APK Posted May 2, 2008 Author Report Share Posted May 2, 2008 "New NEWS": Well, it appears I was correct in my "assumption/guess" above (about my suspecting the "RBN being @ it again") 2 posts up, which are NOW verified, per this quote from the above source:SECOND MASS HACK EXPOSED:http://www.itnews.com.au/News/72214,second...ck-exposed.aspxAND, the source I used for this list:http://ddanchev.blogspot.com/2008/03/more-...ame-attack.htmlAnd, the salient portion that notes that my suspicion was correct:"if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN"So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use:START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:0.0.0.0 do-t-h-e.com0.0.0.0 rx-pharmacy.cn0.0.0.0 m5b.info0.0.0.0 hotpornotube08.com0.0.0.0 hot-pornotube-2008.com0.0.0.0 hot-pornotube08.com0.0.0.0 adult-tubecodec2008.com0.0.0.0 adulttubecodec2008.com0.0.0.0 hot-tubecodec20.com0.0.0.0 media-tubecodec2008.com0.0.0.0 porn-tubecodec20.com0.0.0.0 scanner.spyshredderscanner.com0.0.0.0 xpantivirus2008.com0.0.0.0 xpantivirus.com0.0.0.0 bestsexworld.info0.0.0.0 requestedlinks.comEND OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers:do-t-h-e.com (69.50.167.166)rx-pharmacy.cn (82.103.140.65)m5b.info (124.217.253.6)hotpornotube08.com (206.51.229.67)hot-pornotube-2008.com (206.51.229.67)hot-pornotube08.com (206.51.229.67)adult-tubecodec2008.com (195.93.218.43)adulttubecodec2008.com (195.93.218.43)hot-tubecodec20.com (195.93.218.43)media-tubecodec2008.com (195.93.218.43)porn-tubecodec20.com (195.93.218.43)scanner.spyshredderscanner.com (77.91.229.106)xpantivirus2008.com (69.50.173.10)xpantivirus.com (72.36.198.2)bestsexworld.info (72.232.224.154)requestedlinks.com (216.255.185.82)Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al):89.149.243.20189.149.243.20272.232.39.252195.225.178.21:)* Enjoy, stay safe, & keep surfing!APK Quote Link to comment Share on other sites More sharing options...
APK Posted May 2, 2008 Author Report Share Posted May 2, 2008 The "RBN"'s still @ it (per earlier in this guide/last page)& Gaining more servers to attack folks with online!(Per my earlier posts on how to add to a HOSTS file & their IP addresses above - this gent is whom I got this info. from & he's a fairly noted security researcher + ontop of them & their activities online it seems, use him for a resource, excellent so far (proved me right in my guess above too, albeit far later than I guessed it was they, lol (pretty obvious if you follow security trends & news though to be honest)):http://ddanchev.blogspot.com/:)He has more servers there (updated list is why) vs. my own above... if you're into your online security? Refer to it & add his lists to your HOSTS file too (or, email me for mine to save time if you wish, many have).APKP.S.=> Hence, why I mentioned this gent & HIS sources earlier: They are accurate as all get out, & work to secure you... thank goodness for folks like he, & his sources too! apk Quote Link to comment Share on other sites More sharing options...
APK Posted May 2, 2008 Author Report Share Posted May 2, 2008 Moved to guides section.I suggest reading this topic over a few days as it may be a bit much information to take in all at once. :lol:Thanks Scarecrow Man, for making it an "ESSENTIAL GUIDE" here on your forums!... It seems you have "pored over this material" & liked it, so, I guess that gives it the "official OK nod" here, which is GOOD to see (see my reply earlier to the gent who requested it be made a guide here, etc.m 2-4 posts up from THIS one)..."IT JUST WORKS"* Enjoy, & surf FASTER + SAFER online people!APKP.S.=> At your forums here, I did omit posting the added HOSTS stuff, & my apologies (I took a LOT of slack from SOME forums (filled with some seriously sanctimonious people, some banned me, or tried to tell me how to write (minus a PhD in English no less on their parts, nor were they professional writers), etc. & they really upset me since I am trying to help others no less in this post)Some of their critiques? Well - they stated it was "too complex" etc. (& I CANNOT HELP THAT, but CIS Tool helps make it easier/simpler by far, PLUS, actually makes it "FUN" to do in a way, like any benchmarking can be)...My further posts ontop of that only serve to cover areas (CIS TOOL DOES NOT) - not if you take this 1 line @ a time, & lookup terms you don't know or understand on say, GOOGLE or ALTAVISTA (or, just ask myself or others here, if I am not around to field questions & such on this guide's points)... pretty simple!So, on some of the 25 or so sites this same material is on, I did omit it... because of such complaints!However - not on other forums (most were/are heavily security oriented/"super-geeks" type sites is why), & folks there took to the concept of HOSTS files usage easier/faster!BUT - When I began putting the info. in my previous 2-3 posts to this one, about HOSTS files usage & such, & on "regular users/folks" type forums? I was PLEASANTLY SURPRISED to see that "ordinary users/folks" took to it like DUCKS TO WATER too... good to see, so, enjoy this added supplementary info. on HOSTS files, & Mr. Dancho Danchev's blog site too (great daily updated nearly info. in this regards in fact)... apk Quote Link to comment Share on other sites More sharing options...
