On Thu, 03 Mar 2005 20:40:00 +0100, Christian Leber said:
There is no reason why someone would sign up for a service that installs
some application that is invisible and not removable and sents data to
some service.
That's assuming of course that the user actually signs up for the service.
On Thu, 03 Mar 2005 15:33:09 EST, Matt Marooney said:
The intent of the BIOS portion of the program was just to have a small
bit of code that checked for the existence of the main monitoring
program on the disk, and if it was not there, reload it somehow.
The main program would run from
On Fri, 04 Mar 2005 09:46:54 +0530, Aditya Deshmukh said:
tell me how me people are going to use a guest accont on their own computer
and then be able to use the computer normally ?
Actually, if the regular user needs more than guest privs to do their
*normal* stuff, the system's security
On Sun, 27 Feb 2005 01:19:34 +0100, William Waisse said:
I already saw this problem switching from ctrl+alt+F7 to ctrl+alt+F8 from a
F7 root X session to a F8 user X session, wher the user session sees the last
root screen.
Umm... what's stopping the user from looking at the F7 root session
On Thu, 24 Feb 2005 00:51:00 CST, J.A. Terranson said:
On Thu, 23 Feb 2005, Ahmad Naazir wrote:
http://ringo.com/i?uid=Jg8rPqPWwgOT2n9Y;
I'm using a new, free service where I put in my contact info for you,
you put in your contact info for me, and everyone stays up to date
automatically.
On Thu, 24 Feb 2005 14:35:27 PST, Eric Paynter said:
All kidding aside, this seems to be a real security issue. Your system
shouldn't be showing unauthorized users what you were doing. It should
properly flush the memory.
Does a power off flush it?
I've seen this behavior on a Dell
On Tue, 22 Feb 2005 09:36:21 GMT, preeth k said:
I am designing a Network Intrusion Detection System in Linux. I want to create
a database of intrusion signatures using MySQL database. Can anyone please
give an idea about what all fields I have to include, how to store packet
payload, which
On Sun, 20 Feb 2005 01:09:29 +0200, Willem Koenings said:
3. testing doesn't reveal absence of unknown flaw
4. testing doesn't reveal absence of all unknown flaws
Think for a moment - would you *ever* be able to go to your boss and say:
I've finished testing the program, and even though there
On Fri, 18 Feb 2005 16:04:52 EST, bkfsec said:
Are you aware of any server software that has been so rigorously tested
that it has no flaws at all?
That would be one hell of a find...
Testing can reveal the presence of flaws, but not their absence -- E. Dijkstra
So yeah, it *would* be
On Wed, 16 Feb 2005 09:27:45 CST, [EMAIL PROTECTED] said:
Fact: If the paper and method are sound...the sky STILL is not falling
(although it will be raining pretty darned hard)...2^69 operations...to
get a collision...how many hours of current gen cpu cycles?? (some notes
from the blog
On Tue, 15 Feb 2005 10:42:01 PST, Dyke, Tim said:
I have been looking at harddisk encryption and the question I have is:
How does one enter the password on a Tablet without a keyboard, on hard
disk encryption software that has Pre-Boot Authentication.
That's easy, you take the stylus and
On Sat, 12 Feb 2005 02:48:56 +0100, Bernhard Kuemel said:
If hashcash (http://www.hashcash.org/) gets integrated in our mail
systems we no longer need to hide or obfuscate our email addresses.
On the other hand, widespread distribution of hashcash will probably mean
the end of many mailing
On Sat, 12 Feb 2005 02:48:56 +0100, Bernhard Kuemel said:
If hashcash (http://www.hashcash.org/) gets integrated in our mail
systems we no longer need to hide or obfuscate our email addresses.
And I overlooked the most fatal flaw in hashcash:
Hashcash really sucks if you're a mail server
On Wed, 09 Feb 2005 18:01:41 +0100, the.soylent said:
i wan`t to use B/tchX (a famous IRC-Client) with the abbility to decrypt
all written with blowfish.
