Re: [Full-disclosure] THE BIG ONE
You sure do seem to like dongs. On Dec 28, 2007 1:51 PM, Andrew A [EMAIL PROTECTED] wrote: dongs are gonna fix it all soon. dongs are comin' round to put it back the way it oughta be. -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hushmail == Narqz
On Nov 9, 2007 12:57 PM, Byron Sonne [EMAIL PROTECTED] wrote: No, it doesn't mean they're narqa, but it does mean they're spineless pussies that eagerly sell people out. If a friend did that to you, what would you think of them? Cooperating with a court order != being a pussy hushmail != your friend -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Unreal: a movement to block Firefox
http://whyfirefoxisblocked.com/ http://www.cnet.com/8301-13739_1-9770502-46.html?part=rsssubj=newstag=2547-1_3-0-5 -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ASSP “get?file” Travers al Vulnerability
Anti-Spam SMTP Proxy (ASSP) get?file Traversal Vulnerability
Release Date:
August 15, 2006
Notice:
This is a known flaw, and has been since the implementation of an
enhanced web interface for ASSP, since at least 2003. I do not
normally test for security vulnerabilities or address them directly,
but my recently acquired Perl experience prompted me to address this
specific issue.
Severity:
Medium (authenticated user)
Vendor:
Open Source (assp.sourceforge.net)
Systems Affected:
Since at least 2003, all versions of ASSP on any platform running Perl.
Background:
The ASSP server project is an Open Source platform-independent SMTP
proxy server that leverages numerous methodologies and technologies to
both rigidly and adaptively identify spam. ASSP runs as a Perl
application.
Overview:
ASSP uses an URL manipulation to retrieve files it needs for its web
interface. ASSP does not operate as a true web server. ASSP retrieves
its files with the same permissions of the user or the server/daemon
running the Perl application script.
Problem:
Authenticated users, of which there is only one administrative
password configurable for, can manipulate the ASSP address URL in
order to retrieve alternative files locally and across the LAN. While
there is a relative-directory traversal check, there are no other
checks performed. Thus, a malicious user could manipulate the URL to
retrieve a known resource with a local or network UNC path.
This is a particularly troubling security issue when considering
security conscious-less administrators that set the privileges of such
daemons and services (especially Win32) at administrator levels.
Two identical lines in the Perl code provide checks against this
get?file functionality. One line is used for the web site interface
itself (for loading images and CSS); the other is for administratively
opening text files for remote-editing purposes. The line of code in
question is:
if ($fil=~/\.\./) {
As you can see, the only check performed here is if the file path
requested contains .. .
Exploitable examples:
http://server.domain.tld:5/get?file=c:\dir\subdir\file.ext
http://server.domain.tld:5/get?file=\\server\share\dir\file.ext
Protection:
I have come up with a simple replacement for the original line of code
for protection against this vulnerability:
if ($fil!~/$base\/.*\.(css|gif|jpg|png|txt)$/i) {
This will lock the traversal vulnerability to ASSP's base directory
structure, and will only allow the retrieval of (5) files-types.
Caveat:
I am told that FreeBSD's port of ASSP uses . as the specified
directory base (reflected in the application as the variable $base),
per the command-line that is used to start ASSP. The base directory is
intended to reflect the actually location of ASSP, and this is an
inappropriate use of the base directory specification. This misuse may
extend to other ports of ASSP as well.
If you are using such a port, I recommend the following line of code instead:
if ($fil!~/.*\.(css|gif|jpg|png|txt)$/i) {
This will not lock the traversal vulnerability to the ASSP directory
structure, but it will at least provide a level of protection for
numerous types of files until a more suitable solution is developed.
Vendor Status:
John Hanna, the creator of ASSP, no longer maintains the code. Other
developers contribute new code and fix bugs unofficially off-site.
Fritz Borgstedt, the current principle developer, hosts newly revised
beta code at his website, while the SourceForge web site has stable
code posted to it on occasion.
Related Links:
http://assp.sourceforge.net (SourceForge home)
http://www.iworld.de/homes/fb/ASSP/ (Fritz's beta development site)
http://www.asspsmtp.org/wiki (Documentation Wiki)
Copyright (c) 2006 Micheal Espinola Jr:
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express
consent of Micheal Espinola Jr. If you wish to reprint the whole or
any part of this alert in any other medium excluding electronic
medium, please email [EMAIL PROTECTED] for permission.
Disclaimer:
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are no warranties, implied or express, with regard to this
information. In no event shall the author be liable for any direct or
indirect damages whatsoever arising out of or in connection with the
use or spread of this information. Any use of this information is at
the user's own risk.
I hope this is of usefulness to someone – preferably someone that can
address the problem better than I can.
--
ME2
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 70 million computers are using Windows 98 right now
On 7/27/06, wac [EMAIL PROTECTED] wrote: There was Windows NT workstation ;). With windows was the other way. From desktop to server. Of course you can change Linux so much that it won't be Linux anymore. Definitely putting an X server on top of unix won't make it ready for desktop, that's a fact. Windows NT Workstation was in fact identical to Server - except with intentional limiters placed within the registry to prevent admins from avoiding purchasing the full server product. However, you could hack it and make it a Server. NT Workstation was the 'easy way' to begin to turn the platform into a viable desktop OS. They were able to establish a base and an appreciation for the accomplishments of the NT OS - as well as a corporate desire for a more stable business platform for employee workstations. I was a NT 3.x+ beta tester and dev support. Yep, I installed NT from lots of floppies. -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.
Your interpretation of the Internet is a bit distorted. On 6/9/06, Michael Holstein [EMAIL PROTECTED] wrote: If you want to make your website private, don't put it on the Internet. -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.
