Whenever I try to log on to http://www.blackboxvoting.org/ I get a localhost spoof connection attempt. This is a known WEB exploit. Will other techies please check it out?

I get the page and it seems to be ok. Does this mean it could still be hacked and we don't know it? I think I read they were going to move to a more secure sever - I have not had any problems for several days, and before that had many problems.

Meg

That type of hack allows access to your file system. The Cybernet created vulnerability works this way. You would probably not know anything was going on unless you monitored your disk activity and noticed you were accessing files that didn't jive.
The reason I noticed it was that my Firewall logs indicated it but most systems allow localhost connections, so it would be a transparent remote access to the perp.

I haven't been able to bring their site up at all this weekend. In fact, it's been down most of the past week and a half. At least I haven't been able to get to it.

It seems to be OK now, BUT...it is rather old. The newest post is dated Tuesday, November 16. Is anyone in touch with Bev or Jeff?

I have turned off all scripts from the Internet Zone. With this setting my firewall lists no local host connection attempts.


If I trust a site I may place it in the Restricted Zone where I allow limited scripting.


Internet Explorer is set up for 99% of people to have medium security in the Internet Zone and in the Restricted Zone have maximum security.

The problem with this default setting, is that it is too late to list a site as Restricted when you know it is dangerous. It will by then have attacked your computer.

In other words... don't go there? This conversation got a bit too technical for me.

Untill we can figure out why the site is trying to set up a connection that is not normal, it is advisable that you stay away. Anything new there will make it to this site anyway. I just wonder how many backdoors have already been installed.

So, is Big Brother trying to get into the computers of the curious minds among us who want a working democracy?

Thank you FormerCIA, I wasn't quite sure. The last thing I need is my computer being affected, even though I use a Mac and think they are more secure.

Your MAC is essentially a FreeBSD machine which runs a UNIX variant. The Cybernet hack affects UNIX machines too, so don't get too smug. I run FreeBSD

Um............... I know that it gets easy to see enemy's around every corner, but can we please try to take a deep breath here?

I use a firewall with a pretty restricted setting, and Black Box opened up just fine for me. Nothing to indicate any unusual settings, and all looked fine and in working order.

My firewall Blackice is set to Paranoid and not problems
all ports are closed to incoming it still would have flashed
a warning

This is the typical warning I get:

Connection attempt to TCP 127.0.0.1: 1026 from 127.0.0.1: 1260 flags : 0x02

If you dont blink and watch carefully, you can also see it seup on your browser progress bar. The reason you don't see it as a warning is that it appears to come from inside your machine so your firewall is ignoring it. This is not paranoia. You need to set your firewall rules to warn for localhost connections (127.0.0.1) to see it.

How can I tell what ports are open and what ones I need to have open, if any?

I've noticed my computer making pretty loud whirring noises (twice within the past 2 days). It's less than a year old. This didn't start until I got onto all these voting fraud websites. Is something wrong--should I do some kind of anti-virus thing to it?

This techie talk is way beyond 99% of us. Can someone summarize in English

1. What is happening to the blackbox site and
2. What it and other similar sites can do to protect themselves and
3. What we can do to protect our own computers (keep it simple, please).

This may not be the correct place to ask about this, but a couple of days ago, on the 19th to be precise, in trying to access the Commonground forum, I received a page that read: "Bandwidth Limit Exceeded." It indicated that the server was temporarily unable to service my request due to the site owner reaching his/her bandwidth limit. It asked me to try again later, but I was unable to access the site for most of the day. This was an Apache/1.3.33 Server at
www.commongroundcommonsense.org Port 80. For those of you who are more technically knowledgeable, could you please provide some thoughts on this. I noticed that this problem did not occur to most of the other forum members because of the number of postings that were made that day.

Any thoughts on this?

(Excluding Miranda Rights, please.)

You can run portscanner software on your machine. there are also sites that will scan your machine from the internet to look for open ports. I have no ports open on my machine, two firewalls and the kernel locked down but if I access an evil web page that has my machine request an object, then I can be vulnerable too. The web browser is the weak link in the chain.

