Re: [Full-disclosure] DHS need to get on top of this right now
On 10/24/07, worried security [EMAIL PROTECTED] wrote: I'm sorry everyone I was just trying to highlight a valid point, i didn't expect a flame war to errupt. The DHS need to ban ISP's from talking about infrastructure security in public places. it should be classified information don't you all think? No, it shouldn't be classified. Besides, having DHS (lol) try to ban isps from talking is absurd in the extreme. Even ignoring the point that DHS is incompetent, there is a rather large issue with DHS being a US-centric agency, and this whole intarweb thing being world wide. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Month of Random Hashes: DAY FIFTEEN
On 6/27/07, Month of Random Hashes [EMAIL PROTECTED] wrote: snip My additions. These are of use to me, and possibly others. (md5) hash i 814521e15bd92880fc27811707c8156f hash u 5c9483e84b320d017dea913c237b5ff2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Linux big bang theory....
On 5/13/07, Andrew Farmer [EMAIL PROTECTED] wrote:
Well, yeah. The script depends on lynx and wget being available, and
neither is installed on OS X. It also depends on the line-by-line
layout of several include files, one of which (linux/wireless.h)
doesn't even exist on non-Linux systems.
It won't even work on all Linux systems. If the target doesn't have
compilers available, for example, it won't have any headers to grab
the target strings from.
Don't forget things like x86_32/x86_64, especially when combined with
a source distro like Gentoo. And of course, things like different
versions of linux/wireless.h, etc.
snip
happy=`awk 'NR==59 {gsub(//,);print $3}' /usr/include/paths.h`
/snip
$ cat /usr/include/paths.h
/* Autogenerated by create_ml_includes() in multilib.eclass */
#ifdef __i386__
# include gentoo-multilib/x86/paths.h
#endif /* __i386__ */
#ifdef __x86_64__
# include gentoo-multilib/amd64/paths.h
#endif /* __x86_64__ */
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hushmail from [EMAIL PROTECTED]
On 2/2/07, James Matthews [EMAIL PROTECTED] wrote: Again WTF! It's just someone trying to get hushmail filtered from full-disclosure. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] IBM to buy ISS
Sounds like IBM is going to buy out ISS. Having too much experience in dealing with IBM contractors and support, I don't think this is a good thing for ISS or their customers. http://www.iss.net/about/press_center/releases/us_ibm_08233006.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.
On 6/9/06, Cardoso [EMAIL PROTECTED] wrote: Most websites rely on cookies, sessions and javascript. If a user can't live with that, I'm very sorry but there's nothing I can do. Actually, no, most websites don't. I use a deny by default cookie policy, and NoScript, and nearly every single website I visit works. I need to enable session cookies when I'm buying something online, but JavaScript is rare that I ever need to enable it for a site. Same about corporate networks where people way high on the food chain demand full access, no firewall control or even transparent filtering. If you have that kind of problem where you work, you need to work on more education and security awareness. Where I am, we force all outbound traffic through a proxy, and everyone including the oh so precious C level goes through it. Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secunia illegal spam and advisory republication
On 4/20/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: as for this list being sponsored by Secunia. did n3td3v not actually READ the list at all before subscribing or posting to it? who wouldn't take such preliminary cautions? alan The list was purchased by Secunia a year or so ago. Many of the subscribers have been on it since it's inception by Len on netsys.com 4 years ago, long before Secunia got their hands on it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Recall: Oracle read-only user can insert/update/delete data
On 4/11/06, Bill Weiss [EMAIL PROTECTED] wrote: Van Winssen, Andre A SITI-ITIBHW5([EMAIL PROTECTED])@Wed, Apr 12, 2006 at 07:56:08AM +0200: The sender would like to recall the message, Oracle read-only user can insert/update/delete data. Hey, everybody! It's that guy who uses Exchange and doesn't know that it doesn't work with the outside world! Why don't we all laugh at him? (With apologies to The Simpsons fans everywhere) -- Bill Weiss In my experience, it doesn't even work in an Exchange environment. The user gets a message that the message should be recalled, but the original is still there, even if it hasn't been read yet. I've heard people say that at one time it would auto-delete the message if it hadn't been read, but I've never seen that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
On 3/23/06, Gadi Evron [EMAIL PROTECTED] wrote: Tech details: Sendmail vulnerabilities were released yesterday. No real public announcements to speak of to the security community. snip Public announcement --- FreeBSD were the only ones who released a public announcement of a patch and emailed it to bugtraq so far. snip Not sure what you mean by no advisories from the major distros. The CERT advisory went out at about 1700GMT. At the same time, RedHat sent out their notices, Mandrake, SUSE and Gentoo were within a few hours. Debian and Sun had updates within 24 hours. I'd say that covers the major players, and all of them were sent out by the time you sent your email. If you mean specifically Bugtraq (tm) postings, then you're right, they haven't been released by the moderators of that list yet. Bugtraq is what a moderated FD would look like, which is why it's not anywhere near as popular or useful as it was back in the Aleph1 netspace.org days. While I agree with you that this vulnerability should have more publicity then it does, I don't think everything is quite as gloomy as you're making it sound. Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTTP AUTH BASIC monowall.
