Re: [Full-disclosure] hackers.it disappeared from google search results

2012-02-02 Thread Nancy Kramer
All this means is that Google has not indexed this site or dropped it 
from the index.
You can investigate further by getting an account for Google 
Webmaster Tools and looking at what it says about this site there.

I think Google will drop a site if it has been hacked, is down for a 
long time or maybe even if it is serving malware.
If any of that applies to this site recently it may be an explanation.

If your site does not come back in a few days of being up reliably 
you might submit a reconsideration request to Google.

Last but not least I have seen Google drop a page if for some reason 
they cannot crawl it and/or it crashes their crawler.

Google Webmaster Tools should tell you if something like that is happening.

You might also look at this site with Xenu Link Sleuth which is a free tool.
It might help you find ambiguous URIs that might confuse the Google Crawler


Regards,


Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car or Street 
Rod on the Web



At 08:24 AM 2/2/2012, David3 Gonnella wrote:
>Yes that's the key search that would produce
>the wanted results. As you confirm the records are
>not showed anymore without any notice.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Seasons Beatings

2005-12-17 Thread Nancy Kramer
This will only work if the people hearing the secrete are smart enough to 
understand it and work with it.  Based on my experience there is minimal 
chance of this with most people.  Most people are either too stupid or too 
lazy to utilize the knowledge offered them.  Some are both stupid and lazy.


Either way not much of a threat.  The above fact keeps a lot of IT 
consultants in good paying jobs.


Wishing you and your family a most politically uncorrect Merry Christmas 
and healthy and prosperous New Year.
By the way any other list member who would like to be wished this please 
apply it to yourself, otherwise feel free to ignore it.


Always remember "You can lead them to the data but you cannot make them think."

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web




At 05:28 AM 12/17/2005, Dude VanWinkle wrote:


I had taken a pause, from beating Santa Clause to remember your deeds,
and the things that they breed

I remembered my goal of Judging you all:

Disclosures are Good, but I still wonder why you should;
for secrets are precious, and keep your worthless family fed,
After you reveal them, it doesn't matter if you are beaten and dead,

for now we all know the power you had,
and for its passing aren't you exponentially as sad?

You had something to say: a secret to share; but now that is gone, you
can now disappear

one wonders if we will read your well thought out thought
or just feel insulted and pick apart your opinion for naught

You can either learn from your mistakes, or spend the rest of your time
 tyring to convince everyone who will listen how you felt during the crime

for now that it is gone and you have nothing to share.. FUCK OFF MAN,...

Until next year.

-JP

p.s.: here is your card: http://tinyurl.com/9tz5g
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Important announcement about CXS

2005-12-31 Thread Nancy Kramer

Hello,

It is New Years.  Why can't all of you just have a few drinks and paw a 
person of the gender you are attracted to like normal human beings.


Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web


At 01:07 AM 1/1/2006, InfoSecBOFH wrote:


Pretty much your daddy little bitch.

On 12/31/05, Joe Average <[EMAIL PROTECTED]> wrote:
> And, *What are you?*
>
> Regards,
>
> CXS
>
> On 12/31/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote:
> >
> > haha, I know you are what am I
> >
> > On 12/31/05, Joe Average < [EMAIL PROTECTED]> wrote:
> > > You're the only "fuckbag" we can see right now.
> > >
> > > Regards,
> > >
> > > CXS
> > >
> > >
> > > On 12/31/05, InfoSecBOFH < [EMAIL PROTECTED]> wrote:
> > > >
> > > > yh!  Good riddance fuckbag.
> > > >
> > > > Whats the matter, not getting enough attention so you troll out with
> > > > this email.  NO ONE CARES if you fuck off.
> > > >
> > > > On 12/31/05, Joe Average <[EMAIL PROTECTED]> wrote:
> > > > > We're closing up public life as 2006 fast approaches landfall and
> George
> > > W
> > > > > Bush's iPod gets filled up with tracks, so we're hitting the
> underworld
> > > > > again, and bidding everyone a good bye. http://n3td3v.blogspot.com
> > > > >
> > > > > [Side nugget]
> > > > > Bush authorised a missle to strike a suspected compound where they
> > > thought
> > > > > Saddam was living, hours before the planned operations of the Iraq
> war
> > > began
> > > > > (Do you remember?). It was a strike that would have flattened the
> > > compound
> > > > > and anyone within it, and all the residential homes around it.
> Saddam
> > > wasn't
> > > > > in that compound it was found later. The intelligence services were
> so
> > > > > convinced he was there,  they started the beginning of the war with
> a
> > > strike
> > > > > against him (to kill, with no body parts to show to the world
> media).
> > > > >
> > > > > However, months after the war had started, they found Saddam hidden
> in a
> > > > > hole in the ground? Helped the guy out the ground, and gave him a
> health
> > > > > check, including teeth, and sent him to jail awaiting trail.
> > > > >
> > > > > You work out the math.
> > > > >
> > > > > U.S.A media bubble forever
> > > > >
> > > > > CXS
> > > > > ___
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter:
> > > > >
> http://lists.grok.org.uk/full-disclosure-charter.html
> > >> Hosted and sponsored by Secunia - http://secunia.com/
> > > > >
> > > > >
> > > > ___
> > > > Full-Disclosure - We believe in it.
> > > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> > >
> > >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.9/217 - Release Date: 12/30/2005



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.9/217 - Release Date: 12/30/2005


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] WMF round-up, updates and de-mystification

2006-01-03 Thread Nancy Kramer

Hello All,

I went to the patch site mentioned although I am currently running  a 
version of Windows it supposedly cannot help.  Down loaded and ran the 
vulnerability check program there expecting it to say that my system is 
vulnerable.  Interestingly it said it was not vulnerable.  I run Free AVG 
as my anti virus and a couple of updates came down today so possibly that 
did something.  Just thought I would pass this along.


