[Full-disclosure] Secureid using scientific calculator?
Possible/feasible? My own implementation of secure id algorithm using scientific calculator & a watch? -- [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
My employer does this, but I think its easier to fool users, say we craft a website say which again asks for username/password & most users will blindly give away their credentials thinking it as a new session.. On 10/11/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Not to step in to the middle of this, but I once worked for an employer > with what I considered the best way of stopping attacks cold: a proxy server > that prompted you for your credentials when you went to an external web site > and gp settings that disabled the ability to save your username/password > locally as well as tight settings on the systems to prevent pretty much > anything from being installed or modified. So everytime you opened up a > brand new session of ie and tried to access an external site you were > prompted for your username/password. Somehow I doubt there's any malware > around that is designed to survive in that type of an environment. > > Geoff ---SNIPPED -- [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IT security professionals in demand in 2006
"do we need to code our own OS to be an OS/System administrator" :-P I think well u usually dont, but u should know the "inner workings" of it :) But it always good if u code ur own os :) On 12/5/05, sk <[EMAIL PROTECTED]> wrote: CISSP is bullshit. as eeye said 99% of the security consultants do theirpen-tests with automated tools which is pathetic in my opinion. if you cant write exploits, you are no professional, more like a steamblower. how can someone be professional when he doesnteven understand how an exploit works in deep? what if there are customscripts or exotic daemons installed? without beeing able to audit code and understand how certain bugs are beeing exploited, how can someonethink he got enough clue to do a professional security audit?its just a rip off of the customers as simple as that. or would you pay someone to run an automated tool against your host, sit back and waittill a nice pdf statistic is generated so he got something to present toyou? of course you wouldnt. in the 90s the people still had to learn on their own and all the mainstream hackers who speak at your conventions didntlearn their knowledge from stupid class rooms.everyone who thinks hes a security professional or even a hacker after hemade some certs, is just living in a dream world. then again the media plays well with the steam blowers so they can make anice living..sorry i just had to say that since its going on my nerves how all thesepeople suddenly think their stupid certs make em special, but then if it comes to knowledge everyone is cluless...-sk- Original Message -From: "Ivan ." <[EMAIL PROTECTED]>To: < full-disclosure@lists.grok.org.uk>Sent: Monday, December 05, 2005 3:01 AMSubject: [Full-disclosure] IT security professionals in demand in 2006> http://www.computerworld.com.au/index.php/id;923889191;fp;16;fpid;0> ___> Full-Disclosure - We believe in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/>___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- http://gautam.name+91 9885677919:wq! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] windows netstat
inetinfo =iis apache.exe = guess? iplanet? On 8/20/05, Aditya Deshmukh <[EMAIL PROTECTED]> wrote: > netstat gives me the following results > > inetinfo.exe LISTENING on port 80 > > if I am not mistaken this is the internet father > process present in all the windows systems > > > > > > > > > Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] BIOS Hacking?
Hi All, Is there any way (software/program) to change the BootUp device order in the BIOS from the OS (Eg. Windows) itself? While logged on to my Win2k I want to change my BIOS settings? Regards, Gautam -- Gautam R. Singh http://www.google.com/search?q=gautam.singh%40gmail.com [mcp,ccna,cspfa,] t: +91 9885576081 | pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
