Re: [Full-disclosure] hackers.it disappeared from google search results
All this means is that Google has not indexed this site or dropped it from the index. You can investigate further by getting an account for Google Webmaster Tools and looking at what it says about this site there. I think Google will drop a site if it has been hacked, is down for a long time or maybe even if it is serving malware. If any of that applies to this site recently it may be an explanation. If your site does not come back in a few days of being up reliably you might submit a reconsideration request to Google. Last but not least I have seen Google drop a page if for some reason they cannot crawl it and/or it crashes their crawler. Google Webmaster Tools should tell you if something like that is happening. You might also look at this site with Xenu Link Sleuth which is a free tool. It might help you find ambiguous URIs that might confuse the Google Crawler Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car or Street Rod on the Web At 08:24 AM 2/2/2012, David3 Gonnella wrote: Yes that's the key search that would produce the wanted results. As you confirm the records are not showed anymore without any notice. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
Most people don't realize it but cats are actually very social animals. Also very smart. That explains the behavior you are seeing. Regards, Nancy Kramer At 05:10 AM 2/2/2009, Michael Simpson wrote: On 1/30/09, Michael Holstein michael.holst...@csuohio.edu wrote: Have any of you guys heard of RFID? Yeah .. wouldn't it make more sense to just build one that reads the AVID chip most pets have in them anyway? friends of mine couldn't understand how their kitchen was still full of cats every night after they implemented an rfid system on the cat's collar turns out the cat was standing close enough to the door to activate the lock whilst its pals gained entry social engineering / evil employee approach mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.10.16/1929 - Release Date: 2/1/2009 6:02 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.10.16/1929 - Release Date: 2/1/2009 6:02 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackery Channel 01-09-01-LOLZ: Cat Spoofing against Flow Control
Another cat not carrying prey would also work well. Lots of stray cats like to come in when it is cold so this could very likely happen. The cat the device was bought for could also attract other cats that would follow it into the house. Some cats are quite social and have friends. This should maybe be called cat spoofing as the cat this device was intended for is not the cat getting entry. Lots of fun finding strange cats in your house at 3AM. Note; Cats tend to be nocturnal. You don't need any kind of high tech device for this. Just open the door for your cat and others may come in. Cats are fast so it is hard to keep them out. Besides they are awake and you are probably NOT. Been there done that. Regards, Nancy Kramer At 06:04 PM 1/29/2009, hack ery wrote: Security Risk: High Exploitable: Local Vulnerability: Arbitrary Flow Control Control, Cat Spoofing Discovered by: The Hackery Channel Tested: No The Flow Control project is an access control project for a cat. It consists of a cat door, an electromagnetic latch, a access control device, and image recognition software that allows Flow to enter the house, and only when she is not carrying prey. When Flow is within proximity of the door, she passes through a light that casts a shadow on an area monitored by a camera. If the silouhette, appears to be Flow without prey, access is granted. Cat Spoofing: An attacker could potentially gain access by posing as a kitty by placing a cut out of the kitty next to the light. Mitigation: None. Work around: Guard dog Vendor Notified: No Vendor Site: http://www.quantumpicture.com/Flo_Control/flo_control.htmhttp://www.quantumpicture.com/Flo_Control/flo_control.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ No virus found in this incoming message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date: 1/29/2009 5:57 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.10.15/1924 - Release Date: 1/29/2009 5:57 PM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CN spam links in Google and Yahoo