Might be interesting to try it with other unpatched or unpatcheable 
versions of Windows running different types of anti virus.  Got a new 
computer with XP Pro a few days ago so will patch that and work to move 
into it sooner than I was planning.


I know quite a few home users who are still running Windows 98 and ME, 
possibly many will be vulnerable.


Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web



At 03:28 AM 1/3/2006, Gadi Evron wrote:

Quite a bit of confusing and a vast amount of information coming from all 
directions about the WMF 0day. Here are some URL's and generic facts to 
set us straight.


The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows. 
So far no problems have been observed by anyone using this patch. You 
should naturally check it out for yourselves but I and many others 
recommend it until Microsoft bothers to show up with their own patch.


Ilfak is trusted and is in no way a Bad Guy.

You can find more information about it at his blog:
http://www.hexblog.com/2005/12/wmf_vuln.html

If you are still not sure about the patch by Ilfak, check out the 
discussion of it going on in the funsec list about the patch, with Ilfak 
participating:

https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Occasional information of new WMF problems keep coming in over there.

In this URL you can find the best summary I have seen of the WMF issue:
http://isc.sans.org/diary.php?storyid=994
by the "SANS ISC diary" team.

In this URL you can find the best write-up I have seen on the WMF issue:
http://blogs.securiteam.com/index.php/archives/167
By Matthew Murphy at the "Securiteam Blogs".

Also, it should be noted at this time that since the first public 
discovery of this "problem", a new one has been coming in - every day. All 
the ones seen so far are variants of the original and in all ways the SAME 
problem. So, it would be best to acknowledge them as the same... or we 
will keep having a NEW 0day which really isn't for about 2 months when all 
these few dozen variations are exhausted.


A small BUT IMPORTANT correction for future generations:
The 0day was originally found and reported by Hubbard Dan from Websense on 
a closed vetted security mailing list, and later on at the Websense public 
page. All those who took credit for it took it wrongly.


Thanks, and a better new year to us all,

Gadi.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] PC Firewall Choices

2006-01-18 Thread Nancy Kramer
I have limited experience with PC Firewalls but the nicest one I have seen 
is the one that comes with Kaspersky anti virus.  It appeared to be very 
easy to configure and never seems to cause problems with legitimate 
applications accessing the web.  I do know that it does not meet your 
requirements since it comes bundled with anti virus, although if I remember 
correctly one could pick which of their bundled components to install at 
install time.


Regards,

Nancy Kramer



At 03:22 PM 1/17/2006, Steven wrote:

I am looking at supplementing the Windows XP (Pro) SP2 Firewall with a 
third party product on a bunch of Windows machines.  I am trying to 
determine what product to go with and wanted to solicit some opinions from 
this mailing list.  The four that I really come across and have used in 
some cases are ZoneAlarm, Sygate, Norton, Kerio, and Tiny.  My 
understanding is that Norton has actually acquired Sygate and that the 
Sygate Personal Firewall probably wouldn't be the best choice of these 
now.  With that in mind I am looking for a product that easy to setup, 
easy to use, works well, and does not take up too much in terms of system 
resources or harddrive space ( I also don't want it to add 20 minutes to 
the boot process either).


I am not looking for e-mail protection, anitivrus, or any other 
non-firewall type services to be included.  I do however want it to be 
able to manage applications and their internet usage.  (i.e. if they 
install something new that tries to access the web (trojans included) they 
will get a popup telling them something is doing this).


Any suggestions and opinions on the above products and any others that I 
might not have mentioned are welcomed.


Also -- on top of this if someone knows of software/hardware that can scan 
these machines and verify whether or not both the SP2 FW and/or the 3rd 
part FW -- and perhaps prevent them network access if they are not running --
please let me know. [I am not sure what security products have these 
capabilities]


Thanks

Steven

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Re: Re: PC Firewall Choices

2006-01-19 Thread Nancy Kramer
I admit I know nothing about firewalls but with ZA I have had to shut it 
down sometimes to go onto the internet.  I have no idea why.  I just can't 
get on and when I shut it down I can.


Never had the problem with Kaspersky.  I do know that configuring a 
firewall right takes some knowledge and I know I don't know how to do that 
and ZA did not come with instructions telling me that, but Kaspersky was 
intuitive.  If just popped up and asked if you want to let a certain 
application get on the internet and you answer yes or no and then it 
remembers.  I think someone who did not even know what a firewall is could 
use it on their computer without problems like a typical end user.  That 
impresses me.  With the proliferation of broadband I think the typical home 
user should have a software firewall if they have broadband.  Naturally a 
friend of mine had Windows XP and Norton Firewall and his machine on 
broadband got hacked anyway.  But that is consumer Norton and that is 
another story which would be off topic to this subject.


Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web

At 03:51 PM 1/19/2006, Stan Bubrouski wrote:


On 1/19/06, Dave Korn <[EMAIL PROTECTED]> wrote:
>
> Stan Bubrouski wrote in
> news:[EMAIL PROTECTED]
> > As cruel as that last message was I'm sick of the ZA pros here saying
> > its perfect, its not, far from it.
>
>   Since nobody has ever claimed that ZA is perfect, in saying this you 
prove


Yeah I didn't literally mean perfect, only that certain people seem to
argue that everyone's complaints about ZA aren't real because they
don't experience them.  What proof could I profer here?  Some flawed
benchmark?  A video?  Why would I bother you assume I'm lying anyways.

> that your claims are either lies or hyperbole.  If you can't argue with 
what


So because you think that one sentence is misleading (in retrospect
'perfect' was not a good word choice), everything else I said must be
untrue.  Sigh.

> people actually said, making up things that they didn't say is fatuously
> dishonest.

You are the one being dishonest and the one exaggerating here.  You
take something too literally, and call people liars.  Two machines,
one with NPF one with ZA.  When ZA is running on one, IE is slow, when
its off its slightly faster than the machine with NPF.  It's not a
lie, its reality.  You can fly here and come see for yourself, but you
can't touch anything.  I don't know where you've been.