OS is Debian-testing (Sarge)
I have already loaded the right (?) module, with a: /loaddll blowfish.so
output :
B/tchX blowfish
On Wed, 09 Feb 2005 13:37:57 CST, Frank Knobbe said:
To prevent getting lulled into a phishing scam, could you please confirm
the fingerprints of the self-signed SSL certificate that mailman is
running on? :)
Bonus points if the fingerprint is in a mail that's digitally signed, so we
know
On Wed, 09 Feb 2005 14:14:35 CST, Frank Knobbe said:
heh... nah, having John look at the cert and say Yup, that's mine is
enough of a trust-level for me. (On the other hand, if he says Oh
shit! then the verification step has served its purpose :)
Unless we have a Schrodinger's Cat John who
On Wed, 09 Feb 2005 14:32:13 EST, Danny said:
Can the URL displayed on a mouseover in IE, be spoofed?
Umm... use the javascript onMouseOver() handler, or are you asking if that
venerable spoofing tool is itself vulnerable to spoofing?
pgpfbfs6updwU.pgp
Description: PGP signature
On Tue, 08 Feb 2005 19:27:54 EST, Danny said:
Further, if Microsoft thinks acquisitions will solve all of their
problems, why don't they acquire a company with programmers that have
some clue about security and it's place in software that is plugged
into a network.
They don't think
On Mon, 07 Feb 2005 09:27:25 PST, morning_wood said:
looks like MS is NOT publicly releasing a fix for this, while they have the
means and solution at hand.
( at least under IE )
a kind reader sent this little snippet...
... was able to get Microsoft to provide us with a DLL
to drop under
On Mon, 07 Feb 2005 11:06:18 PST, Richard Jacobsen said:
Open up firefox, put about:config into the address bar, and then change
network.enableIDN to false by double clicking on it. If it is working
successfully, you should get a message domainname.com could not be found
when clicking on an
On Sat, 05 Feb 2005 03:16:00 GMT, Jason Coombs said:
What we really need is click-through contracts for e-mail messages.
Somebody write an RFC, quick.
Already been done. Use a MIME message/external-body rather than an actual
mail body, and have it point to a URL that does the click-through.
On Wed, 02 Feb 2005 18:12:50 +0100, =?ISO-8859-1?Q?Stian_=D8vrev=E5ge?= said:
Don't you think it's a little strange if packets with source address
88.88.88.88 was leaving your 10.0.0.0 network? Or packets from
10.0.0.33 was comming in on the WAN interface?
Also, packet filtering is based on
On Wed, 02 Feb 2005 23:18:12 +0100, Volker Tanger said:
Alternatively the TAR binary might be SUID'ed, which is A Bad Idea(TM),
too - which are all SUID'ed programs that can write to arbitrary
locations...
And in the prehistoric dawn of the computer era, about 15 years ago, IBM made
one of
On Thu, 27 Jan 2005 09:00:39 +0100, Nicolas RUFF (lists) said:
But I would point out something much more important : there are many
more local exploits than remote (on Windows just like any other OS).
Local exploits : about 1-2 a month
* POSIX - OS/2 subsystem exploitation
* Debugging
On Tue, 25 Jan 2005 08:58:39 GMT, preeth k said:
I work on Redhat Linux and we want to know if there is any method to mirror
the '/proc' filesystem on one machine-A to another machine-B so as to monitor
all the events occuring in A using machine-B
The problem is that even if you *could*
On Tue, 25 Jan 2005 12:12:10 EST, Larry Seltzer said:
Yeah, fine, so if this bothers you use a VPN. I still it's something
very few people need to worry about.
More correctly, the vast majority of sites are so screwed security-wise that
they'll never have the opportunity to see a MITM attack
On Tue, 25 Jan 2005 11:22:25 CST, [EMAIL PROTECTED] said:
How hard is it to verify this yourself by, as has been suggested
elsewhere, signing up and sending yourself an email? Not to overly harsh
your mellow, but the solution to getting this information is not exactly
ocket science...
On Tue, 25 Jan 2005 14:51:07 MST, james edwards said:
No business can ignore a judges orders to produce whatever required
information.
The business can contest the request but if it is proven out the information
must be produced.
So tell me - what do you do when you get served a subpoena
On Mon, 24 Jan 2005 10:29:31 EST, KF (lists) said:
so then the bottom line is that there is a bug. When files are being
transfered they should also be identified via the content of the file
rather than the extension...
