1  ...  24  25  26  27  28  29  ...  35  |   Order by default

Mar 10, 2004, 3:31pm

[View Quote] > TIPS FOR YOUR PROTECTION
>
<snip>

Very good setup. I would add that if you can manage it, use some kind of firewall like ZoneAlarm Free <http://www.zonelabs.com/store/content/home.jsp> or Kerio's Personal Tiny firewall <http://www.kerio.com/us/kpf_download.html>.
There are several available on the net free (and they are really free versions!!).

As for emails - if you have some complains - save the headers with it so the people who handles it can decipher what's going on (at least for some level).
E.g. - several people get the virus maskarading my server (please not that it is a mail sent to me):

From - Mon Mar 01 21:40:16 2004
Return-path: <3fbbcd05 at news.andras.net> // again a faked return path - the virus software can insert this header
Received: from andras.net (pcp01466071pcs.lpaxtn01.pa.comcast.net [68.82.250.15]) - this is a very important header. It claims the message came from "andras.net" but in the brackets you can clearly see it came from an absolutely different machine (from comcast - which is in the US, not in Hungary)
by andras.net (andras.net [194.152.129.221]) // this is the receiving mail server, your one will be different
(MDaemon.PRO.v6.8.5.R) // those are mail server specific headers YMMV
with ESMTP id 21-md50000000038.tmp
for <andrass9 at andras.net>; Mon, 01 Mar 2004 21:19:47 +0100
From: 3fbbcd05 at news.andras.net // the From header is easy to forge - just insert into your mail client a different email address for the sender
To: andras at andras.net // this is supposed to be your address
Subject: Re: Word file // some random subject line

Remember: Never open any attachment you are not expecting to receive from a reputable source!!!
The latest viruses are spread by people opening blindly the attachments - the are not using any program flaws - just flaws in human nature (curiosity factor?) .

FU set to community
--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 11, 2004, 9:20pm

[View Quote] > There have been a lot people in the AW community that although they disagree
> with me, they will help me any time I need it. I am very appreciative of
> them! It is a very good quality to have!
>
> Looking back on difficult days I've had in AW, I hope I have never refused
> to help someone when they asked me for help, even if I didn't like them. I
> am realizing this is very important for me to do as a human being that likes
> to help those in need. I apologize to anyone if I have refused them help
> and am going to work on improving enduring the circumstances around me so
> that I can be of help to those who need it, just as people try to do with
> me.
>
> : )
>
>

Good point! This is what forms the community!

--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 15, 2004, 7:06pm

[View Quote] > To give you all an impression how long it takes to decrypt a file or
> find a password, I give you some numbers.
>
> I post this since some people seem to think that the so-called "password
> crackers" are some higher beings with abilties not from this world -
> which they are not, it actually takes less of a brain that a script
> kiddy would need...
>
> This only applies to retrieving a password form a zip file when you have
> the file, it does NOT apply to obtaining a password in the course of
> transmission (eg. by listening to the server-client data exchange).
>
> What I needed:
>
> a) the zipped file - password protected
> b) the zipped file - without password
>

<snip excellent explanation>
MultiZip can rezip password protected files with new password AND it can change the content, so even if the perpetrator thinks he/she has one source file, the cracking will still fail.
Of course you don't want to password protect those files which Multizip can't change the content (like seqs, sounds) and never password the avatars.dat as XelaG advised correctly some posts ago.

--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 14, 2004, 2:19pm

[View Quote]
> I received the above e-mail this morning (I assume its coming from the same
> place as netsky), containing W32/Bagle.n at MM. Watch out for these
> yourselves.... luckily I a) Own the domain, so I know its fake and B) don't
> open executable extension files, lol!
>
> ~John
>
>

Removal tool for those who are infected (I know at least one AW user who is) :

<http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle at mm.removal.tool.html>

--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 14, 2004, 7:07pm

[View Quote] > yes, I got the same thing too but mine says from yahoo. I guess cus my email
> addy is from yahoo. Turns out it also was the "beagle" virus. Thank goodness
> I didn't just assume it was from yahoo and double checked it right away. But
> it DID look like a legit message at first. Am pasting it here to show
> everyone, but please note that I am altering yahoo's link so nobody can
> accidentally click on it. Be careful out there folks:
>
>

Could you please post the source of the message? I wonder what is the originating IP.

