Direct Ads Security Hole!!!!

From: Rick (Rick@EmbraceHisGrace.com)
Date: 10/29/02


From: "Rick" <Rick@EmbraceHisGrace.com>
Date: Tue, 29 Oct 2002 10:48:48 -0800


More important is what are YOU going to do about it?! As
others have posted, installing, enabling and configuring
a software firewall or simply enabling ICF (Internet
Connection Firewall) in XP is a definite must-do! Also,
if your concern gets the best of you, go to
START/Administrative Tools/Services...scroll down to
Messenger...doubleclick on it and set to Disable. You'll
sleep much better, I'm sure! ;)

Rick www.EmbraceHisGrace.com

>-----Original Message-----
>I would like to know what Microsoft is going to do about
>this security problem.
>
>As reported on CNN this week:
>
>"A developer of bulk-mail software has figured out how
to
>blast computers with pop-up spam over the Internet
>through a messaging function on many Windows operating
>systems. But there's a difference: Anyone can send the
>messages, and there's no need for the user to have an
>Internet browser open."
>
>They are messages sent DIRECTLY to your computer. They
>are not email messages and do not use your browser. They
>are "completely anonymous and virtually untraceable" and
>can pop up on your computer at any time.
>
>"Now somebody on the other side of the world can send
pop
>up messages direct to your screen, without email and
>without a browser !" - Chris Hopkins Security Engineer
>
>
>How do DirectAds work ?
>By tapping into Messenger Service, a service originally
>designed to enable system administrators to send
messages
>to users on a network, a new program called Direct
>Advertiser can deliver these ads straight to your
>computer screen. Since DSL, Cable Modems and Dial-Up all
>connect to a network, anytime you are online, your
>computer is vulnerable to these pop up ads.
>
>Messenger Service uses the same system to communicate
>that is used for Windows File and Printer Sharing, so
you
>can't just block that system without causing other
>problems. Even most Firewalls leave this system open.
>This leaves a gaping hole in your computer that
DirectAds
>can use to force advertising or other information to pop
>up on your screen.
>
>Messenger Service is enabled by default on Windows 2000,
>NT and XP systems, and optional on Windows 95, 98, and
>ME. This means that millions of systems are vulnerable
to
>these pop up ads. (The Windows Messenger service is not
>to be confused with Microsoft's MSN Messenger chat
client)
>
>.
>