----- Original Message -----
Sent: Thursday, October 26, 2000 6:35
AM
Subject: Re: [CTRL] utanews: Security
on Cable and DSL...
Control panel, network, file and print sharing.
DISABLED.
Computer jargon it may be, but those are the exact terms
Windows uses...
-----Original Message-----
From:
Deborah Greenhill [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 25, 2000 2:31 PM
To:
[EMAIL PROTECTED]
Subject: Re: [CTRL] utanews: Security on Cable and
DSL...
-Caveat Lector-
Blessings,
You are obviously privy
to some dark computer secrets. However, you will
never make folks like myself understand what you are saying, by
using
computer jargon. I am unable to take
your printed email and go into my
computer and 'fix'
the leaks, because I don't understand your apparent
hinting and technical jargon.
Can you explain this stuff so folks like myself can
benefit?
Dr. Deborah J. Greenhill, CNMA
Micronesia
----- Original Message
-----
From: "Eric Stewart"
<[EMAIL PROTECTED]>
To:
<[EMAIL PROTECTED]>
Sent: Thursday,
October 26, 2000 3:46 AM
Subject: [CTRL] utanews:
Security on Cable and DSL...
> -Caveat Lector-
>
> ----Original Message Follows----
> From: "Don Carnage" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject:
utanews: Security on Cable and DSL...
>
Date: Tue, 24 Oct 2000 15:51:16 -0000
>
>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
> ...
>
> However, there are some simple ways
to make your broadband connection
> a little bit
less like swiss cheese:
>
> 1) Disable file sharing and remote login - Running Windows? Take
a
> look for any folder or file with that little
hand icon, and un-share
> them. Even better, just
go into Control Panel -> Network and shut it
>
off completely. Don't think passwords on your shares will help you,
> as a recent bug was discovered in Win9X share-level
password
> protection where a one-byte character
string can be used to bypass a
> protected share
should that byte happen to match the first byte of
> the actual password. If you're on Linux/*BSD, for the love of
Bob
> shut off NFS, ftpd, telnetd, Apache, and
the like until you know what
> you're doing! Can
you say "backdoor"? Even experienced admins leave
> the occasional hole, and default installs aren't often known
for
> being secure (OpenBSD people, stuff it
while I make a point for
> everyone
else:).
>
> 2) Don't
let anything run automatically - Java and ActiveX in IE and
> Netscape installing and running automagically? Kill it. Auto-DCC
in
> IRC clients? Un-auto it. Run attachments on
preview in Outlook, or
> run macros in Word
documents? You know the drill. Don't let a damn
>
thing run automatically unless you actually know what's taking place.
> If I ever see LIFE-STAGES.TXT offered to me by DCC
again, I'm going
> to reach through the monitor
and shove a virus scanner up the patoot
> of the
victim. The world doesn't need another Melissa or backdoor
> being passed around just by opening an e-mail in a
brain-dead-by-
> default program.
>
> 3) Check for patches and
follow directions - MS didn't tell people to
>
change their Outlook settings while it took them a month to patch the
> program in the wake of ILOVEYOU because it was fun for
everyone. Red
> Hat isn't releasing megs of
updates for Red Hat 7 so you can sit
> there and
kvetch about buggy .0 releases. You don't think the latest
> macro virus craze can get you? Think again, spam-boy; why do
you
> think Unix/Linux vendors have been going
batshit looking for format
> string holes in
their software offerings? The exploits may be merely
> theoretical, but it's best to close them up before the
theoretical
> becomes practical (with apologies
to the L0pht).
>
> 4)
Extra steps if you're really careful and/or paranoid - Old
> 486: $50. Geek on a caffeine high: $5, $0 if s/he's already
jacked on
> coffee. OpenBSD or Slackware burned
on a CD: $0. A kickass firewall to
> confound the
kiddiez with the latest 'sploits and nmap: priceless.
>
> 5) Ignore the DSL/cable pissing
contest - Nothing to see here, move
>
along...
>
> I'm glad
to say most cable installers where I live have a brain, and
> hence make sure filesharing is turned off in Win9x when they set
up
> your system. Linux/BSD geeks usually have to
take matters into their
> own hands, but most
usually know enough to at least kill nfsd and
>
ftpd if they're not going to be used. (Incidentally, this is also why
> Red Hat and others need to stop enabling every
conceivable service by
> default.)
>
> Closing your box off to
kiddies is acutallly pretty easy. However,
>
back-patting fluff like this Excite dropping does way more harm than
> good by instilling that false sense of security that
leads people to
> think its OK to let attachments
run automatically, or leave all those
> services
running on their new Mandrake box. Hard advice is better
> than press releases and misrepresenting technologies as
security
> measures.
>
>
> http://www.slip.net/~knabb/index1.htm
>
_________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself,
create your own public profile at
> http://profiles.msn.com.
>
> <A HREF="http://www.ctrl.org/">www.ctrl.org</A>
> DECLARATION & DISCLAIMER
> ==========
> CTRL is a discussion
& informational exchange list. Proselytizing
propagandic
> screeds are unwelcomed.
Substance-not soap-boxing-please! These are
> sordid matters and 'conspiracy theory'-with its many
half-truths, mis-
> directions and outright
frauds-is used politically by different groups
with
> major and minor effects spread
throughout the spectrum of time and
thought.
> That being said, CTRLgives no endorsement to the
validity of posts, and
> always suggests to
readers; be wary of what you read. CTRL gives no
> credence to Holocaust denial and nazi's need not apply.
>
> Let us please be civil
and as always, Caveat Lector.
>
========================================================================
> Archives Available at:
> http://peach.ease.lsoft.com/archives/ctrl.html
> <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives
of
> [EMAIL PROTECTED]</A>
>
> http:[EMAIL PROTECTED]/
> <A HREF="http:[EMAIL PROTECTED]/">ctrl</A>
>
========================================================================
> To subscribe to Conspiracy Theory Research List[CTRL]
send email:
> SUBSCRIBE CTRL [to:]
[EMAIL PROTECTED]
>
> To UNsubscribe to Conspiracy Theory Research List[CTRL] send
email:
> SIGNOFF CTRL [to:]
[EMAIL PROTECTED]
>
> Om
<A HREF="http://www.ctrl.org/">www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion &
informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance-not soap-boxing-please! These
are
sordid matters and 'conspiracy theory'-with its
many half-truths, mis-
directions and outright
frauds-is used politically by different groups with
major and minor effects spread throughout the spectrum of time and
thought.
That being said, CTRLgives no endorsement
to the validity of posts, and
always suggests to
readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
<A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives
of
[EMAIL PROTECTED]</A>
http:[EMAIL PROTECTED]/
<A HREF="http:[EMAIL PROTECTED]/">ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send
email:
SUBSCRIBE CTRL [to:]
[EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send
email:
SIGNOFF CTRL [to:]
[EMAIL PROTECTED]
Om