Thanks,
--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 15, 2004, 12:22am

[View Quote] > X-McAfeeVS-TimeoutProtection: 0
> Received: from VAIO.net [24.186.156.179] by web20
> (SMTPD32-7.07) id A8A03A600F6; Sun, 14 Mar 2004 05:49:04 -0500
> Date: Sun, 14 Mar 2004 05:47:08 -0500
> To: <<my email addy was here>
> Subject: Email account utilization warning.
> From: noreply at 3d-reality.com
> Message-ID: <oinrwluffajuujjkrbi at 3d-reality.com>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="--------vsbjfstxyuiatyinenis"
> X-RCPT-TO: <and here! :p>
> Status: U
> X-UIDL: 342503269
>

Thanks - I know this person and I warned him about his machine infected!

--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 15, 2004, 12:25am

[View Quote] > Just got another stupid email from with an attachment..may not want to
> download it. The script kiddy probably attached a virus, and even if its not
> a virus, its disrespectful to the avatars creator to download the avatar
> mentioned:
>
> Tsk Tsk Tsk. You all had to brag in the Newsgroups about the PHP Scripts and
> pretty muched beg us to show you that even PHP Scripts are not helpful. And
> to prove that...we ripped Lady Mur's new $50 Leprachaun Avatar even though
> its supposed to be protected by CodeWarrior's "1337" PHP Script. Sorry AW,
> You Lose!
>
> So Consider The Avatar Included In The Attachment An Early St. Patrick's Day
> Gift From Your Favorite Eastern Europe Hacker, Chris Stevens.
>
> ~The Death Squad~
>
>
>

Folks! All those emails are useless for any forensic action without the full header!
Post them please (use the "View Message Source" option of you mail client).

Thanks,
--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 16, 2004, 12:05pm

Hi all,

We feel that the current state of the Guardbot is stable enough to make it public, so here it comes:
http://www.andras.net/guardbot.html

Please report errors only by email or in news://news.andras.net/aw.utilities

Enjoy,
--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 18, 2004, 6:29pm

[View Quote] 1, This ng is not allow you to post any religion/race/etc matters - that can be offensive to the different religion people.
2, As for the Internet RFC stands today - the signature can't be longer than 4 lines - you violated that rule.

--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 26, 2004, 2:53am

I'm pleased to announce that Storage will hold its 7th Annual Easter EggHunt starting at April 10th 12:01AM VRT (April 9th 9PM EST) for 36 hours.
The MultiWorld Christmas hunt was a success, so I decided to make the Easter Egghunt a multiworld events again.
So far I have 4 worlds signed up but I'm still accepting worlds to join to our community event.
World owners please contact me if you want your world joining the hunt.
We have some great prizes but we need some more, so if you wish to donate some prize the winners will be more happy!
This year I'll limit the "Golden Eggs" score point to 20 and probably will limit the total scores can be earn in each world based on its size so all world will have equal opportunities to draw the hunters' attention. There will be some limitation on the "Rotten Egg" scores (negative points) but it is not decided yet.

The hunt is controlled by my HuntBot so I will need bot rights in those worlds who attend the hunt and the list of the egg object names as they appear in the world. It is preferable if the world owners finished hiding their eggs at least an hour before the hunt start, so the bot would have enough time to query the worlds.
To reduce the possibility of cheating I advise the world owners to turn off object selection and of course building (though the bot will ignore any new objects made after the start of the hunt). To add a score different than 1 to an egg is done by inserting a "score=xx" command somewhere in the object's Action line.
World owners - be prepared to run your world on a reliable host because the hunt is an unusually heavy load on your server!
If you have a world where you want to randomly place the eggs and you don't have the time and resources to do it manually, I can help you out with the DEM2Rwx program to place them.

Let hunt together again,
--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 1, 2004, 2:52pm

[View Quote] > I'm pleased to announce that Storage will hold its 7th Annual Easter
> EggHunt starting at April 10th 12:01AM VRT (April 9th 9PM EST) for 36
> hours.

Reminder:
There are only a few days left for worlds to signing up for the hunt (and to hide the eggs!)