-sb

>
> cheers,
>   DaveK
> --
> Can't think of a witty .sigline today

Roses are Red, Violets are Blue, How much is ZA paying...YOU!

>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


RE: [Full-disclosure] Re: Re: PC Firewall Choices

2006-01-19 Thread Nancy Kramer
I have the paid ZA but I heard the free one was better.  Have no idea about 
that but would never buy the paid version again.  At least now I know what 
was happening.  Will try to look for that feature and set it to the maximum 
minutes.  I only have it on my laptop which only goes on the internet 
sporadically but generally goes on the internet on public wireless networks 
which I think may not be all that secure.  Lots of times I am meeting with 
someone there and we talk and then lookup something on the internet.  I 
could see how time could pass quickly and I might not touch the computer 
for awhile.  Thanks for the explanation.


Regards,

Nancy Kramer


  At 10:10 PM 1/19/2006, Greg wrote:




> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Nancy Kramer
> Sent: Friday, 20 January 2006 2:30 PM
> To: Stan Bubrouski; full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices
>
>
> I admit I know nothing about firewalls but with ZA I have had
> to shut it
> down sometimes to go onto the internet.  I have no idea why.
> I just can't
> get on and when I shut it down I can.
>

That'd be a well known and never fixed bug I reported to Zonelabs some years
back now. It has a feature to automatically lock internet connection after
so many minutes of inactivity. The length of time can be changed by the
user. What it REALLY did was cut off access to internet and any LAN you were
on, isolating you entirely and never actually let go of it when the user was
back at the keyboard. Exiting ZA let that go and internet and lan were
restored. You have the option to turn that feature OFF but even that didn't
stop the whole thing happening. So, about the only thing you could do was to
set the auto lock as high as it could go and turn the feature off. It would
still go off after that many minutes had passed (which I believe is 999 in
the PRO version and 99 in the free version) and lock you out again but it
was delayed by that much, at least.

You CAN set certain programs to pass by its' lock, however. So, if you have
some computers almost always chattering away on a distributed project but
otherwise not touched, you could allow those programs to pass on even
though, should you attempt to get out with a simple web browser (where it
wasn't allowed to pass the lock), you cant. Saves some stuffing about on
such machines and let's face it - the more "free" some company execs see,
the more likely they are to use it. Surprising how many Windows based
companies use free ZA.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Re: Re: PC Firewall Choices

2006-01-19 Thread Nancy Kramer
I guess I will stick with Kasperky which will probably phone home to Russia 
or something.  Does anyone have any experience with the Firewall that comes 
with paid AVG?  I just run free AVG currently on most computers so have not 
used it .


Regards,

Nancy Kramer

At 01:15 AM 1/20/2006, [EMAIL PROTECTED] wrote:

I have been following this discussion waiting for someone to mention 
another "feature" of Zone Alarm:

Posted January 13, 3:00 a.m. PST Pacific Time,
ROBERT X. CRINGELY http://www.infoworld.com/

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning
home, even when told not to. Last fall, InfoWorld Senior Contributing
Editor James Borck discovered ZA 6.0 was surreptitiously sending
encrypted data back to four different servers, despite disabling all of
the suite's communications options. Zone Labs denied the flaw for nearly
two months, then eventually chalked it up to a "bug" in the software --
even though instructions to contact the servers were set out in the
program's XML code. A company spokesmodel says a fix for the flaw will
be coming soon and worried users can get around the bug by modifying
their Host file settings. However, there's no truth to the rumor that
the NSA used ZoneAlarm to spy on U.S. citizens.


:)

Hummer
- Original Message - From: "Nancy Kramer" <[EMAIL PROTECTED]>
To: "Greg" <[EMAIL PROTECTED]>; 


Sent: Thursday, January 19, 2006 11:27 PM
Subject: RE: [Full-disclosure] Re: Re: PC Firewall Choices


I have the paid ZA but I heard the free one was better.  Have no idea 
about that but would never buy the paid version again.  At least now I 
know what was happening.  Will try to look for that feature and set it to 
the maximum minutes.  I only have it on my laptop which only goes on the 
internet sporadically but generally goes on the internet on public 
wireless networks which I think may not be all that secure.  Lots of 
times I am meeting with someone there and we talk and then lookup 
something on the internet.  I could see how time could pass quickly and I 
might not touch the computer for awhile.  Thanks for the explanation.


Regards,

Nancy Kramer


  At 10:10 PM 1/19/2006, Greg wrote:




> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Nancy Kramer
> Sent: Friday, 20 January 2006 2:30 PM
> To: Stan Bubrouski; full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices
>
>
> I admit I know nothing about firewalls but with ZA I have had
> to shut it
> down sometimes to go onto the internet.  I have no idea why.
> I just can't
> get on and when I shut it down I can.
>

That'd be a well known and never fixed bug I reported to Zonelabs some years
back now. It has a feature to automatically lock internet connection after
so many minutes of inactivity. The length of time can be changed by the
user. What it REALLY did was cut off access to internet and any LAN you were
on, isolating you entirely and never actually let go of it when the user was
back at the keyboard. Exiting ZA let that go and internet and lan were
restored. You have the option to turn that feature OFF but even that didn't
stop the whole thing happening. So, about the only thing you could do was to
set the auto lock as high as it could go and turn the feature off. It would
still go off after that many minutes had passed (which I believe is 999 in
the PRO version and 99 in the free version) and lock you out again but it
was delayed by that much, at least.

You CAN set certain programs to pass by its' lock, however. So, if you have
some computers almost always chattering away on a distributed project but
otherwise not touched, you could allow those programs to pass on even
though, should you attempt to get out with a simple web browser (where it
wasn't allowed to pass the lock), you cant. Saves some stuffing about on
such machines and let's face it - the more "free" some company execs see,
the more likely they are to use it. Surprising how many Windows based
companies use free ZA.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


___

Re: [Full-disclosure] Fwd: NDA & SOX?

