posted on August 15, 2003 08:24:56 PM new
Rec'd this from my ISP. Thought I'd pass it along. Seems there is to be a second attack.
Dear Adelphia High-Speed Internet Customer,
There are two current issues that are affecting many of you today and Adelphia would like to bring them to your attention. We encourage you to take action to protect your computer.
1. MSBlast.exe Virus Information:
As you may have heard, a significant virus known as MSBlast.exe (also known as the LovSan Web Worm) spread across the Internet over the past week. Unfortunately, many of you were affected. Those of you who have not taken action to protect your computer from this virus are still open to attack.
According to some reports, the MSBlast.exe virus may resume its attack on Saturday August 16th, 2003. The virus is programmed to launch a distributed denial-of-service attack on windowsupdate.com. This may severely impact access to the Microsoft website used to distribute security fixes against viruses. Each computer that begins to run the worm on or after 8/16/2003 (either from new infection or after a computer restart) will engage an attack on windowsupdate.com. Customers who have already downloaded the update from Microsoft should not be affected because this is the same worm attack from August 12th - the worm is just time released in this case.
If you have not downloaded the update from Microsoft, you will not be able to go to windowsupdate.com if the worm resumes its attack on 8/16/2003. To stop the virus from infecting your computer, we recommend that you take immediate action to update the security patch located at:
Customers who run firewalls are encouraged to block access to TCP port 69, 135, 4444 at the firewall level.
Finally, you can go to www.adelphiapowerpage.com for links to the removal tools and security updates. Customers using Windows 2000 or Windows XP are strongly encouraged to do so no later than 12:00PM EDT August 15th, 2003.
2. NETGEAR 4-port Home Networking Router Information:
Product Information: Model RP614 4-Port Cable/DSL Router with 10/100 Mbps Switch
An issue has been identified with NETGEAR routers and integrated cable modem/routers. The NETGEAR equipment generates IP broadcasts to other Internet users, which causes a degraded Internet experience.
The NETGEAR web site offers a solution for customers that have this product:
http://www.netgear.com/support/support_details.asp?dnldID=377#
Please Note:
Adelphia is providing this information to help you protect yourself from the MSBlast.exe virus and to prevent any NETGEAR equipment you may own from impacting other Internet users. Adelphia is not responsible for any damage to your computer from any source used to protect against this virus.
Thank you,
Adelphia Communications
Cheryl
Power to the people. Power to the people, right on. - John Lennon
• Turn on the firewall software included in Microsoft XP. From the Start menu, click on the "Connect To" menu, then select "Show all connections." Select the first icon you see there, right-click it and select "Properties." Click the "Advanced" tab, the last one on the right, and check the box next to "Internet Connection Firewall." Repeat this step for each icon in that connections window.
posted on August 15, 2003 09:01:44 PM newHow to Protect Your Computer From 'Blaster,' Step by Step
A computer running the Microsoft Windows XP, Windows 2000 or Windows NT 4.0 operating system that is infected with the "Blaster" worm will either slow significantly as the worm searches for other vulnerable systems or display a pop-up warning that it will restart in 60 seconds.
After it restarts, the restart warning and reboot are likely to repeat, the result of the worm attacking a program that the computer's operating-system needs.
To fix the problem on a computer running Windows XP, experts at Atlanta-based Internet Security Systems Inc. say:
• Stop the reboot loop by pressing the Ctrl, Alt and Delete keys simultaneously. Then search for a file in the pop-up "applications" list that will appear called "msblast.exe." Click on the "msblast.exe" file name and then click on "End Task" to stop the worm from running.
• Use the computer's search program to find the culprit file -- msblast.exe -- on the hard drive. To do that, click the "Start" button on the lower left corner of your screen, then "Search." That will bring up a search box.
• Choose the option to search all files and folders. Once the search prompt opens, enter the search term "msblast.exe." Delete any matching files, then empty your recycle bin.
• Turn on the firewall software included in Microsoft XP. From the Start menu, click on the "Connect To" menu, then select "Show all connections." Select the first icon you see there, right-click it and select "Properties." Click the "Advanced" tab, the last one on the right, and check the box next to "Internet Connection Firewall." Repeat this step for each icon in that connections window.
• Download the Microsoft software fix to protect your computer against the Blaster worm from the Web site windowsupdate.microsoft.com.
• Unplug your Internet connection. Restart your computer. Once the computer is fully rebooted, reconnect it to the Internet.
