[Full-disclosure] browser exploit web sites
If anyone is interested.. google on roof moss magnesium vs zinc and you get a ton of websites hosting browser exploits being used to infect computers. setup.exe and a bunch of other crapola. Some of them seemed pretty clever. Nothing new just figured I'd pass on the search info in case anyone was researching these. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Original Message - From: [EMAIL PROTECTED] 2) That said program can protect itself against overtly malicious input. Ok then, I can mark you down as one who believes that all the php exploits blamed on bad code writing are actually the fault of php and not the application coded using it's powerful functionality? Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Original Message - From: Thierry Zoller [EMAIL PROTECTED] Again Geo, NOBODY has said that this is a vulnerability OF IE7 ITSELF we said the handler that IE7 installs is broken. I'm not disagreeing with that statement. I'm saying this input should never get that far. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Original Message - From: Glynn Clements [EMAIL PROTECTED] URIs which it passes to an external handler (e.g. mailto:), it only needs to identify the scheme (to select the correct handler); it is the handler's responsibility to validate its own URIs (i.e. mail programs need to validate mailto: URIs). I don't agree. Whatever program takes input from an untrusted source, it's that programs duty to sanitize the input before passing it on to internal components. It's like a firewall, you filter before it gets inside the system. Example, an ftp server has to sanitize filenames to prevent useage of streams on NTFS, you don't blame the filesystem that the input gets passed to, it's the job of the ftp server to do the sanitizing of untrusted input. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Original Message - From: Thierry Zoller [EMAIL PROTECTED] What you call for is in essence - mitigation, yes it's fine to mitigate a vulnerability. But shouldn't we be concentrating on finding and fixing the root cause instead of trying to mitigate the problem in (hundrets) of third-party applications ? If the application is what exposes the URI handling routine to untrusted code from the internet, then it's the application's job to make sure that code is trusted before exposing system components to it's commands, no? In this case how is acrobat reader any different than telnetd? If telnetd exposes system functions to untrusted users (no password required) who is supposed to enforce security? In the case of acrobat reader, it's acrobat exposing the system to untrusted sources and it should be that application that is responsible for mitigation of attacks via those exposed interfaces. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
- Original Message - From: Thierry Zoller [EMAIL PROTECTED] The user clicks on a mailto link, is that untrusted code? Depends on where the link comes from. If it's a shortcut on the users desktop no it's not untrusted, if it's in a PDF file you received in your email then yes it's untrusted. Anyways, the mailto link POST IE7 has a flaw/threat/vulnerablity it hasn't had PRE IE7. The problem here is the root cause, the root cause is that IE7 Ok I'm game, so then show me this exploit without having Acrobat on your system. IE7 handles mailto links in untrusted web pages. Put the mailto link in an untrusted html page and make it work with IE7. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day: PDF pwns Windows
pa http://www.gnucitizen.org/blog/0day-pdf-pwns-windows Is this the way responsible disclosure works these days ? Adobe?s representatives can contact me from the usual place. Wow, now that's coordinated release. Knowing the bugs that you found previously it should take 10 minutes to rediscover this one. Which makes this even worse. I just saw his video showing the exploit fireing up calculator, it looks like the same stuff (feature/exploit call it what you want) that's been around for years. See www.nthelp.com/test.pdf (warning, it won't damage anything but it may scare you) Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] China claims hackers stole its secrets too
Securityfocus caved into pressure by hackthegov better known in the The whole we been attacked thing is just a ploy so the government (take your pick) to justify their never ending desire to exercise more control over the internet. China was last because well.. they don't need an excuse. Unless the businesses of the world stop allowing email attachments and enforce strict browsing policies, it's not going to change. You can't patch user exploits. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] This pages crashes browsers
Found this page, click on Accessories then try to print the page, it seems to crash all the browsers I have soon as I try to print. Thought someone here might like to play with the crash. http://www.movincool.com/portable-air-conditioner/officepro60.php# ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] This pages crashes browsers
The crash happens in mshtml so it could easily be version dependent. IE6 W2K here. Geo. Printed from IE7 and FF 2.0.0.4 no problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MS DNS worm
So far this morning we seen 4 customers infected with what appears to be an MS DNS RPC based worm. Anyone seen any news on this yet? Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vista Reduced Function mode triggered
