Free Republic
Browse · Search
General/Chat
Topics · Post Article

This thread has been locked, it will not receive new replies.
Locked on 05/05/2004 8:02:10 AM PDT by Admin Moderator, reason:

Hobbit Hole IX: http://www.freerepublic.com/focus/f-chat/1130003/posts



Skip to comments.

The Hobbit Hole VIII - Still round the corner we may meet...
See our freeper.the-hobbit-hole.net home page! ^

Posted on 04/06/2004 6:53:09 PM PDT by HairOfTheDog

Welcome to The Hobbit Hole!

Still round the corner we may meet...

New verse:

Upon the hearth the fire is red,
Beneath the roof there is a bed;
But not yet weary are our feet,
Still round the corner we may meet
A sudden tree or standing stone
That none have seen but we alone.
Tree and flower and leaf and grass,
Let them pass! Let them pass!
Hill and water under sky,
Pass them by! Pass them by!

Still round the corner there may wait
A new road or a secret gate,
And though we pass them by today,
Tomorrow we may come this way
And take the hidden paths that run
Towards the Moon or to the Sun.
Apple, thorn, and nut and sloe,
Let them go! Let them go!
Sand and stone and pool and dell,
Fare you well! Fare you well!

Home is behind, the world ahead,
And there are many paths to tread
Through shadows to the edge of night,
Until the stars are all alight.
Then world behind and home ahead,
We’ll wander back to home and bed.
Mist and twilight, cloud and shade,
Away shall fade! Away shall fade!
Fire and lamp, and meat and bread,
And then to bed! And then to bed!

See also: http://freeper.the-hobbit-hole.net

Web page for our moot reports and troop support information!



TOPICS: The Hobbit Hole
KEYWORDS: addsomekeywords; animeisforkids; corincomehome; corinscrap; daffyduckrules; ineedanewjob
Navigation: use the links below to view more comments.
first previous 1-20 ... 81-100101-120121-140 ... 7,761 next last
To: Ramius
Guess I should run a virus scan now, huh? I noticed as soon as I connected Norton downloaded the newest Symantec updates. Wonder if there's something going around.
101 posted on 04/06/2004 9:41:22 PM PDT by Fedora
[ Post Reply | Private Reply | To 97 | View Replies]

To: Fedora
Good deal...

Now... unless that machine has shared folders, or printers, turn on the XP firewall on that machine. Look on the advanced tab of your network connection.

I think your machine may have been compromised, and without an effective firewall it may be compromised again.
102 posted on 04/06/2004 9:42:45 PM PDT by Ramius (As it turns out... taxation *with* representation ain't all that great either.)
[ Post Reply | Private Reply | To 99 | View Replies]

To: Ramius
Looks like he made it while you were posting sugar!
See. Ya did it! :-)
103 posted on 04/06/2004 9:43:32 PM PDT by Wneighbor (I got a need for speed and I don't mean the drugstore kind)
[ Post Reply | Private Reply | To 100 | View Replies]

To: Ramius
See! You're so good. :-)

I'm working away here organizing stuff for my library again. If I ever get around to cleaning out the room and finding some shelves I might actually make it *look* like I've done something instead of stacks of books and boxes!
104 posted on 04/06/2004 9:45:39 PM PDT by Wneighbor (I got a need for speed and I don't mean the drugstore kind)
[ Post Reply | Private Reply | To 102 | View Replies]

To: Fedora
There are a few really nasty worms and virii going around. A good scan now is certainly a good idea.

But the compromise may have come in from outside without a virus being involved. It would also be wise to make sure that XP itself is updated with all of the services packs and patches.
105 posted on 04/06/2004 9:47:03 PM PDT by Ramius (As it turns out... taxation *with* representation ain't all that great either.)
[ Post Reply | Private Reply | To 101 | View Replies]

To: Wneighbor
Gotta run to the store. Back in a few...
106 posted on 04/06/2004 9:47:48 PM PDT by Ramius (As it turns out... taxation *with* representation ain't all that great either.)
[ Post Reply | Private Reply | To 104 | View Replies]

To: Ramius
ack... that s/b "service packs and patches".
107 posted on 04/06/2004 9:48:32 PM PDT by Ramius (As it turns out... taxation *with* representation ain't all that great either.)
[ Post Reply | Private Reply | To 105 | View Replies]

To: Ramius
Gotta run to the store. Back in a few...

