Automotive Air Conditioning Information Forum (Archives)

Provided by www.ACkits.com

We've updated our forums!
Click here to visit the new forum

Archive Home

Search Auto AC Forum Archives

What the heck is this about!!!!! Pages: 12

TRB on Wed December 10, 2003 11:08 AM User is offlineView users profile

"Security professionals took note of a critical new vulnerability in the Linux kernel that could enable an attacker to gain root access to a vulnerable machine and take complete control of it. An unknown cracker recently used this weakness to compromise several of the Debian Project's servers, which led to the discovery of the new vulnerability.

"This discovery has broad implications for the Linux community. Because the flaw is in the Linux kernel itself, the problem affects virtually every distribution of the operating system and several vendors have confirmed that their products are vulnerable. The vulnerability is in all releases of the kernel from Version 2.4.0 through 2.5.69, but has been fixed in Releases 2.4.23-pre7 and 2.6.0-test6..."

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com

Bigchris on Wed December 10, 2003 5:22 PM User is offline

Every three to four years (or 8000 MS security holes) someone someone finds a Linux hole and fixes it. Then we go back to playing cards with the Maytag man.

TRB on Wed December 10, 2003 5:31 PM User is offlineView users profile

I see how it is. Seems more like as it becomes used more it becomes more venerable to hackers and problems! Just think if it had to do more than file share and print!!!!!

I'm just stirring the pot as they stated there was a patch that had to be loaded on each machine separately.

Are those user years as the HC guys use that to say 1 billion served!!!!!!!!!

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com


Edited: Wed December 10, 2003 at 5:32 PM by TRB

Bigchris on Wed December 10, 2003 6:09 PM User is offline

No, those are calendar years. There is a proscribed ceremony that is supposed to occur if a serious design error is discovered where someone cuts one of Linus Torvolds nuts off, but no one has ever attended the ceremony.

And you thought Bill Gates has that odd voice because his underwear is one size too small...

TRB on Wed December 10, 2003 7:36 PM User is offlineView users profile

That sounds just like a Linux solution! I'll have to say in advance, it will be one meeting I'll have to miss!!!!

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com

k5guy on Wed December 10, 2003 10:05 PM User is offline

Quote
Originally posted by: TRB
"Security professionals took note of a critical new vulnerability in the Linux kernel that could enable an attacker to gain root access to a vulnerable machine and take complete control of it. An unknown cracker recently used this weakness to compromise several of the Debian Project's servers, which led to the discovery of the new vulnerability.

"This discovery has broad implications for the Linux community. Because the flaw is in the Linux kernel itself, the problem affects virtually every distribution of the operating system and several vendors have confirmed that their products are vulnerable. The vulnerability is in all releases of the kernel from Version 2.4.0 through 2.5.69, but has been fixed in Releases 2.4.23-pre7 and 2.6.0-test6..."

In Linux-speak, that one rated a single yawn. The media doesn't have the technical expertise to know when something is really a problem or when someone is just jerking their chain. Sure a couple of servers were compromised. The Blaster and Welchia worm caused us more work than this one. But they also got some computer security forensic people to look at it, and discovered there was a problem.

' 'Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space'. This issue has been fixed in 2.4.23. Thus, the Linux kernel compromise was not Debian specific." '

What all that stuff means is that someone had to have network access to the machine before that exploit could work. If you have good security to begin with, then no sweat.

I was more worried about these recent announcements:

"Even though Microsoft's recently announce they would not be issuing any new patches for the month of December, the boys at Redmond were scrambling today to figure out why some systems are being patched. The reason? They haven't got a clue."

"For the fourth year in a row, most federal agencies have received low grades for failing to protect their computer networks from hackers and other cyberterrorists, according to a computer security report card issued today by the House Government Reform Subcommittee on Technology." Other readers point out coverage of the report at ZDnet, Reuters (via Forbes), The Washington Post, and ComputerWorld." As mr. don't points out, the agencies receiving an actual failing grade are "the U.S. Department of Justice, as well as the departments of Energy, Health and Human Services, Interior, Agriculture, Housing and Urban Development, and State."

"AOL has laid off 450 in California. The former Netscape campus is going from 675 employees to 300. The San Francisco office, which they obtained when they acquired Spinner (now Radio@AOL), and which housed Nullsoft after their acquisition by AOL, is being closed along with an office in San Diego. 100 employees have been offered jobs in Virginia or New York."