Yeah, probably - but just for the fun of it I'm curious what happened (unless it's some dumb user error). Well I've been running NT flavors of windows since 1994 but I'm not beyond dumb user errors. So what sort of dumb user error (besides telling the machine NO you may not have full internet access) do you think would cause reduced functionality mode to kick in? And why would it kick back off with such stealth? I mean shouldn't there be some sort of notification so admins don't spend lifetimes trying to track down why solitaire stops working? I did disable a bunch of unneeded services like ssdp discovery, upnp, windows defender, the windows firewall, ICS and BITS and stopped and started others like media center launch and media center extender. But the disabled services are still disabled and there were plenty of reboots prior to reduced functionality mode kicking in. If it takes more than simply roping the computer to a fraction of the internet then it could be any combination of things, I mean I played with it for over a week before it went into reduced functionality mode. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vista Reduced Function mode triggered
The other day I used my router to limit my Vista laptop from talking to anything but one subnet on the internet. 3 days later suddenly some things would not work. Solitaire failed to start, click on it and you get the magic donut showing it's starting up then nothing. Right click on network and pick properties you get the magic donut showing it's starting up then nothing. So I removed the routes so Vista could once again phone home and within a minute or two both solitaire and network properties worked just fine. Now this Vista system is less than 30 days old and has already been activated. So the claims that Reduced Function mode only kicks in if you don't activate within 30 days is bunk if this is Reduced Function mode. So I decided to trigger RF mode on purpose to see how it responds. I stopped the Software License service which claims that doing so will trigger RF mode. 24 hours later solitaire, network properties, and control panel all show the same behavior, the magic donut showing they are starting up then nothing. No events in event log, nothing. I then started the Software License service and presto like magic these functions work again. So I'm convinced that the machine being routed so it can't talk to MS triggered RF mode within a few days. Now to me this seems pretty clear even though it wasn't a real scientific method of testing. And further, this looks to me like an accident waiting to happen. I mean imagine if MS fell off the planet we would have a pretty major problem as the bulk of the worlds computers started shutting down, talk about a security issue? So anyone here with a bit more technical expertise want to pick up this ball and run with it? Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vista Reduced Function mode triggered
anything in vista's agreement in legalish that could be translated into 'you agree that you feed your software internet' ? http://www.microsoft.com/windowsvista/getready/systemrequirements.mspx Yep, specifies internet under requirements. Should specify unrestricted internet access if you ask me. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vista Reduced Function mode triggered
In the short, I am unable to repro this. I'm currently running Vista on two systems; the other system is in a sandbox. (However, was open during the activation process.) One thing you might try is instead of cutting it off entirely from the internet, use an external device to limit what internet addresses it can talk to so that it has a valid and working gateway but it can't phone home. Also, it didn't happen immediately, I implemented the routing and then it was 3 days before I noticed things weren't working (may have been less but I just didn't notice till then), tried rebooting to cure the problems, poked around at other things, nothing helped. Then upon removing the routing and letting it talk to the whole net it was only minutes before everything was working again. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vista Reduced Function mode triggered
It just can't be that simple. There has to be more to what happened to the guy. Lots of computers are offline for several days at a time, it's inconceivable that they didn't test that. Ok, as complete as I can be in the few minutes I have to post this. During those three days I did a lot of poking around, stopping and starting services, switching from wired to wireless and back, trying to view high def video (which I still am not able to do in any video player except WMP for some reason) installing codecs and software, running into the event ID 4226 tcp security connect limit, etc. However I never got any notification of deactivation or any problem of that sort. Then on the third day suddenly solitaire would not start up and I couldn't get into network properties. I did a bunch of rebooting and trouble shooting trying to figure that out but got nowhere. So I went back to trying to get high def video to work in Media player classic and figured perhaps it was trying to download a codec so I removed the routes. It didn't help the video but I quickly found network properties started working. So then I tried solitaire and it worked. This was all directly after removing the routes, there wasn't but a few minutes between letting it talk to the net and these apps starting to work again. I decided this was probably reduced functionality in action but since I had never seen it before I needed some way to trigger it so I could compare since it would take 3 days to reproduce with route blocking. I disabled the software licensing service since it claims disabling that service will kick off reduced functionality mode. Nothing happened immediately but 24 hours later solitaire and network properties (and now control panel) would not start up. It was exactly the same apps and behavior. I enabled and started the software licensing service and in seconds things returned to fully functional just like removing the routes did. So it's possible the routes didn't trigger it, but removing them sure cured it quickly so that is my guess at this point. Further testing is needed. I won't be testing it for a couple days as I need the laptop connected to other networks to try some other software I need to test. (that tcp limit may prove a problem for network monitoring) Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NT4 worm