Free trial software

Blackice

http://www.iss.net/issEn/DLC/blackiceevaluation.jhtml

Spyware from webroot

http://www.webroot.com/shoppingcart/tryme....4000&vcode=DT02

McAfee antivirus

http://download.mcafee.com/us/eval/evaluate2.asp

It was due to the volume on the server we were and they were awaiting transition

to a new server

Thanks for the information. Will find the port scanner software later today when I am at the office (have dsl there and dialup here). I had clicked on the bbv site as I began reading the thread, machine started whirring, so I disconnected, ran adware, deleted critical objects, etc.

We have as many or more brillant computer people that would protect,and spread this information into various locations.I'm not concerned about a single site getting hacked.Do you think this information would not have been backed up?
Once it hits the fan, fraud information will probably flood the internet from sources within the country and from foriegn ISPs. There is NO WAY this genie is going back in the bottle, that would entail stopping the entire internet,and major credit cards, banks, and stock traders won't allow that to happen.

I have Zone Alarm Firewall and Anti-Virus (I highly recommend ZA), and predominantly use Mozilla for my browser. I tried IE just to see if BBV.org would come up for me and it still sits there like it's waiting for something to happen. I dont even get the standard "Server unavailable" message that generally comes up when a site is down.

This was addressed by one of the moderators or administrators, I believe. Search the archives, but the message was that there is increased demand and the site was moved to a larger capacity server.

No. This is plain bunk pure and simple.

This sort of thing stems from, and preys upon, people's general lack of understanding of computers (no offense, just being honest).

There is NO vulnerability created by CyberNet, first of all.

Second, there is NO vulnerability in just going to a web site AT ALL.

Sure, there are cool things that any web developer can do that can scare the heck out of people, like displaying the contents of your local drive, seemingly within their page. But, keep in mind, your web browser does not display what is on their server, but rather what was downloaded to your local system.

Therefore, it is pretty easy to embed a folder display that will show anyone their local folders, but, all it is really doing is having your web browser pull up your folders. THEY cannot see this, only you can.

The ONLY method for this type of intrusion on a person's local system would be to ask you to install an ActiveX control, requiring you to give permission for it to install.

Neither JavaScript nor VBScript are capable of local system access of this kind.

Hope that helps to ease people's fears a bit.

INSTALLING A PERSONAL FIREWALL , SPYWARE and VIRUS PROTECTION will serve you well. AND OCCASIONALLY DISCONNECT FROM THE INTERNET...DON'T KEEP YOUR DOOR OPEN 24/7!

for those of you who don't have a firewall ... GET ONE.. the internet is a dangerous place...

there are free ones... Outpost has a freebie that I have found easy to use and clear in helping you to configure it.

If you have these 3 types of programs in place...you'll stay in good shape. If YOU DON'T LET THEM IN THE DOOR...you are ahead of the game.

The biggest problem are users who LEAVE their computers online all the time. You do become a "better target". People with dial up rarely get targeted...but

no protection is "bullet proof" but good habits and taking the RIGHT precautions will take the "target" off your computer. Hacker's in general will target easier prey and getting in past these protections take "time".

Make sure that you have a real good firewall
I use Sygate SPF Pro 5
It notifies me when any app is trying to access the Internet ,, it gives me the port no. being used, which app is trying to access, and hopefully, where it is going
It has a 3 setting Application functions
It notifies me whenever a port is trying to access coming or going
You enable (allow) ONLY those apps which you are familiar with as needing to go out to thru the firewall- like msn, your security apps, not too many apps need to access the firewall. It lists all the apps which have access to the firewall/internet
some are easy to ID , some are in code - you can go down the list and google each one to research each app to find out if it is normal, benign, or a threat ( malicious app)
Pest Patrol has a good research library and so does Symantec (Norton)
You have to have a number of Security Apps in place
1. Firewall-Sygate Pro is REAL GOOD- only sold by download
2. AntiVirus-Norton is real good. plus their support and library is superb
3. AntiSpyware- at least 2 or more programs- I use Pest Patrol , AdAware and others
thru Pest Patrol I can access StartUp Apps and Running Apps-these are important and easily manage Cookies
4. Other Spyware Programs rated high are Spysweeper, Spybot Search and Destroy go to PC magazine www.pcmag.com and look up their reviews
5. AntiTrojan Programs-TDS-3-by DiamondCS is the best- out of Australia
www.diamondcs.com-
they have some other good products as well-downloadable
6. If you are on Broadband/DSL, your computer is connected to the Internet
ALL the time ,if your machine is turned on. Even if it is off, it can be accessed by remote machine apps- like "PC Anywhere" by Symantec- I never installed this app- and Pest Patrol found it installed in my Desk Top-
SO- you must have a Linksys Router ( made by Cisco) these have a Physical
Firewall (NAT Firewall) which helps
EVERY time I am online- my firewall stops a Port Scan Attack
If you are unsure of which apps to set at "Allow", "Ask", or "Block" on your Firewall,
then you set at block or Ask settings and see which ones affect your connection
Most Back Web apps are for updates for programs, if it is a program which is not updateable reliant- i.e. Kodak photo app- block it
If you think that you don't go to dangerous sites, so you are safe, you are 100% wrong
When I got my laptop, new, in Dec., the 1st 2 or 3 hours, I set it up with Security Software apps- 1st I installed PestPatrol, than Anti Virus , than the Firewall-
I went to NO OTHER sites- in those 1st 2 or 3 hours- I pcked up THREE (3)
malicious apps!!!!!
I have noticed recently that something has commanded a couple apps to access the internet-these are apps which have nothing to do with internet usage, so I blocked them
TRUST NO APP unless you know for sure what it isMessenger is very Vulnerable and is a popular attack route-it is not really needed, so you can block Messenger
Each computer has 65,500 ports of entry and exit!!