"Via Fox News: Bradley A. Buckles, the director of the Bureau of Alcohol, Tobacco, and Firearms, is moving over to the RIAA to hunt down music pirates. And visions of David Koresh danced in their heads..." Oh no, not another Waco.

"The DIY Cruise Missile project from New Zealand has been previously covered, but the BBC now reports that Bruce Simpson has been forced to shutdown by his government. His project web site says 'The New Zealand government has moved aggressively to shut down this project -- and by using quite unscrupulous methods which appear to be in breach of the law.'"

"At just after 5 o'clock EST (Mon Dec 8th), the House concurred to the Senate's amendments to the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (or "CAN-SPAM"). Although the bill will prohibit certain tactics (such as hiding return addresses), critics state that the bill does not go far enough. The bill will provide criminal penalties for violations of its provisions (up to five years behind bars), but will not allow private parties to sue spammers. News reports indicate (SF Gate or Forbes) that Bush intends to sign the bill."

And that was since this weekend.


-------------------------


Send me e-mail

Edited: Wed December 10, 2003 at 10:06 PM by k5guy

TRB on Wed December 10, 2003 10:12 PM User is offlineView users profile

I keep forgetting that media thing!!!!

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com

TRB on Thu December 11, 2003 9:50 AM User is offlineView users profile

Just antoher Linux issue I have to dael with today. Sure wish these guys would use a MS product.

From our hosting provider:

Tim,

I have spoken with our webalizer admin and your webalizer site should be functioning correctly. I have logged in and the stats are current. Webalizer updates itself once a night so your log files are showing up to yesterday. Tomorrow morning when webalizer updates itself you will see the stats for today. The only thing currently not working is the Update Now button. This has been temporarily disabled because it is causing trouble on the server. Our linux admins are working on getting this restored. Once it is restored we will let you know.

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com

NickD on Thu December 11, 2003 10:57 AM User is offline

Gosh, what year did the internet become popular anyway? I can recall paying a fortune for a 300 bbs modem in the early 90's just to get access to a local bulletin board service, was no internet here at that time. I recall having fits with Win3.1 and Winsock and was the first kid on the block to get Win95, so I must have been on the net in around 1993 or 1994, just asked my net nut son, he can't pinpoint the date either. LOL, I do recall having so many problems with Win95, I went back to Winsock, but put 95 back on my box in around 97 when MS finally solved most of the bugs.

I also recall somewhere around that time, my one and only computer got infected with bugs, man that was a mess to retrieve all of my important data and much of it was lost forever. Since then, I pulled the plug on that computer and got another one just for being exposed to the net. Don't' worry about this one I am using now, nothing important on it, my interface with my main computer is a zip drive after doing the latest virus check on any files I transfer over. Never had problems with my main computer since, and it doesn't have any protection on it whatsoever, it simply is not plugged into the net or any LAN.

Guess I am trying to say, that the internet is very young, but it almost seems unreasonable that all these virus's, worms, Trojan Horse's, etc., and all this other crap pops up faster than a guy can keep up with. There has to be more than just some high school kid fooling around as it will take an incredible effort to find all of those weaknesses.

It seems insane that someone would go through all that effort to screw up someone else's box, nothing really is gained, would be far more profitable to hold some some old lady and swipe her food stamps.

I recall seeing a commercial on TV in the 60's that one out of ten people have a mental disease and said, wow, do I know anyone that is nut's? Couldn't think of anyone back then, but then by learning the signs, I feel now that about 6 out of 10 people I meet are nuts.

I just loaded Win98SE on an old 133 MHz notebook without any protection software on it, who cares, gosh that machine boots fast and beats a 1.2GHz box with all that protection crap on it for downloading on the net. Seems like more effort is put into Y2K and protection problems than developing good software. The price we all have to pay for living with nuts.

TRB on Thu December 11, 2003 1:02 PM User is offlineView users profile

I'm in real trouble now as I just found out our new storefront in on a Linux server.

