Home | Community | Message Board

MRCA Tyroler Gluckspilze
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Maeng Da Thai Kratom Leaf Powder   Myyco.com Golden Teacher Liquid Culture For Sale   Bridgetown Botanicals Bridgetown Botanicals   Unfolding Nature Unfolding Nature: Being in the Implicate Order

Jump to first unread post Pages: 1
OfflinemotamanM
old hand
 User Gallery
Registered: 12/18/02
Posts: 6,047
Last seen: 6 days, 13 hours
FTC: Windows feature is a backdoor for spam * 1
    #2080919 - 11/07/03 12:12 PM (20 years, 4 months ago)

http://www.sltrib.com/2003/Nov/11072003/business/108934.asp

FTC: Windows feature is a backdoor for spam





By Bob Mims
The Salt Lake Tribune

The Federal Trade Commission has some urgent advice for users of Microsoft's Windows Messenger Service: Turn it off. Now.
Back-door security flaws in the application -- an internal feature in personal computers using the latest versions of Windows, not to be confused with the MSN Messenger Internet chat program -- are being mercilessly exploited by spam "pop-up" advertisements.
"Turn off the Windows Messenger Service. For most home users, [it] serves no purpose," FTC Consumer Protection director Howard Beales said Thursday. He added that Microsoft itself planned to set the program to a default "off" position in future shipments of its operating system.
The impetus for Beales' alert during a Washington, D.C., teleconference was the FTC's obtaining of a temporary restraining order against D Squared Solutions LLC and two officers of the San Diego company, Anish Dhingra and Jeffrey Davis.
Prosecutors allege the defendants used a "back-door" security flaw in WMS -- typically used by networks to send internal problems, or even to notify users of a completed print job -- to barrage PCs across the country with repeated pop-up ads.
Most of the ads, which appeared on-screen as often as every 10 minutes -- pitched $25-$30 software programs to block future pop-ups. By using the WMS portal, D Squared purportedly inundated its targets with pitches even when users were not on the Internet, the usual arena for such annoyances.
"They create a problem for consumers then charge them for a solution," Beales said.
Davis could not be reached, but Dhingra, contacted by telephone, declined to comment on the allegations. However, in a Cnetnews.com article published online Nov. 25, 2002, Dhingra was quoted as denying his pop-ups were spam because affected users could simply turn off WMS to prevent them from appearing.
Microsoft spokeswoman Tara Gregory applauded the FTC's action. "Microsoft remains committed to combating the spam epidemic through a multifaceted approach" comprising developing better antispam measures, backing strong laws and aggressively helping to prosecute violators, she said.
Last month, Microsoft issued a security warning that WMS was vulnerable to back-door attacks. The software giant also announced it would disable WMS -- formerly set to the "on" position by default -- and activate Windows' Internet Connection Firewall to protect computers from such attacks. The changes are slated for mid-2004 release in Windows XP Service Pack 2; current editions of Windows XP still have WMS enabled.
Complaints about the flaw have been widespread. Last month, leading Internet service provider America Online went so far as to block use of the WMS feature by its subscribers.
Xmission, one of Salt Lake City's leading Internet service providers, moved even quicker.
"We blocked [WMS] in early spring," said Xmission owner Pete Ashdown. "We noticed an increase of messages coming in on that port, which we knew was a security risk. It is very rarely used these days for anything except [spam]."
Jay Lepreau, a computer-security research associate professor at the University of Utah, is quick to echo advice to turn off WMS and install a firewall. He recommends Zone Alarm, which can be downloaded for free from the Internet and also can protect against spyware -- hidden programs that monitor user activity and transmit the data to a third party.


How to deactivate WMS

* To disable Windows Messenger Service, Windows users generally can click on Start, select Control Panel (or click on Settings and then the Control Panel); double-click on Administrative Tools; double-click Services; and then double-click Messenger. In the Startup type list, click Disabled. Click Stop, and then click OK.
For further instructions, visit http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp.



--------------------
http://heffter.org

Extras: Filter Print Post Top
InvisibleTinMan
Stranger

Registered: 10/01/02
Posts: 2,956
Loc: Russia
Re: FTC: Windows feature is a backdoor for spam [Re: motaman] * 1
    #2081038 - 11/07/03 01:01 PM (20 years, 4 months ago)

I don't quite understand how they get messages through if they aren't on your network.

