popup blockers

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - What does SPAM stand for? Hi all - Can anyone tell me what SPAM stands for? I know what it does but as Ive been asked by a user it made me wonder... Tag: popup blockers Tag: 64225
  - 2
    - What is WPA? Hi All, I would like to discuss this with all of you. What exactly is WPA and How it is different from WEP. Do we need something extra for the products which are accessed usig WEP, and if it had to implement WPA. How can we do that? For eg: Wireless projector has WEP standards in build however what has to be added if we would like to implement WPA instead. Thanx for your co-operation in advance. Regards, Ashish Nair Tag: popup blockers Tag: 64224
  - 3
    - Unknown process running I have a process running that I have never seen before called HOKHIDK.EXE can anyone tell me what it is? Tag: popup blockers Tag: 64220
  - 4
    - How nosey are ISP's Hi, I just got an email from my new ISP about how low priced internet service could be with them if I subscribe. I already have internet with them, of course, so why do I need to get internet service with them.It was sent to a Yahoo email address I have & was personalized in the sense that My last name was shown on the offer. Weird thing is that I never gave them (or at least I dont remember) and 'alternate' email address when I signed up with them (done by cd). 1-How did they get my yahoo email address 2- Do they or all ISP constantly monitor what programs we use, email addresses we have,etc??? Ive only had this ISP for 1 month. It is people pc. Does anyone have any ideas?? Perhaps one could trust the ISP but just how far can they go? Tag: popup blockers Tag: 64219
  - 5
    - cracking local admin account I have an employee who apparently has a way of cracking local administrative passwords. I just learned of this and he has thus far been using this trick "for good" (e.g. to by-pass corporate buracracies that impede productivity.) Regardless, I've asked him to cease this practice. However, I'd like to know if there's a way to make sure he's no longer able. The problem is that I don't know how he's done it except that I was told by a coworker that a floppy disk of some sort was invovled. I realize that's scant information to go on, but I was hoping that someone might be able to offer some guidance on shoring up the security on my PCs. thanks, spence Tag: popup blockers Tag: 64207
  - 6
    - New MSSecure.XML Version 2004.11.11.0 Now Available MSSECURE.XML Data Version 2004.11.11.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified today, November 11, 2004, and is now available for all supported languages (English, French, German and Japanese). This XML contains the following two fixes updated since the 2004.11.09 release two days ago: o Added new supersedence for the Proxy 2.0 case of MS04-039 that replaces the Proxy 2.0 instance of MS03-012 as listed in the revised MS04-039 bulletin (ISA Server and SBS cases are unchanged). o Removed incorrect MS04-032 detection for Windows 2000 SP2 (SP3 and SP4 detection is unchanged) This release does not include any other bug fixes. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for the Microsoft Baseline Security Analyzer (MBSA) at the following link: http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: popup blockers Tag: 64205
  - 7
    - Smart-Security SmartSecurity Hijacker on your Desktop In case anyone is having this problem - your desktop goes black with an ad "Warning! You are in Danger" that leads you to a firm called Smart-Security, there is help. I don't have the address but go to either TheTechGuide.com forum which has a very long discussion on the problems and solutions to this extremely nasty hijacker. (Just do a search for smartsecurity or smart-security) Also, you can go to CompleteTranslations.com, which also has a step-by-step solution. (A link to the solution in the bottom lefthand corner.) I'll try their solutions tonight on my home computer. Hopefully, they will work. Smart-Security itself also claims to have download that will correct the problem, but I don't know if I trust the company that put the hijacker into my system to fix it. Personally, I'd sue them, but I think they're based in the UK. If not, legal letters will be sent in the near future. Good luck. Mark Tag: popup blockers Tag: 64203
  - 8
    - Policy Changes and there effects If you change a password length requirement from 5 to 8, will this force changes for anyone who's password is currently under 8. Or if you change the time from of password changes from 90 days to 60 days, will this expire passwords. I don't believe it will force anything until they expire or they change them themselves, but i cannot find any sort of docs on this matter. Thanks for any help or direction. Tag: popup blockers Tag: 64190
  - 9