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com

NickD on Thu December 11, 2003 2:40 PM User is offline

One thing about the net I am appreciating is that all my kids, and some brothers and sisters are on Road Runner. They just started a strong anti-SPAM program where my e-mails were all bounced back as SPAM. I had to get approval from them that took 24 hours, but my family tells me that their SPAM has dropped down to nothing.

That's the good news, the bad news is that I am sure the SPAMMERS will find a means to work around that. Even though I am on a different server, I noticed my SPAM has been cut down significantly since Road Runner made that move.

TRB on Thu December 11, 2003 5:53 PM User is offlineView users profile

SPAM is annoying but I personally think the best approach is hitting the delete key. Setting up rules is easy enough with Outlook but its just a waste of time to be concerned with it. What pissed me off more was when an employee opened the bogus MS patch which allowed a user in Mexico to spam through our email server, ran porn spam 24/7 for about a week. So now all email from Mexico has been blocked and employee will never open that file again or any other!!!!

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com


Edited: Thu December 11, 2003 at 5:54 PM by TRB

k5guy on Thu December 11, 2003 9:20 PM User is offline

Quote
Originally posted by: TRB
SPAM is annoying but I personally think the best approach is hitting the delete key.

Nah, let's just throw all the spammers in jail. Maybe the other inmates can make use of the p*nis enlargement kits!

" DULLES, Va. (Reuters) - Virginia authorities said on Thursday they had arrested and charged a North Carolina man for sending "spam" e-mail in the first use of a new state law that could bring penalties of up to 20 years in prison."

" Virginia Attorney General Jerry Kilgore said Jeremy Jaynes had been arrested earlier Thursday in Raleigh, N.C., on four counts of using fraudulent means to transmit spam.

Kilgore told a news conference that officials were in negotiations for the surrender of a second man, Richard Rutowski, on the same charges.

Jaynes was charged with violating limits on the number of messages a marketer can send and falsifying routing information, both illegal under the Virginia law that carries penalties of 1-5 years in prison on each count.

Although based in North Carolina, Virginia is asserting jurisdiction over Jaynes because he sent messages through computers located in the state.

Roughly 50 percent of the world's Internet traffic passes through Virginia, home to big Internet companies like Time Warner Inc.'s (NYSE:TWX - news) American Online unit and MCI (Other OTC:WCOEQ - news).

Spam has grown from a minor annoyance to a major threat to the stability of the Internet, experts say, and now makes up more than half of all e-mail traffic, according to several surveys.

"These criminals are harming businesses in Virginia, and that concerns us," Kilgore told the news conference at AOL headquarters in Dulles, Va. "

http://story.news.yahoo.com/news?tmpl=story&cid=578&ncid=578&e=4&u=/nm/20031211/ts_nm/tech_spam_virginia_dc


-------------------------


Send me e-mail

TRB on Thu December 11, 2003 9:38 PM User is offlineView users profile

I agree something should be done to stop it all together. My comment was more to the point of setting up filters and such to stop Spam. While some work spammers still find a way to get through.

What I find funny is all these spammers sending spam on how to stop spam!!!

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com

k5guy on Thu December 11, 2003 11:08 PM User is offline

Actually spam has become the wild wild west of outlaws. The cops get bigger guns and the bad guys get better bulletproof vests. We know that filters only work as well as the people programming them, to a point. Spammer are using adaptive spam to get past the filters. That's the spam that the random characters in the mail. That blows past filters that check to see if the same mail is directed at lots of people. Since it's not, it gets by.

The newer type of spam control is called bayeasian filters. It looks at words that you identify as being likely to be spam. Words like mortgage, penis, viagra, sex would likely trigger it. Seeing these several times raises the score. Bayeasian filters give the spam a score, as a percentile, as the likelihood of being spam. These also need to be customized, as the word mortgage would be used in the course of business for a bank, but not a AC shop. The spammers bypass this test by misspelling the words like mortagage, peanis, eviagra, and havesex. You can still read it, but it fools the computers.

While I don't think spammers in jail will fix the problem, it's a good first step.



-------------------------


Send me e-mail

Karl Hofmann on Fri December 12, 2003 5:21 AM User is offlineView users profile

Perhaps I don't understand the purpose of spam (Other dipping it in batter and deep frying it) but surly spam is advertising somthing that these guys want to sell. Perhaps if the people who advertise their products via spam rather than the spammers themselves were prosecuted this would help. Obviously this would not work in all cases as I do feel that some spam is sent purly for irritation, but it would help.

