[Full-disclosure] any tools for testing RPC
hi all, I am testing RPC functionality in snort .i have tried all scripts and exploits available for RPC .but not so confident and wanna make sure my testing is done perfectly covering all aspects. can anyone plz tell me any tools which i can relay on to test RPC thank you ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gmail emails issue
Hi All, Gmail stores mails in Temp folder for faster access.but i have observer it fails to remove mail from the temp files after the session is ended. any user who has access physical access to the system can read mail and contact information of the Gmail user. Discloses information which is private and confidential? thank you ratna ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Recent trends in network secuirty???
Hi All, I am doing a survey in network security.The scope of the survey is medium scale to large scale industries in all sectors. I want to know an expert opinion about the trends in the field of network security.where we are heading in 2006-2007?? what kind of attacks we can expect? I want input from you guys like issues concerning to the following: Authentication Authorization, IDS/IPS. Cryptography, Vulnerability Assessment. Hope everybody contributes and no one disappoints me. thank you, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Penetration Testing : A Third Party Hacker.
Hi All, I have read an artical on SANS website.I have some questions unanswered. External Penetration Testing conducted by third party. How efficient it is?After all he will go through all the step of penetration testing (internal PT). How safe is integrity of Organization information for which PT is performed? Difference between External and Internal PT'ers. External-Internal = Approach+Skill Levels+Commitment+Trustworthiness. Thank You, 6ackpace ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IT security professionals in demand in 2006
Certification have their place in the industry.it is a base line to judge a person and his technical knowledge. yes i agree to you all about the fact that people with little knowledge or no knowledge doing this certifications.Also they this certificates require some prerequisites to write. bottom line:it's up to the industry to select right person for right jobs. thank you 6ackpace On 12/6/05, Gautam R. Singh <[EMAIL PROTECTED]> wrote: "do we need to code our own OS to be an OS/System administrator" :-P I think well u usually dont, but u should know the "inner workings" of it :) But it always good if u code ur own os :) On 12/5/05, sk <[EMAIL PROTECTED] > wrote: CISSP is bullshit. as eeye said 99% of the security consultants do theirpen-tests with automated tools which is pathetic in my opinion. if you cant write exploits, you are no professional, more like a steamblower. how can someone be professional when he doesnteven understand how an exploit works in deep? what if there are customscripts or exotic daemons installed? without beeing able to audit code and understand how certain bugs are beeing exploited, how can someonethink he got enough clue to do a professional security audit?its just a rip off of the customers as simple as that. or would you pay someone to run an automated tool against your host, sit back and waittill a nice pdf statistic is generated so he got something to present toyou? of course you wouldnt. in the 90s the people still had to learn on their own and all the mainstream hackers who speak at your conventions didntlearn their knowledge from stupid class rooms.everyone who thinks hes a security professional or even a hacker after hemade some certs, is just living in a dream world. then again the media plays well with the steam blowers so they can make anice living..sorry i just had to say that since its going on my nerves how all thesepeople suddenly think their stupid certs make em special, but then if it comes to knowledge everyone is cluless...-sk- Original Message -From: "Ivan ." < [EMAIL PROTECTED]>To: < full-disclosure@lists.grok.org.uk>Sent: Monday, December 05, 2005 3:01 AM Subject: [Full-disclosure] IT security professionals in demand in 2006> http://www.computerworld.com.au/index.php/id;923889191;fp;16;fpid;0> ___> Full-Disclosure - We believe in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/ >___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://gautam.name+91 9885677919:wq! ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Talk cleartext credentials in process memory
Hi, If i am right Google Talk Beta Messenger cleartext credentials in process memory still exist on the current version. googles answer for this issue: plain char -> hex char 6ackpace On 11/29/05, Jaroslaw Sajko <[EMAIL PROTECTED]> wrote: pagvac wrote:> Title: Google Talk Beta Messenger cleartext credentials in process memory> >> Description>> Google Talk stores all user credentials (username and password) in> clear-text in the process memory. Such vulnerability was found on> August 25, 2005 (two days after the release of Google Talk) and has > already been patched by Google.>> This issue would occur regardless of whether the "Save Password"> feature was enabled or not.The same issue concerns many applications, ie. Gadu-Gadu - another instant messenger. In my opinion such "vulnerabilities" are not worthypublishing (for Gadu-Gadu we have not published this kind of softwarebehaviour) because if you can dump other user process or trick him to execute any code then reading the password from the process memory isonly one of many things which you can do.regards,js___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] another filename bypass vulnerability - from cmd.exe
It also work for windowsXp 2 and with other ext . i.e exe.txt.exe.pdf .. On 11/16/05, Aditya Deshmukh <[EMAIL PROTECTED]> wrote: Was doing some testing [xfocus-AD-051115]Ie Multiple antivirus failed to scanmalicous filename bypass vulnerability The system is windows 2000 sp4 srp5 withall other patches upto date.At the command prompt cmd.exe executethe following with the results.I copy and paste from cmd.exe--- E:\TEMP>cd testE:\TEMP\test>copy %windir%\system32\calc.exe 1 file(s) copied.E:\TEMP\test>ren calc.exe calc.exe.zipE:\TEMP\test>dir /bcalc.exe.zipE:\TEMP\test> calc.exe.zipE:\TEMP\test>---This bring up the calc.exe on the screen. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
