Re: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity'
On Tue, Sep 9, 2008 at 23:02, n3td3v <[EMAIL PROTECTED]> wrote: > I'm talking about artificially ramping up something and giving a false > impression... You are talking/writing about two different things. Ramping up something is different than falsely describing about ramping up something. I watched the video, I did not get the impression that Marcus was speaking about creating a falsehood. -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Free Iraq
On Sun, Mar 30, 2008 at 3:29 PM, vashnukad vashnukad <[EMAIL PROTECTED]> wrote: > I, like most people, come to full disclosure for all the best in > political theory, but while I'm here I have a minor question... what > does this entire thread have to do with full disc? Part of the problem is some treat this list as Fool Disclosure. ;-) -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Sacure
On Sat, 2007-10-27 at 00:06 -0400, scott wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > They can't even spell 'secure'.What the hell is 'sacure'? Perhaps it's suppose to be sauce. :-) -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] save gary mckinnon or lock away dan egerstad
On Wed, 2007-11-14 at 22:08 +, James Rankin wrote: > I don't really think the US and British Governments are quaking in their > boots... That's the root of the problem, they don't know how to quake (i.e. move fast). The US (I can't speak for UK systems) does little and leaves their systems nearly wide open, then they spend lots of time and money trying to prosecute simpletons *after the fact*. Meanwhile, instead of spending the same time and money on securing US systems, some events will surely go by undetected. I guess the US strategy is to hopefully scare off the Iranians, the Russians, and the Chinese by prosecuting a British wannabe (no offense intended Gary). -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Small Design Bug in Postfix - REMOTE
On Thu, 2007-12-13 at 21:18 +0100, kcope wrote: > Put .forward file with following contents into the home directory of > user 'rootkey'. Why not just put /tmp/XXX instead and bypass the extra bit about the MTA? -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NSA tracking open source security tools
Jason Coombs wrote: Sure, it made for a fine photo op. But based on the Bush administration's decision-making processes there is good reason to believe that A) the people at the NSA who created the mock-ups for public relations purposes died unexpectedly and the people who took over their jobs didn't know that the intelligence they were looking at was meaningless drivel produced for the benefit of manipulating public opinion, or B) the NSA is only showing the Bush administration the same mock-ups that the rest of us get to see. C) it's something to put in the background for the media blitz that tags along behind the prez. Surely you don't think that the NSA would allow cameras into their real NOC/SOC/POC/FOC/LOC/CROCK -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Tim wrote: Of course, if your users just click OK every time they see a certificate warning box, then SSL is completely pointless. Therein lies the answer. Swift and/or Lazy admins deserve what they get for not paying attention to warning dialogs. It's a pain to view/verify certificates (ahem...Linksys) but it's important. -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Newest hacks
On Wed, 2007-03-21 at 13:26 +0800, [EMAIL PROTECTED] wrote: > > Hi guys, > > I noticed a news recently.Researchers at Indiana University's > Department of Computer Science recently released a report outlining a > way hackers could potentially access and change the configuration > routers on home networks. They described how some JavaScript built > into a Web page could be used to log into the administrator account of > a home router and change its DNS (define) settings.The Indiana > University report points out that this attack doesn't exploit any > browser vulnerability, and, more importantly, it seems to work with > pretty much any router,rrespective of brand or model.Any idea how to > program the javascript to modify the DNS configuration? Sure. Someone could create an html email with an img src set to something like this: http://192.168.1.1?/cgi-stuff?dns1=badguy.someplace.tld. Next they could add a bunch of urls for all the different router types. Then, they could send the email from a common Sender addr like security@.tld so that email clients load the images automatically. :-( -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [VulnWatch] Microsoft Windows Vista Slideshow Unspecified Blue Screen Of Death Vulnerability
On Fri, 2007-03-30 at 12:46 -0700, James Matthews wrote: > I am thinking why isn't there a Month of windows bugs.. LOL! :-) Simply because that's what the other 11 months in a year are for. -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] US State department rooted by 0-day Word attack
On Thu, 2007-04-19 at 20:51 +0200, [EMAIL PROTECTED] wrote: > "A virus attack aimed at US State Department computers last May > penetrated government networks after a worker in Asia opened a > contaminated email." > > http://www.theregister.co.uk/2007/04/19/us_state_dept_rooted/ Further: they opened a viral email that was disguised as being sent from a trusted resource, with a well known document that looked legit. I predict that things like this will plague companies and governments for years ahead. -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RFID used at Olympics in Germany
Josh L. Perrymon wrote: So everyone is going to have this RFID embedded ticket with name, address, passport or driver license number? From the article: "an embedded RFID chip containing identification information that will be checked against a database" To me that doesn't imply that the chip will contain the items in your list. It could be a checksum of the data in the DB, and security officials just validate, against the DB, the full name on a physical passport and the checksum on the RFID. Now, the security of the DB could be a whole other thread of discussion. ;-) -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
