[Netpass-devel] NetPass/install.d pages.sql,1.3,1.4
Brought to you by:
jeffmurphy
Menu
▾
▴
[Netpass-devel] NetPass/install.d pages.sql,1.3,1.4
|
From: jeff m. <jef...@us...> - 2006-02-07 19:54:41
|
Update of /cvsroot/netpass/NetPass/install.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv12306/install.d Modified Files: pages.sql Log Message: fixed perm bugs on various admin forms, bug#1426340 bug#1426335 Index: pages.sql =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/pages.sql,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- pages.sql 10 Aug 2005 19:52:15 -0000 1.3 +++ pages.sql 7 Feb 2006 19:54:33 -0000 1.4 @@ -35,6 +35,9 @@ /*!40000 ALTER TABLE `pages` DISABLE KEYS */; LOCK TABLES `pages` WRITE; INSERT INTO `pages` (`rowid`, `network`, `name`, `content`) VALUES (19,'default','nessus:10079','\r\n<html><head></head><body>\r\n<h3>Problem: Anonymous IIS FTP account</h3>\r\n<h3>Description</h3>\r\nAnonymous accounts are frequently targeted by hackers and viruses seeking to obtain unauthorized access to your computer. Your computer is running an FTP server with an anonymous account and may be vulnerable to unauthorized remote access.\r\n<h3>Solution</h3>\r\n<p>Disable the anonymous IIS FTP account:</p>\r\n<ol>\r\n<li>From within the IIS Manager, right-click the FTP site. Next, click on the directory, and then the virtual directory or file. \r\nClick "Properties." </li>\r\n<li>Click the "Security Accounts" tab. </li>\r\n<li>Uncheck the "Allow Anonymous Connections" checkbox. </li>\r\n</ol>\r\n\r\nWindows NT 4.0 Users: If the latest Windows Update Service Pack has not been installed on your computer, anonymous access \r\nmay be available even with the anonymous logon disabled. Download the latest Service Packs and all Critical \r\nUpdates from <a href=\"http://windowsupdate.microsoft.com/\">Microsoft Windows Update</a>. You may be instructed to restart \r\nyour computer several times in order to apply all Security Updates and Service Packs. For further help and instructions \r\non using windows update, go to: <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Windows Update \r\nDocumentation </a>\r\n</body></html>'),(54,'default','msg:remote_you_passed','\r\n<html><head></head><body><h2>This computer has successfully completed UB NetPass scanning.</h2><p>We have not detected any vulnerabilities on your computer. You will be able to connect to the Internet in a few moments.</p><p><strong>Important note:</strong> UB NetPass cannot detect vulnerabilities if you have a firewall enabled.</p><p>Since you are a remote user and not a part of the UB NetPass environment, you won\'t be registered at this time.<br /></p><p><br /></p></body></html>'),(59,'default','msg:final','\r\n<html><head></head><body><p><a href=\"$original_destination\">Click here to proceed to $original_destination</a></p><p>You will be prompted for your UBITName and password by the UB ResNet firewall before you can connect to the Internet.</p></body></html>'),(7,'default','nessus:10309','\r\n<html><head>\r\n</head><body><h3>Problem: Wingate was found</h3>\r\n<h3>Description</h3>\r\nWhen Wingate is installed and configured with a blank password,\r\nother computers can establish an Internet connection\r\nthrough the Wingate computer. This allows the second computer to hide its Internet\r\nconnection. Anything the second computer does on the Internet will look like\r\nit was done by the Wingate computer, possibly stealing your Internet "identity." \r\n\r\n<h3>Solution</h3>\r\n\r\n<p><strong>For Wingate 4.0:</strong></p>\r\n<ol>\r\n<li>Double-click the Wingate icon in the system tray (near the clock). </li>\r\n<li>Click "OK" to login without a password. </li>\r\n<li>The following screen should be a change password window. In it enter a new, strong password. </li>\r\n</ol>\r\n<p><strong>For Wingate 6.0:</strong></p>\r\n<ol>\r\n<li>Open the "Gatekeeper" module on the Wingate Server. </li>\r\n<li>Click the "Users" tab and configure individual users from there. </li>\r\n</ol></body></html>'),(27,'default','nessus:10409','\r\n<html><head></head><body><h3>Problem: SubSeven was found</h3>\r\n<h3>Description</h3>\r\nSubSeven <!-- #BeginLibraryItem \"/Library/is an app.lbi\" --> is an application\r\nthat is designed to give unauthorized users full control over your computer.\r\nIt is usually installed without the knowledge or permission of the computer\'s\r\nowner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(32,'default','nessus:10798','\r\n<html><head></head><body>\r\n<h3>Problem: PC Anywhere was found with a blank password</h3>\r\n<h3>Description</h3>\r\nA blank PC Anywhere password allows anyone to connect to your computer and \r\noperate it with complete control. \r\n<h3>Solution</h3><ol><li>Open the PC Anywhere application as an administrator. </li><li>Right-click on the Host object you are using and click "Properties." </li><li>Click the "Caller Access Tab." </li><li>Switch the authentication type to "Windows" or "PC Anywhere." </li><li>If you are using the "PC Anywhere" authentication, set a strong password. </li></ol>\r\n</body></html>'),(21,'default','nessus:12114','\r\n<html><head></head><body><h3>Problem: Outdated ISS BlackICE</h3><h3>Description</h3>\r\n<p>An outdated version of ISS BlackICE was found on your computer. Vulnerabilities\r\n are found for security products on a regular basis. It is \r\n recommended that outdated software be updated as soon as new versions are available.\r\n Continuing to run outdated versions of security products can expose your computer\r\n to \r\n intruders and viruses that are capable of exploiting the vulnerabilities that\r\n the new \r\n versions may correct.