Ack! You oughtta beer?

108 posted on 04/06/2004 9:49:30 PM PDT by Wneighbor (I got a need for speed and I don't mean the drugstore kind)
[ Post Reply | Private Reply | To 106 | View Replies]

To: Ramius
Looking at the log now--here is the virus that I got a "failed repair" message on right before the system crashed:

Bloodhound.Exploit.6

Bloodhound.Exploit.6 is a heuristic detection for exploits of a Microsoft Internet Explorer vulnerability, which was discovered in February 2004. The vulnerabilty results from the incorrect handling of HTML files embedded in CHM files. (CHM is the Microsoft-compiled HTML help format.) This vulnerability is known to be used in the wild.

At about the same time the firewall also caught this:

Trojan.ByteVerify

Next step is for Fedora to get the IP of the computer that hit me--that info should be in the log, too. . .

109 posted on 04/06/2004 9:53:49 PM PDT by Fedora
[ Post Reply | Private Reply | To 102 | View Replies]

To: Ramius
Gotta run to the store. Back in a few...

I'll be here when you get back--if you get some beer, grab one for me, please, I could use one about now :)

110 posted on 04/06/2004 9:54:41 PM PDT by Fedora
[ Post Reply | Private Reply | To 106 | View Replies]

To: Fedora; Ramius; 300winmag
Bloodhound is nasty!

By embedding a specially crafted URL in a Web page and having that URL refer to a CHM file containing an HTML file with scripts in it, an attacker could force the user who views the Web page with a vulnerable version of Internet Explorer to download and execute files.

Byte.Verify isn't much better:

Trojan.ByteVerify ...

Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system.

Also Known As: Exploit-ByteVerify [McAfee], Exploit.Java.Bytverify [KAV], JAVA_BYTVERIFY.A [Trend]

Type: Trojan Horse

Infection Length: various

Damage

* Payload:

o Compromises security settings: Allows unauthorized execution of arbitrary commands.

When Trojan.ByteVerify is executed, it performs the following actions:

<several Java permissions, sets, and classes>

4. Opens the Web page, http://www.clavus.net/lst.backs, and parses the text that this site displays.
For example, SP|www.ewebsearch.net/sp.htm means that the Internet Explorer Start Page will be set up to www.ewebsearch.net/sp.htm

5. Several pornographic links are added into the favorites.

6. May attempt to retrieve dialer programs and install them on the infected computer. The dialer programs may attempt to connect the infected computer to pornographic Web sites.

Notes:

* Trojan.ByteVerify will typically arrive as a component of other malicious content. An attacker could use the compiled Java class file to execute other code. The file will likely exist as VerifierBug.Class. For example, an attacker could create a .html file that uses the Trojan, and then create a script file that will perform other actions, such as setting the Internet Explorer Start Page.

* Notification of infection does not always indicate that a machine has been infected; it only indicates that a program included the viral class file. This does not mean that it used the malicious functionality.

111 posted on 04/06/2004 10:09:35 PM PDT by Rose in RoseBear (HHD [... don't go walking in the high grass barefoot: put on your tall boots ...])
[ Post Reply | Private Reply | To 109 | View Replies]

To: Rose in RoseBear
Now ya gotta tell him how to fix it! :-D
112 posted on 04/06/2004 10:12:43 PM PDT by Wneighbor (I got a need for speed and I don't mean the drugstore kind)
[ Post Reply | Private Reply | To 111 | View Replies]

To: Fedora
The IP listed for the computer that hit you may or may not be of any value. Chances are pretty good that the IP was either spoofed or is some other poor b@ast@rd that had his machine compromised.