Understood. :-) On 6/9/06, Michael Holstein [EMAIL PROTECTED] wrote: Your interpretation of the Internet is a bit distorted. We're not talking about authenticated websites here (perhaps I should have made that more clear), nor are we talking about using TOR, etc. for malicious purposes. For the purpose of this (largely theoretical) argument, I meant publicly accessible, non-authenticated websites. -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Call for moderation
moderation for utter crap != bugtraq On 5/19/06, evilrabbi [EMAIL PROTECTED] wrote: If for some reason this guy gets taken seriously and his request actually gets considered. I would like to say I wouldn't like a moderated list.. If I did I'd be looking at bugtraq right now. On 5/19/06, Aaron Gray [EMAIL PROTECTED] wrote: Regarding some previous threads. Some people just show how low they are ! This is why we need some form of Code of Conduct or even better change to a moderated list. Otherwise the whole list just gets ruined and will ndeteriate over time. Heres a call for moderation before it gets too late. Anything that is too off topic or inflamatory should get junked. Aaron ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- h0 h0 h0 -- www.nopsled.net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Call for moderation
I hope it was clear that I was suggesting that filtering utter crap would not turn the list into bugtraq. People use this argument repeatedly, and I'd like to see an example that isn't in my opinion irreverent speculation. If there is an example of how a list like this magically changed into something like bugtraq because of simple filtering of offensive and abusive content, I would love to know it - and I'll kindly and respectfully stfu and never bring up or reply to the topic again. Sincerely... On 5/19/06, J.A. Terranson [EMAIL PROTECTED] wrote: bugtraq != reasonably full disclosure either. On Fri, 19 May 2006, Micheal Espinola Jr wrote: Date: Fri, 19 May 2006 14:26:12 -0400 From: Micheal Espinola Jr [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Full Disclosure full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Call for moderation moderation for utter crap != bugtraq On 5/19/06, evilrabbi [EMAIL PROTECTED] wrote: If for some reason this guy gets taken seriously and his request actually gets considered. I would like to say I wouldn't like a moderated list.. If I did I'd be looking at bugtraq right now. On 5/19/06, Aaron Gray [EMAIL PROTECTED] wrote: Regarding some previous threads. Some people just show how low they are ! This is why we need some form of Code of Conduct or even better change to a moderated list. Otherwise the whole list just gets ruined and will ndeteriate over time. Heres a call for moderation before it gets too late. Anything that is too off topic or inflamatory should get junked. Aaron ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- -- h0 h0 h0 -- www.nopsled.net ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] **LosseChange::Debunk it??**
I own a copy of http://www.imdb.com/title/tt0312318/. No matter what your position or level of interest, I recommend you rent or buy this before considering acknowledging that.. On 5/12/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Research resources: ttp://whatreallyhappened.com/wrh_9-11_index.html http://www.st911.org/ - Scholars for 9/11 Truth http://www.911inplanesite.com/ - DVD/Video production of some of the most damning evidence surrounding the attack on the Pentagon centers about substantial and incontrovertible video and photographic evidence which insights viewers to ask crucial and essential questions. After all, the laws of physics cannot be suspended or can they? --- [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] **LosseChange::Debunk it??** Date: Thu, 11 May 2006 21:27:39 +0200 OK, the video shows a lot of nonsense facts. I'm not an aviation engineer, but technical educated. I don't think that there where real explosions when the towers went down, but I did not hear any verifyable clarification about the impact in the pentagon. This is the part, which makes me distrustful. So, if possible - does anyone have an explanation about the pentagon impact as shown in the video? Regards, Eisi On Thursday 11 May 2006 02:19, Morning Wood wrote: the only fact worth investigating in this is the sales of stocks leading up to 911. viewed from a technical standpoint on the pentagon attack and the towers collapse... well this is just pure bullshit. anyone with basic physics and any amount of avation experience can see the author is absolutly clueless in regards to these technical points. my2bits, MW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://www.911inplanesite.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Recall: Oracle read-only user can insert/update/delete data
On 4/12/06, Mike Owen [EMAIL PROTECTED] wrote: In my experience, it doesn't even work in an Exchange environment. Theuser gets a message that the message should be recalled, but the original is still there, even if it hasn't been read yet. I've heardpeople say that at one time it would auto-delete the message if ithadn't been read, but I've never seen that.Secunia - http://secunia.com/ For the most part: It only works within an Exchange environment. It only works with unread messages. It only works if the unread message is located in the Inbox. More info: http://office.microsoft.com/en-us/assistance/HA010917601033.aspx-- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Alert: Unofficial IE patches appear on internet
Actually, I have posted my opinion on this topic in the past on more appropriate sites - but I wont regurgitate any of that here as this is not the appropriate forum - since there anything new to actually disclose. This issue is administrative - not obfuscated info or lack of product or issue disclosure. So again I put it to you, this is not a security alert - as there is nothing to alert us about. This isn't new. We know the issue and understand its ramifications. On 3/28/06, n3td3v [EMAIL PROTECTED] wrote: No security alert? Unofficial patches is very much a security alert. You say i'm not adding anything to the list, but what are *you* adding, apart from off-topic bitch remarks about thread authors. When you have the confidence to post your opinion on the actual topic, then i'll be glad to hear from you. On 3/28/06, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Patch Tuesday = Good before third party patches appear Third party patch = Evil Patch Tuesday = Bad for everyone after third party patches appear, even Microsoft... Ahh, but you forgot one: n3td3v = Annoying. Posting as an individual or as a group... Your security alert has offered nothing in terms of Full Disclosure or any actual security alert. You'd be better served to send your opinion to the Patch Management list. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Alert: Unofficial IE patches appear on internet
For those that have inquired: I wouldn't wish v3dt3n on the Patch Management list in a million years. I know PM is moderated, and Ryan does a great job at keeping things professional and on-topic there - so my remark never struck me as concern. Although I added to the initial list as a joke, I don't actually agree with the list: blank = blank. Marc and the people at eEye have provided the community with exceptional information and service over the years, and I would have a difficult time not trusting them implicitly considering their their track record, nature for disclosure and clarity of information. soapbox 3rd party patching is controversial but increasingly helpful for interim protection against exploits releases that take advantage of well known patch management scheduling - intentional or otherwise. Sometimes necessity trumps proprietorship - at least as an interim solution. / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Administrivia: Requests for Moderation
Hows about instead of moderation, we try vote-kicking? On 12/15/05, Joe Average [EMAIL PROTECTED] wrote: On 12/15/05, John Cartwright [EMAIL PROTECTED] wrote: Hi Please do not request that global moderation of FD occur. It won't. As others pointed out, that would defeat the entire purpose of the list. I have no intention of changing anything so fundamental. To be frank, those who feel that moderation is needed should be looking elsewhere for their information, because this is one point I am not going to concede. I'd also like to take this opportunity to thank everyone who isn't adding to the noise at the moment, I'm currently dealing with a massive spam problem caused by some Italian folks... Cheers - John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishing Alert: Inland Revenue Service
Thanks for letting me know you are switching providers. I'm glad that that you are using the FD list as a podium for announcing phishing attacks. This is truly relevant information. I'm surprised I haven't signed up for other lists that notify me about phishing attacks, because I really think I need to stay on top of this. This phishing problem could be huge. If you could, please let me know when you decide to change your underwear. You do know which day of the week it is, right? http://www.landsend.com/cd/fp/prod/0,,1_2_52358_54438_128640_107087_5:view=-1,00.html On 12/14/05, n3td3v [EMAIL PROTECTED] wrote: Websense.com said: Your search for internal revenue service resulted in 0 alerts. I guess I shouldn't listen to Websense alerts all of the time, since they missed out this one. If Websense had reported on it, I wouldn't have posted it to FD. Time to change my phishing alerts provider. On 12/14/05, Todd Towles [EMAIL PROTECTED] wrote: But the people on your security group already saw it, right? So why post it here? We can all see your group like the rest of the world. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: 0-day for sale on ebay - New auction!
No offense intended directly to the OP: Honestly, who gives a shit. Is this what this list is to be used for these days? Are there no better OT forums, channels, cups w/string that can be reserved for this type of chatter? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] famouse n3td3v quotes!