Linux? What did you expect when you bought a product with Penguins on?

-------------------------
Never knock on deaths door... Ring the doorbell and run away, death really hates that!

NickD on Fri December 12, 2003 8:03 AM User is offline

Would you buy anything from anybody that gives you a false address and phone number? My major SPAM now is a worthless filter for cheating the cable company, a 100 buck magnet that is suppose to increase my fuel economy by 27%, software that is suppose to get rid of SPAM, teenage girls that promise to appear naked on a webcam, lonely married housewives that want to cheat on their husbands, (I hate these more than any other ones, these bitches should go to work so their husbands can stay home and cheat on them), then those countless 100% worthless pills that promise to make certain male organs ten times their original size, and on-line prescription medications that no one in their right mind would touch with a ten foot pole.

Recently been getting SPAMS on investments, most of these won't bounce back because of phoney e-mail addresses, earning $50,000 per week using your computer part time SPAMS seem to be on the decline. The few SPAMS that I received that looked interesting have phoney links, don't even brother looking at those anymore and I can read them without notifying the spammer that I peeked.

I don't believe K5's report that 50% of all e-mails are SPAM, from my own experience and talking to others, it's more like 90%.

What really tees me off is that my server knows an e-mail has a phone e-mail or an IP address, it won't let me bounce that crap back, so why don't they block it from ever even entering my server in-box. I feel that the servers themselves are dishing out e-mail addresses or somehow the hackers are breaking into their e-mail data base due to poor security measures. The servers themselves have to take action, and I applaud those that do.

Bigchris on Fri December 12, 2003 6:24 PM User is offline

I'l tell you what's even more annoying. I recently changed ISPs so I have a new email ID. I hardly get any spam now but instead I keep getting mail subsystem bouncebacks of spam that went out under my email address. So someone's sending who knows how many pieces of crap all over the country with my email ID on them and the only ones I know about are those that are undeliverable.

k5guy on Fri December 12, 2003 11:14 PM User is offline

Quote
Originally posted by: NickD
Would you buy anything from anybody that gives you a false address and phone number?

Someone is. Otherwise the spammers wouldn't do it. Maybe we should outlaw buying things from spammers! I've heard that they get one sale in a thousand e-mails, or something like that. You make it in the spam business by volume, baby, volume.

Quote
I feel that the servers themselves are dishing out e-mail addresses or somehow the hackers are breaking into their e-mail data base due to poor security measures. The servers themselves have to take action, and I applaud those that do.

Actually the spammers are behind the latest batch of computer viruses. There are some variants that allow spammers to hijack your computer and send spam from it. The other way is to hijack a wireless connection and send from there. Either way, it's not traceable back to them.

-------------------------


Send me e-mail

NickD on Sat December 13, 2003 8:25 AM User is offline

I should have said, you couldn't buy anything from most of this SPAM stuff if you even wanted to with phoney e-mail addresses, forged IP addresses, and web links that don't even exist. So some jerks are just flooding the net with garbage. I have heard about using your computer as a relay station for resending this junk, so it's more like a worm or a virus. I ran some kind of program my son sent to me that is suppose to check if your computer is acting as a relay station, it didn't find anything on my box.

Whoever is originating all this phoney SPAM is bored.

k5guy on Sun December 14, 2003 1:20 PM User is offline

Nah, they're not bored. Another news site that I read has done interviews with former spammers. This is about cold, hard cash. Mortgage companies and pharmecutical companies pay a few cents per sale/lead. Not much, But, if you can do 100,000 leads/sales, then you are really doing something. And all it takes is a couple of computers, running 24x7, spewing spam to millions of people a day. You could do it too. But then we would have to hunt you down and make you pay for your misdeeds.



-------------------------


Send me e-mail

NickD on Sun December 14, 2003 1:48 PM User is offline

I don't get it K5, most of the SPAM I get now has a no good e-mail address, and if links are provided, they are also phoney, so who is trying to sell me what? Where do I send my money?

The honest advertisers let me cancel any e-mail notices.

k5guy on Sun December 14, 2003 3:00 PM User is offline

Quote
Originally posted by: NickD
I don't get it K5, most of the SPAM I get now has a no good e-mail address, and if links are provided, they are also phoney, so who is trying to sell me what? Where do I send my money?

