:: 08-Apr-2000 23:24 (Saturday) ::

I haven’t said anything in my .plan in quite sometime so I figured I’d
make some sort of announcement. Moonwick and I are currently finishing up
the first part of a series of projects I currently have planned. Stay
tuned to this space in the next day or so for details.

:: 08-Apr-2000 01:48 (Saturday) ::

As an update to my previous plan I thought I would inform those of you
who have open share or who are wondering if you are open to attack.

So with that said, here is some info. You might want to take a look at
http://www.grc.com/ and use the ShieldsUP utility to test your computer
for vulnerabilities and information about how to secure yourself. This
web site has some great info on how secure your machine and info on products
you might want to look into. Follow the sheilds up links and read carefully.

ZoneLabs also has a free for personal-use firewall at
http://www.zonelabs.com/ that you may wish to consider installing. This
product is very easy to use and best of all is free for your personal use.

With this info to read and look at, we should get to the root of the
problem. Open windows shares. You might have thought it a great idea to
be able to share files with your freinds, family, coworkers, and the like.
But when you set up your windows shares, you decided that you wanted these
people to be able to write, change, and share data. So you said no when
windows gave you the option to set a password on the share.

So now you can share your files with others without needing them to know
a password. Great! Wrong! You have now completely opened your computer to
anyone who has net access to you. You should consider the need for shares.
If you do not need share at all, turn them all off. If you need to just
make info available to people you might consider sharing a single folder
and making it read-only. If you need to share data and need someone to
alter that data, you might want to consider sharing a single folder and
password protect that share. After that you should remove all share that
you do not need.

So what do you do to close your shares? Well first of all, you can shut
your shares off buy going to Control Panel–>Network and turn off file
sharing, or unbinding it from the TCP/IP interface totally.

If you think you were infected please contact help@distributed.net

Well I hope I didn’t bore you too much.

:: 07-Apr-2000 16:26 (Friday) ::

OK, I know I’m supposed to be getting OGR stats working, but I couldn’t
stand it any longer.

I’ve made some tweaks to the RC5-64 stats processing to eliminate some
unnecessary bottlenecks and resource usage. Things like eliminating
“distinct” in the same query with “group by”, since “group by” will return
distinct groups anyway. And like updating three fields at once instead of
three separate queries.

Also, I changed the ranking scripts so, in the case of a tie for rank,
the newest participant (largest id) will be listed first. This should
allow new members to see themselves in the ranking list sooner. Before,
they were sorted low-to-high ID.

Apart from the sorting, the only visible impact should be a slight (and
I do mean slight) increase in processing speed.

On a personal note, I wanted to apologize that the OGR stats are taking
so long. The rewrite is turning out to be more involved than I thought.
I’m trying to control the scope-creep, and also juggle my time with work
and now, buying a house. I have been making inroads, but I’ve still got
some work before we can start testing.

Thanks for your patience, and for all the cycles!

:: 03-Apr-2000 20:44 (Monday) ::

It has come to our attention that a user has been using a derivative of
the back orifice VBScript/open windows share hole to install the
distributed.net client on unsuspecting machines. The basic hole is described
at http://vil.mcafee.com/vil/vbs98477.asp, where the user attaches to an
open share and places the VBScript on the users hard drive for execution
on the next reboot and installs the executable and configuration files.
After infection the trojan attempts to find other insecure machines to
install itself on.

Infections can be verified by looking for a network.vbs and a
microsoft_office.lnk in the Startup folder. The dnetc.exe and dnetc.ini
files will be present in the c:\windows\ directory, and a network.log is
frequently found in the root directory (c:\).

We are still working to track down the user responsible for this act.
Information is still being gathered at this time.

It is against distributed.net policy to install and run the distributed.net
client on machines where authorization has not been given. Please see
http://www.distributed.net/legal/policy.html for our policy concerning
usage of the distributed.net client.

Users should be aware that this attack is not specific to distributed.net.
This attack can be used to install any software on a users workstation,
such as Back Orifice or any other application. This attack depends on
finding machines that have open (no password is set) Windows Network
Neighborhood shares. Users should disable file and printer sharing if
possible, and if not, ensure that all of their shares are password
protected.

:: 01-Apr-2000 20:54 (Saturday) ::

“Ich bin drin.”