Scarecrow Man Posted May 2, 2008 Report Share Posted May 2, 2008 There's no place like 127.0.0.1. B) Quote Link to comment Share on other sites More sharing options...
APK Posted May 2, 2008 Author Report Share Posted May 2, 2008 There's no place like 127.0.0.1. B)Aha! I see you're a "fan" of HOSTS file usage too... good man!(& I have referenced that one from mvps.org too before (anywhere that's proven fairly reliable I will use where I can pull in information to make this file stronger, is cool by me)).However - on 127.0.0.1? Well - I have to be sort of a "dork" here, about that: 0.0.0.0 is actually BETTER, for a couple reasons! Take a read, you will probably see/understand my reasoning (pure mathematics really & logical)::)* First of all, it makes for a F A S T E R read of the HOSTS file up off disk (especially if your HOSTS file has TONS of entries as mine does current "weighing in" @ nearly 55,000++ entries) - think about it!(It IMMEDIATELY has 2 characters less on the 1st octet (127 vs 0) & multiplied by TONS of lines for this? Makes a HUGE read & load speed diff... same functionality, via a more efficient structure (2 for the price of 1, quite literally))** Secondly, this also lends to less disk AND MEMORY occupancy (once it's loaded into your local DNS cache in RAM etc. et al).(Just some "food for thought"...)APKP.S.=> Plus, if memory serves me correctly? 127.0.0.1 actually takes SOME processing power from you, fielding requests & rejecting/filtering them to the localhosts entry, but 0.0.0.0 actually does not afaik, & acts SORT OF like doing copy filename.ext > NUL (sending it straight more-or-less, to the trashcan/null port, w/ less processing power consumed by the network stack)... However, this last part I am NOT totally sure on, but I'd wager it's straight up... HOWEVER/NO QUESTIONS ASKED? The first part I noted (on 0 being smaller than 127 for the 1st octet) IS UNDENIABLY better for RAM consumptions, diskspace usage, & init. loadspeed! apk Quote Link to comment Share on other sites More sharing options...
APK Posted May 18, 2008 Author Report Share Posted May 18, 2008 A great site that Mr. Dancho Danchev "turned me onto", for making additions to your CUSTOM HOSTS FILE (mentioned earlier on in this guide in STEP # 5) via his security blog... how/why?http://mtc.sri.com/:)* Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!APKP.S.=> I tried to edit in some reference detail into the posts (#4) about HOSTS Files usage (citing a registry hack that you MAY need to perform (or not) - I will omit it, as I have never seen XP affected by THIS one, but I have seen reports of it on Windows Server 2003)...HOWEVER - I also tried (#5) on PORTS FILTERINGS but, I can no longer edit those... so I will put that here:(IANA port #'s references & also IANA IP port references too, to make it easier on those that are not "Tcp/IP experts" (lol, who is, you know)These URL's will be helpful as well, bigtime (for understanding (e.g. - knowing which IP ports you need to leave open & why (or, why not) for POINT #5 on PORTS FILTERING):IANA PROTOCOL NUMBERS LIST:http://www.isi.edu/in-notes/iana/assignmen...rotocol-numbersIANA PORTS LIST (well-known, registered, & dynamic/private ports):http://www.isi.edu/in-notes/iana/assignments/port-numbersAnyhow...enjoy! apk Quote Link to comment Share on other sites More sharing options...
Mike567 Posted June 4, 2008 Report Share Posted June 4, 2008 Opera, you can disable flash/java globally then right click on the site click edit site preferences and enable flash and java that way. Quote Link to comment Share on other sites More sharing options...
APK Posted June 5, 2008 Author Report Share Posted June 5, 2008 Opera, you can disable flash/java globally then right click on the site click edit site preferences and enable flash and java that way.Already "present & accounted for", Mike!Search what's between the dashed lines below, in post #2 of this thread on the FIRST page:-----"If you MUST use Javascript (for instance, on a particular site like banking or shopping oriented ones)?Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.Either way? It works, & I STRONGLY recommend this. I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)"-----:)* It works for Java/JavaScript... not for FLASH though, afaik.APK Quote Link to comment Share on other sites More sharing options...
