, 2005 10:53 pm, GuidoZ said:
Hiding behind an anonymous Yahoo email address is pretty weak too. If you
*really* need to express yourself so badly, at least reveal your identity.
Anonymous?
Received: from [61.131.63.62] by web61208.mail.yahoo.com via HTTP;
Mon, 10 Jan 2005 18:13:49
Well said, James.
It really doesn't matter if you agree or disagree with the
statements... this isn't the place for such discussions. Hiding behind
an anonymous Yahoo email address is pretty weak too. If you *really*
need to express yourself so badly, at least reveal your identity.
--
Peace. ~G
Try here instead:
- http://lists.netsys.com/mailman/listinfo/full-disclosure
Goes for anyone who wishes to be removed. ;) Save this email for
suture reference.
On Thu, 30 Dec 2004 15:34:13 -, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Please unsubscribe me from this list
[BIG SNIP]
We have since upgraded, but among our new users over the last few days
have been a Weber361, a Weber395, and a nderevyanko.
Googling the last user name, I've found 4,900 referencesmost with
guestbooks or forumsto which nderevyanko has signed up. He has been
preceded by a few Webers,
I think you're best bet is to follow the instructions here:
- http://seclists.org/about/fulldisclosure.txt
Otherwise you'll notice that your request will never happen. ;)
--
Peace. ~G
On Wed, 22 Dec 2004 23:31:41 -0800 (PST), PBSoft Computer Labs (Peter)
[EMAIL PROTECTED] wrote:
G'day
I
indeed - and quite possible. Hopefully a
translation could provide more information.
--
Peace. ~G
On Sun, 26 Dec 2004 11:29:32 -0600, Frank Knobbe [EMAIL PROTECTED] wrote:
On Sun, 2004-12-26 at 06:57 -0500, GuidoZ wrote:
I also noticed that the nderevyanko user has put up a number of
posts
Assuming the attacker is competent, the only way to clean a deeply
compromised machine is to reformat the drive and start from scratch.
The truly paranoid will question whether just formatting the drive is
sufficient.
This isn't necessarily the case. While it will get the system up and
going
to cover their tracks if necessary.
If you'd like to send a copy of it my way, I'd be happy to peek at it
and see if anything else becomes obvious. You may send it to my virus
catch all - guidoz _AT guidoz _DOT_ com (Make the subject meaningful,
like Rootkit from FD as requested or something
Yeah the last time I can remember that someone tried that on FD, was
that some called exploit that had a IRC trojan in it...it was discovered
after about 5 secs..lol
Ah yes - that perl script that magically appeared in the tmp
directory. heh, hey, can't blame the guy for trying.
Also to touch
thinking about setting up the same myself, just for
experimental reasons! I think i'll find some differences
between the two.
This is true, GuidoZ could expand on this fact I know. If he is
around..lol Then again most corporate e-mails systems (and some people
at their house) have very
You should add some the opinions expressed in the email message are not
necessarily those of my employer or the like.. I doubt Finjan needs the
bad publicity among the security community of one of their researchers
saying this kind of behaviour is COOL.
Highly agree. To be honest, I was a bit
Heh, I won't argue that Andrew. John, you may try posting your
question to the Security Basics list - they are a little more
welcoming of questions. ;) Info can be found here:
- http://seclists.org/about/security-basics.txt
--
Peace. ~G
On Tue, 23 Nov 2004 20:22:08 -0800, Andrew Farmer [EMAIL
Dude, mplayer2 rulez!! I use it to play all sorts of things. =) I'm
glad they left it there... the newer MS media player is just bloat.
Media Player Classic (that comes with RealAlternative and QuickTime
Alternative) is another one of my favs. =D
Yeah, not really anything to do with the topic,
of
those AVI files that the version 9 and 10 won't play because of codec
stuff, kinda of funny. =)
-Original Message-
From: GuidoZ [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 20, 2004 1:15 AM
To: Todd Towles
Cc: [EMAIL PROTECTED]
Subject: Re: [in] Re: [Full-Disclosure] IE
They do the same on the home side. (Well, at least they did last time
I bought a Dell laptop. Been a few years.) I was going to point this
out too but you beat me to it. =)
--
Peace. ~G
On Sat, 20 Nov 2004 14:44:41 -0600, Todd Towles
[EMAIL PROTECTED] wrote:
Dell gives the full OS cd and then
the address bar and before the search bar.
