Re: [Full-disclosure] What Laptop does Microsoft`s CEO Use?
Last time they used windows it crashed (BSOD) so they are sticking with a more stable OS On Tue, Apr 29, 2008 at 8:16 PM, William Lefkovics [EMAIL PROTECTED] wrote: I would expect him to use no less than all relevant products that Microsoft's competition creates. And thankfully, he does. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan . Sent: Tuesday, April 29, 2008 5:43 PM To: Untitled Subject: [Full-disclosure] What Laptop does Microsoft`s CEO Use? http://i-am-bored.com/bored_link.cfm?link_id=29470 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://search.goldwatches.com/?Search=Movado+Watches http://www.jewelerslounge.com http://www.goldwatches.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Did n3td3v infulence Google Security Team?
I think they should have called it how to avoid getting cyber rolled though. I've asked you this one before because I'm just not getting it. What's the difference between cyber rolling and phishing? If there's no difference, is there any need for another name for it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Did n3td3v infulence Google Security Team?
On Wed, Apr 30, 2008 at 09:55:33AM +0100, mcwidget wrote: I've asked you this one before because I'm just not getting it. What's the difference between cyber rolling and phishing? If there's no difference, is there any need for another name for it? Cyber rolling is when you visit a phishing site which plays Never Gonna Give You Up in the background. This is *much* worse than normal phishing, as it can permamently damage your ears as well as stealing your credentials. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Kiwicon 2k8 - Call For Papers
[-] _.-..__ .__.__ ,'9 )\)`-.,.--. | | _|__|_ _ _|__| 2k8 `-.| `. | |/ / \ \/ \/ / |/ ___\/ _ \ /\ \, ,\)|| |\ /| \ \__( _ ) | \ `. )._\ (\ |__|_ \__| \/\_/ |__|\___ /|___| / |// `-,// \/ \/ \/ ]||// BAA!!11 [- www.kiwicon.org ---] Holy sheepshit, internets! Blanket-Man[1] has wrung out his loin cloth and is ready to fly-tackle more heavy metal t-shirt wearing nerds with large egos and irc handles. Yes, it's time to open up your ~/haxing folder and get your talk together for Kiwicon 2k8! We've put out the black t-shirts, and deflated some satellite radomes, so where, as our more criminal yet fetchingly bikini clad cousins might say, the bloody hell are you? The Kiwicon Crüe is proud to announce the initial call for presenters for the second installment of New Zealand's very own security conference: Kiwicon 2k8. [About] Kiwicon2k8 is intended to be an informal conference, drawing on the wider security community of Australia and New Zealand. It will be held in Wellington, New Zealand, on the weekend of the 27th and 28th of September, 2008. Kiwicon's focus is on sharing information; ideas, code, and good whisky, in a rabelaisan carnival of security, nerdery, and *nix beards. Last year, the inaugural Kiwicon ended up being kind of a big deal: highlights included tmasky's mighty Crackstation, the debut of Beau Butler as an ethical hacker making Microsoft look like turkeys, and of course the Kiwicon Hax0r Quiz, with the winner taking the grand prize of An Illustrated Guide to the Commoner Skin Diseases. Hope it came in handy for the post-con diagnosis phase, dude. This year, Kiwicon's own Bogan is already making anti-virus vendors quake in their little signature-laden booties at Defcon's Race to Zero, and the cauldron of 0h-0h-0hday in Brett Moore's secret Insomnia lair is bubbling over with pernicious brew. If you missed last Kiwicon (not professional enough? couldn't convince your boss it wasn't a hoax?) then find one of the 230+ people who were there and ask them if they're just-not-gonna-bother this year. [Venue] Our hosts for the weekend will, once again, be Victoria University of Wellington. If you have any memory of last year's Kiwicon, then it'll look disturbingly familiar. The campus has the advantage of being close to the center of the city and its' various amenities. This includes cheap accommodation, good coffee, and, more importantly, several good pubs serving good, non-Australian, beer. [Costs] Kiwicon2k8 is a non-profit, non-commercial, non-corporate-funded event. Attendance for the entire weekend will cost $50 for employed individuals (self-employed and salaried). There is a discounted rate of $30 for students and the unemployed. GST receipts can be issued upon request. If your management can't be convinced of the value of something that only costs $50, we're happy to issue you with some kind of personalised limited edition invitation in crayon, glitter pen, and macaroni (spray-painted gold for that luxe look) for the low enterprise-only price of $500. [Topics] Suggested