i have no idea where to post this

spiffybeth · Feb 12, 2008

this is my work computer. its not up to me to delete norton, or things of that nature.

i just want to know what to do to get rid of this problem. ive run the virus scan every time this thing popped up. and every time it told me there was nothing....

clarinetJWD · Feb 12, 2008

EBphotography said:
And I've seen Best Buy workers that don't know what a USB cable is, but that doesn't mean I don't know what I'm talking about.

My problem is with the fact that you implied it was a best buy corporate policy. Now corporate best buy (not necessarily all their workers) tends to a) endlessly watch the bottom line and b) not know their heads from their asses.

If it's your own recommendation, recommend away, but corporate endorsements are almost always the result of someone paying a lot of money, and that isn't good for the customer.

Anyways, I guess I just wanted to do a bit of best buy ventingbut I'm done now. Carry on!

clarinetJWD · Feb 12, 2008

spiffybeth said:
this is my work computer. its not up to me to delete norton, or things of that nature.

i just want to know what to do to get rid of this problem. ive run the virus scan every time this thing popped up. and every time it told me there was nothing....

Are you allowed to install things, like a different web browser? A less popular browser like Opera (and FF to some extent, but the open source nature leaves lots of holes way open) might give you different results.

spiffybeth · Feb 12, 2008

i use FF at work. but yes, i can install things.

lifeafter2am · Feb 12, 2008

clarinetJWD said:
Are you allowed to install things, like a different web browser? A less popular browser like Opera (and FF to some extent, but the open source nature leaves lots of holes way open) might give you different results.

Which is why it would be such an insecure browser?!?! :er:

EBphotography · Feb 12, 2008

clarinetJWD said:
My problem is with the fact that you implied it was a best buy corporate policy. Now corporate best buy (not necessarily all their workers) tends to a) endlessly watch the bottom line and b) not know their heads from their asses.

If it's your own recommendation, recommend away, but corporate endorsements are almost always the result of someone paying a lot of money, and that isn't good for the customer.

Anyways, I guess I just wanted to do a bit of best buy ventingbut I'm done now. Carry on!

It's both, technically. It's the standard software we use with Geek Squad but it's also something I've seen good things from personally. I could write pages about the rest of what you said, but it's not relevant to this thread and in short I'll say that I've been pleasantly surprised by the company's ethics standards so far. I'd be happy to talk about it in PM or chat if you're as passionate about the company as it seems. (That sounds rude but it's not meant to be, more out of interest to hear from the other side of the shirt.

)

That One Guy · Feb 12, 2008

here is the info on that IP:

whois:
inetnum: 82.165.176.0 - 82.165.191.255
netname: SCHLUND-CUSTOMERS
descr: Schlund + Partner AG
country: US
admin-c: UI-RIPE
tech-c: UI-RIPE
remarks: INFRA-AW
remarks: in case of abuse or spam, please mailto: [email protected]
rev-srv: nsa.schlund.de
rev-srv: nsa2.schlund.de
rev-srv: ns.ripe.net
status: ASSIGNED PA
mnt-by: SCHLUND-MNT
source: RIPE # Filtered

role: Schlund NCC
address: 1&1 Internet AG
address: Brauerstrasse 48
address: D-76135 Karlsruhe
address: Germany
remarks: For abuse issues, please use only [email protected]
phone: +49 721 91374 50
fax-no: +49 721 91374 20
admin-c: SPNC-RIPE
tech-c: SPNC-RIPE
nic-hdl: UI-RIPE
abuse-mailbox: [email protected]
mnt-by: SCHLUND-MNT

source: RIPE # Filtered

IP address [?]: 82.165.177.114 Copy [Whois] IP address country:

United States IP address state: Georgia IP address city: n/a IP address latitude: 33.043900 IP address longitude: -83.705200 ISP of this IP [?]: Germany Organization: Schlund + Partner AG Host of this IP: [?]: s130321805.onlinehome.us [Whois] Local Time of this IP country: 2008-02-12 20:38

That One Guy · Feb 12, 2008

here is the definition of an icc profile tagdata overflow attack:

HTTP ICC Profile TagData Overflow

Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description
This signature detects an attempt to exploit a vulnerability in Windows Color Management Module.

Additional Information
Microsoft Windows provides an implementation for the ICC (International Color Management) standard through the Color Management Module. The ICC standard is a cross-platform, cross-format color consistency specification. The purpose of ICC is to allow for colors to be rendered uniformly across different devices and platforms. Many image and document formats support inclusion of ICC data in the form of color profiles that are embedded in the files themselves.

Microsoft Windows is prone to a buffer overflow vulnerability in the Color Management Module. The issue is due to a boundary condition error related to the parsing of ICC (International Color Consortium) Profile tags in various supported image and document formats.

The specific vulnerability is due to a memory copy operation in the 'mscms.dll' (Microsoft Color Management System) library. ICC XYZType (rXYZ, gXYZ, bXYZ) tag data from within the file is copied into a static stack-based buffer of 224 bytes, which is declared in the 'icm32.dll' (Integrated Color Managament) library. The Microsoft GDI library calls both of these libraries when a supported file type with embedded ICC data is rendered.

Memory corruption resulting from this vulnerability may allow an attacker to overwrite sensitive variables in memory such as a return address or Structured Exception Handler (SEH), allowing the attacker to influence program execution flow. This is sufficient for an attacker to execute arbitrary code.

ICC Profile data may possibly be embedded in various file formats, including JPEG, GIF, EXIF, TIFF, PNG, PICT, PDF, PostScript, SVG, JDF, and CSS3. Some of these formats may not provide an attack vector, especially if Microsoft does not provide native support or does not call the vulnerable functionality when handling certain formats. Formats that may not be affected due to lack of native support are PDF, PICT, and PostScript, though this has not been confirmed.

Successful exploitation may result in execution of arbitrary code in the context of the currently logged in user. This vulnerability could be exploited through a Web site that hosts a malicious document, by previewing or opening malicious content in email, or through other means that will allow an attacker to send the victim a malicious document.

There is also a risk that other Microsoft or third-party applications that rely on the affected functionality may be vulnerable. A number of third-party applications may ship with vulnerable libraries, so may remain vulnerable despite having applied the Microsoft patch. Symantec is not aware of any such vendors at the time of writing.

Affected:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP4
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition 64-bit
Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Enterprise Edition 64-bit
Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP Home
Microsoft Windows XP Home SP1
Microsoft Windows XP Home SP2
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Professional
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition SP2
Nortel Networks Centrex IP Client Manager