fayax.info

Please spread the message. A recent phishing-like e-mail is going around and if users aren’t careful, their MSN account can be hacked! I recently received some e-mails on my MSN account which read:

Sender: xyz@hotmail.com (where xyz is in your MSN Contact list)

Subject: A friend deleted you from MSN Messenger!

Message:

I have just logged with my hotmail to www.MuyMSN.com that is a website where you can find WHO DELETED YOU from the MSN Messenger.
It´s incredible to find out that trusted friends deleted you
You might find out the same!!
Check it at www.MuyMSN.com

Please spread the message. A recent phishing-like e-mail is going around and if users aren’t careful, their MSN account can be hacked! I recently received some e-mails on my MSN account which read:

Sender: xyz@hotmail.com (where xyz is in your MSN list)
Tittle: Somebody has blocked you on MSN messenger
Message:

 

You’re Blocked!

A contact has recommended you to enter in www.youareblocked.com.
The site allows you to find out who has blocked or deleted you from the MSN Messenger

This e-mail comes to your inbox, since you have been recommended by one of your contacts

When you click the link, it’ll bring you to a website that looked pretty decent and professional. But don’t be fooled by the site’s design to pass it off as a genuine site. To check for a blocked contact (xyz@hotmail.com), you have to enter your MSN e-mail and password. But wait.

Why would you need to do that? Never give away your credentials unless you are very sure that the site is not bogus. Google the site and the source where you get the link from. Look for security certificates. And what I meant by “very sure” is if ask yourself this question — Do I feel a sense of insecurity (even a lil) giving away my password to the site? If you feel even the slightest distrust, stop and close the site.

Spread the word. Do not be fooled by the e-mail. Searching the WWW showed that people who have signed in actually got their MSN account hacked (multiple sign-ins, etc). IF you had fallen prey to this scam, change your password IMMEDIATELY!

UPDATED: Microsoft has quietly pushed back the third official service pack for Windows XP to 2008. Whether or not this is an issue seems to be one for debate.

This isn’t the only service pack that’s pulling a Godot, according to Microsoft’s Service Pack Road Map. The second service pack for Windows Server 2003 has been pushed back from late 2006 to Q1 of 2007.

Service Pack 3 for Windows XP was long-believed to be planned for mid- to late-2007 release. It was largely going to be a collection of cumulative fixes and patches, IE 7, and .Net 3.0, although its contents were still up in the air.

Microsoft was not available for comment at press time.

Pushing the third service pack to 2008 leaves a four-year gap since Service Pack 2 came out. That’s not a good practice or message for business customers, said Mike Cherry, analyst with Directions on Microsoft.

“I don’t understand how on one hand Microsoft says it wants predictable releases of operating systems but on the other hand doesn’t see that the predictable release of service packs would be equally valuable,” he said.

Microsoft has refined its patching system through auto update, but there are still a lot of fixes to install since SP 2 was issued, he points out. “Granted, it’s done automatically, but it would be nice if it was all rolled up into one package and tested against each other,” said Cherry.

But Michael Silver, senior analyst with Gartner, said organizations are generally not in a rush for a new service pack.

“Support on SP1 just ended and there are a lot of companies that have not been able to get to SP2 yet because of application breakage issues or because it was low priority and they just haven’t gotten around to testing their apps,” he said.

Waiting longer for SP3 won’t bother most organizations, Silver maintained. IE7 just shipped and they’ll be more concerned with deploying that and the forthcoming .NET Framework 3.0.

There could be another reason, according to Rob Enderle, principle analyst with The Enderle Group: Microsoft doesn’t want to promote XP.

“They want to put all the focus on Vista and not have an XP service pack come out in a Vista launch year,” he said. “If they do a major refresh during the launch of a new OS, then people will get confused. They want the message to be clear, to move the customer to Vista and not patch XP.”

Microsoft seemed to confirm Enderle’s suspicion regarding priorities.

