lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: chromazine at sbcglobal.net (Steve Kudlak)
Subject: [Fwd: When exploring these areas be careful was Re: 
 "Sample" not running but preventing Win2k  fromShutdown]



-------- Original Message --------
Subject: 	When exploring these areas be careful was Re: 
[Full-Disclosure] "Sample" not running but preventing Win2k fromShutdown
Date: 	Mon, 28 Jun 2004 15:15:36 -0700
From: 	Steve Kudlak <chromazine@...global.net>
To: 	Marcel Krause <marcel_k@....de>
CC: 	fulldis list <full-disclosure@...ts.netsys.com>
References: 	<40DD3AA6.4BCF5B82@....de> <40DD4FBB.5040500@...global.net> 
<40DD78C0.E132559E@....de>




Out of not so idle curiosity if you kill IE and all the
stuff associated with it from the Task Manager does
this make the problem go away. Lots of things can
sneak install into browsers and stuff in Windows.
The idea way back when was the poor beleagured
technophobic user doesn't have to be scared by seeing
all those scary technical things, so to be nice to them
we hide it from them. The first thing I would do would
be to unhide everything that it is reasonable to see and
don't worry about the visual and technical clutter.

Viruses amd malware exploit this a lot. They  hide things
from you. It is a common trick. Note Well if you are going
to go exploring around in these areas  then do the simple
things like back up your registry.  If you can configure a
prope go back utility so it can't be easily modified and you
can go back to a stable state do that.


I dunno whether to blast this to the whole list or not.
I being the pluralist quasi-buddhist-democrat that I am
once did investigations for some Chistian Groups to try
to answer the question of how to protect their children
from what they saw as "agressive p**** sites" without
preventing them from doing real research. If big breasts
is not allowed then cooking sites get thrown out.

Overall I am suspicious of  any exe files that want to
be run, unless I am really sure of them. Of course lots
of useful things work that way. .It would be nice if anything
that someone wanted to have me run came with full
disclosure.as what it did and what registry flags it set.
and so forth. Of course few people do that. The art sites
qnd art folks I know are often pretty promiscuous about
everything they do. They'll try this with that and the other
thing. Of course many art types have Macs and even though
the old Mac OS could be easily attacked few people did
it because you didn't make a big splash..

I am trying to remember the registry flag that gets set  to trap
attempts at shutdown. I used to work in a public facility and
they would set it so kids wouln't do it for fun. As log as you
can still use regedit, all you do is back up the registry and then
go back and use regedit and reset the flag to 1.

Do you use Linux as your base operating system and you sort
of hack and play around in?  I would love to eventually go to
Linux. I would have to find out the incantations and stuff to get
DSL to work. I am very near the switching office and it is
amazingly fast. But I do depend on a lot of things that are written
for windows.

So I did go poking around alot, and I was careful to make sure
I had a stable state to go back to.  This is real important if you
are going to go casting around in these areas. I know in the past
surfing seemed safe, but it is not always so. So I would use a non-IE
browser and I would keep an extensive history which I would save
and not throw away. So if something mysteriously began behaving
strangely you'd have some idea as to when it happened and where
you had been and you could reconstruct what you did. I mean in
the Life Sciences I kept a lab notebook and watched whatever I did
when I was doing work with anything that might be nasty. It might
not be a bad idea  for people who are working with computer viruses
and malware and places where they might be hanging out.

Have Fun,
Sends Steve



Marcel Krause wrote:

>Hi Steve!
>
>
>  
>
>>So what are you doing right now, killing the process via the Task
>>Manager?
>>    
>>
>
>No. I booted linux and made a backup of the hdd. no I'm waiting for
>some tips about how to extract the sample program for later analysis.
>If noone has any ideas, i'll overwrite it with a clean image.
>
>
>  
>
>>Hmmm I am glad I am not in a commercial environment
>>where I am forced to use MSIE.
>>    
>>
>
>In a commercial environment, you wouldn't go "fishing for [...]
>plugins on some porn sites", would you?
>
>
>Yours, Marcel
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040628/3fc7844e/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