\r\n</p>\r\n<h3>Solution</h3>\r\n<p><a href=\"http://blackice.iss.net/update_center/\">Download and install</a> the\r\n latest update for the version of ISS BlackICE on your computer. \r\n</p>\r\n</body></html>'),(22,'default','msg:test','\r\n<html><head></head>\r\n<body>test<br />\r\n</body></html>'),(41,'default','nessus:11412','\r\n<html><head></head><body>\r\n<h3>Problem: IIS WebDAV vulnerability</h3>\r\n<h3>Description</h3>\r\n<p>There is a buffer overflow vulnerability in the WebDAV server, which can be used to execute code remotely within the LocalSystem security context. This could compromise the system and grant access to unauthorized users. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\nWindows Update</a> and apply all Critical Updates and Service Packs. You may\r\nbe instructed to restart your computer several times in order to apply all Security\r\nUpdates and Service Packs. For further help and instructions on using windows\r\nupdate, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\nWindows Update documentation page</a> <!-- #EndLibraryItem -->\r\n</body></html>'),(18,'default','nessus:10093','\r\n<html><head>\r\n</head><body>\r\n<h3>Problem: GateCrasher server found</h3>\r\n<h3>Description</h3>GateCrasher<!-- #BeginLibraryItem \"/Library/is an app.lbi\" -->\r\nis an application that is designed to give unauthorized users full control over your computer. It is usually installed without the knowledge or permission of the computer\'s owner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem --><h3>Solution</h3>\r\n<p>Remove GateCrasher</p> \r\n<ol>\r\n<li>Click "Start." </li>\r\n<li>Click "Run." </li>\r\n<li>Type "cmd" and press ENTER. </li>\r\n<li>In the command window, type "telnet localhost 6969" and press ENTER. </li>\r\n<li>At the prompt, type "gatecrasher" and press ENTER. </li>\r\n<li>Type "uninstall" and press ENTER. </li>\r\n</ol>\r\n<p>Verify removal by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/"Explore" = "Explore.exe"</p>\r\n<p>Removal Verification</p>\r\n<ol>\r\n<li>Click on the "Start" menu. </li>\r\n<li>Click "Run." </li>\r\n<li>Type "regedit" and press ENTER. </li>\r\n<li>In the registry editor click on the "File" (or "Registry") menu. </li>\r\n<li>Click "Export." </li>\r\n<li>Click "All" underneath where it says "Export Range." </li>\r\n<li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n<li>Click "Save." </li>\r\n<li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n<li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n<li>Click on the "Run" folder. </li>\r\n<li>In the right-hand window, the name/data pair "Explore" and "Explore.exe" will appear under the Name and Data sections, respectively. </li>\r\n<li>Highlight "Explore" by clicking on it and press the DELETE key. </li>\r\n<li>Click "Yes" to delete. </li>\r\n</ol></body></html>\r\n'),(138,'default','Nessus: 18502','\r\n<html><head></head>\r\n<body style=\"visibility: visible;\"><span style=\"font-weight: bold;\">Problem</span><br />The version of windows that is currently running on this computer has a critical security vulnerability in the server Message Block (SMB).<br /><br /><span style=\"font-weight: bold;\">Description</span><br />This vulnerability allows an attacker the ability to execute code on your computer from a remote location. This could allow your machine to be compromised, granting full access to the attacker.<br /><br /><span style=\"font-weight: bold;\">Solution</span><br />Please update Windows at <a href=\"www.microsoft.com\">Microsoft Windows Update </a>and apply all Critical Updates and Service Packs. You may be instructed to restart your computer several times in order to apply all Security Updates and Service Packs. For further help and instructions on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/documentation/win/winupdate.html\">Microsoft Windows Update documentation</a> page<br /><br /></body></html>'),(13,'default','nessus:10166','\r\n<html><head></head><body>\r\n<h3>Problem: Anonymous FTP server</h3>\r\n<h3>Description</h3>\r\nAnonymous accounts are frequently targeted by hackers and viruses seeking to\r\nobtain unauthorized access to your computer. Your computer is running an FTP\r\nserver with an anonymous account and may be vulnerable to unauthorized remote\r\naccess.\r\n<h3>Solution</h3>You should disable all guest accounts that exist on your system, even if this disables the FTP service. </body></html>'),(25,'default','msg:you_passed','\r\n<html><head></head><body><h2>This computer has successfully completed UB NetPass registration.</h2><p>We have not detected any vulnerabilities on your computer. You will be able to connect to the Internet in a few moments.</p><p><strong>Important note:</strong> UB NetPass cannot detect vulnerabilities if you have a firewall enabled.</p><p>You will be prompted for your UBITName and password by the UB ResNet firewall before you can connect to the Internet.</p><p><a href=\"$original_destination\">Click here to proceed to $original_destination</a> </p></body></html>'),(31,'default','nessus:10713','\r\n<html><head></head><body>\r\n<h3>Problem: CodeRed Worm found </h3>\r\n<h3>Description</h3>\r\nThe "Code Red" worm is a malicious self-propagating worm that exploits\r\nMicrosoft Internet Information Server (IIS)-enabled systems that are susceptible\r\nto a buffer overflow vulnerability.