2005-03-12 Thread Nancy Kramer
I think in that situation you should consult a competent attorney and make 
sure you have some money in the bank to support you for awhile and pay the 
attorney's fees.

The people on this list are supposed to know about computer security not 
business liability law which is what this email pertains too.  Most of the 
people on this list are probably as bad at being attorneys as attorneys 
would be at being security consultants.  I did desktop support for 
attorneys for awhile and believe be most are not "good" with computers even 
real smart ones who graduated from Harvard and Stanford which some of my 
users had done.

Regards,
Nancy Kramer
At 03:01 PM 3/11/2005, Jason Coombs wrote:
The flaws harm investors, they harm the public, they harm information 
security in general. They are unethical. You inform the company that the 
flaws exist, and nothing is done about them. Instead, you're slowly but 
forcefully pushed out of the company.

You've signed an NDA.
What do you do?

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.7.2 - Release Date: 3/11/2005
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/


Re: [Full-disclosure] PullThePlug Wargames

2005-04-05 Thread Nancy Kramer
Hello,
Your site was up when I checked a few minutes ago.  Seems like a nice 
site.  Need to check it out.

Regards,
Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web
At 11:33 PM 4/5/2005, [EMAIL PROTECTED] wrote:
Hi,
we are still here..
the DNS server had some problems for about 15 minutes or so..


On Tue, 5 Apr 2005, Kevin Ponds wrote:
I think that someone may have pulled the plug on your server.
On Apr 5, 2005 5:54 PM, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
PullThePlug.org is a community aimed at nurturing the growth and
development of the information security field through community-wide
research and development projects, lectures and wargame servers.
Rather than taking the usual approach of hands-off documentation,
PullThePlug emphasizes education and development as a community
effort.
Whats new at PullThePlug?
-- New domain and website
- http://www.pulltheplug.org/
* We have moved from pulltheplug.com to pulltheplug.org.
* New website that's much more informative.
-- Two new wargame servers in addition to 
http://www.pulltheplug.org/wargames/vortex/
- http://www.pulltheplug.org/wargames/catalyst/
* For people looking to learn or practice binary analysis skills, forensics.
* White Paper on binary protection schemes by andrewg [1].

- http://www.pulltheplug.org/wargames/semtex/
* For people looking to learn or practice network programming skills.
-- New learning resources
- http://www.pulltheplug.org/about/suntzu/
* An innovative approach to providing learning tutorials and lectures
   via the internet. While volunteer individuals lecture through a medium
   such as VoIP conferencing, SILC or IRC. Listeners connect to suntzu,
   to view demonstrations of what is being explained, real-time.
-- Development / Project Hosting
- http://www.pulltheplug.org/about/resources/rcs.html
* For projects looking for some Webspace and a SVN/CVS Server.
Thanks to the many people who continue to drive the community with their 
time and donations!

- [EMAIL PROTECTED]
[1] 
http://www.codebreakers-journal.com/viewarticle.php?id=51&layout=abstract
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.1 - Release Date: 4/1/2005
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

2009-01-29 Thread Nancy Kramer
Another cat not carrying prey would also work well.  Lots of stray cats 
like to come in when it is cold so this could very likely happen.  The cat 
the device was bought for could also attract other cats that would follow 
it into the house.  Some cats are quite social and have "friends".  This 
should maybe be called cat spoofing as the cat this device was intended for 
is not the cat getting entry.

Lots of fun finding strange cats in your house at 3AM.  Note;  Cats tend to 
be nocturnal.  You don't need any kind of high tech device for this.  Just 
open the door for your cat and others may come in.  Cats are fast so it is 
hard to keep them out.  Besides they are awake and you are probably NOT.

Been there done that.

Regards,

Nancy Kramer





At 06:04 PM 1/29/2009, hack ery wrote:

>Security Risk:  High
>Exploitable: Local
>Vulnerability: Arbitrary Flow Control Control, Cat Spoofing
>Discovered by: The Hackery Channel
>Tested: No
>
>The Flow Control project is an access control project for a cat.  It 
>consists of a cat door, an electromagnetic latch, a access control device, 
>and image recognition software that allows Flow to enter the house, and 
>only when she is not carrying prey.  When Flow is within proximity of the 
>door, she passes through a light that casts a shadow on an area monitored 
>by a camera.  If the silouhette, appears to be  Flow without prey, access 
>is granted.
>
>Cat Spoofing:  An attacker could potentially gain access by posing as a 
>kitty by placing a cut out of the kitty next to the light.
>
>Mitigation: None.
>Work around: Guard dog
>Vendor Notified: No
>Vendor Site: 
><http://www.quantumpicture.com/Flo_Control/flo_control.htm>http://www.quantumpicture.com/Flo_Control/flo_control.htm
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>No virus found in this incoming message.
>Checked by AVG.
>Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date: 
>1/29/2009 5:57 PM


-- 
No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date: 1/29/2009 
5:57 PM


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control

2009-02-02 Thread Nancy Kramer
Most people don't realize it but cats are actually very social 
animals.  Also very smart.

That explains the behavior you are seeing.

Regards,

Nancy Kramer


At 05:10 AM 2/2/2009, Michael Simpson wrote:

>On 1/30/09, Michael Holstein  wrote:
> >
> > > Have any of you guys heard of RFID?
> >
> > Yeah .. wouldn't it make more sense to just build one that reads the
> > AVID chip most pets have in them anyway?
> >
>
>friends of mine couldn't understand how their kitchen was still full
>of cats every night after they implemented an rfid system on the cat's
>collar
>
>turns out the cat was standing close enough to the door to activate
>the lock whilst its pals gained entry
>
>social engineering / evil employee approach
>
>mike
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG.
>Version: 7.5.552 / Virus Database: 270.10.16/1929 - Release Date: 2/1/2009 
>6:02 PM


-- 
No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.552 / Virus Database: 270.10.16/1929 - Release Date: 2/1/2009 6:02 
PM


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Personal firewalls.

