RE: [Full-disclosure] Administrivia: Requests for Moderation
> > Hows about instead of moderation, we try vote-kicking? I support this one, but who decides how many votes are sufficent to get someone kicked ? And what about the Votes that can be automated ? I bet someone will create a huge farm for voting Whenever there is any voting all the results will be swayed Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Moderated lists
> Why not do a self-regulating list? Something along the lines > of keeping > track of signup dates and IP addresses, then when a yahoo starts > spouting crap, put it to a vote on list. (only members older then xyz > date have a vote) If the list's wish is to have the user > banned, then so > be it... > This is all so good in principle but how do you implement it ? And how Does voting take place ? By email to the list ? This way anytime we have To remove someone from the list it will generate a whole lot of useless mail ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: 0-day for sale on ebay - New auction!
> No offense intended directly to the OP: > > Honestly, who gives a shit. Is this what this list is to be used for > these days? Are there no better OT forums, channels, cups w/string > that can be reserved for this type of chatter? For this kind of posts we have a mailing list : Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec And a lot of people from here are on that list Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
Heck they even block WinPcap_3_1.exe the network drivers that are Used by many programs And these are just the drivers. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
> > > That is a "help and support account" that you should disable. > > Also set very long random password and forget it. > I prefer simply delete it. Good choice? > > But I heard a rumours that this account can be activated remotely > without user's aware decision and used for Remote Assistance (e.g. > capturing a screen and even controlling input). I would not know about this unless I test it out, but from the top of my mind : you have to start the service for something like this Deleting it might cause problems "help and support" just deny the account all kinds of privs and it would no longer matter. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Most common keystroke loggers?
> How about one-time passwords? Just go ahead and *let* them > keylog it all > they like; by the time they've snarfed a pw, it's no use any > more. (See S/Key for more details.) Please no one time passwords: they are a nightmare to manage Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Most common keystroke loggers?
> I'm looking for input on what you all believe the most common > keystroke loggers are. http://keylogger.org/ claims to be an independent testing site for all keyloggers, but they have all the old versions of the Keylogger. You can use this site as starting point for your search. Visit the home pages of all the keylogger software creators And download the latest versions. > I've been challenged to write an authentication method > (for a web site) that can be secure while using a > compromised system. First off, look at the challenge in this way : 1. what is the website about ? 2. does it really need so much security ? 3. if it does then keep in mind about the Man in the middle attacks 4. when a client is compromised all the Data must be assumed to be stolen. If I were in your place I would design a system where the clients were auth with x.509 certs on the clients ie "client certs" with "user auth" purpose defined in them and store them on something like a hardware token, which required a pin to unlock. and send something signed with a client cert as a part of the login process before any kind of server response is even issued. This way the bar of security is raised a bit further. also I am a very big fan of hardware tokens that generate challenge response from random numbers... But they tend to be quite costly. But worth the cost if your application requires it. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Software Firewalls for Windows
> Hi list, I've been a firm advocate of Sygate Pro for some > time but as Symantec > has bought and canned it I'm wondering what you guys would > recommend as a > replacement. Tiny Firewall 2005 works for both 64 and 32 bit machines And is good - I have been using in since version 2.1.5 And now its 6.5.xx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
> > > Why cant you use google to find out this ? > > The same reason you can't use Google and find your answer fuckbag. Are you n3td3v ? > > > *In the para 4* > > "Protecting whistleblowers is an essential component of an ethical > > and open work environment." > > No mention of an anon email address here. > > > > *In para 6* <- this is the one that you want > > several options for employees to raise concerns, including the > > option of raising a concern anonymously. > > Again, not specifying email. A simple drop box in the lunchroom > facilitates this. "A simple drop box in the lunchroom" will not work when you have a client that is big enough to have branches distributed all over the place. Anon Email is the best solution for this - you don't have to manually Check the boxes in all the locations with the headache of keeping the Contents of the box classified. And if you had read my first email *and* comprehended what I had asked you would have not being writing the mail that I am responding to. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
See below marc email part >> Aditya Deshmukh [EMAIL PROTECTED] wrote: >> >>If you read the last line in para 6 you will find that anon >> mailbox is >> a requirement for SOX compliance. >> >> >And mailbox was ment for email Michael :) >> >> >But I think that "with a post and some concrete" mailbox >> will be Indeed >> be far more secure. > From: Madison, Marc [mailto:[EMAIL PROTECTED] > IANAL, But IMO use an Intranet web page that allows employees > to submit > anonymous html post to the web server via html. Now if your security > policy is pervasive then surely auditing is enabled on all > your systems, > thus removing any anonymity this would have provided. Have you > considered, dare I say, outsourcing? I only say this since > part of the > requirement calls for the company to provide sufficient anonymity to > individuals reporting issues. By the way the SOX whistleblowers > requirements have already been challenged in court so there might be > precedence on what is sufficient. You must be a mind reader - you just read my mind. And google search shows Some email providers giving out this service for about US$ 89.99. Maybe that is the best solution after all... You don't break your security policy and the auditors are also happy. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
> Seeing how my question was ignored. I will tell you the answer. > > There is no requirement in SOX to do this. Why cant you use google to find out this ? --- http://www.nonprofitrisk.org/nwsltr/archive/employprac091005-p.htm *In the para 4* "Protecting whistleblowers is an essential component of an ethical and open work environment." *In para 6* <- this is the one that you want "Provide Employees Multiple Avenues to Report Concerns" While employees will hopefully feel comfortable raising concerns directly with their supervisors, many employees are reluctant to raise concerns with line management for fear of retaliation, especially where their concerns pertain to unethical or illegal conduct by their line managers. Therefore, nonprofits should provide several options for employees to raise concerns, including the option of raising a concern anonymously. --- If you read the last line in para 6 you will find that anon mailbox is a requirement for SOX compliance. And mailbox was ment for email Michael :) But I think that "with a post and some concrete" mailbox will be Indeed be far more secure. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
> I has wondered the meaning of "support_388945a0" too, > but not the meaning of the account, but the meaning of "388945a0". > > As you may know, it can be interpreted as 4 Bytes hexadecimal > number... It's a randomly generated number that generated for this account name Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
> Hello full-disclosurers, > > Does anyone know anything interesting about Support_388945a0 account > which is created by default during Windows XP/2003 installation? > > I have seen MS technet links, maybe someone knows more about? That is a "help and support account" that you should disable. Also set very long random password and forget it. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SOX whistleblowers' clause Compliance
How do I create a totally anon mailbox as required by the sox ? How are you doing this in your site ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Window's O/S
this does not work on win2k sp4 srp5 Not sure if you guys are aware of this issue windows XP...!! create an folder on deskop and name it as "notepad". open internet explorer > go to view > source code > this will open the contents of notepad folder!! Yahoo! Music Unlimited - Access over 1 million songs. Try it free. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Window's O/S
> > > create an folder on deskop and name it as "notepad". > > > open internet explorer > go to view > source code > this > will open the > > > contents of notepad folder!! > > Even better: rename any exe to notepad.exe ;) > > Is this IE being so stupid as to run with a CWD of Desktop > and effectively doing a system("notepad")? > > That'd explain explorer opening up folders called Notepad, > and .exe files being run. Bet it also works on MS Word > documents (without a .doc extension, probably), and any other > magically executable file... > > Certainly cmd.exe as notepad on the desktop suggests the CWD > is your Desktop (so presumably IE's CWD is also Desktop). > > Are there any other external apps IE is stupid enough to run > without a full path prefix? That could be fun too! :-) > Thank god I run firefox ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Return of the Phrack High Council
> I hope the turkey returns... we need more useless local root > exploits... Which can run only when you are root ;) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] SmartCards programming...
