Anti-Spyware Forums


Reply
Thread Tools Display Modes

Newfangled rootkits survive hard disk wiping

 
 
BoaterDave
Guest
Posts: n/a

 
      01-04-2009, 08:40 AM
This article http://www.theregister.co.uk/2009/03...bios_rootkits/
refers to "unfettered root access"

Perhaps a silly question - if one connects to another server
deliberately for the purpose of sending and receiving messages in a
newsgroup (thus making a hole in one's defences?) might this be
giving "unfettered root access" if one is operating with
Administrator privileges?

Always wondering!

--
Dave (~BD~)

 
Reply With Quote
 
 
 
 
FromTheRafters
Guest
Posts: n/a

 
      01-04-2009, 10:30 AM

"BoaterDave" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> This article
> http://www.theregister.co.uk/2009/03...bios_rootkits/
> refers to "unfettered root access"
>
> Perhaps a silly question - if one connects to another server
> deliberately for the purpose of sending and receiving messages in a
> newsgroup (thus making a hole in one's defences?)


When a legitimate path is made, I wouldn't call it a hole in one
defenses.

> might this be
> giving "unfettered root access" if one is operating with
> Administrator privileges?


This is why you should *not* be running with administrative privileges
unless you are doing administrative tasks.


 
Reply With Quote
 
 
 
 
BoaterDave
Guest
Posts: n/a

 
      01-04-2009, 12:12 PM
On Apr 1, 11:30 am, "FromTheRafters" <(E-Mail Removed)>
wrote:
> "BoaterDave" <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed)...
>
> > This article
> >http://www.theregister.co.uk/2009/03...bios_rootkits/
> > refers to "unfettered root access"

>
> > Perhaps a silly question - if one connects to another server
> > deliberately for the purpose of sending and receiving messages in a
> > newsgroup (thus making a hole in one's defences?)

>
> When a legitimate path is made, I wouldn't call it a hole in one
> defenses.
>


Just to be clear about this, FTR - if I connect to the newsgroups at
annexcafe.com (a private server) using Outlook Express, or any another
Newreader, have I a created a 'way in' to my computer in spite of
having a NAT router between me and the Internet?

> > might this be
> > giving "unfettered root access" if one is operating with
> > Administrator privileges?

>
> This is why you should *not* be running with administrative privileges
> unless you are doing administrative tasks.


So, again to be clear, is your answer "yes"?

I value your opinions, FTR - thank you for posting in reply to my
queries.

FYI - I started responding to you using Thunderbird but an error
message from Thunderbird appeared before I had completed all I had to
say. The only way out was to force the programme to quit, thus losing
all I had written. It has happened before. It's as if someone is
reviewing my message as I write it to decide if I should or should not
be allowed to send it. That could never be the case ........ could it?
*This* message is being sent through Google groups using the Internet
rather than from a newsreader - that's why I use BoaterDave when
posting from Google Groups and ~BD~ when using a newsreader - it helps
me to remember from whence I actually posted!

--
Dave


 
Reply With Quote
 
~BD~
Guest
Posts: n/a

 
      01-04-2009, 04:29 PM
Tim Jackson wrote:
> BoaterDave wrote:
>
>> FYI - I started responding to you using Thunderbird but an error
>> message from Thunderbird appeared before I had completed all I had to
>> say. The only way out was to force the programme to quit, thus losing
>> all I had written. It has happened before. It's as if someone is
>> reviewing my message as I write it to decide if I should or should not
>> be allowed to send it. That could never be the case ........ could it?

>
>
> Set a short auto-save period in Thunderbirds options
> (composition/general), or use File/Save regularly to ensure a copy of
> what you were typing is retained in Drafts if it crashes.
>
> If the error is repeatable maybe you could track down the event that
> causes the crash, and report it.
>
>
> Tim Jackson


Thanks for the advice, Tim.

Auto-save was set to the default of 5 mins - I've reduced it to 2 mins.

The drop-down 'error' message was something like "this message cannot be
saved in you Drafts folder" - but wouldn't let me cancel *or* continue.
i.e. not crashed exactly - but stuffed!

--
Dave
 
Reply With Quote
 
Unruh
Guest
Posts: n/a

 
      01-04-2009, 05:23 PM
BoaterDave <(E-Mail Removed)> writes:

>On Apr 1, 11:30=A0am, "FromTheRafters" <(E-Mail Removed)>
>wrote:
>> "BoaterDave" <(E-Mail Removed)> wrote in message
>>
>> news:(E-Mail Removed)...
>>
>> > This article
>> >http://www.theregister.co.uk/2009/03...bios_rootkits/
>> > refers to "unfettered root access"

>>
>> > Perhaps a silly question - if one connects to another server
>> > deliberately for the purpose of sending and receiving messages in a
>> > newsgroup (thus making a hole in one's defences?)

>>
>> When a legitimate path is made, I wouldn't call it a hole in one
>> defenses.
>>


>Just to be clear about this, FTR - if I connect to the newsgroups at
>annexcafe.com (a private server) using Outlook Express, or any another
>Newreader, have I a created a 'way in' to my computer in spite of
>having a NAT router between me and the Internet?


A NAT router is not very much of a protection. You should also have a
firewall on your computer or on your router.