2006-01-20 Thread Nancy Kramer
You are then saying don't buy your firewall bundled with your anti 
virus.  Logically that makes sense.  It seems though that most AV vendors 
sell a firewall with their deluxe packages maybe because they think you 
need one and it gives them a little extra revenue.


I have dailup and no firewall on my desktop and so far so good.  Haven't 
had to rebuild the system yet and I have had it since March 2001.  Came 
close to getting it messed up when I had Norton but was saved by AVG 
Free.  Currently I have my email on a server where they keep the server 
anti virus up to date.  I have not seen a virus in email in months.  I 
still need desktop anti virus but it sure does cut down on the malware that 
shows up on my desktop.


Regards,

Nancy Kramer




At 03:28 PM 1/20/2006, Soderland, Craig wrote:
And with hardware many users/companies make the same mistake, layering 
firewalls all of the same vendor/brand. So that in the event of an exploit 
weakens they're all penetrated.



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Re: Microsoft AntiSpyware attacks Norton AV?

2006-02-12 Thread Nancy Kramer

At 07:05 PM 2/12/2006, Dave Korn wrote:


  No, let me correct that.  You need to fully uninstall it then throw it in
the bin and get something better[*].  Oh, and don't let MS beta software run
on any of your machines.



I concur.  Been there done that got the viruses.  If it weren't for AVG I 
would probably have had to format my hard drive.


MS software doesn't work all that well in production versions.  Don't put 
their beta's on any machine that is anything else but a test machine.


Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web 



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 267.15.4/255 - Release Date: 2/9/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] strange domain name in phishing email

2006-03-11 Thread Nancy Kramer

Could it be a 301 permanent redirect?

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web


At 04:57 AM 3/11/2006, Jianqiang Xin wrote:


hi,
I received several phishing emails. One interesting thing is the link to 
phishing website has the link:

<http://1406379699/dbweb/ws/ebay/index.htm>http://1406379699/dbweb/ws/ebay/index.htm

If you click it, it goes to a fake ebay server. The DNS result shows:

> 1406379699
Server:
Address:

Name:<http://ip-166-179.sn2.eutelia.it>ip-166-179.sn2.eutelia.it
Address:  <http://83.211.166.179>83.211.166.179

I do not understand why 1406379699 equal to 
<http://ip-166-179.sn2.eutelia.it>ip-166-179.sn2.eutelia.it? Thanks for 
your help.



yours,
jqxin2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] What about subscriber only?

2006-03-16 Thread Nancy Kramer

Good idea.

Regards,

Nancy Kramer

At 03:32 PM 3/16/2006, Stefan Triller wrote:


Hi,

my killfile is getting bigger and bigger, because of the spam on this list.
What about closing this list for email adresses which aren't subscribed to it?
This would minimize the spam.

Stefan

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] [Advisory] ~ [Thu Mar 16 20:58:46 EST 2006] ~ Off-by-one in Apple MacOSX

2006-03-16 Thread Nancy Kramer



[Advisory] ~ [Thu Mar 16 20:58:46 EST 2006] ~ Off-by-one in Apple MacOSX




8=D
[+] Background
This issue had no identified background.
8=D
Appendix A Vendor Information
http://www.apple.com/macosx/

8=D
Appendix B References
RFC 4399

8=D
Contact
Nancy Kramer [EMAIL PROTECTED]

CCE CEH CSFA GREM GHTQ GWAS SSCP 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY

2006-03-31 Thread Nancy Kramer
While I have no idea if what RSA is doing works or not but I have noticed 
the absence of  phishing emails in my in box in the last few days.  I used 
to get maybe half a dozen or more a day since I don't run spam filters. Not 
a one in the last two days.  The Ebay and Paypal emails seemed to stop 
first.  Now even the ones for banks I have never heard of are no longer 
coming in.


There must be a reason for this.  Maybe the phishers decided to take a 
vacation.


Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web




At 01:20 PM 3/31/2006, [EMAIL PROTECTED] wrote:


On Fri, 31 Mar 2006 19:06:29 +0100, n3td3v said:

> Check out this article, and I really did spill my hard earned Starbucks
> right down my front when I looked at this article:
> 
http://news.com.com/5208-1029-0.html?forumID=1&threadID=15591&messageID=131433&start=3D-1


Given that you allegedly posted that particular response, I take it you 
spilled

your Starbucks in shock that somebody would claim to be you?

The original article is at http://news.com.com/2100-1029-6056317.html?tag=tb

In any case, it's clear that the person who posted that response has *no idea*
how most bank's anti-fraud systems work.

First off, the phishers *can't* just run through all the data they've gotten
in just a few seconds, unless they distributed the work across a bunch of 
botnet

zombies - hits for more than a few dozen different accounts from the same IP
in the same timespan are suspicious at the very least.

Secondly, the phishers can currently usually be sure that the victims have
given them reasonably good data (unless the victim is a dweeb who can't enter
their DoB or account number correctly).  On the other hand, if the phished 
data

has been polluted by 90% bad data, then only 1 of 10 attempted transactions
will succeed - and the fact that they're trying lots of different bad data 
will
again hopefully trigger an alert.  If you only succeed every 10th time, 
and you
get locked out after 3 attempts with different bad data, it's going to 
take you

a lot longer to figure out which ones are good and which ones are bad




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.385 / Virus Database: 268.3.2/294 - Release Date: 3/27/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.385 / Virus Database: 268.3.4/299 - Release Date: 3/31/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Does someone know this guy at google?

2006-06-08 Thread Nancy Kramer

Looked up the regular number in Google.  It is a list phone number as follows

R L Rollins, (636) 527-0586, 445 Westglen Village Dr, Ballwin, MO 63021

I have no idea if he works for Google but I don't think that someone would 
use their real name and real home phone number in a scam.


