Re: [Full-disclosure] bind-9.8.1 remote code exec exploit?

'. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: [Full-disclosure] US-CERT Current Activity - Malicious Code Circulating via Israel/Hamas Conflict Spam Messages

that says January 10th 2009 2009-10-01 is a ISO date. http://www.iso.org/iso/support/faqs/faqs_widely_used_standards/widely_used_standards_other/date_and_time_format.htm -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: [Full-disclosure] to those who want moderation...

on topic. I've been on plenty of lists which are unmoderated over the years. This *one* is the only one where members continue to deliberately post off topic messages for days after it is pointed out that the discussion is off topic for the list. Mark -- Mark

Re: [Full-disclosure] What Christianity means to me

of traffic that falls into the later two categories are exceeding what the list members feel is apporiate, needed or necessary. Apply self moderation. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits

://secunia.com/ -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure

Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

On Tue, Jul 15, 2008 at 5:14 PM, Mark Andrews [EMAIL PROTECTED] wrote: http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf Good stuff, i recall the early stage being fairly cumbersome... Now, has there been any progress concerning the patent situation? This stopped me from

Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

historty with DNS pre-dates my affiliation with ISC. I've also been signing zones for years. Please don't just dismiss my comments before you investigate. I like simple tools. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2

Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

obvious, my opinions are my own and not those of my employer. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http

Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

--On July 16, 2008 11:17:07 AM +1000 Mark Andrews [EMAIL PROTECTED]=20 wrote: The real problem isn't signing or resigning zones, or even successfully=3D20 completing the original configuration (although those are not trivial for=3D20 the average person trying to setup their own dns

Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

more state and doesn't interact well with other UDP applications on the same machine. Randomising the source address reduces the ability of the attack to succeed. This also has the same negatives as randomising the source port. Mark -- Mark Andrews

Re: [Full-disclosure] bind9 remote vulnerability, possibly exploitable - vendor unresponsive :~~~

, (isc_uint16_t)target-used); } return (result); } bigup2 Lam3rZ's see u at nonamecon Herbert Twinkleworth *Information Security Interest Group - NZ * -- Mark Andrews (BE Elec), ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742