Topic: computer vulnerability | |
---|---|
***Test your computers vulnerability. There are a lot of hot spots in your computer that you are not even aware of, especially if you are running a Windows OS.
***My Linux OS passed everything with an ace. *** check the shields up & leak test under hot spots. ***Test the security of your computer running on the net.*** http://www.grc.com/ |
|
|
|
How many did you find? Please post your results. I am going to test a windows PC from my network later and post the results.
|
|
|
|
lets tell everyone he vulnerabilities
of the system and go to some website and click on invade me just a thought but hey what do i know |
|
|
|
Ummm none? Being I don't use Windows or Linux *shrug*
|
|
|
|
I will do this on all 5 of my computers this weekend and let you know the results. They are all running different instances of Windows XP (Home Edition, Home Premium, Professional, 64-Bit) and one with Windows Vista Home Edition.
|
|
|
|
How many did you find? Please post your results. I am going to test a windows PC from my network later and post the results. For it to be a fair test, every time you test a machine ensure it is set as the DMZ on your router. BTW... Steve Gibson sucks, he knows little about computer security, he is an out dated and out moded ASM programmer, who uses scare stories to get published. He seems to surround himself with sycophants who hang on his every word. Do not trust this guy (Steve Gibson) with you security! I read a paper written by a real security professional about how Shields Up is flawed, I'll dig it out. For the record, use a decent port scanner such as nmap, its surprising what ports appear closed with traditional port scanner but are actually open when you change the scan type. It is also important to know what services are running on each port, this is where you will find most of your vulnerabilities. In short, just because Shields Up says your ok, you might not be! I've (with permission) taken over machines by sending an email with a malformed WMF, and Animated Cursor (XP Pro), Shield Up could not have known I would do this! The machine was running Norton AV, and I got straight in, Outlook was running in the background, and just retrieved my mail, crashed, and I had a remote shell with full system privileges. I was connected to their lan, which was secured with a WEP Key (64bit). It took me less then 9minutes to crack the WEP Key with two laptops. On a similar not, how do you know what you software is doing, is it downloading updates? Will this introduce new vulnerabilities? Mac users need to be just as careful, I remember recently am exploit that used the WiFi driver on Macs, and the attacker just needed to be within range of the Mac in question. Ta, ~C. |
|
|
|
Thanks for all of the info Chrish. You are correct with the DMZ settings for people with networks. To be fair. I guess that really that my biggest point is that running port scanner tests, (most linux distros will scan ports already without nmap), you can easily find that a windows os has a lot more open ports and vulnerabilities than a linux distro.
|
|
|
|
***WarDriverJ. All computers have open ports. If not, then you cannot communicate outside of your box. By the way, I didn't catch your OS.
***adj4u. Do you not realize that you already have these vulnerabilities. Telling anyone or not telling anyone of your open ports will not change anything. The ports are open. You are invaded daily. I think it better to know. If I was to have some screwed up disease, I would want to know. |
|
|
|
Yes I know computer have open ports, I'm using OS X and yes I'm aware it could be vulnerable too
|
|
|
|
Yes I know computer have open ports, I'm using OS X and yes I'm aware it could be vulnerable too One problem with the OSX firewall, is that although it appears all ports are close, Root (UID 0) is still allowed to run processes that open ports. While not a problem in itself, its a bit misleading. For monitoring outbound connections, I recommend Little Snitch (http://www.obdev.at/products/littlesnitch/index.html). Ta, ~C |
|
|
|
what is real mean of vulnerability as an term uses for computer security?
|
|
|
|
Combinations of computer hardware and software is what determines the security of the given system/box. Some computer software relaxes security defences allowing them to be 'vulnerable' and even prone to different types of attacks on your system/box.(examples: viruses, trojans, worms, spyware, ect.)
|
|
|
|
chrish says: "For the record, use a decent port scanner such as nmap, its surprising what ports appear closed with traditional port scanner but are actually open when you change the scan type."
NMapFE is in the package manager in Linux Ubuntu 7.04. It is a gui front end for NMap. There is a Nmap for windows. ---for linux or windows--- http://insecure.org/nmap/download.html |
|
|