\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n<p>Download and install the appropriate Microsoft patch:</p>\r\n <ul>\r\n <li><a href=\"http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/default.asp\">Microsoft IIS\r\n 4.0</a> \r\n </li>\r\n <li><a href=\"http://www.microsoft.com/windows2000/downloads/critical/q269862/default.asp\">Microsoft\r\n IIS 5.0</a>\r\n </li>\r\n </ul>\r\n</body></html>'),(34,'default','nessus:11000','\r\n<html><head></head><body>\r\n<h3>Problem: FTP server with well known account names with blank passwords</h3>\r\n<h3>Description</h3>\r\n<p>Usernames with blank passwords exposes whatever system resources\r\n accessible to that username to the outside world. This is even more serious when\r\n the usernames are well known and standardized. \r\n</p>\r\n<h3>Solution</h3>\r\n\r\n<p>Apply complex passwords to all user accounts on the FTP server. In Windows NT/2000/XP,\r\n this may require editing operating system users. \r\n</p>\r\n</body></html>'),(62,'default','msg:PQUAR-ResAct2nd','\r\n<html><head></head><body><h3>Your ResNet connection has been disabled</h3><p>We have received and investigated a report of damaging network activity originating from your computer.</p><p><strong>This is not your first incident.</strong> We recommend you have your computer repaired professionally. <strong>Your computer must be certified by UBMicro before we will restore your network connection.</strong> UBMicro is the only certifying agent at this time. UB charges a fee for this service. UBMicro will notify us when your computer has been certified. </p><p>We have disabled ResNet network connectivity to your computer to prevent further adverse effects from this incident. Because we believe this is a technology problem and not intentional, your UBITName will remain active and you will be able to use University resources via CIT Public Site computers.</p><p>Please do not move your computer to another network port or attempt to connect via OpenPort, UBWireless or the dial-up modem services. Changing your connection will result in sanctions. </p><p>We have intentionally sent you multiple copies of this message to be certain we reach you. If you have any questions or believe you have received this notice in error, please contact the ResNet Team Leader at (716)-645-5070. For any other problems, please contact the CIT Help Desk or UBMicro.</p><p>\r\n<table cellspacing=\"1\" cellpadding=\"1\" border=\"0\"><tbody><tr><td>CIT Help Desk</td><td>UB Micro</td></tr><tr><td>255 Fronczak Hall</td><td>109 The Commons</td></tr><tr><td>(716) 645-3542</td><td>(716) 645-3554</td></tr><tr><td>cit...@bu...</td><td>ub...@bu...</td></tr><tr><td><a href=\"http://helpdesk.buffalo.edu/\">helpdesk.buffalo.edu</a></td><td><a href=\"http://helpdesk.buffalo.edu/\">www.ubmicro.buffalo.edu</a></td></tr></tbody></table>\r\n</p></body></html>'),(40,'default','nessus:11214','\r\n<html><head></head><body>\r\n<h3>Problem: Microsoft SQL buffer overflow vulnerability </h3><h3>Description</h3>\r\n<p>These vulnerabilities allow remote code to be executed on your computer, which could grant SYSTEM level access to unauthorized users if exploited. This vulnerability is also being exploited by the Sapphire worm. </p>\r\n<h3>Solution</h3>\r\n\r\n<p>Download and install the appropriate Microsoft patch:</p>\r\n<ul>\r\n <li> <a href=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;327068&sd=tech\">Microsoft\r\n SQL Server 7.0</a> (Must be running SQL Server Service Pack 4)</li>\r\n <li><a href=\"http://support.microsoft.com/default.aspx?scid=kb;en-us;316333&sd=tech\">Microsoft\r\n SQL Server 2000</a> (Must be running SQL Server Service Pack 2)</li>\r\n</ul>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(23,'default','msg:multi_mac','\r\n<html><head></head>\r\n<body style=\"visibility: visible;\"><p>This computer has successfully completed UB NetPass registration, but UB NetPass has determined that there is an unregistered or quarantined device sharing this port.</p><p>You may have received this message if:</p><ul><li>you have <strong>a switch or hub and another computer</strong> plugged into the switch or hub has not successfully registered or is quarantined. Scan all computers attached to your network port to successfully complete UB NetPass registration.</li><li>you have a <strong>Playstation</strong> or <strong>Microsoft X-Box</strong> plugged into your switch or hub. Please contact the <a href=\"http://helpdesk.buffalo.edu\">CIT Help Desk</a>.</li><li>you have a <strong>wireless network</strong> connection on your computer and it is bridged. Please <a href=\"http://wings.buffalo.edu/computing/documentation/win/XPBridges.htm\">disable the bridge</a>.</li><li>you have a <strong>Firewire port</strong> and Windows XP has bridged the connection. Please <a href=\"http://wings.buffalo.edu/computing/documentation/win/XPBridges.htm\">disable the bridge</a>.</li></ul><p>If you unplug the network cable of the quarantined or not registered computer it may take up to 5 minutes until your access is restored.</p><p>If you do not understand this message or are having difficulty using UB NetPass, assistance is available from the CIT Help Desk. Professional repair and vulnerability remediation services are available from UBMicro.</p><table cellpadding=\"2\" border=\"0\"><caption>Contact Information </caption><tbody><tr><th scope=\"col\">CIT Help Desk</th><th scope=\"col\">UBMicro</th></tr><tr><td align=\"center\">225 Fronczak Hall<br />716-645-3542</td><td align=\"center\">109 The Commons<br />716-645-3554</td></tr></tbody></table><!-- #EndLibraryItem --><p> </p>\r\n</body></html>'),(130,'default','msg:welcome_to_resnet','\r\n<html><head></head><body><h2>Welcome to ResNet</h2><p>You will be able to connect to the Internet in a few moments. You will be prompted for your UBITName and password by the UB ResNet firewall before you can connect to the Internet.</p><p><a href=\"$original_destination\">Click here to proceed to $original_destination</a> </p></body></html>'),(58,'default','msg:authentication_failed','\r\n<html><head></head><body style=\"VISIBILITY: visible\"><p>Authentication failed. If you do not know your UBITName and/or password contact the CIT Help Desk at (716) 645-3542</p></body></html>'),(24,'default','msg:scan_completed','\r\n<html><head></head><body><h2><p>Click Continue to view scan results.