A real, live, phishing site for you to play with!

[Mike Easter]

~BD~ wrote:
> Mike Easter wrote:
>> ~BD~ wrote:

>>> I am 99.9% certain that when I was linked directly to the Annexcafe
>>> server *someone*, *somehow*, sent something down the line which put my
>>> machine out of action.

I'm trimming below and rearranging the dialogue so as to emphasize what
I think you are replying to. If you bottom post without context, it is
as bad as the person who top posts without context.

>> The mechanism by which you could acquire something in a newsgroup in
>> which you were rendering html insecurely and executing executables with
>> a vulnerable operating system would be for the adversary to upload
>> something and for you to download it and execute it - or else provide a
>> link for you to 'go get' the malware.

> Maybe you have hit the nail on the head, Mike!

Does that mean that when you were participating in annexcafe that you
were rendering html with your news agent and browser integration in OE
and IE and WinXP configured insecurely and you believe that you
experienced some kind of 'infection' during that insecure html news
message rendering?

>> If the would-be victim-reader isn't behaving like that; rendering
>> html insecurely or going off to malicious sites by accident, then
>> the reader has nothing to worry about from the news server's
>> messages.

Or, were you behaving in this other manner, OE secured by its
relationship with IE being in restricted mode and/or not rendering html
but displaying in plaintext?


--
Mike Easter

[~BD~]

Mike Easter wrote:
> ~BD~ wrote:
>> Mike Easter wrote:
>>> ~BD~ wrote:
>
>>>> I am 99.9% certain that when I was linked directly to the Annexcafe
>>>> server *someone*, *somehow*, sent something down the line which put my
>>>> machine out of action.
>
> I'm trimming below and rearranging the dialogue so as to emphasize what
> I think you are replying to. If you bottom post without context, it is
> as bad as the person who top posts without context.
>
>>> The mechanism by which you could acquire something in a newsgroup in
>>> which you were rendering html insecurely and executing executables with
>>> a vulnerable operating system would be for the adversary to upload
>>> something and for you to download it and execute it - or else provide a
>>> link for you to 'go get' the malware.
>
>> Maybe you have hit the nail on the head, Mike!
>
> Does that mean that when you were participating in annexcafe that you
> were rendering html with your news agent and browser integration in OE
> and IE and WinXP configured insecurely and you believe that you
> experienced some kind of 'infection' during that insecure html news
> message rendering?

Yes. I knew no better then

>>> If the would-be victim-reader isn't behaving like that; rendering
>>> html insecurely or going off to malicious sites by accident, then
>>> the reader has nothing to worry about from the news server's
>>> messages.
>
> Or, were you behaving in this other manner, OE secured by its
> relationship with IE being in restricted mode and/or not rendering html
> but displaying in plaintext?

No. I didn't know that I should,

HTH

D.

[~BD~]

StevieO wrote:
>
> "~BD~"<~BD~@nomail.afraid.org> wrote in message
> newsNednRPFbbJWzHzRnZ2dnUVZ8uqdnZ2d@bt.com...
> StevieO wrote:
>> Perhaps they are ALL part of the Secret Annex Society?
>>
>> You never thought of that did you...LOL
>
> <snip bull****>
> Already asked and answered. (see above)
>

Interesting list here!

http://www.cleverbridge.com/

[Mike Easter]

~BD~ wrote:
> Mike Easter wrote:

>> Does that mean that when you were participating in annexcafe that you
>> were rendering html with your news agent and browser integration in OE
>> and IE and WinXP configured insecurely and you believe that you
>> experienced some kind of 'infection' during that insecure html news
>> message rendering?
>
> Yes. I knew no better then

Then that is more like 'infecting yourself' than what you said:

> I am 99.9% certain that when I was linked directly to the Annexcafe
> server *someone*, *somehow*, sent something down the line which put
> my machine out of action.

That description is as if the perp specifically attacked you - your
connection interface, like a hacker cracking the security of a server or
specifically exploiting a vulnerable IP.

Both annexcafe and the ex-msnews servers stamp the NPH IP of their posters.

If you are alleging a specific attack on your dialup IP, that would be a
very unusual exploit. While it would be easy to determine the IP you
accessed the news server with, but it would be unlikely for your
computer and its files (even attempt) to be accessed from the WAN
because -1- your system would not be expected to have its ports hanging
out there open (see GRC's Shields Up) and -2- your IP is going to be
very dynamic and changing because the behavior of a dialup user is to
dialup by logging on, access the WAN and transact and then disconnect --
not hang onto the connectivity with a functionally static IP.

OTOH, if someone posts ie 'hangs out' a malicious html which is
accessible to anyone who is foolish enough to execute its exploit, that
is quite a different perspective. Not a specific attack, but a
nonspecific 'trap' for anyone so vulnerable, not you per se.