    - Spyware/Adware took over my desktop background The other day because of some confusion between Norton Internet Security and AOL, I very mistakenly turned off my Personal Firewall for a minute so I could get logged on. Well, a spyware or adware virus entered my computer. I believe that through either Norton or PestPatrol, I got rid of most of the virus, since my computer seems to be working fine. But what wouldn't go away was an ad that apparently lies on top of my normal background. The ad is the usual "Warning! You're in Danger . . ." and at the bottom of the ad is the phrase "Removal Instruction." Despite running Norton and PestPatrol several times, the ad remained. So I check out it's Properties and found that it was saved as AOL picture in the Windows Desktop. I went into the Desktop file and found an AOL picture that was created at the time the virus entered my computer. Figuring that was the ad, I deleted it. After re-booting, the ad was gone, but in its place was blank white screen. I can still see my icons, and they all seem to work, but the background is a glowing white, which isn't easy on the eyes and may be something that's hurting my computer. The company that caused the ad, I believe, is called SmartSecurity and claims to be a software that erases images and documents from your C drive so that no one knows what you're doing. Has anybody ever seen this before, and more importantly, does anybody know how to return my screen to normal? Thanks for any help, Mark Tag: popup blockers Tag: 64188
  - 10
    - Problem with IPHLPAPI.DLL I renewal my Norton Antivirus, to the new version Norton Antivirus 2005. Ever since I've been getting the following errors: "Symantec Email Proxy cannot scan your email messages because your network is not properly configured: (1003.13)" "Error starting Program the IPHLPAPI.DLL file cannot start. Check the file to determined the problem". I've check with the Norton people after some checking, they concluded the problem with the email scanning has to do with the IPHLPAPI.DLL file and when this get resolves/fix the email scanning will work properly. I've check to see if the IPHLPAPI.DLL is in my hard drive, it is. There are 4 copies; 1. C:\WINDOWS 2. C:\WINDOWS\SYSTEM 3. C:\WINDOWS\TEMP\Q312339 4. C"\America Online I've checked your website for a solution: I found Document ID#2003103013462254. it said the problem might an incompatible iphlpapi.dll file, I just the version and it is the most recent version 5.00.1717.2. I can't open the file, just view it, how do I determined the problem and fix it, so that my new Norton Antivirus 2005 will work properly??? How do I check the file to determine the problem??? Please help!!!! my email: mundybring@bellsouth.net Tag: popup blockers Tag: 64187
  - 11
    - silicone virus varient ? On a frends computer with win xp instaled had a reocuring problem in that the pc would shut down without warning we scaned the pc with up to date anti virus software and spybot and lavasoft all ok the problem continued at iregular intervals with no set patern we then tryed reparing win xp (home edition) still the same problem we tryed this again still the same problem Next we fermated the hard drive and did a clean install all went fine till we got to about 75% of installing componants a screen flashed up please insert cd silicone .com we had to abort the instilation and then repeated the process and the same thing ocurd I then inserted a drive scruber to scrub the hard drive which took several hours and cleared the cmos and then formated and reinstaled win xp home edition no problem and all apears to be ok now has any one come across this before, the only referance to a silicone virus i could find was on the symantic web site but the syimptoms were slightly diferent and their was no fix Tag: popup blockers Tag: 64181
  - 12
    - Automatic update disables anti-virus software I have the icon for an automatic update, but when I used it it, it disabled my anti-virus software. Also, the update didn't seem to have worked as the icon is still there. I am using XP and Macafee anti-virus. Any suggestions? Tag: popup blockers Tag: 64179
  - 13
    - Automatic update disabling anti-virus software I have the automatic update icon on my PC(running on XP), but when I used it, it disabled my Macafee anti-virus software which I had to reinstall. Also, the update didn't seem to work as the icon is still there. Any suggestions? Tag: popup blockers Tag: 64178
  - 14
    - reset my password i forget my password and the secret answear bcz iam not use it for along time and iam not open it by email . bu i know well the info i put it in my informaition when i creat my email so i need help with link or online support to back my email by the info thanks tarek Tag: popup blockers Tag: 64176
  - 15
    - Automatic deployment of Certificate Hello, I would like to know if there is a way to automatic deploy certificate (to 15,000 computers). Maybe you know windows API's or something else to do it. Thanks, Yaron Paryanty Cyber-Ark company Tag: popup blockers Tag: 64174
  - 16
    - IE/IIS and Integrated Windows Authentication I have searched the groups and wasn't able to find an answer. I have a standalone Windows XP machine, not on a domain or active directory. I have IIS running on the system. When I setup and web application to Integrated Windows Authentication and access it via IE6 it works fine. In IE ,if I change the User Authentication Logon to Prompt for user name and password. And try the site again I get a login prompt but nothing I enter seems to authenticate me to the site. I'm not sure if I'm missing something or if this is how it's supposed to work? Thanks Tag: popup blockers Tag: 64173
  - 17
    - Can I use the Microsoft Security Update CD on a Windows98 SE Thai I have two IBM 586 233 mhz computers, one is running Win98 US version and the second is running Win98 Thai version. I have used the Microsoft Security CD that came out in Feb of this year on the US version and it ran ok. My question is: Can I use the same CD to run on the Win98 Thai version? The Thai version was purchased in Thailand and comes from Microsoft Thailand. I am concerned that the US Microsoft Security CD could cause problems, can someone give me some advise as I want my Thai children to be able to use the computer on the Internet. I have tried going to the Windows Update site with the Thai version and it fails the check for current update software, will not load current version and will not let me install any updates where as the US version works ok. Please, any assistance would be appreciated. Tag: popup blockers Tag: 64169