</p></h2></body></html>'),(49,'default','nessus:14184','\r\n<html><head></head><body>\r\n\r\n<h3>Problem: BackDoor.Zincite.A backdoor found</h3><h3>Description</h3>\r\n<p>This backdoor may allow an attacker to gain unauthorized access to the remote host. This backdoor indicates a \'MyDoom.M\' virus infection.</p>\r\n\r\n<h3>Solution</h3>\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available on your TechTools CD or via download from the TechTools Software Download site for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>. The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>).</p>\r\n</body></html>'),(12,'default','nessus:10203','\r\n<html><head></head><body><h3>Problem: rexecd server process was found</h3>\r\n<h3>Description</h3>Rexec is a daemon that allows code to be executed on the host computer by remote users, very often without requiring authentication. Because of this, the rexec server is thought to be highly insecure and unnecessary. It is also quite often the means by which intruders gain access to computers. <h3>Solution</h3>\r\n\r\n<p>It is generally recommended that users disable the rexec daemon, which will prevent from running in the future.</p>\r\n<ol><li>Use your preferred text editor to open /etc/inetd.conf. </li><li>Locate the rexecd line, which should look something like the following:<br />exec stream tcp nowait root /usr/lbin/rexecd rexecd </li><li>Place a hash/pound ("#") before the line to comment it out. </li><li>Save the inetd.conf file. </li><li>Locate the PIDs for any rexecd processes running by typing:<br />\r\nps âaux | grep rexecd </li>\r\n <li>For all of the PIDs type:<br />kill âHUP pid</li></ol></body></html>'),(43,'default','nessus:11707','\r\n<html><head></head><body><h3>Problem: BugBear.B worm found</h3>\r\n<h3>Description</h3>\r\n<p>Bugbear is capable of allowing remote access to certain resources, disabling\r\n firewall and antivirus software, performing key logging operations, as well as\r\n other malicious actions.\r\n</p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(39,'default','nessus:11187','\r\n<html><head></head><body><h3>Problem: Parasite Mothership was found</h3>\r\n<h3>Description</h3>\r\n<p>The Parasite Mothership listens for incoming connections; it can be\r\n used to grant an unauthorized user access to your computer. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts recommend a complete\r\noperating system reinstall. UB recommends you have this performed by a professional.\r\nProfessional repair and vulnerability remediation services are available from\r\nUBMicro.<!-- #EndLibraryItem -->\r\n</body></html>'),(11,'default','nessus:10270','\r\n<html><head></head><body><h3>Problem: Stacheldraht "agent" was found</h3>\r\n<h3>Description</h3>The Stacheldraht "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(57,'default','nessus:12252','\r\n<html><head></head><body><h3>Problem: Korgo worm found</h3>\r\n<h3>Description</h3>The Korgo worm exploits the Windows LSASS vulnerability. It attempts to scan the network for other vulnerable computers to infect. It also listens for connections from remote users. This could result in the further compromise of your computer by granting unauthorized access to your computer. <h3>Solution</h3>\r\n<p><!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\nWindows Update documentation page</a> <!-- #EndLibraryItem --></p>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(48,'default','nessus:12029','\r\n<html><head></head><body>\r\n<h3>Problem: MyDoom virus found</h3>\r\n<h3>Description</h3>This backdoor is capable of passing information stored on your computer to unauthorized users who are able to exploit and connect to the backdoor properly. This could also compromise your machine and/or the network to which it is connected. <h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(42,'default','nessus:11633','\r\n<html><head></head><body><h3>Problem: Lovgate virus was found</h3>\r\n<h3>Description</h3>\r\n<p>The Lovgate virus propagates through email and listens on certain ports. </p>\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(15,'default','nessus:10524','\r\n<html><head></head><body>\r\n<h3>Problem: Windows 95/98/ME SMB password verification vulnerability</h3>\r\n<h3>Description</h3>\r\nThis vulnerability will allow any unauthorized user to access the Windows 95/98/ME\r\nfile shared service with password protection. \r\n<h3>Solution</h3>\r\nDownload and update Windows with the appropriate patch: \r\n<ul>\r\n <li><a href=\"http://download.microsoft.com/download/win95/Update/11958/W95/EN-US/273991USA5.EXE\">Windows 95</a></li>\r\n <li><a href=\"http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE\">Windows\r\n 98</a></li>\r\n <li><a href=\"http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE\">Windows\r\n ME</a><br />\r\n </li>\r\n</ul>\r\n</body></html>'),(36,'default','nessus:11123','\r\n<html><head></head><body><h3>Problem: Radmin was found running on your machine.</h3><h3>Description</h3>\r\n\r\n<p>Radmin is a remote control program, much like Windows XPs Remote\r\n Desktop. If an insecure password is set for this service, it could grant an\r\n unauthorized user complete access to your computer. </p>\r\n<h3>Solution</h3>\r\n \r\n <p>Please make sure that you have a strong password set for any accounts with login access to radmin. If it is not needed, disable radmin so that it will not run in the future. </p>\r\n</body></html>'),(50,'default','nessus:12063','\r\n<html><head></head><body>\r\n<h3>Problem: Bagle.B worm found</h3>\r\n<h3>Description</h3>\r\n<p>The Bagle.B worm spreads via email. Once it infects your computer, it then attempts to send out email with a copy of itself attached. It also listens for connections from your Internet connection and could allow unauthorized access to your computer. </p>\r\n<h3>Solution</h3>\r\n<p>Download and run the <a href=\"http://securityresponse.symantec.com/avcenter/venc/data/w32...