Google is supposed having some issues with this type of stuff. This has been on some webmaster boards although I have not seen or experienced it. No one really knows how it happened but I personally think it is somehow related to the fact that Google had some DNS issues with their crawler or something like that reported in the last month. Google is very secretive so it is hard to figure out what if anything went wrong but if one can successful attack DNS one can do a lot of damage to the internet. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 05:17 PM 9/25/2007, James Matthews wrote: If you run a blog you can see easily why these sites are indexed! I get hundreds of spam comments from them! On 9/25/07, blah mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Read your SANS diary daily! http://isc.sans.org/diary.html?storyid=3408http://isc.sans.org/diary.html?storyid=3408 Spammers feeling lucky with Google Published: 2007-09-21, Last Updated: 2007-09-21 07:31:49 UTC by Bojan Zdrnja (Version: 2) For quite some time spammers have been trying to hide links advertised in their e-mails. The main reason for this is probably increasing effectiveness of various realtime blocklists, such as SURBL. For those that aren't familiar with SURBL (http://www.surbl.orghttp://www.surbl.org ), it's an RBL that lists list URIs found in spam e-mails. In other words, instead of listing spam zombies or relays, RBLs like SURBLs list sites that are referenced in advertised spams. SNIP - you get the idea - or click above On 9/25/07, Steve Ragan mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote: http://news.yahoo.com/s/zd/20070924/tc_zd/215816http://news.yahoo.com/s/zd/20070924/tc_zd/215816 I've seen this a lot lately, and I don't see how these sites were allowed. Is there anyone here who can shed some light on this? Steve Excerpt: A reader, Courtney Cox (no relation to the actress), recently pointed out to me that the top results of recent complex Google searches turned out to be inane Chinese sites that were not even parking sites, just an assortment of keywords that somehow got indexed and brought to the top of the results list. After seeing a few of these sites, I have to wonder what's going on. Is it sabotage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlhttp://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.comhttp://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] comparing information security to other industries
At 03:16 PM 12/19/2006, KT wrote: What I am trying to figure out is how mature we are and how long will it take for to get stable? Not very mature and it will take a long time to get stable because programmers are just beginning to be aware of application security requirements and then they need to figure out how to implement them. Remember most programmers came from a client server or mainframe world and they don't get it. The consumer also doesn't get it. They work great together. I went to a PHP Conference recently and the creator of PHP said that there is not such thing as a completely secure web application. When failure is a goal you will definitely get there. I know all this because I am a programmer by background. Most people designing web applications know so little about security it is scary. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.23/591 - Release Date: 12/17/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
You are 100 percent right about the US government. The US Constitution may protect US citizens from the government but nothing will protect them from the big telecom companies who will own them and their data unless we enact a new neutrality law in the US. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 04:48 PM 10/1/2006, Joe Barr wrote: On Sun, 2006-10-01 at 12:28 -0500, J. Oquendo wrote: So the United States government wants to pass the Truth in Caller ID act. Humorously it will do little do deter criminals from spoofing their caller ID and scamming innocent victims. Here is the rule/law followed by why it will fail: The U.S. government will do its duty, that is to say, they will lick the ass of the telecommunications industry lobbyists and do whatever they damn well say. -- It's a strange world when proprietary software is not worth stealing, but free software is. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.10/459 - Release Date: 9/29/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Truths in Truth in Caller ID Act
I know it was the big telecoms. Been working for Net Neutrality to preserve it. Think they should just crap their telecom reform bill. Only helps the big telecoms. Do you know they want to do deep packet inspection on every packet to prioritize them. Going to be a huge security hole. I am neither a network engineer nor security engineer but deep packet inspection scares the crap out of me. Congress is clueless. They just want the campaign contributions of the big telecoms. I consider them owned by the telecoms in the hacker sense of owned. I am already seeing peering issues as the ISPs start to play with the new toys ie new Cisco Routers. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 10:12 PM 10/2/2006, Gary E. Miller wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Nancy! On Mon, 2 Oct 2006, Nancy Kramer wrote: the big telecom companies who will own them and their data unless we enact a new neutrality law in the US. Yeah, but guess who wrote the net neutrality laws being vaoted on now? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFFIcb68KZibdeR3qURAt21AKDYnZbDwH48cLuf8sGOrHyzxhXVIACgoCUY Z61iwKwZkShAyBJrIu66BuY= =NGtb -END PGP SIGNATURE- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ProtectFly/RegisterFly - Whoisinformation - Non-Disclosure legal??