On 3/16/06, Simon Smith [EMAIL PROTECTED] wrote: Flames like yours are useless. If you do not know how to answer the question that I am asking, then just be quiet. Mark Coleman is one of the few people that seems to have understood my question and provided me with a viable solution. Again, thanks Mark! Adriel or Simon or whatever the hell you're calling yourself these days, You're asking a bullshit question. You're basically saying that ssl is broken, so you want to tunnel something through ssl that'll be secure if the ssl wasn't there. Don't fucking use ssl in the first place then if you don't like it. I'm honestly quite surprised you haven't just replied to the list yet with the standard YHBT. YHL. HAND. That's all you are doing here, is just trolling, posting crap to get an argument going so you can sit back and laugh. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] For Sale: Security Vulnerability Database Company
On 3/10/06, System Outage [EMAIL PROTECTED] wrote: snip I'm curious, is there a reason you always use a hax0red proxy to do your posting from? You weren't by chance the one who rooted them are you? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
On 2/28/06, Stef [EMAIL PROTECTED] wrote: On 2/28/06, Paul Schmehl [EMAIL PROTECTED] wrote: Still, the ignorance of Mac users, who believe their platform is somehow magically secure will contribute to the problem. snip I am sorry, Paul, but I have to take you up on this, especially with your tendency of generalizing everything. I have used *nix in the snip ... so the Mac users are not [only] the bunch of idiots/ignorants whom you tend to describe - I would just invite you to attend a blackhat or shmoocon, or even SANS or Cisco networkers, and let me know how many Mac users you can count there ... and then ask yourself why ... but then, again, I may be wrong ; Stef Stef, You're describing your own experiences, and those of other security professionals. What Paul is describing is the normal user. I agree with him that the normal user thinks that because they have a Mac, they are suddenly immune to everything. As an example, a good friend of mine has been using an iBook and an iMac for several years, and likes to talk about how she doesn't have to deal with all the viruses and problems that her Windows using friends have. When I asked, she had never done a single update on her computers, because she didn't think she needed to. I've since convinced her to check for updates on a weekly basis, which while not perfect, has at least kept her patched. Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] blocking Google Desktop
On 2/10/06, Michael Holstein [EMAIL PROTECTED] wrote: I'm sure many of you corporate types are scared to death of the new Google Desktop (allowing Google to store anything on my drive for a month). Question : what's the most effective way to block this on a network level? Does blackholeing desktop.google.com do the trick and prevent it from reporting (even if already installed) ? Regards, Michael Holstein Cleveland State University You could always try an authenticated proxy that all traffic must pass through. Last I checked, Google Desktop couldn't deal with an authenticated proxy. Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gutmann's research paper today
On 2/7/06, Frank Knobbe [EMAIL PROTECTED] wrote: I'm performing backups where the stream is tee'ed to the drive and into md5 for hash creation. Works great with tapes, should work for drives too. Cheers, Frank Funny, that's how my backups always end up working as well. 'cat /dev/urandom /dev/tape' Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] BlackWorm technical information
On 1/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: The *interesting* question is whether it's possible to use this to count the *actual* number of affected machines by excluding all the rubberneckers that are visiting the page and hitting refresh to see the numbers go up. Maybe by looking at the Referer or User-Agent values? That's what the Snort rule looks for, a connection to that page without a Referer: tag. Not perfect, but it works well enough. Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
