Re: Who are 24.64.9.177 & 24.64.8.158, etc.?
"Curt Christianson" <curtchristnsn@NOSPAM.Yahoo.com> wrote in message
news:%23qizDKhyHHA.1208@TK2MSFTNGP03.phx.gbl...
| MEB,
|
| You made a very legitimate point, and is was a rather feeble attempt at
| being facetious. While we aren't "good buds" PCR and I go back a long
way,
| and I'm reasonably sure he may have found it funny.
|
| To all the others perusing this NG, it prolly *didn't* strike them as
funny.
|
| As you mentioned, Internet security is certainly nothing to be scoffed
| at--especially at someone's else misfortune and expense.
|
| My heartiest apologies to all!
|
| Keep up the great work here.
|
| --
| HTH,
| Curt
|
| Windows Support Center
|
www.aumha.org
| Practically Nerded,...
|
http://dundats.mvps.org/Index.htm
|
| "MEB" <meb@not
here@hotmail.com> wrote in message
| news:%23SIVJEhyHHA.1576@TK2MSFTNGP03.phx.gbl...
| |
| | "Curt Christianson" <curtchristnsn@NOSPAM.Yahoo.com> wrote in message
| | news:Oa1IXSfyHHA.5204@TK2MSFTNGP03.phx.gbl...
| || You goof,
| ||
| || Those are the lottery numbers you've been expecting,that Augie promised
| to
| || get to you somehow. Firewall intrusions..haaruumphh!
| ||
| || --
| || HTH,
| || Curt
| ||
| || Windows Support Center
| ||
www.aumha.org
| || Practically Nerded,...
| ||
http://dundats.mvps.org/Index.htm
| |
| |
| | SO Curt, are you claiming these as yours? Or was this a little hahaha,,
| not
| | very funny when we ARE discussing systems intrusions or other attempts
at
| | monitoring activities ...
| | I never consider any of these types of activities as laughable or
| | ignorable... Sorry Curt, but with the present activities the people are
| | being subjected to, without their knowledge or consent, I do take issue
| ....
| |
| | --
| | MEB
| | ________
| |
Well, to admit it, I also thought it was funny, at first, but when it
carried your sig I thought it best to take the hardline,,, sorry,,
So I guess its now appropriate to post these:
Related material per this discussion:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-199A
Mozilla Updates for Multiple Vulnerabilities
Original release date: July 18, 2007
Last revised: --
Source: US-CERT
Systems Affected
* Mozilla Firefox
* Mozilla Thunderbird
Other products based on Mozilla components may also be affected.
Overview
The Mozilla web browser and derived products contain several
vulnerabilities, the most severe of which could allow a remote
attacker to execute arbitrary code on an affected system.
I. Description
Mozilla has released new versions of Firefox and Thunderbird to
address several vulnerabilities. Further details about these
vulnerabilities are available from Mozilla and the Vulnerability Notes
Database. An attacker could exploit these vulnerabilities by
convincing a user to view a specially-crafted HTML document, such as a
web page or an HTML email message.
II. Impact
While the impacts of the individual vulnerabilities vary, the most
severe could allow a remote, unauthenticated attacker to execute
arbitrary code on a vulnerable system. An attacker may also be able to
cause a denial of service or obtain private information.
III. Solution
Upgrade
These vulnerabilities are addressed in Mozilla Firefox 2.0.0.5 and
Thunderbird 2.0.0.5.
Disable JavaScript
Some of these vulnerabilities can be mitigated by disabling JavaScript
or using the NoScript extension. For more information about
configuring Firefox, please see the Securing Your Web Browser
document. Thunderbird disables JavaScript and Java by default.
IV. References
* US-CERT Vulnerability Notes -
<http://www.kb.cert.org/vuls/byid?searchview&query=mozilla_20070717>
* Securing Your Web Browser -
<
http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#
Mozilla_Firefox>
* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>
* Known Vulnerabilities in Mozilla Products -
<http://www.mozilla.org/projects/security/known-vulnerabilities.html>
* Mozilla Hall of Fame - <http://www.mozilla.org/university/HOF.html>
* NoScript Firefox Extension - <http://noscript.net/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-199A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-199A Feedback VU#143297" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Produced 2007 by US-CERT, a government organization. Terms of use
Revision History
July 18, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRp53HfRFkHkM87XOAQLeRwf/QqMX0I06N0r/bctdkce0RqUa9ZwpLSsM
42Ihq6NSQDOGM1cfqa8TxtYbITjV2cOQAmAYsi7HGdMF6zbZbkAZ5e/Lo06Be3mW
Rw9s+ci5mLOiFHQ1mBAYn5/1+iK9WJPrbL3tvE9ejAjdIzSieWz4wwYE/A4gIJxh
XnlwZT+EXafixy8qu/uLUjhwlfs+HiOtjaSP4q+N+LLfeSk+UeAXbT6nPt6d+B7Z
hd7RKOJR2eesWpc9L7/oq0tmJdXSkW9Qel3L9KssOiir/ZKqpyVISkBxTbce9Pq8
hqXne3HWJXBT19YBmRMSDD693J6siCPXuLSLJbTFN4d/NKM5MF7kTQ==
=jDnr
-----END PGP SIGNATURE-----
To the below I would add the types of activities discussed under this
heading AND occurring in this news group and elsewhere upon the Internet:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Tip ST04-014
Avoiding Social Engineering and Phishing Attacks
Do not give sensitive information to anyone unless you are sure that
they are indeed who they claim to be and that they should have access
to the information.