No it doesn't you evil little Sh*t.!!!

Forgive me if this was mentioned, but also using the Automatic Updates option in Windows to make sure you always have the latest security patches, etc. is a good idea (if you don't want this done automatically, you can select Windows Update from your start menu, or just go to http://windowsupdate.microsoft.com)

Oh, and it is 65,536. Has to be divisible by 8.

I clicked on a website in the JK Forum once and froze my computer. On rebooting my virus scan set off alarms. It found 600+ backdoor viruses although it had a clean virus check the previous night.

Ignore members giving you unsound advise on this site, when it sounds like BULLSH*T trust your gut reaction.Some of these folks are quite cagey,and sound reasonable for awhile........we aren't fooled for long.
Do Not open any attachment emailed to you that doesn't have your name and the sender's name in the body of the email.This is where 90% of attacks can be prevented.

OMG! I sat up in bed this morning and clicked the remote. I always check to see what all the cable news stations have to say about this and that. Low and behold, I caught a snippit of what "The Beltway Boyz" lol...were talking about on Fox. Seems that they are "spinning" on the tin-foil head bloggers, saying they are "crazy" and "wacko", (in regards to the stolen election). I nearly barfed and had to change the station....IT WAS SO PUKY! Those two make a pair to draw to....their faces and tone were just nothing I could begin to describe to you. Seeing is believing!

About protecting myself from others seeing what I am doing on the internet. I am exercising my freedom of speech here. I invite anyone to see and read what I am up to. Most would be bored at what this old 56 year old kindergarten teacher thinks and says anyway. I'm running off a school county server. Its firewall prevents porn and R-rated stuffs. lol! End of story.

wliberty
PLEASE
Tell us what site you went to that did that to you computer!!!

This is actually not possible. Viruses are programs which can only be installed on your computer either if you give them permission, or if you have previously given another program permission to be installed which then downloads the viruses.

Viruses cannot be placed on your computer solely by clicking on a web site.

Now, all spyware/adware programs, and now some antivirus programs, will detect cookies set by certain domains as being *malicious* because they are used to track your browsing habits via banner ads from site to site.

This is certainly what could have been the case in this instance.

As for freezing your computer, there is a neat little trick you can use to determine hardware vs. software lockups. If your computer completely stops responding, press the caps lock key. If the light changes, then the lockup is likely software related, if it doesn't change, then it is likely hardware related. Hardware related lockups are VERY rarely due to malicious activity.

Another common thing: the moust pointer freezes. This is actually, more often than not, caused by a faulty video driver (the little file that translates communications between your operating system and applications and your video card).

Again, I am not trying to blast anyone here, I am just imparting some useful information as I have been working with computers for over 23 years and my company regularly deals with security issues. Sadly, we have been called out to locations due to reports of activity like this only to find out that it was not a virus or any threat at all, just a malfunction.

I don't remember but it was a news site from China. I tried to get out of it but it wouldn't allow me. It locked up my computer. I can't be positive that is where I picked it up but that is where a problem occured. I hadn't been on the internet since the virus scan except on the JK forum.

I hope that wasn't directed at me. But if it was, oh well. I can only try to inform. I cannot make anyone believe anything.