We are still open to receive donations for prizes :)

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 1, 2004, 7:35pm

[View Quote] > Just a note for everyone.
> If anyone ever gets and email from mpbarrow at yahoo.com it is a fake and
> you should report it to AWI with all the header info so they can track who
> it came from. I have my Outlook Express set to use that yahoo email
> address in my news post so that any spam anyone may decide to send me will
> be sent to my yahoo account and not my real ISP accounts.
> I NEVER use my yahoo email account to send email from except for one Hammond
> Organ news group that I subscribe to.
>
> Paul
>
>

Sorry Paul,
Nobody should report any virus/worm/trojans to AWI.
AWI has nothing to do with silly users who opens unknown attachments or not securing their computer properly.
Just because your email address appears in an email, it doesn't mean it is you who sent it.
The latest virii do collect email addresses from the local computer and using it not only as a sender but sometimes as a domain too.

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 7:24am

[View Quote] > It has nothing to do with viruses Andras. Shankahtus got a flame email that
> said it was from my yahoo email and it was faked from someone who uses the
> AW newsgroups (since this is the only place my yahoo email would show up
> when I do a NG post/reply) and who is in Spain as the headers indicated.
> So it is someone here faking emails again and thus should be reported to
> AWI.
>
> Paul
>
>

I stand corrected assuming you were talking about virus or worms.
I still claim that AWI has nothing to do with hate/flame emails - they are personal communications between two person. Even if your address comes from this NG, AWI has no jurisdiction to intervene.
The only place you should complain is the ISP you received the email from (or to the authorities if it is a threat).

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 8:21pm

[View Quote] > AWI does have jurisdiction if someone here in the news groups is faking
> emails using other posters email addresses in the Return header to send fake
> emails. After all, they are stealing the email addresses from this news
> group which belongs to AWI and I think falls into the category as M A T T
> stealing passwords and models.
>
> Paul
>

I strongly disagree - the newsgroups are readable by anyone so the address can be harvested by anyone without the knowledge of AWI.
--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 2, 2004, 10:48am

[View Quote] > I don't know about you, but I get REALLY annoyed when I suddenly switch
> from 2 hours ahead of VRT to a whole THREE hours ahead of VRT!
>

But who's daylight savings? Its start is different in Europe than in the US.

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 5:50pm

[View Quote] [View Quote] Next time do your math better:)
10 degrees (american - or one would say Fahrenheit???) is -12.222 C, so the jump is 25 C!!!

10 degrees is COOOOOLD while 13C is nice and reasonable this time of the year :)
--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 6:40pm

[View Quote] > I was using Celsius as the point of reference btw, not Farenheit (which
> is why I Didn't understand your first one). Your second statement helps
> prove my point. A 3 degree change to go from COOOOOLD to nice and
> reasonable doesn't help much with air temperature. There should be a
> larger gradient. As for boiling and freezing points of water.. as I
> said, it's all good for that.
>

I know you are a know nitpicker :) your sentence claimed: "between 10 degrees and 13 degrees Celsius?"
Plain degrees are used to denominate Fahrenheit in the US while if you attach Celsius at the end it is different. Next time you should mention "10 degrees Celsius and 13 degrees Celsius" - to make the topic clear :)

I feel a system which sets the freezing point to 0 and the boiling point to 100 is a reasonable one! No confusion about subtracting 32 and dividing by 1.8 to get a decimal system going on :))


--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 5:52pm

[View Quote] > Unfortunately archive did not get all graphics! One HenrikG's pages we need:
>
> ex5a.gif (from Part 2 pg)
> ex10a_ill.gif (from Part 4 pg)
>
> Also a couple graphics won't load for me on Grover's site, nor can I seem to
> save either RWX tutorial page. The missing graphics are:
>
> Image1.gif (from Part 1 pg)
> rwxmod2.gif (on the Transforms pg)
>
> I can't d/l either of those pages ... IE just freezes up!?
>
> LNH


I tried to save those pages too and came to the same conclusion.
I maybe spend more time tomorrow to actually duplicate the pages :) - the website tries to defer that action as much as they can do!


--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 7:16am

Several bug fixed, enhanced terrain management added:

V2.1.2.49
- Fixed bug when doing survey and accidentally closed the target file resulting an empty propfile.
- Added a "Save InReadableForm" checkbox which modifies the propdump format to a human readable version like:

Owner=307626 1801.45S 2659.41E 0.00a -90.0 model=walk009h.rwx desc=Druid Way

V2.1.1.48
- Added terrain texture changing feature (further terrain manipulation will follow sometimes).