Mike567 Posted June 12, 2008 Report Share Posted June 12, 2008 You need to disable the plugins, where flash is located. Quote Link to comment Share on other sites More sharing options...
APK Posted June 12, 2008 Author Report Share Posted June 12, 2008 You need to disable the plugins, where flash is located.Aha! So, THAT is what you meant... I thought you only meant Java/Javascript etc. (which are a danger, especially in combination with IFrames)!:)* Point taken & noted, I'll put that into this one & all others across the wire, crediting YOU with that, on that account! I can't edit that in, here, though... this forums has me set as unable to edit this "guide" after a certain period, in each of its posts, or I would have done so, immediately in fact.(I'll have you know - you've done BETTER in regards to critique of this post, than 99% of those out there, inclusive of the likes of Ms MVP's &/or security forums gurus (even KNOWN security experts in fact))Thanks, & GOOD job man! Only 2-3 others have found "weaknesses" (3 minor ones iirc) in this guide, across 20 forums in total, & some even "SECURITY ORIENTED", specifically. This is a credit to your observance, & know-how... & thank you! You've only made this guide that much better, & STRONGER, for it.APKP.S.=> IF you wish? I can use your real name if you like... or, I will just note you as "Mike567 from Windows Forum"... up to you, either way, credit goes, where credit IS due... & thanks! I'll wait until you respond, & then, make those edits on this guide (it's the same one, better than here in fact, because I cannot edit here - across 15 other forums online, where I CAN EDIT its content)... apk Quote Link to comment Share on other sites More sharing options...
APK Posted June 16, 2008 Author Report Share Posted June 16, 2008 Mike? I credited you across 12-15 forums where I can STILL EDIT THIS POST, inserting this snippet between the dashed lines below, into "point #13" (not numbered in this guide, but point is there as it IS right after point #12 (I can't on them all, but on most of the ones I cannot? I added this (giving credit, where credit is due))):----DISABLE INDISCIMINATE USE OF ADOBE FLASH:From Mike567 (giving credit, where credit's due):http://forums.windowsforum.org/index.php?s...33716&st=20You need to disable the plugins, where flash is located.&, he's right... I "overlooked/omitted" that much!Why is this important?? Well, take a peek here (very recent, 05/28/2008, as of the date of this posting):Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/0...47&from=rss----:)* Giving credit, where credit is due is all... &, I appreciate it (your help here)APK Quote Link to comment Share on other sites More sharing options...
Mike567 Posted June 19, 2008 Report Share Posted June 19, 2008 Thanks.Just wondering why you post it across 15 forums?Are you planning on putting a signature link in when your post has been forgotten or what, brilliant for SEO considering your content isn't all that bad for keywords, but if you look at the google cache of this sites you will find they hide the signature links. (well used to) Quote Link to comment Share on other sites More sharing options...
APK Posted June 19, 2008 Author Report Share Posted June 19, 2008 Thanks.Oh, you're VERY welcome, & I was only giving credit, where it was righttully due, you!Plus, imo @ least?Well - you literally did a BETTER JOB of scrutinizing my points, than even the "security pro" wannabe's out there (& yes, I challenged MANY of them across their forums to find weakness' in this guide's points... only 1 did from a security forums, & I credited he here, as I did yourself... but, 'ordinary joes' (computer users & yes, some having good expertise such as AlexStarFire &/or Thronka whom I credited)...This point 'dovetails' into your next one, in fact...Just wondering why you post it across 15 forums?Because, believe-it-or-not, I have had people either:1.) Lock the thread (when I challenged the "spelling & grammar nazis" out there to find actual problems in this post's steps, instead of their MERE OPINIONS of "what good writing style is")Fact is, that "critique/opinion" of "good writing style" simply does NOT help secure someone further, period... (& not a single one of those said 'writing critics' possessed a PhD in English when asked to produce it either... for all we all knew as readers, to be blunt about it? They were folks with "ADD" or DYSLEXIA... & certainly NOT experts in English (most of them were people who haven't even been alive as long as I have been speaking & writing this language, no less - yet, telling me "how to write"... lol, give us a break!)