Hacker scene = 2600 meeting at the local mall On 12/8/05, Kevin Ponds [EMAIL PROTECTED] wrote: You missed the best one. *Extensive on hands hacker scene experience (6+ years) (Knowing your enemy) On 12/7/05, sk / GroundZero [EMAIL PROTECTED] wrote: here is the n3td3v quote list: XSS the planet ! -n3td3v (thisone is fake but i like it) I don't feel the urgency to explain the complexed reasoning behind my postings - n3td3v (i love thisone) you complete wanna be loser who has never disclosed any vulnerabilities. -n3td3v have IM and E-mail contact with some of Yahoo's top security advisors and security engineers, then you can come back to this list and challenge me. FOOL! - n3td3v Google is in the hands of hackers - n3td3v Youre playing with fire. Fire that cannot be put out with words but only inflame the situation of which you are misinformed. - n3td3v No one has seen any vulnerabilities by you. You have no justification to even being 100 miles near this list, let alone comment on other people and their postings. - n3td3v(this is one of my favorite, n3td0rk talking to himself) Theres more to come in the future. - n3td3v that was worth the 2 mins! period. random changed motd with n3td3v quotes is entertaining. we at groundzero security research enjoy those quotes again everyday. - Original Message - From: InfoSecBOFH [EMAIL PROTECTED] To: n3td3v [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Thursday, December 08, 2005 1:12 AM Subject: Re: [Full-disclosure] Re: Google is vulnerable from XSS attack Hit a sore spot did I? You have proven to know nothing. You have proven to have zero contacts. I have already verfied your Yahoo claims as false and having people on your IM list does not make you 1337. I will repeat myself because it is obvious that you are fucking retarded and cannot comprehend a simple email. From this account, I have not released or posted anything to this or any list. Read between the lines fuck bag. On 12/7/05, n3td3v [EMAIL PROTECTED] wrote: Go study internet security for 7 years, do CS at college, learn computer programming in C++ and PHP, find hacks for Google/ Yahoo, setup your own security group, be friends with hundreds of people in multiple scenes, have IM and E-mail contact with some of Yahoo's top security advisors and security engineers, then you can come back to this list and challenge me. FOOL! You're small fry taking on someone who is BIGGER than you in every shape and form. GO and take your opinion and shove it up your own arse pipe, you complete wanna be loser who has never disclosed any vulnerabilities. On 12/7/05, InfoSecBOFH [EMAIL PROTECTED] wrote: And thank you for proving that you are truly a kiddie. You just don't get it do you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
here's an idea: ignore everyone and stfu for once, and maybe this list can get back to normal. On 11/26/05, n3td3v [EMAIL PROTECTED] wrote: Further attempts to noise me up will be ignored... have a good weekend ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
$0.02 USD: This seems better suited for 2600 Magazine, or a personal blog. On 11/15/05, n3td3v v3dt3n [EMAIL PROTECTED] wrote: Hello kind fellow disclosers, Since my last article gained so much praise i have written a second part on hackers tomorrow. I have also heeded the criticism and have aquired my own domain so i look more cooler :) n3td3v.com of course. I have a new 1337 super secure mail addy [EMAIL PROTECTED] also. I love feedback :) My article is at my new home http://www.n3td3v.com/hackerstomorrow.html Enjoy!! n3td3v ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- ME2http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
More like, who cares. On 11/15/05, n3td3v n3td3v [EMAIL PROTECTED] wrote: Or am I the real n3td3v just throwing up smokescreens, who knows? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
I do see how it all comes together, and I agree as a whole. I'm certainly not excusing MS of their responsibility to the matter. My comments only referred to legitimate use of the OS, using supporting software and drivers, in which case you should be able to depend on proper coding from every party involved. Running software/drivers that were properly written for the OS should provide a failure free platform, and it does. That was my only point to egregious comments to Windows being BSOD prone. It could be a balancing act at times, but it could be done if done right. Yes, absolutely, any OS should be able to handle bad data without crashing. I think its apparent that MS is no longer ignorant (or perhaps naive) about the issue, and I honestly can't remember the last BSOD I got. It's been years. On 10/6/05, bkfsec [EMAIL PROTECTED] wrote: But, Curmudgeon's right... you can't just say yeah, the OS can't handle malformed data, but that's not their problem. One of the primary rules of coding is never trust the input. And that is a very valid point. The same flaws in code that cause exploits also cause crashes by their very nature. It's not all over the place, it's a fact of system design. If they can't avoid mishandling input, then people's expectations will be low. See how it all comes together? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
I don't appreciate you changing caps in my name. I'm not 'spin'ing anything - I addressed a specific question with an honest real-world answer. I did not include propaganda nor did I denounce any alternate products. There's no need to be a disrespectful ass. Absolutely, Win95 was a pain in the ass So was 98 and Me. But I disagree with the sentiment that it was solely due to MS code. Without getting into specifics that no longer matter, surely they could have did their part better to handle malformed input - but who was malform'ing the input in the first place? Again, as an administrator having dealt with these issues in very large numbers, its was commonly an isolated distinguishable issue of drivers - that not only related to improper handling by the OS but also with inoperabilities with other drivers and devices. Properly configured, and not mucked with, I've had 95 boxes run for years without crashing or having to be rebuilt. You can call it luck if you want. I called it my job. I didn't bitch about it - I figured it out, got the job done and went on with life. On 10/4/05, security curmudgeon [EMAIL PROTECTED] wrote: : Since its inception, supporting NT 3.0 beta and onward, I have been : dealing with BSOD's. In total, there have been comparatively very few : times were it was a direct fault of MS code. It has very commonly been : in relation to 3rd party drivers that needed reworking or updating by : the 3rd-party manufacturer. : : This is not PR spin (of which I don't think you could find any published : PR spin for either side of this argument either). This is real world : experience with the NT+ products across i386 and Alpha hardware : platforms using peripheral devices from many different major : manufactures. There are admins on both sides of the anti-MS fence that : I communicate with that would agree with this conclusion. Fine, it isn't PR spin. But, compare this to Unix. How many times do you run user-land, 3rd party applications, that cause a kernel panic? Why does Windows *let* third party applications BSOD the core operating system? Fine, Microsoft didn't code the application causing it, but they sure coded the operating system that doesn't know how to handle malformed input. And the first few years of Windows 95 saw many, *many* BSODs that were due to Microsoft code. That lead to the general impression and sentiment you see today. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
Thanks Randall :-) You know, I wouldn't mind it IF the conversation was properly [re]directed in context. In fact it often leads to many fascinating discussions. But other times it feels like some people that contributing are schizophrenic. Why if someone doesn't like or agree with a particular answer or topic its OK to respond with something completely different without any qualification is really bizarre - especially from a technical community. On 10/4/05, Randall M [EMAIL PROTECTED] wrote: Think of it as a philosophy class. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
