on Fri, Oct 03, 2003 at 06:21:05AM -0500, Ron Johnson ([EMAIL PROTECTED]) wrote:
On Thu, 2003-10-02 at 19:06, Karsten M. Self wrote:
on Wed, Oct 01, 2003 at 07:43:51PM -0400, Dan Anderson ([EMAIL PROTECTED]) wrote:
[big snippage]
Few if any of these are self-propogating. Code Red is one of
on Thu, Oct 02, 2003 at 09:25:50PM -0400, Bijan Soleymani ([EMAIL PROTECTED]) wrote:
On Fri, Oct 03, 2003 at 01:42:28AM +0100, Karsten M. Self wrote:
E.g.: there are _good_, _solid_ reasons Debian doesn't allow Mozilla to
run as root, why X11 TCP connections are disabled by default, and why
On Sun, 5 Oct 2003, Karsten M. Self wrote:
snip
Given that I live alone with a cat, I still lock my desktop when I walk
away for any length of time, set xscreensaver to cut in (and lock)
anyway, and require a password for 'sudo' on my personal account.
snip
Hi Karsten,
you must have one smart
[EMAIL PROTECTED] wrote:
On Sun, 5 Oct 2003, Karsten M. Self wrote:
snip
Given that I live alone with a cat, I still lock my desktop when I walk
away for any length of time, set xscreensaver to cut in (and lock)
anyway, and require a password for 'sudo' on my personal account.
snip
Hi Karsten,
you
On Sun, Oct 05, 2003 at 03:52:08AM -0400, [EMAIL PROTECTED] wrote:
On Sun, 5 Oct 2003, Karsten M. Self wrote:
snip
Given that I live alone with a cat, I still lock my desktop when I walk
away for any length of time, set xscreensaver to cut in (and lock)
anyway, and require a password for
On Sun, 5 Oct 2003 03:52:08 -0400 (EDT), [EMAIL PROTECTED]
[EMAIL PROTECTED] penned:
On Sun, 5 Oct 2003, Karsten M. Self wrote:
snip
Given that I live alone with a cat, I still lock my desktop when I walk
away for any length of time, set xscreensaver to cut in (and lock) anyway,
and require a
On Sun, 2003-10-05 at 11:14, ScruLoose wrote:
On Sun, Oct 05, 2003 at 03:52:08AM -0400, [EMAIL PROTECTED] wrote:
On Sun, 5 Oct 2003, Karsten M. Self wrote:
snip
Given that I live alone with a cat, I still lock my desktop when I walk
away for any length of time, set xscreensaver to
In linux.debian.user,
Ron Johnson [EMAIL PROTECTED] wrote:
A!
I don't care if Linux has 90% desktop share, there's no way that an
auto-running (or double-click-needing) email virus is going to aff-
ect me, unless the people who write the MUA that I happen to be using
at the
On Fri, Oct 03, 2003 at 01:46:38PM -0500, Ron Johnson wrote:
A!
I don't care if Linux has 90% desktop share, there's no way that an
auto-running (or double-click-needing) email virus is going to aff-
ect me, unless the people who write the MUA that I happen to be using
at the time
On Sat, 2003-10-04 at 14:21, Bijan Soleymani wrote:
On Fri, Oct 03, 2003 at 01:46:38PM -0500, Ron Johnson wrote:
A!
I don't care if Linux has 90% desktop share, there's no way that an
auto-running (or double-click-needing) email virus is going to aff-
ect me, unless the people who
At Thu, 02 Oct 2003 08:02:00 -0500,
John Hasler wrote:
Kjetil writes:
Scenario: A perl script deleting all the files in the homedir
of infected users, spreading to all the contacts that is in
user's addressbooks. This would likely include all the
homedirs of all the users in an
On Thu, 2003-10-02 at 07:17, ScruLoose wrote:
On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:02:00:37:35+0100] scribed:
Please share this knowledge. What executables are you awaree of
affecting non-Microsoft systems which
I wrote:
Unless the admins were sensible and had mounted /home noexec on
all company machines.
csj writes:
What about sh ${HOME}/script?
Secretaries, CEOs, and other vulnerable users won't know about such
things. Noexec isn't foolproof. It just reduces the probability of some
marketdroid
Micha Feigin wrote:
I am guessing that the fact that most of these viruses etc. appear on
windows is more due to popularity then security.