• If you have not been keeping up to date with patches from Microsoft, go back to Windows Update and let Microsoft scan your computer for other critical updates. Download and install all of those listed.
• Make sure anti-virus software is installed, and update virus definitions.
posted on August 15, 2003 09:25:54 PM new
You could always decide you're fed up with Win-doze "security" once and for all and choose an operating system that isn't such a pain in the arse..
___________________________________
What luck for the leaders that men do not think. - Adolph Hitler
posted on August 15, 2003 10:18:43 PM new
Well, I'll be damned! Look what I found.
LOLOL CHECK OUT THE CONCLUSION
White House Pushing Cybersecurity Insurance
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, June 27, 2002; 1:35 PM
Companies in every sector of the U.S. economy may soon find it difficult
to operate without cybersecurity insurance, an evolving form of coverage
that the Bush administration hopes will be instrumental in steeling the
nation's information technology infrastructure against attack.
In closed-door meetings with insurance industry leaders last week, White
House officials laid the groundwork for a joint public-private sector
working group to identify obstacles that may be preventing insurers from
writing more cybersecurity policies.
"We've asked them to come up with ideas about things the government
could do that would make it easier for the insurance industry to provide
more coverage," said Richard Clarke, the White House cybersecurity
adviser. "We also asked them to look at ways in which the insurance
industry can work together with the government to increase corporate
awareness of the problem."
The White House strategy - set in motion under the Clinton
administration - holds that as malicious hacker attacks and computer
viruses become more destructive and costly, businesses will seek
insurance coverage for their commercial data and other computer-based
assets.
The administration's plan borrows a page from the evolution of fire
insurance at the turn of the 20th century, when insurers worked with
industry to reconcile competing electrical and fire safety standards.
Businesses that did not take certain fire precautions were largely
refused coverage.
The White House believes the same dynamic will evolve in the Internet
security arena: In an effort to minimize losses, insurers will confer
with leaders in the technology industry to set minimum standards for
network security practices and - by extension - products used to enforce
those standards.
Robert Hartwig, chief economist for the Insurance Information Institute
in New York, said that transformation is already underway. He estimates
that the market for cybersecurity insurance will reach $2.5 billion in
premiums by 2005.
"Businesses will soon purchase this in the same way they buy property
insurance," Hartwig said "They wouldn't think of not insuring the
buildings they're in, and soon they won't go without insuring the value
of their computer systems."
A Risky Business
Only a handful of insurers currently offer cybersecurty policies.
Coverage areas now include theft of data, denial-of-service and virus
attacks, Web site defacement and subsequent outages, credit card fraud
and cyber-extortion. A few policies even cover accusations of online
libel and slander.
Yet, as with other new types of coverage, the amount of coverage
available is limited. In addition, cyberinsurance premiums can be
prohibitively expensive for many companies, in part because insurers
don't have enough experience and information to assess the financial
risks associated with such policies.
And if insurers have trouble accurately assessing the loss from
intrusions, companies also are likely to have trouble determining
whether cybersecurity insurance is a smart investment, said Bill Budde,
managing director for global insurance at EDS Corp.
"Right now, it seems difficult from a buyer's perspective to understand
what they're purchasing," he said. "Ultimately, companies have to be
able to figure out if it's worth the coverage cost," or if it would be
simpler and cheaper to self-insure.
To further complicate the equation, damages that companies incur from
hacker attacks can be difficult to quantify, Budde said.
"Maybe a company loses customers because an attack brings its site down
for a few hours, but that's a loss that's sometimes hard to prove," he
said.
Businesses have been notoriously reluctant to report network
vulnerabilities and intrusions, leaving insurers with a dearth of data
to use in evaluating risk and offering coverage.
According to a report released by the FBI in April, 90 percent of
businesses and government agencies suffered some form of cyber attack
within the past year, yet only a third of those businesses reported the
incidents to law enforcement.
"If you're insuring automobiles, you can anticipate that there will be a
certain number of accidents out of a given number of drivers, so you
know what your loss exposure is," Clarke said. "With cyberinsurance,
there's not a lot of data that allows anyone to make that kind of
prediction."
The administration strongly supports an effort in Congress to exempt
from public disclosure certain information that companies share with the
government on computer vulnerabilities. Many companies have said they
would be unwilling to disclose such data without such protections.