On Mon, 2007-07-02 at 23:06 -0400, Simon Smith wrote: > Old... As in you have no concept of time because it just came out? Or > old.. As in you knew about this before anyone else because you are > awesome? Old as in this happened yesterday, last week, last month, last year, last decade, last millennium, etc. The US DoD gets hit all the time... not because they are so much insecure, but because they are such a primary target. It's a fact of life, just like doctors and nurses are the most vulnerable to contract a disease. There are precautions, and they are taken, but the odds are greater. Now, back to your normal programming -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wachovia Bank website sends confidential information
On Tue, 2007-07-10 at 20:20 -0400, Bob Toxen wrote: > VI. VENDOR RESPONSE > > The vendor (Wachovia Bank) was notified via their customer service > phone number on June 25. We were transferred to "web support". The > person answering asked us to FAX the details to her and we did so, > also on June 25. We explained that we were reporting a severe > security problem on their web site. Severe? All that seems to be leaked is a person's Name/Address/SSN number and some other details. While this is too much info to leak, I'd hardly say it's severe. That same info can be easily found in people's mailboxes weekdays between noon and 4pm. > We stated that that if we did not hear back from them within 7 days and > the problem was not fixed by then that we would post the problem on the > Full Disclosure list, following accepted industry practice. 7 days? "industry practice"? Come on Bob I know you know that large corporations can't feed a cat in 7 days let alone make unscheduled website changes that fast. Change control approvals alone would include 14 or more days in most enterprises. Why the rush to "say so"? -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Wachovia Bank website sends confidential information
On Wed, 2007-07-11 at 12:03 -0400, Bob Bruen wrote: > While it is true that lots of folk pick on vendors for a few minutes of > fame, the Wachovia case is slightly different. > > They do have an attitude problem and are technically challenged. The basis > for this is a law enforcement conference about six months ago. During a > pressentation a Wachovia representative told a speaker to stop blaming the > banks for problems. This was the third presentation this individual has > listened to in which each speaker had blamed the banks for not doing > enough and the frustration level was a bit high. So you declare the whole of Wachovia technically challenged based on the one incident at a security conference (did all of Wachovia attend?) six months ago? Come on. ;-) Wachovia, like every other large enterprise, has good, mediocre, and bad employees. It's a fact of life, but not a news worthy story. I'm sure that some days the best and brightest represent Wachovia at some conference somewhere, and I am equally sure that some days the worst and most deplorable represent Wachovia at some conference somewhere. It happens. -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] yahoo news been offline for hours
On Tue, 2007-10-09 at 22:12 +0100, worried security wrote: > Same headlines i've seen for hours with dead links are: > > of 10:07 p.m. That happens a least once every few months. It's a distributed caching issue. No worries, someone gets around to fixing it within a day or two. -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sasser
On Tue, 2006-11-28 at 23:22 -0500, Matthew Flaschen wrote: > I also don't think it would be the sysadmin's job to help with a networking > class. Here in the states it's usually the networking class teacher that stays late and doubles as the sysadmin. :-) -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows is very holy
On Thu, 2006-12-21 at 02:28 +, Aaron Gray wrote: > Windows is very very holy. Don't you mean hole'y? ;-) -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows is very holy
On Thu, 2006-12-21 at 20:37 -0500, Jim Popovitch wrote: > On Thu, 2006-12-21 at 02:28 +, Aaron Gray wrote: > > Windows is very very holy. > > Don't you mean hole'y? ;-) OK, why do I get bounce messages from [EMAIL PROTECTED] (sub: Posting error: Secure Computing) [EMAIL PROTECTED] (sub: Blogger post failed) Seems to me that if you are smart enough to fwd email to a third place, you would be smart enough to have it accept from everyone (not just yourself). -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PC/Laptop microphones
I started this discussion elsewhere, but I feel that there is more experience and concern here. When I look at BIOS settings I see config options to disable sound cards, USB, CDROM, INTs, etc., but what about the PC or laptop microphone? Does disabling the sound card remove the availability of a built-in microphone? What if I want to play mp3s but never have the need to use a microphone? Given recent info about the US FBIs capabilities to remotely enable mobile phone microphones (presumably via corporate cellular service providers), what prevents my OS provider (or distribution) and ISP from working on a way to listen in on my office or home conversations via the microphone or the built-in speakers? Thoughts? -Jim P. signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PC/Laptop microphones
On Tue, 2007-01-30 at 03:52 +0100, Tyop? wrote: > On 1/30/07, Jim Popovitch <[EMAIL PROTECTED]> wrote: > > Given recent info about the US > > FBIs capabilities to remotely enable mobile phone microphones > > (presumably via corporate cellular service providers), > > Do you have some links on that? > Paranoia inside :p ;-) Paranoia is a good characteristic to have. Here's a few references: http://www.google.com/search?hl=en&q=FBI+Mob+microphone -Jim P. signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
