapers out
there describing how SMTP works, and how open it really is.

(Continue reading)

yonesy | 3 May 2005 23:09

Picon

Re: Windows Service Accounts and Password Expiration

Short answer:

You should enforce expiry, uniqueness and complexity of passwords.

The how is the difficult question.  I was evaluating a product by the
name of Password Auto-Repository by eDMZ based on its white papers it
seemed to do everything I required of it (including changing account
passwords automatically).  This product would also help in the change
of passwords for non-windows systems (*nix, Oracle, etc.).  Hope this
helps!

On 28 Apr 2005 15:46:21 -0000, Jack Mogren <mogren <at> mayo.edu> wrote:
> 
> 
>   Our security policies and standards have always required passwords to expire, requiring account owners
to change the passwords on a specific periodic basis.  We also have standards for when generic or trusted
accounts are acceptable.  For instance, we deem the use of generic accounts acceptable in purely machine -
to - machine batch processes.  Still we require certain criteria, including password expiration.
>   In the Windows server world there are generic accounts called "Service" accounts.  "A rose by any other
name ......."  Until recently, so-called "service" accounts have slipped by this requirement.  But
system admin folks have become more security aware (thank you very much) and some are starting to ask the
question.  Should Windows "service" accounts be required to have password expiration?  I'm getting good
arguments from both sides of the issue.  Application availability VS adherance to standards, industry
best practices, etc.  Keep in mind that we are in a patient care environment.  Any thoughts from the list?
> 
> - Jack
> 

--

-- 
Yonesy F. Nuñez, ISSAP, ISSMP, CISSP, MCSE, Security+

(Continue reading)

Steven Jones | 3 May 2005 00:27

Picon

Picon

RE: how to block ALL AIM traffic ?

Add in random ports, and then sending traffic via port 80, trying to
block some of this stuff is hard work. 

Regards

thing

-----Original Message-----
From: Jesus [mailto:jesus <at> resurrected.us] 
Sent: Saturday, 30 April 2005 2:05 p.m.
To: david kuhlman
Cc: Realized Mofo; security-basics <at> securityfocus.com
Subject: Re: how to block ALL AIM traffic ?

On Thu, 28 Apr 2005, david kuhlman wrote:

> Why don't you just block connections to oscar.login.aol.com?
>
> That works for us.
>
> David Kuhlman

Considering anyone can bypass blocks with a proxy, little you can do
without digging into packet specifics, to block AIM traffic.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The most tyrannical of governments are those which make
crimes of  opinions, for everyone has an inalienable
right to his thoughts." -- Benedict Spinoza

(Continue reading)

Netops | 3 May 2005 06:23

Re: how to block ALL AIM traffic ?

Decent application level filters can block proxies such as socks 
connections and HTTP tunneling software. The hardest ones are the ones 
the use the "CONNECT" method which most SSL sites use in order to 
function through web proxies.

That can be blocked by only allowing the CONNECT method on port 443 and 
restricting SSL connections to required servers such as banks, airlines 
or other approved sites by managers.

Michael

Jesus wrote:
> On Thu, 28 Apr 2005, david kuhlman wrote:
> 
> 
>>Why don't you just block connections to oscar.login.aol.com?
>>
>>That works for us.
>>
>>David Kuhlman
> 
> 
> Considering anyone can bypass blocks with a proxy, little you can do
> without digging into packet specifics, to block AIM traffic.
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> "The most tyrannical of governments are those which make
> crimes of  opinions, for everyone has an inalienable
> right to his thoughts." -- Benedict Spinoza

(Continue reading)

Group

gmane.comp.security.basics.

Advertisement

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 34

Articles in period: 332

May 2005

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

secure and simple file server (27 Mar 2013)
Question about passwd file (Linux) (8 Feb 2013)
Linux Web Server Hardening (LAMP + Wiki) (2 Feb 2013)
Prevent DoS (Linux+Apache+Jboss) (31 Jan 2013)
[HITB-Announce] #HITB2013AMS FINAL CALL for Paper Submissions (1 Feb 2013)
[PenTest-Announce] Phishing Attack with Social Engineering Toolkit (SE (31 Jan 2013)
Bad Antivirus (30 Jan 2013)
Bad Antivirus (29 Jan 2013)
Linux Web Server Hardening (LAMP + Wiki) (25 Jan 2013)
Network Segregation to prevent spread of malware (23 Jan 2013)
Network Segregation to prevent spread of malware (22 Jan 2013)
Manipulate PDFs with Malware (20 Jan 2013)
OS Level Backup Solution (19 Dec 2012)
DDoS-attack (17 Dec 2012)
DDoS-attack (3 Dec 2012)
iOS Game - how to secure server side resurces (7 Nov 2012)
Bank Of Montreal Online Security (6 Nov 2012)
[HITB-Announce] #HITB2013AMS Call For Papers Now Open (5 Nov 2012)
Seeking NMAP Version Detection dataset (6 Nov 2012)
iCompel Digital Signage risks (3 Nov 2012)
Security design methodology (2 Nov 2012)

Archives

3	March 2013
29	February 2013
61	January 2013
9	December 2012
31	November 2012
78	October 2012
30	September 2012
102	August 2012
157	July 2012
220	June 2012
202	May 2012
129	April 2012
72	March 2012
169	February 2012
132	January 2012
147	December 2011
122	November 2011
90	October 2011
202	September 2011
112	August 2011
140	July 2011
121	June 2011
144	May 2011
106	April 2011
135	March 2011
211	February 2011
199	January 2011
118	December 2010
60	November 2010
35	October 2010
231	September 2010
107	August 2010
198	July 2010
106	June 2010
103	May 2010
157	April 2010
192	March 2010
117	February 2010
130	January 2010
44	December 2009
142	November 2009
153	October 2009
220	September 2009
194	August 2009
227	July 2009
188	June 2009
293	May 2009
142	April 2009
296	March 2009
235	February 2009
274	January 2009
212	December 2008
231	November 2008
383	October 2008
243	September 2008
233	August 2008
347	July 2008
282	June 2008
404	May 2008
349	April 2008
456	March 2008
537	February 2008
524	January 2008
373	December 2007
328	November 2007
331	October 2007
435	September 2007
352	August 2007
264	July 2007
293	June 2007
635	May 2007
446	April 2007
277	March 2007
385	February 2007
388	January 2007
395	December 2006
488	November 2006
421	October 2006
385	September 2006
359	August 2006
418	July 2006
357	June 2006
332	May 2006
430	April 2006
473	March 2006
399	February 2006
562	January 2006
368	December 2005
541	November 2005
706	October 2005
482	September 2005
537	August 2005
457	July 2005
359	June 2005
332	May 2005
496	April 2005
483	March 2005
406	February 2005
464	January 2005
461	December 2004
607	November 2004
611	October 2004
471	September 2004
324	August 2004
450	July 2004
388	June 2004
341	May 2004
432	April 2004
814	March 2004
463	February 2004
526	January 2004
587	December 2003
708	November 2003
698	October 2003
1108	September 2003
1129	August 2003
1101	July 2003
949	June 2003
535	May 2003
592	April 2003
464	March 2003
608	February 2003
651	January 2003
589	December 2002
727	November 2002
679	October 2002
600	September 2002
905	August 2002
816	July 2002
654	June 2002
871	May 2002
792	April 2002
410	March 2002
1	January 2002
1	November 2001
1	January 2001
2	December 2000
3	July 2000
2	April 2000
1	January 2000

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template