--------&/or--------2.) Folks removed it on some sites, because imo? They felt threatened by its points somehow... E.G. #1-> The "security gurus" no less, such as @ Securityforums.com (who had nearly 10,000 views of it on their forums & no one complained about it, escept 1 guy I quote in this guide (an admin there, whom I told "you want your email review of this out of it? Find a weakness in it, simple" because he AND I both were in that email exchange, & I can use it, wherever I like @ this point because of that mutual correspondence... his name is Don Parker, & that made me lose ALL RESPECT (whatever I had for him that is, @ that point) in his outright getting my post removed @ said forums)E.G.#2-> Folks who are javascript programmers for instance, DEFINTELY were threatened by suggestions to "turn off javascript on ALL sites globally in your browser, & ONLY LEAVE IT ON FOR SITES THAT DEMAND IT FOR FULL FUNCTION"E.G. #3 -> Webmasters who don't like losing revenue due to adbanners being blockedE.G. #4 -> & of course, inevitably, those who are 'hacker/cracker' types too...--------* Pretty lame, especially #2, E.G. #1 especially, but... all fact/true too...Are you planning on putting a signature link in when your post has been forgotten or what, brilliant for SEO considering your content isn't all that bad for keywords, but if you look at the google cache of this sites you will find they hide the signature links. (well used to)I put this out, MAINLY, for "typical/normal" end-users, so they too can realize 1 thing:SECURING A COMPUTER, ESPECIALLY A WINDOWS NT-BASED ONE (or, even Linux) via CIS TOOL GUIDANCE? IS NOT "ROCKET SCIENCE"!!!(... & simply is a 1-2 hr. investment of your time downloading & installing it, running it, & then shoring up any weaknesses it finds (most of the answers are online on GOOGLE no less, making it easy/simple to do, with directions as to what tools to use etc. et al, also)).For those that are not, OR, where the test 'errs' @ times (& it does, on both Linux &/or Windows for instance)? That's where I help folks thru the questions they have... APK Quote Link to comment Share on other sites More sharing options...
Mike567 Posted June 19, 2008 Report Share Posted June 19, 2008 Cant say I've really read all your posts but are you missing the most important one?Running in limited user account, instead of administrator priviledges.I've come across so many home users having admin priviledges,this is why distros like ubuntu are so popular as by default you cannot use root as a account unless you are in recovery mode.Heres a cool method of sandboxing programs as well.http://darksat.x47.net/index.php?topic=53.0 Quote Link to comment Share on other sites More sharing options...
APK Posted June 19, 2008 Author Report Share Posted June 19, 2008 Cant say I've really read all your posts but are you missing the most important one? Running in limited user account, instead of administrator priviledges.There's only 1 REASON I didn't post that (@ least NOT DIRECTLY, because in a way, if you read below? I did already, as regards browsers @ least)... why?Well - I have been literally running as ADMINISTRATOR here (renamed of course, but, nbtstat can show anyone THAT if you left NetBIOS/LanManager stuff up & running, & I DO NOT) for years to DECADE++ now, not a single infection... not a one, NOR have I been otherwise compromised.I guess what I am trying to say is this: Yes, if you like? Running as a less priveleged user, can help (I note that in the browser section, as regards "Browser Isolation" techniques, using tools such as SandBoxie &/or "Drop My Rights" by MS, or even using RunAs or PsExec to do so - so, in a way, I did NOT "omit that")...I've come across so many home users having admin priviledges,this is why distros like ubuntu are so popular as by default you cannot use root as a account unless you are in recovery mode.You also get "limited" by it, & can stop apps from running, period... a trade off, & imo? Unnecessary, once users are "educated & enlightened", which is/was my goal in this post here (& others like it across many forums online since late last year 2007, as my "new year's resolution" to "do a good deed" & that being to 'turn on folks to security' more-or-less).Heres a cool method of sandboxing programs as well.http://darksat.x47.net/index.php?topic=53.0I'll take a peek @ it, but I am hoping its not RunAs or PsExec, or SandBoxie, or "DropMyRights" (by MS) is all... APKP.S.=> That is a "rehash" of a technique I was "modded up for" @ SLASHDOT no less, here, years ago (although, that thread apparently occurred before my post @ /. did - proof "great minds think alike" is all, lol):http://it.slashdot.org/comments.pl?sid=236...mp;cid=19310513... I put that into the post in this thread about "WebBrowser isolation techniques" a page or two back in fact... you must have 'skimmed over it' & that's ok - it happens! apk Quote Link to comment Share on other sites More sharing options...