To each their own. Don't knock it till you tried it. I've tried the
default manager. Have you tried this?
--
Peace. ~G
On Fri, 19 Nov 2004 15:09:35 +0100, evilninja [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
GuidoZ schrieb:
I
I agree - the default cookie manager leaves much to be desired. I've
found a very useful extension called CookieCuller that handles them
much better, allowing you to save or clear cookies with a single
click. Plus, you can view the information contained in the cookie
without having to do anything
In case no one else helped you with this, allow me to try. =)
Could you please define integrated? English isn't my primary language...
Integrated is similar to saying is part of or united. For future
reference (and more info), Google can also be extremely handy in such
a case. Doing a Google
I'm not trying to take sides, although KF has made a very good point.
I see a handful of people complaining about the list. Face the facts:
it's unmoderated. That was a known fact when we all signed up and
shouldn't be overlooked now. Allow me to elaborate a bit.
Obviously it's your choice to
I'm not 100% on this, as it could be something I've never heard of (of
course). However, it sounds a lot like someone is playing with
FakeAP:
- http://www.blackalchemy.to/project/fakeap/
It's not real difficult to setup and only requires a Prisim chipset
card (one or more) and a compatible Linux
A very good point indeed Mark; one that shouldn't be dismissed even
WITH common SSIDs. Other technology clashing with WiFi certainly isn't
new... in fact it getting worse!
Besides motion sensors, also look for wireless phones, security
systems (like ADT's window/door systems - they use wireless
OT (slightly), but a statement in the News.com[1] story is incorrect.
It states that In August, the U.S. Department of Justice made arrests
in five states on charges of criminal copyright infringement in an
action dubbed Operation Digital Gridlock... (middle of 4th
paragraph).
No arrests were
A nice movie indeed. =) I'd have to agree that it is certainly a
problem/limitation that they should address.
One program I've used for years (freeware) is from Mark over at
AnalogX.com - called ScriptDefender. Google it for more info or pop
over and see it at www.analogx.com. Good stuff!
While you're statement is entirely true, I believe what Daniel is
trying to point out is the fact that NAV's script blocking feature
(which is supposed to stop ALL attacks, known or not, if they involve
scripting) isn't working.
If you don't password protect your AV settings, a simple batch file
I'm seeing quite a rise in spam as well. The reason is most likely
quite simple... Gmail was new before, hence it wasn't spammed. The
best way to get rid of spam in your inbox - get a new one! Only
fool-proof way there is. Now that it's been around for awhile, so has
your email address. (There
spam. ;)
--
Peace. ~G
On Sun, 31 Oct 2004 13:23:40 +, n3td3v [EMAIL PROTECTED] wrote:
On Sun, 31 Oct 2004 01:18:56 -0400, GuidoZ [EMAIL PROTECTED] wrote:
I'm seeing quite a rise in spam as well. The reason is most likely
quite simple... Gmail was new before, hence it wasn't spammed
I believe the reason Nick created another thread was because he's
starting a new subject. The old thread had moved more into ways to
fight spam. Nick's thoughts seem to be focused on if anyone or group
has even done a legitimate study on the amount being passed through
bots on exploited systems.
I'm not going to get into this off-topic discussion, but I will point
out an incorrect assumtion on your part.
No it wasn't a baited e-mail just to wind people up. This is the
problem with some americans, when you try and tell them about the
truth of whats happening in the world, they think
that I worry about.
I realize that such information is generally available through public
records and such. However, that's no reason to post it all for easy
access and saving. ;)
--
Peace. ~G
On Tue, 19 Oct 2004 12:59:37 -0500, Todd Towles
[EMAIL PROTECTED] wrote:
GuidoZ wrote:
=) Yeah, I do
Newsflash - this list is unmoderated. =) I've setup some nice filters
to automagically delete such automated replies. Email me off-list if
you want some tips on such a thing.
--
Peace. ~G
On Fri, 29 Oct 2004 18:11:19 +0300, Alex V. Lukyanenko
[EMAIL PROTECTED] wrote:
Hello dirk,
Friday,
See here:
- http://lists.netsys.com/mailman/listinfo/full-disclosure
Pay close attention to the bottom of the page. ;)
P.S. Sent to list as well to hopefully teach others before they make
the same mistake.
--
Peace. ~G
On Fri, 29 Oct 2004 16:00:35 -0400, ByPasS [EMAIL PROTECTED] wrote:
how would this list help me spam?
Google your email address - then simply use a bot to gather ALL the
email addresses listed in the posts along with it. ;) The sad fact is
that the email addresses used to post to this list (and any others
like it) are freely there for the taking. Plus, it's
I meant this outdated NASA e-mail list. I undestand that FD could be
used for this purpose.
(snip)
You know me better than that GuidoZ .lol
=) Yeah, I do. I wasn't sure if you were having a brain fart or something. lol
The fact that NASA just hands you this information (outdated
Interesting read indeed. Thx for the translation Venomous. ;)
FYI: I started getting 403 Forbidden errors upon trying to view the
last few pics. Not really sure what was up - was able to see most of
them. (?)
--
Peace. ~G
On Wed, 13 Oct 2004 13:19:00 +1300, VeNoMouS [EMAIL PROTECTED] wrote:
Eliurkis, this isn't a tech support forum. You're quite likely to
start a flame war with a post like that. ;) I'd recommend checking out
the Security Basics list instead, as they welcome simple/common
technical questions.
You can get more info on that list here:
-
.
This includes those that wouldn't understand what the virus warnings
mean. Thanks for your clarification though Randall. Appreciate it. ;)
--
Peace. ~G
On Thu, 7 Oct 2004 06:02:02 -0500, RandallM [EMAIL PROTECTED] wrote:
GuidoZ
Didn't mean to have you apologize, it did it's job. It showed
That I
Love the idea! Until it is done however, I'm keeping my filters. ;)
--
Peace. ~G
On Thu, 07 Oct 2004 00:24:56 -0400, Byron L. Sonne [EMAIL PROTECTED] wrote:
Or we could do what any sensible moderator would do: send a test message
to the list specifying that NO ONE IS TO REPLY TO IT. And
to mask what's inside.
I figured those that would want to use it would either not worry about
the virus warnings, or not get them at all and REALLY need the fix it
helps provide. =) Email me at the address provided in my original
email (exploit _AT_ guidoz _DOT_ com) and I'll provide a link
the JPEG Downloader here:
- http://www.guidoz.com/makejpg.zip
If you have other questions, again, please feel free to email:
- exploit _AT_ guidoz _DOT_ com
--
Peace. ~G
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full
to
test their own systems, then patch them without having to call me for
help. It's not been tested in every environment and in every scenario.
If you find a problem, feel free to email me (exploit _AT_ guidoz
_DOT_ com) Obviously I'm not responsible if it's abused somehow, or if
it breaks something
This is what caught my eye too. =) I guess it makes sense they would
want to inform you of a new PG key.
I agree however - a Never talk to me again unless I email you link
would be handy.
--
Peace. ~G
On Wed, 6 Oct 2004 08:00:00 -0500, Todd Towles
[EMAIL PROTECTED] wrote:
Well, the e-mail did
Bingo - that's what I found too. The javascript is what does the dirty work.
--
Peace. ~G
On Mon, 04 Oct 2004 09:55:19 -0500, Willem Koenings [EMAIL PROTECTED] wrote:
hi,
I was unable to verify it, since I don't use IE, and would prefer not
infecting myself on accident, however I did
Something else that I noticed - the AffilateID is encoded.