'Those who cannot remember the past, are condemned to repeat it.'
On Tue, 25 Jan 2005 10:05:23 +0700, Alain Fauconnet said:
I would certainly not call our users a legion of techies (sometimes I wish
they'd be more techies than they are). Setting up a VPN would require
having control of a box outside of our campus, which is not likely for
the vast majority
On Tue, 25 Jan 2005 11:49:55 +0800, Brian Anderson said:
I enjoy reading some of the messages in the Full Disclosure list however I
opt
to receive the list as a daily digest. This has the problem (for me) that I
have
to scroll thru the entire email message looking for the item(s) that I
On Fri, 21 Jan 2005 00:23:40 CST, Frank Knobbe said:
Since others are still throwing in their recommendations, let me add
mine as well. Back in the days when I used Windows, I really liked
HardDisk Encryption Plus from PCGuardian (www.pcguardian.com). It is a
full-disk encryption program (or
On Tue, 18 Jan 2005 19:14:51 +0300, [EMAIL PROTECTED] said:
This is just for my personal knowledge, I just wanna run stuff without
getting not enough rights boxes all the time. My boss would be OK, don't
worry
Then your boss should be happy to get somebody to turn them off on your machine.
On Tue, 18 Jan 2005 14:22:28 CST, Ron DuFresne said:
of course, on a semi serious note, elctromagnectic imaging scans have
proven to be pretty effective in noting the difference in a lying brain
and a truthful one. Now if they can just consolidate all that equipment
into a small handable
On Mon, 17 Jan 2005 10:20:18 +0100, Feher Tamas said:
The Down Syndrome is caused by a genetical disorder, not a
virus.
See: http://en.wikipedia.org/wiki/Down_syndrome
Yes, but the Dumb Advisory Meme is quite viral, we've had a number of
cases break out here of late. Amazon.com, DSV, a
On Sat, 15 Jan 2005 19:16:30 CST, J.A. Terranson said:
What is a troll?
That which one should not feed, after midnight or otherwise. ;)
pgpaTd4APUa2e.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter:
On Fri, 14 Jan 2005 19:54:28 +0300, [EMAIL PROTECTED] said:
Does anybody know or had any experiences with mcafee parental controls. It's
used at my work,
Parental Controls. Used at work.
I suspect that the employer-employee relationship there has some major issues.
And that said issues are
On Fri, 14 Jan 2005 19:24:16 EST, Mary Landesman said:
Let me dissect the joke for you...
J.A. Terranson posted that SWB was blocking port 25
Jianqiang Xin posted that Amazon.com was down and asked if it was related to
any attack.
J.A. Terranson then joked that maybe Amazon.com was hosted
On Sat, 15 Jan 2005 10:53:59 +0530, ALD, Aditya, Aditya Lalit Deshmukh said:
presumabally otherwith my windows intallation is screwed and maybe its time
to install freebsd on my machine.
And this is how the Resistance grows, one user at a time... :)
pgpbUBZlyrUIo.pgp
Description: PGP
On Thu, 13 Jan 2005 01:34:51 EST, Ill will said:
the flaw was in a third party software they used .. as for the pics we
won't be releasing them yet
One has to wonder which tabloid will win the bidding war for the pics. ;)
pgpQhiHeTbXgI.pgp
Description: PGP signature
On Thu, 13 Jan 2005 13:04:21 +0100, vh said:
On Thu, 13 Jan 2005 03:15:52 -0500 [EMAIL PROTECTED] wrote:
One has to wonder which tabloid will win the bidding war for the pics. ;)
Why was Mitnick jailed and this guy isn't? ;)
Umm.. Occam's Razor suggests the answer is because this guy has
On Thu, 13 Jan 2005 21:23:29 EST, Jeff Kell said:
Does the DMCA cover attempted sharing ??
IANAL and all that.. but anyhow.. :)
All the relevant text (17 USC 506 and others) are *quite* specific in their
use of copies actually produced or distributed as the relevant criterion.
As such, a good
On Wed, 12 Jan 2005 01:48:29 EST, Kevin Reiter said:
Sorry, but this was the very first post I saw after I joined this list a
little
bit ago, and I couldn't resist a few comments. Is this guy for real, or is
this a
joke?