While its easy to recognize your point, it's also quite moot. The supportability issues of long ago, are just that - long ago. The customer base was, when the PC market first expanded and continues to be, vastly larger from when computer companies offered that type of service. ...and at at much heftier price I might add. Lets not forget that back in the day, hardware and software combinations were a tightly controlled package deal. The PC market expansion changed that forever, and the multitude of hardware/software combination have long since made the support you are longing for an impossibility to maintain. However, those of us that have discovered significant flaws in the MS OS over the years know that MS takes bugs and flaws very seriously. Over the course of the past 10 years, I have had MS supply me with a patch, within hours of a bug report, on many occasions. This type of service certainly can't be expected or applied to all types of errors and circumstance, many of which strongly depend on unlucky combinations of hardware and 3rd-party drivers. FWIW IME, most users know what a BSOD looks like (a blue screen), but don't know it by that acronym. On 10/3/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: One acronym: BSOD. Why have users learned what it is, and grown accepting of seeing one? Do you know any Windows users who have *never* encountered one? How many Windows users would believe that before Microsoft, vendors actually would take a *single* crash reported by *one* user seriously enough to investigate and produce a bugfix, and that vendors would escalate to the point of sending developers to the customer site if a system crashed multiple times and no fix was in sight in a week? For all its monopolistic abuses, the single worst thing Microsoft has done for the computer industry is lowered user expectations regarding software. -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
Bruce, I don't think you are going to find hard evidence for either conclusion. But Bruce's conclusion is consistent with my own experiences, and that of many other Administrators that I discuss issues like this with. Since its inception, supporting NT 3.0 beta and onward, I have been dealing with BSOD's. In total, there have been comparatively very few times were it was a direct fault of MS code. It has very commonly been in relation to 3rd party drivers that needed reworking or updating by the 3rd-party manufacturer. This is not PR spin (of which I don't think you could find any published PR spin for either side of this argument either). This is real world experience with the NT+ products across i386 and Alpha hardware platforms using peripheral devices from many different major manufactures. There are admins on both sides of the anti-MS fence that I communicate with that would agree with this conclusion. On 10/3/05, Bruce Ediger [EMAIL PROTECTED] wrote: On Mon, 3 Oct 2005, Steve Friedl wrote: The majority of BSODs are caused by buggy third-party drivers and malware (rootkits, etc.) Is that part of Microsoft's monopolistic abuse? Does any kind of evidence (apart from PR-flack-based spin) exist for this conclusion? Can you point me to it? Sincerely, Bruce Ediger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
err, But Steve's conclusion is consistent with my own... On 10/3/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Bruce, I don't think you are going to find hard evidence for either conclusion. But Bruce's conclusion is consistent with my own experiences, and that of many other Administrators that I discuss issues like this with. Since its inception, supporting NT 3.0 beta and onward, I have been dealing with BSOD's. In total, there have been comparatively very few times were it was a direct fault of MS code. It has very commonly been in relation to 3rd party drivers that needed reworking or updating by the 3rd-party manufacturer. This is not PR spin (of which I don't think you could find any published PR spin for either side of this argument either). This is real world experience with the NT+ products across i386 and Alpha hardware platforms using peripheral devices from many different major manufactures. There are admins on both sides of the anti-MS fence that I communicate with that would agree with this conclusion. On 10/3/05, Bruce Ediger [EMAIL PROTECTED] wrote: On Mon, 3 Oct 2005, Steve Friedl wrote: The majority of BSODs are caused by buggy third-party drivers and malware (rootkits, etc.) Is that part of Microsoft's monopolistic abuse? Does any kind of evidence (apart from PR-flack-based spin) exist for this conclusion? Can you point me to it? Sincerely, Bruce Ediger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I love the American way of life
Agreed. I don't think anyone here cares about anyone ese's political views. There are certainly more appropriate lists for that. On 9/22/05, Todd Towles [EMAIL PROTECTED] wrote: Hey n3td3v, keep the political propaganda on your list. I am sure the500 people will be glad to waste their time with all of that. Some of us have a hurricane to deal with. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of n3td3v Sent: Thursday, September 22, 2005 1:10 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] I love the American way of life Forecast: Who needs terrorism when we have hurricane Rita. Who needs exploits to bring down telecoms and ISP's when we have hurricane Rita. Katrina:Hurricanes are putting the terrorists out of a job this year. The Nations that make up the U.N are more than happy to sit back as U.S struggles to co-ordinate incident response proceedures for the recovery effort. Overview: Keep polluting the atmosphere (Americans) and keep ignoring the rest of the world, in respect of the environment and global warming. Oil Prices: Problem is Blair has the highest tax on fuel than most places in the developed world. Hurricane Hype: Apart from that, its great entertainment to see Bush stressing over hurricanes. He looks like he's trying to do the toliet, but can't get anything out. Laura Bush will be happy, because she won't need to wash his brown underwear like she usually does everyday Iraq goes bad. I love 24 hour news channels when hurricanes are on, because Bush and his men have no propaganda come-back to mislead Americans on when it all goes wrong. The rest of us out of the American Bubble haven't been dumb enough to believe any of the U.S propaganda, generated by Bush and his men since 11/9/2001. American Commerce: Hurricane Rita, sponsored by Mc Donalds, Burger King, Microsoft. (And others who will benifit from these storms) Enjoy your (happy meal) hurricane. Aftermath: How many more nursing home owners will be sued? They'll make movies out of Katrina and Rita response, like Moore did for 9/11 conspiracy theories. Thanks, n3td3v Respect: Bush and his men, DHS (part of his merry men), and Houston and Texas internet infrastructure professionals. Side Order: Civil war is about to break out in Iraq. -- http://www.geocities.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- ME2http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PDF's unsafe?
As you peer into the modern extended functionality of Adobe PDF's you are going to find even worse than a javascript. I dont use the official Adobe reader any more for his reason and more. On 9/21/05, Geo. [EMAIL PROTECTED] wrote: Haven't any of the security firms checked out adobe pdf reader to see if it's safe? It took 5 minutes to create this nonsense http://www.nthelp.com/test.pdf and that's just using the standard features. I hate to think what a real hacker could do with a pdf. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PDF's unsafe?
I'm a win32 guy, so I've been using Foxit Reader http://www.foxitsoftware.com/pdf/rd_intro.php. Its free, 4.5mb total, and is a stand-alone applications that doesn't require an install. I keep it on my thumb drive with my other utils. I've been using it for a couple of months now with no issues reading or printing PDF's. On 9/21/05, Andrew Haninger [EMAIL PROTECTED] wrote: On 9/21/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote: I dont use the official Adobe reader any more for his reason and more. What do you use? Are there good, secure/safe viewers available for Windows? Linux? On Linux. I've used xpdf and gpdf. Neither was perfect but they tended to get the job done. For example, I recently made a .PS with AbiWord on Linux and then used ps2pdf to make it into a PDF. gpdf opens it but it's blank. Probably a fonts or CUPS issue. Adobe's viewer is pretty darn reliable. -Andy -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PDF's unsafe?