  - 18
    - Anti-keylogger? What is the best anti-keylogger utility out there for win2K? Best free one? Thanks! Tag: popup blockers Tag: 64166
  - 19
    - Three suspicious looking url's Hi folks, Does anyone having experience with the three, in my opinion, suspicious looking url's? http://www.1securepc.com/portal.htm http://www.1securepc.com/ http://www.docsdownloads.com/ Best regards, Hadrian it's Hadrian hadrian.spam-not@40whyspamxs.com Tag: popup blockers Tag: 64157
  - 20
    - Three suspicious looking url's Hi folks, Does anyone having experience with the three, in my opinion, suspicious looking url's? http://www.1securepc.com/portal.htm http://www.1securepc.com/ http://www.docsdownloads.com/ Best regards, Hadrian it's Hadrian hadrian.spam-not@40whyspamxs.com Tag: popup blockers Tag: 64156
  - 21
    - using personal signatures for remote authentication I have a personal signature from a national authority which I can use to sign e-mail etc. As a software consultant I run my own web+exchange 2003 server (actually SBS2003) and often want to use e.g. OWA, remote desktop and maybe even VPN from remote sites. I would like to implement more security than just username/password, and a neat solution would be to utilize my personal certificate, which I could install on the computer I use at the client site. Can someone refer me to articles on how to do this? Not using smart cards but where the cert is installed on a client PC. Tag: popup blockers Tag: 64153
  - 22
    - different protocols thru double firewall My client develops software in-house, and is using a double-firewall where internet browsers talk to webserver 1 on port 80, which forwards the http request to webserver 2 on a different port via a firewall. Webserver 2 contains the application logic (webserver 1 is essentially just a proxy). Webserver 2 may talk to application servers on the "LAN" through another firewall. Both these web servers are in DMZ and not part of a domain. There is a perception that it is less secure for webserver 2 to communicate with an application server on the LAN via HTTP (e.g. a web service), as opposed to a different protocol from the one that the original request comes in from the browser. Is there any justification for this concern, or is this just "security by obscurity"? There is a tendency to prefer e.g. .NET remoting between the web server and the app server instead of a web service - and I would to hear some opinions if that preference is justified. Tag: popup blockers Tag: 64151
  - 23
    - Bios Serial Number - unique system identifiers Can I trust on ( Bios Serial Number + MAC ) to identify a machine? (I want to use it as my hashvalue in a public/private key mechanism) I know that it is possible to disable the processor serial number, so I can´t use it. Idon´t know if it is possible to disable the Bios Serial Number. Thanks Gaby Tag: popup blockers Tag: 64143
  - 24
    - question on computer access I don`t know if this can be done....I would like to be able to tell if anyone has accessed my PC at home in my absence, I am not looking for key loggers just a basic something or other that lets me know someone has used it or that they may have installed a programme. I currently use Spybot and AVG for antivirus stuff and have a firewall and run ocassional `other` virus checks. I am sure computer is being used as some settings have changed and a couple of things haven`t worked when I have returned, when I ask no one used it. I don`t want to stop them using it but if I can prove they have then maybe they will be more careful and stop mucking around with it. My next step would be do deny them access which I am reluctant to do,I just want to get it under control. any help appreciated. thanks Tag: popup blockers Tag: 64140
  - 25
    - Cumulative Patch Listings? Is there a place on Microsoft's site or any other location that is a good resource to find what MSxx-xxx number covers for other MS numbers? In other words: MS04-004 is a cumulative patch, I can see it covers MS03-048 but can't find a list of all prior patches it would cover... I hope this makes sense... Thanks! Tag: popup blockers Tag: 64136
- Next
  - 1
    - need hardware based spyware blocker Does anyone know of a piece of hardware that I can use to put on networks to block all incomming spyware from reaching my computers. I have serveral dicconnected neteworks in verious locations that I want to use it on. Tag: popup blockers Tag: 64134
  - 2
    - spyware problem, please help Hi, I have ran ad aware and spybot s&d and both have found some spyware on my pc (win xp). i had these programs fix the selected problems. after i did that i connect(dial up) to the internet ok, but internet explorer wont load any webpage or allow me to send/recieve email via Microsoft Outlook. so i restored the spyware and I.E. and my email worked. i have it now narrowed down that if i remove the SAH spyware on my pc I.E. or email wont work. WHY?? and How do i fix this? Tag: popup blockers Tag: 64126
  - 3
    - Kernel32.dll causing shutdown I am running Win98 and I occasionally get the familiar message 'illegal operation - windows will be shutdown etc..' when I look at the details, it shows me the problem file as 'Kernel32.dll'. I recently downloaded Spybot, Ad-Aware, ETrust (I have been trying to clean my pc of malware). Does anyone know what this dll is? Any comments would be greatly appreciated. Bryan Tag: popup blockers Tag: 64122
