Re: Helping our M$ friends

From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: 09/01/03

  • Next message: James Arrow: "Re: Helping our M$ friends"
    Date: Mon, 01 Sep 2003 17:26:10 GMT

    On Mon, 01 Sep 2003 14:56:25 GMT, Dave wrote:
    > "Bit Twister" <BitTwister@localhost.localdomain> wrote in message
    > news:slrnbl2f3v.igg.BitTwister@wb.home...
    >> On Sat, 30 Aug 2003 19:00:35 -0500, Dave wrote:
    >> > Does anyone think we should take our firewall logs on the pings and
    > 135/139,
    >> > use smbclient and send out a whole lot of WinPopup messages so we can
    > get
    >> > our bandwidth back?
    >> Sure, why not. What could happen. Goto to jail and/or lose your
    >> Road Runner accout.
    >> Read 33.01. Definition (1) "Access"
    >> 33.02. Breach of Computer Security (a)
    >> Read 1 (a) then (4)
    > I wouldn't think sending a win popup message to inform the user they are
    > infected would be a crime.

    Take off your common sense hat and put your lawyer hat on.
    Go back and read either one of the above links and just the indicated
    paragraphs. You are wrong.

    > But enough, the point about RR security is well taken. They are motivated
    > by reducing effort. I do remember the day when they told me not to use a
    > Linksys firewall (but I did anyway). And if I caused some 50,000+ of their
    > customers to call in to get advice on how to clean up their PCs I would
    > likely end up kicked off.

    I hear you. I cannot find the link where an employee warnned
    management about a security flaw and they did not do anything. Emp
    left company and later let the cat out of the bag, the Orgeon law
    (IIRC) was used because of the email.

    > But the ISPs, not just TW could easily inform their users. Figuring out
    > which PCs are infected is easy. Map the IPs back to a MAC and the customer
    > DB should just be a shell script.

    Yes, my solution would be, gateway sees virus attempt, tells dhcp
    server. Server sets lease to expired. Next reboot, server gives dns
    server ip which routs all urls to Micro$not update site and clears
    database flag about dns munging.

    Slight problem when *nix boxes have same kind of problem. :(
    Apache worm commes to mind.

    There are other slight gotchas in my scheme, but just a simple matter
    of codding. :)

    > Then fire off a email.

    We (some comcast customers) had discussion about that because comcast
    sent emails to their customers giving links to discriptions, fixes and
    update. We then showed how that would lead someone to spam customers,
    who were email trained to get updates, to automatically click forged
    message and realy get malware a great head start.

    I did get a computer generated phone call warning about the problem.
    That will only work for people who have cable phone and others who
    keep their phone number current with the ISP.

  • Next message: James Arrow: "Re: Helping our M$ friends"