Andrey,
Just to add to the concern you bring up is what VirusTotal also shows on the
Detection failures.
http://www.virustotal.com/flash/graficas/grafica4_en.html
Of course for me that's job security but none the less its pitiful. And now
in steps Microsoft with Billions under its belt and I'll
The following established connection was noticed:
TCPxxx.xxx.x.xx:2869 64.233.187.104:80 ESTABLISHED 2824
Process viewer reported it to be:
Googledesktop.exe
SamSpade says:
03/05/05 21:54:31 whois 64.233.187.104
I don't recognise any domain in 187.104, trying internic
whois
___
Afraid Microsoft's anti-spyware will muck up your hard drive, erasing your
digital photos, music collection and work files?
Don't worry, you've got a $5 rebate coming your way in this worst-case
scenario--enough to buy five songs on iTunes. That is, if you read and take
advantage of
Jordan wrote:
[Full-Disclosure] this is fun?
Jordan Klein haplo at haplo.net
Sun Feb 20 11:12:39 EST 2005
Previous message: [Full-Disclosure] this is fun?
Next message: [Full-Disclosure] this is fun?
Messages
I am so sorry for interrupting the list. I'm trying to pick up IRC
communications on the network. I've made some filters for Ethereal and
Observer but can't seem to pick it up. I'm doing something wrong. Used the
6668-6669 ports. Any help?
thank you
Randall M
Problem: Down Syndrome Virus (DSV)
Affected devices: Various web, internet, intranet and PC's.
Severity: DOA (Denial of Access).
Author: Ima Notserious
Warnings: Elevated
Fix: At present no available fixes.
:
Overview:
Many users have been reporting
Have been getting a number of these come thru also at work.
Of course all the users are asking me questions about these.
They all have the strange words, paragraphs, and questions like this one.
They really got my attention. I at first thought they were hidden messages
but
Not so as the one we
On Thu, 6 Jan 2005, James Patterson Wicks wrote:
While this was just a quick test to satisfy my curiosity about the
Microsoft tool, my initial feeling is that the Microsoft AntiSpyware is
worth a test deployment in the office. This beta expires in July.
Hopefully the final version will be
KF (lists) wrote:
Message: 11
Date: Fri, 07 Jan 2005 11:19:56 -0500
From: KF (lists) [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Microsoft AntiSpyware - First
Impressions
To: full-disclosure@lists.netsys.com
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain;
So, where do you all stand. Exploit for fame or for purpose?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Berend-Jan Wever
Sent: 25 November 2004 01:05
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure]
It's just getting ridicules not to mention what it cost all of us in the
end. And might I add doesn't make since. I mean, they spam selling something
with no real contact but a spoofed one or real website to reach (most of
the time). I placed an web appliance at my work place and catch an average
I'm attempting to find some simple free programs that will help secure my
mobile users. Simple because anything above sitting in the tray will confuse
them. I'm testing this on a computer that is XP2 patched, McAfee 80 which
has file creation type protection, Google blocker, Spybot and Previx
Daniel,
Man, that was just awsome! Enjoyed the movie and the popcorn! Like to see
more PoC like that!!
thank you
Randall M
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Daniel told me:
--__--__--
Message: 4 Date: Wed, 03 Nov 2004 20:09:02 -0500
From: Daniel Milisic [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting
Vulnerability Pt.3 (Includes PoC VBScript Code)
Hi All, I have major
6. Google blocks Gmail exploit
By: John Leyden, The Register
Google has fixed a flaw in its high-profile webmail service, Gmail, which
created a possible route for hackers to gain full access to a user's email
account simply by knowing their user name.
http://www.securityfocus.com/news/9843
Billy said:
--__--__--
Message: 1
From: BillyBob [EMAIL PROTECTED]
To: Full Disclosure [EMAIL PROTECTED]
Date: Sat, 23 Oct 2004 13:05:29 -0300
Subject: [Full-Disclosure] Help, possible rootkit
I have noticed that my XP system is behaving like I have a rootkit.
-- -- --
__ __
Billy,
1. Go
http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx
http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx
thank you
Randall M
___
Full-Disclosure - We believe in it.
Charter:
Router locationindex
router1.iust.ac.ir Iran (Tehran) 29
Which one of you are attacking Iran
http://www.internettrafficreport.com/asia.htm
thank you
Randall M
___
Full-Disclosure - We believe in it.
I did. He said stop using passwords. I'm not flamming, I was passing on an
article.
thank you
Randall M
|-Original Message-
|From: Aviv Raff [mailto:[EMAIL PROTECTED]
|Sent: Saturday, October 16, 2004 10:19 AM
|To: 'RandallM'; [EMAIL PROTECTED]
|Subject: RE: [Full-Disclosure] Senior
Oh my Gawd! I think I've fallen in love! You will be hearing from me soon!