That machine needs a firewall, and quick. You might want to consider disconnecting it from the internet until then if you don't need it.

Software firewalls, and the XP firewall are fairly good, but nothing is as good as a box in between your machine and the world. They're not even necessarily expensive.
113 posted on 04/06/2004 10:16:21 PM PDT by Ramius (As it turns out... taxation *with* representation ain't all that great either.)
[ Post Reply | Private Reply | To 109 | View Replies]

To: Rose in RoseBear
Rose... that one can hit via a java applet on a web page, and not necessarily a mail-borne trojan... true?
114 posted on 04/06/2004 10:19:20 PM PDT by Ramius (As it turns out... taxation *with* representation ain't all that great either.)
[ Post Reply | Private Reply | To 111 | View Replies]

To: Rose in RoseBear
Not sure what all that means, but sounds nasty! :) My other worst experience was when I somehow got my web browswer hijacked by Lop--still haven't been able to get that fully cleaned up (partly because I've been too cheap to pay for the antispyware and the free version only detects it without cleaning it up).
115 posted on 04/06/2004 10:23:25 PM PDT by Fedora
[ Post Reply | Private Reply | To 111 | View Replies]

To: Ramius
You're probably right about the IP. Still going to see what I can find out. One time I got hit by one from Korea, which made me wonder who was behind that. Incidentally I've been downloading FOIA files on Joseph Kennedy and John Kerry's ties to the Mafia from the FBI's website for the past 24 hours, so that might have something to do with it. . .

I'll look into getting the box--have a friend who can get that stuff super-cheap.
116 posted on 04/06/2004 10:26:41 PM PDT by Fedora
[ Post Reply | Private Reply | To 113 | View Replies]

To: Ramius
True. Pure-dee evil.

I've been hit by Byte.Verify, I think ... and it is hard to get rid of! I had to use McAfee and AdAware to clean up after it.

A hardware firewall is imperative, I agree! And I like my real-time antivirus protection better than the kind you have to intentionally run. Mine is always running in the background, ever watchful. It updates automatically, so I don't have to remember to do so, and I can run a scan whenever I feel the need.

Here's a cool website to gauge your system's vulnerability: http://www.pcflank.com/. Look on the left-hand side of the screen under the header "Test Your System."

And --- I can't emphasize this enough --- update your firewall and antivirus EVERY DAY. Twice a day --- morning and evening --- is, in my view, cautious, but not excessive.

It's a scary ol' world out there, gentlebeings!

117 posted on 04/06/2004 10:37:04 PM PDT by Rose in RoseBear (HHD [... stuff that's good to know ...])
[ Post Reply | Private Reply | To 114 | View Replies]

To: Fedora
It means that just displaying a website is enough to infect your system.

And go ahead and pay for the antispyware ... nowadays it's necessary. Sad but true.

118 posted on 04/06/2004 10:39:11 PM PDT by Rose in RoseBear (HHD [... penny-wise ...])
[ Post Reply | Private Reply | To 115 | View Replies]

To: Rose in RoseBear
Thanks on the pcflank link--will check that out.

I usually update my antivirus patches every couple days. Haven't done it as much this week because my system has been tied up downloading the files I mention. Will make sure to do that when I log on each morning.

I have my firewall set up right now to ask me whether or not to block traffic when it detects it. I'd prefer to have it automatically block everything only then I can't use certain applications. I also have to leave my cookies enabled to log into FR, which is a potential vulnerability.
119 posted on 04/06/2004 10:42:25 PM PDT by Fedora
[ Post Reply | Private Reply | To 117 | View Replies]

To: Ramius
I don't care for XP's firewall ... it's okay if you also have a robust hardware firewall, but ZoneAlarm is update-able.

I'm to bed, all! Poof-tie!

120 posted on 04/06/2004 10:43:00 PM PDT by Rose in RoseBear (HHD [... I'm gone ...])
[ Post Reply | Private Reply | To 113 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 81-100101-120121-140 ... 7,761 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson