Re: [Full-disclosure] Securing our computers?
What's a n3td3v? - ferg On Mon, Nov 3, 2008 at 10:26 PM, Biz Marqee <[EMAIL PROTECTED]> wrote: > "so i suggest you don't fuck with n3td3v" > --SNIP-- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] security industry software license
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Oct 13, 2008 at 6:43 PM, rysheve <[EMAIL PROTECTED]> wrote: > So are you talking about Actionable Intelligence? Why should the > government be gathering any intelligence on me unless I am the target > of an investigation? Maybe I should also have to register my I.D. to > any device that I connect to the Internet. I bet that would provide > lost of actionable intelligence. > For what it's worth, the FBI now does not need a reason to investigate anyone: http://centerforinvestigativereporting.org/blogpost/20081006broaderfbipower snowsetinstone Enjoy! - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI9AEJq1pz9mNUZTMRApMnAJ4qz8Yw8ZQkHtQw6Auy1Xv5jYf5DgCZAQ4F 1BH2jnYX0Gu/orDEFVpWFSI= =YA/A -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Chrome Browser Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Andrew Farmer <[EMAIL PROTECTED]> wrote: >On 02 Sep 08, at 21:48, Paul Ferguson wrote: >> - -- "James Matthews" <[EMAIL PROTECTED]> wrote: >>> The same thing happened to safari when it came out on windows. >> >> Well, no kidding. :-) >> >> Maybe the flaws that will hound Chrome are due to the fact that >> it uses Safari as a codebase? > >WebKit != Safari. Security-related bugs in rendering engines are pretty uncommon. > Okay, well you cannot deny this is a lackluster starting point. I hope Google can use this inauspicious starting point to build the advertising empire they desire. I for one do not welcome the advertisement overlords. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIvj6aq1pz9mNUZTMRAgEKAKC8rCgCiSPDcSLX8sAe1/ZJRR4fDACeIq9x X1b4Rd9bxRevUo78azKBi5o= =ic8T -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Chrome Browser Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- "James Matthews" <[EMAIL PROTECTED]> wrote: > The same thing happened to safari when it came out on windows. Well, no kidding. :-) Maybe the flaws that will hound Chrome are due to the fact that it uses Safari as a codebase? See also: http://raffon.net/research/google/chrome/carpet.html http://www.microsoft.com/technet/security/advisory/953818.mspx Enjoy. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIvhcOq1pz9mNUZTMRAstlAKCPqFEaeSc96HHG1gyL5+EbgAYEQACdHBIK kZWN+fHmLdspT7LNmS8Ey08= =fvYJ -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web s ites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- William McAfee <[EMAIL PROTECTED]> wrote: >I'm sorry, I forgot to link the actual website. > >http://www.stopgeorgia.ru > >On Sun, 2008-08-17 at 17:32 -0400, William McAfee wrote: >> I would like to point out one of the websites where the Russian side of >> things appears to be collaborating. Yes, that is happening, too. :-) - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIqLR8q1pz9mNUZTMRAqHSAKDbWg8XwDzYaS7e5/YLXNC0+3W+XQCgiw+x bVRJDJS50mzYjPO0f4TJeUM= =7TYx -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron <[EMAIL PROTECTED]> wrote: >People need to realize it's quite possible these are just kids who attacked Georgia, and what that means. > Certainly -- anything is possible. I would note, however, that if it _is_ "kids", then they have access to the same servers/services being used by other "known" criminal elements. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIohKqq1pz9mNUZTMRArkhAKD7uqnFEai2aGW1rkxkHIYfF0y3TACfekM/ Pl9LCRceBBFmAtZ+2jLldMk= =0TXm -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron <[EMAIL PROTECTED]> wrote: >In the last days news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there. > Also, I wish to say: "It is clear that there are anti-Georgian forces at work on the Internet." "Who they are, and what their motivations are 9at this point), remains to be seen." - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIn+HCq1pz9mNUZTMRAg5bAKC14z8wNBom1TASstp9D6n3fL4bLwCfSzxU cQcPfvWSi7j3Bwpgy1hPZJM= =5lFT -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- "Paul Ferguson" <[EMAIL PROTECTED]> wrote: >-- Gadi Evron <[EMAIL PROTECTED]> wrote: > >>In the last days news and government web sites in Georgia suffered DDoS >>attacks. While these attacks seem to affect the Georgian Internet, it is >>still there. > One more thing, TTNet has seemingly been a harbor for malicious Russian and Ukrainian criminal activity for a couple of years now. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIn+Zrq1pz9mNUZTMRAiPqAJwJlo12Rj9zkVVfIrWJ5vXiZCgrcACgrQBy DCCmJaWULlvfvP7fAeJKxho= =ARWR -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IMLogic telling porkies about Yahoo
Hmmm. Is this the same Yahoo! that also isn't aware that they are unwittingly hosting hundreds of phishing sites? http://news.com.com/Spamhaus+Yahoo+major+phishing+site+host/2100-1029_3-5850773.html - ferg -- n3td3v <[EMAIL PROTECTED]> wrote: On 10/14/05, James Tucker <[EMAIL PROTECTED]> wrote: > Sorry for the extremety of my blunt response, but I have two things to say: > > 1. How the fuck do YOU know any more than they do? Just because you > obsess over the security factors around a company with which you have > no affiliation does not put you in any greater authority to make > statements like those you made there. I heard it from the horses mouth. Yahoo don't acknowledge the same stats that IMLogic report on, and Yahoo say IMLogic's findings don't match that of Yahoo's own stats of their network. IMLogic can report on something and claim a worm is attacking, but when Yahoo's people go and look at their network, nothing is actually taking place! How many malicious messages do IMLogic record, before they decide theres a wide spread attack? Thats my question, because even with reports of worms on Yahoo, none have been seen by Yahoo or users.. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Search Results w/Trojan?