topics include but are not limited to: - Crowd Control Techniques and Panic Modeling - Information Warfare / Industrial Espionage - Malware (Viruses, Spam, Phishing, Botnets) - Cellular Networks (GSM,GPRS,CDMA,3G,4G) - Application Security, Testing, Fuzzing - Government Spy Networks / Surveillance - Nanotechnology / Quantum Computing - Access Control and Authentication - Wireless / Bluetooth / Infrared - Social Engineering / Trolling - Breaking EAL Certified Kit - Forensics / Antiforensics - Banking / ATMs / Carding - Exploitation Techniques - Layer 1/2/3 Nastiness - Reverse Engineering - Phreaking / VoIP - Virtualisation - Web Security - Lockpicking - Biometrics - Hypnosis - Crypto - Ohday - 23 There is no pre-determined talk length but we ask that speakers limit their presentation to an hour, including some question time. Since Kiwicon is a non-profit organisation, there is no funding available for travel and/or accomodation, even for IT rockstars. However, if your talk is accepted, a formal letter will be provided for employer leverage, and almost certainly, unless you're a complete jackoff, people will try and buy you beer. To submit a presentation to Kiwicon2k8, send an email to [EMAIL PROTECTED] with the following information: Name or Handle: Country of Residence: Employer (if applicable): Presentation Title: Presentation Length: Presentation Synopsis: Brief Bio: [CFP
Re: [Full-disclosure] Did n3td3v infulence Google Security Team?
good. you proved you know how to im with others. lets see, you have email, copy and paste, ranting, im and webpage creation through templates down. what else can you do? On Tue, Apr 29, 2008 at 11:04 PM, n3td3v [EMAIL PROTECTED] wrote: On Wed, Apr 30, 2008 at 3:53 AM, Pat [EMAIL PROTECTED] wrote: Not dissing you, but just wanting to thank you for the laugh: snip /and I have a news group of 4308+ who do take me seriously.snip / Why be random when you can be exact huh? Seriously, the 63213249876837+ atoms that make up my being as a whole, thank you. me: i responded to valdis big time securinate: thought you said you wouldn't. securinate's new status message - here 3:14 AM me: he needed to be told http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061903.html securinate: i'm reading it in my gmail me: i assumed you didnt read FD like you told me securinate: I searched for the thread good response me: he will do what most arseholes do, and pick out the weakest sentence and pretend the rest never happened securinate: yep Sent at 3:16 AM on Wednesday ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
n3td3v, sounds like ur trying to suck ur own dick again. can you do that? On Sun, Apr 27, 2008 at 9:54 PM, n3td3v [EMAIL PROTECTED] wrote: On Sun, Apr 27, 2008 at 8:27 PM, G D Fuego [EMAIL PROTECTED] wrote: On Apr 27, 2008, at 3:11 PM, n3td3v [EMAIL PROTECTED] wrote: On Sat, Apr 26, 2008 at 2:13 PM, G. D. Fuego [EMAIL PROTECTED] wrote: On Fri, Apr 25, 2008 at 10:48 PM, n3td3v [EMAIL PROTECTED] wrote: David, your research was responsible for the SQL Slammer Worm... but that makes you elite doesn't it, not a black hat. No wonder the UK security service is interested in you, but I wouldn't call it an achievement, that calls you irresponsible in my view. David is responsible for the Slammer worm because he discovered the vulnerability that it used? You don't believe in Responsible Disclosure? Every responsible security researcher and expert should be supporting responsible disclosure. David's disclosure is a prime example why responsible disclosure is needed. What he did *was* irresponsible, but perhaps we can learn from it. n3td3v Read ms02-039 The patch was available 6 months before slammer, thanks to David. Its not his fault that people didn't apply the patch David has to take some responsibility for what happened, he can't put it all on Microsoft and the rest of the world. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Did n3td3v infulence Google Security Team?
On 4/30/08, John Lamb [EMAIL PROTECTED] wrote: On Wed, Apr 30, 2008 at 09:55:33AM +0100, mcwidget wrote: I've asked you this one before because I'm just not getting it. What's the difference between cyber rolling and phishing? If there's no difference, is there any need for another name for it? Cyber rolling is when you visit a phishing site which plays Never Gonna Give You Up in the background. This is *much* worse than normal phishing, as it can permamently damage your ears as well as stealing your credentials. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I have never posted on FD, but your post has seriously forced my hand. You have single handedly made my day. Thanks! -- -John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Did n3td3v infulence Google Security Team?