Decoding reveals this: +A0,J}h:B6^;9gy7ue-}hx
Doesn't seem to really be important, but maybe useful when porting the
script. Those that would like to do such a thing should understand. ;)
--
Peace. ~G
On Mon, 4 Oct 2004 10:15:46 -0500
If you want a laugh, replace the CAB files which WinVNC or somesuch.
Intriguing indeed. However, you'll want to make a CAB file out of it,
not just an EXE. The CLSID and install params are for CABs. Not to
difficult to do though with a little Google hunting and some time. =)
--
Peace ~G
On
Subject: NDN: [Full-Disclosure] Shows when no limits are set or restricted shell or
bat ac
Sorry. Your message could not be delivered to:
tycho,ICS (The name was not found at the remote site. Check that the name
has been entered correctly.)
Yeah, I get this too. (In fact I wrote to the
What's the website address? Most likely looking at the html/scripting
would be the easiest way to find the answer.
--
Peace. ~G
On Sun, 03 Oct 2004 14:16:40 -0400, Geraldo Rivera
[EMAIL PROTECTED] wrote:
Last night I went to a site that I have been to on and off for years. The
page loaded and
I've heard of this before (see following link). I thought it was fixed
in SP1 (maybe it was SP2). I'm probabaly wrong - call it wishful
thinking. There is an interesting page in German about it here:
- http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm
English
More useful info on calcs/xcalcs:
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;135268
- http://www.ss64.com/nt/cacls.html
- http://www.jsiinc.com/SUBH/tip3700/rh3729.htm
--
Peace. ~G
On Fri, 1 Oct 2004 20:29:19 -0700, GuidoZ [EMAIL PROTECTED] wrote:
I've heard of this before
That's also my understanding, and expereince, from testing it. I'm
sure it's possible to find other ways to toy with JPEG parsing, such
as wallpaper. (I believe Todd brought this up before somewhere.) Try
it with Active Desktop (as you'll need to when setting a JPEG to
wallpaper), which uses IE to
Randall, you may want to direct your question at the Security Basics
list instead. More information can be found here:
http://seclists.org/about/security-basics.txt
They are a little easier to work with when it comes to explaining
things step by step. ;)
--
Peace. ~G
On Tue, 28 Sep 2004
If anyone is interested in the files this GDI exploit downloaded from
the FTP file (mentioned in the Easynews txt; it's now down), I grabbed
a copy. Interesting indeed. I've also archived the Easynews write-ups
and the infected JPEG itself. It's not exactly a virus being that it
doesn't replicate
discussed
in this thread, there almost certainly is some very difficult to
detect software already being used for other purposes important
to certain three-letter-agencies.
On Thu, 23 Sep 2004, GuidoZ wrote:
It is quite possible to hide processes, reg keys and files, and is often
done
I stand corrected. I hadn't thought about this...
More specific to the Windows environment, what we're
talking about is API hooking, and then more advanced
stuff such as DKOM, or direct kernel object
manipulation. This is where the linked listed used to
maintain a list of processes is
that is
COMPLETLY hidden, in every aspect, from the user.
Well, DUH. How could you find it if it was COMPLETELY hidden? ;)
Clarification: The user and a sysadmin that has a clue are two very
different people.)
--
Peace. ~G
On Thu, 23 Sep 2004 14:38:34 +1000, Matt [EMAIL PROTECTED] wrote:
GuidoZ wrote
I realize that this is purely speculation on your
part, but I'd be careful about saying things like
this. The reason is that understanding the kernel
and flow chart of processes isn't really the issue.
Yes, it was mostly speculation. The most common problem I run into on
a daily basis is
I guess my comment further down was overlooked:
GuidoZ said:
To save someone else from saying this, I'll reply to my own comment. =)
I've yet to find a rootkit, spyware, or malware that is
COMPLETLY hidden, in every aspect, from the user.