  - 4
    - Password history Hi, I want to have strong password restriction in AD but i don't know how to prevent changing a password like this: old: Asdfg_01 new: Asdfg_02 I remember that somewhere (AS400 or UNIX) there is additional restriction - number on characters which could be repeated during password change - is there something like this in AD? Regards, Radek Tag: popup blockers Tag: 64117
  - 5
    - what is a DSO exploit? As Above Tag: popup blockers Tag: 64116
  - 6
    - how do I remove cookies completely I use adaware and everytime I run it there are about 10 cookies that keep appearing, I check them and have them removed but when I run adaware again, they are back. How do I get rid of cookies completely, never having them return again? Tag: popup blockers Tag: 64112
  - 7
    - Hardware box to block spy programs on entire network Does anyone know of a piece of hardware I can put on the network that will block spy programs from being down loaded onto my network. Thanks jess Tag: popup blockers Tag: 64091
  - 8
    - Certificates for non-windows machines. I have a CA running on a Windows 2003 Enterprise box. I have a few apache servers that need certificates (they are internal, and the CA is a trusted source on every computer). After I get OpenSSL to generate a request and submit the request on the box running CA, it fails and complains that I don't have a certificate template. How would I go about remedying this issue? The requests are valid requests (at least the file looks that way) Tag: popup blockers Tag: 64081
  - 9
    - Certificates for non-windows machines. I have a CA running on a Windows 2003 Enterprise box. I have a few apache servers that need certificates (they are internal, and the CA is a trusted source on every computer). After I get OpenSSL to generate a request and submit the request on the box running CA, it fails and complains that I don't have a certificate template. How would I go about remedying this issue? The requests are valid requests (at least the file looks that way) Tag: popup blockers Tag: 64080
  - 10
    - Certificate for non-windows machines I am trying to generate certificates for some apache servers running on linux. After the OpenSSL request generation, when I attempt to validate the certificate in the CA tool, it complains saying that it failed because the certificate doesn't have a template. How do I fix this? Or, how do you sign certificates made on non-windows machines? Tag: popup blockers Tag: 64079
  - 11
    - OH BOY - NEED SOME INPUT 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, Tag: popup blockers Tag: 64077
  - 12
    - New MSSecure.XML Version 2004.11.09.0 Now Available MSSECURE.XML Data Version 2004.11.09.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified today, November 9, 2004, and is now available for all supported languages (English, French, German and Japanese). This XML contains necessary updates for the MS04-039 bulletin for ISA Server released today, although MBSA does NOTsupport this product for detection (see KB306460 for for information on supported MBSA products). This release also includes a number of minor bug fixes reported by customers and PSS to resolve 'invalid checksum' and 'greater than expected' warnings. Please post issues where MBSA reports errors or warnings for cases you may feel are incorrect. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for the Microsoft Baseline Security Analyzer (MBSA) at the following link: http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: popup blockers Tag: 64076
  - 13
    - VBS Security Vunrulbility Has anyone heard of thido you know if its true and weather to disable what it says? > Opening the wrong E-mail may soon be enough to empty your bank account. In an effort to woo security-conscious computer users, "phishers" have come up with a new technique to harvest online banking details without requiring users to click on a Web link and enter personal information on a submission form. This new form of attack, directed specifically at users of online banking, runs a script when a phishing E-mail message is opened, according to E-mail and virus security company MessageLabs Ltd. The script tries to rewrite the host files on the machine of the recipient. On subsequent attempts to access online banking services, victims will unknowingly be redirected to a fraudulent Web site designed to capture their log-in details. Alex Shipp, senior antivirus technologist at MessageLabs, says such developments only make it harder to defend against phishing. Traditional phishing attacks rely on tricking the user into following a Web link and then entering personal information. "This one is much more insidious," he says. Some 3% of those targeted by phishers reveal personal information, according to a study released in April by research firm Gartner. Shipp adds that this new technique, which has only been detected in Brazil, is probably being tested for wider deployment. That's what happened with first-generation phishing attacks that were tested in Australia before being directed at users in the United States. Only systems that have enabled Windows Script Host are vulnerable to this attack. WSH lets users run VBScript and JScript scripts within the Windows operating system. Sophos plc, an antivirus company, offers instructions on how to disable WSH <http://www.sophos.com/support/wsh.html>. "Most businesses these days probably have this disabled," Shipp says. "But home users are more vulnerable." Tag: popup blockers Tag: 64074