Sorry for the top post If you are going to do something like this then RSA cards are the best specially securid It can be implemented almost out of the box and it has great lib support also. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of khaalel Sent: Wednesday, November 23, 2005 2:12 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] SmartCards programming... Hello, I have to achieve a technical project for my french high school... And the subject is about cryptography and smart cards... The goal is to write the programs and all the associated stuff... in order to create a DRM-like system: when an user enter his card, a software check his key (or certificate or...) and if the authentication succeed, the wanted file (document, video, audio...) is open by the software... Yesterday I bought a programmer/writer : the Infinity USB but I wanna know if someone could give me some interresting links about smart card programming (java, basic, .). I already know some things about cryptography but I am a newbie in smart card programming. Wich language I have to learn? Which type of smart cards I have to buy? Which algorithms I can use (DES, RSA, Elliptic Curves, AES...)?? thanks... khaalel Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] another filename bypass vulnerability - from cmd.exe
Was doing some testing [xfocus-AD-051115] Ie Multiple antivirus failed to scan malicous filename bypass vulnerability The system is windows 2000 sp4 srp5 with all other patches upto date. At the command prompt cmd.exe execute the following with the results. I copy and paste from cmd.exe --- E:\TEMP>cd test E:\TEMP\test>copy %windir%\system32\calc.exe 1 file(s) copied. E:\TEMP\test>ren calc.exe calc.exe.zip E:\TEMP\test>dir /b calc.exe.zip E:\TEMP\test>calc.exe.zip E:\TEMP\test> --- This bring up the calc.exe on the screen. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability
> axo> Demonstration here: > axo> Choose a malicious file which would be detected, such as nc.exe, > axo> rename the file as nc??.exe (?? =Hex C0 D7 BA DC) > axo> Because these special names are unable directly to input, so if you > axo> want to run these file, you should use the following way: > axo> Uses the MS-DOS name specification, we can operate file with Open、 > axo> Read、Write、 and duplicate。 > That means that if the user clicks on it using explorer.exe or > iexplorer.exe the file won't be executed because even Microsoft > Windows explorer is unable to parse the file? It will be executed because the if windows is not able to Access the long file name then short file name is used to Access the file in +x or execute mode... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] [FLSA-2005:158801] Updated bzip2 packages fixsecurity issues
> > > Could you please stop mailing your Bug-Fix-Reports aka "Package xyz > > updated" to the Full*-Mailinglist? > > I don't find those mailings objectionable. I think this is an > appropriate forum. These mailings are not objectionable but when they have their own Mail list so why send a copy to full disclosure ? And most of the security conscious admins are already subscribed to the correct lists. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Win XP 64 bit [ was RE: [Full-disclosure] Enough's enough... ]
> Offtopic: Is the 64bit version of Windows XP > worth getting? My gf just bought a new Compaq > with a 64bit Turion in it, and it came with the > regular XP Home. She's debating whether or not > to buy the 64bit version, and I'm of no help > since I don't really use Windows on any of my > machines except for testing stuff. It would be great to have a 64 bit version just for The enhanced internet explorer - if you don't have Mozilla. Also pop from my head stack... Sony rootkit didn't work for 64 bit for some reason So it might be more secure... Before getting it make sure that you find the 64 bit drivers for everything first. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
EMINEM LYRICS [ was RE: [Full-disclosure] FAO Mark Murtagh from Websense]
> EMINEM LYRICS Isn't this a bit over the top ? May I suggest we unsubscribe this guy or atleast put him on the moderated list ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Blocking Skype
> Blocking Skype Using Squid and OpenBSD Hey I cant wait to try out this one - this is really intresting one. Very informative writeup. Thanks rootn0de Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] In Sony's Defense Over Virus Writers
> ideas for other good bug lists besides full disclosure? VulnWatch: vulnerability disclosure list http://www.vulnwatch.org/ This one is good. There is a discuss list also that you might want to subscribe... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] the "Sony/BMG" virus
> If the term "future law suits for copyright infringement" > pops into your head, you wouldn't be alone. Would you give them any real info ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Spamcop automated reporting script...
> > Thanks in advance if you can send in .txt format > > No need - you can download most of it off the Spamcop web site then > write a trivial wrapper. > trivial wrapper! No it is not. There is some java script in that form which is stopping the mail reports from being send out, to the Admins, ISP etc... Just to make sure that you have understood clearly I already have A special mailbox on the mail server that forwards the spam to spamcop As an attachment and spamcop responds with a URL that the user has to click to complete the spam reporting. This clicking process is what I am trying to automate. So may I ask Again does any one have something that does this. I am looking at curl Wget and perl as 3 possible tools that can help me with this. So far Wget has failed with the form submission. If anyone has pointer about curl or wget to fill is submitted form examples That would also be good Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RE: Spamcop automated reporting script...
> Has anyone got a automated spamcop reporting script? > > > Thanks in advance if you can send in .txt format > preferably offlist. I hit the send before I could explain what I wanted to do... I have a spamcop account - and I managed to get the spamcop Url with the reportID to a file using fetchmail + grep Combination. But there is some thing I cannot get working with the Spamcop spam submission form used to complete the spam Reporting. Has anyone made something like this before ? If you can send me that script it would be great.. Anything that works is fine but wget or curl or perl Script would be the best Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Spamcop automated reporting script...
Has anyone got a automated spamcop reporting script? Thanks in advance if you can send in .txt format preferably offlist. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 9, Issue 3
> > > Yes > > Note to list admins -- add filtering rule to reject messages with > > Subject: lines matching "*Digest, Vol*"... > > Nick, hi... why would you want to filter out the digests? will this > eliminate digests from my subscriptioin? He is saying to filter the replies to the digest that have the same name as this one does. And this will not stop digest from your sub. but the replies from users who don't have a clue or wont change the digest subject to something more relevant Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: new IE bug (confirmed on ALL windows)
> something else that's different between your two setups? This I would agree, would you both be helpful to send the .dmp file Or aleast windbg.exe output ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Comparing Algorithms On The List OfHard-to-brut-force?
> views? Only on 2 of them > -- > AES I would put my money on this one because this is a std. does all the encryption very fast and can be extended as per the security requirments: you want more security than 128 bit you can have 192, you want more you can go to virtually any number AES256 is right now the sweet spot and is quite fast as comapred to Triple DES > Triple DES Good algo, but cannot be extended beyond 168 bit and has a lot of subtle pitfalls which the programmer might fall into like selecting ECB or EBC mode. Also is very slow - bad for large amount of data Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] how to describe this tool ?
> I have a perl script I'd like to release(GPL), but I don't really know > how to describe it. Don't do anything - just release the source code and let others decide what it is :) If your audience a bit buiness minded who like good words then it is an auditting tool for sure. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Funny smtp helo in the logs