Cyber rolling is when you visit a phishing site which plays Never Gonna Give You Up in the background. This is *much* worse than normal phishing, as it can permamently damage your ears as well as stealing your credentials. Hopefully this trend will buck before it progresses to Together Forever. Nonetheless, I stand corrected, this crime probably does deserve it's own name. This could be a effective scam though. The victim could miss the obligatory bank unusual credit card activity warning call due to damaged hearing. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft device helps police pluck evidence from cyberscene of crime
On Tue, Apr 29, 2008 at 8:35 PM, reepex [EMAIL PROTECTED] wrote: you are a retard. As are you, re-read the article... its for live memory analysis on a running machine. not anything like a bootable Live Cd. It doesn't only read memory. It does other things as well... But not quite like a bootable CD either... On Tue, Apr 29, 2008 at 8:41 PM, Peter Besenbruch [EMAIL PROTECTED] wrote: On Tuesday 29 April 2008 14:31:18 Ivan . wrote: http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html It looks like the Microsoft version of a Knoppix disk. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Rob ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1563-1] New asterisk packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1563-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff April 30, 2008http://www.debian.org/security/faq - Package: asterisk Vulnerability : programming error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1897 Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service. For the stable distribution (etch), this problem has been fixed in version 1.2.13~dfsg-2etch4. For the unstable distribution (sid), this problem has been fixed in version 1.4.19.1~dfsg-1. We recommend that you upgrade your asterisk packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch4.dsc Size/MD5 checksum: 1488 5f5e9573d490427c5a69a10aa97f158b http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz Size/MD5 checksum: 3835589 f8ee088b2e4feffe2b35d78079f90b69 http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch4.diff.gz Size/MD5 checksum: 183285 26bd25ccb154a4ad32980d943b986b77 Architecture independent packages: http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch4_all.deb Size/MD5 checksum: 1500302 8bdb0c668d19cfa10a1a21e18b404abf http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch4_all.deb Size/MD5 checksum:73970 b58221f4979cc030855181025a912e88 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch4_all.deb Size/MD5 checksum: 131882 4e51e2e9df2c8815b7f73de4366d1226 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch4_all.deb Size/MD5 checksum: 1504806 aba4a61bee8550ce08491ca99e20daed http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch4_all.deb Size/MD5 checksum: 146714 8b47af29382b0fd93ba9276c6d130a9b http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch4_all.deb Size/MD5 checksum: 170154 6db4874707b5e4bcaac7daf6d8f52c2b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_alpha.deb Size/MD5 checksum: 1902278 7f85e13bc5fcbe4e97b1c38cda233dac http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_alpha.deb Size/MD5 checksum: 137358 2b182763234ee7c8ad32eb88ab1d7439 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_alpha.deb Size/MD5 checksum: 1938542 0e3d8bcf8c3d417d76dcec6d18c54aa8 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_amd64.deb Size/MD5 checksum: 133398 ed20b24f1a2f341bd6d4e028ce59a90c http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_amd64.deb Size/MD5 checksum: 1780430 8ce4d0f0065fbda1b8b6faf452aa8cf1 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_amd64.deb Size/MD5 checksum: 1745772 c7e3f3533bd980e6cf4fae76a7fe53a6 arm architecture (ARM) http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_arm.deb Size/MD5 checksum: 1702038 c21d7d8f2a6a22340c6c532c52297238 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_arm.deb Size/MD5 checksum: 136578 e058fda61addca152ebcef309ed53db0 http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_arm.deb Size/MD5 checksum: 1668554 be43593d0db307fff5d9233d99f8683d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_hppa.deb Size/MD5 checksum: 1859784 e01288aa37bf6d1021836e4750896192
Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime
I'd be more curious what the requirements are on the host machine. Meaning if you disable autorun on all USB/Firewire/hot-plug devices does it potentially eliminate this threat? Yes, rebooting from the USB key will obviate any Windows policies/settings but the goal seems to stem from getting live data from the system while it's running. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Thompson Sent: Wednesday, April 30, 2008 1:21 PM To: reepex Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime On Tue, Apr 29, 2008 at 8:35 PM, reepex [EMAIL PROTECTED] wrote: you are a retard. As are you, re-read the article... its for live memory analysis on a running machine. not anything like a bootable Live Cd. It doesn't only read memory. It does other things as well... But not quite like a bootable CD either... On Tue, Apr 29, 2008 at 8:41 PM, Peter Besenbruch [EMAIL PROTECTED] wrote: On Tuesday 29 April 2008 14:31:18 Ivan . wrote: http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.htm l It looks like the Microsoft version of a Knoppix disk. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Rob ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This message is intended only for the person(s) to which it is addressed and may contain privileged, confidential and/or insider information. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Any disclosure, copying, distribution, or the taking of any action concerning the contents of this message and any attachment(s) by anyone other than the named recipient(s) is strictly prohibited. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime
On Wed, Apr 30, 2008 at 11:25 AM, Fetch, Brandon [EMAIL PROTECTED] wrote: I'd be more curious what the requirements are on the host machine. From what I have read, which isn't _too_ much... It needs Windows. I'd assume 2000 and forward... But that's an assumption. It just makes sense when I think of the security of the OS's - that that's what it'd be... Meaning if you disable autorun on all USB/Firewire/hot-plug devices does it potentially eliminate this threat? I doubt it. They probably have something coded into the device that works with something special within Windows. But again, just an assumption. I haven't gotten my paws on one of these yet. Though I'm sure that it you look hard enough, it can be found. Yes, rebooting from the USB key will obviate any Windows policies/settings but the goal seems to stem from getting live data from the system while it's running. Yes, so from what I've read. It sounds like, the box is running. All that you do, is plug this device in, it does the rest for you. You just sit there like a good little monkey and wait till it's done. I am thinking that this device is going to be akin to the CD-rom that you could use that had the autorun setup that would disable a password protected screen saver in Windows 9x. Basically, walk up to any machine, pop in the disk, wait a minute and POOF, all done. What is really baking my noodle though - how do we protect ourselves from these? Because, one pissed off employee with one of these things could put an organization into some deep crap, real quick like... We really need more information on these devices... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rob Thompson Sent: Wednesday, April 30, 2008 1:21 PM To: reepex Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime On Tue, Apr 29, 2008 at 8:35 PM, reepex [EMAIL PROTECTED] wrote: you are a retard. As are you, re-read the article... its for live memory analysis on a running machine. not anything like a bootable Live Cd. It doesn't only read memory. It does other things as well... But not quite like a bootable CD either... On Tue, Apr 29, 2008 at 8:41 PM, Peter Besenbruch [EMAIL PROTECTED] wrote: On Tuesday 29 April 2008 14:31:18 Ivan . wrote: http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.htm l It looks like the Microsoft version of a Knoppix disk. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Rob ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This message is intended only for the person(s) to which it is addressed and may contain privileged, confidential and/or insider information. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Any disclosure, copying, distribution, or the taking of any action concerning the contents of this message and any attachment(s) by anyone other than the named recipient(s) is strictly prohibited. -- Rob ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime
Can't help but think of the Group Policy that disables usbstor.sys.(http://www.petri.co.il/disable_usb_disks_with_gpo.htm for some info) Surely that driver could be replaced (with some windows file protection workarounds as well, obviously) that would perhaps prompt before allowing the device to be mounted? Require a PW to allow it to be mounted? Just a thought. I'd think something along those lines though, would disable this tool. On Wed, Apr 30, 2008 at 2:17 PM, Rob Thompson [EMAIL PROTECTED] wrote: What is really baking my noodle though - how do we protect ourselves from these? Because, one pissed off employee with one of these things could put an organization into some deep crap, real quick like... We really need more information on these devices... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime
On Wed, Apr 30, 2008 at 2:17 PM, Rob Thompson [EMAIL PROTECTED] wrote: ... Meaning if you disable autorun on all USB/Firewire/hot-plug devices does it potentially eliminate this threat? I doubt it. They probably have something coded into the device that works with something special within Windows. But again, just an assumption. I haven't gotten my paws on one of these yet. Though I'm sure that it you look hard enough, it can be found. you'd have to epoxy over those ports. putty epoxy in the USB, firewire, PCCard , and related slots. it's been done, for regulatory compliance. works great. gets your hands messy. but seriously, who will take such measures on their home PC? last but not least, the cold boot disk encryption attacks showed how even the plugged ports could be worked around with a quick reboot and a can of keyboard cleaner... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Akamai Technologies Security Advisory 2008-0001 (Download Manager)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Akamai Technologies Security Advisory 2008-0001 * Akamai ID: 2008-0001 * Date: 2008/04/30 * Product Name: Download Manager * Affected Versions: 2.2.3.5 * Fixed Version: 2.2.3.5 * CVE IDs: CVE-2007-6339 * CVSS Base Score: (AV:R/AC:H/Au:NR/C:C/I:C/A:C/B:N) 8.0 * Product Description: Akamai Download Manager is a client software application that helps users download content easily, quickly, and reliably. It is available as an ActiveX component or Java applet and provides users the ability to pause, resume downloading at a later time, and automatically recover from dropped connections or system crashes. * Vulnerability Description: A security vulnerability has been discovered in versions prior to 2.2.3.5 of Akamai Download Manager. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user. This vulnerability exist only in the Download Manager client software and does not affect Akamai's services in any way. * Patch Instructions: For ActiveX versions: Affected users can upgrade to the latest version of Akamai Download Manager by visiting the following web page: http://dlm.tools.akamai.com/tools/upgrade.html Visiting that page or any other Download Manager enabled page will prompt the user to install the latest version of the software automatically. Akamai has successfully coordinated with each of our enterprise customers to ensure that all are distributing the patched version. To verify the correct version is installed: ~ 1) In Internet Explorer, choose Internet Options... from the ~Tools menu. ~ 2) Under the General tab, select Settings... from the Temporary ~Internet files section. ~ 3) Select View Objects... from the Temporary Internet files ~folder section. ~ 4) Find the item for DownloadManager Control and verify that the ~version is 2.2.3.5 or higher. ~ * If you wish to uninstall Download Manager, complete this last step: ~ 5) Find the item for DownloadManager Control, right-click and ~select Remove. ~ 6) When prompted to confirm, choose Yes. For Java versions: The java version is not persistently installed. No action is required by the user. * Credit: CVE-2007-6339 was independently discovered and brought to Akamai's attention by iDefense (http://labs.idefense.com/). * Additional Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6339 * About Akamai: Akamai® is the leading global service provider for accelerating content and business processes online. Thousands of organizations have formed trusted relationships with Akamai, improving their revenue and reducing costs by maximizing the performance of their online businesses. Leveraging the Akamai EdgePlatform, these organizations gain business advantage today, and have the foundation for the emerging Web solutions of tomorrow. Akamai is The Trusted Choice for Online Business. For more information, visit www.akamai.com. For our our GPG public key please visit http://www.akamai.com/dl/akamai/Akamai_Security_General.pub -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) iQIcBAEBAgAGBQJIGLE6AAoJEEngXEVbkoPOhTsQALj0bAaeq5KOAZmblSKlkptR fN8eN0+Hrb3d+aFZRMgMJg0ORsnw9RDjsIM4y/H8luzjb4FgB06dWbX3uNqoKZ0s qvg7thN+6M1uyer6HknvrPv6Sz0s3RcVQANp7mZdUQi5jRQLSyMdEMSFvzwci0Gs 5r0dg/O1WnvfeK1P+q1b4tl2uk9Sjfyr3K3mOZUnvLyeN1H9U1PiB7OV4Ub5Evdd ezWt+pHpiBaHo6WI2wBBiPXJALMLX7fa8p/z3M3G9EKF7e1nLJ/HXloMldKT9/hn WIF/7XSq7iJMU9rTOqYdu+awTXEqDlVznTGyABHL20sbQbPshEje/lunSvwUtHyW PovCcD60xUYsLBitoQPXH8l6B0puCECxaUbq0oBdXlXv1zuZ9wOh2FvlspnEPwPh +0GZPnmuIVrL4Nn3cKiZHjOznBy51SzZ9SQE8rwbppKdb9KU2s5n1Kzs5nyrTUSE xlCnoM6X9/6LowL5oaeX453+eS0k8evWPg7cmVHjRX1Qha9MkU32sUukoR7QYvrv Mpj/J4ESE5aD2epZufxgkdhXEfeR4COavA/Nybe4oTiIuq9Breg2CRgNzFC3pfKY fhz67q2n62tLOjeyLXXxqWhH0CeZwDgn2vaLXLAr+IJbCmbvOYUfU44mO9lEC73X tVlTKoHOD6NmnRQe2iOM =DW1h -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Critical Vulnerability in SNMPc