Yea, the jury is still out on exactly how secure FoxIt Reader might be - but for now its the best alternative I can find. It doesn't have any of the bells and whistles that I don't need or want in a PDF reader anyway, and I know it doesn't run javascript or allow executable attachments in PDF's, like Adobe's does. On 9/21/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: yep foxit is really good near the too heavy adobe :) but about foxit security , I doesn't bet it's safer than acrobat.. -Message d'origine- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Micheal Espinola Jr Envoyé: mercredi 21 septembre 2005 17:54 À: full-disclosure@lists.grok.org.uk Objet: Re: [Full-disclosure] PDF's unsafe? I'm a win32 guy, so I've been using Foxit Reader http://www.foxitsoftware.com/pdf/rd_intro.php. Its free, 4.5mb total, and is a stand-alone applications that doesn't require an install. I keep it on my thumb drive with my other utils. I've been using it for a couple of months now with no issues reading or printing PDF's. On 9/21/05, Andrew Haninger [EMAIL PROTECTED] wrote: On 9/21/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote: I dont use the official Adobe reader any more for his reason and more. What do you use? Are there good, secure/safe viewers available for Windows? Linux? On Linux. I've used xpdf and gpdf. Neither was perfect but they tended to get the job done. For example, I recently made a .PS with AbiWord on Linux and then used ps2pdf to make it into a PDF. gpdf opens it but it's blank. Probably a fonts or CUPS issue. Adobe's viewer is pretty darn reliable. -Andy -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PDF's unsafe?
Go check it out. Attachments in PDF's have been a feature for a couple versions now. I mean executable attachments, as in files that can be immediately executed without any decompression or manual loading into an application. With Adobe, there is no administratively controllable criteria against what can be attached or run after it is received by the end-user. Your mail server AV may bock executable attachments (.exe's, .bat, etc), but do you allow .PDF's? Well, executable attachments can be IN your .PDF's. Does you AV scan for that as well? On 9/21/05, Geo. [EMAIL PROTECTED] wrote: and I know it doesn't run javascript or allow executable attachments in PDF's, like Adobe's does. Executable attachments? How? Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] router naming
Actually, GPS coords have a place in DNS records. On 9/2/05, Peer Janssen [EMAIL PROTECTED] wrote: luca developer wrote: Hi folks Is there a best practice for assign a router name ? e.g.: router type + city + room.id http://room.id and so on Wich method is usually used to assign a router name ? Full-disclosure router naming would be GPS coordinates, wouldn't it? This might proove to be a security risk, though, depending on your organization. Might be pratical to locate missing (read: walled-in or so) routers -- if they won't be moved around keeping their then-old name. Cheers Peer ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] J. A. Terranson
I think the real issue here is that the rest of us really don't care. If you have a problem with someone, great. But telling us about it doesn't make you any more important in our eyes. In fact, everyone involved in this tit-for-tat is coming off looking very unprofessional. On 8/29/05, J.A. Terranson [EMAIL PROTECTED] wrote: On Sun, 28 Aug 2005, ghost wrote: J.A.,. give up computers, go play in a sandbox. Did you just admit to threatening to mailbomb someone? lol.Bzzdt.This dude calls me up and starts asking if I'm going to.Out ofthe blue - like I said psycho central.My first response was to tell himto GFY and hang up.His persistence brought him his future. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Miscrosoft Registry Editor 5.1/XP/2K long string key vulnerability
You can remove a registry key easily without the need of a 3rd party app. To delete a registry key with a .reg file, put a hyphen (-) in front of the RegistryPath in the .reg file. http://support.microsoft.com/default.aspx?scid=kb;en-us;310516sd=tech On 8/25/05, mike king [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I didn't see anyone post a way to delete the registry key added so here is the tool I found that can accomplish this. Regalyzer from http://www.safer- networking.org/en/download/index.html query the key added to the registry. E:\reg query HKEY_LOCAL_MACHINE\SOFTWARE\empty ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\empty helloworldhelloworldhelloworldhelloworldhelloworldhelloworldhellowor ldhelloworldhelloworldhelloworldhelloworldhellow orldhelloworldhelloworldhelloworldhelloworldhelloworldhelloworldhell oworldhelloworldhelloworldhelloworldhelloworldhellow orldhelloworldhelloworl REG_SZ E:\ After removing the key from the registry with Reglyzer E:\ reg query HKEY_LOCAL_MACHINE\SOFTWARE\empty ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\empty E:\ Best of luck mike king time(r) is a trademark of Universe(c) Public use permited by fair use agreement ( copyright [NULL] ) -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkMNSykACgkQUjm7xSZSd8FxBgCgkxvav4tmXZY5te5K2hCNPmHekV4A nRGuGi5KnT0tNLvLSIP7HSCFaQyi =uvzy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disney Down?
Absolutely. Once a system has been exploited in such a manner, it is completely untrustable. It should most definitely be wiped. The IT ppl in SDC (and many other places) need to all be lined up and smacked Three Stooges style. On 8/19/05, Donald J. Ankney [EMAIL PROTECTED] wrote: Any IT department that simply removes a worm and shoves a box back into production has serious issues. After a machine has been compromised, it should be wiped and rebuilt. -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disney Down?
I agree that not all exploits need to or should be handled in such a way, but this type of open-ended exploit where potentially anything could have been dropped or altered on a system would force me as an network/security/systems administrator to have to take appropriate action to protect my employer. Yep, it's defiantly extreme. I wouldn't want to have to do it. But, I still would do it all the same. In my experience the risk is just too great not to. Which is why we store data on secure servers, and can multi-cast images for workstations for easy rebuilds. Its a shame not everyone can work in an environment where things like this can be done that easily, but that doesn't mean that they shouldn't be done at all. I have yet to work work for an employer where my management and fellow staff wouldn't be prepared to do the same - thank goodness. I shudder to think about it happening to me... On 8/19/05, Steve Kudlak [EMAIL PROTECTED] wrote: Micheal Espinola Jr wrote: Absolutely. Once a system has been exploited in such a manner, it is completely untrustable. It should most definitely be wiped. The IT ppl in SDC (and many other places) need to all be lined up and smacked Three Stooges style. On 8/19/05, Donald J. Ankney [EMAIL PROTECTED] wrote: Any IT department that simply removes a worm and shoves a box back into production has serious issues. After a machine has been compromised, it should be wiped and rebuilt. As a practical matter how many boxes are we talking about. I mean I have removed worms and viruses (note I don't use the l;ural virii because it is too close to the proper Latin Plural of men;) and put boxes back into use. But not in places that are critical. Does one rebuiild everytime something goes wrong? Seems extreme to me. I dunno if this is the place to discuss issues like this. Now of course with worm designers getting more sophisticated it might be that more extereme measures should be taken earlier in the descision chain. Now if people implement a really adequate backup system, like everything over the last hour is safely backed up it might be possible to do that. Anyway it is an interesting case, easy to say now that I am disabled and watching from the sidelines. Have Fun, Sends Steve -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: It's not that simple...
Exactly. Because MS is such a stupid-admin prone OS, MS needs to work harder at making tools like the recent SCW (Security Configuration Wizard) available to all their OS's - not just the newer ones. Even though checklists and security docs these days are numerous for the basics - people aren't looking into them or following them because of all the manual steps involved. Things like the SCW need to be embedded in the OS to make it as idiot proof as possible to apply a secure configuration. I think we'll all agree that lots of idiots maintain Microsoft OS's. It isn't necessarily MS's fault - but it is a culture that they cultivated, so they definitely hold some accountability. On 8/18/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Thu, 18 Aug 2005 10:28:04 EDT, Paul Melson said: Very little pity for those who haven't hardened servers and workstation images this late in the game. The problem is that there's literally a half billion workstation images out there, run by people who think harden is what pr0n does do them Remember - *most* machines are run by Joe Sixpacks, not trained sysadmins. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disney Down?