What is a social engineering attack?
To launch a social engineering attack, an attacker uses human
interaction (social skills) to obtain or compromise information about
an organization or its computer systems. An attacker may seem
unassuming and respectable, possibly claiming to be a new employee,
repair person, or researcher and even offering credentials to support
that identity. However, by asking questions, he or she may be able to
piece together enough information to infiltrate an organization's
network. If an attacker is not able to gather enough information from
one source, he or she may contact another source within the same
organization and rely on the information from the first source to add
to his or her credibility.
What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email
or malicious web sites to solicit personal, often financial,
information. Attackers may send email seemingly from a reputable
credit card company or financial institution that requests account
information, often suggesting that there is a problem. When users
respond with the requested information, attackers can use it to gain
access to the accounts.
How do you avoid being a victim?
* Be suspicious of unsolicited phone calls, visits, or email
messages from individuals asking about employees or other internal
information. If an unknown individual claims to be from a
legitimate organization, try to verify his or her identity
directly with the company.
* Do not provide personal information or information about your
organization, including its structure or networks, unless you are
certain of a person's authority to have the information.
* Do not reveal personal or financial information in email, and do
not respond to email solicitations for this information. This
includes following links sent in email.
* Don't send sensitive information over the Internet before checking
a web site's security policy or looking for evidence that the
information is being encrypted (see Protecting Your Privacy and
Understanding Web Site Certificates for more information).
* Pay attention to the URL of a web site. Malicious web sites may
look identical to a legitimate site, but the URL may use a
variation in spelling or a different domain (e.g., .com vs. .net).
* If you are unsure whether an email request is legitimate, try to
verify it by contacting the company directly. Do not use contact
information provided on a web site connected to the request;
instead, check previous statements for contact information.
Information about known phishing attacks is also available online
from groups such as the Anti-Phishing Working Group
(
http://www.antiphishing.org/phishing_archive.html).
* Install and maintain anti-virus software, firewalls, and email
filters to reduce some of this traffic (see Understanding
Firewalls, Understanding Anti-Virus Software, and Reducing Spam
for more information).
What do you do if you think you are a victim?
* If you believe you might have revealed sensitive information about
your organization, report it to the appropriate people within the
organization, including network administrators. They can be alert
for any suspicious or unusual activity.
* If you believe your financial accounts may be compromised, contact
your financial institution immediately and close any accounts that
may have been compromised. Watch for any unexplainable charges to
your account (see Preventing and Responding to Identity Theft for
more information).
* Consider reporting the attack to the police, and file a report
with the Federal Trade Commission (
http://www.ftc.gov/).
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-014.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRp9k5vRFkHkM87XOAQL4bAf/QrdRKgj6nbUXJKf0PSH2L2MHruDeD8++
gVMVDGB2zvCiR5OrNbJ/I4AlfbSCIpigoL3jyoID15aPtZfeRzozc+MvOJsh6LW9
jH2TUCZjct2Md7EeGLPTemzydzYTUlzWj+YHs7T1qtQThq82jSiegFwCO8gnGzkH
ItDwogX7B/hu15R8kLcM+j4fLYXvpaPIe8CsAW5xa7oA48FNy++Y3+SLm3H1M129
GSNHpRPzpg6/Z0GCdp0187gie17pWBGy0aYL+qxHFMpVFnZWZKXetAYYmTpcPprj
fbbzMu5bfxeBmFKcDs/UEZzvsBEGENcG9C5E/UVNVI4UYYgBfit7kw==
=7EFh
-----END PGP SIGNATURE-----
One may also contact and supply information [such as any related logs -
firwall, system, etc.] to the various government agencies dealing with cyber
terrorism, electronic communications, and other like activities for
potential prosecution under (as example in the USA), The Anti-Terrorism
Acts, The Patriot Act, The Homeland Security Act, The Electronic
Communications Privacy Act, and several others.
Check with your respective {international} governments related to and/or
having jurisdiction over such activities.
--
MEB
http://peoplescounsel.orgfree.com
________