I agree. Everytime I want to build a site I have a terrible time finding a good name that is not taken. All the best names are taken and parked with junk on them or even worse spyware. Often business people do ruin what they touch especially when they just want to take the money and run and don't get whatever one is really trying to do. That is actually very common among venture capitalists and other investor types. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web . At 09:58 AM 8/5/2006, The Shadow wrote: yeah. This is legal. But it does suck. The new wave is domain cashparking. It sucks because people are just gobbling domains just to gobble when they could be used for real content. Sux. What a waste of internet. Of course commercial sector ruins everything it touches in the name of money. Oh well. www.Geek-Guy.com The Original Geek Toy Store -Original Message- From: Nancy Kramer [EMAIL PROTECTED] Subj: Re: [Full-disclosure] ProtectFly/RegisterFly - Whoisinformation - Non-Disclosure legal?? Date: Fri Aug 4, 2006 2:56 pm Size: 4K To: Dan B [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Yes having a private registration is legal at least in the US. Godaddy also does it. They charge extra for it. People do this so spam bots will not harvest their email on their domain registration. I personally don't think it is a good idea unless someone wants to do something wrong with the domain but that is just my opinion. If the people who own those domains are doing something wrong like spamming your blog I think you can contact the registrar and tell them. They should either give you the contact information or do something about the domain owner themselves. I know Godaddy would probably be helpful because they are a pretty good company but don't know about these companies since I don't deal with them myself. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 09:21 AM 8/4/2006, Dan B wrote: Hi, I recently noticed some spam comments to my blog. Upon looking at the link they were linking back to it is an aggregation of various people RSS from their blogs. Upon examining the domains and their whois info they all appear to be registered with ProtectFly. Their whois information does not give out the contact details of the domain owner. Some random looking email address, that I guess might forward back to the real owner. Is this non-disclosure of the contact details legal? Am I missing some method to find the correct info? Example:- [EMAIL PROTECTED] ~ $ whois nags-head-real-estate.info Domain ID:D13743171-LRMS Domain Name:NAGS-HEAD-REAL-ESTATE.INFO Created On:10-Jun-2006 02:42:27 UTC Last Updated On:22-Jun-2006 07:15:54 UTC Expiration Date:10-Jun-2007 02:42:27 UTC Sponsoring Registrar:RegisterFly.com, Inc. (R318-LRMS) Status:CLIENT TRANSFER PROHIBITED Status:CLIENT UPDATE PROHIBITED Status:TRANSFER PROHIBITED Registrant ID:tuxfIgCP2SraElSj Registrant Name:Whois Protection Service - ProtectFly.com Registrant Organization:RegisterFly.com - Ref-R# 37871268 Registrant Street1:404 Main Street Registrant Street2:4th Floor Registrant Street3: Registrant City:Boonton Registrant State/Province:NJ Registrant Postal Code:07005 Registrant Country:US Registrant Phone:+1.9737362545 Registrant Phone Ext.: Registrant FAX:+1.9737361355 Registrant FAX Ext.: Registrant Email:[EMAIL PROTECTED] Admin ID:tu0yrgMvIcEJ2aIH Admin Name:Whois Protection Service - ProtectFly.com Admin Organization:RegisterFly.com - Ref-A# 37871268 Admin Street1:404 Main Street Admin Street2:4th Floor Admin Street3: Admin City:Boonton Admin State/Province:NJ Admin Postal Code:07005 Admin Country:US Admin Phone:+1.9737362545 Admin Phone Ext.: Admin FAX:+1.9737361355 Admin FAX Ext.: Admin Email:[EMAIL PROTECTED] Billing ID:tuI0AzeEf97LKzMo Billing Name:Whois Protection Service - ProtectFly.com Billing Organization:RegisterFly.com - Ref-B# 37871268 Billing Street1:404 Main Street Billing Street2:4th Floor Billing Street3: Billing City:Boonton Billing State/Province:NJ Billing Postal Code:07005 Billing Country:US Billing Phone:+1.9737362545 Billing Phone Ext.: Billing FAX:+1.9737361355 Billing FAX Ext.: Billing Email:[EMAIL PROTECTED] Tech ID:tuTOQTTrtOUs5GAS Tech Name:Whois Protection Service - ProtectFly.com Tech Organization:RegisterFly.com - Ref-T# 37871268 Tech Street1:404 Main Street Tech Street2:4th Floor Tech Street3: Tech City:Boonton Tech State/Province:NJ Tech Postal Code:07005 Tech Country:US Tech Phone:+1.9737362545 Tech Phone Ext.: Tech FAX:+1.9737361355 Tech FAX Ext.: Tech Email:[EMAIL PROTECTED] Name Server:DNS1.REGISTERFLY.COM Name Server:DNS2.REGISTERFLY.COM Cheers, DanB. ___ Full
Re: [Full-disclosure] ProtectFly/RegisterFly - Whois information - Non-Disclosure legal??