--
Mike Easter

[~BD~]

Mike Easter wrote:
> ~BD~ wrote:
>> Mike Easter wrote:
>
>>> Does that mean that when you were participating in annexcafe that you
>>> were rendering html with your news agent and browser integration in OE
>>> and IE and WinXP configured insecurely and you believe that you
>>> experienced some kind of 'infection' during that insecure html news
>>> message rendering?
>>
>> Yes. I knew no better then
>
> Then that is more like 'infecting yourself' than what you said:
>
>> I am 99.9% certain that when I was linked directly to the Annexcafe
>> server *someone*, *somehow*, sent something down the line which put
>> my machine out of action.
>
> That description is as if the perp specifically attacked you - your
> connection interface, like a hacker cracking the security of a server or
> specifically exploiting a vulnerable IP.
>
> Both annexcafe and the ex-msnews servers stamp the NPH IP of their posters.
>
> If you are alleging a specific attack on your dialup IP, that would be a
> very unusual exploit. While it would be easy to determine the IP you
> accessed the news server with, but it would be unlikely for your
> computer and its files (even attempt) to be accessed from the WAN
> because -1- your system would not be expected to have its ports hanging
> out there open (see GRC's Shields Up) and -2- your IP is going to be
> very dynamic and changing because the behavior of a dialup user is to
> dialup by logging on, access the WAN and transact and then disconnect --
> not hang onto the connectivity with a functionally static IP.
>
> OTOH, if someone posts ie 'hangs out' a malicious html which is
> accessible to anyone who is foolish enough to execute its exploit, that
> is quite a different perspective. Not a specific attack, but a
> nonspecific 'trap' for anyone so vulnerable, not you per se.
>

Thank you for your comments, Mike. I'll get back to you later!

D.

[Peter Foldes]

"Mike Easter" <MikeE@ster.invalid> wrote in message
news:8kitksFmguU1@mid.individual.net...
> ~BD~ wrote:
>> Mike Easter wrote:


> Thank you for your comments, Mike. I'll get back to you later!

Mike

I am sorry to bud in here and it is not for anything ,except that when Dave say's
the above, it means that he did not understand what you posted. Hopefully he will
study and think and then realize what you were saying to him as so he can understand
the subject at hand. He has a terrible habit of misunderstanding what people say and
mean.

And David if you are reading this,then re-read what Mike posted and meant and if you
do not understand then ask him again,so as you will be clear with the subject and
issue.


--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect

[~BD~]

Peter Foldes wrote:
> "Mike Easter" <MikeE@ster.invalid> wrote in message
> news:8kitksFmguU1@mid.individual.net...
>> ~BD~ wrote:
>>> Mike Easter wrote:
>
>
>> Thank you for your comments, Mike. I'll get back to you later!
>
> Mike
>
> I am sorry to bud in here and it is not for anything ,except that when
> Dave say's the above, it means that he did not understand what you
> posted. Hopefully he will study and think and then realize what you were
> saying to him as so he can understand the subject at hand. He has a
> terrible habit of misunderstanding what people say and mean.
>
> And David if you are reading this,then re-read what Mike posted and
> meant and if you do not understand then ask him again,so as you will be
> clear with the subject and issue.
>
>

I actually went to watch 'The Apprentice' (Sir Alan Sugar) on TV.

I hope you didn't mind. http://www.bbc.co.uk/apprentice/

[~BD~]

Mike Easter wrote:
> ~BD~ wrote:
>> Mike Easter wrote:
>
>>> Does that mean that when you were participating in annexcafe that you
>>> were rendering html with your news agent and browser integration in OE
>>> and IE and WinXP configured insecurely and you believe that you
>>> experienced some kind of 'infection' during that insecure html news
>>> message rendering?
>>
>> Yes. I knew no better then
>
> Then that is more like 'infecting yourself' than what you said:

I won't dispute that!

>> I am 99.9% certain that when I was linked directly to the Annexcafe
>> server *someone*, *somehow*, sent something down the line which put
>> my machine out of action.
>
> That description is as if the perp specifically attacked you - your
> connection interface, like a hacker cracking the security of a server or
> specifically exploiting a vulnerable IP.

That is exactly what I meant!

> Both annexcafe and the ex-msnews servers stamp the NPH IP of their posters.

I am *now* aware that _every_ URL I visit can determine my individual
IP. See http://www.browserreport.com/

> If you are alleging a specific attack on your dialup IP, that would be a
> very unusual exploit.

Yes - I am!

> While it would be easy to determine the IP you
> accessed the news server with, but it would be unlikely for your
> computer and its files (even attempt) to be accessed from the WAN
> because -1- your system would not be expected to have its ports hanging
> out there open (see GRC's Shields Up) and -2- your IP is going to be
> very dynamic and changing because the behavior of a dialup user is to
> dialup by logging on, access the WAN and transact and then disconnect --
> not hang onto the connectivity with a functionally static IP.

You are well aware that I struggle with technical computer matters.
However, when my money was stolen in 2005 I well remember that I was on
my first year of Broadband continuous connection. As I never unplugged
my modem from the telephone socket my IP address would have remained
(more or less) constant.

That situation also pertained when I first went to Annexcafe User2User
at the behest of an email from a certain Kuay Tim (last heard of having
contracted Cancer). I asked many questions and did, actually, learn a
great deal! I'd never been to 'newsgroups' before but I obviously dug
too deep and was eventually (in my opinion) deliberately targeted -
personally. Not just once, but maybe half a dozen times ...... that was
*before* I was banned from posting on U2U.