Has anyone seen a writeup on this new NT4 worm that's spreading via port 139 MS06-040 yet? I'm seeing customers getting hit by it but I haven't seen any real mention of it anywhere yet. It appears to run two CMD.EXE hidden windows and sucks up all the cpu in the infected systems trying to spread. I've also seen one customer who found csrsc.exe on the machine after the worm hit them. I did manage to find out once it exploits a machine it uses ftp.exe to connect back to the infecting host and transfer something but I've not had time to really dig into this thing. Hoping someone else has already. Looks like it's spreading pretty quick http://isc.incidents.org/port_details.php?port=139repax=1tarax=2srcax=2p ercent=Ndays=40 Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] NT4 worm
Are the machines you have experience especially NT4.0 machines? Yes, all infected machines have been strictly NT4 boxes with netbios enabled. All are fully patched as of the last patches released for NT4. Have you been able to get your hands on a copy of it? Not yet. But setup an NT4 box with netbios enabled and you should have a copy within an hour or so. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] chaseonline security
http://dnsreport.com/tools/dnsreport.ch?domain=chaseonline.chase.com authorative dns servers that claim they aren't authorative, stealth dns server leakage, can anyone here come up with an example where this would be considered a security problem so I can get the folks over at chase.com to take some action. They do this all the time and anyone running anti-cache-poisoning measures then fails to resolve their dns. Geo. (if there is anyone from chase on the list, please go smack the dns admin who is doing this) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Phishing and Spammers
I would appreciate hearing a little feedback on this idea. It strikes me that phishers and spammers have a vulnerability that we have not yet exploited. They collect information, granted the returns are small but since email is cheap they send out tons and those tons net them a profitable return. Why not encourage everyone to reply to phishers and spammers with fake information? Get a spam, order it using a fake name and credit information. Get a phishing mail, go login to change your ebay/paypal password with fake credentials. GIGO, you know? I mean if they are getting a 1% or 2% return then if the same ratio were to respond with bad information it would make a lot of work for the folks profitting from these activities. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishing and Spammers
if you do this you are not curing the problem, rather you are making it worse. This will never stop phishers from sending emails and you will tell them that you are an active victim, so they will flood you more! Why would they flood me more? It's not like you can hide your email address if you use it to any extent at all. So them knowing it's active does nothing. OTOH, they might not want to email someone who is likely to corrupt the data they collect. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishing and Spammers
hey, a valid mail address, let's forward it to my buddy Joe Spammer and his \/|agra pills It almost as bad as clicking the remove bait some spammers post within their messages. If you're replying to a spam you just received, assume we are beyond caring about this. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Strange Emails -- What are they?
ok, that makes sense... will greylisting counter this? To some degree depending on how you greylist but why would you want to? In other words if the spammers know that 100 of your domain's addresses on their mailing list are invalid and remove them, then that's 100 email attempts your server won't have to deal with for each spamming. I mean to me it would seem getting 100 addresses off the spammers list is a good thing. In fact I'd like to be able to send the same error message for the addresses that are valid and have them removed from the spam list as well. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Free antivirus software
Review: Free Antivirus Software http://antivirus.about.com/od/antivirussoftwarereviews/a/freeav.htm I believe I've seen Mary post here before, so if you're reading Mary, how come this time you didn't test removal capabilities? Lots of times people don't actually go looking for a free AV program until they need to scan and clean their machine so removal is an important feature. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Advisory 2006-03-11 Integer Overflow in
ISC BIND Message-ID: [EMAIL PROTECTED] X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=iso-8859-1 Advisory 2006-03-11 Integer Overflow in ISC BIND I. BACKGROUND Advisory marked for immediate release. II. DESCRIPTION ISC BIND incorrectly parses integer data III. HISTORY This advisory has no history. IV. WORKAROUND There are no known workarounds. V. VENDOR RESPONSE ISC BIND has not commented on this issue. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-205043 to this issue. APPENDIX A. - Vendor Information http://www.isc.org/index.pl?/sw/bind/ APPENDIX B. - References NONE CONTACT: *Geo. [EMAIL PROTECTED] *1-888-LOL-WHAT *CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
In the scenario you describe, I cannot see any actual amplification... I'll give you a senario where you can see. lets say you have 2 name servers that are local to you. I setup a domain, example.com. In this domain I create a text record which is 100K in length, I don't know, perhaps I paste the source code to decss in it, whatever it's a big text record. Now I simply spoof a UDP packet using your IP address as the source address and send it to both of your dns servers. This packet is a query for the example.com text record. I have now sent two very small packets and you have received 200K of traffic. That's the amplification, one small udp packet, one large text record in return. Note, I don't have to use your local servers, but this way it makes it more fun to troubleshoot because it looks like you are the cause of your own flooding.. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this a Virus?