Sometimes, it's hard to tell around here, even if you're *not* a
On Wed, 12 Jan 2005 4:32 EST, Eric Paynter said:
Not even American... No point in tracking him down further. It's clear the
agenda is not domestic.
On Wed, 12 Jan 2005 17:28:18 EST, Paul Kurczaba said:
That is the same thing I found :) What a waste of bandwidth... He could have
at least sent
On Mon, 10 Jan 2005 22:36:07 CST, J.A. Terranson said:
On Tue, 11 Jan 2005 [EMAIL PROTECTED] wrote:
Keep politics to a political mailing list. Besides, what America is
doing in Iraq is a good thing. Its unloyal parasitic citizens like
yourself that give America a bad name.
No.
On Fri, 07 Jan 2005 12:52:58 CST, Kyle Maxwell said:
It may not be perfect (I thought the Spyware Community was essentially
sending back to a central site, didn't realize it was P2P, this
requires a closer look) but at a minimum it's nice to see MS giving
this some attention. Fix the IE holes
On Fri, 07 Jan 2005 13:07:52 PST, GuidoZ said:
Try here instead:
- http://lists.netsys.com/mailman/listinfo/full-disclosure
Goes for anyone who wishes to be removed. ;) Save this email for
suture reference.
Or look at the e-mail headers for *every message*:
List-post:
On Sun, 26 Dec 2004 14:34:24 GMT, James Tucker said:
There are so many 'bits' that you simply could not filter all of them
using standard electronics.
The first bad assumption - that you even *need* to filter all the bits.
It would be the *very* poor intelligence agency that didn't apply some
On Sat, 25 Dec 2004 12:36:16 MST, Brett Glass said:
Unfortunately, it's part of a big system DLL with tons of entry points. How
best to
shim it?
How *best* to shim it? oohh.. I smell blood in the water - the sharks will be
here soon... ;)
pgp2ucyRoNMIC.pgp
Description: PGP signature
On Tue, 04 Jan 2005 23:22:27 CST, Kevin said:
the complaint, or somebody on the Internet is spoofing BGP route
announcements for unused address space out of larger allocations.
This is actually quite likely a possibility. There are enough tier-1's who do
a piss-poor job of filtering their
On Thu, 30 Dec 2004 22:00:55 PST, Daniel H. Renner said:
Not to bash my own country here but, this leads to a question: How can
any security product, sub-product or service created in the U.S. hold
credibility even with the good intentions that the creators may have
originally had?
Open
On Wed, 05 Jan 2005 13:00:41 +0100, Florian Weimer said:
RIPE doesn't have an announcement of the prefix, so I think
MediaSentry was in error.
Did you just check the RADB, or did you actually poke a looking glass to
see what's actually being announced?
pgptosuQfcQOU.pgp
Description: PGP
On Fri, 31 Dec 2004 23:14:43 EST, Byron L. Sonne said:
You know, people that set these auto-replies often give out a good
amount of information (of the social engineering kind and otherwise), if
someone were to apply themselves...
I'm not sure which is worse, the fact that we all now know
On Thu, 30 Dec 2004 12:52:23 -0400, Jerry said:
I have to agree with Shane on this. The whole point of the admin a.k.a root
user is to have full control over everything. What's the point of that user
if it can't delete of stop a set process when required if some user orphans
something and
On Mon, 27 Dec 2004 10:05:55 EST, Mary Landesman said:
Now, if there were reason to believe that a crime had been committed and
that evidence lies in the email, that's a different story. In such a case, I
believe the email should be turned over to the authorities. But absent legal
need,
On Tue, 14 Dec 2004 16:33:59 CST, wastedimage said:
can anyone provide me with a traffic sample of this? I would really
like to see if this is the actual exploit or just a script kiddy
trying his little heart out.
What's this '*THE* actual exploit' stuff? These things are rarely unique ;)
On Tue, 14 Dec 2004 15:44:41 PST, n30 said:
Guys,
Looking for few interesting security breach stories...
Any database / sites that capture these??
Well, there's a problem - where do you get the stories?