I have been seeing this in my logs over all the public smtp server, from all over the net. Anyone know what sends these kinds of helo ? *please* when responding to this mail trim out anything below this -- 124 09/10/2005 09:54:35 HELO -1209283632 ---> 250 my.smtp.domain.server 125 09/10/2005 09:55:27 HELO -1209747464 ---> 250 my.smtp.domain.server 126 09/10/2005 09:56:01 HELO -1213477808 ---> 250 my.smtp.domain.server 129 09/10/2005 09:56:47 HELO -120870 ---> 250 my.smtp.domain.server 12A 09/10/2005 09:57:46 HELO -1209957152 ---> 250 my.smtp.domain.server 131 09/10/2005 10:02:36 HELO -1218370912 ---> 250 my.smtp.domain.server 134 09/10/2005 10:04:55 HELO -1217834696 ---> 250 my.smtp.domain.server 135 09/10/2005 10:05:36 HELO -1217676688 ---> 250 my.smtp.domain.server 137 09/10/2005 10:06:23 HELO -1218157032 ---> 250 my.smtp.domain.server 13A 09/10/2005 10:06:57 HELO -1216091056 ---> 250 my.smtp.domain.server 13B 09/10/2005 10:07:35 HELO -1216184136 ---> 250 my.smtp.domain.server 13C 09/10/2005 10:08:13 HELO -1217914984 ---> 250 my.smtp.domain.server 13D 09/10/2005 10:08:40 HELO -1209896648 ---> 250 my.smtp.domain.server 13E 09/10/2005 10:09:43 HELO -1213166296 ---> 250 my.smtp.domain.server 13F 09/10/2005 10:10:35 HELO -1213642136 ---> 250 my.smtp.domain.server 140 09/10/2005 10:11:16 HELO -1209605968 ---> 250 my.smtp.domain.server 006 11/10/2005 08:43:45 HELO -1212929616 ---> 250 my.smtp.domain.server 008 11/10/2005 08:44:26 HELO -1214982448 ---> 250 my.smtp.domain.server 009 11/10/2005 08:46:07 HELO -1215268000 ---> 250 my.smtp.domain.server 00A 11/10/2005 08:47:06 HELO -1214871440 ---> 250 my.smtp.domain.server 00B 11/10/2005 08:49:16 HELO -1215063696 ---> 250 my.smtp.domain.server 00C 11/10/2005 08:50:12 HELO -1215031936 ---> 250 my.smtp.domain.server 00D 11/10/2005 08:50:55 HELO -1213038648 ---> 250 my.smtp.domain.server 010 11/10/2005 08:52:09 HELO -1212896896 ---> 250 my.smtp.domain.server 014 11/10/2005 08:53:48 HELO -1212788072 ---> 250 my.smtp.domain.server 016 11/10/2005 09:00:02 HELO -1213862536 ---> 250 my.smtp.domain.server 017 11/10/2005 09:00:44 HELO -1216032616 ---> 250 my.smtp.domain.server 005 20/10/2005 17:55:02 HELO -1208757800 ---> 250 my.smtp.domain.server 006 20/10/2005 17:55:43 HELO -1208466864 ---> 250 my.smtp.domain.server 009 20/10/2005 17:57:38 HELO -1208425264 ---> 250 my.smtp.domain.server 00A 20/10/2005 17:58:36 HELO -1209153048 ---> 250 my.smtp.domain.server 00B 20/10/2005 17:59:21 HELO -1208221040 ---> 250 my.smtp.domain.server 00C 20/10/2005 18:00:16 HELO -1209204568 ---> 250 my.smtp.domain.server 00F 20/10/2005 18:01:36 HELO -1209432360 ---> 250 my.smtp.domain.server 027 20/10/2005 18:56:40 HELO -1208740112 ---> 250 my.smtp.domain.server 21E 25/10/2005 04:52:01 HELO -1208817024 ---> 250 my.smtp.domain.server 21F 25/10/2005 04:53:06 HELO -1207974056 ---> 250 my.smtp.domain.server 220 25/10/2005 04:55:26 HELO -1208954808 ---> 250 my.smtp.domain.server 221 25/10/2005 04:56:07 HELO -1208091560 ---> 250 my.smtp.domain.server 222 25/10/2005 04:56:46 HELO -1215556832 ---> 250 my.smtp.domain.server 223 25/10/2005 04:57:16 HELO -1208017712 ---> 250 my.smtp.domain.server 224 25/10/2005 04:58:03 HELO -1208351328 ---> 250 my.smtp.domain.server 227 25/10/2005 04:58:58 HELO -1215519416 ---> 250 my.smtp.domain.server 228 25/10/2005 04:59:46 HELO -1208139640 ---> 250 my.smtp.domain.server 229 25/10/2005 05:01:10 HELO -1208158800 ---> 250 my.smtp.domain.server 22A 25/10/2005 05:01:53 HELO -1208056904 ---> 250 my.smtp.domain.server 22C 25/10/2005 05:03:06 HELO -1215816112 ---> 250 my.smtp.domain.server 22D 25/10/2005 05:04:31 HELO -1216238864 ---> 250 my.smtp.domain.server 22E 25/10/2005 05:05:15 HELO -1208157944 ---> 250 my.smtp.domain.server 22F 25/10/2005 05:05:58 HELO -1215473168 ---> 250 my.smtp.domain.server 230 25/10/2005 05:06:56 HELO -1208746080 ---> 250 my.smtp.domain.server 231 25/10/2005 05:08:36 HELO -1209142096 ---> 250 my.smtp.domain.server 232 25/10/2005 05:09:09 HELO -1210509584 ---> 250 my.smtp.domain.server 233 25/10/2005 05:10:34 HELO -1210106016 ---> 250 my.smtp.domain.server 234 25/10/2005 05:12:10 HELO -1210964032 ---> 250 my.smtp.domain.server 235 25/10/2005 05:12:48 HELO -1209218672 ---> 250 my.smtp.domain.server 127 26/10/2005 02:42:59 HELO -1212817800 ---> 250 my.smtp.domain.server 128 26/10/2005 02:43:32 HELO -1212894352 ---> 250 my.smtp.domain.server 129 26/10/2005 02:43:45 HELO -1213176336 ---> 250 my.smtp.domain.server 12C 26/10/2005 02:44:19 HELO -1212856784 ---> 250 my.smtp.domain.server 12D 26/10/2005 02:45:29 HELO -1212385064 ---> 250 my.smtp.domain.server 12E 26/10/2005 02:47:31 HELO -1212692064 ---> 250 my.smtp.domain.server 12F 26/10/2005 02:48:06 HELO -1212321816 ---> 250 my.smtp.domain.serve
RE: [Full-disclosure] Redmond Report: Yahoo for IM
> Doug, > I know you asked for a reply concerning "multi-vendor IM clients", but, I > have to ask "WHAT ABOUT SECURITY"!! Trillian is pretty good > I fight daily with pesky spam, maleware, viruses, and back-doors. Every > computer I clean has some type of IM client or a residual of one including > all the little extra "tool bars" and "weather bugs" and such. They HOG the > enterprise bandwidth with "ads" not to mention the problems of employees > keeping everything business. And now you tell me Windows wants to marry into > IM Is this going to be an "option" or one day a default insatallation? and trillian have no problems with spyware and other advertisement and spams... You can run an internal jabber server and use trilliand to connect to that Server. Takes care of security and employees buiness also. And a bonus its open source > Exactly what is windows plan here?? Am I getting carried away? Will I be > looking for "IM patches" on patch Tuesday Do I have a lot more questions > and concerns?? YES! IM patches + other vluns in .net and yahoo messengers is the main reason that I moved most of my clients to jabber server + trillian 3.1 pro and removed AIM Msn, ICQ and IRC plugins - it works like a charm Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] password vaults-
> Sorry for the very noob question, but I'm having very hard times finding such products. What are you going to use that product for. Give us a idea of the end users and how they are going to use this Your details right now are bit on the less side. For what I make out of your post are your looking for RSA secureID ? It is 2 factor auth and is pretty well supported on windows envs.. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Interesting idea for a covert channel or I justdidn't research enough?
> > I myself use this method to open up the SSH port for a particular IP > address. When you try to open a particular URL on my website, > you get a 404 > because that document doesn't exist. The webserver logs this. > A script in > the background sees in the log that this happened, and opens > up port 22 to > the IP address which requested the non-existant URL. Aren't these all different versions of portknocking ? All of them work untill someone outside can figure out the pattern of events - at most I would call this security by obscurity - Trivial to detect but good enough for some low security requirements ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Careless LEO Forensics and Suicides
> As for people committing suicide, I believe those who did commit suicide > actually were in possession with intent. If not why commit suicide. I > would have fought tooth and nail. I hate to say this but with these kinds of cases where the media crucify the accused even before they are convicted. The media will put anything as *alleged* that will increase their revenues. And mostly the accused cannot hire *good* defense which causes them to loose. And then it becomes a very uphill battle indeed. Look at it this way, if you get convicted of such a crime and get off in the reinvestigation of the case You are already dead - people will shun you, you will not be able to get a job anywhere and most likely you are going to be suspended from you work Position, just because of the accusation In most cases like these the accusation does more damage than anything. How are you going to fight this tooth and nail if you don't have any money and no future source of getting it ? I rest my case here... Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Cyrilic
> I have one user who keeps getting cyrilic spam, but I cant find a rule > anywhere. > Is anyone else getting this kind of spam?? Welcome to the club of cyrilic spam recipects, we have many existing members The rule that you want to create is this If the message body or header contains "Windows-1251" Then * it * == delete it or file it or blacklist it whatever - But doing this will cause all the mails from russia to be **'ed and you have good people like 3APA3A who will also be blocke that are on this list. Maybe you need to create a white list before the black list and keep checking the spam folder logs every now and then. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] http://molecularmultimedia.com/ an exploitdistribution point (update2)
> FYI, > > I've had the site www.ok-ok.biz disabled by the ISP, at least > it will deny the > perps the ability to find out who has been compromised. The > molecularmultimedia > site is obvioulsy just a front, will see what can be done about this. The site was found after 2 different attempts here are more details http://newvisioncc.org/photo/myphoto.jpg which is http://traff.root-soft.com"; width="0" height="0"> end myphoto.jpg And http://traff.root-soft.com is self.location.href='http://molecularmultimedia.com' -end index.html And molecularmultimedia.com is the front end to something more sinister Also visiting molecularmultimedia.com with mozilla with the latest version of mozilla With all the patches still caued the trojan to be executed - I found this from the Norton antivir logs > It's amazing looking at the page source, there are at least 4 > different exploits > (I'm still analysing this) encoded into the javascript > components of the page. And they are pretty good also - new 0day for mozilla also 1.7.12! Will let you all know if I find anything!... smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Bypassing Personal Firewall, is it that* hard?