That's because people like me can hunt them down and shut down the email addresses before you can react. It's more cat and mouse games. This is a real email header from spam-

Return-Path: [EDWIN2@yahoo.com]
Received: from mx2.mail.yahoo.com ([200.90.92.252]) by fed1mtai01.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id ; Sat, 13 Dec 2003 09:52:48 -0500
Message-ID:

My mail comes through cox.net. This guy wants us to believe that he is on yahoo.com. Not so. The address above, 200.90.92.252, comes from Latin America or the Caribbean. I managed to trace it to a dial-up line on cantv.net. So some schmuck with a pina colada on a beach is puking spam to my address. Let's see what else we find. In the mail, there is a good website.

http://cardr94cs.com/mariaIan/index.htm

And a trace on that address comes up with cn.net, aka China. A view of the web page with a text browser (do not use IE or Netscape!) tells us that these people are peddling credit cards. So, some American bank is to blame for all this.

Since the caribbean and China are out of the reach of local law enforcement, there isn't much we can do without the assistance of the police in those countries. I'd also bet that these spammers are paying the cops for protection. Too bad.




-------------------------


Send me e-mail

TRB on Sun December 14, 2003 3:20 PM User is offlineView users profile

This is why I have concerns about the Internet Spamming Bill. Same as the Kyoto Protocol, what's the point if the US or just a few counties follow the rules? I personally think China, India or even Russia will hardly crack down on Spam being generated from their countries. I had problems from a Mexican Porn outfit spamming through our mail server. We can't or won't even stop the illegals running across our border let alone worry about what's going on through the phone lines. Hey let's give them social security payments for breaking the law, that sounds like a good approach to me.

-------------------------

When considering your next auto A/C purchase, please consider the site that supports you: ACkits.com
Contact: ACKits.com

k5guy on Sun December 14, 2003 4:16 PM User is offline

This spam is getting more interesting the more I look at it. I found www.cantv.net to be Spanish. Since I am fluent in Spanish, no sweat. I traced it to Venezuela. I also did some research on cn.net. More digging found:

Registrant:
CANTV Servicios
Av. Francisco de Miranda, Centro Lido
Torre A, Piso 4, Oficina. 41-A
Caracas, Miranda 1060
VE

Domain name: CANTV.NET

Administrative Contact:
Domain Registration, CANTV Servicios csdomreg@cantv.net
Av. Francisco de Miranda, Centro Lido
Torre A, Piso 4, Oficina. 41-A
Caracas, Miranda 1060
VE
582-9013850 Fax: 582-9013763

Technical Contact:
Domain Registration, CANTV Servicios csdomreg@cantv.net
Av. Francisco de Miranda, Centro Lido
Torre A, Piso 4, Oficina. 41-A
Caracas, Miranda 1060
VE
582-9013850 Fax: 582-9013763



Registration Service Provider:
CANTV.NET, csdomreg@cantv.net
58-212-9013650
58-212-9013738 (fax)
http://www.cantv.net
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.

cn.net;

Administrative Contact:
DATA COMMUNICATION B
DATA COMMUNICATION BUREAU

Beijing Beijing
China
tel:
fax:
INREG@CHINADNS.COM

Technical Contact:
liu xueling
beijing guozhengtong wangluo keji youxian gongsi
beijing zhongguancun nan da jie 27hao zhongyangdasha 3ceng
beijing Beijing 100088
China
tel: 86 10 62381083 1642
fax: 86 10 62391025
uplot.liuxl@uplot.com

Billing Contact:
liu xueling
beijing guozhengtong wangluo keji youxian gongsi
beijing zhongguancun nan da jie 27hao zhongyangdasha 3ceng
beijing Beijing 100088
China
tel: 86 10 62381083 1642
fax: 86 10 62391025
uplot.liuxl@uplot.com

Registration Date: 1995-01-26
Update Date: 2003-12-09
Expiration Date: 2006-01-27

Now, we just need someone to kick butt.


-------------------------


Send me e-mail

Back to Off Topic Chat

We've updated our forums!
Click here to visit the new forum

Archive Home

Copyright © 2016 Arizona Mobile Air Inc.