Well, DUH. How could you find
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of GuidoZ
Sent: Thursday, September 23, 2004 11:54 AM
To: Matt
Cc: Will Image; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Rootkit For Spyware? Hide your adware
from all Adware removers and Anti-viruses
It is quite possible to hide processes
Then maybe you're too young to. ;)
--
Peace. ~G
On Thu, 23 Sep 2004 16:33:23 -0400, Ill will [EMAIL PROTECTED] wrote:
On Thu, 23 Sep 2004 19:12:22 +0100 (BST), Steve R
[EMAIL PROTECTED] wrote:
snip
As casually as he can, Joe tries a little privilege
escalation maneuver on her back
:40 -0700, GuidoZ [EMAIL PROTECTED] wrote:
Then maybe you're too young to. ;)
I dunno... I'm only 18, but I get most of it. There's only a few terms
that I've never heard of before... specifically, HUP, TEMPEST, and
SARA. Even without them, though, I'd say it's fairly obvious what's
going
-0700, GuidoZ [EMAIL PROTECTED] wrote:
- HUP: Perl client for the Uptimes Project. (http://www.uptimes.net/ )
You can get the relation from the first two somewhat easily if you
look at it. HUP being related to Uptime is obvious now, I'd hope. ;)
HUP is also the signal sent to a process
I'd definately recommend capturing some of this traffic to see what is
being transmitted. (Harlan is right on.) It's one of the few things
that would great;y help know what is going on.
Something else you can try - make sure your shell command hasn't been
modified in the registry. Also, double
Awesome. Glad you got it solved! Now, you should take some
preventative measures to ensure it doesn't happen again. I would
recommend getting yourself some anti-keylogger software for a start.
(Google it - there's plenty to choose from for all budgets.)
Also, if your AV didn't detect either of
Interesting indeed. Although, I imagine this was a spam email, and I
never believe (nor buy) anything from spam. I wondr how credible this
really is. If there was such a way to do what they claim, don't you
think it would have been big news? One would think you wouldn't first
hear about it through
Hello Giuseppe, at first glance it sounds like a keylogger, though it
could be anything. Are you able to locate that file on your system? If
so, try getting the properties of it and see what information is
available under the Version tab. Also, you can try opening it up in
Notepad to see what you
2004, Nick FitzGerald wrote:
GuidoZ wrote:
blah, blah, blah
Look idiot -- would you please stop CC'ing me these messages?
If you are using such a shite MUA that your only option to
automatically get it to reply to the list address is to use some poxy
reply all function, please stop
here have the same habit (though getting duplicates of non-pointless
Email is generally nowhere near as annoying as getting two of GuidoZ'
rubbish).
--- quote ---
I like to be copied directly on threads. I have a MUA capable of
highlighting mail sent directly to me so I do
, exaggerating
the drama* I only hope those of us with little intillekt will
someday reach the level of those more fortunate.
--
Peace. ~G
On Sun, 19 Sep 2004 21:39:03 +1200, Nick FitzGerald
[EMAIL PROTECTED] wrote:
GuidoZ wrote:
I'm well aware that a filename usually isn't a very useful tools when
I did a little Google digging and came up with this:
http://www.windowsstartup.com/wso/detail.php?id=4239
Filename:expander.exe
Program Title: HiJaak Expander
Rating: 3 (application need to be run at startup, but is not
system critical)
Comments: Part of the HiJaak
some issues.
Glad the mystery was solved however. This reply isn't meant to be a
flame in any way, so please don't treat it as such... It is just a
mere explination of actions.
--
Peace. ~G
On Sun, 19 Sep 2004 11:25:05 +1200, Nick FitzGerald
[EMAIL PROTECTED] wrote:
GuidoZ wrote:
I did
Actually, tjhat makes a fair amount of sense. You're not alone. =)
This is kind of the tangent I was going on when I seemed to start this
whole thing. I figured by having a copy, I could help the person
requesting info, as well as being aware of it myself.
*shrugs* To each their own I guess.
I peeked at the site too. The common.js is nothing to worry about.
It just pops the page out of a frame if it opens in one (like from a
Hotmail link, for example). You can see it being called with the Body
OnLoad tag (body onload=framebreaker()). Here's the full code in
it:
--
//
to.