APK Posted June 26, 2008 Author Report Share Posted June 26, 2008 AN IMPORTANT SET OF POINTS TO SECURE YOUR WEBBROWSER, EMAIL PROGRAMS, & MORE:STOP JAVASCRIPT USAGE IN YOUR BROWSERS (along with ActiveX & JAVA) On the PUBLIC internet, PERIOD (well, with SOME exceptions on sites that demand you use it, OR those that cannot function properly without it, some examples below)!Why? Well, read on:Fact is, that today? Well... Javascript's dangerous & can be used AGAINST you, as well as help you... it truly is, or can be, a 'double-edged sword'...(For example - if you follow security related news, you will see that JavaScript is the key avenue being used against you in today's attacks (even thru adbanners!)). Some examples:http://www.wired.com/techbiz/media/news/2007/11/doubleclick&http://apcmag.com/5382/microsoft_apologise...re_to_customersIf you MUST use Javascript (for instance, on a particular site like banking or shopping oriented ones)?Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.Either way? It works, & I STRONGLY recommend this. ----DISABLE INDISCIMINATE USE OF ADOBE FLASH:From Mike567 (giving credit, where credit's due):http://forums.windowsforum.org/index.php?s...33716&st=20You need to disable the plugins, where flash is located.&, he's right... I "overlooked/omitted" that much!Why is this important?? Well, take a peek here (very recent, 05/28/2008, as of the date of this posting):Adobe Flash Zero-Day Attack Underway:http://it.slashdot.org/article.pl?sid=08/0...47&from=rss----I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)=====SECUNIA DATA ON BROWSER SECURITY (dated 06/26/2008):=====Opera 9.27-9.50 (new release) security advisories @ SECUNIA (0% unpatched):http://secunia.com/product/10615/?task=advisories----FireFox 3.x security advisories @ SECUNIA (100% unpatched):http://secunia.com/product/19089/----IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (37% unpatched):http://secunia.com/product/12366/----Those %'s are the latest for FireFox 2.0.0.14, Netscape 9.0.0.6, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.27... all latest/greatest models.So, as you can see?Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES? It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:http://www.howtocreate.co.uk/browserSpeed.htmlAND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:http://nontroppo.org/timer/kestrel_tests/NEW NEWS/NEWSFLASH: FF3 is "king of the heap" here now, in javascript parsing speeds, but of what gain is this? Security risks abound in running javascript on "every site under the sun"... limiting it to sites you absolutely NEED it for is the way, IF you wish to stay safer online that is.Opera's just more std.'s compliant - for example, having passed all the ACID (2/3 before anyone on the latter & one of the first for the former no less), plus it's faster + MULTIPLATFORM, & more secure than the others out there - thus, it's an "all-around" overall best solution!QUESTION - So, "where do you want to go today?"... ANSWER = Opera (if you're into speed, security, & std.'s compliance + using a webbrowser that runs on most any platform out there for computing is where).----ALSO - HOW TO SET THE "KILL BIT" ON ACTIVEX CONTROLS:(I.E.-> This is how to stop an ActiveX control from running in Internet Explorer)http://support.microsoft.com/kb/240797In case you have "problematic" or security vulnerable ActiveX controls, per this RealPlayer example thereof:http://service.real.com/realplayer/securit...1007_player/en/APKP.S.=> An update to my earlier point here about it, noting FireFox3 & Opera 9.50 now, newest releases (vs. FF 2.0.0.14 &/or Opera 9.27 last round here/earlier on in this post-thread)... apk Quote Link to comment Share on other sites More sharing options...
rong Posted June 26, 2008 Report Share Posted June 26, 2008 I didn't read all that but I think No Script does that. Quote Link to comment Share on other sites More sharing options...
APK Posted June 26, 2008 Author Report Share Posted June 26, 2008 I didn't read all that but I think No Script does that.It is mentioned above, for FireFox users...:)APK Quote Link to comment Share on other sites More sharing options...
APK Posted July 3, 2008 Author Report Share Posted July 3, 2008 For those of you interested in using custom HOSTS files (for BOTH added security & added speed online)?"APK Hosts File Grinder 4.0++"http://www.thenewtech.com/forums/attachmen...mp;d=1214726022(Sorry, this board does NOT allow "dynamic image tags" so, if you wish to see a screenshot of it, where I documented its development? See here -> http://www.thenewtech.com/forums/chit-chat....html#post16080 ):)----The application above has been built by myself, for folks just like YOU, & of course, myself!----It allows you the end-user, the ability to:1.) DO very EASY Integrating the HOSTS files of others, such as MVPS.ORG & others noted @ wikipedia, here -> http://en.wikipedia.org/wiki/Hosts_file (even if in other internal line-by-line formats) "scrubbed into" the MOST EFFICIENT format there is (allowing less memory &/or disk space occupancy for loading, of 0<singlespace>URL<cr+lf> ), first, & then...2.) Speed up access to your fav sites, via 1st pinging them (so their IP Address IS up-to-date/current), & adding them to the normalized non-repeat line items list on the right above3.) Add/remove sites from a hosts file, but by first checking for their pre-existence inside the HOSTS file on ADDS, & rejecting if there already (& adding if NOT present)4.) Lastly, it will FULLY NORMALIZE (accurately 110%) a HOSTS file (normalize = removal of duplicates)...leaving you with one in the MOST efficient format line-wise there is (noted above, which consumes less memory & faster loadtime from disk)----It has allowed me to:A.) Take valid HOSTS file data EVERY known & respected HOSTS file there is (noted from the wikipedia link above, & also from SRI, Shadowserver, Dancho Dancheve's Blog, SpyBot S&D, Spamhaus, Phishtank, + others also, such as my own research into this area), & integrate them FIRST into a HUGE 20mb file, & then via normalization, reducing its size to 12mb on disk (removing repeats which they will have between one another & sometimes inside of themselves even), reduce its size that way (1/2 the intial size almost from all that date), first...B.) It has also made a 12mb SUPER-COMPREHENSIVE custom HOSTS file out of an intially 20++ mb sized one, from the sources above... allowing the SAME function as they offer (because their HOSTS FILES' many times using 127.0.0.1, or, 0.0.0.0 formats, instead into a MORE EFFICIENT ONE, of 0<singlespace>URL<cr+lf>)... thus, MASSIVELY reducing its size on disk & in RAM once loaded into your local DNS cache, yet offering the SAME function!C.) Create a CUSTOM HOSTS FILE loaded with FULLY alphabetized entries into your HOSTS file (so it is easy to search thru, even via notepad.exe).-----* It can do the same for you as well, should you be interested in such a tool... if you are? Email me, here:[removed]APKP.S.=> General statistics on its, while in operation:700k-5900k memory occupancy prior to load of HOSTS file data...( & up to 167mb IF a "huge" hosts file (like 1 million++ line entries) is used)\Its runtimes (noted above) will vary, depending on the size of the HOSTS file being processed (should NOT exceed 3 hrs (&, for most folks, since they do NOT have files of such size in their HOSTS file? Heh, it will be the "blink of an eye" on most all sections (scrub, add/remove entries - validate entries, normalization-removal of repeated items, & save to disk) up to 2 minutes or so)PLUS - It was built in the MOST efficient & fastest code combination I know of (Borland Delphi 7.x, Win32 API, & Inline Assembler code)(Especially for this type of string processing (of which Delphi alone in math & strings often MORE THAN DOUBLED (sometimes, tripled) the speed of both MSVB & MSVC++ in, in (of all places) Visual Basic Programmer's Journal Sept./Oct. 1997 issue "INSIDE THE VB COMPILER" issue))+ A truly "SUPER-EFFICIENT" algorithm, on each area of processing (especially normalization, taken down from DAYS time over 1 million++ records, to only 3 hours time max, if no repeats exist... if repeats? Far, FAR faster!)Which speaks worlds alone right there... this app makes FAR shorter work of this, than does using ping.exe (for speedup of sites), MsAccess (via SQL Select Distinct queries work, & the potential import/export hassles it can have (leaving trailing spaces &/or quotes for example, bloating files on export)), & notepad.exe (good luck normalizing one using its Edit-Replace menus is all I can say... especially IF you have a BIG hosts file)... apk Quote Link to comment Share on other sites More sharing options...
APK Posted July 14, 2008 Author Report Share Posted July 14, 2008 Researcher to demonstrate attack code for Intel chips:http://www.infoworld.com/article/08/07/14/...el_chips_1.htmlSALIENT/PERTINENT EXCERPT:----------------------------------------------------"Kaspersky says CPU bugs are a growing threat, with malware being written that targets these vulnerabilities... Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel's microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running."----------------------------------------------------* Now can anyone see WHY I recommended turning off Java/Javascript (& other browser addons/extension languages) for "every site you use under the sun"?APKP.S.=> There are more examples inside this guide, & of this SAME type of idea (crank off the java/javascript etc. et al & ONLY keep it active on sites you ABSOLUTELY need it for, to have the site function properly - lessening your potentially attackable surface online basically).. heck, even adbanners have exploits of this nature in them lately... The examples I put in this guide ARE far older too, dating back 1-3 yrs. but the point is only here, again, & moreso (far more dangerous this time, imo @ least)... apk Quote Link to comment Share on other sites More sharing options...
APK Posted August 29, 2008 Author Report Share Posted August 29, 2008 Well, @ this point? I think this guide's PRETTY SOLID, because nobody has been able to "add points" to it, from across 27 other forums online (many are "serious geek" oriented sites too)!(... & the fact that some folks from "THE PLANET" (a large website & hosting provider online) offered to hire me on as a remote security specialist @ this point (pretty cool) for Win2k3 servers they use, as well as what appears to be their personally managed or owned sites also (KTInteractive)).In any event?@ People Reading: This IS your "Iron Man Armor Online"!So, have @ it ('snap it on') - & enjoy a F A S T E R, & FAR MORE S E C U R E online setup on your Windows NT-based OS' of today (Windows 2000/XP/Server 2003 & yes, even VISTA to a good extent) via applying CIS Tools' suggestions & my own that "layer ontop of it"...:)* I am FAIRLY certain it's done - As I can't think of any more points & methods to secure your Windows NT-based rigs, & thus, I close this post off... she's all done as far as I am concerned... this same message will go across ALL others like it that I am still able to edit/add to online, @ some point today in fact.APKP.S.=> Sorry for the 'closing note' but, if anyone's interested, this is the "final model" of this guide & its points... enjoy! apk Quote Link to comment Share on other sites More sharing options...