The black hats probably won't be sharing their version of the stories
(at least until
On Tue, 14 Dec 2004 10:49:48 +0100, Feher Tamas said:
An apparently brands new D version of the ZAFI worm, with
Merry Christmas! subject and animated fucking smiley icons
on the inside is spreading Postcard.HTML.blahblah.. dot
ZIP/CMD files.
*yawn* Somebody hit rewind on the remote control,
On Fri, 10 Dec 2004 23:42:07 EST, Scott Renna said:
Beautiful...how many more fun ones like these until people start to
migrate away from IE.
If the stuff in the past hasn't already urged them to migrate, why should
a small thing like being able to beat the popup blocker make them move?
On Mon, 06 Dec 2004 19:29:26 PST, bipin gautam said:
A simple yet effective solution would be, for AV
vendors to (say) add the vulnerable system dll's,
execudables etc... in a threat list (Refering to
Microsoft's KB or something similar) And after
completing the virus scan, suggest the
On Tue, 07 Dec 2004 11:24:54 CST, Ron said:
There needs to be a good, opensource anti-virus solution where they
aren't worried about their bottom line. The problem is the amount of
maintenance it takes to keep a virus scanner up-to-date makes it hard
for somebody to do it for free.
Well,
On Fri, 03 Dec 2004 21:52:30 GMT, n3td3v said:
I think heads should roll over this. I think its the worst act a
corporation has ever undertaken in the history of the internet.
Hmm.. I don't know. Verisign's hijacking of *.com wildcards and several
different Microsoft stunts may very well
On Sat, 04 Dec 2004 19:55:31 PST, Michael R. Schmidt said:
Have you read the Geneva Convention? Or better yet The United Nations
International Covenant on Civil and Political Rights. Read it, the whole
thing, and then bitch and moan. Do you really think Terrorists live by it?
Has it occurred
On Thu, 02 Dec 2004 13:45:37 PST, xtrecate said:
I wasn't alive during the Nixon's reign of wtfs, but I don't think Nixon, or
indeed anyone engaging in underhanded political subterfuge, would be
particularly worried about the log files at insecure.org, which is what my
commentary pertained to.
On Thu, 02 Dec 2004 08:57:24 GMT, Adam Challis said:
Being based in Germany, wouldn't they be subject to German and EU law?
That's a minor factual detail, and we care somewhere between diddly and squat
regarding the facts of the case. ;)
The US government of late has shown little moral or
On Wed, 01 Dec 2004 15:11:46 EST, David S. Morgan said:
I am looking for an old LS trojan, with trojan being a misnomer. Essentially
, the scinario is that the admin (root) has a . (dot) in his path.
Geez. I don't have it, but it's easy enough to write.
% cat ./ls
!!/bin/bash
/bin/cp
On Fri, 26 Nov 2004 16:51:27 GMT, n3td3v said:
Yahoo! Groups, a fully featured user group and mailing list has taken
steps to prevent malicious users harvesting new e-mail addresses to
add to spam list databases. They (Yahoo) cut the e-mail address on the
website, so harvesting becomes
On Fri, 26 Nov 2004 16:51:27 GMT, n3td3v said:
I was thinking, why are all e-mail addresses not encrypted as soon as
they leave the authors mail client, surely this would stop anyone
seeing the address, apart from the mail client at the other end the
message was intended for. And when a user
On Thu, 25 Nov 2004 11:52:34 CST, Todd Towles said:
Could you please not forward your spam to the list. This is a 411
scam...if you don't know what that is..then please contact this person
and talk to him.
Looking for information on '419 scams' would probably be more productive
On Tue, 23 Nov 2004 22:41:07 CST, Paul Schmehl said:
I'm no mathematician, but I suspect the probability of this is somewhere
slightly south of null. Do you have any concept of how elections are run?
In *many* states each *county* determines the ballot type and layout, the
voting machines
On Wed, 24 Nov 2004 12:54:31 +0100, Antonio Javier G. M. said:
We really know what are we talking about. Please, use google to search for
IDP or IPS technologies and snortinline.