  - 14
    - OH BOY - NEED SOME HELP! Can any one tell me what this looks like? Are you thinking what I am thinking? Any thoughts are appreciated? ENVIROMENT SERVER:NT 4.0 6A PROXY 2.0 Exhange 5.5 SP4 Antigen Virus Software Here is a snapshot from a PF proxy log. I have changed the internal and gateway ip addresses for security reasons. Just imaging tat 111.111.111.11 is the internal address of the NT server in question, and 100.100.100.10 is internet gateway address. I am seeing this occur periodically. Also, our proxy suddenly crashes, and brings down all the services, thus preventing any Internet Access. I have to start the services again. My servers have all MS Updates. 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, Tag: popup blockers Tag: 64073
  - 15
    - OH BOY! Can anyone tell me what this looks like??? Is it perhaps what i think it is? 11/2/04, 3:21:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:38, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:38, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:39, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:39, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:42, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:43, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:45, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:45, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:48, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:48, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:51, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:51, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:53, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:53, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:54, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:54, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 209.202.125.58, 209.202.125.63, Udp, 138, 138, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:00, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:00, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:02, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:03, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:06, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:38, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:39, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:40, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:40, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:42, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:42, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:43, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:44, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:45, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:45, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:46, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:46, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:48, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:48, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:49, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:49, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:51, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:51, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:52, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:52, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:54, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:54, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:55, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:55, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:57, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:57, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:58, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:58, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:00, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:00, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:01, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:01, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:03, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:04, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:07, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, Tag: popup blockers Tag: 64072
  - 16
    - Microsoft Security Bulletin(s) for November 9, 2004 November 9, 2004 Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summaries: October Summary http://www.microsoft.com/technet/security/Bulletin/ms04-nov.mspx Important Bulletins: MS04-039 - Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258) http://www.microsoft.com/technet/security/Bulletin/ms04-039.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: popup blockers Tag: 64071
  - 17
    - backup security event viewer I want backup my security event log on event viewer on a Dc (windows 2003). If I use a script I obtain a evt file. But If I open that evt file on a pc that isn't in domain, I see the SID no the Users name of the users. So if I want made a good backup on my dc how Have I do? Thanks Tag: popup blockers Tag: 64070
  - 18
    - Deleting messenger How do I disable MSGR 4.7 from my system at work? I try to in the 'control panel' - delete 'windows programs'; however, it seems to not work. I try to delete the actual file program icon; but it won't let me delete the file there either? I have a feeling that it is connected to another program - possibly outlook? I'm not sure. My concern is this: I will be leaving from the office soon, and want to ensure that nobody will have access to msgr/my inbox. when I open messenger, someone can click '___@hotmail.com' - 'click here to sign in' and anyone can have access to my email. Tag: popup blockers Tag: 64068
