A Londonder made a tsnuami-relief donation using lynx -- a text-based browser used by the blind, Unix-users and others -- on Sun's Solaris operating system. The site-operator decided that this "unusual" event in the system log indicated a hack-attempt, and the police broke down the donor's door and arrested him http://www.boingboing.net/2005/01/27/jailed_for_using_a_n...
as a security admin you see all the time traffic and things and alerts that seem on first sight to be the next big thing, you are scared to think off, but instead of running to your phone, you should first sit down and read all the logs in full length and detail about the incident before blocking someone or getting the police out....
I can imagine that the police officer who was very proud of himself announcing to the full press that they have really arrested a hacker trying to steal money for the victims of the disaster and getting compliments for his work is now hiding himself from the same camera's.
Last year two of the most important open source development servers were hacked. Now it is up to jabber, the open source answer to instant messenging to have lost control over its development server. All the code has to be reviewed and checked.....
btw there are also some other 7 serious vulnerabilities for mandrake and for xpdf,winamp and php (look at http://patch.skynetblogs.be
really a full blown commercial product for free - without the service
One model that I like is from one telecom company in Brazil. For the home adsl user, they block ingress traffic to some well known problematic ports, like ´hack-me´ 137-139, 445, and some service ports like 80, 1434, 1433,etc...according this company it reduced a lot the impact of some worms. They are now thinking about egress traffic, like for port 445. This is a good solution because the ingress block would prevent some worms from reaching the machine and the egress filter would prevent their infected users from scanning and infecting other network(s).
Corporate adsl users with static IP address are far more difficult and I dont believe that any filtering rules would work with them. They ´bought´ a link, and they must have access to all kind of traffic. Of course, if that traffic doesn't violate an AUP (Acceptable Use Policy).
Visa CISP information: http://tinyurl.com/4ph6h
MasterCard SDP information: https://sdp.mastercardintl.com/
Both firms will oblige firms processing and using their credit cards to secure their networks, infrastructure and procedures. Maybe some will now be waking up. They are left no choice. Tell their customers they can't take visa cards to buy their stuff because Visa refuses to work with them because their network is insecure ? No customer would spend even a dime with them.
a mailserver does not have to let pass binary attachments in a mail without you having explicitly demanded for it with good reason. You don't ride with a car with three wheels and no brakes either in the opposite direction.
just block these attachments, wherever you can (network, mailagents,...)
DO NOT OPEN MAIL YOU DID NOT EXPECt OR ASKED FOR.
and as with so many other bigger viruses the last months, they are using a network of hacked servers with more files on that infected computers shall download
copy them to your proxy server in your network and block them, period.
friends of mine have bought an integrated phone-internet box for which they pay one price for all the internet they use and phone hours they can fill.
only they can call other people, but they can't receive any calls.
reading some stuff about such boxes in France where the problem seems to be resolved by buying another phone you connect to the box, stupidly.