Maybe you want to send this guy a letter if you do not want to call him.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web




At 05:02 PM 6/7/2006, [EMAIL PROTECTED] wrote:


again the usual fag on the list are coming around.
I will care to reply you nicely

>(I'm sure if this guy is real, he appreciates having his
>cell # blasted to the world)

my cell phone is in my domain whois and that's not a reason to be cell 
blasted looser...


>Call the number
>and find out

I can't and dont want to phone in the USA.

Happy now ? go back to your bed please.


Tatercrispies wrote:

It sounds to me that you have all the information you need to verify
if this person exists. Why are you asking the list? Call the number
and find out (I'm sure if this guy is real, he appreciates having his
cell # blasted to the world)

On 6/7/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


 I maybe feel paranoïd but I have got today a mail from a supposed google
engineer but the email shows like a phising scam.
 Does someone can confirm there is a



Rick Rollins

Technical Sourcer

Google
[EMAIL PROTECTED]

Office:  (636) 527.0586 Cell: (650) 906-9585

 at google to be sure this isn't someone attempting to fool me, told to
[EMAIL PROTECTED] without luck yet , feel free to contact me on or offlist
.

 cheers.

 AD.

___
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/






___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.394 / Virus Database: 268.8.2/356 - Release Date: 6/5/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.394 / Virus Database: 268.8.2/356 - Release Date: 6/5/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Free antivirus software

2006-06-28 Thread Nancy Kramer
I use free AVG by Grisoft.  I have heard others are better but it has been 
protecting my old computer for a couple of years with no problems.  You get 
daily updates too and it is much better than Norton which I had before.


Nancy Kramer




At 10:28 AM 6/28/2006, Julien GROSJEAN - Proxiad wrote:

If u r using something
good - pls let me know!



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.394 / Virus Database: 268.9.5/377 - Release Date: 6/27/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Please help to spam [EMAIL PROTECTED]

2006-07-24 Thread Nancy Kramer

Just put the email address with a mailto tag on any fairly popular web page.

Gets me a lot of spam.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web

At 03:58 AM 7/24/2006, Alice Bryson wrote:

   I am collecting spam for research using the mailbox
[EMAIL PROTECTED] I have try a lot to spread this mailbox to get
more spam. But I can only receive about 60 spams per day. Could
anybody help me to get more spam at [EMAIL PROTECTED]
   Thanks in advance!



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 7/21/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] ProtectFly/RegisterFly - Whois information - Non-Disclosure legal??

2006-08-04 Thread Nancy Kramer
Yes having a "private" registration is legal at least in the US.  Godaddy 
also does it.  They charge extra for it.


People do this so spam bots will not harvest their email on their domain 
registration.  I personally don't think it is a good idea unless someone 
wants to do something wrong with the domain but that is just my opinion.


If the people who own those domains are doing something wrong like spamming 
your blog I think you can contact the registrar and tell them.  They should 
either give you the contact information or do something about the domain 
owner themselves.  I know Godaddy would probably be helpful because they 
are a pretty good company but don't know about these companies since I 
don't deal with them myself.


Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web



 At 09:21 AM 8/4/2006, Dan B wrote:


Hi,

I recently noticed some spam comments to my blog. Upon looking at the
link they were linking back to it is an aggregation of various people
RSS from their blogs.

Upon examining the domains and their whois info they all appear to be
registered with ProtectFly. Their whois information does not give out
the contact details of the domain owner. Some random looking email
address, that I guess might forward back to the real owner.

Is this non-disclosure of the contact details legal?

Am I missing some method to find the correct info?

Example:-
[EMAIL PROTECTED] ~ $ whois nags-head-real-estate.info
Domain ID:D13743171-LRMS
Domain Name:NAGS-HEAD-REAL-ESTATE.INFO
Created On:10-Jun-2006 02:42:27 UTC
Last Updated On:22-Jun-2006 07:15:54 UTC
Expiration Date:10-Jun-2007 02:42:27 UTC
Sponsoring Registrar:RegisterFly.com, Inc. (R318-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:tuxfIgCP2SraElSj
Registrant Name:Whois Protection Service - ProtectFly.com
Registrant Organization:RegisterFly.com - Ref-R# 37871268
Registrant Street1:404 Main Street
Registrant Street2:4th Floor
Registrant Street3:
Registrant City:Boonton
Registrant State/Province:NJ
Registrant Postal Code:07005
Registrant Country:US
Registrant Phone:+1.9737362545
Registrant Phone Ext.:
Registrant FAX:+1.9737361355
Registrant FAX Ext.:
Registrant Email:[EMAIL PROTECTED]
Admin ID:tu0yrgMvIcEJ2aIH
Admin Name:Whois Protection Service - ProtectFly.com
Admin Organization:RegisterFly.com - Ref-A# 37871268
Admin Street1:404 Main Street
Admin Street2:4th Floor
Admin Street3:
Admin City:Boonton
Admin State/Province:NJ
Admin Postal Code:07005
Admin Country:US
Admin Phone:+1.9737362545
Admin Phone Ext.:
Admin FAX:+1.9737361355
Admin FAX Ext.:
Admin Email:[EMAIL PROTECTED]
Billing ID:tuI0AzeEf97LKzMo
Billing Name:Whois Protection Service - ProtectFly.com
Billing Organization:RegisterFly.com - Ref-B# 37871268
Billing Street1:404 Main Street
Billing Street2:4th Floor
Billing Street3:
Billing City:Boonton
Billing State/Province:NJ
Billing Postal Code:07005
Billing Country:US
Billing Phone:+1.9737362545
Billing Phone Ext.:
Billing FAX:+1.9737361355
Billing FAX Ext.:
Billing Email:[EMAIL PROTECTED]
Tech ID:tuTOQTTrtOUs5GAS
Tech Name:Whois Protection Service - ProtectFly.com
Tech Organization:RegisterFly.com - Ref-T# 37871268
Tech Street1:404 Main Street
Tech Street2:4th Floor
Tech Street3:
Tech City:Boonton
Tech State/Province:NJ
Tech Postal Code:07005
Tech Country:US
Tech Phone:+1.9737362545
Tech Phone Ext.:
Tech FAX:+1.9737361355
Tech FAX Ext.:
Tech Email:[EMAIL PROTECTED]
Name Server:DNS1.REGISTERFLY.COM
Name Server:DNS2.REGISTERFLY.COM


Cheers,
DanB.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.394 / Virus Database: 268.10.5/405 - Release Date: 8/1/2006



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.394 / Virus Database: 268.10.5/405 - Release Date: 8/1/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] ProtectFly/RegisterFly - Whoisinformation - Non-Disclosure legal??