Yes having a private registration is legal at least in the US. Godaddy also does it. They charge extra for it. People do this so spam bots will not harvest their email on their domain registration. I personally don't think it is a good idea unless someone wants to do something wrong with the domain but that is just my opinion. If the people who own those domains are doing something wrong like spamming your blog I think you can contact the registrar and tell them. They should either give you the contact information or do something about the domain owner themselves. I know Godaddy would probably be helpful because they are a pretty good company but don't know about these companies since I don't deal with them myself. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 09:21 AM 8/4/2006, Dan B wrote: Hi, I recently noticed some spam comments to my blog. Upon looking at the link they were linking back to it is an aggregation of various people RSS from their blogs. Upon examining the domains and their whois info they all appear to be registered with ProtectFly. Their whois information does not give out the contact details of the domain owner. Some random looking email address, that I guess might forward back to the real owner. Is this non-disclosure of the contact details legal? Am I missing some method to find the correct info? Example:- [EMAIL PROTECTED] ~ $ whois nags-head-real-estate.info Domain ID:D13743171-LRMS Domain Name:NAGS-HEAD-REAL-ESTATE.INFO Created On:10-Jun-2006 02:42:27 UTC Last Updated On:22-Jun-2006 07:15:54 UTC Expiration Date:10-Jun-2007 02:42:27 UTC Sponsoring Registrar:RegisterFly.com, Inc. (R318-LRMS) Status:CLIENT TRANSFER PROHIBITED Status:CLIENT UPDATE PROHIBITED Status:TRANSFER PROHIBITED Registrant ID:tuxfIgCP2SraElSj Registrant Name:Whois Protection Service - ProtectFly.com Registrant Organization:RegisterFly.com - Ref-R# 37871268 Registrant Street1:404 Main Street Registrant Street2:4th Floor Registrant Street3: Registrant City:Boonton Registrant State/Province:NJ Registrant Postal Code:07005 Registrant Country:US Registrant Phone:+1.9737362545 Registrant Phone Ext.: Registrant FAX:+1.9737361355 Registrant FAX Ext.: Registrant Email:[EMAIL PROTECTED] Admin ID:tu0yrgMvIcEJ2aIH Admin Name:Whois Protection Service - ProtectFly.com Admin Organization:RegisterFly.com - Ref-A# 37871268 Admin Street1:404 Main Street Admin Street2:4th Floor Admin Street3: Admin City:Boonton Admin State/Province:NJ Admin Postal Code:07005 Admin Country:US Admin Phone:+1.9737362545 Admin Phone Ext.: Admin FAX:+1.9737361355 Admin FAX Ext.: Admin Email:[EMAIL PROTECTED] Billing ID:tuI0AzeEf97LKzMo Billing Name:Whois Protection Service - ProtectFly.com Billing Organization:RegisterFly.com - Ref-B# 37871268 Billing Street1:404 Main Street Billing Street2:4th Floor Billing Street3: Billing City:Boonton Billing State/Province:NJ Billing Postal Code:07005 Billing Country:US Billing Phone:+1.9737362545 Billing Phone Ext.: Billing FAX:+1.9737361355 Billing FAX Ext.: Billing Email:[EMAIL PROTECTED] Tech ID:tuTOQTTrtOUs5GAS Tech Name:Whois Protection Service - ProtectFly.com Tech Organization:RegisterFly.com - Ref-T# 37871268 Tech Street1:404 Main Street Tech Street2:4th Floor Tech Street3: Tech City:Boonton Tech State/Province:NJ Tech Postal Code:07005 Tech Country:US Tech Phone:+1.9737362545 Tech Phone Ext.: Tech FAX:+1.9737361355 Tech FAX Ext.: Tech Email:[EMAIL PROTECTED] Name Server:DNS1.REGISTERFLY.COM Name Server:DNS2.REGISTERFLY.COM Cheers, DanB. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.5/405 - Release Date: 8/1/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.5/405 - Release Date: 8/1/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Please help to spam [EMAIL PROTECTED]
Just put the email address with a mailto tag on any fairly popular web page. Gets me a lot of spam. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 03:58 AM 7/24/2006, Alice Bryson wrote: I am collecting spam for research using the mailbox [EMAIL PROTECTED] I have try a lot to spread this mailbox to get more spam. But I can only receive about 60 spams per day. Could anybody help me to get more spam at [EMAIL PROTECTED] Thanks in advance! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 7/21/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Free antivirus software
I use free AVG by Grisoft. I have heard others are better but it has been protecting my old computer for a couple of years with no problems. You get daily updates too and it is much better than Norton which I had before. Nancy Kramer At 10:28 AM 6/28/2006, Julien GROSJEAN - Proxiad wrote: If u r using something good - pls let me know! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.9.5/377 - Release Date: 6/27/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Does someone know this guy at google?