APK Posted September 3, 2008 Author Report Share Posted September 3, 2008 Something I ran into the other day on a Windows XP Home Edition system, that others may as well:When using a relatively speaking "LARGER" (purely relative term) HOSTS file? You MAY have to disable your DNS Client Service. This should not happen when using relatively tinier sized HOSTS files (1mb sized & below), but, can on some systems, & the way to disable the DNS Client service is quite simple::)* This is achieved via going to the START button, RUN command, type in SERVICES.MSC & once it comes to the screen, find the DNS Client Service in the list of services & right-click on it (or, doubleclick) & use the PROPERTIES screen, & use the STOP button (to stop the service) & then set its startup type to DISABLED, & this 'lagging' goes away (reboot is recommended, especially on Windows 2000 systems, for the HOSTS file to reload... otherwise, changes may take up to 5 minutes to take, so reboots make that quicker & assured on ANY Ms Windows-NT based OS (2000/XP/Server 2003 & VISTA).APK Quote Link to comment Share on other sites More sharing options...
APK Posted November 6, 2008 Author Report Share Posted November 6, 2008 Continuing on WHY I put up "POINT #18" on the pages prior to this one (turning off javascript processing in Adobe Acrobat Reader & webbrowser + email programs also):For users of Adobe Acrobat Reader (of any version or patch level today - safety hint):Since it has been attacked so much recently (via its ability to place javascripting into its .pdf document format, & javascript that bears truly "ill will")? Well, update to the latest/greatest version... HOWEVER, if you don't trust that, as I do not, FULLY?(I say this, & simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!)Plus, like I had stated earlier in this guide?I suggested turning off using javascript for EVERY SITE online, in your webbrowser (& only keep it for ones that demand it (or, become useless w/out it, like many shopping &/or banking sites - this lessens the possibility of being poisoned by bad adbanner OR site code & also lessens the attack surface area + limits the possibles to the sites you left javascript on for, ONLY))??Try this FOR ADOBE ACROBAT READER ALSO:TURN OFF JAVASCRIPT USAGE IN ADOBE ACROBAT READER!Simply to be safe vs. attacks in it that are javascript-based in nature!----Use Adobe Acrobat's EDIT menuPREFERENCES submenuJavascript section (in left-hand side column of options)& uncheck "Enable Acrobat Javascript" in the right-hand side option for that.----What boggles MY mind, moreso in webbrowsers &/or email programs though (as far as javascript is concerned)? Browser makers are working on speeding up its processing, first, rather than securing its weak/exploitable DOM (document object model) behind it. Speeding up javascript in webbrowser programs, for example?WELL - That's only speeding up how FAST you can be infected by misuse of javascript then, really, & this is all (not good!).(AND, anyone reading here now can simply take a read over @ SECUNIA.COM &/or SECURITYFOCUS.COM & see that a GOOD 95% of today's attacks are hitting users via the indiscriminate use of javascript (misuse of it) on every website they go to). ----Imo @ least, but, one based on the data in this guide (plus that from security websites I noted above)? Javascript should be turned off by DEFAULT in a webbrowser!Why??Well, because most times, if a site needs it???The site errs out & signals the user javascript is required. Turn it on @ that point, IF you absolutely NEED it to be running (& only then, for useful tasks you wish to perform online, such as data access like you see on shopping &/or banking websites)I mean, hey: Even adbanners have been abused this way & proofs of that abound in this guide no less.In fact, when I noted this over @ slashdot?I was "modded down" for it, & just for telling the truth to javascript (& other scripting languages) developers... just for telling the truth! Boggles the mind. Secure that DOM behind javascript first, for security, AND ONLY THEN, work on speeding it up afterwards. That's not how it's being done though, unfortunately.----10 Forces Guiding the Future of Scripting:http://developers.slashdot.org/comments.pl...mp;cid=25362703---- Another bonus (for speed this time though, not security), also exists in turning off javascript processing in webbrowsers: Speed. I.E.-> You're not using CPU cycles processing scripts that you probably don't actively directly use, yourself (such as ARE needed on e-commerce/shopping + banking websites, where you DO need it mostly to do actual useful tasks), & you're also not "hauling in" data from other servers (slowing you down even moreso, if not compromising your system (such as have been seen the past 4++ yrs. now or so, in bad adbanners that house javascript misuse)) that you don't really need, or want, around on your webpages you view...APKP.S.=> That assures you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)...So, evidence as to WHY one should do this to Adobe Acrobat Reader (until it's patched vs. this type of thing):Critical Vulnerability In Adobe Reader:http://it.slashdot.org/article.pl?sid=08/11/05/2042211(Dated 11/06/2008, 8 months after I noted this here no less - if/when Adobe secures THIS particular exploit in their program? Turning off javascript processing (enabled by DEFAULT in that program no less, mind you) can help protect vs. other exploits like this one, in the future, that misuse javascript)...----Turning off javascript in this program, & also webbrowsers + email programs simply assures you that you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)... apk Quote Link to comment Share on other sites More sharing options...