The fact that it is also easier and thus every script kidy can patch up
a virus of of a couple of scripts found on the internet probably helps
also.
Linux is
On Fri, 2003-10-03 at 14:08, Micha Feigin wrote:
On Thu, 2003-10-02 at 07:17, ScruLoose wrote:
On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:02:00:37:35+0100] scribed:
[snip]
I am guessing that the fact that most of these
On Fri, 2003-10-03 at 13:18, John Hasler wrote:
I wrote:
Unless the admins were sensible and had mounted /home noexec on
all company machines.
csj writes:
What about sh ${HOME}/script?
Secretaries, CEOs, and other vulnerable users won't know about such
things. Noexec isn't
Ray wrote:
i haven't actually looked into the numbers, but zone-h.org has linux
website defacements usually in the 50-75% so i guess it just depends
on who and how you ask. granted we have yet to see a 'code red' like
virus for apache. so far the only virus i recall seeing for apache
was for
In linux.debian.user,
John Hasler [EMAIL PROTECTED] wrote:
Kjetil writes:
But you run the risk of making a lot of unpriviliged power users very
angry if you do that.
By forcing people to work around noexec, you make it easier to run
something they shouldn't. IIUC, by working around the
On Thu, 2003-10-02 at 17:08, Daniel B. wrote:
Ron Johnson wrote:
...
BTW what Linux email software allows users to run executable attachments by
clicking on them?
None, now.
What exactly do you mean?
Doesn't much e-mail software support opening attachments, and isn't that
On Thu, 2003-10-02 at 19:06, Karsten M. Self wrote:
on Wed, Oct 01, 2003 at 07:43:51PM -0400, Dan Anderson ([EMAIL PROTECTED]) wrote:
[big snippage]
Few if any of these are self-propogating. Code Red is one of the few
widely spread exploits in recent memory affecting GNU/Linux systems, and
it
I wrote:
Such power users should be able to have the noexec removed on request.
Of course, they will be given a lecture and if they screw up will get no
sympathy.
Michael C. writes:
I wasn't aware that you can do this (unless you maintain different
partitions for each user.)
I am assuming
ScruLoose wrote:
On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
What I am saying is -- IMHO -- especially in light of the problems that
I have experienced with Swen, auto-executing virus/worms are only *part*
of the problem. Social engineering is often scoffed at as a real
On Wed, 2003-10-01 at 23:17, ScruLoose wrote:
On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:02:00:37:35+0100] scribed:
[snip]
That kind of executable -- one that entices a user to click on it -- is
just as real a threat to
Well, to respond to the subject first: No, Swen is definately not
slowing down here... And my attempt to install amavis/clamav was a bit
of a failure, so I'm seeing a lot of crap...
On Thursday 02 October 2003 06:17, ScruLoose wrote:
Most non-MS users are not likely to be logged in as root
Kjetil writes:
Scenario: A perl script deleting all the files in the homedir of infected
users, spreading to all the contacts that is in user's addressbooks. This
would likely include all the homedirs of all the users in an
organization...
Unless the admins were sensible and had mounted /home
On Thursday 02 October 2003 15:02, John Hasler wrote:
Unless the admins were sensible and had mounted /home noexec on all
company machines.
True. But you run the risk of making a lot of unpriviliged power users
very angry if you do that. There are ways to solve it, but it can get
rather
On Thu, Oct 02, 2003 at 08:02:00AM -0500, John Hasler wrote:
Kjetil writes:
Scenario: A perl script deleting all the files in the homedir of
infected users, spreading to all the contacts that is in user's
addressbooks. This would likely include all the homedirs of all the
users in an
On Thu, 2003-10-02 at 08:02, John Hasler wrote:
Kjetil writes:
Scenario: A perl script deleting all the files in the homedir of infected
users, spreading to all the contacts that is in user's addressbooks. This
would likely include all the homedirs of all the users in an
organization...
Colin Watson writes:
What's the point of noexec? You can say '/lib/ld-linux.so.2 myprogram'
even if it isn't a script that you can just run using the scripting
language's interpreter.
The sort of user most likely to be taken in by something like Swen is also
the sort least likely to be able to
Kjetil writes:
But you run the risk of making a lot of unpriviliged power users very
angry if you do that.
Such power users should be able to have the noexec removed on request. Of
course, they will be given a lecture and if they screw up will get no
sympathy.