“Right now our priority is Windows Vista. We’ll have more information to share about the next service pack for XP after Windows Vista ships,” said the company spokesperson. He did confirm that a third service pack is planned for the first half of 2008.

Enderle said there hasn’t been a huge rise in demand for a third service pack, and he notes that by the time SP 3 ships in 2008, new machines will be coming with Vista installed.

=internetnews.com=

Do you need fake Viagra? Fancy having your privates enlarged? Perhaps you’d be more interested in donating an unscrupulous amount of money to an unknown Nigerian national? What? No? Not Interested!? Unfortunately that won’t stop faceless people from all over the world asking you, often repeatedly.

SPAM (junk e-mail) probably wouldn’t be half as bad if it were properly targeted, yet sadly a 12 year old girl is just as likely to receive such messages as a 40 year old man. Unfortunately an even greater problem is the quantity of messages, with some people receiving upwards of 1000 junk e-mails per day!

For many, dealing with the constant influx of junk e-mail has become a nightmare. Until laws are strengthened and legal action taken then little is likely to change. So what can ‘you’ do? ISPreview has pooled information from around the Internet and come up with a few helpful tips. While nothing can completely prevent SPAM, some of these should at least help to cut it down. Read more »

Sometime in the next few weeks, an official beta of Service Pack 1 for Windows Vista will be released, according to the Windows Vista Team Blog, with the final release expected in the first quarter of next year.

A Beta release of Windows Vista SP1 is slated for availability in the next few weeks.  A small group of testers has been putting a preview of the SP1 Beta through its paces to help prepare for broader release.  We made the choice to start with a very small group of testers because we think it’s better for both our customers and for Microsoft to keep the beta program small at the start.

A later pre-release of SP1 will be available to a larger group of testers  via MSDN and TechNet subscribers.

But Ed Bott says chances are good you won’t be one of the lucky few to get your hands on it.

Microsoft says the next SP1 beta will be released to “a moderate sized audience.” Invitations have already gone out, and testers who’ve been accepted to the beta program have received confirmation via e-mail and online at Microsoft’s Connect portal for beta programs. There’s unlikely to be a public beta until a release candidate is available, although it’s virtually certain that the code from the upcoming beta will leak onto public websites and spread via torrents within hours of its official release.

Mary Jo Foley has even more specific numbers:

Vista SP1 will go to about 10,000 to 15,000 selected beta testers by mid-September, officials said. The SP1 beta build will be made available to these testers for download form the Microsoft Connect site. A broader public beta of SP1 is likely around the time Microsoft delivers a release-candidate test build of the service pack, officials said, while declining to provide a timeframe for that build. The final “gold” release of SP1 is now slated for some time in Q1 2008.

What’s in it? As expected, not much in terms of features or interface changes. Look for performance enhancements and bug fixes, including a fix for Vista’s nasty sleep/resume problems.

A white paper from Microsoft has more details about what’s inside.

Also coming in the first quarter of next year: Windows Server 2008. Coming in the first half of next year: Windows XP Service Pack 3.

So how much music do you have on your computer? Dozens of songs? Hundreds? Thousands?

How would you feel if you went to play some tunes and suddenly found all of them . . . gone?

A new computer worm that works on Windows-based computers erases MP3 files — all of them. From Ars Technica:

. . . A newly-uncovered worm called W32.Deletemusic does exactly what its name implies–it goes through a PC and deletes all MP3 files in sight. And that’s it. Simultaneously low-threat and highly annoying, the worm makes its way from computer to computer by spreading itself onto all attached drives of a given PC, including flash drives and removable media. If that media is then removed and inserted into another computer, it continues its music-eating rampage on the new host.

Fortunately, antivirus vendors are rating this low-risk — it’s in the wild, but not widespread. There’s no indication that this is currently being delivered via the usual high-traffic methods, including e-mail or infected Web sites. But that doesn’t mean it couldn’t be.

But because it moves from drive to drive — even removable ones — it would be particularly deadly on a home network, where each family member might host his or her stash of music. Oh, the humanity!

