PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesnt happen..Hackers are at least 10 steps ahead..So how to find methods to find such unknown threats??

This experience was really scary and frustrating because my only defense was that the times the hacker was logging with my identity I was at my workplace away from my home computer which was the one connected to the spoofed Cable Modem but still not a strong enough defense.

After arguing with the Security Dept. and not getting anybody to sympathize with me, even though I was only getting a warning I decided I couldn’t use the high speed internet (the only choice in my area) and make myself a victim of the hacker so I wrote a letter detailing my ordeal to the Security Dept. naming the people I have talked to and detailing my story and how I was being forced out of their high speed internet service because of another person impersonating me thru my MAC and IP address. I closed my account and had to get back to dial up service.

After a year I got brave enough to reopen my account but this time I rented a modem from the ISP so I didn’t loose my money if somebody spoofed my equipment again. I have been almost three years and the experience hasn’t been repeated. Now I have installed a wireless network at my home in order to connect my daughter’s computer to the internet. I’ve been reading about how to secure it but my previous experience has got me a bit paranoid, specially with the higher vulnerability of Wireless networks.

What would be the best way to protect my MAC address against spoofing? If a person could do it when it was only one wired computer connected with a cable to the Cable Modem how easier it might be now that I have a wireless network? My brother in law says not to worry, that a bolt of lightning doesn’t falls twice on the same spot but I can’t help to feel very paranoid.

Thanks!

Using Windows XP media centre edition with SP2. belongs to a Lao woman in the office. Displays a picture of a naked woman on the desktop which can not be moved. causes great embarrassment.

Found it in screensavers, named ‘sex picture.scr’ stored in Windows. described as AutoCAD file.Unlocked Windows from read only, wiped it, it came straight back. searched for other files on download date (July 3 2006) two other files, same size 50K named .VirusUpdate’ and Virus Scan

Each time I delete them they come back. ran various virus scan programs who declare my system healthy.

Help

Thanks a Lot!

Someone is having problems sending emails to us which did not exist before. Our email server (Unix based) did not list his domain as spam according to our email technician. Also for troubleshooting purposes i’ve asked him to send to my hotmail account which resulted in the same manor not receiving. After several attempts i received an email both on my hotmail and company accounts, emails sent before were test emails, no attachements. We have no limitation on attachments sent or received. Each company belongs to a different ISP. What could be the problem? What approach should i take to troubleshoot this problem. The following are the error messages he received
—************To Hotmail Account****************—
The attached message had PERMANENT fatal delivery errors!

After one or more unsuccessful delivery attempts the attached message has been removed from the mail queue on this server. The number and frequency of delivery attempts are determined by local configuration parameters.

YOUR MESSAGE WAS NOT DELIVERED TO ONE OR MORE RECIPIENTS!

Failed address: myemail@hotmail.com

: Message contains [1] file attachments
—*******************************************—
—************To Company Account*************—
The attached message had transient non-fatal delivery errors

THIS IS A WARNING MESSAGE ONLY – YOU DO NOT NEED TO RESEND YOUR MESSAGE!

This server is configured to automatically retry delivery at configured intervals. Subsequent attempts to deliver this message are pending.

Failed address: myemail@companydomain

— Session Transcript —
Wed 2007-01-24 11:06:15: Parsing Message <xxxxxxxxxxxxxxxxxxpd50000000621.msg>
Wed 2007-01-24 11:06:15: From: hisemail@companyemail Wed 2007-01-24 11:06:15:
To: myemail@companydomain Wed 2007-01-24 11:06:15: Subject: FW: :
Egyption Law Wed 2007-01-24 11:06:15: Message-ID:
<002101c73f84$a234f100$3af0e2c3@IMADIDS>
Wed 2007-01-24 11:06:15: MX-record resolution of [companyEmailServer] in progress (DNS Server: 195.226.240.60)…
Wed 2007-01-24 11:06:19: Name server has no records of the requested type for that domain Wed 2007-01-24 11:06:19: Attempting SMTP connection to [companyEmailServer : 25] Wed 2007-01-24 11:06:19: A-record resolution of [companyEmailServer] in progress (DNS Server: 195.226.240.60)…
Wed 2007-01-24 11:06:19: D=companyEmailServer TTL=(106) A=[companyEmailServer] Wed 2007-01-24 11:06:19: Attempting SMTP connection to [companyEmailServer : 25] Wed 2007-01-24 11:06:19: Waiting for socket connection…
Wed 2007-01-24 11:06:19: Socket connection established (195.226.240.60 :
1112 -> companyEmailServer : 25) Wed 2007-01-24 11:06:19: Waiting for protocol initiation…
Wed 2007-01-24 11:06:49: 30 second wait for protocol timeout exceeded.
Wed 2007-01-24 11:06:49: This message is 71 minutes old; it has 0 minutes left in this queue Wed 2007-01-24 11:06:49: Primary queue lifetime exceeded; message placed in retry queue
— End Transcript —
: Message contains [1] file attachments
—*******************************************—

Thank You

I should start by saying that I come from an Exchange background so the Lotus email environment is still a bit new to me…but I’ve been tasked to put together a checklist for Lotus Notes Incident Response and am wondering if anyone is willing to share incident response guidelines or recommendations for reviewing a Lotus Notes/Domino server? For example, what type of log files or database files to preserve during incident response to a lotus notes server attack or unverified intrusion?
(domlog.nsf, etc ?)

Thanx

I am interested in positioning myself into the role of InfoSec Admin at my compnay and was hoping that i could get some advice on how to sell the position to a reluctant management team. I know where most of our security issues currently are, but I need a more general description of the role and its value in order to justify dedicating a good percentage of my time to it.

Any advice and help would be appreciated.

I have small workgroup having 10 computers in my office. I do some personal work in office like using yahoo messenger, checking personal e-mails and some online banking site. But how does one of my senior knows it? I do everything lonely and securely so that nobody in the office knows it. But he knows everything about my sites I visit everyday. He has also cracked my yahoo password twice. He even knows it, if I open any site for a few seconds in a day.

My question is, is there any website or any program which can track the details of LAN computers?

I think he is using that to find out everything about my computer. I use win 2000 with service pack 4 and he uses win xp sp2. Windows defender is also installed in my computer.

Any help on this would be highly appreciated.

Thanks