see here in the corner of the picture blablabla
http://s19l12.ath.cx:81/ (a parking lot)
can even be done by a trojan to extort money from you in exchange of certain pics
and in 2004 there was another worm
I don't think the Nasa would had this is mind, but the whole directory is here
Hackers have released the phone, email, and address directory for NASA online. The directory contains over 1000 associates, affiliates, engineeers, scientists, and friends of NASA. NASA has yet to comment on the situation. The directory was released by SheepByte of the hacker zine 'TIZ'.
zotob is still running around, but we can already have some lessons to talk about
- the patch-timeline is now 3 days after the publishing of the patches. Some attacks were done even faster, but the timeline of one week that was commonly accepted before (testing) is now 3 days and the planning will be all different. In that timeline it is important for Microsoft to have enough programmers and security people ready to responds immediately to all problems that may arise in this short timeline because before friday all critical systems will have to be patched.
- maybe the exploit publishing gangs and business should be hold responsable for its consequences.
- everything pda, usb, portable that is not part of the strictly controlled environment of the desktop-server environment of a network should be isolated and treated as possible hostile
- the access by vpn should be rethought and computers that use such a connection should be checked on security and enormously limited in their possibilities
- if you do not need the service on the computer or server, you should not activate it, period
- whatever we learned after the previous incidents doesn't necessarily tell us anything about what will happen next, I think nobody has a clue for the moment what will happen next
- limit, limit limit no more nice guy but wise guy
security hole in a popular development tool has severe implications for a number of the Internet's most popular applications, including Gmail, Flikr and MSN Virtual Earth.
We have seen in the last zotob that the control and instruction was going through the port 8080 instead of the normal IRC ports.
This alert from Websense shows that there are real normal webbased control panels for botnet- controllers. http://www.websensesecuritylabs.com/alerts/alert.php?Aler...
the zotob viruses would be written by Diabl0 who would be in Turkye and would have been responsable for some Mytob viruses
and Turkye wants to be part of Europe ?
The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet explorer.
my thought : if it is not marked safe for scripted and not intended for use in Internet Explorer, why does it. Just make two different internet explorers, one for internal (intranet explorer) and one for external use that is very very very cut down. And that is why the new internet explorer still is not ideal.
the exploit http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
all the news about the vulnerability
The internetstorm center is still collecting and organising information but the safest way is that you stop surfing all sites that you don't trust normally.
easiest solutions Restrict use of ActiveX controls to trusted web sites only
tools - internet options - security - advanced (be sure that any active x is set to disable or ask)