@mm...ml\">Symantec\r\n removal utility.</a> It will scan\r\n for and remove the Bagle.B virus. \r\n</p>\r\n</body></html>'),(45,'default','nessus:11819','\r\n<html><head></head><body><h3>Problem: TFTPd server was found</h3>\r\n<h3>Description</h3>\r\nImproperly configuring the TFTPd server could result in your computer being compromised.\r\nIf it is not needed, it should be disabled.\r\n<h3>Solution</h3>\r\n\r\n<p>If you are running a UNIX machine (or variant of UNIX) and the TFTPd server is not required (i.e. by SunOS systems supporting diskless workstations), then disable it. This can be done by following these steps: </p>\r\n<ol><li>Use your preferred text editor to open /etc/inetd.conf. </li>\r\n <li>Locate the tftpd line. </li>\r\n<li>Place a hash/pound ("#") before the line to comment it out. </li><li>Save the inetd.conf file. </li><li>Locate the PIDs for any tftpd processes running by typing: <br />\r\n ps âaux |grep tftpd </li><li>For all of the PIDs type: <br />kill â9 pid</li></ol>\r\n<p>If you are running Windows, the existence of a TFTPd server could be a symptom\r\n of a virus. </p>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(38,'default','nessus:11160','\r\n<html><head></head><body>\r\n<h3>Problem: FTP server with blank Administrator password</h3>\r\n<h3>Description</h3>\r\n<p>Because the Administrator account usually has full access to the file system,\r\n running an FTP server with a blank Administrator password\r\n allows anyone who attempts to login using that configuration the same access\r\n permissions as an authorized Administrator. </p>\r\n<h3>Solution</h3>\r\n<p>Set the password for the Administrator within the FTP server. This may require changing the password for the Windows Administrator, depending on the FTP server and the version of Windows. Please make sure to create a strong password. </p>\r\n</body></html>'),(16,'default','nessus:10668','\r\n<html><head></head><body><h3>Problem: Windows Index Server vulnerability</h3><h3>Description</h3>\r\nYour computer is not patched for a Windows Index Server vulnerability. \r\n<p>There is a buffer overflow vulnerability in the Index Server 2.0 function\r\n to process a search request. Using this unchecked buffer, an attacker would\r\n be able to have the computer execute unauthorized and possibly malicious code\r\n in the Local System security context. This could compromise the machine and/or\r\n the network even further. </p>\r\n<h3>Solution</h3>\r\nDownload and install the following patch from Microsoft. \r\n<ol>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29660\">Index Server 2.0 Buffer overflow</a></li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29631\">Index\r\n Server 2.0 "Malformed Hit-Highlighting" vulnerability</a></li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29561\">Indexing Service for Windows 2000 Pro, Windows 2000 Server and Windows 2000 Advanced Server</a><br />\r\n </li>\r\n</ol>\r\n<h3> </h3>\r\n</body></html>'),(30,'default','nessus:10685','\r\n<html><head></head><body>\r\n<h3>Problem: Several IIS vulnerabilities found</h3>\r\n<h3>Description</h3>\r\nUsing these vulnerabilities, an attacker could cause your computer to execute\r\nmalicious code remotely. \r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patch from Microsoft: </p>\r\n<ul>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32061\">Microsoft IIS 4.0</a> </li>\r\n <li><a href=\"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32011\">Microsoft IIS 5.0</a> </li>\r\n</ul>\r\n</body></html>'),(134,'default','nessus:10481','\r\n<html><head></head>\r\n<body><span style=\"font-weight: bold;\">Problem:</span> Unpassworded MySQL<br /><br /><span style=\"font-weight: bold;\">Solution: </span>You are receiving this message because you do not have a password to Mysql. <br />            Please create a secure password for this program.<br />\r\n\r\n</body></html>'),(136,'default','Nessus: 18483','\r\n<html><head></head>\r\n<body style=\"visibility: visible;\"><span style=\"font-weight: bold;\">Problem</span><br />The version of windows that is currently running on this computer has a critical security vulnerability in the server Message Block (SMB)<br /><br /><span style=\"font-weight: bold;\">Description</span><br />This vulnerability allows an attacker the ability to execute code on your computer from a remote location. This could allow your machine to be compromised, granting full access to the attacker.<br /><br style=\"font-weight: bold;\" /><span style=\"font-weight: bold;\">Solution</span><br />Please update Windows at <a href=\"www.microsoft.com\" title=\"Link to windows update\">Microsoft Windows Update </a>and apply all Critical Updates and Service Packs. You may be instructed to restart your computer several times in order to apply all Security Updates and Service Packs. For further help and instructions on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/documentation/win/winupdate.html\" title=\"Link to windows update documentation\">Microsoft Windows Update documentation</a> page.<br /><br /></body></html>'),(8,'default','nessus:10307','\r\n<html><head></head><body><h3>Problem: An instance of the Trin00 for Windows "agent" was found to be running and accepting connections on your computer.</h3><h3>Description</h3>The Trin00 for Windows "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem --><!