Dialogue on Web Security

The Truth Is Out There: Dare You Ignore It ?


E-Mail Prompt: Pandora's Box

Incoming EMail

>I would appreciate it very much if you could review the enclosed attachment.
>Name: PATENT~1.WPD
>Part 1.2 Type: unspecified type (application/octet-stream)
>Encoding: base64

The Response to the EMail

I don't open "unexplained" documents on my public pc system.

Send me a cover letter explaining its purpose and contents if you want it "reviewed".

If i don't receive such a cover letter from you within 24 hours, i'll copy your email with the doc attachment to a throwdown pc i have sitting next to me, open it, and hopefully find it is not virus- or worm-laden.

If i find it to be infected, a second, unopened copy will be forwarded to the FBI's NCCS with copies of these email threads containing the document. a copy of that will also be sent to the sysad of my ISP. both organizations will be thrilled to act on it themselves... as will i.

If you don't understand why i take these precautions, you're welcome to inquire further.

In-House Thread

ya know that if anyone sends ya wpd or doc's not to accept em?

macros... they are gettin' nastier, too. use to be the macro viruses were stupid... but now everyone is doin' em... so they are gettin' better. thats why i don't use wpd or doc software. better have a look at the product first.

tell me what i'm suppose to do?

you are the "pro's" on this stuff.

if you have the time/inclination/facilities to check the wpd file safely, then great. is there available to us a mechanism which allows us to accomplish this or not?

i don't know what hardware/software exists to root out such a thing... but i know if i sent it to no such agency in mclean, they'd have a clear procedure for handling it. same with most large corps tech support departments.

how far "advanced" are the "e-security-experts" beyond the general surfing public?

we can figger

email er to me and we can play with it...

you should be able to do it right where it sits with a check you should be doing. anyway... fprot you have fprot runnin'? you wanna get it runnin', if not?

have fprot and mcafee both. run both regularly. but these are public domain freebie anti-virus packages...

my asshole just slammed shut loud enough to hear it all the way from blue balls pa.

does this mean that the e security experts have nothing more than the average joe does on their own lil pc?

what if somebody corporate asked us to do a file analysis er sumthim like that under similar but larger scope conditions? we equipped fer that?

i'm not sure what you mean? we equipped to test for each individual hacker... ?

yup... if you were my employee, i'd:
1) not allow attachments on email
2) have an ftp area that was monitored and checked and watched
3) the best virus software i know of is fprot
4) if someone invents a new virus, what software will be able to detect it
5) not allow modems

this thing shouldn't have landed on your harddrive in the first place... you should have put it right to floppy... then you wouldn't have to worry so much about contamination

of course... and we shouldn't have lost 9 or ten lives in a shuttle launch. but then, factory pc's and minimal e-security literacy don't give most of us dummies much of a grip on that... even AFTER a virus or two. come to think of it, this is the first time i've heard this much outta ya on the subject, despite the fact i lost a system to such a thing once before while in com with you.

there's more...

6) i'd burn all my important stuph to CDROM... can't write a virus to ROM after the fact the answer here was prevention... not crisis mngt., no?

or are we pretendin' one of the dummies in the secretaries pool downloaded it by mistake?

as to larger scope... S-man does a very large network at ohio-state... and ya know what happens if someone contaminatess the network? it ain't purty... and it ain't fast... that is what we are selling... email us b4 it is too late... you are calling us after you are shot and bleedin'... the budget to solve the delima if'n ya were to call us would be $500-1,000 for phase one of the "clean-up"

worst case, in this scenerio is you loose your harddrive and possibly spread it elsewhere... and ifn' you use floppies... every one you wanna keep... fprot it or through it away

i've had 3 virus clean ups here, one at the publishers network and S-man's had many

more good ideas so ya don't have to clean-up... use linux... avoid microsoft... really avoid word and wordperfect. you want more?

this was one of those "holy shit !" questions... trying to grasp the market's vulnerability issues the way a client might... and that's probabaly not far from how they'd put it.

see, i know you been runnin an isp and a bunch of domains fer a time, and i know S-man's runnin an .edu system... so, i figger whatever you two come up with in a pretty simple situation like this, is probably the kind of thing i need to get the best grip on: the basics. and in this basic case, what i'm hearing is that there ain't no "on the fly" prevention.

BUT MOST FOLKS DON"T KNOW THAT.

but back to the specifics... i know the popular position on wpd and word docs is that it can't hurt you if you don't open it, and you even said the same thing here in a previous send. BUT, as you imply here ("if somebody comes up with a newbie" thing), i can't believe that's gonna remain that way forever.

but another thing this brings up for my pea brain is that it would be dynamite if you n S-man were able to create a little (said this before several times) "digest version" of your perspectives on this stuff. for want of that, i'm trying to do it myself... it'll no doubt be a bastard wordsmith job, but i'll finish it in a few days or so and send it you, so you can see the way i think its going to be asked for and understood by clients, big and small alike... like an intelligible, quickie entre on the subject, rather than one which convinces everybody they're assholes for asking about it ( ahem).

when you talk with anybody but a seasoned pro (that's not me or klaus, either) you gotta start at a level which, to you, is pre-cromagnon era, and in baby steps. i have a feeling that if you can adjust yer pacing in dialogues about this, you'll knock 'em all right outta their chairs, and into your cash register.

i never have heard of an "emailed" virus taking off... usually the macro's grow in an office environment... people sharing spread sheets... i've seen people who know each other email viruses... ya know, one employee emails another one a spreadsheet

right... "usually"... which didn't apply at all in the case of the thing-a-ma-bob that hit my system and went straight to bios and the motherboard.

now, about our very large prospective client... firsst priority for internet security - see what they got... hardware, software, but most importantly... bandwidth and access the "gather info." period should also include seeing what other resources they have...like money... and talent... but the most important resources you can find are open minded ness and trust in us./

as long as their are cookies, cached pages, wpd docs, doc docs (hehehe.. what if they were your Word documents... would they be docs doc docs), floppy discs, modems, netscape, microsoft explorer, browsers running java or active x, and a few other things... we CAN NOT guarantee nuttin'

and, ya shouldn't get into solutions with em... cause that's why they need to pay us... but, the solutions are self-evident, no?

have an intranet that has no modems don't keep your most senstive doc's on the intranet

have a strong firewall that is monitored between you and da net don't let the employees use the most modern software cause it has the biggest holes

don't let the employees use active x or java

BACK UP EVERYTHING run fprot daily for viruses make sure a human is invovled in security keep financial transactions happin' away from everything else

  • C:/ Dialogue Prompt: Gaping Chasms in Web Perspectives
  • Brass Tacks: Credit Card Transactions
  • The Amorphous A-Moral To The Story
  • The Truth Is Out There: Just Ignore It If You Dare
  • Brass Tacks II: Houston, We Have A Problem...
  • Global Web Sec Topography

    Web Sec Dialogue Index