And *I* know as well - if you *READ* what I said:
Just a reminder for everybody and the archives - unless
On Wed, 24 Nov 2004 13:07:06 CST, Paul Schmehl said:
Did you not watch the mess in 2000? The *counties* decided how their
ballot would be constructed and how the elections would be run. Now how is
Jeb Bush and/or his Commissioner going to influence *Democratic* counties
run by
On Tue, 23 Nov 2004 15:12:06 GMT, n3td3v said:
All you guys do on the channel is talk about pimps and whores and
That's what it looks like if you didn't get a copy of the codebook. :)
other *general chat* stuff. Nothing related to security or hacking is
discussed (and if it is, its in very
On Tue, 23 Nov 2004 18:43:22 +0100, Antonio Javier G. M. said:
We need signatures for IDS/IDP for Oracle's alert 68.
How can we protect against these attacks if we can not apply patches in some
platforms?
Just a reminder for everybody and the archives - unless you're using some sort
of
On Mon, 22 Nov 2004 11:51:43 CST, Anders Langworthy said:
The CISSP, otoh, supposedly requires 4 years of professional full-time
security work (3 years with a college degree, or 2 years with a BS
Masters in Info Security). Going to a boot camp wouldn't take care of
this requirement.
On Sat, 20 Nov 2004 19:16:44 CST, Paul Schmehl said:
Just because someone or some institution has a credible name does not mean
that you accept what they say without even bothering to think about it.
Their study just invigorates the conspiracy theorist element of society
without
On Fri, 19 Nov 2004 11:22:31 EST, KF_lists said:
Any new features / functionality?
Oooh.. new features/functionality in software intentionally designed to be
malware (as opposed to the misfeatures and misfunctions shipped in the
unintentional malware shipped by all too many vendors). Even
On Fri, 19 Nov 2004 13:57:31 +0100, Borja Marcos said:
Given that Firefox is integrated in Linux... ¿Will I be able to use
Linux wthout Firefox? Or, ¿is Firefox an operating system module? Being
Hint: Linux is over 10 years old, and FireFox just came out. What did Linux
do before FF
On Fri, 19 Nov 2004 13:09:19 +0530, Gautam R. Singh said:
I was just wondering is there any encrytpion alogortim which expires with tim
e.
For example an email message maybe decrypted withing 48 hours of its
delivery otherwise it become usless or cant be decrypted with the
orignal key
So
On Thu, 18 Nov 2004 10:46:50 GMT, Joel Merrick said:
Maybe it'll get leaked on the net and we'll find out they use a hard
coded DES key that I could crack with my casio watch ;)
No, ROT13 is way leet strong crypto as long as nobody knows it, as
Skylarov found out... ;)
pgpG2hTqU9Pd6.pgp
On Fri, 19 Nov 2004 12:40:26 EST, Danny said:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of script kiddies originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies
On Fri, 19 Nov 2004 13:12:31 EST, Crotty, Edward said:
I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1.
There is such a thing as runas for Windows.
Yes, but is *the main design* of the system run as a mortal, and use
the 'runas' for those things that need more?
On Mon, 15 Nov 2004 13:46:37 CST, Frank Knobbe said:
Which leads to the question, which is a safe graphics file format? BMP
perhaps?
Nope - the incredible compression of .BMP files allows its use to DoS
the mail server. :)
pgpbsc2Iv5LYR.pgp
Description: PGP signature
On Mon, 15 Nov 2004 22:32:21 +0100, Florian Streck said:
Wasn't the reason for the Electors that at that time it was not
practicable to make a direct election due to the great distances in
America?
No, the concern was that people out in the boonies might be ignorant
hicks who would vote for a
On Mon, 29 Nov 2004 05:31:14 EST, KF_lists said:
Professional responses like that *really* make me wanna go
out and pay for Eudora.
OK. So make a difference. How much *more* are you willing to pay
for Eudora to make security a higher priority?
Yes, we security geeks all have a
On Tue, 16 Nov 2004 05:08:48 GMT, Jason Coombs said:
If quality is the true objective, then perhaps we should adopt exceptions to
intellectual property laws to force into the public domain any creative work
that has the capability to impact the security of anything important...
A few
On Fri, 12 Nov 2004 17:25:23 GMT, Andrew Smith said:
Interesting, i haven't noticed any. I guess gmail is picking them up?