-- #BeginLibraryItem \"/Library/verify removal.lbi\" -->\r\n<p><strong>Verify Removal</strong></p>\r\n<p>If Symantec reports finding an infected file, take note of the filename and\r\n verify its deletion by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run </p>\r\n<ol>\r\n <li>Click on the "Start" menu. </li>\r\n <li>Click "Run." </li>\r\n <li>Type "regedit" and press ENTER. </li>\r\n <li>In the registry editor click on the "File" (or "Registry")\r\n menu. </li>\r\n <li>Click "Export." </li>\r\n <li>Click "All" underneath where it says "Export Range." </li>\r\n <li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n <li>Click "Save." </li>\r\n <li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n <li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n <li>Click on the "Run" folder. </li>\r\n <li>In the right-hand window, the name/data pair for the name of the infected\r\n file will appear under the Name and Data sections, respectively. (ex: Name: "infectedfile" Data: "infectedfile.exe") </li\r\n>\r\n <li>Highlight the name of the infected file by clicking on it and press the\r\n DELETE key. </li>\r\n <li>Click "Yes" to delete. </li>\r\n</ol>\r\n<p>If your computer appears to still be infected after the scan a full reformat\r\n may be necessary.<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts\r\n recommend a complete operating system reinstall. UB recommends you have this\r\n performed by a professional. Professional repair and vulnerability remediation\r\n services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(65,'default','msg:feedback_form','\n<html><head></head>\n<body><h2>UB NetPass Feedback</h2><p>We want to know what you think about UB NetPass. Your feedback is valuable to us; we use it to improve the quality of the services receive. Please do not use this form to request assistance; contact the CIT Help Desk directly.</p><form action=\'POST\'><fieldset><ol><li><label>Do you think UB NetPass is a valuable service? <input type=\"radio\" name=\"valuableservice\" /> Yes <input type=\"radio\" name=\"valuableservice\" /> No</label> </li><li><label>Did you find the time required to scan your computer was</label> <p><label><input type=\"radio\" checked name=\"waittime\" /> acceptable or <input type=\"radio\" name=\"waittime\" /> too long?</label> </p></li><li><label>If NetPass identified vulnerabilites, were you able to remedy them yourself? <input type=\"radio\" name=\"selfremedy\" /> Yes <input type=\"radio\" name=\"selfremedy\" /> No</label> </li><li><label>If NetPass identified vulnerabilities, did you find our instructions for self-remediation helpful? <input type=\"radio\" name=\"instructions_helpful\" /> Yes <input type=\"radio\" name=\"instructions_helpful\" /> No</label> </li><li><label>Did you have questions not addressed by our instructions?</label> <input type=\"radio\" name=\"questions\" /> Yes <input type=\"radio\" name=\"questions\" /> No </li><li><label>If yes, please let us know:</label> <br /><textarea id=\"userquestions\" name=\"userquestions\" rows=\"5\" cols=\"50\"></textarea> </li><li><label>Did you have any other comments or suggestions about how we can improve our service?</label> <br> <LI><textarea id=\"comments\" name=\"comments\" rows=\"6\" cols=\"50\"></textarea> </li><li><label>If you\'d like us to contact you about UB NetPass, provide your email address below. Do not use this form to request assistance.</label> <br> <input maxlength=\"100\" name=\"email\"> <br><input type=\"submit\"> </li></ol></fieldset> </form></body></html>\n'),(35,'default','nessus:11028','\r\n<html><head></head><body>\r\n<h3>Problem: .HTR filter buffer overflow vulnerability</h3>\r\n<h3>Description</h3>\r\n<p>An attacker can use this vulnerability to execute code on your computer from a remote location. This could allow your machine to be compromised, granting full access to the attacker. </p>\r\n<h3>Solution</h3>\r\n<p>Download and install the appropriate patches.</p>\r\n\r\n<ul>\r\n <li> <a href=\"http://www.microsoft.com/ntserver/nts/downloads/security/q321599/default.asp\">Microsoft\r\n IIS 4.0</a> </li>\r\n <li> Microsoft IIS 5.0: <!-- #BeginLibraryItem \"/Library/MS Update.lbi\" -->Please\r\n update Windows at <a href=\"http://windowsupdate.microsoft.com/\">Microsoft\r\n Windows Update</a> and apply all Critical Updates and Service Packs. You\r\n may be instructed to restart your computer several times in order to apply\r\n all Security Updates and Service Packs. For further help and instructions\r\n on using windows update, go to the <a href=\"http://wings.buffalo.edu/computing/Documentation/win/winupdate.html\">Microsoft\r\n Windows Update documentation page</a> <!-- #EndLibraryItem --></li>\r\n</ul>\r\n</body></html>'),(51,'default','msg:no_cookies','\r\n<html><head></head><body><font color=\"#ff0000\"><strong>Your browser must have cookies enabled to use UB Netpass.</strong></font> </body></html>'),(10,'default','nessus:10283','\r\n<html><head></head><body><h3>Problem: TFN "agent" was found</h3>\r\n<h3>Description</h3>The TFN "agent" <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\nare available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(14,'default','nessus:10147','\r\n<html><head></head><body>\r\n<h3>Problem: Nessus daemon ports were found</h3>\r\n<h3>Description</h3>The Nessus daemon allows remote users the ability to make the server scan other computers. The remote user must first have a valid username and password or valid public/private key. Howerver, should the Nessus server ever be found to be vulnerable, the Nessus server running on your computer would allow the vulnerability to be exploited. \r\n\r\n<h3>Solution</h3>\r\n\r\n<p>Removal/Remediation Steps: There are two means of resolving this vulnerability, both of which are recommended. Choose only one. </p><ol><li>Change the ports to which the that the Nessus daemon listens. </li><li>Block the ports to which you have Nessus listening. This can be done with ipchains (2.4x Linux kernel) or iptables (2.2x Linux kernel). </li></ol></body></html>'),(53,'default','msg:remediate_completed','\r\n<html><head></head><body><h3>Ready to be re-scanned?