>> > might this be
>> > giving =A0"unfettered root access" if one is operating with
>> > Administrator privileges?


Yes, it might be. Anything you download and which runs runs as
administrator and can thus do anything. Now usually news is not that that
dangerous-- it tends not to run things. But if there is a bug in your
newsreader, all bets are off. It is called defence in depth. You do not
rely on just one thing to defend you.


>>
>> This is why you should *not* be running with administrative privileges
>> unless you are doing administrative tasks.


>So, again to be clear, is your answer "yes"?


>I value your opinions, FTR - thank you for posting in reply to my
>queries.


>FYI - I started responding to you using Thunderbird but an error
>message from Thunderbird appeared before I had completed all I had to
>say. The only way out was to force the programme to quit, thus losing
>all I had written. It has happened before. It's as if someone is
>reviewing my message as I write it to decide if I should or should not
>be allowed to send it. That could never be the case ........ could it?


Who knows. Yes, you could be running a rogue version of Thunderbird.


>*This* message is being sent through Google groups using the Internet
>rather than from a newsreader - that's why I use BoaterDave when
>posting from Google Groups and ~BD~ when using a newsreader - it helps
>me to remember from whence I actually posted!


 
Reply With Quote
 
AriŽ
Guest
Posts: n/a

 
      01-04-2009, 06:59 PM
On Wed, 1 Apr 2009 05:12:15 -0700 (PDT), BoaterDave wrote:

> Just to be clear about this, FTR - if I connect to the newsgroups at
> annexcafe.com (a private server) using Outlook Express, or any another
> Newreader, have I a created a 'way in' to my computer in spite of
> having a NAT router between me and the Internet?


Yes.
--
A fireside chat not with Ari!
http://tr.im/holj
Motto: Live To Spooge It!
 
Reply With Quote
 
AriŽ
Guest
Posts: n/a

 
      01-04-2009, 08:20 PM
On Wed, 01 Apr 2009 17:23:47 GMT, Unruh wrote:

> Yes, it might be. Anything you download and which runs runs as
> administrator and can thus do anything. Now usually news is not that that
> dangerous-- it tends not to run things. But if there is a bug in your
> newsreader, all bets are off. It is called defence in depth. You do not
> rely on just one thing to defend you.


So never turning your computer on won't work?
--
A fireside chat not with Ari!
http://tr.im/holj
Motto: Live To Spooge It!
 
Reply With Quote
 
Unruh
Guest
Posts: n/a

 
      01-04-2009, 09:02 PM
=?iso-8859-1?Q?Ari=AE?= <(E-Mail Removed)> writes:

>On Wed, 01 Apr 2009 17:23:47 GMT, Unruh wrote:


>> Yes, it might be. Anything you download and which runs runs as
>> administrator and can thus do anything. Now usually news is not that that
>> dangerous-- it tends not to run things. But if there is a bug in your
>> newsreader, all bets are off. It is called defence in depth. You do not
>> rely on just one thing to defend you.


>So never turning your computer on won't work?


Nope. Because your wife comes in one morning and says, what is this
computer doing here switched off. I can use it, and switches it on.


 
Reply With Quote
 
~BD~
Guest
Posts: n/a

 
      01-04-2009, 09:48 PM
AriŽ wrote:
> On Wed, 1 Apr 2009 05:12:15 -0700 (PDT), BoaterDave wrote:
>
>> Just to be clear about this, FTR - if I connect to the newsgroups at
>> annexcafe.com (a private server) using Outlook Express, or any another
>> Newreader, have I a created a 'way in' to my computer in spite of
>> having a NAT router between me and the Internet?

>
> Yes.


Thank you, Ari

Ever been there? The User2User group (one in the USA, one in the UK).

They'd tear you to pieces! *Very* clever folk there!
--
Dave
 
Reply With Quote
 
AriŽ
Guest
Posts: n/a

 
      01-04-2009, 11:53 PM
On Wed, 01 Apr 2009 22:48:18 +0100, ~BD~ wrote:

> AriŽ wrote:
>> On Wed, 1 Apr 2009 05:12:15 -0700 (PDT), BoaterDave wrote:
>>
>>> Just to be clear about this, FTR - if I connect to the newsgroups at
>>> annexcafe.com (a private server) using Outlook Express, or any another
>>> Newreader, have I a created a 'way in' to my computer in spite of
>>> having a NAT router between me and the Internet?

>>
>> Yes.

>
> Thank you, Ari
>
> Ever been there? The User2User group (one in the USA, one in the UK).


Yes.

> They'd tear you to pieces! *Very* clever folk there!


Yeah.
--
A fireside chat not with Ari!
http://tr.im/holj
Motto: Live To Spooge It!
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Overwrote Name of Primary Hard Disk Shneor Spyware 0 22-07-2006 10:09 PM
Wiping data from drive question Doofus McFly Security Software 73 02-07-2006 02:01 PM
wiping backup tapes Dan Getz Security Software 2 14-06-2006 04:46 PM
Disk Drive A: (Floppy Disk) =?Utf-8?B?Q29tcHV0ZXJfTWFu?= Computer Security 5 06-02-2006 08:19 AM
Can trojan, EliteBar for example, survive disk formating ? Mario Anti-Virus 4 06-09-2005 11:18 PM


All times are GMT. The time now is 11:28 PM.