[Gloucs] I-WORM/Opas.A

Mark gloucs at mailman.lug.org.uk
Tue Dec 31 12:08:06 2002 

On 31 Dec 2002, Guy Edwards wrote:

> On Tue, 2002-12-31 at 01:04, jinxy@firenet.uk.com wrote:
> > Not wanting to sound like I know anything but you should be using a
> > firewall anyway and NAT aswell if you are letting PCs on the internet.
> > Blocking all ports except the ones you need.
>
> (My knowledge of security runs about as far as installing Smoothwall but
> here goes anyhow...)

better than most!

>
> But if it's attached to an email and then spreads on your internal

just disable viewing of html in outlook would be a major step forward

AND DISABLE THAT PREVIEW PANEL FOR MURPHYS SAKES!

> network once inside then it's going to get past your firewall. I know
> there's a million ways to stop that (user education, email filtering,
> don't use outlook :-) etc), but there's lots of ways in that can get
> past a firewall. (Mark?) e.g. I seem to remember an article on the

not guilty your honour. (but yes its all true)


> register about how a png file could be altered to write to memory
> through a flaw in IE.

Hate to be a rumour monger but just because we use linux..whilst on my
travels i was worried enough to see that a .gif file on linux can core
GIMP and give a very impressive buffer overflow... (in that case resulting
in a "Hello" in the active terminal)

>
> Firewalls are great but I thought all the most abundant viruses were the
> ones that used the social engineering side of it the best, not the most
> technical complicated (e.g. exploiting flaws that have been know about
> for ages but most MS machines haven't been patched and are hence still
> vulnerable, and just use a interesting email subject line to get people
> to open the email,)
>
> Out of interest, how many Linux users haven't applied all the security
> patches for their distributions? (I take it this is where the Debian
> users all look smug and mumble something about apt-get).

Regardless of how fast you update your patches, your vendor needs to
release them promptly, most linux distributors do this. (that or dont run
the vulnerable service in the first place!)

>
> > Has anyone done a talk on the firewall/NAT distros you can get and how to
> > set one up on a normal distro?
>
> Not as far as I know. Want to give it a go? I can bring along a box with
> Smoothwall and a laptop to network to it.
>
> Guy
>
>
>
> _______________________________________________
> gloucs mailing list
> gloucs@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
>


Happy new year everyone!! (hope the festive season has treated us all
well!)


ta,

Mark