APK Posted December 14, 2008 Author Report Share Posted December 14, 2008 Microsoft missed patching a KNOWN issue on this literally BIGGEST Ms-Patch Tuesday to date on 12/09/2008 (most bugfixes issued ever by Microsoft, & to close off year), & then?Read here below to get the details, + past that, to patch yourself easily with an easy fix I figured out:----Oops! Missed One Fix — Windows Attacks Under Way:http://it.slashdot.org/comments.pl?sid=105...mp;cid=26072169----&----Microsoft warns of new Windows bug, says attacks under way(WordPad Text Converter flaw wasn't patched in big Tuesday update):http://www.computerworld.com/action/articl...ticleId=9123100----What is below, courtesy of "yours truly", fixes it!(Simply by altering the file association for the Explorer/IE shell from WordPad.exe to winword.exe (it's immune to this, & Ms-Word handles old Windows 3.x & NT 3.5x Ms-Write .wri files, just fine...)).REG FILE TO USE IF YOU USE WinWord 2003/Ms-Office 2003 (easily altered for 2000/XP/2008 versions):----Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\.wri]@="Word.Document.8""Content Type"="application/msword"[HKEY_CLASSES_ROOT\.wri\PersistentHandler]@="{98DE59A0-D175-11CD-A7BD-00006B827D94}"[HKEY_CLASSES_ROOT\.wri\Word.Document.8][HKEY_CLASSES_ROOT\.wri\Word.Document.8\ShellNew]"FileName"="winword8.doc"----1.) Paste what is between the dashed lines only above, into notepad.exe2.) Save it as TYPE "All Files", & on disk as APKMsWordPadBugFix.reg3.) , & then open it using regedit.exe. It will ask if you want to merge this registry file. Do so.(That's a fix before Ms issues a fix, because it changes the .wri file extensions' file association from opening in WordPad.exe if you click on any bogus files sent your way, hopefully not, but just in case, & the shell will spawn the process as Microsoft Word, which is immune to this in most modern versions of it, if not all versions)A simple to do, easy fix for anyone, even before MS issues a fix... POTENTIALLY/POSSIBLY IMPORTANT:IF you have versions of Ms-Office (Ms-WORD specifically), other than 2003?You MIGHT have to change "Word.Document.8", wherever it appears above, to whatever version number yours is, along with the GUID used to do the OLEServer library marshalling/summoning of Word to open .wri files with, instead of Wordpad.exe & that's found in the .doc file association under -> HKEY_CLASSES_ROOT , easily enough)...APKP.S.=> "We can do this... We HAVE the technology!", lol, too bad MS didn't, talk about easy, I don't see HOW they could have missed this IF it was a KNOWN issue that came up before "Patch Tuesday" 2 days ago, I thought of it in literally 2 seconds, & took maybe 2 minutes to make the file & test it, it works... apk Quote Link to comment Share on other sites More sharing options...
APK Posted February 13, 2009 Author Report Share Posted February 13, 2009 Here is a PRIME example of where most folks that try this test can take the result to, scoring-wise, on the CIS Tool Security Benchmark test:http://www.thenewtech.com/forums/attachmen...mp;d=123454010199.058/100 :)* Not TOO shabby, eh? (I.E.-> A NEAR 100% perfect score for a client of mine whose system I secured this week taking it from a 45/100 default score, to this one, DOUBLING its security rating per this test, & THEN some... & , in fact, it probably is a perfect score (I say that, because 4/5 things it scored me down on, I actually DID have right for this client of mine, but yet the test scores me down on them (it makes SOME errors here & there is all)))APKP.S.=> Placing this result here for posterities' sake and as an example of how secured a Windows system can be, per this benchmark of security test's gauge thereof... apk Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.