> say... a backdoor want to communicate to its server... It can do > is, use a trusted internal application to do the job. Suppose; it > creates a batch file run the batch file (evil.bat) & executes this > command this has been going on for years - there are some trojans that create An invisible browser window at the screen center to comm with the Server. This is the reason most firewalls like show you a popup saying the [app-name] trying to connect to [server-name] at [port-number] Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] (no subject)
Recently 2 days ago I saw this in a compromised system. Both this file and cpshost.dll were deleted from C:\InetPub\scripts This file was recovered but I was unable to recover cpshost.dll Anyone know what is this ? <% Response.Buffer = TRUE %> Version=1.5 <% PathToPA = "http://"; + Request.ServerVariables("SERVER_NAME") + "/scripts/cpshost.dll" PostingURL = PathToPA + "?PUBLISH" TargetURL = "http://"; + Request.ServerVariables("SERVER_NAME") %> [{8B14B770-748C-11D0-A309-00C04FD7CFC5}] PostingURL="<%= PostingURL %>" TargetURL="<%= TargetURL %>" ComponentInstall="yes" Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
> Not if the U.S security services decide to have a "war on > cyber terror sites". > > > On 9/27/05, str0ke <[EMAIL PROTECTED]> wrote: > > KF is right on the dot. There will always be a defacement site. > > Where is this going ? By your (netdev's) logic: we should shut down all the defacement sites because they promote cracking. Is this not the same as Saying : shut down the newspapers because the newpapers ( or any mass media ) promote terrorism, because they solict newitems. Look at what we will have without free media - something like the great (fire) wall of C* ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
> SUICIDE bombers...typically DEAD. Tough to solicit videos from > them, and rather pointless to keep a top ten list as > they...well...can't exactly do it again. Now the real entertainment begins Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] SA Security Bulletin: Unique attack vectoruncovered during packet analysis
> -Original Message- > From: [EMAIL PROTECTED] Maybe you should send this to [EMAIL PROTECTED] More info at https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Many of the people at this list are subscribed over at funsec... smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] PGPNet Upgrade path ?
[EMAIL PROTECTED] Wrote : > IPSEC has nothing to do with PGP. Also there is really no such thing > as a PGP key. PGP uses what ever key scheme you ask it to use. IPSEC > is the same way. Both use keys, but are not themselves key standards. > > OpenVPN similarly can use what ever key scheme you wish. Since it is > based on the OpenSSL crupto libs it is very flexible that way. For > simple setups you can use pre-shared keys. For more complex setups > you can use public/private key pairs of any type that OpenSSL > understands. This is the main problem - how do I get PGP key server keys in a format Openssl understand ? And I have implemented CA and ipsec vpn using freeSWAN.org + x.509 patch it works pretty nicely, but here in this case the public/private KEYs are in a different format... > IMHO, if OpenVPN does not do what you want then you misunderstand the > problem. The problem is very clear : how do I tranlate PGP keys to a format X.509 / openssl can understand ? I havent a solution to this one yet. [EMAIL PROTECTED] Wrote : > >I know for ipsec VPNs I could use the winxp's builtin > >But that would require moving all the PGP keys to > >X.509 certs. > > Yes, absolutely. For OpenVPN you need to use X509 certs, you > will have to rework your whole PKI. However: I have already used openvpn and (free|open|whatever)swan, have created openssl CA with batch files that run both on windows and linux/freebsd/solaris at other sites All these programs are great in own right but I cannot connect the Dots. > > So if you consider dropping PGP all together, have a look at OpenVPN. This is the last option. If nothing is found then it is going to be openvpn But meanwhile I need a VPN that uses PGP keys for auth that are stored in PGP Key Server, does not matter If it free or paid but if anyone know that There is such a program please let me know Thank you in advance for the time taken to dig out the answers :) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] PGPNet Upgrade path ?
> > What alternatives are there to pgpnet ? > > Have a look at OpenVPN. Thanks Martijn, but isn`t that a SSL vpn ? And from what I have read about PGPnet I need a IPSEC VPN that uses PGP keys to do the auth. I know for ipsec VPNs I could use the winxp's builtin But that would require moving all the PGP keys to X.509 certs. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PGPNet Upgrade path ?
I have a client who was using pgp corporate desktop on win2k for VPN, security and email encryption. ( it has a built in disk encryption, firewall, email encryption and vpn with very good key management ) security was something that happened almost automatically. Now they are planning to move to winxp. Pgpnet does not work on winxp. The latest version pgp desktop does not have pgpnet. They also have LDAP server setup to serve key automatically and the pgp client downloads the keys automatically from the server. What alternatives are there to pgpnet ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Full-Disclosure Digest, Vol 7, Issue 25
> > (on system you want to copy) > > dd if=/dev/hda | nc otherhost 5000 > > If you are running bash, then you do not even need netcat: > > dd if=/dev/hda > /dev/tcp/otherhost/5000 This is interesting. Which version of bash are you using ? I havent found it in my man page! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Full-Disclosure Digest, Vol 7, Issue 25
> > (on system you want to copy) > > dd if=/dev/hda | nc otherhost 5000 > > > > (on your lappy or whatever) > > nc -l -p 5000 | dd of=./blah > > That's a cool way to do it! We always use ssh pipes but the crypto > overhead is sometimes unnecessarily slow. A great piece of *nixfoo. > I have been using cryptcat always works without slowing down anything Try that sometime... Its pretty good. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Automated mass abuse of form mailers
> > Another address they use is [EMAIL PROTECTED] > > (noticed aol abuse about this, but I guess that's /dev/null) > > I'm going to start putting both those addresses into all > the unsubscribe > links I get in all my spam... >:-> > This might be someones' 0wned email address. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Off topic.
> > Hey, > Anyone ever notice Windows Media Player trying to connect to > the Department > of Homeland Security? See the attachment I captured. Yes and it is not only the wmplayer.exe there is another Setup_wm.exe also trying to connect after some time. Since you have sygate just block them off ... Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] multilinks.com security contact ?
One of domains is getting a *very* high number of 419 spams from an address delegated to multilinks.com. Where do I send the spam reports ? I have already send everything to spamcop.net but that has not stopped anything yet Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Multiple PBX Systems Vulnerable to BBQ Overflows
Please keep this off list - no place for politics over here Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] router naming
> Is there a best practice for assign a router name ? > e.g.: router type + city + room.id and > so on > Wich method is usually used to assign a router name ? Think of social engg. Put in some name that would not thing that is not so simple to guess because if someone manages to figure out how they are assigned then it might be "game over" from the start But a properly secured router would not make a huge difference Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] RE: Example firewall script (iptables)
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Bernardo Martín > Sent: Tuesday, August 30, 2005 1:11 PM > To: Full Disclosure > Subject: RE: [Full-disclosure] RE: Example firewall script (iptables) > > In my first email i requested about bad example firewall > script, in later > mail i said that this script was to learn more so the scene > isn't important > because i'm loking for bad script in any scene If you are going to learn go to the Linux documentation project Website. There is a how-to Linux-firewalls that is a pretty good document Also there are some other documents breaking out of firewall Read those also and you should have enough basics about firewall Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] talk.google.com
> Personally, I'm very afraid of the power that Google is gaining . I > mean, most searches are done through google, so they know what you're > interested in, then a lot of peoples email's going through them, with > gmail, now italk . next is world domination? Why do you have to use gmail when it is very easy to setup a mail server On your own personal computer and also setup a jabber server if required Its your choice what you want to use Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] anybody remember the name of this tool
> > I forget the name of a tool that can be used to intercept TCP > packet and allow you to modify the packet before it was > sent out. Netcat ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Is this a phishing attempt?