> OTOH, if someone posts ie 'hangs out' a malicious html which is
> accessible to anyone who is foolish enough to execute its exploit, that
> is quite a different perspective. Not a specific attack, but a
> nonspecific 'trap' for anyone so vulnerable, not you per se.

Now that is what happened 'the next time around' when, later, I was
posting on the UK U2U group. On a fresh, clean, install of Windows XP -
and having just installed Norton Internet Security 2006 (with
Antispyware) it 'caught' an offending URL - I clicked on a link posted
by Makara@Starfleet. When I raised the matter with the Moderator/Sysop
of U2U, instead of being pleased that I'd brought a rogue URL to the
attention of others, I was 'rubbished and told that my computer and/or
software was at fault. That's when my 'hunt' really took off in earnest!

A thread to read here on Jenn's BB.
http://www.pqlr.org/bbs/viewtopic.ph...d42d7bc4e526c5

It starts with a post I'd made to Dave Higham (of Dogagent.com - which
provides a back-up service to Annexcafe) where I said ......

Quote:

"I cannot recall having said, at any time, that any advice given on U2U
was suspicious (but I may have forgotten!).

My suspicion is that one of the many new and hard-to-detect forms of
malware can be loaded onto a PC without the knowledge of a user. They
may well be unaware of such an infiltrator unless they have really good
and up-to-date protection and, even then, this can be disabled by some
intruders (at least, that is what I have been led to believe).

The only way to detect same is to actively seek it out, something which
many here and on A/C seem to be reluctant to publicise. That in itself
makes me concerned. An on-line scan and/or use of programmes like
HiJackThis (probably with help from experienced users) are likely to be
the most helpful ways to find such culprits.

I am accusing no-one. BUT ....... I have been directed to a web site by
a poster which Norton (NIS 2006) reported infected on the first occasion
I went to the URL. Maybe it was a 'false positive' - but there again,
maybe it was a true finding!

There are many hundreds of users of Annexcafe newsgroups. Probably many
on your groups too. Whilst I recognise that it is the personal
responsibility of each individual to protect themselves, I'll wager that
many have not done so!

FWIW

David

**

HTH

D.

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:Y8KdneAvzefV_HnRnZ2dnUVZ7sqdnZ2d@bt.com...
> Mike Easter wrote:
>> ~BD~ wrote:
>>> Mike Easter wrote:

<Bullcrapp snipped>


David

Give it a rest with this paranoia of yours concerning Annex,Ahuma, Malwarebytes and
God knows how many others. Nobody gave your computer malware aside from yourself.
You go to sites that are seedy (we know this because of your habit of posting links
to these sites in 05-08.
Enjoy your computer experience and stop blaming others for the issues that you are
encountering which you bring on yourself without anybody's aide

And stop being a Troll

--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect

[Dustin]

~BD~ <~BD~@nomail.afraid.org> wrote in
news:36ednYIJteENQ37RnZ2dnUVZ8r-dnZ2d@bt.com:

> Dustin wrote:
>> ~BD~<~BD~@nomail.afraid.org> wrote in
>> news:SdadnXhygNdoNn_RnZ2dnUVZ7vmdnZ2d@bt.com:
>>
>>>> Did you forward the email BD? Based on the material you posted,
>>>> it appeared as if you uploaded a .zip file right to vt.
>>>
>>> I received an email which had a zip file as an attachment. The
>>> attachment had a virus within it, so my ISP would NOT download it
>>> to my machine. However I *was* able to forward the email, complete
>>> with it's attachment to scan@virustotal.com. The response I posted
>>> here was also received by a return *email* message from
>>> VirusTotal.
>>
>> That's amazing. No really, that your ISP (ahem, cough cough)
>> wouldn't let *you* open the attachment, but would let you forward
>> it to every other tom dick and harry? So much for security control.
>
> Here's the message - and the 'Warning'!

Sure is. Your ISP uses norton? Strange, that it will not let you
download the attachment, but will happily let you forward it to
everyone.

>>>> Oh, and btw, as soon as you "opened" the email; it was
>>>> "downloaded" to your computer, moron.
>>>
>>> I dispute what you are inferring. The email message itself *was*
>>> of course downloaded to my machine - but the attachment was *not*!
>>
>> Did you see the email message on your screen, Dave? Yes, yes you
>> did. How do you suppose it got there? I'll wait. You're truly
>> learning more each and every day!
>
> Yes!

You've been quick to edit what I actually wrote I see.

> http://i53.tinypic.com/23t357s.jpg
>
> Shall I send it to you so you *know* for certain that it can be
> done?

I didn't say it couldn't be done. You need to try reading slower. What
I said was, ahem, cough, cough, clears throat; THE GODDAMN EMAIL
DOWNLOADED TO YOUR ****ING COMPUTER WHEN YOU SAW IT ON YOUR SCREEN, YOU
IGNORAMOUS ****. Thank You. The attachment is optional.


--
Stupidity isn't a crime. So you're free to go.