Before you attempt to say a word about MY nickname, it has humor
behind it. I've been using GuidoZ since before most people knew what a
computer was. When I signed up for my Gmail account, I was surprised
to see GuidoZ was already taken. (That's never happened before...) So,
I added Uber before
I believe it was done through email. DENIC received the request to
change the DNS, then emailed Tucows to see if it was ok to make the
changes. By default, the answer is yes. So, since no one responded
saying Hell no! Don't do that, the changes were made.
Personally, I can't comprehend how the
this is the *REAL*
Richard Johnson. If he was representing iDEFENSE why the heck would he
be using an @bugtraq.org email address?
-KF
Über GuidoZ wrote:
I
just lost a lot of respect for iDEFENSE... being the Senior Security
Researcher, you would think you might be a bit
Thank you for the clarification. I'll shift my disrespect over to the
individual at Bugtraq.
--
Peace. ~G
On Thu, 9 Sep 2004 16:05:37 -0400, iDefense Labs [EMAIL PROTECTED] wrote:
These recent postings and all past postings from [EMAIL PROTECTED] do
not come from iDEFENSE or any of it's
Agreed. I was the one who possibly started this with my innocent
comment of send what you have to me and I'll see what I can figure
out. It was meant to be a helping hand and nothing more... sincerely.
I would expect anyone who understands the basics of the Internet to be
able to track down my
Well, from a quick glance I can tell you that %20 is ascii for space
( ) and %06 is ascii for a forward slash (/). I also see %17, which
is ascii for ETB (End of Transmission block), however I'm not sure if
that's what was supposed to be there. So, replacing the first two
leaves you with this:
Very happy to see your reply Bernardo. =) That's how I imagines
VirusTotal.com to be... it's a shame that some people insist on
bashing a valid service. I can certainly understand, and appreciate,
2nd guessing something that seems to good to be true. However, instead
of bad mouthing it right out
I'd be happy to take a look at it. =) Send it to: [EMAIL PROTECTED]
Just be sure to zip it up, otherwise the web host will deny it. Beyond
that, there are no checks. Make sure to put virus test from FD in
the subject so I don't dismiss it. ;)
Beyond that, you can submit it to a number of AV
Ahem, *blush*
Be cautios with your words
Should be, as you probably guessed: Be cautious with your words. Damn typos.
--
Peace. ~G
On Fri, 3 Sep 2004 01:58:24 -0400, Über GuidoZ [EMAIL PROTECTED] wrote:
Hey, the man asked for help, so I offered it. Simple as that... I'm a
helpful guy
of help is entirely genuine?
Amen. Not only that, but was also said, the choice to do so or not is yours.
--
Peace. ~G
On Fri, 3 Sep 2004 02:19:07 +0100, James Tucker [EMAIL PROTECTED] wrote:
On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
[EMAIL PROTECTED] wrote:
Über GuidoZ wrote
. ~G
On Tue, 31 Aug 2004 02:49:41 +0200, Christian [EMAIL PROTECTED] wrote:
Über GuidoZ wrote:
even though it's officially a serial connection... the assumtion is
talking about RS232 specs: http://www.google.com/search?q=rs232 I
think we're all aware a virus can most certainly traverse
Easy sparky. Maybe it isn't his choice that he cannot release the EXE.
It's entirely possible, in fact, quite likely, that some higher up
who knows dick about IT and viruses got scared and said This cannot
be shared with anyone! If it doesm you'll lose your job. Just because
they are worried about
Awesome list of info there Nick. Thanks for putting it all into one place. =)
--
Peace. ~G
On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
[EMAIL PROTECTED] wrote:
bashis wrote:
Thx for the tip with VirusTotal guys! =)
Here is the result.
snip
OK -- having delayed it this far,
, IS.
A little respect is all I ever ask. =)
--
Peace. ~G
On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
[EMAIL PROTECTED] wrote:
Über GuidoZ wrote:
... If you want to email me a copy of it, I'll
rip it apart and see what can be seen.
And world plus dog should entrust you
Personally, I feel it's a VERY valid point. If the only way to fix
something, for example, is by training and education, it's entirely
possible the time (and resources) necessary to do such a thing isn't
there.