Enjoy
--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 6:41pm

[View Quote] > oh yeah i got it twice too!
[View Quote] I feel neglected :(((( I never got those mails :(

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 5, 2004, 10:11pm

garnet irta a levelében:

> ok.. I have a weird question that has nothing to do with this thead other
> than the fact that I just noticed something about my post... if you look at
[View Quote] Weizer's computer speaks french - my one speaks hungarian (just for the show :)
In layman terms - each newsreader's messages are contry specific (some of them customizable too). Weizer uses a french version of his newsreader, so all locally generated/inserted messages are in french.

HTH,

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 3, 2004, 6:43pm

[View Quote] > On surviving your recent demise :o)
>
>

One will live forever if the rumours claims they are dead!!!

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 5, 2004, 8:17am

[View Quote] > Hi,
>
>
> someone seems to send out suspicious files at the moment.
>
> I just received a zipped RWX model - nothing bad about it.
>
> But then I received some password protected zipped EXE
> files and a GIF (with JPeg extension) with the password
> information.
>
> Be careful with this stuff, even if the sender seems to
> be familiar!
>
>
> Volker
>
We have now a new infected computer in Bullhead, Arizona (the computer name is probably toddspent4):
From - Mon Apr 05 06:39:31 2004
X-UIDL: MD50000023686:MSG:34099:1373612421
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-path: <alphabit at swbell.net>
Received: from toddspent4.com ([24.121.43.224])
by andras.net (andras.net [194.152.129.221])
(MDaemon.PRO.v6.8.5.R)
with ESMTP id 51-md50000000012.tmp
for <andrass9 at andras.net>; Mon, 05 Apr 2004 06:45:10 +0200
Date: Sun, 04 Apr 2004 21:37:42 -0700
To: andras at andras.net
Subject: Incoming message
From: alphabit at swbell.net

Since the address is fairly static (Cable) please do a search in your world log files, maybe it turns up who is it.


--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 5, 2004, 5:38pm

[View Quote] > Sweet at the enhancements to the Survey manager.. awesome work! ^,,^
> I've just recently discovered the usefulness of the survey manager, I don't
> really know how I went on without it.. :D Keep up the great work, Xela.

I told you Xelagot is better than my little toys :)

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 6, 2004, 1:37pm

[View Quote] > AW is the largest you can get p32750 or 655,000m2
>
>

In my books it is
32767 * 2 coords in both direction (p32767) which is 429,470,515,600 m2 or 430000 km2 or 168000 miles2 = the size about Californa.

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 8, 2004, 7:08am

[View Quote] [View Quote] Mark left the "r" letter out :)
His intent was to type "after her own".

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 8, 2004, 8:13pm

I'm getting bombarded with the Netsky and with the Beagle worm from this person's computer (so does Ananas and Bowen).
Please disinfect the machine!


--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 9, 2004, 3:27am

[View Quote] [View Quote] I wish I know whos machine is! Then I could notify the person in email and I shouldn't have to put up this public note :(
The other one I managed to identify and he cleaned his machine.

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 10, 2004, 9:09am

[View Quote] > The "helo=" tag is faked too btw., I already got some with
> "helo=oct31.de", "helo=ananas" and "helo=tnlc.com" so the
> "helo=Dude" might not be the real network name either.
>
>
>

It can be faked, you are right, except the early versions did not fake it and the first couple of hundred came from the "Dude" machne. (.org, .net, .com)
tnlc.com means the person was subscribed to some of the newsgroups - most likely to my ones because I got emails to the "storage.co.hu" domain which appeared only in my ngs.

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 13, 2004, 5:45pm

[View Quote] > Bah at you NG types, stop bitching over something so petty =P
>
>


They would stop to b... if you stop to whine :)
I never know such a person who knows nothing else but whining and whining . (Maybe I'm wrong - Eep comes to my mind :)
Did you ever consider to post something positive??? <I doubt>
I'm considered a low tempered man but I reached the level I couldn't take your "demands" any longer:(

--
Andras
"It's MY computer" (tm Steve Gibson)

1  ...  24  25  26  27  28  29  ...  35  |   Order by default