> has anyone else received this? Everyone gets them by dozens > Subject: [SPAM] - TREAT AS URGENT - Bayesian Filter detected spam Maybe you should look at the subject once again :) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] beginning to count the time
> root:OM0PNa4I9RlNk:0:3:gecos:/home/root:/sbin/sh If you have this level of access why don't you just change The password ? To obtain this password if it was easy one it should take 2 days at the most or you will be looking for a 2 month hammering on the password without knowing for sure that it might be recovered begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!E[EMAIL PROTECTED]@LJADB&]PT!"1 "`3%6,%0$'0`0E5&Y:FXX6$*# M0@/*&(,-XP$`@ $`,# P+H$L861I='EA+F1E 8)*P8!! &" M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U M;'1I;F<@*%!T>[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E@<1L38\V2,4'RY/#D"F M=[LL&I/_U<*Y5.W1HQ,NF[_P,WKP9^4)ULHVA0G MY'RF7 !B>=^Y&'04GD5758IR4!7!$>QG/[K^TUD#M$LX[.')=/G%M\HI9F/8W$1@@"8705.0Y[^^S=?SR'UER+I9M&9IO:IYQ/+=6,?UAH(X866$] M< MY>-".0]ZIT[M0(C1`J^("D_$ZC&0`` ` end Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Zotob Worm Remover
> I myself have an agent with a few basic O/S rules like : > > - No application may write other applications memory space > - No application may inject code into other programs > (dll hooks and such) > - No application may access system functions from code > executing in data or stack space > - No application may capture keystrokes > > This does quite abit to protect my laptop from unknown > attacks What agent is this ? I would like to try this out on my vmware Can you please tell me more about this ? This would be good ... Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] An old/new security list
> thinking security-minded people always backed up their hdds daily :D Backups are for hobos - we prefer rsync over ssh :) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] windows netstat
netstat gives me the following results inetinfo.exe LISTENING on port 80 if I am not mistaken this is the internet father process present in all the windows systems Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] [Fwd: Re: Global CompuSearch]
Paul Schmehl wrote: >> Is there a compelling reason for posting this pissing contest to the list? >Yes, there is, Paul. But you weren't paying attention, as usual. I have created a mailing list to discuss this case of injustice List address [EMAIL PROTECTED] or [EMAIL PROTECTED] Subscribe address [EMAIL PROTECTED] or [EMAIL PROTECTED] And the all important unsubscribe address [EMAIL PROTECTED] or [EMAIL PROTECTED] List rules - to post you have to subscribe And all post to be in plain text. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] svchost.exe try to send http outside
> Very hard to say without having a sample or knowing what service your server > performs. svchost.exe is a valid Windows process and also commonly used > by/with many many malware. Care to send a sample ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions
> > Very good points, but can you think of another worm that > downloaded XXX > > spyware/adware ? > > I can't give you a specific name -- when I first saw it it didn't > strike me as any more significant than the warez and porn FTP servers > I'd seen years earlier, so didn't make specific note of it -- but there > have been many. We see new bots every day (many dozen a week) that are > issued orders on joining the C&C network to install all manner of > adware, spyware, click-for-dosh agents and so on. Among those there > will be many things dealing in "XXX" content but often analysis doesn't > even go so far as checking that the target URL is still reachable... >From : http://netrn.net/spywareblog/archives/2005/01/03/more-on-adware-installed-th ough-windows-media-files/ I installed the same WMA file on an old Win ME box with no protection except AVG free and the free version of Zone Alarm. I ended up with 11 desktop shortcuts for everything from "Get This Weeks Deals from Dell" to "Get Sex Toys Direct", "Hot Facial xxx Shots", and so on. From: http://forums.spywareinfo.com/lofiversion/index.php/t30275.html she said, "It may be associated with an unwanted autostarting Internet Explorer trying to install a Hot-SeXXX toolbar." Adaware has a list of spyware which shows a lot of them display XXX popups - maybe some them just started showing something what you wanted in your senario If you want any specific names I would dig further - just mail me off list Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions
> > Morning Wood wrote: > >> Does it install child pornographic malware > > wtf would you ask that anyway? > > Because people are being prosecuted for possession of child pornography > based on what is found on their hard drives and in their IE history, and > most of these people are being convicted despite the fact that their > computers are infected with porn-related spyware and adware. > In nearly every case law enforcement fails to even check for these infections. suppose we have VNC installed and that is used to take control of the computer and the actions show up as done by the user - would it not be caught by law enforcement ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] IMAP scans? Something going on I shouldknowabout?
> On 8/14/05, Aditya Deshmukh > <[EMAIL PROTECTED]> wrote: > > I would like to know is there some imap exploit floating about ? > > Even if there was, who would still be using unencrypted protocols ? I thing there would be plenty of legacy systems out there which would do that. And not everyone uses encryption - see how many people on full disclosure sign their mail using either pgp or x.509 ? And this group is supposed to the elite hackers when it comes to encryption tech begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!EI>'? M-BY+>[EMAIL PROTECTED]&]PT!"1 "`3%6,%0$'0`0_;\XP!FL!D>N M#715":"0K $`@ $`,# P+H$L861I='EA+F1E 8)*P8!! &" M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U M;'1I;F<@*%!T>[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!EMCK(\PHTA/8,TLAWMJ3US=;UB&]$/Y'QB)[D[ MP]Y88W([EMAIL PROTECTED];^/D\F7BQ9MB)T=EO%JC5BBU0&B^B>-OBAPTKG=>H1 N0H: M4'[EMAIL PROTECTED]"RT/"FU1K]//34`B8:(?G-AC77F&N>S3R5%#E$G_O^DU!R M>:KO20W*D%0-O:)PT(59-.P\:5LR2I/K.>7VN?,:[EMAIL PROTECTED]'8WM5#C MEGN^F)G*6WU$E2YP'&,7<]UMJOC[O G.)L22RFJ2P[Q-(&?S4F;O)'^.0Y3= 65GKVL>*?((=,J>^J9 ^J7P`` ` end Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] IMAP scans? Something going on I should knowabout?
My personal logs for imap scan for last 3 days - 11/08/2005 10:47:29 IMAP: (Accept) Receiving from 218.47.179.77 11/08/2005 10:48:00 IMAP: (Accept) Receiving from 218.47.179.77 12/08/2005 10:31:06 IMAP: (Accept) Receiving from 220.224.38.222 12/08/2005 14:00:34 IMAP: (Accept) Receiving from 61.155.62.178 12/08/2005 14:00:35 IMAP: (Accept) Receiving from 61.155.62.178 12/08/2005 14:08:57 IMAP: (Accept) Receiving from 61.155.62.178 12/08/2005 14:08:58 IMAP: (Accept) Receiving from 61.155.62.178 12/08/2005 19:11:59 IMAP: (Accept) Receiving from 220.224.1.25 13/08/2005 07:17:36 IMAP: (Accept) Receiving from 220.224.3.145 13/08/2005 12:09:46 IMAP: (Accept) Receiving from 220.224.48.17 13/08/2005 13:37:34 IMAP: (Accept) Receiving from 61.155.62.178 13/08/2005 13:37:36 IMAP: (Accept) Receiving from 61.155.62.178 13/08/2005 13:49:08 IMAP: (Accept) Receiving from 220.224.0.106 13/08/2005 17:03:32 IMAP: (Accept) Receiving from 220.224.0.214 13/08/2005 17:03:35 IMAP: (Accept) Receiving from 220.224.0.214 13/08/2005 18:44:57 IMAP: (Accept) Receiving from 220.224.36.248 13/08/2005 18:45:00 IMAP: (Accept) Receiving from 220.224.36.248 13/08/2005 22:23:22 IMAP: (Accept) Receiving from 220.224.21.178 13/08/2005 22:53:11 IMAP: (Accept) Receiving from 220.224.0.173 13/08/2005 22:53:14 IMAP: (Accept) Receiving from 220.224.0.173 14/08/2005 01:38:45 IMAP: (Accept) Receiving from 220.224.17.140 14/08/2005 01:38:47 IMAP: (Accept) Receiving from 220.224.17.140 14/08/2005 11:39:52 IMAP: (Accept) Receiving from 61.155.62.178 14/08/2005 11:39:53 IMAP: (Accept) Receiving from 61.155.62.178 14/08/2005 11:45:31 IMAP: (Accept) Receiving from 58.1.64.17 14/08/2005 11:45:33 IMAP: (Accept) Receiving from 58.1.64.17 14/08/2005 13:07:19 IMAP: (Accept) Receiving from 220.224.2.50 14/08/2005 13:07:29 IMAP: (Accept) Receiving from 220.224.2.50 14/08/2005 15:08:35 IMAP: (Accept) Receiving from 220.224.41.75 14/08/2005 16:40:42 IMAP: (Accept) Receiving from 220.175.143.169 14/08/2005 16:40:44 IMAP: (Accept) Receiving from 220.175.143.169 14/08/2005 16:42:02 IMAP: (Accept) Receiving from 220.224.11.220 14/08/2005 16:42:10 IMAP: (Accept) Receiving from 220.224.11.220 14/08/2005 17:19:17 IMAP: (Accept) Receiving from 220.224.42.213 14/08/2005 21:58:15 IMAP: (Accept) Receiving from 219.65.238.37 14/08/2005 21:58:18 IMAP: (Accept) Receiving from 219.65.238.37 > Anything going on out there that I've missed? Thanks! I would like to know is there some imap exploit floating about ? I am trying to get a packet dump I will post as soon as I get one. I have set the next alert to be logged with the packet dump Can anyone else also get a packet dump for correlation ? - Aditya begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!E[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E`!"=$H[2A0Q)M<\Z";%=W@&ZDXS9ZQV^E*I29>UC=^LAGB-#T^!M)[EMAIL PROTECTED] M_ETK#*X>*=CKW8[*%1"#A+AHAC/K&:7N:W3H`4/<4G#EJ_9$PFZP$]BYUZD5 M][_2#1<:X<(JTF8&>@.NHFK M/\J=P/97#W3,: ;3:4S1-7Q&MZWLBZPGK_LKKXH"[EMAIL PROTECTED]@)^J$;[EMAIL PROTECTED];X'1 6K_'%L!V.http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Antivirus
> stopped opening any attachments they get that they don't know who they are > form and so on. As we all know the end user is the z factor in the whole > situation of choosing a good security product. Norton is pretty good enough but I have installed clamav on winxp machines It has a outlook plugin that keeps the malware Both of them working together is pretty good begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!EI&>[EMAIL PROTECTED]&]PT!"1 "`3%6,%0$'0`0)[2-,QL]D$2B MH:MOUG3"[P$`@ $`,# P+H$L861I='EA+F1E 8)*P8!! &" M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U M;'1I;F<@*%!T>[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!EHN*$;N0],[EMAIL PROTECTED]>6LR M^X68\8UB+/SX!'ZOH!,@/PF'TS >(.A!3R^7\H 2).>$#>%X*&5,4!,%0W"D M!R['Z'_61Q-FV:K_VJ1T>AG[/26ZYR_9=J*(\7C8T):I08*3L.;4CT.QPG_^ MT,L)--1+C6@'$1?R;+.4;5'68:[EMAIL PROTECTED];+OI'Z*.#72PA;=LN18/-\2%*+_3H0+ 6(8M6-ZO+?A]$1C@&S2O9>0`` ` end Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Help put a stop to incompetent computer forensics- Who the hell cares?
