Re: XP SP2 Firewall security breach
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: Sun, 14 Nov 2004 10:57:54 -0600
In article <t4-dnSdC8eYcpQvcRVnfirstname.lastname@example.org>,
"John Anderson"email@example.com wrote:
>Came across this today, can't believe what I'm reading, but it seems
>microsoft have put in a backdoor to the XP SP2 Firewall!
Hmmm... "Golly gee" type announcement of yet another microsoft fiasco,
with NO reference to a credible source, separately posted to (at least)
alt.security, alt.os.security, and alt.computer.security.
>check out this link to secure yourself...
Invitation to an unknown site - again, NO information, but promise of
some magic "fix".
[compton ~]$ host www.cebrasoft.com
www.cebrasoft.com is a nickname for iis1.linix.net
iis1.linix.net has address 184.108.40.206
>From: "John Anderson"firstname.lastname@example.org
[compton ~]$ host 220.127.116.11
18.104.22.168.IN-ADDR.ARPA domain name pointer 217-14-181-80.as2582.net
[compton ~]$ host 217-14-181-80.as2582.net
Host not found.
[compton ~]$ domain.check as2582.net
No match for "AS2582.NET"
[compton ~]$ domain.check -as 22.214.171.124
I'd trust microsoft before I'd trust a spammer hyping his own site with a
hotmail address, from a host with a false name.
KIDS! THIS IS HOW YOU GET VIRUSES / TROJANS / SPYWARE INSTALLED ON YOUR
SYSTEMS. It's also how your email address may get added to some spam list.
Sorry, mister spammer - I've got better things to do. You may want to
talk to the incompetent klowns at mersinet.co.uk, and tell them that they
fucked up the DNS record - it's as25582.net, not as2582.net - but neither
agree with the RIPE address assignments, so that pretty well identifies
them as blackhats or fools - you figure which. Not that it really matters,
as neither should be allowed to connect to anyone's computer, much less
install this magic fix.