Looked up the regular number in Google. It is a list phone number as follows R L Rollins, (636) 527-0586, 445 Westglen Village Dr, Ballwin, MO 63021 I have no idea if he works for Google but I don't think that someone would use their real name and real home phone number in a scam. Maybe you want to send this guy a letter if you do not want to call him. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 05:02 PM 6/7/2006, [EMAIL PROTECTED] wrote: again the usual fag on the list are coming around. I will care to reply you nicely (I'm sure if this guy is real, he appreciates having his cell # blasted to the world) my cell phone is in my domain whois and that's not a reason to be cell blasted looser... Call the number and find out I can't and dont want to phone in the USA. Happy now ? go back to your bed please. Tatercrispies wrote: It sounds to me that you have all the information you need to verify if this person exists. Why are you asking the list? Call the number and find out (I'm sure if this guy is real, he appreciates having his cell # blasted to the world) On 6/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I maybe feel paranoïd but I have got today a mail from a supposed google engineer but the email shows like a phising scam. Does someone can confirm there is a Rick Rollins Technical Sourcer Google [EMAIL PROTECTED] Office: (636) 527.0586 Cell: (650) 906-9585 at google to be sure this isn't someone attempting to fool me, told to [EMAIL PROTECTED] without luck yet , feel free to contact me on or offlist . cheers. AD. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.8.2/356 - Release Date: 6/5/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.394 / Virus Database: 268.8.2/356 - Release Date: 6/5/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
While I have no idea if what RSA is doing works or not but I have noticed the absence of phishing emails in my in box in the last few days. I used to get maybe half a dozen or more a day since I don't run spam filters. Not a one in the last two days. The Ebay and Paypal emails seemed to stop first. Now even the ones for banks I have never heard of are no longer coming in. There must be a reason for this. Maybe the phishers decided to take a vacation. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 01:20 PM 3/31/2006, [EMAIL PROTECTED] wrote: On Fri, 31 Mar 2006 19:06:29 +0100, n3td3v said: Check out this article, and I really did spill my hard earned Starbucks right down my front when I looked at this article: http://news.com.com/5208-1029-0.html?forumID=1threadID=15591messageID=131433start=3D-1 Given that you allegedly posted that particular response, I take it you spilled your Starbucks in shock that somebody would claim to be you? The original article is at http://news.com.com/2100-1029-6056317.html?tag=tb In any case, it's clear that the person who posted that response has *no idea* how most bank's anti-fraud systems work. First off, the phishers *can't* just run through all the data they've gotten in just a few seconds, unless they distributed the work across a bunch of botnet zombies - hits for more than a few dozen different accounts from the same IP in the same timespan are suspicious at the very least. Secondly, the phishers can currently usually be sure that the victims have given them reasonably good data (unless the victim is a dweeb who can't enter their DoB or account number correctly). On the other hand, if the phished data has been polluted by 90% bad data, then only 1 of 10 attempted transactions will succeed - and the fact that they're trying lots of different bad data will again hopefully trigger an alert. If you only succeed every 10th time, and you get locked out after 3 attempts with different bad data, it's going to take you a lot longer to figure out which ones are good and which ones are bad ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.385 / Virus Database: 268.3.2/294 - Release Date: 3/27/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.385 / Virus Database: 268.3.4/299 - Release Date: 3/31/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] What about subscriber only?