> whitehat* shite ..., so please be so kind as to have a cup of shut the > fuck up. I second it please discuss this offlist and don't put me or the list on CC begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!EQ:C++Y9& 3 M_KE5ZS([EMAIL PROTECTED]&]PT!"1 "`3%6,%0$'0`0ACVHYM=.MT"D MZM^!FA$!;0$`@ $`,# P+H$L861I='EA+F1E 8)*P8!! &" M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U M;'1I;F<@*%!T>[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!EZJ+/@(SUSDQCRE.;HC;"/EOW>O(D] [3-/?8.J$;/IQ M#SS]$JU7EWYS79ST(>http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] The best 0-day exploit source
> > [EMAIL PROTECTED]:~$ > > who runs the site? > > I want access > > You need to hack into it, obviously. Wont have to hack just type your password and you are inside - now was that difficult... ? begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!E[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E&O;IQ MV>[EMAIL PROTECTED]:7L;.N07P\Q"X_>J?7A^SP0\+,[EMAIL PROTECTED] M5;GCW#)]B#2T129U'^^D(^^"@:_:<"FJC&[EMAIL PROTECTED] E%[J[HOA7D7#".L411 MF86P7X]P5WK&7)('V:^C:(V>)#%X0*S MKFP!A)\>[EMAIL PROTECTED]>7_HGP!NWU=/!NR(`JJ_6%D'"WCP7[.#9-X* M^;,K9M%9FO/ZMAUI%? 8:_ +S8DCV-3E'IQ&N=Y0UFS/*A<--15X+"GA*FH? 6&,HW%M5T_-)H6J6+[K5.Z `` ` end Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Insecure http pages referencing httpsform-actions.
> Today I realized that many "secured" web sites reference their secure > login page from an insecure page. Now a days most of the secure WebPages have both the forms and the login Page ref'ed See hotmail & yahoo and for insecure pages that you described man in The middle attacks are always possible begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!EL8N('B5ND:A [EMAIL PROTECTED]:T*0$`@ $`,# P+H$L861I='EA+F1E 8)*P8!! &" M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U M;'1I;F<@*%!T>[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!ELB+HJ?P!)?-V:*/I>]:;YS M::]#H/&O^&,O8GSE837IZ?0(^?&:2IO"X-0:5&._,W!U2WK YJ]-2Q7'#5E( MD8(A_\%Y[ [,[XS?B-TN7=KIWB,UK[<0J `` ` end Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Plaxo?
> Aditya Deshmukh wrote: > > > I need some advice about allowing plaxo running on my > internal network. > > > > Shoud I allow it or ban it ? > > Default deny. Yes that's my kind of thinking! > > If you need to ask, there is clearly _no_ need to ask... > > And a hint to clueful thinking about all such services -- how can you > (or your users) assure the confidentiality of your/their > address books > if they are being stored and managed offsite? > > That is not to say that such is not possible -- depending on the > standards you wish or need to maintain -- but do any of these quasi- > anonymous web-based address book managers even start to take > the kinds > of steps necessary to assure you to the level you require? And, how > can you be sure that they actually do meet those requirements? Is > their "terms of service" document really a sufficient basis > on which to > form such a relationship? > Certainly not! Why should I trust anyone with my users email address books ? And I would have to deal with the extra spam that will be generated The only reason I even cared to ask was a part of my user population Had been pestering me for this but and no one has install privs on their machine... So before I ban it completely I wanted second opnions - Thanks for clearing it up in 2 words begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!E[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E8><+!F?Y(Y[?%K(]M>[EMAIL PROTECTED]"[JC5(WE/<\;L)*EA%E/\+^P3ZB/-- <& MI:=9I,YZ#"5_(@_/#))FLF(*594/,R 36RFX=*]IIC_BT\FE?+O%_DD1.3!? M]QMH/;-7)=;+N&$VZC&T6UIU^5.WB[^D1A$+XR<[EMAIL PROTECTED]'CV2S]5^%& MN_N$5.(AP7C2"S5&X(DEK-^0*)5Y38]+OF6?GFG'QI3%MAEX%\M]1IFL(+B" [EMAIL PROTECTED])ENX!QJT4+8-MK$%T<%>,[O#N!QO9OT<;<+\F2_; 64*&'6T^L[&6*NBU/@[EMAIL PROTECTED] ` end ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Plaxo?