So patch your systems, but don't miss your kid's play in order to do it. We've seen a lot worse than this in the past. Brilliant advise! On 8/17/05, Peter Besenbruch [EMAIL PROTECTED] wrote: Frank Stein wrote: check cnn.com now. according to them, a new win2000 virus out now in the wild and infecting at a rapid rate. http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html maybe this is the one. Check out this article by Larry Seltzer of eWeek, where he predicts earlier on August 16 that MS05-039 is just not a conducive bug. http://www.eweek.com/article2/0,1895,1848696,00.asp I look forward to Mr Seltzer's updates. ;) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disney Down?
Thanks for correcting my spelling error. You mention that this issue will have little or no presence on consumer systems, but you do realize that you are writing for the Enterprise News Reviews magazine, eWeek - right? You also realize that MS05-039 effects the current consumer version of Microsoft Windows (aka Windows XP) - right? You also say, If it had been International Paper or some company like that rather than media outlets I suspect it wouldn't be getting all this attention. While this is likely true, this exemplifies the need to take security matters more seriously. MS05-039 was issued on August 9, 2005, and major companies were still exploited 6 days later. Your own story emphasizes the lack of consideration that is still being given to security vulnerabilities, even though Microsoft is continuously scrutinized at a product level for what is increasingly related to poor administrative and security practices. Applying this particular patch takes mere moments to download (a 500-600k file depending on your OS), moments to install, and a recommended reboot (although only 3% of the systems I personally patched technically required it). The entire procedure for patching a single system would require less than 5 minutes to perform (omitting the time of the reboot). Distribution of this patch on scale is also relatively trivial for someone whose position it is to do it. Trivializing this (or any) security patch is quite a gamble. As Security Center Editor for eWeek, it surprises me that you would take such a position. Any vulnerability that would allow for remote code execution and elevation of privilege should be treated as a top priority, from both internal and external attack vectors. An issue such as this should not be treated as a likelihood; it should be treated as a possibility. When you think in this manner, your priorities change. I'm not trying to badger you, but in light of the Disney, CNN, ABC, and The New York Times mishaps (amongst others), I must admit that I'm glad I don't follow your column or style of advise. On 8/17/05, Larry Seltzer [EMAIL PROTECTED] wrote: So patch your systems, but don't miss your kid's play in order to do it. We've seen a lot worse than this in the past. Brilliant advise[sic]! Yeah, clearly I timed the column badly, but I still think there's more smoke than fire on this outbreak. If it had been International Paper or some company like that rather than media outlets I suspect it wouldn't be getting all this attention. I also think it's fair to say that when it dies down, relatively soon, it won't achieve the endemic status of Blaster and Sasser because it will have little or no presence on consumer systems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]
This issue effects XP and W2K3 systems as well. I don't see the argument of W2K being on the back burner as having any relation to this thread. Regardless of a LOT of Windows 2000 out there..., these companies weren't bitten the same day the initial exploit was released. 6 days is plenty of time to have tested compatibility and to distribute the patch. PnP is not a show stopper when it comes to patch compatibility testing - especially considering the fact that the exploit allows for remote code execution and elevation of privilege. Perhaps certain people need to learn or take a refresher course of what that exactly implies. And I'd say it is just that simple when you consider the fact that San Diego County waited to install the patch *the night after* they got hit by the worm. *That's* why organizations like San Diego County, with ~12,000 Win2k hosts, were bitten so badly. Greg Smith, the county's assessor, recorder and clerk, said As long as we're up (today), we'll be fine Greg Smith is a thinking much too lightly of the situation. Their systems just got hit with an exploit that allows for remote code execution and elevation of privilege. If I was him, I would be very concerned about data theft, and performing network wide audits. Yesterday's crash marked the third time in recent weeks that significant computer problems have affected county government. Well, enough said about Greg Smith or whoever manages SDC's systems... Lets take a look at the ISS advisory that makes a respectful analysis of the phrase code execution and elevation of privilege: Successful exploitation of this vulnerability could be leveraged to gain complete control over target systems, and might lead to malware installation, exposure of confidential information, or further network compromise. Due to the widespread use of the affected operating systems and the critical nature of component affected, it is likely that servers and desktops used for a wide variety of purposes are vulnerable to this issue. The initial exploited fault aside, I see no excuse for this. On 8/17/05, Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: It's not that simple. Why such success with a worm targeted at specific vulnerabilities in Win2k? I'll tell you why -- the answer is spelled out (correctly) in an article written by Ina Fried in a June 28th, 2005, C|Net News article entitled Windows 2000 moves to the back burner, which discussed Microsoft's end-of-life support for the OS platform. Here are a couple of key excerpts: [snip] Microsoft on Tuesday issued what is expected to be its last significant revision of Windows 2000. The software maker released what it calls an Update Rollup for the 5-year-old operating system, which is due to shift at the end of this month from receiving mainstream support to extended support. Microsoft does not generally add features to a product under extended support, and the Update Rollup is largely a collection of previously released patches as opposed to a batch of new features. In addition to already released fixes, the collection may contain fixes for non-public low- and moderate-level security issues that did not warrant individual security bulletins, a Microsoft representative said. [...and:] Although Windows 2000 has been followed by several other Windows versions, the software remains extremely popular in corporations and small businesses. It still accounts for nearly half of all Windows-based business desktops, according to a recent survey by AssetMetrix. [snip] http://news.com.com/Windows+2000+moves+to+the+back+burner/2100-1016_3-5766696.html So there you have it -- there's still a LOT of Windows 2000 out there... Having said that, you also have to realize that from the time the MS05-039 vulnerability was disclose (and the exploit code was released the same day), to the time that very large enterprises had to deploy it was very, very short compared to threats of the past. That's why organizations like San Diego County, with ~12,00 Win2k hosts, were bitten so badly. http://www.signonsandiego.com/news/metro/20050817--7m17worm1.html It's just not that simple... - ferg -- Micheal Espinola Jr [EMAIL PROTECTED] wrote: Thanks for correcting my spelling error. You mention that this issue will have little or no presence on consumer systems, but you do realize that you are writing for the Enterprise News Reviews magazine, eWeek - right? You also realize that MS05-039 effects the current consumer version of Microsoft Windows (aka Windows XP) - right? You also say, If it had been International Paper or some company like that rather than media outlets I suspect it wouldn't be getting all this attention. While this is likely true, this exemplifies the need to take security matters more seriously. MS05-039 was issued on August 9, 2005, and major companies were still exploited 6 days later. Your own story
Re: It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]
From my perspective, developing a patch and applying a patch are two different life cycles. I'm no developer, but I know what it takes to properly test and roll-out patches within my (current and previous) organization(s). I don't pretend to believe that all patches are the same, but this PnP patch is one of the less difficult to deal with in terms of a roll-out. I truly believe this recent worm could have been avoided if MS05-039 was taken more seriously. I cannot say as to why MS hasn't addressed any other outstanding issues. While it's a valid concern of mine as well, it really doesn't relate to the discussion regarding the MS05-039 fiasco. On 8/17/05, Geo. [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Micheal Espinola Jr Regardless of a LOT of Windows 2000 out there..., these companies weren't bitten the same day the initial exploit was released. 6 days is plenty of time to have tested compatibility and to distribute the patch. How can you allow a vendor to take 6 months to a year to release a patch and then say 6 days is plenty of time to test and patch? You know, I was sure when MS announced there would be 6 patches for august that one of them would be one of these http://www.eeye.com/html/research/upcoming/index.html but I guess not... 141 days and counting, and it will get released when MS hears that someone has written and released an exploit for it, then of course all of us have 6 days to live.. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: It's not that simple...