Technology Is Half the Battle
All of the major carriers offering cybersecurity coverage use
independent security companies to probe a candidate's network defenses
before granting a policy. As insurers become more familiar with IT
security, the auditing process should begin to drive the development of
more secure software, said Elad Yoran, founder of Alexandria-based
Riptech Inc., a company that performs security testing for potential
cybersecurity insurance clients of American International Group (AIG).
"A company's ability to afford this insurance is going to hinge on the
types of security infrastructure they've implemented," Yoran said.
"Premiums will be significantly lower for organizations that implement a
vigorous defense posture and well-tested security products."
In the meantime, the Bush administration is asking some of the biggest
buyers of IT security goods to demand more from technology vendors.
"We've been getting together with customers, sector by sector, and
asking them why they continue to buy software that has these security
problems," Clarke said.
Bruce Schneier, founder of Counterpane Internet Security in Cupertino,
Calif., said such steps don't change the fact that improving security
remains a losing proposition for technology companies.
"What are the costs of improving security? It's expensive, users lose
functionality, and they get annoyed," Schneier said. "What are the costs
of ignoring security? Occasionally, you may get some bad press. So the
result is, you do what everyone else does, and nothing more."
Schneier said technology firms aren't likely to improve the security of
their products until they begin to face product liability lawsuits or
more stringent laws.
"Security follows the money, and if there isn't any financial incentive
for companies to be secure, they're not going to," he said. "Doing
anything else wouldn't make any business sense."
For now, the administration is determined to take a non-regulatory
approach to the matter, Clarke said. The working group is expected to
issue its recommendations in August, a month before the White House
plans to release its national strategy for protecting the country from
cyberterrorism.
The administration is also talking with the insurance industry about
whether potential cyberterrorist attacks on the nation's infrastructure
would be exempt from coverage under the new policies. Most insurers
treat terrorist attacks as acts of war, which insurance companies
generally don't cover.
In the end, it may take a punishing, industry-wide cyberattack before
companies begin to seriously consider cybersecurity insurance, said
Hartwig of the Insurance Information Institute.
"Unfortunately," Hartwig said, "the best advertisement for this kind of product is going to be the next malicious and well-publicized attack."
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
posted on August 16, 2003 06:20:27 AM newI've made that decision already!!!
Bravo helen!
Looks like the next carrot the cheapo PC companies will be giving away (along with a zillion "free" hours of AOL) is 6 months of free cyberprotection...just another little challenge to the script kiddies of the world!
___________________________________
What luck for the leaders that men do not think. - Adolph Hitler
posted on August 16, 2003 10:44:38 AM new
Yeah, Linux is sooooo user friendly and all the device drivers are just sooo easy to install.... how about all the games you can play too... yep linux is definately the way to go... Make sure you start with Debian there Helen, with all of your intelligence that should be a piece of cake to install...
Your comment is appreciated, twelvepole. Amongst your gender you stand far elevated by your reasoned and calm approach, and the precision and wonderful clarity of your expression.
A new policy by China's governing body the State Council will rule that all ministries have to buy only locally-produced software at the next upgrade cycle.
The move, aimed at breaking the dominance of U.S.-based Microsoft on desktop computers, will eliminate Microsoft's Windows operating system and Office productivity suite from hundreds of thousands of Chinese government computers in a few years' time. Gao Zhigang, an official with the Procurement Center of the State Council, told reporters that the new policy will be in place by year-end.
In addition to commercial reasons for protecting local software, there are security concerns. China is placing official support behind the Red Flag Linux operating system, which they trust because the open-source code allows officials to see that there are no data spyholes installed by foreign powers. In response, Microsoft has been on a charm offensive, including granting the government inspection rights over Windows source code and creating a new CEO position for Greater China.
posted on August 18, 2003 07:38:13 AM new One security expert warns of 70 new computer threats every week, making it a full-time job to keep virus guards and firewalls up to date.
Microsoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers.
posted on August 18, 2003 05:12:35 PM newMicrosoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers."Ultimately, it's a flaw in our software,"he said.
Microsoft is irrelevant. Unnecessary.
___________________________________
What luck for the leaders that men do not think. - Adolph Hitler
posted on August 19, 2003 06:54:34 AM new
Gee when I saw the header on this thread I though you were going to tell us Ros Perot was going to make another bid at the white house !
posted on August 19, 2003 08:32:50 AM new
The evolution of a worm...Hahaha
It installs itself on your machine, without your permission, exploiting a hole in the Windows RPC code, downloads patches without your permission, installs the patches, still without your permission, and then sits there until it kills itself on Jan 1, 2004.
