Re: hijack this

From: *Vanguard* (no-email_at_no-spam.invalid)
Date: 03/03/04


Date: Wed, 3 Mar 2004 11:55:18 -0600


***** Regarding Ian's post:

"ian holding" said in news:Hs71c.89$54.8@newsfe1-win:
> url please

Go to http://www.spywareinfo.com/~merijn/cwschronicles.html.

At this moment, I cannot reach www.spyware.com. It is either down or
maybe getting DOS'ed. It's host at IP address 209.133.47.12 is
reachable via traceroute and can be pinged so the host is up and
reachable but the web site is down or maybe getting attacked again.

***** Regarding David's post:

"David Postill" said in news:b32a4053ck722dl8ielkb3bhkp1k5uvir1@4ax.com:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

And why are you so stupid as to digitally sign messages posted to
newsgroups? Probably not best to call folks stupid (you didn't like it,
either) and just point out that they could have found the topic more
quickly themself by doing the web search (and, of course, you could
provide the resultant search URL if you were really interested in
pointing them in the correct direction while trying to train them to
first perform web searches). You think readers in newsgroups are really
interested in verifying your identity? When and if the discussion goes
offline via e-mail, then use digital signing in the e-mail but only if
it really is an identifying certificate (the freemail certs from Thawte
are a bad joke and only usable to encrypt but not really to identify).

Doesn't Forte Agent permit the use of digital signatures just for e-mail
accounts but NOT for news accounts? Or is that a deficiency of whatever
PGP plug-in you use? The PGP signature just adds more crap within the
message that is not germaine to the post (when reading posts in
text-only format). Why doesn't the MIME in your post use
"Content-Disposition: attachment; filename=<whatever>" so the signature
is handled as an attachment instead of showing it inline with the rest
of your message? We really don't need to be seeing your PGP hash strewn
in your message.

RFC 2183, "Communicating Presentation Information in Internet Messages:
The Content-Disposition Header Field"
(http://www.cis.ohio-state.edu/cs/Services/rfc/rfc-text/rfc2183.txt)
"Content-Disposition is an optional header field. In its absence, the
MUA may use whatever presentation method it deems suitable." Could be
inline, like how I ended up seeing your unwanted PGP hash within a
text-only view of your post.

Configure your MUA (mail user agent; i.e., Forte Agent) to insert
"Content-Disposition: attachment" for the MIME part for your digital
signature. This assumes Forte Agent itself isn't screwed up regarding
PGP-created digital signatures and forgets to insert the disposition
parameter (as "attachment" mode), or your PGP plug-in isn't screwing up
Forte. But then the RFC deals with signatures used in e-mail, not for
newsgroup posts, probably because it doesn't make sense to digitally
sign messages in newsgroups. Yet RFC 1847, "Multipart/Signed and
Multipart/Encrypted"
(http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1847.html), as referenced
by http://www.templetons.com/usenet-format/signed2.html, discusses how
you should be using a multipart MIME to separate the signature from the
message. You don't do that, either. Don't add digital signatures to
your posts until you've got Forte or the PGP plug-in fixed so you don't
assault us readers with having to view your PGP hash garbage along with
your
message.

Since you're using Forte Agent, I have a side-topic question. Did they
ever fix it so that it will handle multiple news servers? Or do users
still have to define a separate config file for each server and have to
open a separate instance of Forte Agent to connect to that news server?
That is, do Forte users still have to define N config files for N news
servers and open N instances of Forte? If so, that sucks. That was my
biggest complaint that immediately terminated my trial of Forte. If
Forte is still screwed up that way, I'll see if Mozilla's Thunderbird is
a better NNTP client than Outlook Express (although I use OE-QuoteFix to
alter some of OE's misbehaviors). I connect to multiple news servers
which Outlook Express can handle quite well. It's surprising that Forte
missed such an obvious function.

It's actually quite amazing how many folks never look before asking. It
is referred to as the knee-jerk response. Find a problem and post right
away, like the kid running to mommie to ask where are his socks (or
hubby yelling about where is his tie). Of course, doing a Google (or
other engine) search doesn't guarantee you find a link to the correct
site. There are trap sites out there for most of the anti-spyware tools
that are bogus and try to trap those doing web searches into using a
modified tool that is actually spyware. So asking here might've been a
double-check that what was found in a search is probably what the
community considers the correct place to get the tool.

If the OP doesn't have the intelligence to know how to do web searches,
or if they are so new at doing web or computer stuff, then HijackThis
isn't going to be of much help to them. It isn't a magic bullet that
automates the task of un-hijacking your computer. It provides a big
list of the most common places that hijacks occur and lets you decide if
something there look suspicious (which means you must have a clue as to
what might be expected there or recognize what is there). There is a
button to provide more info on a selected item but most of it is very
generic and useless help and, again, you need to have some base
knowledge to justify your decision on what to do regarding a suspicious
item in the list. HiJackThis is not a one-button automated fix-it tool.
It is really a hint tool to point you at possibilities (and may not
include everywhere that your system can get hijacked).



Relevant Pages