Good idea. Regards, Nancy Kramer At 03:32 PM 3/16/2006, Stefan Triller wrote: Hi, my killfile is getting bigger and bigger, because of the spam on this list. What about closing this list for email adresses which aren't subscribed to it? This would minimize the spam. Stefan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] ~ [Thu Mar 16 20:58:46 EST 2006] ~ Off-by-one in Apple MacOSX
[Advisory] ~ [Thu Mar 16 20:58:46 EST 2006] ~ Off-by-one in Apple MacOSX 8=D [+] Background This issue had no identified background. 8=D Appendix A Vendor Information http://www.apple.com/macosx/ 8=D Appendix B References RFC 4399 8=D Contact Nancy Kramer [EMAIL PROTECTED] CCE CEH CSFA GREM GHTQ GWAS SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Could it be a 301 permanent redirect? Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 04:57 AM 3/11/2006, Jianqiang Xin wrote: hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htmhttp://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name:http://ip-166-179.sn2.eutelia.itip-166-179.sn2.eutelia.it Address: http://83.211.166.17983.211.166.179 I do not understand why 1406379699 equal to http://ip-166-179.sn2.eutelia.itip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Microsoft AntiSpyware attacks Norton AV?
At 07:05 PM 2/12/2006, Dave Korn wrote: No, let me correct that. You need to fully uninstall it then throw it in the bin and get something better[*]. Oh, and don't let MS beta software run on any of your machines. I concur. Been there done that got the viruses. If it weren't for AVG I would probably have had to format my hard drive. MS software doesn't work all that well in production versions. Don't put their beta's on any machine that is anything else but a test machine. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.15.4/255 - Release Date: 2/9/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Personal firewalls.
You are then saying don't buy your firewall bundled with your anti virus. Logically that makes sense. It seems though that most AV vendors sell a firewall with their deluxe packages maybe because they think you need one and it gives them a little extra revenue. I have dailup and no firewall on my desktop and so far so good. Haven't had to rebuild the system yet and I have had it since March 2001. Came close to getting it messed up when I had Norton but was saved by AVG Free. Currently I have my email on a server where they keep the server anti virus up to date. I have not seen a virus in email in months. I still need desktop anti virus but it sure does cut down on the malware that shows up on my desktop. Regards, Nancy Kramer At 03:28 PM 1/20/2006, Soderland, Craig wrote: And with hardware many users/companies make the same mistake, layering firewalls all of the same vendor/brand. So that in the event of an exploit weakens they're all penetrated. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: PC Firewall Choices
I admit I know nothing about firewalls but with ZA I have had to shut it down sometimes to go onto the internet. I have no idea why. I just can't get on and when I shut it down I can. Never had the problem with Kaspersky. I do know that configuring a firewall right takes some knowledge and I know I don't know how to do that and ZA did not come with instructions telling me that, but Kaspersky was intuitive. If just popped up and asked if you want to let a certain application get on the internet and you answer yes or no and then it remembers. I think someone who did not even know what a firewall is could use it on their computer without problems like a typical end user. That impresses me. With the proliferation of broadband I think the typical home user should have a software firewall if they have broadband. Naturally a friend of mine had Windows XP and Norton Firewall and his machine on broadband got hacked anyway. But that is consumer Norton and that is another story which would be off topic to this subject. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 03:51 PM 1/19/2006, Stan Bubrouski wrote: On 1/19/06, Dave Korn [EMAIL PROTECTED] wrote: Stan Bubrouski wrote in news:[EMAIL PROTECTED] As cruel as that last message was I'm sick of the ZA pros here saying its perfect, its not, far from it. Since nobody has ever claimed that ZA is perfect, in saying this you prove Yeah I didn't literally mean perfect, only that certain people seem to argue that everyone's complaints about ZA aren't real because they don't experience them. What proof could I profer here? Some flawed benchmark? A video? Why would I bother you assume I'm lying anyways. that your claims are either lies or hyperbole. If you can't argue with what So because you think that one sentence is misleading (in retrospect 'perfect' was not a good word choice), everything else I said must be untrue. Sigh. people actually said, making up things that they didn't say is fatuously dishonest. You are the one being dishonest and the one exaggerating here. You take something too literally, and call people liars. Two machines, one with NPF one with ZA. When ZA is running on one, IE is slow, when its off its slightly faster than the machine with NPF. It's not a lie, its reality. You can fly here and come see for yourself, but you can't touch anything. I don't know where you've been. -sb cheers, DaveK -- Can't think of a witty .sigline today Roses are Red, Violets are Blue, How much is ZA paying...YOU! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Re: Re: PC Firewall Choices