As the Ars story points out, this isn’t the first piece of malware to target music files:

. . . Nopir-B made its rounds some two years ago and posed as DVD copying software, according to security firm Sophos. When users tried to run it, Nopir-B scolded them for participating in piracy and proceeded to delete all MP3s from their computers. Similarly, last year’s Erazer trojan deleted not only MP3 files, but AVIs, MPEGs, WMVs, and ZIP files as well in a “crusade” against piracy.

. . . And it likely won’t be the last. I’m not going to say that this is an evil move by the greedy recording industry, which hates what digital music has done to their fiscal Nirvana. But I bet that, deep down inside, they’ve got to be secretly pleased.

Members of the Ubuntu colocation team suggest the attack could have begun with a Chinese IP address.

The Ubuntu community had to yank five of the eight Ubuntu-hosted community servers sponsored by Canonical offline Aug. 6 after discovering that the servers had been hijacked and were attacking other machines.

It was suggested during an IRC (Internet relay chat) meeting of the Ubuntu colocation team Aug. 14 that the source of the troubles might have been a Chinese IP address trying to log onto the servers by brute force “for a long time now it seems,” said a participant.

On Aug. 14, the community began to bring the machines back up in a safe state so that they could recover data from them. Unfortunately, according to Ubuntu Community Manager Jono Bacon, the servers were all found to be out of date, stuffed with Web software, and missing security patches—at least in the instances where it was easy to determine what version they’re running.

“An attacker could have gotten a shell through almost any of these sites,” Bono wrote in a posting, regarding a change to location server policy that resulted from the incident.

“FTP (not sftp, without SSL) was being used to access the machines, so an attacker (in the right place) could also have gotten access by sniffing the clear-text passwords,” he said. Also, “the servers have not been upgraded past breezy due to problems with the network card and later kernels. This probably allowed the attacker to gain root.”

Bringing the servers back up has taken longer than the managers would have liked, Bono said. Given that they’ve been relying on help from members spread over the globe, there are “arbitrary limits imposed by those remote hands” and there’s a “(relative) lack of bandwidth” available with which data can be copied from the machines, he wrote.

During the Aug. 14 IRC meeting, location teams were given a choice to migrate to the Canonical data center or stay on the hosted/outsourced servers. Canonical, based in the U.K., is a provider of services to individual and corporate open-source software users.

The pluses of moving to the Canonical data center, Bono said, include better hardware and bandwidth, full-time support from Canonical’s systems administration team—including software maintenance—and integration into Ubuntu’s existing backup infrastructure.

Some of the minuses the Ubuntu community will have to deal with in a move to Canonical—the company behind the Ubuntu distribution—include having less software supported—with the wiki engine MoinMoin, the blog platform WordPress and the Ubuntu community forum Planet on the short list of still-supported applications.

The migration was still in swing as of Aug. 14, and the collocation team leaders were looking for help. “I’d be very happy if I got one index.html file to ubuntu-fi.org today as a start MoinMoin would be very nice too,” one said during the IRC meeting. “One thing I would ask for is patience. I understand that a service outage like this makes many people anxious,” he said, requesting that those anxious about restoration of services go to the #canonical-sysadmin channel and ask publicly so that the first available systems administrator can answer the request.

In the meantime, data isn’t lost, although applications must be deep-sixed since executable code simply can’t be trusted following the intrusion.

“Due to the nature of the intrusion, we must assume that any and all executable code of any sort on the old sites is dangerous,” said the meeting leader, “Spads.” “…We have data, but executable code (python, PHP, Perl, any CGI, etc.) will need to be replaced.”