[EMAIL PROTECTED] said:
If you do not have time, and the audience does not care
. Appreciate the comments.
--
Peace. ~G
On Fri, 3 Sep 2004 11:31:27 +0200, Michel Messerschmidt
[EMAIL PROTECTED] wrote:
On Thu, Sep 02, 2004 at 04:01:16PM -0400, Über GuidoZ wrote:
It's kind of interesting to see the results, as it shows you what AV
programs seem to detect things better then others
I can't point you towards any white papers unfortunately, however I
CAN point you towards an application that I have found most useful for
securing IM conversations.
http://www.secway.fr/products/simplite_msn/home.php
The free version is for personal use and trial. Their pro version
(only around
Thank you for your subscription request. Per your request, we will
subscribe your email address to all lists currently indexed on the
list server. No further conformation is necessary.
--
Peace. ~G
*snicker* Sorry, couldn't resist.
On Thu, 2 Sep 2004 12:18:47 +0530, Rahul K [EMAIL PROTECTED]
I believe someone else mentioned this site on this list (not sure),
but have you tried running it through www.VirusTotal.com? A nice place
for a quick 2nd opinion. If you want to email me a copy of it, I'll
rip it apart and see what can be seen.
P.S. Send it to [EMAIL PROTECTED] - it's my catch
VirusTotal identified if as another Rbot/SDBot. Good questions Barry -
things one should also do or answer when questioning what something
is.
--
Peace. ~G
On Thu, 2 Sep 2004 13:35:00 -0400, James Patterson Wicks
[EMAIL PROTECTED] wrote:
French site
Glad it helped. =)
It's kind of interesting to see the results, as it shows you what AV
programs seem to detect things better then others. It's also useful
for known viruses, but needing to know what each AV program calls
them. (I find this useful when trying to do tech support.)
--
Peace. ~G
I wasn't trying to say there weren't viruses in those days. (Those
days being mid-late 80's.) I was just trying to explain the same fact
you pointed out - they didn't spread like they do today. (Did I really
say not possible? I'll have to go back and read that =P )
I believe the original author
Well stated James, as usual. You'll have to excuse me if it appeared I
participated in the pissing contest. Was only trying to reiterate my
point, not to mention pointing out what I WASN'T talking about. It
seemed there was some confusion.
James Tucker said:
4. Most viruses in circulation today
I believe it has to do with the way it is handled. Inside of it, the
USB root hub will see 8 different devices, corresponding to all the
different types of removable media there is. (When you plug it in
while in Windows, you may notice that 6-8 new drives will appear in
My Computer.) I'm guessing
Would just the source code work? Or do you need to have it already compiled?
Try Google... there are plenty of places online that allow you to
download virus/worm source code. Some of them even have them even have
the compiled binaries posted to boot.
~G
On Mon, 30 Aug 2004 12:46:41 -0500,
Agree with your answer - in fact, I've successfully booted the Live
Knoppix version from a 1GB USB stick. Took some configuring, but runs
beautifully once done.
If you can get it to work, or worried it might, it has EVERYTHING to
do with a security mailing list! Lets say I have physical access to
Very interesting situation. To be honest I've never tried to
experiment with such a setting in a virus lab, however I do know that
viruses can travel via any electronic means of communication. Back
before RJ-45 jacks were used much, NICs had serial or BNC plugs
instead. Viruses traversed through
lol, well if they don't allow us (IT staff) to do our jobs, then they
will REALLY be upset when it's offline for 18 DAYS since it's broke.
=)
I'm sure there are viruses out there (older ones mind you) that would
be aware of a serial connection. The reason no newer ones would... who
uses a serial
Missed this email - for some reason Gmail sent it to the spam folder. (?)
I've yet to have an issue booting to my 6-in-1 card reader. Maybe I'm
lucky since I noticed the Sony Memeory stick I was booting from (for
Knoppix, before I purchased a 1GB USB Stick) is the first drive listed
when plugging
1 - 100 of 104 matches
Mail list logo
