Ask MetaFilter questions tagged with exploit

Have I suffered a PDF exploit?

grouse — Tue, 24 Mar 2009 11:14:46 -0800

I tried to visit the web site of a local business, and a PDF was automatically and unexpectedly downloaded. What was it trying to do, and how can I know whether I avoided the exploit? The web site was orangecab dot net, and its hompeage contains an extraneous seeming iframe for namebrandmart dot cn, with filename in.cgi?income18. Following that with wget as follows (replacing "." with " dot " as necessary)

$ wget http://namebrandmart dot cn/in.cgi?income18

--11:06:12--  http://namebrandmart dot cn/in.cgi?income18

Resolving namebrandmart dot cn... 94.247.3.150

Connecting to namebrandmart dot cn|94.247.3.150|:80... connected.

HTTP request sent, awaiting response... 302 Found

Cookie coming from namebrandmart dot cn attempted to set domain to mmcounter dot com

Cookie coming from namebrandmart dot cn attempted to set domain to mmcounter dot com

Cookie coming from namebrandmart dot cn attempted to set domain to mmcounter dot com

Location: http://freewebhostguide dot com/index.php [following]

That file, in turn, contains an iframe for cache/readme.pdf. That caused Acrobat Reader to stall, but I tried to kill it as quickly as possible. Using Acrobat Reader 8.1.1/WinXPSP2.

What to do now?

Can SQL Server and IIS live happily ever after?

JohnFredra — Tue, 17 Mar 2009 18:29:00 -0800

Hosting SQL Server and IIS on the same co-located server: Good idea, bad idea, or terrible idea? I'm looking to reduce the discrete points of failure on my co-lo'd servers. I've got one machine running SQL Server 2005 (with replication) and a separate machine IIS 6.0, both on Windows Server 2003. Our client software talks to both to SQL Server and IIS via ports that are open to the internet, but the two servers do not currently have any need to communicate with one another. We chose to go with this setup primarily as a security measure to prevent exploits for either of SQL Server or IIS from granting someone trivial access to the other, and to date this has worked pretty well.

If we were to host both SQL Server and IIS on the same box, what can we do to maximize our security given that both must be accessible from the internet? Are there any best practices associated with this, or is it just roundly rejected as a bad idea?

I'll do my best to fill in any details I've left out -- I'm not the IT guy, but I've hopefully enough working knowledge of the configuration to provide more context. Thank you!

How can I be mayor of Hooverville?

bingo — Fri, 26 Sep 2008 15:58:39 -0800

I have a good, stable job with a disposable income. What should I be doing to take advantage of the troubled economy?

Computer exposed to internet without a firewall, now what do I do?

miasma — Tue, 06 May 2008 19:28:48 -0800

My computer has recently been exposed to the wild internet without being behind a firewall. I'm running Windows 2000 without a software firewall. What should I do now to clean my machine and make sure it hasn't been subject to an exploit? I made the mistake of putting a gaming device in the DMZ of my router for a short while. When I came back today, the dynamically assigned IP had switched, and it was my computer that was in the DMZ. As a result, my computer has been exposed to the wild internet without a firewall. I have all the latest service packs and hotfixes installed. What else should I do to make sure that my machine hasn't been exploited?

I have Spybot S&D for spyware and AVG for virus checking.

Currnet Macintosh OS X vulnerabilities or exploits?

loquacious — Sun, 03 Feb 2008 15:36:01 -0800

What is the current state of the art in Macintosh OS X vulnerabilities, exploits and other remote security issues? I'm a recent convert to OS X, and I'm fairly familiar with Unix/Linux/BSD - however, my primary work and IT experience is with Windows.

As such, I like to stay informed of these issues - and I also like experimenting with my own machines - and I like to feel more secure about the machines I use by knowing what is and isn't possible.

What's new? What should I be aware of as an IT consultant and support tech? What can I experiment with at home?

I'm particularly interested in buffer overflow exploits, pings-o-death and other remote DoS or TCP/IP stack attacks.

All Your $$$ Are Belong To Us!

mooders — Tue, 02 Jan 2007 14:06:35 -0800

Sue a software vendor for financial loss caused by security flaws in their software? I'm interested to know whether an exploit or flaw in a software vendor's product has ever led to a (personal | corporate) financial loss and whether this loss has been verified as caused by such an exploit or flaw, leading to the successful prosecution of the software vendor for reclamation of the loss.

If not, what would need to happen for such litigation to stand a chance of succeeding? Is it even possible, given the lengthy and largely unintelligible (to the likes of me and many others) EULAs?

Google exploit

Jimbob — Fri, 15 Sep 2006 03:52:51 -0800

Can someone explain to me what this: http://www.google.com/u/gplus is all about? How is it done? Hint: you may not want to enter your real Google login details into the form. This popped up on del.icio.us today. I'm trying to work out how someone scored a google.com/* address to run fake password-grabbing login page on. What's the trick?

Broke my Moniter, need to access my tower... Any thoughts?

TrueVox — Thu, 23 Feb 2006 12:10:10 -0800

Any way to gain access to a win XP box through a forced remote desktop (or another method?). Or even a network install (though that'd be hard, I don't dare lose anything on the HDD) of Linux? Oh, and I don't have a monitor (that's the root of the problem) I don't have a (working) cd rom drive, and there's 3 hdd's on the unit with valuable data (some loseable, some not, but the not loseable is spread accross all the drives). It's got USB ports, but I don't know if it's set up to boot from USB. It has a component out (and the cord even reaches the TV! :D), but for some reason it's not enabled (anyway to force that?). I have little Linux knowlege, but I have BASIC terminal use (navigation, deletion, directory creation, etc.). Is there anyway to force it to accept a Telnet request? Or anything like that? Oh, and yes the drives are shared, but I don't have the space to back them up to do a wipe, so sadly that's out. Thanks in advance!