--__--__--
Message: 4
Date: Wed, 13 Oct 2004 10:28:40 -0700 (MST)
From: Jay Jacobson [EMAIL PROTECTED]
To: Mr. Rufus Faloofus [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Nessus experience
SNIP
: Thursday, October 07, 2004 1:16 AM
|To: RandallM
|Cc: [EMAIL PROTECTED]
|Subject: Re: [Full-Disclosure] RE: Full-Disclosure digest,
|Vol 1 #1955 - 19 msgs
|
|It might be detected as Trojan.Moo or any other variant of
|the JPEG exploit. As I said, it attempts to exploit the
|system to see if it's
http://www.securityfocus.com/columnists/271
Very interesting and yet kinda scarry! Symantec gave their view on the trend
of internet attacks. I'd be very interested on the views from this list.
There is one area that is starting to concern me at my place of employment
and that is IM's. I delete
The U.S. House of Representatives voted late Tuesday to restrict some of the
most deceptive forms of spyware.
By a 399-1 vote, House members approved legislation prohibiting taking
control of a computer, surreptitiously modifying a Web browser's home page,
or disabling antivirus software
|On Wed, 6 Oct 2004 05:03:45 -0700, Gregory Gilliss
|[EMAIL PROTECTED] wrote:
| Great, Not that I'm any fan of spyware, but this is just
|another law
| against hacking. Think - what's the difference between this and
| someone using XSS to take control of a computer? If you
|r00t a box
|
|--__--__--
|
|Message: 14
|Date: Wed, 6 Oct 2004 15:53:32 -0700
|From: GuidoZ [EMAIL PROTECTED]
|Reply-To: GuidoZ [EMAIL PROTECTED]
|To: [EMAIL PROTECTED]
|Subject: [Full-Disclosure] Quick JPEG/GDI test fix (timesaver)
|
|Hello list,
|
|I wrote a very simple program/batch file that tests for
Would access to command shell be accomplished via the recent ZoneID hole if
such Administration password access is not available? Or perhaps even with
the launching
Of the MS04-028 exploit? Of course any Terminal usage on home pc's are
noticed because users
are locked out. Now terminal servers are
Sorry for my stupidity and too quick response. After careful study I see its
the .DLL only. This exploit has me too excited! I am impressed though with
how quick the response to this has been. I have heard of view incidents. My
own ISP has finally implemented protection even from those files
Is there anything fishy about this service performing background FTP
request?
thank you
Randall M
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Fab,
One kewl way is to open a website like Nakedladies.com and log all the
visiting IP's!
Kewl huh! Do you need someone to write some code also?
thank you
Randall M
|--__--__--
|
|Message: 4
|Date: Tue, 28 Sep 2004 09:32:37 -0600
|From: fabio [EMAIL PROTECTED]
|To: Full-Disclosure [EMAIL
Would some kind soul explain the total workings of the exploit in layman
terms? Things like how it
Is used, how the user is xploited, what's common about the jpeg code that
must be
Used, etc., etc.
thank you in advance
Randall M
___
Full-Disclosure
What exactly would one gain by creating a PoC on this exploit?
How exactly does this compare to meaningful disclosures that were
revealed because someone would not listen or ignored the warnings
of their security vulnerability.
I mean, this is nothing like a program goof that allows clear-text
A report issued by Symantec found that:
The average time period between the disclosure of a vulnerability and its
first exploit by hackers collapsed from several weeks in past reports to
less than six days in the first half of 2004.
'In some cases, we saw global exploits in less than two
Gentlemen,
I'm a little lost now on the intent of the original post. I believe it was
intending to say that IBM computers arriving with XP installations have
blank default Administrator passwords.
I install about three fresh installs of XP and four pre-installs on HP
laptops a week. The retail
Nick, have some coffee, it'll be ok! :)
thank you
Randall M
+
--__--__--
Message: 10
Date: Sun, 19 Sep 2004 21:39:03 +1200
From: Nick FitzGerald [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] ZIP Attachment
To: [EMAIL PROTECTED]
Reply-to: [EMAIL PROTECTED]
I'm curious if anyone else noticed that the patch to fix windows only
takes you to the SP2 update. We don't want the SP2 update because we have
not fully tested this against our office and accounting software. I tryed on
three different machines and each time the windows update for critical or
With the SP2 RC1 McAfee could not update dats. Framework could not start.
Had to set settings manually.
Has this been fixed in the final version?
the settings:
To fix Virus scan 7.0
*Run dcomcnfg from the DOS prompt
Select Component Services
Select My Computer
Open DCom config folder
I haven't seen all the threads on this but there is a tool called
CWShredder. It was created to combat CWS. Unfortunetly,
the author was a student and it seems no longer can support it. I just
attempted to find it somewhere else because his links seem down.
