Re: [Full-disclosure] Looking for a job in OrangeCounty California, honestly
Gah. All this top posting and immaturity makes it difficult to reply, and normally I'd be prone to ignore this, but I'm hoping that someone else will be able to learn from the errors made here. Jay is not employable, for multiple reasons. He's already gone out of his way to publicly humiliate himself. Lists like Full Disclosure are archived in so many places that, long after he's matured (it is to be hoped that he'll mature), his boorish behavior will be there to haunt him. Some of the suggestions here have been made with the best of intentions, and the attempts at kindness and assistance are really heart warming. I would suggest that the LAPD is no where near the OC, and that they are not going to let anyone near a computer to do forensics (honestly, there are professionals, with professional tools available only to law enforcement, for that). No, the best that can be learned here is to always keep it professional. Always. Profanity, childish temper tantrums, threats, chest-thumping about who is more elite than whom, all of these get stored in multiple archives, just waiting to spring back to life 5, 10, or 20 years from now. Trust me, I have Usenet postings that are out there (or were; thank you google, for letting me remove them) that are nearly 20 years old. Please, folk, don't think that an alias hides you, and that you can run into the crowd and throw feces at us as though you were a caged monkey. Stop and think about what you say. For that matter, learn to use a spell checker. At least attempt to look professional. It might get to be a habit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [FLSA-2005:158801] Updated bzip2 packages fix security issues
Rembrandt wrote: On Mon, 14 Nov 2005 21:29:16 -0500 Byron Sonne [EMAIL PROTECTED] wrote: Could you please stop mailing your Bug-Fix-Reports aka Package xyz updated to the Full*-Mailinglist? Then you need to run off and start your own list. Funny to see you complain about something that is useful (at least to some), and not about the moronic flag-waving that has been going on the past couple of days by the netdev creature. BTW, authorities at Yahoo have been notified; times will become more interesting for him. I don't find those mailings objectionable. I think this is an appropriate forum. I think this list should be usefull (like old bugtraq int he good old time) to exchange knowledge about a lot topics except PATCHES for one specific OS/Distri. We like this list the way it is; Full Disclosure means just that. If you don't like drinking from the firehose, Kurt's list is over there- There other mailinglists (mostly provided by the Projects or Vendors) for such things. And YES I belive that every Admin wich uses e.g. Fedora reads also the mailinglists where patches could be announced. Not everyone on here is an administrator (of any kind), nor are they necessarily interested in following all the distros for Linux, SCO, Solaris, MacOS, Windows, FreeBSD, OpenBSD, LynxOS, OpenVMS... You get the picture. It all happens here, sonny. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Brain dead SSH scans from Italy
Well, I'm stumped. I mean, really stumped.
I've had a host scanning my network for the past three days, and it
initially looked like one of the automated scans we've all become so
familiar with (unfortunately). Naturally, the automatic defense was
engaged, and I thought that would be the end of it. Nope.
It continues to send SYN packets, and although it's dropped off in attacks
to the other machines, it still pounds at the doors of two of them. Those
two machines have a couple of things in common: they are both running BIND
9, and are both OpenBSD {mumble}.
I've sent email off to the RIPE contacts for the IP (195.250.227.226), and
to the WHOIS contacts for the domain (ocem.com), and to [EMAIL PROTECTED] as
well. Nothing. If I take off the null routing on either of those machines,
it immediately starts hammering at them, with no signs of cessation. I have
considered just letting it finish, but I'm more concerned that there's a
new variant on this moronic scan that doesn't know when to quit. I suspect
that the continuation is because they are DNS servers, since I took the
blocking off of one of the other machines also running OpenBSD, and the
scanning did not resume (although I had expected it to).
I'm at a loss. If anyone knows Italian (I don't), and can contact one of:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
or anyone at ocem.com, please, let them know that the machine is
compromised, and that they need to take it off line, and clean it up.
TIA and all that.
--
There are two ways, my friend, that you can be rich in life.
One is to make a lot of money and the other is to have few needs.