I have the paid ZA but I heard the free one was better. Have no idea about that but would never buy the paid version again. At least now I know what was happening. Will try to look for that feature and set it to the maximum minutes. I only have it on my laptop which only goes on the internet sporadically but generally goes on the internet on public wireless networks which I think may not be all that secure. Lots of times I am meeting with someone there and we talk and then lookup something on the internet. I could see how time could pass quickly and I might not touch the computer for awhile. Thanks for the explanation. Regards, Nancy Kramer At 10:10 PM 1/19/2006, Greg wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nancy Kramer Sent: Friday, 20 January 2006 2:30 PM To: Stan Bubrouski; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices I admit I know nothing about firewalls but with ZA I have had to shut it down sometimes to go onto the internet. I have no idea why. I just can't get on and when I shut it down I can. That'd be a well known and never fixed bug I reported to Zonelabs some years back now. It has a feature to automatically lock internet connection after so many minutes of inactivity. The length of time can be changed by the user. What it REALLY did was cut off access to internet and any LAN you were on, isolating you entirely and never actually let go of it when the user was back at the keyboard. Exiting ZA let that go and internet and lan were restored. You have the option to turn that feature OFF but even that didn't stop the whole thing happening. So, about the only thing you could do was to set the auto lock as high as it could go and turn the feature off. It would still go off after that many minutes had passed (which I believe is 999 in the PRO version and 99 in the free version) and lock you out again but it was delayed by that much, at least. You CAN set certain programs to pass by its' lock, however. So, if you have some computers almost always chattering away on a distributed project but otherwise not touched, you could allow those programs to pass on even though, should you attempt to get out with a simple web browser (where it wasn't allowed to pass the lock), you cant. Saves some stuffing about on such machines and let's face it - the more free some company execs see, the more likely they are to use it. Surprising how many Windows based companies use free ZA. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: PC Firewall Choices
I guess I will stick with Kasperky which will probably phone home to Russia or something. Does anyone have any experience with the Firewall that comes with paid AVG? I just run free AVG currently on most computers so have not used it . Regards, Nancy Kramer At 01:15 AM 1/20/2006, [EMAIL PROTECTED] wrote: I have been following this discussion waiting for someone to mention another feature of Zone Alarm: Posted January 13, 3:00 a.m. PST Pacific Time, ROBERT X. CRINGELY http://www.infoworld.com/ A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a bug in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens. :) Hummer - Original Message - From: Nancy Kramer [EMAIL PROTECTED] To: Greg [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Thursday, January 19, 2006 11:27 PM Subject: RE: [Full-disclosure] Re: Re: PC Firewall Choices I have the paid ZA but I heard the free one was better. Have no idea about that but would never buy the paid version again. At least now I know what was happening. Will try to look for that feature and set it to the maximum minutes. I only have it on my laptop which only goes on the internet sporadically but generally goes on the internet on public wireless networks which I think may not be all that secure. Lots of times I am meeting with someone there and we talk and then lookup something on the internet. I could see how time could pass quickly and I might not touch the computer for awhile. Thanks for the explanation. Regards, Nancy Kramer At 10:10 PM 1/19/2006, Greg wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nancy Kramer Sent: Friday, 20 January 2006 2:30 PM To: Stan Bubrouski; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices I admit I know nothing about firewalls but with ZA I have had to shut it down sometimes to go onto the internet. I have no idea why. I just can't get on and when I shut it down I can. That'd be a well known and never fixed bug I reported to Zonelabs some years back now. It has a feature to automatically lock internet connection after so many minutes of inactivity. The length of time can be changed by the user. What it REALLY did was cut off