  - 19
    - Warning: flawed security on webhostin server ehosting.ca (same as mecca.ca) Hi NG, Anybody of users having a web site on ehosting.ca (mecca.ca) server can read anybody else's source code, asp files, connectionstrings and all. I could. I tried to warn the administration of this flaw but they not only don't understand their problem but belligerently defend their incompetence. No wonder they don't warn their customers about it. Because, first, they didn't even realize it and, when I told them about it, they blamed me for having tried to hack. They think security means only preventing script execution rights on user account folders and have been giving "Read" access to "Everyone" in order that their system could get directory listings!! Later on they said that they have made a typo, and that they're giving read rights not to "Everyone" but to "IIS-User" system user-account. It doesn't change the fact that the users can read each others' files. After my warnings, they might have improved the security level on the host, but from their record, you can't be very secure. So be warned. After all I felt forced to cancel my membership (on Nov 06, 2004 see below). When I created the FSO page back in 2000 the idea looked pretty new to me; you write down the virtual path to a dummy folder on my site and can read the directory listings. Then you double-click on a subfolder and get its listings. Double-click on a filename and (if ASCII) it opens in another page, where you can edit and save (in theory). And I put it on my free site at brinkster.com as a demo (www11.brinkster.cm/Nersessian/, registration is needed to see some files and their sources; only English part is more or less functional. I'm trying to set up a new site). Now this type of application is being used on many servers. Brinkster.com gives the warning that the free sites are insecure, so does 1asphost.com where the FSO doesn't exist at all on free sites. All is done to encourage paid membership. Here, on ehosting.ca, with paid membership, users have same or less security as on brinkster.com for free hosting. So when I uploaded this file, I was 100% sure it would not allow me to go above my own folder, but it did, successfully. Below I include my response to one of the administrator's message to me (after I also got a "Hello there" message from the biling@mecca.ca informing me that full refund in that company means less than 40% of the membership fee!!): //*********************************************************** What you're doing endangers your clients' and their users' private information. I suggest you to read Microsoft's public web server security guidelines again. Your interpretation of those guidelines is very peculiar, to say the least. 1. Absolutely non-important that other users cannot execute scripts in my account. If "Everyone" can read in my account, the real hackers will be "executing" my users' identities and their credit card numbers on their bank accounts, not scripts on my account. I hope you can figure out how they get that information, once they can read in your clients' files 2. Even if the system has to read in account folders, there is a user called SYSTEM. You could give it read rights. Not to Everyone. 3. I don't think that you even have a 'Clients' (or whatever) user group for clients, or know how and for what to apply it, if you give Everyone read rights. 4. You are not warning your clients about the security hazards their and their users subject themselves accepting your hosting services. Although this email will efficiently help you improve security on your hosting server, I don't expect to receive apologies or gratitude from you. But I will think it over, if I will warn your clients about your incompetence regarding their accounts' security and if to take further action. Regards, AN Mecca Administration <admin@mecca.ca> wrote: Hello, Well "Everyone" write access is disabled on c:\clients folder and you cannot use a web based script to write data to other clients' folders. We must enable "Everyone" read access so that other server components can read the directories and files listng. Keep in mind that we had followed Microsoft's public web server security guideline closely when we implemented the security structure few years ago. If you want to have a very secured server environement, please consider our dedicated server hosting. Also keep in mind that according to TOS, no subscribers are not allowed to hack into our systems: 3.1 The Subscriber will not hack, break into, access or use or attempt to hack, break into, access or use any part of the Services, its content and/or any data areas on Mecca's server(s) for which the Subscriber has not been authorized by Mecca. However, should you decide to call off our hosting service, please confirm your decision before November 08, 2004 (Note that you can only request the refund within 14 days of purchase). Cancellation request submitted after this day will not be counted within our 14 day money back guarantee period and thus, no full refund MINUS $15 administration fee (plus any applicable cheque handling charge) will be issued. Best regards, Systems Operations /*************************************************************************** ***** Tag: popup blockers Tag: 64067
  - 20