I doubt it's a virus. Filling up a hard-disk is counter productive to propagation. Actually not. If you fill an NTFS disk with files that are 1K or smaller it forces the MFT to suck up the whole disk, small files are stored entirely in the MFT instead of like larger files which have an MFT entry and a data segment for storage area. Once that happens it's not possible to shrink the MFT so the disk becomes useless for storing files larger than 1K even though it shows as 90% empty and at the same time it allows the system to continue running and spreading the virus. A format is the only way to fix it. For virus writers, it's the perfect way to trash windows machines without slowing virus propogation. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. If you are not doing anything illegal then there is no need for law enforcement to see your papers. The point sir is that a lot of us feel it's better if a few criminals go free than if a few innocent people get locked up. You can't apply standard security practices to a population, or you would have to lock up everyone and then release those who are not guilty. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Administrivia: Requests for Moderation
I have an idea, how about every time there is a little noise on the list, we generate 100X that amount of noise talking about ways to deal with the noise and in the process drive the noise makers away because of too much noise? Geo. or we could all just stfu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Virus infections
I'm getting swamped by virus infected emails here that seem to be coming from lots of secure networks. For example he2xmail.freddiemac.com 4.21.132.137 has sent me hundreds of infected emails today. Anyone else seeing compromises on financial or otherwise secure networks? This sober-u thing seems to still be picking up speed. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spamcop automated reporting script...
Just to make sure that you have understood clearly I already have A special mailbox on the mail server that forwards the spam to spamcop As an attachment and spamcop responds with a URL that the user has to click to complete the spam reporting. This clicking process is what I am trying to automate. So may I ask The reason that is done is to stop people from automating it, these are valued higher than automated entries because they require an actual human to file them. The spammers try to automate as well in an attempt to screw up spamcop by filing valid emails. Why don't you contact Julian Haight over at spamcop and talk to him explaining what you have there and see if you can work with him to automate the way these get filed. I've found he's very smart when it comes to spam and either he'll give you a way to do it or explain to you why it's a bad idea. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PDF's unsafe?
Haven't any of the security firms checked out adobe pdf reader to see if it's safe? It took 5 minutes to create this nonsense http://www.nthelp.com/test.pdf and that's just using the standard features. I hate to think what a real hacker could do with a pdf. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] talk.google.com
I don't understand the big fuss over google talk. ICQ has had both talk and video chat features since 2000. It started as plugins but it's been part of icq for a while now http://www.icq.com/img/download/tutorial/tutorial.html Geo. -Original Message- Article on the BBC http://newsvote.bbc.co.uk/1/hi/business/4179322.stm confirms your suspicions! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: MS not telling enough
I swore an oath never again to apply my skills in a way that helps Microsoft. So that means.. no forensics that show it actually was the user downloading porn instead of the OS being exploited? Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Micheal Espinola Jr Regardless of a LOT of Windows 2000 out there..., these companies weren't bitten the same day the initial exploit was released. 6 days is plenty of time to have tested compatibility and to distribute the patch. How can you allow a vendor to take 6 months to a year to release a patch and then say 6 days is plenty of time to test and patch? You know, I was sure when MS announced there would be 6 patches for august that one of them would be one of these http://www.eeye.com/html/research/upcoming/index.html but I guess not... 141 days and counting, and it will get released when MS hears that someone has written and released an exploit for it, then of course all of us have 6 days to live.. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco Message Mike Lynn's controversialCiscoSecurity Presentation
From what I understand (I am writing a major paper on Intellectual Property Protection right now, the Joy of being a student) the creator of the data has the direct right under Title 17 and the DMCA to determine how the data will be used (hence expiring CDR's and DRM). This is incorrect as far as title 17 goes, copyright only gives control over making copies and public performance, there must be a contract for any additional restrictions. See http://www.theyscrewedusagain.com if you want some good info for your paper. I would suggest you take a look specifically at the quote from the 1908 congress that extended copyright law to cover music as well, pretty interesting stuff. http://www.theyscrewedusagain.com/copyrightact1909.htm Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Cisco IOS Shellcode Presentation
Read the advisory a bit closer. Here the relevant lines: Products that are not running Cisco IOS are not affected. Products running any version of Cisco IOS that do not have IPv6 configured interfaces are not vulnerable. Yes, IOS versions that have the fix, or that don't even run IPv6 are not *vulnerable*. But all IOS versions are *affected* by the *mechanism* he described. It's acutally a bit worse than that, IPv6 is enabled on all interfaces, you have to execute no ipv6 enable and no ipv6 address command on each interface to disable it. Second, the exploit is limited to local network segment, except it seems to me a worm that spreads from router to router could spread via the local network since a local network segment is usually defined as the wire between two routers.. Infection would spread from one router to it's peers, to those peers, etc. (please correct me if I'm wrong) Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/