William Sloane Coffin, Letters to a Young Doubter
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brain dead SSH scans from Italy
Etaoin Shrdlu wrote: Well, I'm stumped. I mean, really stumped. I've had a host scanning my network for the past three days... I'm at a loss. If anyone knows Italian (I don't), and can contact one of: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] or anyone at ocem.com, please, let them know that the machine is compromised, and that they need to take it off line, and clean it up. Thanks to whomever finally got through, however you did it. I had actually allowed one host to start responding, and it had gotten to the part I always least understand, i.e. the tries for root's password. I mean, really, are there that many hosts out there with root accounts that can be guessed with an automated password guesser? Anyway, it suddenly stopped, and stopped attempting the other machine(s) as well. Whew. Thanks again. -- There are two ways, my friend, that you can be rich in life. One is to make a lot of money and the other is to have few needs. William Sloane Coffin, Letters to a Young Doubter ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Our Industry Is Seriously Ethics Impaired
Jeeze, people. Trim your posts. Also, top posting is for amateurs. Adam Jones wrote: What exactly is wrong with this? I personally would rather have 3com buying up exploits (probably under an agreement for exclusive access) instead of having them sold to the highest, probably malicious, bidder. Even if someone sells it to both there is a more reputable group that has the exploit and can help with mitigation. Uh-huh. iDefense and tipping point are oh, so trustworthy. I choose whom to trust, and that would be whom, not what. A corporation is not a whom, it is a body of people, some of who may be trustworthy, but in the aggregate, it is a controlled mob. In addition to all this, what you see from this sort of marketplace is that people who might otherwise pursue gainful employment, instead hope to enrich themselves by writing yet another exploit against the extraodinarily fragile infrastructure that we've created for ourselves by allowing monoculturalism to replace common sense. On 7/26/05, J.A. Terranson [EMAIL PROTECTED] wrote: Yet another voice baying at the moon. Ditto. -- It is by caffeine alone I set my mind in motion. It is by the beans of Java that thoughts acquire speed, the hands acquire shaking, the shaking becomes a warning. It is by caffeine only I set my mind in motion. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft Windows and *nix Telnet PortNumber Argument Obfuscation
Kristian Hermansen wrote: On Wed, 2005-06-08 at 15:04 +1200, Nick FitzGerald wrote: This has been known since Adam was a cowboy. He's right, you know. Although I don't believe that your claim is unlikely, it would have been nice to post a link to the original discovery to back it up. This is just foolishness. Everyone that I have showed this to, personally, has not seen it before. And, after some google searching, I could not locate anyone else either that talked about this -- the closest thing was an old Microsoft telnet advisory that didn't mention this behavior specifically. Link? Why would there be a link to show where the original advisory was? You have just got to be kidding. With that said, I would like to ask anyone who has info about the original discovery to please post it here (Nick didn't respond to my email). I am interested to know more about it, and maybe the original discoverer found other things as well...thanks Original discovery??? Don't you work for Cisco? Try either the Stevenson or Doug Comer 3-volume set on networking. That'd probably help. I realize that there seem to be a *whole* bunch of folk that feel that FD is a playground and learning environment. For those of us actually looking at it as an early warning system, think of Nick as being a vocal representative of the majority of more senior security people on the list. Please, if your objective is to learn about the basics, do it *elsewhere*. -- The command line is useful for people who like to communicate with their computers with a *language*, GUIs are for people who like to to communicate by *pointing and grunting* So who's the Neanderthal? (J. J. Green) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Administrivia: A new home for FD
[EMAIL PROTECTED] wrote: I shouldn't have to fix my settings for the damn list! I didn't break them! The list should have a competent admin who does not subscribe me to full mode when I asked for digest only! Ah, let me see. Where should I start? Learn to trim your posts. Top posting sucks. Don't whine. Don't use Reply-all when replying. It's not only the unauthorised junk in my inbox that is unacceptable, it's the expectation that I should waste my time changing passwords, settings etc. for one pissant list, else get spammed. Unacceptable? Please, unsubscribe. No one will miss you, and John (Hi John, nice rescue, and thanks to Secunia as well) doesn't need to run a PG-13 sort of world. For that matter, I don't want one either. Jeeze, most of us are more than grateful that John managed to find a home, at nearly the last minute, for a list that *some* of us need, and find extraordinarily useful. I genuinely appreciate John, and will miss Len, and admire them both for the important resource that they provide. You, my little guppy, are *not* paying for this list. In fact, you're not even paying your way. You are, howsomeever, making a mark for yourself in the world. Not a truly positive one, but a mark, nonetheless. Unsubscribe. Come back when you grow up (if ever). -- Do not rouse the Old Ones from the chthonic caverns of their repose. Do not taunt the dragon which at present glances at you idly through one slightly opened eye. Do not become someone's hobby. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