    - US - CERT Vulnerability Note VU#842160 Microsoft has not responded to this potential issue. Does anyone know the status or if Microsoft has responded in any way. TIA Tag: popup blockers Tag: 64064
  - 21
    - Twain Tech removal I finally got rid of one instance of Twain Tech on an XP machine after days of fighting it. 1. I deleted everything in \documents & settings\*username*\local settings\temp folder. 2. I deleted the key: HKLM\software\microsoft\windows NT\currentversion\winlogon\notify\WPAEvents. It was pointing to the "2ldsrch.dll" file in system32 folder that kept coming back. 3. I ran the Giant software that finds and deletes the "2dlsrch.dll" file that shows up as 'TwainTech'. 4. Reboot If you update to Windows XP service pack 2 and run the "critical updates" for XP, you can prevent programs like this one from coming back. I just wanted to see if I could get rid of this one manually before updating to SP2. Hope this helps someone! - Jim http://www.wwwdothttpdotdotcom.com Tag: popup blockers Tag: 64062
  - 22
    - spyweeper keeps popping up asking to keep/remove startup items Hi On my windows XP Professional PC I have spysweeper installed. While I am working away it keeps popping up asking to keep or remove various startup items. Its a different startup item name each time. These are the details of the item: Startup Item: egFHY9Ex (This name changes each time) inetkw CommonName Location: C:\PROGRA~1\vowpuqt\qpwostw.exe Registry or startup Folder: HKLM:Run Any ideas of what it can be? Ive turned off spysweeper for the monent. Tag: popup blockers Tag: 64060
  - 23
    - svhost.exe and bgthye.exe I had had problems with a users notebook using up all the bandwith when it was connected to the LAN in the office. Ending Process "bgthye.exe" in Task Manager fixed the problem. After installing XP SP2 on the machine, Windows asked me if I wanted to block svhost.exe and bgthye.exe from accessing the Internet. I found some user group chats that highlighted svhost.exe as a virus and described how to get rid of it. Fine! My problem is that I can find nothing about "bgthye.exe". Does anyone know if this is a virus too? And should I be following the same sort of process to getrid of it as I did with svhost? Tag: popup blockers Tag: 64059
  - 24
    - XP doesn't recognize VCOM virus protection Is this common? It's definitely in there... The computer in question had a virus, so put in a larger hard drive, reloaded everything and installed VCOM Fix-It Utilities. After doing all that, a little cartoon bubble popped up that said it didn't see any virus protection software. I figured out how to stop it from continually asking about it and sent the computer on its way. *that is the question I have* NOW for a little background and longer story... Here it is, one week later, and they've got a virus again. They have MSN and have many attachments in their hotmail email inboxes. I am thinking that there is a virus in one of them, and when launched it infects the PC. I have the same VCOM Fix-It Utilities on my PC with Windows98 and use Outlook Express for email. If I am sent a virus, I get an alert as soon as it shows up in the inbox. Using MSN Hotmail, it seems to me that the virus wouldn't be detected by VCOM Fix-It Utilities until it was too late - AFTER the infected file has been launched. Am I thinking wrong? I read that MSN Hotmail accounts are supposed to protected by McAfee, but if I find my theory about this to be true (I'm picking up the diseased PC tomorrow to check it out), Hotmail's going to be hearing from me. Thanks for listening, and if you have any ideas or random thoughts feel free to reply, Bill Tag: popup blockers Tag: 64055
  - 25
    - SUS Problem The SUS 2.0 SP1 administration screen on Windows 2003 Server comes up blank using http://<servername>/SUSAdmin I found no knowledgebase articles on this. What can I do to fix this? Thank you! Tag: popup blockers Tag: 64054

If you are using a firewall and can edit .. insert
new rules ..
enter the following
1024 udp block
1025 udp block
1026 udp block
1027 udp block
1028 udp block
1029 udp block

Top

Re: popup blockers by Vanguard

Vanguard
Fri Nov 12 16:46:13 CST 2004

"michael" <michaelzylog@aol.com> wrote in message
news:959F6E219zylog@207.46.248.16...
> If you are using a firewall and can edit .. insert
> new rules ..
> enter the following
> 1024 udp block
> 1025 udp block
> 1026 udp block
> 1027 udp block
> 1028 udp block
> 1029 udp block
>

Why? For outbound-initiated traffic, you should have already decided
which applications are allowed access through these ports when your
firewall popped up an alerted asking for permission to let the
application have access (and then you edit the application rule). For
outbound-initiated traffic that engenders return traffic, the firewall's
stateful inspection feature will allow the traffic in only because it
was the result of outbound-initiate and authorized traffic. For
inbound-initiated traffic (that was not return traffic from an
outbound-initiated request for that return traffic), and if you haven't
punched holes in your firewall to allow access to servers running on
those ports, that unsolicited inbound-initiated traffic should get
rejected by your firewall.

You think we are really going to bother modifying our firewall's rules
based on the extremely terse and unqualified remarks you made here?

--
_________________________________________________________________
******** Post replies to newsgroup - Share with others ********
Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
_________________________________________________________________

Top