2006-08-05 Thread Nancy Kramer
I agree.  Everytime I want to build a site I have a terrible time finding a 
good name that is not taken.  All the best names are taken and parked with 
junk on them or even worse spyware.  Often "business" people do ruin what 
they touch especially when they just want to take the money and run and 
don't get whatever one is really trying to do.  That is actually very 
common among venture capitalists and other investor types.


Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web



.  At 09:58 AM 8/5/2006, The Shadow wrote:

yeah. This is legal. But it does suck. The new wave is domain cashparking. 
It sucks because people are just gobbling domains just to gobble when they 
could be used for real content. Sux. What a waste of internet. Of course 
commercial sector ruins everything it touches in the name of money. Oh 
well.


www.Geek-Guy.com
The Original Geek Toy Store
-Original Message-

From:  Nancy Kramer <[EMAIL PROTECTED]>
Subj:  Re: [Full-disclosure] ProtectFly/RegisterFly - Whoisinformation - 
Non-Disclosure legal??

Date:  Fri Aug 4, 2006 2:56 pm
Size:  4K
To:  Dan B <[EMAIL PROTECTED]>, full-disclosure@lists.grok.org.uk

Yes having a "private" registration is legal at least in the US.  Godaddy
also does it.  They charge extra for it.

People do this so spam bots will not harvest their email on their domain
registration.  I personally don't think it is a good idea unless someone
wants to do something wrong with the domain but that is just my opinion.

If the people who own those domains are doing something wrong like spamming
your blog I think you can contact the registrar and tell them.  They should
either give you the contact information or do something about the domain
owner themselves.  I know Godaddy would probably be helpful because they
are a pretty good company but don't know about these companies since I
don't deal with them myself.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web



  At 09:21 AM 8/4/2006, Dan B wrote:

>Hi,
>
>I recently noticed some spam comments to my blog. Upon looking at the
>link they were linking back to it is an aggregation of various people
>RSS from their blogs.
>
>Upon examining the domains and their whois info they all appear to be
>registered with ProtectFly. Their whois information does not give out
>the contact details of the domain owner. Some random looking email
>address, that I guess might forward back to the real owner.
>
>Is this non-disclosure of the contact details legal?
>
>Am I missing some method to find the correct info?
>
>Example:-
>[EMAIL PROTECTED] ~ $ whois nags-head-real-estate.info
>Domain ID:D13743171-LRMS
>Domain Name:NAGS-HEAD-REAL-ESTATE.INFO
>Created On:10-Jun-2006 02:42:27 UTC
>Last Updated On:22-Jun-2006 07:15:54 UTC
>Expiration Date:10-Jun-2007 02:42:27 UTC
>Sponsoring Registrar:RegisterFly.com, Inc. (R318-LRMS)
>Status:CLIENT TRANSFER PROHIBITED
>Status:CLIENT UPDATE PROHIBITED
>Status:TRANSFER PROHIBITED
>Registrant ID:tuxfIgCP2SraElSj
>Registrant Name:Whois Protection Service - ProtectFly.com
>Registrant Organization:RegisterFly.com - Ref-R# 37871268
>Registrant Street1:404 Main Street
>Registrant Street2:4th Floor
>Registrant Street3:
>Registrant City:Boonton
>Registrant State/Province:NJ
>Registrant Postal Code:07005
>Registrant Country:US
>Registrant Phone:+1.9737362545
>Registrant Phone Ext.:
>Registrant FAX:+1.9737361355
>Registrant FAX Ext.:
>Registrant Email:[EMAIL PROTECTED]
>Admin ID:tu0yrgMvIcEJ2aIH
>Admin Name:Whois Protection Service - ProtectFly.com
>Admin Organization:RegisterFly.com - Ref-A# 37871268
>Admin Street1:404 Main Street
>Admin Street2:4th Floor
>Admin Street3:
>Admin City:Boonton
>Admin State/Province:NJ
>Admin Postal Code:07005
>Admin Country:US
>Admin Phone:+1.9737362545
>Admin Phone Ext.:
>Admin FAX:+1.9737361355
>Admin FAX Ext.:
>Admin Email:[EMAIL PROTECTED]
>Billing ID:tuI0AzeEf97LKzMo
>Billing Name:Whois Protection Service - ProtectFly.com
>Billing Organization:RegisterFly.com - Ref-B# 37871268
>Billing Street1:404 Main Street
>Billing Street2:4th Floor
>Billing Street3:
>Billing City:Boonton
>Billing State/Province:NJ
>Billing Postal Code:07005
>Billing Country:US
>Billing Phone:+1.9737362545
>Billing Phone Ext.:
>Billing FAX:+1.9737361355
>Billing FAX Ext.:
>Billing Email:[EMAIL PROTECTED]
>Tech ID:tuTOQTTrtOUs5GAS
>Tech Name:Whois Protection Service - ProtectFly.com
>Tech Organization:RegisterFly.com - Ref-T# 37871268
>Tech Street1:404 Main Street

Re: [Full-disclosure] CN spam links in Google and Yahoo

2007-09-26 Thread Nancy Kramer
Google is supposed having some issues with this type of stuff.  This has 
been on some webmaster boards although I have not seen or experienced it.
No one really knows how it happened but I personally think it is somehow 
related to the fact that Google had some DNS issues with their crawler or 
something like that reported in the last month.  Google is very secretive 
so it is hard to figure out what if anything went wrong but if one can 
successful attack DNS one can do a lot of damage to the internet.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web