A quick and useful command for checking if a server is under ddos is:netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server. It is important to remember that the ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

To Block a certain IP address that on server .Please use following commands

—————–command——————————

route add ipaddress reject

for example route add 192.168.0.168 reject

You can check whether given IP is blocked on server by using following command

route -n |grep IPaddress

—————–command——————————

OR

use follwoing command to block a ip with iptables on server
—————–command——————————
iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

—————–command——————————

Then KILL all httpd connection and restarted httpd service by using following command

killall -KILL httpd

service httpd start

Last month, Microsoft announced that when it provides advance information about what would be coming for its regular Patch Tuesday fixes, it would offer more details about what software titles were affected.

The Security Bulletin Advance Notification for June is out, and sure enough, we know more about what Microsoft will deliver to Windows users on the second Tuesday of the month.

You can expect six patches. Four fix Critical vulnerabilities, one is rated Important and the last Moderate.

The software affected includes Windows 2000, XP and Vista; Windows Server 2003; Internet Explorer 5, 6 and 7; Windows Mail in Vista; Outlook Express; and Visio 2002 and 2003.

Microsoft is saving the good stuff — the details about the flaws themselves — for Tuesday’s release.

Also coming Tuesday: Seven high-priority updates for various Microsoft products that aren’t security-related. There are no details as to which products those updates involve, however, the notification does indicate they are not for the Windows desktop operating systems.

Update: Mary Jo Foley says one of the patches will be a major one — Windows Server 2003 Service Pack 2.

The area of greatest risk associated with the new Windows DNS exploit resides within intranets, where Windows Server domain controllers are running DNS and might become compromised, according to Ken Dunham of VeriSign iDefense. Microsoft said its security team is hard at work developing a security update to fix the DNS vulnerability.

In what has become a string of vulnerabilities in recent weeks, Microsoft has confirmed limited, targeted attacks against its Windows Server Domain Name System (DNS) service.
Microsoft said its initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the DNS server service. That opens a door for phishing attacks, directory services issues, and e-mail disruptions.

The latest Microsoft zero-day vulnerability affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista do not contain the vulnerable code and are not affected.

Proof-of-Concept Exploit

Microsoft said its security team is hard at work developing a security update to fix the issue. However, Christopher Budd of the Microsoft Security Response Center (MSRC) urged customers to deploy workarounds as quickly as possible because the company is aware of proof-of-concept code that can exploit the vulnerability. The SANS Internet Storm Center has confirmed at least two exploits.

Microsoft’s internal investigation reveals that the vulnerability occurs in the processing of remote procedure call (RPC) traffic by Windows DNS. The DNS service is only installed on Windows server systems, not on client systems, and is not enabled by default on all Windows servers. That safeguards a percentage of customers.

What’s more, even though the vulnerability is in the DNS service, Microsoft said it cannot be attacked over standard DNS port 53. An attempt to exploit the vulnerability has to be made over RPC, which uses traffic on port numbers above 1,024. However, on Sunday, Budd reported that it is also possible for a user with valid logon credentials to exploit the vulnerability over port 445.

Risks and Workarounds

The area of greatest risk potentially resides within intranets, where domain controllers are running DNS and might become compromised, according to Ken Dunham, director of the rapid response team for VeriSign iDefense. These servers store all the passwords for a Windows network.

“It is feasible that a bot may incorporate an intranet spreading routine to exploit vulnerable computers within the network to help it spread,” Dunham explained, noting that a bot can be programmed to spread through the recent ANI vulnerability to infect clients and then use the zombies to exploit the DNS service against the local domain controller to gain complete control over an entire network.

“Malicious actors that compromise DNS servers will likely reconfigure the server to silently redirect Web traffic to compromised Web sites for monetary gain or corporate espionage,” Dunham predicted. However, as Microsoft noted, there are workarounds. And for those who use Symantec security tools, the company already has released Bloodhound.Exploit.136 signatures to detect threats designed to exploit this vulnerability.

For now, Redmond is encouraging customers to evaluate the workaround that would disable remote management over RPC for DNS servers. Other recommended workarounds include blocking unsolicited inbound traffic on ports 1,024 to 5,000. In Windows 2003, Dunham added, data execution prevention is also helpful in blocking the exploit.