Well, of *course* Google is picking them up - there's valuable data in them. :)
Data mining at its best - Google can look at the forged From: and To:
headers used by
On Fri, 12 Nov 2004 11:53:59 CST, Paul Schmehl said:
--On Thursday, November 11, 2004 02:22:18 PM -0500 [EMAIL PROTECTED]
wrote:
At least some of the machines used had active wireless on them
Do you know this for a fact? Can you identify the states/locations where
this was
On Fri, 12 Nov 2004 17:48:58 GMT, n3td3v said:
Don't listen to these business wankers in suits, they'll say anything
at high profile conferences to get extra claps.
No, actually, you *DO* need to *listen* to them. That way, when your
PHB comes in with another brain-dead
On Fri, 12 Nov 2004 10:46:51 GMT, [EMAIL PROTECTED] said:
Oh yeah, I've got 14,000 Windows 2000 machines to update to windows XP SP2,
hang on wheres that CD?
14,000 corporate windows boxes are easy enough to do - you can just use
whatever fascist scheme you prefer to jam the update down their
On Thu, 11 Nov 2004 05:42:54 CST, TK-421 said:
Yes, but because it's open source, you know that thousands of eyes are
looking at it daily. Especially in larger projects like
Mozilla/Firefox. I'm sure you'd hear about it if the Mozilla team was
including backdoors. That is unless you think
On Thu, 11 Nov 2004 10:50:14 EST, Exibar said:
Let me challenge YOU. Prove that my vote did not count. Show me absolute,
proof beyond a doubt that
my vote did not count.
If you cannot prove that my vote did not count, then you STFU.
By that logic, we should ban all discussion of holes in
On Thu, 11 Nov 2004 09:37:28 EST, [EMAIL PROTECTED] said:
todays hacker community. But the realities are that we are paranoid enough
to watch access to said systems to avoid at least 99% of local hacking,
eliminating that from feasibility.
We are?
At least some of the machines used had
On Mon, 08 Nov 2004 09:00:03 +0100, patryn said:
Microsoft is concerned that this new report of a vulnerability in
Internet Explorer was not disclosed responsibly, potentially putting
computer users at risk
Is a black hat who plays by the rules still a black hat? :)
pgpH3HziocL8q.pgp
On Sun, 12 Oct 2003 02:18:16 +0200, Richard Spiers [EMAIL PROTECTED]
said:
whoopee!. Bleh. Really a security issue? Same thing happens if you have
show
windows content enabled and you drag around a window, as long as your
dragging the window, the cpu will remain close to 100 % usage.
On Thu, 04 Nov 2004 11:07:47 EST, Michael Riedel said:
Ok so I was dumb enough to run it. Anyone else catch what commands they
run/ know of a way to track. I really don't feel like re-compiling gentoo.
Multiple people have posted what Perl code gets executed.
The problem is this:
$_ =
On Thu, 04 Nov 2004 15:33:38 -0200, Rodrigo Barbosa said:
Does anyone still have /tmp without noexec ?
/dev/sda2 on /tmp type ext3 (rw,noexec,nodev,nosuid)
1) A lot of people have a one partition for everything configuration,
as that's what their distro did at the time they first installed
On Thu, 04 Nov 2004 18:09:48 -0200, Rodrigo Barbosa said:
I'm not sure which standard (FHS ? LSB ?), but these softwares should
honor the TMPDIR environment. And yes, /tmp is the fallback, in case
$TMPDIR is not set.
OpenOffice apparently does now, after I filed a bug about it. I've not
On Thu, 04 Nov 2004 14:27:30 CST, Brent J. Nordquist said:
$ /lib/ld-linux.so.2 /tmp/anexe
This one is actually nailed down in the Linux 2.6 kernel.
pgpsAyFwSJwyc.pgp
Description: PGP signature
On Tue, 02 Nov 2004 20:12:46 +0100, yossarian said:
Interesting - who said that DMCA or the Communications Decency Act or the
Patriot Act were tech friendly?
Please note that the DMCA (in addition to the infamous circumvention clause),
*also* included the ISP safe-harbor exemptions in 17 USC
1 - 100 of 631 matches
Mail list logo