But I think I'll run home to
On Thu, 2 Oct 2003 00:17:23 -0400, ScruLoose [EMAIL PROTECTED]
penned:
Of course, there's also the fact that since they run Windows, they are of
necessity logged in with admin privileges *all* the time, so it only takes
one click to install an executable that then has full access to the
Monique Y. Herman wrote:
On Thu, 2 Oct 2003 00:17:23 -0400, ScruLoose [EMAIL PROTECTED]
penned:
Of course, there's also the fact that since they run Windows, they are of
necessity logged in with admin privileges *all* the time, so it only takes
one click to install an executable that then has
Ron Johnson [EMAIL PROTECTED] [2003:10:02:04:44:28-0500] scribed:
On Wed, 2003-10-01 at 23:17, ScruLoose wrote:
On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:02:00:37:35+0100] scribed:
[snip]
That kind of executable -- one
On Tuesday 30 September 2003 19:53, Karsten M. Self wrote:
on Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller
([EMAIL PROTECTED]) wrote:
On Tuesday 30 September 2003 02:05, Karsten M. Self wrote:
Seems
like about the only way we're going to get a reasonable handle on this
barring
On Thu, 02 Oct 2003 12:23:45 -0500, Kent West [EMAIL PROTECTED] penned:
Monique Y. Herman wrote:
On Thu, 2 Oct 2003 00:17:23 -0400, ScruLoose [EMAIL PROTECTED]
penned:
Granted, I've only tried to use the runas command 7 or 10 times, but as far
as I can remember, it has _never_ worked for
Mike Mueller wrote:
It seems that the safest form of information push is
unformatted text.
Wouldn't it be sufficient to limit the formats to those that don't have
the expressive power to command the receiver to do arbitrary things?
For example, HTML can't hijack a browser (or
Ron Johnson wrote:
...
BTW what Linux email software allows users to run executable attachments by
clicking on them?
None, now.
What exactly do you mean?
Doesn't much e-mail software support opening attachments, and isn't that
opening configurable (if not in the e-mail client, then in
On Thu, 02 Oct 2003 17:47:02 -0400, Daniel B. [EMAIL PROTECTED] penned:
Mike Mueller wrote:
It seems that the safest form of information push is
unformatted text.
Wouldn't it be sufficient to limit the formats to those that don't have
the expressive power to command the receiver
Well, a virus like Swen wouldn't need root access to spread. I don't
know what Swen does to a Windows machine (and I don't care, I haven't
got any), but just to annoy people with enormous amounts of e-mail,
someone could imageinebly write a perl script with its own
SMTP-engine.
If a
on Wed, Oct 01, 2003 at 07:43:51PM -0400, Dan Anderson ([EMAIL PROTECTED]) wrote:
Please share this knowledge. What executables are you awaree of
affecting non-Microsoft systems which are in general circulation and
which auto-execute on receipt by arbitrary systems in stock
configuration?
on Thu, Oct 02, 2003 at 01:36:06PM -0500, Michael D Schleif ([EMAIL PROTECTED]) wrote:
Ron Johnson [EMAIL PROTECTED] [2003:10:02:04:44:28-0500] scribed:
On Wed, 2003-10-01 at 23:17, ScruLoose wrote:
On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
Karsten M. Self [EMAIL
On Fri, Oct 03, 2003 at 01:42:28AM +0100, Karsten M. Self wrote:
E.g.: there are _good_, _solid_ reasons Debian doesn't allow Mozilla to
run as root, why X11 TCP connections are disabled by default, and why
SSH is strongly recommended. Yes, it's possible to override or ignore
these settings,
Monique Y. Herman wrote:
On Thu, 02 Oct 2003 17:47:02 -0400, Daniel B. [EMAIL PROTECTED] penned:
Mike Mueller wrote:
...
Similarly, executable formats like Java, which has a comprehensive
security model, would be better if you ever really did need to deliver
executable code. (No, I
On Thu, 02 Oct 2003 21:46:56 -0400, Daniel B. [EMAIL PROTECTED] penned:
Monique Y. Herman wrote:
On Thu, 02 Oct 2003 17:47:02 -0400, Daniel B. [EMAIL PROTECTED] penned:
Mike Mueller wrote:
...