</h3><p>You have indicated that each security issue has been fixed. Click the Re-scan button to continue.<br /><br /></p></body></html>'),(44,'default','msg:PQUAR-resnetaction-1st','\r\n<html><head></head><body><h3>Your ResNet connection has been disabled</h3><p>We have received and investigated a report of potentially damaging network activity originating from your computer. </p><p>Your ResNet connection has been disabled to prevent further adverse effects from this incident. Because we believe this is a technology problem and not intentional, your UBITName will remain active and you will still be able to use University resources via CIT Public Site computers.</p><p>We recommend that you have your computer repaired professionally. UBMicro offers a service, for a fee, to remediate these problems and help you prevent further similar problems in the future.</p><p>Since this is your first incident, we will place trust in your ability to ensure that your computer has been properly repaired. <a href=\"https://wings.buffalo.edu/computing/dce/resnet\">Notify us</a> when your computer has been repaired so we may restore your network connection. </p><p>Subsequent incidents will require that your computer repair be certified by us at your cost. Please do not move your computer to another network port or attempt to connect via UBWireless or the dial-up modem services. Changing your connection will be considered a second incident and you will face sanctions.</p><p>We have intentionally send you multiple copies of this message to be certain we reach you. If you have any questions or believe you have received this notice in error, please contact the ResNet Team Leader at (716)-645-5070. For any other problems, please contact the CIT Help Desk or UBMicro.</p><p>\r\n<table cellspacing=\"1\" cellpadding=\"1\" border=\"0\"><tbody><tr><td>CIT Help Desk</td><td>UB Micro</td></tr><tr><td>255 Fronczak Hall</td><td>109 The Commons</td></tr><tr><td>(716) 645-3542</td><td>(716) 645-3554</td></tr><tr><td>cit...@bu...</td><td>ub...@bu...</td></tr><tr><td><a href=\"http://helpdesk.buffalo.edu/\">helpdesk.buffalo.edu</a></td><td><a href=\"http://helpdesk.buffalo.edu/\">www.ubmicro.buffalo.edu</a></td></tr></tbody></table>\r\n</p></body></html>'),(64,'default','msg:welcome_to_the_network','\r\n<html><head></head><body><h2>Welcome to ResNet</h2><p>You will be able to connect to the Internet in a few moments. You will be prompted for your UBITName and password by the UB ResNet firewall before you can connect to the Internet.</p><p><a href=\"$original_destination\">Click here to proceed to $original_destination</a> </p></body></html>'),(6,'default','nessus:10391','\r\n<html><head></head><body><h3>Problem: mstream handler was found</h3>\r\n<h3>Description</h3>\r\nThe mstream handler <!-- #BeginLibraryItem \"/Library/client-server DDoS.lbi\" -->is\r\na client for a much larger identity consisting of a "master" that controls\r\none or more "slaves" (or agents). The agents are generally used to\r\nattack other machines, often at the same time in what is known as a Distributed\r\nDenial of Service (DDoS) attack. The presence of this agent on your computer\r\nmeans that your computer might be a part of such a network. <!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/no known.lbi\" -->No known removal instructions\r\nare available. Please try scanning your computer using your antivirus software. <!-- #EndLibraryItem -->\r\n</body></html>'),(46,'default','nessus:11855','\r\n<html><head></head><body><h3>Problem: RemoteNC was found</h3>\r\n<h3>Description</h3>\r\nRemoteNC <!-- #BeginLibraryItem \"/Library/is an app.lbi\" --> is an application\r\nthat is designed to give unauthorized users full control over your computer.\r\nIt is usually installed without the knowledge or permission of the computer\'s\r\nowner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(2,'default','msg:eula','\r\n<html><head></head><body><h2>UB ResNet Acceptable Use Policy</h2><h3>Conditions of Use</h3><p>To provide the highest quality access to information technologies, University Residence Halls & Apartments (URHA) and Computing & Information Technology (CIT) maintain a computing network that can connect each resident\'s personal computer to the Internet. This computing network is called ResNet. <br /></p><p>ResNet users are responsible for all network traffic originating from their computers. This includes, but is not limited to: email, Internet browsing, file transfers, and connections to other machines. </p><p>ResNet users are required to follow all University, Computing & Information Technology (CIT) and University Residence Halls rules and policies.<br /></p><p>As a condition of use, to initially connect to ResNet residents must ensure that their computer(s) present no identifiable risk to the network, i.e. the computer has anti-virus software installed and up-to-date critical operating system updates applied.<br /></p><p>At any time that there is credible evidence that a ResNet attached computer has become a risk to the network, ResNet access will be denied and the resident will be required to re-certify the computer\'s safe operation at his/her expense.