=== Summary === Name: Unauthenticated Stack Overflow in SNMPc Release Date: 30 April 2008 Reference: NGS00526 Discover: Wade Alcorn [EMAIL PROTECTED] and John Heasman [EMAIL PROTECTED] Vendor: Castle Rock Computing Systems Affected: SNMPc versions 7.1 and earlier Risk: Critical Status: Published === Description === Wade Alcorn and John Heasman of NGSSoftware have discovered a stack overflow vulnerability in Castle Rock Computing SNMPc Network Manager. SNMPc Network Manger is a distributed network management system that allows monitoring of the network infrastructure. It employs a distributed polling agent architecture which uses SNMP TRAPs to provide a solution capable of monitoring networks with up to ten thousand devices. An SNMP TRAP initiated by a network element is sent to the SNMPc Network Manager to allow monitoring of the infrastructure. = Technical Details = The vulnerability can be exploited when an overly long community string is sent in the SNMP TRAP packet. The packets format will be valid ASN.1, including the length of the community string. An attacker can craft a single UDP packet that can lead to the execution of arbitrary code in the context of LocalSystem. === Fix Information === NGSSoftware wish to note that Castle Rock Computing were extremely pro-active in addressing this issue. The latest version (SNMPc 7.1.1) can be downloaded from the Castle Rock Computing website: http://www.castlerock.com/. NGSSoftware Insight Security Research http://www.ngssoftware.com/ http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1 4BF with Company Number 04225835 and VAT Number 783096402 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Did n3td3v infulence Google Security Team
I don't often write to the list nor contribute much at all at this point mostly due to work commitments but I felt a need to this time. Why on earth was this posted to the list? it provided no usefull information. It had nothing to do with full disclosure of anything. all it did was waste my time and others. At this point the author of the post has made it to the filter to hit the trash bin straight off marked as read. Do us all a favor...stop posting this crap. Its pointless, provides no information and can be used for nothing. In a word this post ranked no higher than SPAM! My 2cents worth. Flame away chances are I'm not going to respond anyway. if [ !=n3td3v ] then; mv $post spam fi On Tuesday 29 April 2008 20:50:18 [EMAIL PROTECTED] wrote: Did n3td3v infulence Google Security Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime
more info http://www.news.com/8301-10789_3-9932600-57.html?tag=blog.promos On Thu, May 1, 2008 at 9:00 AM, coderman [EMAIL PROTECTED] wrote: On Wed, Apr 30, 2008 at 2:17 PM, Rob Thompson [EMAIL PROTECTED] wrote: ... Meaning if you disable autorun on all USB/Firewire/hot-plug devices does it potentially eliminate this threat? I doubt it. They probably have something coded into the device that works with something special within Windows. But again, just an assumption. I haven't gotten my paws on one of these yet. Though I'm sure that it you look hard enough, it can be found. you'd have to epoxy over those ports. putty epoxy in the USB, firewire, PCCard , and related slots. it's been done, for regulatory compliance. works great. gets your hands messy. but seriously, who will take such measures on their home PC? last but not least, the cold boot disk encryption attacks showed how even the plugged ports could be worked around with a quick reboot and a can of keyboard cleaner... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Did n3td3v infulence Google Security Team
I concur :-) 2008/5/1 magickal1 [EMAIL PROTECTED]: I don't often write to the list nor contribute much at all at this point mostly due to work commitments but I felt a need to this time. Why on earth was this posted to the list? it provided no usefull information. It had nothing to do with full disclosure of anything. all it did was waste my time and others. At this point the author of the post has made it to the filter to hit the trash bin straight off marked as read. Do us all a favor...stop posting this crap. Its pointless, provides no information and can be used for nothing. In a word this post ranked no higher than SPAM! My 2cents worth. Flame away chances are I'm not going to respond anyway. if [ !=n3td3v ] then; mv $post spam fi On Tuesday 29 April 2008 20:50:18 [EMAIL PROTECTED] wrote: Did n3td3v infulence Google Security Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