As for the email attachments, I would follow a strict rule of not opening ANY attachments from anyone no matter who sent it.

Why? Because many of the viruses, worms, etc. that have been written lately will, once they have infected a system, read the address book and then send email messages that seem normal to everyone in the address book.

So, that recipe for cookies from Aunt Jane could actually have been sent by a malicious program.

If someone needs to send you something in text, tell them to just open Notepad and send it as a plain .txt file. Of course, watch for files named something like:

filename.txt____________________________________.exe

Because the file is then actually an executable program and the filename was devised to extend off the edge of the dialog in your email program so it doesn't show you the .exe portion.

Of course, I HIGHLY recommend Norton AntiVirus. If you have one of the newer versions of that installed, it will scan your email and all attachments as they come in.

But, if you do not set the program to regularly download new virus definitions you almost might as well not be running it.

Could someone please answer this question? I would have asked the same one!
Thanks.

Well, I don't know that this is the right forum, but I am more than happy to answer stuff like this.

The loud whirring sound is, more often than not, the fan in the power supply, or another case fan if your system has one, starting to go.

Find any fans in your system and listen to them as closely as possible and see if the sound seems to be coming from one of them.

The power supply fan will be the one in the back of your system. If there are any other fans, they could be mounted either in the front or back of the case.

A less common source for this sound could be the hard disk starting to go too. If the sound does not seem to be emanating from any of the fans, and you feel comfortable opening the case, and you can identify the hard disk, then put your ear near that.

In the case of a fan going, the sound should be almost constant, but may change in intensity. It will often create a vibration in the case too. In the case of the hard disk, the whirring noise is generally high-pitched and absolutely constant.

One last thing to check would be the CD-ROM drive. First make sure there is no disc in it. If the sound only occurs when a disc is present in the CD-ROM drive, then that is likely the culprit.

Most, if not all, computer manufacturers mount the CD-ROM drive to drive rails or a drive cage inside the case with steel screws. With the newer drives, this can cause a vibration to resonate throughout the case.

Back in 1998, when my company was opening a chain of retail stores and they were building a lot of computers, the first high speed CD-ROM drives started to come out. We had one customer describe the sound of the drive almost like a vacuum cleaner. After brainstorming a bit, we found a supplier of very thin rubber washers that we put on each screw and suddenly the drives were absolutely silent!

My bet would be on the fan in this case.

Just for the record, there is NO malicious program that can actually, physically damage the hardware in your computer.

Well, it is not that Macs are more secure than PC's (just as Linux is really no more inherently secure than Windows).

The honest truth is that since there are so many more PC/Windows users, it makes more sense for attackers to create viruses for them and to spend more time looking for exploits in them.

So, what you have here is your *localhost* (which is just the name for your local machine) trying to contact your *localhost*.

This is completely harmless.

Check to see if you have a proxy server entry in your web browser. Often, if your browser thinks it should be looking for a proxy server, it will check the localhost first.

Thank you. I just took a CD from the cd-writer tray, courtesy of my dear child. Will see if it happens again next time I start up.

Yes. Try http://www.symantec.com

They have a free scanner that will check your machine.

For the people who really want to dig deep, you can do a search for Blue's Port Scanner which allows you to scan ANY machine.

If you want to scan your own, just enter the IP address as 127.0.0.1

Safe ports include:

21 - FTP
25 - SMTP (email outgoing)
80 - HTTP (web)
110 - POP (email incoming)
443 - HTTPS (secure web)

Those are standard. There are others for various messaging programs, also 1433 & 1434 for SQL Server, 5631 & 5632 for pcAnywhere. But those should be closed if you do not use that software.

A computer making a whirring sound could be hard drive activity. Is the red light on when it's making this sound? Are you running a firewall or anti-virus? Your computer will sometimes be running a system check or a virus scan behind the scenes, or you could have an app on there that's running and not know about it.

Downloading a free program like Ad-Aware or SpyBot will allow you to scan your system and see what all might be on your system as far as spyware is concerned. If you hesitate to remove everything, then quarantine it until you know for certain you didn't take out anything you really need. However, I've never removed anything with Ad-Aware that resulted in system problems.

As others have already said, everyone should be running a reliable firewall and an updated anti-virus. Yes, there are malicious sites and it is possible to have a malicious app installed on your system without your being aware this has happened.