I need some advice about allowing plaxo running on my internal network. Shoud I allow it or ban it ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] What is this
> http://www.pokersverige.se/IMAGE0004.php .exe file of some kind using only the headers will have to download it and test in some vmware machine to debug it - anyone volunteer for that task ? begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!E[EMAIL PROTECTED]&]PT!"1 "`3%6,%0$'0`0"[EMAIL PROTECTED]>I MIR2XE:?\7P$`@ $`,# P+H$L861I='EA+F1E 8)*P8!! &" M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U M;'1I;F<@*%!T>[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E$@;T70NAD;0[_6 MHN85I2YI*[BOQ#JB8RT4HE,3\!Z)3*3^3J5K8/[DKZ>G\1!=\U6T+46M>Y8> AU\]"Y]DVY\R3C 6=',D=,]TETU3`0http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:Re:[Full-dicklosure] Weird URL
> No that wouldn't happen. You'd need to spell it correctly. ;-} And this has been used by some malious site some time in the recent past Something along the lines of [somedomain].com.net and when .com went offline Everyone was directed to .com.net and got infected with spyware so it better to turn off this smart redirection begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!E[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E%0E)D#9$ AKQY-)!=C! M,OJSQ:>^"J6*O!8*H!I:4!:%<^$_/+Q5D:[\Z$"-4_+:M.P\:D96'>H3!M4J MS:Z?^L%^J6.+/BUH]J'I`+ [EMAIL PROTECTED];3Z-\=I\#M$#O<0]/\YUJ-.%:6GY 6^A[ M&&D%LMZ]*)@M^NL3;.A_26J(SL7G,.[8ZHSECKG%L2ZCNS>6,H^ZI+%\&42* 62-7]L-&)(+I*$VGAOhttp://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] perfect security architecture (network)
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of C0BR4 > Sent: Monday, August 08, 2005 11:05 AM > To: [EMAIL PROTECTED] > Subject: [Full-disclosure] perfect security architecture (network) > How should we deal with these attacks? People talk about > Firewall, IDS/IPS etc.. > > What's best? You can have all - specially security in layers is the best And it is best that you use all Have a restrictive firewall at the perimeter Separate the web exposed servers and applications in DMZ Anti-virus is mostly reactive use that but don't *rely* on it > > If asked to give a perfect security architecture (network) what would > you suggest? Given > a Firewall, Router, IDS, IPS and Anti-virus . Firewall - openbsd with pf or Selinux with ipchains / iptables - ( don't know the exact name ) but I am using pf Router - if you are running a low throughput net you can use Another Linux / bsd box to do this stuff also IDS - snort with proper configuration and fine-tuning - this takes Some time but once done this is rock solid IPS - same as above - snort Antivirus- Clamav Snort and Clamav also run on windows if you are not running UNIX and there are manuals about this on the net What system are you trying to design ? begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$' M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL PROTECTED]&]PT!`00%`#!B,0LP M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@ M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E,1\P'08# M500#$Q94:&%W=&[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO<-`0D!%BQA M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DNW$3 M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@'?3-Q4J_GR0P_=0B-%7T%] M/_*118FW>[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U" M0.[%) ]V#K2#6AY.E&P[2_W9XX=QE<<@]*K%%\;R6?<"W&ZX2A]ZU%K",% MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)%PTY-C Q M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,& M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C [EMAIL PROTECTED] M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N M(%-EE'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP, MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \& M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<[EMAIL PROTECTED]:E9V(J MI/!-$6#0;[EMAIL PROTECTED]&&L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2 M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O>0ZF# M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT[EMAIL PROTECTED]'1D+C$L,"H& M`U4$`Q,C5&AA=W1E(%!E_0( "9->GIKN?9='%*E2% [EMAIL PROTECTED]>VT3QA!$ >9!ER8+?[`@,!``&[EMAIL PROTECTED]@[EMAIL PROTECTED]'_! @[EMAIL PROTECTED] M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED] TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO M5&AA=W1E4&5R,!PQ&C [EMAIL PROTECTED] ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J& M2(;W#0$!!04``X&!`$B,T5"[EMAIL PROTECTED] VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E M(%!E[.\I+0$`@ $`,# P+H$L861I='EA+F1E 8)*P8!! &" M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U M;'1I;F<@*%!T>[EMAIL PROTECTED]'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E4I17>."PQ^TU334KUA:(S$<0X"NF"931VVS^G. [EMAIL PROTECTED]&6DA% 9F+(Z6_66D9UD,-_C,^WS8 MUPQ"O?;O0^(T[*>1^##YO":)1RX@, V X2P0/'/3'QZ3E0C\-A(#W*E5)M%V MY+A#$%+4G1KB,='ZP%@/++6(]T9:4I,2LX9S/'[EMAIL PROTECTED]<]HXN;SA,L128N M=X]]NG-^=37\O\7<"DS8+T'O<[EMAIL PROTECTED];\/+W-Z^UNJ=#.G,P9=4JYG+,HYL 6N]J+IX^P"_KX*8'%R<_'; `` ` end Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Recall: Arcor Customer P/W SAP App
Title: Recall: Arcor Customer P/W SAP App Once an arrow is fired it cannot be called back just like a words that come out of the mouth cannot be called back - Some wise man Sorry chap but not everyone uses exchange out there from where you can recall this email but you did manage to recall the email from exchange users Stephen McColl would like to recall the message, "Arcor Customer P/W SAP App". ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
The only most secure protection is a one time password with a challenge / response scheme. Most of the banks in europe already do this. They give out a calculator like device to the customers and when u want to login you are presented with a challenge that you punch into you device which spits a response that you enter that into the form Costly for the bank but very effective security for the customer and bank in terms of gain in security and decrease in losses due to fraud - Aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
> > proximity of mouse cursor on every mouse click? It's not that > > resource consuming, and easy to arrange. > > You'd need to squeeze in some OCR code as well, or figure it out > manually (or maybe use the same techniques as for getting around > "captchas"). Another simple method capture the screen shot and send the picture along the keylog I think you would get a lot of commercial keyloggers that already have this capability and use the screen dumps for offline analysis This sure gets around most of the obstacles. -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Cisco CCO hacked
> > i am sure cisco would love to sue someone over this. Or maybe just maybe someone would want to do that to cisco ! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Hosting Provider Refuses to Share Server Logs -How to Proceed?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of GeeEm > Sent: Tuesday, August 02, 2005 5:53 PM > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] Hosting Provider Refuses to Share > Server Logs -How to Proceed? > This is certainly a sticky situation, if this turn of events were not covered in AUP then simply take your website hosting business to someone else and in the meanwhile ask a lawyer to take a look into this matter if they continue to stone wall you for the logs and other information. After all you should have access to information on the basis of which you were presumed guilty. At a minimum you should demand refund of all your web hosting fees if it worth it. But if it is not worth it simply move your business somewhere else. But first do a google search on your website to make sure that you are not listed in any of the globla blacklists of any phishing sites - if you are then get in contact with the listing site owners and explain the sitation in detail to them. Just make sure that the next hoster has everthing spelled out in the AUP and make sure that you have access to the log files whatever the case spelled out clearly in AUP. Also spell out everthing clearly about security - Aditya Deshmukh, Chief Security Officer , Enterprise Security Solutions. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Some VNC doubts : access server behind TCP/IPproxy or gateways
> > VNC does support 'reverse shells'. Look in the manual for your > particular version. Yes I am looking and testing this out > You would need to open one or more ports on your company's > firewall, but > that isn't too big a problem, is it? Just tunnel it over something > reasonably safe, and tell the helpdesk not to use > 'priviliged' machines > for incoming calls... The holes are not in the company's firewalls but in the firewalls of the Road warriors' computers mainly winxp sp2, firewall enabled so that nothing Outside can connect to that machine and I would rather keep it that way! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Some VNC doubts : access server behind TCP/IP proxy or gateways
Hi List, I have a very peculiar problem about accessing VNC server behind gateways and proxy server... Here is the background info... I have a client who has pretty big vnc installation base mostly windows but Linux and Solaris also includes. Most of the Road Warriors have windows with vnc and ssh installed on them ( mostly winxp sp2 ) VNC is used to remote admin or support for some of the road warriors. But most of the times when the VNC server is behind a gateway like this it wont connect. [ Internet ] -- [ Gateway ] --- [ Lan ] The work about is to use the UltraVNC relay service, but if you don't have any control over the gateway this becomes impossible to operate. And I hate to open ports in the firewalls of the road warriors' computers. Is there a way something like reverse shell that allows someone to connect to a VNC server, behind gateway and through firewalls without opening any holes in it or a tcp/ip proxy that is proxy that does not allow connections from the internet ? Basically, The user initiates the connection and the helpdesk can use the same socket to the laptop for connection over VNC ( vnc encryption and compression have already been taken care of, and only one socket is needed for all this- for a firewall I would require only one hole ) Any help would be appreciated - aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] alert: the 111111 bug
> > I noticed one of my customers using the "special" date of 11/11/11 in > their database. These sort of shortcuts are frequently taken by the programmers or the DB admins after the whole system has been setup :) > For this customer 11/11/11 in the date field means, don't process > this record, which will obviously cause problems with legitimate > transactions on that date. This becomes a part of the site's folklore that every new admin/programmer has to learn to prevent [EMAIL PROTECTED] Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FW: [Vtun-Users] The unprecedented lawsuit against GNU is occurred in Korea.