access to internet and any LAN you were on, isolating you entirely and never actually let go of it when the user was back at the keyboard. Exiting ZA let that go and internet and lan were restored. You have the option to turn that feature OFF but even that didn't stop the whole thing happening. So, about the only thing you could do was to set the auto lock as high as it could go and turn the feature off. It would still go off after that many minutes had passed (which I believe is 999 in the PRO version and 99 in the free version) and lock you out again but it was delayed by that much, at least. You CAN set certain programs to pass by its' lock, however. So, if you have some computers almost always chattering away on a distributed project but otherwise not touched, you could allow those programs to pass on even though, should you attempt to get out with a simple web browser (where it wasn't allowed to pass the lock), you cant. Saves some stuffing about on such machines and let's face it - the more free some company execs see, the more likely they are to use it. Surprising how many Windows based companies use free ZA. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http
Re: [Full-disclosure] PC Firewall Choices
I have limited experience with PC Firewalls but the nicest one I have seen is the one that comes with Kaspersky anti virus. It appeared to be very easy to configure and never seems to cause problems with legitimate applications accessing the web. I do know that it does not meet your requirements since it comes bundled with anti virus, although if I remember correctly one could pick which of their bundled components to install at install time. Regards, Nancy Kramer At 03:22 PM 1/17/2006, Steven wrote: I am looking at supplementing the Windows XP (Pro) SP2 Firewall with a third party product on a bunch of Windows machines. I am trying to determine what product to go with and wanted to solicit some opinions from this mailing list. The four that I really come across and have used in some cases are ZoneAlarm, Sygate, Norton, Kerio, and Tiny. My understanding is that Norton has actually acquired Sygate and that the Sygate Personal Firewall probably wouldn't be the best choice of these now. With that in mind I am looking for a product that easy to setup, easy to use, works well, and does not take up too much in terms of system resources or harddrive space ( I also don't want it to add 20 minutes to the boot process either). I am not looking for e-mail protection, anitivrus, or any other non-firewall type services to be included. I do however want it to be able to manage applications and their internet usage. (i.e. if they install something new that tries to access the web (trojans included) they will get a popup telling them something is doing this). Any suggestions and opinions on the above products and any others that I might not have mentioned are welcomed. Also -- on top of this if someone knows of software/hardware that can scan these machines and verify whether or not both the SP2 FW and/or the 3rd part FW -- and perhaps prevent them network access if they are not running -- please let me know. [I am not sure what security products have these capabilities] Thanks Steven ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Seasons Beatings
This will only work if the people hearing the secrete are smart enough to understand it and work with it. Based on my experience there is minimal chance of this with most people. Most people are either too stupid or too lazy to utilize the knowledge offered them. Some are both stupid and lazy. Either way not much of a threat. The above fact keeps a lot of IT consultants in good paying jobs. Wishing you and your family a most politically uncorrect Merry Christmas and healthy and prosperous New Year. By the way any other list member who would like to be wished this please apply it to yourself, otherwise feel free to ignore it. Always remember You can lead them to the data but you cannot make them think. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 05:28 AM 12/17/2005, Dude VanWinkle wrote: I had taken a pause, from beating Santa Clause to remember your deeds, and the things that they breed I remembered my goal of Judging you all: Disclosures are Good, but I still wonder why you should; for secrets are precious, and keep your worthless family fed, After you reveal them, it doesn't matter if you are beaten and dead, for now we all know the power you had, and for its passing aren't you exponentially as sad? You had something to say: a secret to share; but now that is gone, you can now disappear one wonders if we will read your well thought out thought or just feel insulted and pick apart your opinion for naught You can either learn from your mistakes, or spend the rest of your time tyring to convince everyone who will listen how you felt during the crime for now that it is gone and you have nothing to share.. FUCK OFF MAN,... Until next year. -JP p.s.: here is your card: http://tinyurl.com/9tz5g ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/