Similarly, executable formats like Java, which has a comprehensive
security model, would be
on Tue, Sep 30, 2003 at 09:20:25PM -0500, Michael D Schleif ([EMAIL PROTECTED]) wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:01:00:53:46+0100] scribed:
on Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller ([EMAIL PROTECTED]) wrote:
On Tuesday 30 September 2003 02:05, Karsten M. Self
Karsten M. Self [EMAIL PROTECTED] [2003:10:01:07:17:43+0100] scribed:
on Tue, Sep 30, 2003 at 09:20:25PM -0500, Michael D Schleif ([EMAIL PROTECTED])
wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:01:00:53:46+0100] scribed:
on Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller ([EMAIL
on Wed, Oct 01, 2003 at 09:39:25AM -0500, Michael D Schleif ([EMAIL PROTECTED]) wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:01:07:17:43+0100] scribed:
For the current task of restricting transmission of viral mail load by
agarware such as Outlook, use of either or both criteria in
Please share this knowledge. What executables are you awaree of
affecting non-Microsoft systems which are in general circulation and
which auto-execute on receipt by arbitrary systems in stock
configuration?
Although I would agree that most flavors of *nix are much less prone to
exploits
Karsten M. Self [EMAIL PROTECTED] [2003:10:02:00:37:35+0100] scribed:
on Wed, Oct 01, 2003 at 09:39:25AM -0500, Michael D Schleif ([EMAIL PROTECTED])
wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:01:07:17:43+0100] scribed:
For the current task of restricting transmission of viral
On Wed, Oct 01, 2003 at 07:56:07PM -0500, Michael D Schleif wrote:
Karsten M. Self [EMAIL PROTECTED] [2003:10:02:00:37:35+0100] scribed:
Please share this knowledge. What executables are you awaree of
affecting non-Microsoft systems which are in general circulation and
which
on Fri, Sep 26, 2003 at 07:42:36AM -0700, Paul Johnson ([EMAIL PROTECTED]) wrote:
On Fri, Sep 26, 2003 at 07:53:19AM -0500, Ron Johnson wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
Well, I don't know about anybody
yes, there does seem to be a reduction, hopfully these boring threads will
stop soon too.
Matt
--
-Original Message-
From: Ron Johnson [mailto:[EMAIL PROTECTED]
Sent: Friday, 26 September 2003 10:54 PM
To: Debian-User
Subject: Anyone else notice that Swen is slowing down
On Tuesday 30 September 2003 02:05, Karsten M. Self wrote:
Seems
like about the only way we're going to get a reasonable handle on this
barring ISPs refusing to carry executables in email format.
Hear! Hear! No more attachments - period. I'll settle for elimination of
any known sort of
On Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller wrote:
On Tuesday 30 September 2003 02:05, Karsten M. Self wrote:
Seems
like about the only way we're going to get a reasonable handle on this
barring ISPs refusing to carry executables in email format.
Hear! Hear! No more
On Tue, 2003-09-30 at 11:41, Colin Watson wrote:
On Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller wrote:
On Tuesday 30 September 2003 02:05, Karsten M. Self wrote:
Seems
like about the only way we're going to get a reasonable handle on this
barring ISPs refusing to carry
On Tue, Sep 30, 2003 at 12:56:16PM -0500, Ron Johnson wrote:
On Tue, 2003-09-30 at 11:41, Colin Watson wrote:
On Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller wrote:
On Tuesday 30 September 2003 02:05, Karsten M. Self wrote:
Seems
like about the only way we're going to get a
on Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller ([EMAIL PROTECTED]) wrote:
On Tuesday 30 September 2003 02:05, Karsten M. Self wrote:
Seems
like about the only way we're going to get a reasonable handle on this
barring ISPs refusing to carry executables in email format.
Hear!
Karsten M. Self [EMAIL PROTECTED] [2003:10:01:00:53:46+0100] scribed:
on Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller ([EMAIL PROTECTED]) wrote:
On Tuesday 30 September 2003 02:05, Karsten M. Self wrote:
Seems
like about the only way we're going to get a reasonable handle on this
On Fri, 2003-09-26 at 18:32, Lukas Ruf wrote:
I get about 2k per day. Fortunately, I have configured my mail
server (mime_header_checks/postfix 2.0) such that all win-executable
are rejected.
Hi Lukas,
Could you be so kind to post to the list how you did this? I'd really
like to have this
On Sat, 27 Sep 2003, Pim Bliek wrote:
On Fri, 2003-09-26 at 18:32, Lukas Ruf wrote:
I get about 2k per day. Fortunately, I have configured my mail
server (mime_header_checks/postfix 2.0) such that all win-executable
are rejected.
