Mail Archives: cygwin/2017/06/28/18:13:36

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2017/06/28/18:13:36

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:cc:content-type; q=dns; s=default; b=GJg5

uB5dJyAzlci13Y/oSZGh0ZG//0NjfqRBdbmEL0WDq+n4ipnNh0HJWP+a2fUfho1n

h44nf7hI61HU9jp2h2mkwYukzuWBDgjETPtQHT8UZvjy3ULVb98HOdw0OgvmpGyf

qBENLy4wNEYVSVLECYv2ltggX+u1lIIm4foQRgw=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:in-reply-to:references:from:date

:message-id:subject:to:cc:content-type; s=default; bh=GxttsfMCoP

bh5i/lk3suRica6pc=; b=ZRdy71inrUC8TyyQ34HE8s6glSZXXEJpP84vySBDfD

7YZU7sgBHOuQcQuSQSV4OhQa/6v+fV+209U/6J8dh7MYPckW8mnnWQzvvfSBJkpg

o8PEWHT653yTTMptL+lxKgGgLut7DqMIbDGGxY8j4XqU6sHO56D2kmmFuwg3l71Y

A=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=xlaunch, who's, HX-Envelope-From:sk:daniel., activity

X-HELO: mail-pf0-f175.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=HjUtl6TTnG7CnY3cgkWO6uZCtGgq+4hhP441qc00EHs=; b=SA7pU1F8liv3Lpao6euYK6Z1ciUOBXdKbKGw84GkB9rHX/bGozNGFXLE0PVZlgKerD 0WFWIuggCc/wOZv0nW0fmAkZkogHCFrioyPoTO983Y9yNVB6vMauPt/QXXC84QrD04Lj 084PvjX0TUaA7OEViJwTedMFr2eQWjJjSjnpmkp1VAquQfy/hXggxDughz0cII0GdOqo co6Ay0QUDd/2KHR2NuLjbM3nZvWaXjT4NwKeaVFiiNidjW5L9SjHJ/cSV+3CnDavsM0I Hce5GBw7Mf6AMMxqqRgPCsT6nXpf7d5qh4J3Kn9+t/Q09DhfRvllGLT2YdB/e4jo16sC 002g==

X-Gm-Message-State: AKS2vOwKnTYMxglAKP4OtsprkptB0xHhBVKf8xnI47M1F4KnmtLBloMV /OEKuB9dlwM9bwQH+xTMzD2e9TC1pA==

X-Received: by 10.99.144.65 with SMTP id a62mr12422818pge.108.1498688001232; Wed, 28 Jun 2017 15:13:21 -0700 (PDT)

MIME-Version: 1.0

In-Reply-To: <22868.10096.929488.407450@gargle.gargle.HOWL>

References: <CAPXRkNEx44KFypaqj+hjrF+r8Es-xSmBTCcT2PED7XSrAchGNw AT mail DOT gmail DOT com> <CACoZoo13PwvqZ6p6kuUAggTfBW0sF3absub0i7rFBXz50vLk5A AT mail DOT gmail DOT com> <22868 DOT 10096 DOT 929488 DOT 407450 AT gargle DOT gargle DOT HOWL>

From: Dan Kegel <dank AT kegel DOT com>

Date: Wed, 28 Jun 2017 15:13:20 -0700

Message-ID: <CAPF-yOZPH5m27Zy35x_6J96641yQrX7+HXnURLsjq3wNzxZWWg@mail.gmail.com>

Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission

To: cygwin AT cygwin DOT com

Cc: Erik Soderquist <ErikSoderquist AT gmail DOT com>

X-IsSubscribed: yes

On Wed, Jun 28, 2017 at 3:02 PM,  <bzs AT theworld DOT com> wrote:
> I would also think about X11 permissions. Someone might be scanning
> for activity on port 6000 (&c) and if they find something and it's not
> locked down (see for example 'xhost(1)') it's trivial to just launch
> X11 apps on your system which can cause all sorts of mischief.

Also note that Xlaunch starts the X server, and can supply the
commandline option needed to listen for connections on TCP.
Maybe you put that in by accident while following some tutorial?

It'd be interesting to see who's trying to connect to your
machine via port 6000.  Maybe run wireshark and listen for a while?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc:content-type; q=dns; s=default; b=GJg5
	uB5dJyAzlci13Y/oSZGh0ZG//0NjfqRBdbmEL0WDq+n4ipnNh0HJWP+a2fUfho1n
	h44nf7hI61HU9jp2h2mkwYukzuWBDgjETPtQHT8UZvjy3ULVb98HOdw0OgvmpGyf
	qBENLy4wNEYVSVLECYv2ltggX+u1lIIm4foQRgw=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc:content-type; s=default; bh=GxttsfMCoP
	bh5i/lk3suRica6pc=; b=ZRdy71inrUC8TyyQ34HE8s6glSZXXEJpP84vySBDfD
	7YZU7sgBHOuQcQuSQSV4OhQa/6v+fV+209U/6J8dh7MYPckW8mnnWQzvvfSBJkpg
	o8PEWHT653yTTMptL+lxKgGgLut7DqMIbDGGxY8j4XqU6sHO56D2kmmFuwg3l71Y
	A=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=xlaunch, who's, HX-Envelope-From:sk:daniel., activity
X-HELO:	mail-pf0-f175.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=HjUtl6TTnG7CnY3cgkWO6uZCtGgq+4hhP441qc00EHs=; b=SA7pU1F8liv3Lpao6euYK6Z1ciUOBXdKbKGw84GkB9rHX/bGozNGFXLE0PVZlgKerD 0WFWIuggCc/wOZv0nW0fmAkZkogHCFrioyPoTO983Y9yNVB6vMauPt/QXXC84QrD04Lj 084PvjX0TUaA7OEViJwTedMFr2eQWjJjSjnpmkp1VAquQfy/hXggxDughz0cII0GdOqo co6Ay0QUDd/2KHR2NuLjbM3nZvWaXjT4NwKeaVFiiNidjW5L9SjHJ/cSV+3CnDavsM0I Hce5GBw7Mf6AMMxqqRgPCsT6nXpf7d5qh4J3Kn9+t/Q09DhfRvllGLT2YdB/e4jo16sC 002g==
X-Gm-Message-State:	AKS2vOwKnTYMxglAKP4OtsprkptB0xHhBVKf8xnI47M1F4KnmtLBloMV /OEKuB9dlwM9bwQH+xTMzD2e9TC1pA==
X-Received:	by 10.99.144.65 with SMTP id a62mr12422818pge.108.1498688001232; Wed, 28 Jun 2017 15:13:21 -0700 (PDT)
MIME-Version:	1.0
In-Reply-To:	<22868.10096.929488.407450@gargle.gargle.HOWL>
References:	<CAPXRkNEx44KFypaqj+hjrF+r8Es-xSmBTCcT2PED7XSrAchGNw AT mail DOT gmail DOT com> <CACoZoo13PwvqZ6p6kuUAggTfBW0sF3absub0i7rFBXz50vLk5A AT mail DOT gmail DOT com> <22868 DOT 10096 DOT 929488 DOT 407450 AT gargle DOT gargle DOT HOWL>
From:	Dan Kegel <dank AT kegel DOT com>
Date:	Wed, 28 Jun 2017 15:13:20 -0700
Message-ID:	<CAPF-yOZPH5m27Zy35x_6J96641yQrX7+HXnURLsjq3wNzxZWWg@mail.gmail.com>
Subject:	Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission
To:	cygwin AT cygwin DOT com
Cc:	Erik Soderquist <ErikSoderquist AT gmail DOT com>
X-IsSubscribed:	yes