As I said earlier, I run Zone Alarm which was written by a former hacker. You can download a free version of the firewall from their website. Just do a search for Zone Alarm and you should be able to find it.

Norton is good, but I had a very difficult time with it and my system was constantly siezing up on me. It could have been that I was running Windows ME at the time, I'll never know though because when I put XP on my machine I lost my purchase number and unlike the previous poster who said Norton has good customer service, that hasn't necessarily been my experience. However, I know a lot of people who swear by Norton.

Nothing accesses the internet from my machine at home unless I set it to access on my firewall. And those apps are few and far between. It means I have to answer my firewall to allow an app to access (those programs that want to look for updates), but it is worth the hassle to protect my data.

One of the reasons IE is so vulnerable to attacks (and I'm sorry, but it is and they can enter your pc through your browser and through IM programs, it happens all the time) is because it is the most popular browser so most viruses and spyware are written for it. It is suggested you use a different browser from IE, however I really have not had a lot of problems with IE after I got my firewall.

This doesn't necessarily mean Karl Rove has hacked your pc. The internet, even without the evil empire, is a dangerous place. There are corporations who are very interested in what websites you visit, what games you play, where you shop, ect, ect. We all know what telemarketers can do to drive you insane, well multiple that a hundred fold on the internet.

Cookies are a way of life, most are merely a mini-app that allows a website to come up quicker the next time you visit it. Or, if you have a paid membership to a specific site, the cookie they put on your hard drive is what remembers you the next time you log on. These are very common. Some can get annoying and help generate spam, others generate pop-up ads, and some, commonly called trojans, can use your system to send spam to other people so the spammer doesn't get caught. Viruses are what destroy data on your hard drive.

So anyone who accesses the internet or has email should be running an up-to-date (and I can't stress that enough because new viruses are created daily) anti-virus. You never open an attachment unless you know the person sending it, you know their computing habits and you are expecting the attachment. Even then, it's generally wise to save it to disk and then scan it before opening it, although a good anti-virus will have already scanned it before it hit your in box.

If you have DSL or cable modems, you need a firewall! As someone already said, anytime your system is on, you are connected to the internet.

And thank you, rottman. I'll check everything you wrote too. You guys are all great!

No problem, we just went through this at work and it fell to myself and a co-worker to come up with "rules" for the pcs in our computer room so we didn't get infected again. So it is all fresh in my mind.

UPDATE From Jeff Fisher: Several websites possibly hacked.




They tried a few tricks lately didn't they....

I am not trying to argue, but just to make sure we are offering correct info:

1. No one can hack your system through Internet Explorer. There are several exploits (all are patched by latest updates) that would allow someone, for example, to cause IE to *gack* on a really long URL which would then cause the remaining text to actually get run as a command that would a launch another executable.

But, Internet Explorer is a tool that pulls information rather than creates an open connection that accepts information.

The previous example I gave for ActiveX controls are not limited to Internet Explorer and those are separate apps that are installed.

2. Cookies are not actually "mini-apps", but actually just plain text. Netscape, for example, stores all cookies in one large text file, IE stores each domain's cookies in a separate text file. But, that is all they are, just text files.

And each cookies set by a given domain can ONLY be read by the domain that set it. No way around that.

However, companies such as DoubleClick use banner ads on sites and set a doubleclick.net cookie on your system. Then, each banner ad that is part of their network can read that cookie and then it can be determined what sites you visit, but ONLY sites that have those doubleclick banner ads on them.

Hopefully this is taken the right way. Consider that I am correcting information and not correcting you.... please....

For the record, the issues with Jeff's site yesterday, as found by both myself and at least one other member here, were actually *dead links* due to the links being directed to local files rather than files on the server.

This is actually a common thing done by novices when they set up web sites.

Hackers, on the other hand, would have *defaced* his site, or just deleted it. This was not the case.

You need the latest patches for Internet Explorer. Even then you can't feel safe, because new exploits are discovered all the time. That is why I run the Internet Zone at maximum security and do not care to test and take any chances on my current configuration.


There is an exploit that allows scripts to run on your local zone. There is an exploit for jpg picture files that allows hidden code in the picture to be activated and take control. etc.

Oh and also url address spoofing and as mentioned even execution of files and binaries etc from the Internet Zone through unconventional url names. etc etc


Beware, set security to max when using Internet Explorer, unless the site is trustworthy and you can't use maximum security to display it.