Hi Lukas,
Could you be so kind to post to the list
I get the virii with 3 different content-types:
application/x-msdownload,audio/x-wav,audio/x-mid
so, just exe doesnt seem to cover it.
But how do you filter them out using postfix?
Pim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Sat, 2003-09-27 at 03:48, [EMAIL PROTECTED] wrote:
On Sat, 27 Sep 2003, Pim Bliek wrote:
On Fri, 2003-09-26 at 18:32, Lukas Ruf wrote:
I get about 2k per day. Fortunately, I have configured my mail
server (mime_header_checks/postfix 2.0) such that all win-executable
are
On Sat, 27 Sep 2003, Pim Bliek wrote:
I get the virii with 3 different content-types:
application/x-msdownload,audio/x-wav,audio/x-mid
so, just exe doesnt seem to cover it.
But how do you filter them out using postfix?
Pim
I was commenting that you can not just check on .exe becasue
[EMAIL PROTECTED] wrote:
On Sat, 27 Sep 2003, Pim Bliek wrote:
I get the virii with 3 different content-types:
application/x-msdownload,audio/x-wav,audio/x-mid
so, just exe doesnt seem to cover it.
But how do you filter them out using postfix?
Pim
I was commenting that you can
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
Date Count
-- -
2003-09-1952 (10 hours)
2003-09-2037
2003-09-2114
2003-09-2265
2003-09-2333
2003-09-2420
2003-09-25 9
Am I the only one
On Fri, 26 Sep 2003, Ron Johnson wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
Looks like it's slowing down a bit, only 280 copies here in the last 24
hours, compared to the 400 or so for the last couple days.
Still
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Sep 26, 2003 at 07:53:19AM -0500, Ron Johnson wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
Well, I don't know about anybody else, but I've been rampantly
reporting
On Friday 26 September 2003 14:53, Ron Johnson wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
[...]
Am I the only one to see it slow down?
I had 24MB of that sucker tonight... Compared to the 34MB last night, it's
On Fri, 2003-09-26 at 08:53, Ron Johnson wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
Date Count
-- -
2003-09-1952 (10 hours)
2003-09-2037
2003-09-2114
2003-09-2265
2003-09-23
Ron Johnson [EMAIL PROTECTED] wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
Date Count
-- -
2003-09-1952 (10 hours)
2003-09-2037
2003-09-2114
2003-09-2265
2003-09-2333
On (26/09/03 07:53), Ron Johnson wrote:
Subject: Anyone else notice that Swen is slowing down?
From: Ron Johnson [EMAIL PROTECTED]
To: Debian-User [EMAIL PROTECTED]
Date: Fri, 26 Sep 2003 07:53:19 -0500
After getting hundreds of infections per day early in the week of
14-Sep, it seems
On Fri, 26 Sep 2003, Clive Menzies wrote:
[...]
Can't say I agree here ;( I don't actually track the numbers (haven't
yet managed to implement a filtering solution) but I must have deleted
well over 100 today
I'm using this in my procmailrc:
:0 B
* ^TVqQAAME//8AALgAQA+$
Clive Menzies [EMAIL PROTECTED] [2003-09-26 18:06]:
On (26/09/03 07:53), Ron Johnson wrote:
Subject: Anyone else notice that Swen is slowing down?
From: Ron Johnson [EMAIL PROTECTED]
To: Debian-User [EMAIL PROTECTED]
Date: Fri, 26 Sep 2003 07:53:19 -0500
After getting hundreds
Xavier Andrade said:
On Fri, 26 Sep 2003, Clive Menzies wrote:
[...]
Can't say I agree here ;( I don't actually track the numbers (haven't
yet managed to implement a filtering solution) but I must have deleted
well over 100 today
I'm using this in my procmailrc:
:0 B
*
On Fri, Sep 26, 2003 at 07:53:19AM -0500, Ron Johnson wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
Date Count
-- -
2003-09-1952 (10 hours)
2003-09-2037
2003-09-2114
2003-09-2265
On Fri, Sep 26, 2003 at 04:42:24PM +0200, Nicos Gollan wrote:
On Friday 26 September 2003 14:53, Ron Johnson wrote:
After getting hundreds of infections per day early in the week of
14-Sep, it seems to have radically tapered off:
[...]
Am I the only one to see it slow down?
I had
76 matches
Mail list logo