Re: Extremely odd thing with Giganews DMCA?

On 19 Sep 2005 23:04:43 -0000, J.Alfred Prufrock <Poet@xxxxxxxx> wrote:

>In article <8t9ti15b5retg37l7e4d71mqdaun7e85mk@xxxxxxx>
>roadburner <roadburner^at^comcast^dot^net> wrote:
>>
>> I was reading APAS a few minutes ago via Giganews.
>>
>> A message popped up on the screen asking me about transferring bookmarks. I
>> looked at the taskbar and saw it was Firefox. I assumed it was asking me if I
>> wanted to transfer my IE bookmarks to it. Neither IE or Firefox were running
>> at the time.
>>
>> I answered the popup with OK. Next, Firefox opened up the following page:
>> http://www.giganews.com/dmca.html
>>
>> The only things running at the time were Mercury, OE, and News Agent.
>>
>> Grisoft AVG, MS Antispyware, and PGP were running in tray.
>>
>> Has anyone else had this happen? I am not now or ever have posted or
>> downloaded any copyrighted materials. I have had this account with them for
>> about 1 1/2 years.
>>
>> How in the heck did that happen? I checked my Firefox bookmarks and sure
>> enough, it looks like it transferred my IE bookmarks into it. But the page I
>> referred to that popped up was not one of the bookmarked pages.
>>
>> I should add that this is a new PC. I have only set it up this weekend so
>> there are very few bookmarks. It is a Dell with XP Pro and the way it was
>> shipped included Dell bookmarks. The Dell bookmarks got transferred to
>> Firefox. That is how I know for sure it was Firefox asking to transfer
>> bookmarks.
>>
>> Anybody have any clues as to what fired things off? Kind of scarey. I would
>> hate to think that Giganews can control Firefox on this PC. Should I dump
>> Firefox? Is there some exploit in it? I installed Firefox because I thought it
>> was secure. How the heck could it be remotely turned on? Remember, it wasn't
>> running at the time. It was remotely started by someone else.
>>
>> Could it be I got a trojan? Don't know how. Everything on this PC (not much)
>> is legit software. Nothing strange.
>>
>> Really wondering what the heck is going on? How? Why that page? Makes me
>> nervous as all get out.
>>
>> AVG has completed a test of everything without finding any thing.
>>
>> Regards,
>> roadburner
>
>I'm no computer expert, but I did just buy a new computer.
>
>It has taken a long time for all of the automatic, preloaded
>scripts to run:
>
>Install and "activate" Office?
>Update and install Norton?
>Firewall?
>
>And on, and on and on.
>
>I suppose you made Firefox your default browser?
>It will be launched whenver a call is made for a browser,
>and it may take care of unfinished business when it's called.
>It may have been programmed to do something the first
>time you reload, or at a random time following installation,
>or who knows.
>
>Check your firewall, check your logs, look at startup
>programs (msconfig.exe)
>
>J. A. Prufrock
>
>

It could very well have been an attack. I had port forwarded 9001 and 9030 for
the Tor router I run. On the primary machine that used to host the Tor router,
I had a Symantecs firewall. It is programmed to shut down all connections in
the event of a major attack. Only Tor was permitted to use those ports.

All Tor nodes, their IP addresses and open ports can be found easily on the
net. Just Google for Tor nodes and you will eventually find the listing of all
of us that operate a Tor node. Mine is down while I switch to the dedicated
server PC. A Dell Optiplex, 3.2 Ghz PC.

In the last month and a half, the firewall logs show a number of serious
attacks to those ports. The firewall closed all connections on 3 occasions.

When I reconfigured the network for setting up the dedicated Tor node, I
reconfigured the new box to 192.168.0.2 which was the port forwarded local IP
of the old Tor server. I had not yet installed a software firewall so was open
to attack on those ports.

Fortunately, I had not installed any of my Tor or PGP keys. That was the last
thing I was going to do before putting it officially on line following setup.
I hadn't yet installed bestcrypt. The keys are on a USB stick (in an encrypted
bestcrypt container) and about 2 feet away from me as I write. A long time
ago, I was taught the importance of safeguarding keys. Just like handling
guns, you can never be too careful with them. I learned that from RProcess and
another kind gentleman that walked me through PGP when it first was released.

Passwords are extremely important too. Years ago, I read a book on how to
memorize just about any list of random words, numbers, and characters you
could list. It takes me about a minute to memorize a list of 20 random words
and characters. The secret is to picture in your mind the most bizarre thing
you can think of and relate that to the next word on the list. For example,
just a few words:

Television
Chainsaw
Squirrel
:
!

I would picture in my mind absurd things like watching television on my
chainsaw, then a squirrel fell out of a tree and landed on the chainsaw and
cut his colon. The noise made a bang (!). from that I would make a password
like TchSQU:! Practice it for a while and you will never forget it. Trust me
on this one.

Do you sort of follow what I mean? Try it, have someone write down about 10
random words. Associate them with the most absurd, bizarre, wild thing you can
picture in your mind. From that, you can make a password invulnerable to any
type of dictionary attack. Make it long enough, and it is virtually attack
proof.

I read where seized computers with encrypted files are scanned for sites
visited on the net. For instance if a person was interested in football, they
would go to all the sports sites he visited and compile a list of all the
words from those sites. Using distributed computing power, all of those words
would be tried in a dictionary attack on the password.

Today, I took the day off and will reformat and reinstall the OS for the
simple reason the PC may be compromised. It will be running sensitive privacy
software and I won't take any chances. I have already deleted the port
forwarding in my router. My boss gave me the OK. She was glad to have me home
since I spend so much time at the office. Technically, she is the President of
the company I work for though she has no role in it.

A long story but about 15 years ago I was a General Manager of a similar type
of company. I had a non compete agreement. To circumvent it, my wife
incorporated the company and then hired me. <g> it worked.

Time to get to work on the PC. Thanks for offering up your thoughts. Very much
appreciated.

My warmest regards,
roadburner
.

Relevant Pages

  • Re: Extremely odd thing with Giganews DMCA?
    ... | A message popped up on the screen asking me about transferring bookmarks. ... Neither IE or Firefox were running ... Please download, install and update the following software... ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
    (alt.computer.security)
  • Re: Extremely odd thing with Giganews DMCA?
    ... >>A message popped up on the screen asking me about transferring bookmarks. ... >>looked at the taskbar and saw it was Firefox. ... >>The only things running at the time were Mercury, OE, and News Agent. ... on a software firewall and only permit connections to those ports through Tor ...
    (alt.privacy)
  • Re: TVGuide.com now officially useless
    ... Other browsers have that "go" menu but Opera ... I downloaded Firefox 1.5 and gave it a quick test run. ... I still don't like the toolbar, it reminds me too much of IE and the ... Firefox has a bookmarks toolbar and it can import Opera ...
    (rec.arts.tv)
  • Extremely odd thing with Giganews DMCA?
    ... A message popped up on the screen asking me about transferring bookmarks. ... looked at the taskbar and saw it was Firefox. ... The Dell bookmarks got transferred to ... How the heck could it be remotely turned on? ...
    (alt.computer.security)
  • Getting privoxy and Tor to work
    ... I've installed both tor and privoxy and have altered the bits Tor says I ... Firefox so both http and https point to localhost 8118 as the proxy. ...
    (Fedora)