This just came in from korea from one my other lists that I am subscribed to. Anyone have contacts in korea or with the .co to take care of this one ? begin 666 ATT00455.eml M1G)O;3H@(K39M-DB(#QG87!E,D!H86YM86EL+FYE=#X-"E-E;F1E2!N;[EMAIL PROTECTED]('9I'0O:'1M;"!-24U%('!A2!W:&EC:"!N86UE(&ES#0I( M;E -"F%T(%-O=71H($MO<[EMAIL PROTECTED]:&4@2!)('-E;F0@ M=&AI2!%;&EM;[EMAIL PROTECTED](&]L9"!C M;VUP86YY(&%N9"!A;B!)4U @:[EMAIL PROTECTED]"[EMAIL PROTECTED]&AI;[EMAIL PROTECTED]&AI6]U(&MN;W75P($AA M;B!B>2!M:6YE&EM#0I+ M2(N("AH='1P.B\O=G1U;BYI;F9O*0T*#0I)('1H:6YK(")% M5%5.(B!C86XG="!B92!T:&[EMAIL PROTECTED])U"[EMAIL PROTECTED]@04133" K(#1-($%$4TP@ M*R S32!!1%-,([EMAIL PROTECTED]@2X-"@[EMAIL PROTECTED];6YE=" [EMAIL PROTECTED](&]F($MO2!T;R!D979E;&]P M(&UO8FEL92!P2!F86UI;'[EMAIL PROTECTED] M($AN4"X-"D)U="[EMAIL PROTECTED]"!A;GET:&EN9R!O=&AE6]U(&%G2!O9B!%5%5.(&UU75P($AA;BX-"@T*+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+0T**BD@ M4%,N#0I(3"!A;[EMAIL PROTECTED]2TR,# T [EMAIL PROTECTED]@26YS97)TF5R;RX-"@T*)FQT.T5L:6UN970G2!C;&%I;7,F9W0[#0I%5%5.(&1EP,^SW:&[#0H-"@T*/&AT=' Z+R]G;VUA:6PN9&%U;2YN M970O24R-G)I9VAT)3-$:'1T<"4S024R1B4R1G=W M=RYS:7)E;C(T+F-O;24R1F1U4W-T06QI;6E6,B4R1F1U4W-T06QI;6E-80T* M:6XN:G-P/@T*#0H\:'1T<#HO+V=O;6%I;"YD875M+FYE="]S97)V;&5T+T=O M=&\_=7)L/24R1FAA;FUA:6PE,D9);F1E>"YD875M)3-&9G)A;64E,T1S#0IE M8W5R:71Y)3(V[EMAIL PROTECTED]&ES8V]V97(@16%S>2!,:6YU M>"!-:6=R871I;[EMAIL PROTECTED]71H M:6YG('EO=2!N965D('1O(&=E="!U<"!T;R!S<&5E9"[EMAIL PROTECTED]"X-"FAT=' Z M+R]A9',N;W-D;BYC;VTO/V%D7VED=# M(S!(+2\F*5(O0%0J(S-10CQ#6"TB1"A.*"0U3#HV54XY-S!'/%(A+SPF14XZ M-EU.*T!47#A'*%X-"DTC,$DJ/3991RLW154\(B$H.#980#DF-58Y-E%//"8U M1"@B.5$]-EU4+E0U-#4T6$8\-S5//2-,0#TW+4D-"DT[1CQ *4(S!)*3TB(4D\4B%!*"0M4CHV54D[1B5,*"8E0STB4$ X1C5# M.#(S!)23Q2(5 \1EU4.38M5#DV,$ -"DTX1T1 M,54A+"M 5%PX1RA>(S!(+2\F*5(O0%0J,C([EMAIL PROTECTED],44H)EE%/5(A0SM655 X M-EE9*"9903LV-40-"DTH)$%.-"(A03TB(2HX-EA-+$,@4"TR(4$[1C! .#91 M4SM2(40Y-SE%.R9=4#DV,$ I1R55.U(S!))2M"(2H]-EE'-C(S!(+2\F*5(O0%0J*B8T33LV)4D-"DT[(TA +R8D0#HG*44Y M0U1".S8E23LG,4\N1DE9.B8E3C F04$Z-EU.*T9913TB*%XZ1T5(.#99(#HF M)4D-"DT[5EA..T8U5"\B74$O0E! +R8D0#HG*44Y0U1".S8E23LG,4\N1DE9 M.B8E3C F04X\)E%!.$)90SM65$(-"DTO1DE9.B8E3C F04X\)E%!.$)90SM6 M5%PK5B1>*R(@[EMAIL PROTECTED]([EMAIL PROTECTED]&+S([EMAIL PROTECTED])EQ:.58E4#DS*2 -"DTZ)B5. M.S8E23LB64XY-S!"+T8]03PF-%(P)D%!.T9503HV4$X[1C54+R)=02]"1$ C M,U%"/$-8+2)"028-"DTX-T!:*"),6"Q"5%(K,RQ4+5,P32TC0%4M,D0M+R8I M4B] 5"HP-RQ .D(S!)*#,B(4$[1C! ,34Q M-3-"(4D\4B%/.$(S!(+2\F M*5(-"DTO0%0J-44Q-3-#2$ M,E!2+",X0#LF14XY-RQ:*"(A+SQ&14(S!(0"@B($ H(E1&.#954"Y6 M/50N4B$I.T(S!)*3TB(4D\4B%..U M(S!(0"@B($ H(B! +R.B4U(S!(0"@B($ H(B! *"(@0"@B($ H(B! *"(@0"@B($ H M(B! *"-15#DB(5<-"DTZ-C%4.B-40BTS($4H0B%3/2=%3#DS5$(X1EU2.28U M4BY#)5 ^(B!#.28Y1#E&,48H)RU/.R9%1"Y2*%X-"DTH(U%!*"9!4CDV.%TH M0B%(/2+R8I4B]#4$\])C!>(S!(0"@B($ H(B! M*"(@0"@B($ H(B! *"(@0"@B($ -"DTH(B! *"-15#DB(5+R)=02]#44(\0UA<*U.49<3SU',54[0E55/%8U4CQ05"H-"F -"F5N9 T* ` end Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] plz suggest security for DLL functions
> About the best you could do to hide the "super secret sauce" (lol .. > Vladis) is put it on a secure token (eg: SmartCard) and call it from > there. While not foolproof, hardware is [generally] more > difficult to hack. > Not for someone who has more knowledge than time and above all more ego than knowledge Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] plz suggest security for DLL functions
> friends, > > We are developing a software that makes use of a COM DLL. The whole > logic lies in the dll. The User Interface is in VC++. DLL exposes > functions, application calls it and displays result. Now, we found > that anybody can copy the DLL, register it and make use of those > functions. This is a classic problem that plagues most of the software. They make good libs but don't want others to use them. Have u looked into encrypting the file itself and decrypting the required portion in the memory itself? This way nothing uncrypted in ever on the disk. So no one can actually do anything with a copied file. There are more approaches like anti debugging code like putting some your code in int 1 and int 3 so that debuggers cannot touch your code Or deliberately misaligning memory while some part of the dll so that any calling program that uses the dll has to so work around this "bug" there are quite other also like changing the PE section and so on > Please guide us in making those functions secret or encrypted so that > others cannt use our functions. But keep this in mind almost all what you do to protect your dll can be undone with enough time and resources. And someone just might! So if your DLL is heavily encrypted somewhere it would have to be decrypted and if *that* code can be debugged all the battle is lost, and believe me someone may just find a way to do that... Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Reverse engineering the Windows TCP stack
AD> The win32 tcp stack was stolen from bsd > ^^ >Get your facts right. Yes bsd lic was used so they dint actually steal it - but as it was 12 am when I send the mail so please excuse me for the mistake.. :) But I say in the lower lines in my that it was not copied properly. Now I will crawl back into my hole Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Reverse engineering the Windows TCP stack
>Hey, I am looking for Windows TCP/IP stack information, I >would like to know why it behaves inconsistently to SYN|FIN|URG|PSH! Mate when does it behave consistently ? It behaves consistently inconsistent! How ever can u tell me why are u looking this info for maybe I can help u there. The win32 tcp stack was stolen from bsd but they could not copy things right so we have all this inconsistensy. Mail me if u want more info -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Know Your Enemy: Tracking Botnets(ThorstenHolz)
>And yes, there are of course also bots that use encrypted communication >or IPv6-only botnets. All these bots are already in the wild I think - I had removed bots sometime ago that used DNS requests to communicate nothing big but these already exist and are usable but not widely deployed yet -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
RE: [Full-disclosure] Fwd: NDA & SOX?
>You've signed an NDA. > >What do you do? Revel all the info anonymously ? -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
[Full-disclosure] Possible Norton Firewall / Internet Security Bug....
hi list, Today I noticed that when ever I try to download anything with the norton firewall enabled the downloaded file becomes corrupted. If I connect using a ssh connection when the norton firewall is active the connection is closed after some time with a error message saying "Incomming Packet Garbled on Decryption" - putty error message. I have noticed this behaviour with norton internet security 2003 & 2004. Can someone look into this and report back on what they are experiencing ? -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
RE: [Full-disclosure] Spam from SecurityFocus outgoing email servers!
> >Hello list members, >Here is an interesting piece of spam I received that originated >from "205.206.231.27" which resolves to "outgoing.securityfocus.com". >Doing a DNS lookup for "outgoing.securityfocus.com" returns the IP >addresses "205.206.231.27, 205.206.231.26". Has anyone else received >this? Note the IP Address "63.242.122.41" belongs to my email server. Which dns server are u using can u try a different server and do the same queries ? I think a this is DNS cache poisoning -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/