Surely. Disabling Null Sessions is recommended security practice. I have been doing it for at least 10 years now. I think I first wrote about it in The Hardening of Windows NT, which IIRC, was in 1995. On 8/17/05, Kurt Seifried [EMAIL PROTECTED] wrote: Actually it really is that simple. Disabling Null sessions is entirely possible, quite easy, and doesn't break a lot (at least in my previous testing years ago it didn't break anything noticeable). [snip] -Kurt Seifried http://seifried.org/freescan2/ https://lists.seifried.org/mailman/listinfo/security -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Weird URL
Ahh, good call! On 8/1/05, Steve Friedl [EMAIL PROTECTED] wrote: On Mon, Aug 01, 2005 at 11:26:27AM -0400, Bug Traq wrote: Paste this URL in a firefox browser address bar and see what happens. http://https/;//gmail.google.com Anyone know why? You get the same thing when you enter just https and it's because www.paypal.com is the first Google hit for this term (via I'm Feeling Lucky) as invoked by Firefox for non URLs. Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco IOS Shellcode Presentation
persuasion by possible threat of action/retaliation is still persuasion. You aren't forced to do it. Children world-wide are taught right from wrong under this edict. Given Lynn's statements to the press regarding his reasons to cooperate, who's to say the level of coercion applied or required? Your gun violence comparison is a bit over the top. On 7/30/05, Steve Friedl [EMAIL PROTECTED] wrote: On Sat, Jul 30, 2005 at 05:16:15PM -0400, Micheal Espinola Jr wrote: Coercion is simply influence. You can be coerced into a choice, but its still your choice - regardless if people like it or not. This obliterates any distinction between coercion and persuasion, so why bother to have separate words? When you claim that I have a gun to your head is the same as pretty please with sugar on top, you mark yourself as having a stunning poverty of perspective. Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco IOS Shellcode Presentation
It was Lynn's choice based on his statement to the press - and it was still his choice no matter what the coercion might have been. Larry had no right to take take that choice away, and I doubt anyone here has the right nor the first-hand knowledge in order to pass judgement on the reasons for Lynn's choice. Based on Lynn's statements his motivation was patriotic. Who are we to judge that was not his intent for his intellectual property? I ask you, how do you know it wasn't? On 7/29/05, Ron DuFresne [EMAIL PROTECTED] wrote: On Fri, 29 Jul 2005, Micheal Espinola Jr wrote: That was a real dickhead thing to do. The guy that wrote that made an agreement with Cisco of his own free will. Who do you think you are to go against an agreement he made, with his own information? I sincerely hope it bites you in the arse. Was it free will, or the threat of jail and other difficulties? Afterall, employment was not a show stopper for him, he quit to release his findings and gain glory in the crowds at hacker fests. so was it really free will I ask again? Thanks, Ron DuFresne -- Sometimes you get the blues because your baby leaves you. Sometimes you get'em 'cause she comes back. --B.B. King ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco IOS Shellcode Presentation
That was a real dickhead thing to do. The guy that wrote that made an agreement with Cisco of his own free will. Who do you think you are to go against an agreement he made, with his own information? I sincerely hope it bites you in the arse. On 7/29/05, Larry Blumenthal [EMAIL PROTECTED] wrote: Information wants to be free. Time to free it! Fuck Cisco! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cisco IOS Shellcode Presentation
It was done of his own free will. Have you heard/read his public statement about it? I think I did the right thing. It was pretty scary, but the real important thing was there was the potential of serious problem, Lynn said. I did not think the nation's interest was served by waiting another year when a router worm would be a serious threat. [...] I gave maybe 5 percent of the information required to actually do what I did, he said. The first guy who did it is sort of in some way responsible for all the other people who do it. There was no added benefit to the public by posting that slideshow. Especially considering that the latest versions of the IOS are not vulnerable. In this case Larry has taken someone's free will and intellectual rights, and brushed them asside for his own cause to say fuck cisco. Good job. On 7/29/05, KF (lists) [EMAIL PROTECTED] wrote: Trying to Stifle information is a real dickhead thing to do also... I'm just waiting for someone to toss the DMCA into all of this. =] -KF Micheal Espinola Jr wrote: That was a real dickhead thing to do. The guy that wrote that made an agreement with Cisco of his own free will. Who do you think you are to go against an agreement he made, with his own information? I sincerely hope it bites you in the arse. On 7/29/05, Larry Blumenthal [EMAIL PROTECTED] wrote: Information wants to be free. Time to free it! Fuck Cisco! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Security issue in Microsoft Outlook
I was not able to duplicate this with Outlook 2003. Both URLs were visible, only the cybertrion URL was hotlinked, with no space inbetween the two. i.e.: http://www.foo-labs.infohttp://www.cybertrion.com On 5/23/05, Keenan Smith [EMAIL PROTECTED] wrote: I was not able to duplicate this. Typing over the existing URL replaced both the displayed and link text. Could anyone else duplicate? Keenan -Original Message- From: Bakchodiya [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 4:28 PM To: bugtraq@securityfocus.com Cc: full-disclosure@lists.grok.org.uk Subject: Security issue in Microsoft Outlook An issue has been discovered in MS Outlook (All Versions) where anyone can fake a URL send it across. How does it work: Lets compose an email in MS Outlook, lets type http://www.cybertrion.com put a space after it to make it a link. Now put your cursor just before cybertrion type any URL for eg: http://www.foo-labs.info now send it to anyone. The receiver will see the URL as http://www.foo-labs.info but when he clicks on it it will directly take him to http://www.cybertrion.com I am not sure how critical this is but it can fool alot of people result in download of a virus. For more details and Discovered by: Cybertrion Systems, http://www.cybertrion.com __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: email attack vector just got wider
Right, but do the AV vendors recognize an encrypted/password-protected PDF - like the would/could a compressed archive (ZIP, etc) ? I haven't seen any that can. I'm using Symantec 9, and I'd be interested to know if anyone is using a competitor that addresses this issue directly. Thanks, On 4/26/05, Randall M [EMAIL PROTECTED] wrote: Just my 2cents worth. About the only defense is using programs such as MailSecurity to block and alert when anything is encrypted or password protected. thank you Randall M If we ever forget that we're one nation under God, then we will be a nation gone under. - Ronald Reagan _ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Micheal Espinola Jr Sent: Tuesday, April 26, 2005 11:56 AMTo: Full DisclosureSubject: [Full-disclosure] Re: email attack vector just got wider an update: My latest finding is that Adobe PDF's with embedded attachments can be bundled and distributed as aSecure Electronic Envelope (eEnvelope).eEnvelopes are designed to protect documents in transitwith the use of encryption. Password protected .ZIP's are typically addressed at the SMTP gateway by AV software with the option to strip or reject compressed file attachments that are not readily scan-able (due to the password protection, etc). Although Adobe recommends enabling scanning all file types in order to scan a PDF (and ass/u/me'ingits embedded