Extras: Filter Print Post Top
Offlinewindex
old hand
Registered: 06/27/01
Posts: 1,293
Last seen: 9 years, 9 months
Re: FTC: Windows feature is a backdoor for spam [Re: TinMan] * 1
    #2081127 - 11/07/03 01:26 PM (20 years, 4 months ago)

>>I don't quite understand how they get messages through if they aren't on your network.

For some reason messenger is wide open, accepting connections from anywhere, any decent firewall would stop them.

All these explitable services that most dont end up using are left on by default while the firewall which would stop quite a bit off it is left off by default. Microsoft, go figure..

Extras: Filter Print Post Top
InvisibleXochitl
synchronicitycircuit
Registered: 07/15/03
Posts: 1,241
Loc: the brainforest
Re: FTC: Windows feature is a backdoor for spam [Re: motaman] * 1
    #2081179 - 11/07/03 01:43 PM (20 years, 4 months ago)

disable that shit: adjust services


--------------------
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

-Donald Rumsfeld 2/2/02 Pentagon

Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero

Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 9 days
Re: FTC: Windows feature is a backdoor for spam [Re: Xochitl] * 1
    #2088559 - 11/10/03 03:56 AM (20 years, 4 months ago)

> I don't quite understand how they get messages through if they aren't on your network.

They "spam" subnets sending a message to each IP address within the subnet without knowing what, if anything, is attached to an IP address.



--------------------
Just another spore in the wind.

Extras: Filter Print Post Top
Invisiblefunkymonk
Get's down, withthe get-down.
 User Gallery

Registered: 11/29/02
Posts: 8,160
Loc: saskatchewan
Re: FTC: Windows feature is a backdoor for spam [Re: Seuss] * 1
    #2090379 - 11/10/03 06:54 PM (20 years, 4 months ago)

any links for the exploit?

Extras: Filter Print Post Top
Invisibledjfrog
omgws!!!1!

Registered: 10/22/00
Posts: 3,710
Re: FTC: Windows feature is a backdoor for spam [Re: funkymonk] * 1
    #2091228 - 11/11/03 01:21 AM (20 years, 4 months ago)

Go to your system32 directory and type "msg /?"

Extras: Filter Print Post Top
OfflineT0aD
Stranger

Registered: 06/18/02
Posts: 4,475
Last seen: 15 years, 8 days
Re: FTC: Windows feature is a backdoor for spam [Re: djfrog] * 1
    #2096141 - 11/12/03 07:34 AM (20 years, 4 months ago)

AHAHAHA


--------------------
Cuba Libre

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: PhytoExtractum Maeng Da Thai Kratom Leaf Powder   Myyco.com Golden Teacher Liquid Culture For Sale   Bridgetown Botanicals Bridgetown Botanicals   Unfolding Nature Unfolding Nature: Being in the Implicate Order


Similar ThreadsPosterViewsRepliesLast post
* Post deleted by Administrator Alien 1,270 12 05/30/03 11:21 PM
by u4ia
* Your opinion on Windows XP SP2
( 1 2 all )
Fliquid 3,696 28 02/08/05 12:09 AM
by Fliquid
* Spam? I need of some quick help. Toddo 397 1 09/29/05 09:02 PM
by drtyfrnk
* Windows Vista So Secure, No Anti-virus Required??
( 1 2 all )
DiploidM 3,926 30 11/30/06 03:45 PM
by Konnrade
* Do you use Windows Messenger? YthanA 572 3 05/13/07 02:10 PM
by daytripper05
* how can i change a password i don't know on windows xp? Krishna 1,327 4 12/26/05 08:31 AM
by Krishna
* Check your system for the MyDoom Windows worm!
( 1 2 all )
YthanA 6,432 29 02/15/04 12:24 PM
by Annom
* Messenger service SKINNYDOGGY 929 5 06/20/05 09:45 PM
by Vvellum

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
1,271 topic views. 0 members, 0 guests and 0 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.027 seconds spending 0.007 seconds on 14 queries.