At 05:17 PM 9/25/2007, James Matthews wrote:
>If you run a blog you can see easily why these sites are indexed! I get 
>hundreds of spam comments from them!
>
>On 9/25/07, blah <<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]> wrote:
>>Read your SANS diary daily!
>>
>><http://isc.sans.org/diary.html?storyid=3408>http://isc.sans.org/diary.html?storyid=3408
>>
>>Spammers feeling lucky with Google
>>Published: 2007-09-21,
>>Last Updated: 2007-09-21 07:31:49 UTC
>>by Bojan Zdrnja (Version: 2)
>>
>>For quite some time spammers have been trying to hide links advertised
>>in their e-mails. The main reason for this is probably increasing
>>effectiveness of various realtime blocklists, such as SURBL. For those
>>that aren't familiar with SURBL 
>>(<http://www.surbl.org>http://www.surbl.org ), it's an RBL
>>that lists list URIs found in spam e-mails. In other words, instead of
>>listing spam zombies or relays, RBLs like SURBLs list sites that are
>>referenced in advertised spams.
>>
>>
>>
>>
>>
>>On 9/25/07, Steve Ragan <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]> 
>>wrote:
>> > 
>> <http://news.yahoo.com/s/zd/20070924/tc_zd/215816>http://news.yahoo.com/s/zd/20070924/tc_zd/215816
>>  
>>
>> >
>> > I've seen this a lot lately, and I don't see how these sites were allowed.
>> > Is there anyone here who can shed some light on this?
>> >
>> > Steve
>> >
>> > Excerpt:
>> >
>> > "A reader, Courtney Cox (no relation to the actress), recently pointed out
>> > to me that the top results of recent complex Google searches turned out to
>> > be inane Chinese sites that were not even parking sites, just an 
>> assortment
>> > of keywords that somehow got indexed and brought to the top of the results
>> > list. After seeing a few of these sites, I have to wonder what's going on.
>> > Is it sabotage?"
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: 
>> <http://lists.grok.org.uk/full-disclosure-charter.html>http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - <http://secunia.com/>http://secunia.com/
>> >
>> >
>>
>>___
>>Full-Disclosure - We believe in it.
>>Charter: 
>><http://lists.grok.org.uk/full-disclosure-charter.html>http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - <http://secunia.com/>http://secunia.com/
>
>
>
>--
>http://www.goldwatches.com/
><http://www.jewelerslounge.com>http://www.jewelerslounge.com
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Truths in "Truth in Caller ID Act"

2006-10-02 Thread Nancy Kramer
You are 100 percent right about the US government.  The US Constitution may 
protect US citizens from the government but nothing will protect them from 
the big telecom companies who will own them and their data unless we enact 
a new neutrality law in the US.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web


At 04:48 PM 10/1/2006, Joe Barr wrote:

>On Sun, 2006-10-01 at 12:28 -0500, J. Oquendo wrote:
> > So the United States government wants to pass the "Truth in Caller ID"
> > act. Humorously it will do little do deter criminals from spoofing
> > their caller ID and scamming innocent victims. Here is the rule/law
> > followed by why it will fail:
>
>The U.S. government will do its duty, that is to say, they will lick the
>ass of the telecommunications industry lobbyists and do whatever they
>damn well say.
>
>
>
>
>
>--
>It's a strange world when proprietary software is not worth stealing,
>but free software is.
>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.407 / Virus Database: 268.12.10/459 - Release Date: 9/29/2006


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Truths in "Truth in Caller ID Act"

2006-10-02 Thread Nancy Kramer
I know it was the big telecoms.  Been working for Net Neutrality to 
preserve it.

Think they should just crap their telecom reform bill.  Only helps the big 
telecoms.  Do you know they want to do deep packet inspection on every 
packet to "prioritize" them.  Going to be a huge security hole.  I am 
neither a network engineer nor security engineer but deep packet inspection 
scares the crap out of me.  Congress is clueless.  They just want the 
campaign contributions of the big telecoms.  I consider them "owned" by the 
telecoms in the hacker sense of owned.

I am already seeing "peering issues"  as the ISPs start to play with the 
new toys ie new Cisco Routers.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web




At 10:12 PM 10/2/2006, Gary E. Miller wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Yo Nancy!
>
>On Mon, 2 Oct 2006, Nancy Kramer wrote:
>
> > the big telecom companies who will own them and their data unless we enact
> > a new neutrality law in the US.
>
>Yeah, but guess who wrote the net neutrality laws being vaoted on now?
>
>RGDS
>GARY
>- ---
>Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
> [EMAIL PROTECTED]  Tel:+1(541)382-8588
>
>-BEGIN PGP SIGNATURE-
>Version: GnuPG v1.4.3 (GNU/Linux)
>
>iD8DBQFFIcb68KZibdeR3qURAt21AKDYnZbDwH48cLuf8sGOrHyzxhXVIACgoCUY
>Z61iwKwZkShAyBJrIu66BuY=
>=NGtb
>-END PGP SIGNATURE-
>
>
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] comparing information security to other industries

2006-12-19 Thread Nancy Kramer
At 03:16 PM 12/19/2006, KT wrote:
>What I am trying to figure out is how mature we are and how long will it 
>take for to get stable?


Not very mature and it will take a long time to get stable because 
programmers are just beginning to be aware of application security 
requirements and then they need to figure out how to implement 
them.  Remember most programmers came from a client server or mainframe 
world and they "don't get it".  The consumer also doesn't "get it".  They 
work great together.

I went to a PHP Conference recently and the creator of PHP said that there 
is not such thing as a completely secure web application.  When failure is 
a goal you will definitely get there.

I know all this because I am a programmer by background.  Most people 
designing web applications know so little about security it is scary.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.409 / Virus Database: 268.15.23/591 - Release Date: 12/17/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/