Direct Ads Security Hole!!!!

From: Rick (Rick@EmbraceHisGrace.com)
Date: 10/29/02


From: "Rick" <Rick@EmbraceHisGrace.com>
Date: Tue, 29 Oct 2002 10:48:48 -0800


More important is what are YOU going to do about it?! As
others have posted, installing, enabling and configuring
a software firewall or simply enabling ICF (Internet
Connection Firewall) in XP is a definite must-do! Also,
if your concern gets the best of you, go to
START/Administrative Tools/Services...scroll down to
Messenger...doubleclick on it and set to Disable. You'll
sleep much better, I'm sure! ;)

Rick www.EmbraceHisGrace.com

>-----Original Message-----
>I would like to know what Microsoft is going to do about
>this security problem.
>
>As reported on CNN this week:
>
>"A developer of bulk-mail software has figured out how
to
>blast computers with pop-up spam over the Internet
>through a messaging function on many Windows operating
>systems. But there's a difference: Anyone can send the
>messages, and there's no need for the user to have an
>Internet browser open."
>
>They are messages sent DIRECTLY to your computer. They
>are not email messages and do not use your browser. They
>are "completely anonymous and virtually untraceable" and
>can pop up on your computer at any time.
>
>"Now somebody on the other side of the world can send
pop
>up messages direct to your screen, without email and
>without a browser !" - Chris Hopkins Security Engineer
>
>
>How do DirectAds work ?
>By tapping into Messenger Service, a service originally
>designed to enable system administrators to send
messages
>to users on a network, a new program called Direct
>Advertiser can deliver these ads straight to your
>computer screen. Since DSL, Cable Modems and Dial-Up all
>connect to a network, anytime you are online, your
>computer is vulnerable to these pop up ads.
>
>Messenger Service uses the same system to communicate
>that is used for Windows File and Printer Sharing, so
you
>can't just block that system without causing other
>problems. Even most Firewalls leave this system open.
>This leaves a gaping hole in your computer that
DirectAds
>can use to force advertising or other information to pop
>up on your screen.
>
>Messenger Service is enabled by default on Windows 2000,
>NT and XP systems, and optional on Windows 95, 98, and
>ME. This means that millions of systems are vulnerable
to
>these pop up ads. (The Windows Messenger service is not
>to be confused with Microsoft's MSN Messenger chat
client)
>
>.
>



Relevant Pages

  • Re: Guide to secure installtion of IIS 5
    ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.inetserver.iis.security)
  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
    (microsoft.public.win2000.security)
  • Re: SP2 problem connecting to web after instal
    ... > I've just installed SP2 after downloading all Windows updates first. ... > installed from CD after checking with Microsoft that I didn't have any ... > As soon as it finished installing, I disabled their firewall, as I ... > I've checked my Internet settings which seem OK. ...
    (microsoft.public.windowsxp.general)
  • Re: password protection
    ... and cable] and should really consider Windows 2000 / XP. ... sure you're also running antivirus and firewall, ... Internet] to bypass this security. ...
    (microsoft.public.security)
  • Re: Will computers ever be as simple and reliable as a refrigerator?
    ... The problem is that a refrigerator does ONE thing.. ... Your computer is not connected to the Internet. ... using Windows XP "prettifications". ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.help_and_support)