contents as well),an AV scanner is not currently going to be able to scan this encrypted content until the content has been rendered/unencrypted at the desktop. While many AV vendors have factored certain compressed archive standards into their products, I have seen no indication that this is being addressed for this relatively new and already widely deployed product. Call me a worry-wort, but I foresee this is the next in for malware distribution. On 4/25/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Perhaps not just. My apologies for those that are aware of this, but it seems Adobe 6 also had this capability - although many people have been unaware of this. I recently upgrade from 5 to 7, so I missed this potential issue from the get-go. Someone pointed out to me that Symantec does have a bulletin stating that by setting your AV to scan all files you can detect a virus inside a file embedded intoa PDF. Unfortunately, this does not address the blocking of certain attachments outright. On 4/25/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote: It seems most people I know haven't noticed that the new version of Adobe Acrobat (7) now allows for embedded/attached documents. Since PDF's have generally been considered a safe document format and are typically not blocked by content/attachment scanners, this now opens anemail-based attack vector that anti-virus providers [to the best of my knowledge] are not currently addressing. Many thanks to Adobe for creating another issue for us to deal with, and especially for not having the forethought to coordinate with anti-virus vendors to prepare for assuredly future exploitation of the technology. -- ME2my home: http://www.santeriasys.net/my photos: http://mespinola.blogspot.com/ -- ME2my home: http://www.santeriasys.net/my photos: http://mespinola.blogspot.com/ -- ME2my home: http://www.santeriasys.net/my photos: http://mespinola.blogspot.com/ -- ME2http://www.santeriasys.net/photography: http://mespinola.blogspot.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: email attack vector just got wider
Perhaps not just. My apologies for those that are aware of this, but it seems Adobe 6 also had this capability - although many people have been unaware of this. I recently upgrade from 5 to 7, so I missed this potential issue from the get-go. Someone pointed out to me that Symantec does have a bulletin stating that by setting your AV to scan all files you can detect a virus inside a file embedded intoa PDF. Unfortunately, this does not address the blocking of certain attachments outright. On 4/25/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote: It seems most people I know haven't noticed that the new version of Adobe Acrobat (7) now allows for embedded/attached documents. Since PDF's have generally been considered a safe document format and are typically not blocked by content/attachment scanners, this now opens anemail-based attack vector that anti-virus providers [to the best of my knowledge] are not currently addressing. Many thanks to Adobe for creating another issue for us to deal with, and especially for not having the forethought to coordinate with anti-virus vendors to prepare for assuredly future exploitation of the technology. -- ME2my home: http://www.santeriasys.net/my photos: http://mespinola.blogspot.com/ -- ME2my home: http://www.santeriasys.net/my photos: http://mespinola.blogspot.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] email attack vector just got wider
I'll send you a sample I have been looking at. On 4/25/05, Nigel Horne [EMAIL PROTECTED] wrote: On Mon, 2005-04-25 at 21:41, Micheal Espinola Jr wrote: It seems most people I know haven't noticed that the new version of Adobe Acrobat (7) now allows for embedded/attached documents.Are there any samples around? Or any documentation of the format?-Nigel___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- ME2my home: http://www.santeriasys.net/my photos: http://mespinola.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Microsoft April Security Bulletin Webcast BS
Wow... so, I'm listening to the webcast while doing my work today. I just heard him (the male presenter) say (three times now) that because some of the vulnerabilities have not been publicly disclosed that they are not publicly exploitable. OMFG.-- ME2___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Oddness with the MS antispyware beta
As far as my testing is concerned, this is all well and normal (if you want to call it that). However, I'd be interested if Sunbelt's enterprise product does the same thing. To add to this, since this is a user-accessible/controllable window (even if off screen)- it seems easy enough for another app to be able to control it, and disable MSAS. On Apr 12, 2005 8:45 AM, Jay Libove [EMAIL PROTECTED] wrote: I see that extra MS antispyware window (systrayhide, systrayshow, ...)also on a two-monitor workstation using nVidia's desktop manager. Asimilar thing happens with an ancient pop-up stopper I use (AKiller). Ifyou're seeing it on a laptop, it's probably because the laptop has asecond monitor capability and is running the advanced window managementfunctionality to know about the second monitor.Both are just artifacts of either poorly written software (GiantAnti-spyware, my little old AKiller program) or poorly written windowmanagers (or both) which result in the don't show this window bit beingignored when under advanced window management.They're annoying, but not an indication of anything nefarious.-Jay Libove, CISSPAtlanta, GA, US Message: 9 Date: Mon, 11 Apr 2005 23:04:38 -0600 From: Scott Edwards [EMAIL PROTECTED] Subject: [Full-disclosure] Re: Oddness with the MS antispyware beta To: Gregh [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 Are you able to isolate it when running a selective startup via msconfig?Also, does something like winspy give you any clues? On 4/11/05, Gregh [EMAIL PROTECTED] wrote: - Original Message - From: MN Vasquez [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Tuesday, April 12, 2005 4:02 AM Subject: [Full-disclosure] Oddness with the MS antispyware beta On the 2nd monitor I found a program window hiding.Basically, in a very odd position -- on a typically non-displayed portion of the desktop, which I only found by configuring multiple monitors.It seems the programmers are hiding a window, which I have attached as a jpg.For those that don't want to open an attachment: there are 5 buttons: systrayhide, systrayshow, systraynormal, systrascanning, systrayupdating. Sorry old son but it isn't hidden in any nasty or bug kind of way. I have 2 XPSP2 machines, one is a laptop and the other a desktop. For some reason that window doesn't show when Antispyware is started on the desktop with a normal CRT monitor but it does on the laptop every singles time. Normally it hides as in turns invisible after the prog has completed starting. Greg.___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- ME2my home: http://www.santeriasys.net/my photos: http://mespinola.blogspot.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to Report a Security Vulnerability to Microsoft
On Apr 8, 2005 4:17 PM, Georgi Guninski [EMAIL PROTECTED] wrote: On Fri, Apr 08, 2005 at 12:21:05PM -0700, Microsoft Security Response Center wrote: If you believe you have found a security vulnerability affecting a Microsoft product, we would like to work with you to investigate it.hahahahahaha m$ doing social engineering on fd, this is a joke. You would rather they ignore the issue? basically they want your 0days so billg becomes more rich. Wow, jealous much? --where do you want bill gates to go today?___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- ME2___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] K-iotik Zone
who cares... On Thu, 17 Mar 2005 00:44:06 +0530, Rudra Kamal Sinha Roy [EMAIL PROTECTED] wrote: k-otik is owned inside out :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