<br /></p><p>Additionally, ResNet users must be aware that: </p><ol><li>ResNet must be used in accordance with all Copyright laws. This includes, but is not limited to, refraining from using your computer in a way that would violate those laws such as operating pirated software or MP3 servers. </li><li>URHA communication services, wiring and other hardware may not be modified or tampered with in any way. This includes attempting to extended the network beyond the area of its intended use (for example: Installing a hub or Remote Access Server). </li><li>ResNet must be used in accordance with URHA policies on Business Activity. It can not be used to post advertisements for personal business, or for the sale of products or services for commercial gain. </li><li>Harassment of other users, by any method, will not be tolerated. </li><li>ResNet can not be used to misrepresent or hide your personal identity. (for example: email sent from a fake address, or from any address that is not yours) </li></ol><p>Violating any of these conditions may result in: Suspension or loss of ResNet usage privilege, expulsion from University Residence Halls, discipline from other university bodies such as the Student Judiciary, criminal charges. Damage or theft of ResNet wiring or hardware is the financial responsibility of the residence members. If responsibility is traced to any individual or particular group of individuals, then they will be held personally responsible for the theft or damage. </p><p>ResNet users are also expected to be responsible network citizens. ResNet is a shared resource and as such, users should refrain from using any application which may interfere with the use of the network by others.</p><p>Think of your personal computer as your computing home. It is advisable to "lock the front door" so that people can not use your machine without your supervision. Using a power-on password, or a screen saver password are good ways to control access to both the information on your computer, and your computer\'s access to ResNet.</p></body></html>'),(63,'default','msg:daily_message','\r\n<html><head></head><body><p /></body></html>'),(47,'default','nessus:11880','\r\n<html><head></head><body>\r\n<h3>Problem: Fluxay Sensor found</h3>\r\n<h3>Description</h3>\r\nFluxay Sensor <!-- #BeginLibraryItem \"/Library/is an app.lbi\" --> is an application\r\nthat is designed to give unauthorized users full control over your computer.\r\nIt is usually installed without the knowledge or permission of the computer\'s\r\nowner/user. Its presence is frequently a sign that the computer has been compromised.<!-- #EndLibraryItem -->\r\n<h3>Solution</h3>\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(17,'default','nessus:10132','<html><head></head><body>\r\n<h3>Problem: Kuang2 virus was found.</h3>\r\n<h3>Description</h3>\r\n<p>The Kuang2 virus infects all .exe files on the computer.<!-- #BeginLibraryItem \"/Library/server unauth.lbi\" -->\r\nIt installs a server that is designed to give unauthorized users full control over your computer.<!-- #EndLibraryItem --></p>\r\n<h3>Solution</h3>\r\n\r\n<!-- #BeginLibraryItem \"/Library/antivirus.lbi\" -->\r\n<p>Remove the virus with Symantec AntiVirus. Symantec AntiVirus is available\r\n on your TechTools CD or via download from the TechTools Software Download site\r\n for <a href=\"http://wings.buffalo.edu/computing/software/download/win/nortonantivirus.html\">Windows</a> and <a href=\"http://wings.buffalo.edu/computing/software/download/mac/nortonantivirus.html\">Mac</a>.\r\n The Mac version is called Symantec\'s Norton AntiVirus. Installation instructions\r\n are available on the TechTools CD and our documentation website (<a href=\"http://wings.buffalo.edu/computing/documentation/win/norton.html\">Windows</a>, <a href=\"http://wings.buffalo.edu/computing/documentation/mac/norton.html\">Mac</a>). </p>\r\n<!-- #EndLibraryItem --><!-- #BeginLibraryItem \"/Library/verify removal.lbi\" -->\r\n<p><strong>Verify Removal</strong></p>\r\n<p>If Symantec reports finding an infected file, take note of the filename and\r\n verify its deletion by checking the following registry key:<br />\r\n HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run </p>\r\n<ol>\r\n <li>Click on the "Start" menu. </li>\r\n <li>Click "Run." </li>\r\n <li>Type "regedit" and press ENTER. </li>\r\n <li>In the registry editor click on the "File" (or "Registry")\r\n menu. </li>\r\n <li>Click "Export." </li>\r\n <li>Click "All" underneath where it says "Export Range." </li>\r\n <li>Enter a filename into the filename field. (ex: "reg backup") </li>\r\n <li>Click "Save." </li>\r\n <li>Expand the "HKEY_LOCAL_MACHINE" folder. </li>\r\n <li>Expand the "SOFTWARE" folder, then the "Microsoft," "Windows," and "CurrentVersion" folders. </li>\r\n <li>Click on the "Run" folder. </li>\r\n <li>In the right-hand window, the name/data pair for the name of the infected\r\n file will appear under the Name and Data sections, respectively. (ex: Name: "infectedfile" Data: "infectedfile.exe") </li\r\n>\r\n <li>Highlight the name of the infected file by clicking on it and press the\r\n DELETE key. </li>\r\n <li>Click "Yes" to delete. </li>\r\n</ol>\r\n<p>If your computer appears to still be infected after the scan a full reformat\r\n may be necessary.<!-- #BeginLibraryItem \"/Library/reinstall.lbi\" --> Experts\r\n recommend a complete operating system reinstall. UB recommends you have this\r\n performed by a professional. Professional repair and vulnerability remediation\r\n services are available from UBMicro.<!-- #EndLibraryItem --></p>\r\n<!-- #EndLibraryItem -->\r\n</body></html>'),(33,'default','nessus:10935','\r\n<html><head>\r\n</head><body>\r\n<h3>Problem: IIS ASP ISAPI filter buffer overflow vulnerability</h3>\r\n<h3>Description</h3>\r\nThis vulnerability allows an attacker the ability to execute code on your computer\r\nfrom a remote location. This could allow... [truncated message content] |