At work I use it all the time to clean
Maarten,all,
I might add that security is a big part of this subject considering
cyber-war being implemented
From both sides.
thank you
Randall M
|--__--__--
|
|Message: 6
|From: Maarten [EMAIL PROTECTED]
|To: [EMAIL PROTECTED]
|Subject: Re: [Full-Disclosure] antisemtism, FD and bandwidth
So are there any problems or complications for enterprises when applying
this patch?
thank you
Randall M
Message: 3
Date: Fri, 02 Jul 2004 12:36:03 -0400
From: William Warren [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] MS kills ADODB.Stream in IE to fix
After a number of years, much thought,and long nights I have developed a
systematic method to prevent and thwart exploits on my system!
NEVER REBOOT!
I have been up and running for 876 days straight and have had no problems to
date!
thank you
Randall M
: Personal account
RandallM [EMAIL PROTECTED] wrote:
I looking for something that can utilize multiple scanning engines to
place above our mail servers. Any suggestions?
Precisely how is this a security vulnerability disclosure issue?
Securityfocus has a focus-virus list
Hi,
I looking for something that can utilize multiple scanning engines to place
above our mail servers. Any suggestions?
thank you
Randall M
___
Full-Disclosure - We believe in it.
Charter:
Jelmer made this really neat statement:
|--__--__--
|
|Message: 5
|Date: Mon, 07 Jun 2004 04:17:28 +0200
|From: Jelmer [EMAIL PROTECTED]
|Subject: RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary
|code
| (An analysis of the 180 Solutions Trojan)
|To: 'Chris Carlson' [EMAIL
--__--__--
Message: 21
Date: Fri, 04 Jun 2004 00:08:23 +0200
From: Axel Pettinger [EMAIL PROTECTED]
Organization: API
To: Perrymon, Josh L. [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] anyone seen this worm/trojan before?
Perrymon, Josh L. wrote:
I found this worm/
Yo! Skylined, don't hold back, tell us how you really feel!
|Message: 30
|From: Berend-Jan Wever [EMAIL PROTECTED]
|To: [EMAIL PROTECTED]
|Subject: Re: [Full-Disclosure] lists, autoresponders, and netiquette
|Date: Fri, 28 May 2004 03:42:40 +0200
|
|Every time I post to a list I get these out of
Well, concerning the German Teenager who is responsible for releasing
sasser, Mitnick states:
He was no great technical expert. There was a published vulnerability and
he took his worm and used his exploit code to be able to propagate it in the
many systems that Sasser touched.
QUESTION:
If a tree falls in the woods where no one is around to hear it does it make
a sound?
If there wasn't someone looking for bugs or exploits would there be any?
In a perfect world this list wouldn't exist.
___
Full-Disclosure - We believe
I am using the following only as an example that has been slightly discussed
here. The gentleman rightly posts and gives us the information that is very
helpful to be aware of. But then posts the exploit example because, in his
own words,
|I think some people know how to use this FEATURE ... I
Hi,
Any programs out there that watches changes to registry and can give an
alert?
My intention for this is only because of my limited knowledge of the windows
registry. As I understand, no processes, applications, programs run with out
entries in to the registry. This it seems includes
Hot dam, can't wait to get to work and try this on our network!
|--__--__--
|
|Message: 19
|From: Shashank Rai [EMAIL PROTECTED]
|Reply-To: [EMAIL PROTECTED]
|To: [EMAIL PROTECTED]
|Organization: Etisalat NIS
|Date: Tue, 04 May 2004 11:40:12 +0400
|Subject: [Full-Disclosure] Catching Sasser
|
You know what blows me away. People who can in one breath write the info
like youssef below and what other on this list have written. And that most
of you are probably not older then 25yrs old. You hacked your first box when
you were 2 and flunked kindergarten class because your teacher didn't
Javier,
Boy are you hitting the head on the nail. There I was getting ready to patch
all the machines I could that day (I had posted here about getting help in
that direction a man's gotta patch) and while I had a cd in my hand
getting ready to insert it, up popped the LSASS Vulnerability error
thank you
Randall M
To my mentors:
Let me first give a short history to my situation. I work for a company that
began 10ys ago with three Mac servers and about 25 Mac workstations. 10
years later they have 34 servers, 345 PC workstations and 60 G4/G5 Macs in 5
locations around the USA.
I
Hey,
I have to agree with Borg. I am of course new to your list. I joined it to
learn the what, when and where of security. I must say that when I saw
exploits posted I was a bit taken back. My first thought was Guess I can
expect to see it soon. A question naturally comes; would it show in the
Asking for suggestions on best methods, equipment and experience to set up
test lab. I am more then anxious to learn and build my experience
thank you
Randall M
___
Full-Disclosure - We believe in it.
Charter:
thank you
Randall M
Willam,
My job is to support sales force using laptops. Also customer service reps.
That silly scanning gets in the way and slows progress! Not only have
they not learned, but don't care! I pull my hair out trying to come up with
ways to support them and protect the network.
56 matches
Mail list logo