Get in line: http://www.eeye.com/html/research/upcoming/20050915.html More: http://www.eeye.com/html/research/upcoming/index.html - ferg -- "'FoR ReaLz' E. Balansay" <[EMAIL PROTECTED]> wrote: Hello all! My systems relevant info: Windows XP SP2 fully patched Mcafee VirusScan 7.1 Engine 4.4 Definition 4581 Using XP SP2s Internet Explorer, in Google, i used the following search query: mcafee "driver packet received from the i/o subsystem" "patch 11" When the results return from google a trojan comes along as well, as detected by McAfee AV. I'm aware that browsing to malicious sites can pass malware to users who visit those sites, but this is new to me: Trojans being passed through google results. Are passing of malicious programs through search engine results common? Goodbye! Edgardo (not the same newbie "Edgardo" from a couple threads ago =) ) -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dameware critical hole
Dude, let's try ASCII messages in the future, okay? :-) In any event, we all know now: http://www.frsirt.com/english/advisories/2005/1596 - ferg ps. Hey, TheGesus, not picking on you -- you know better. ;-) -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
Yep: %ping www.securityfocus.com Pinging www.securityfocus.com [205.206.231.15] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 205.206.231.15: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), %traceroute www.securityfocus.com Tracing route to www.securityfocus.com [205.206.231.12] over a maximum of 30 hops: [snip] 1243 ms36 ms35 ms bb1-p4-0.chcgil.ameritech.net [151.164.42.182] 1335 ms35 ms35 ms bb2-p5-1.chcgil.ameritech.net [151.164.191.182] 1436 ms35 ms41 ms ex1-p2-0.eqchil.sbcglobal.net [151.164.42.149] 1535 ms45 ms35 ms asn852-telus.eqchil.sbcglobal.net [151.164.248.1 22] 1674 ms73 ms72 ms clgrab01dr00.bb.telus.com [208.38.16.144] 1773 ms73 ms73 ms 216.123.211.114 1872 ms72 ms72 ms 205.206.231.98 1973 ms73 ms73 ms 205.206.14.145 20 *** Request timed out. 21 *** Request timed out. 22 *** Request timed out. 23 ^C - ferg -- n3td3v <[EMAIL PROTECTED]> wrote: Securityfocus.com appears to be unreachable. Anyone else? -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this a phishing attempt?
Think that's bad? http://www.boingboing.net/2005/08/25/la_record_producer_k.html - ferg -- Technica Forensis <[EMAIL PROTECTED]> wrote: On 8/24/05, winsoc <[EMAIL PROTECTED]> wrote: > I seriously cannot believe that someone would be so mundane in > thinking that people would reply to this. I have heard of several cases of people giving up hundreds of thousands of dollars and even flying to Nigeria to personally meet the 'prince'. Never underestimate the power of human stupidity. A friend of mine got one of these about a year ago and the random name of the person that died in the plane crash was his father's name. He got a big kick out of forwarding to his father and asking for his $14M inheritance. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]
use it will have little or no presence on consumer systems. > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blog.ziffdavis.com/seltzer > Contributing Editor, PC Magazine > [EMAIL PROTECTED] > > > -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Disney Down?
See: http://www.f-secure.com/weblog/#0631 It could be any one of 11 variants at this point... - ferg -- "Jan Nielsen" <[EMAIL PROTECTED]> wrote: I was at a customer today with this problem, initially their network was acting up and some ppl, couldn't logon to the servers in the morning. We found the file "kilo.exe" on some machines that apparently had not been patched, one thing I noticed while running this file on a vmware xp sp1 is that it connects to on irc server @ 61.220.217.49 on port 4128 and logs in to it with password : 146751dhzx Then it sets a few commands : JOIN #100+ MODE #100+ +nts Which for an RBOT virus in itself is nothing special, but I noticed one thing in my sniffer trace that got me a bit worried, this is a packet sent from the infected pc to the irc server : 00 06 53 2b f8 b1 00 0c 29 ce 67 a3 08 00 45 00 ..S+).g...E. 0010 00 53 a0 9b 40 00 80 06 1e 46 c0 a8 64 0d 3d dc [EMAIL PROTECTED] 0020 d9 31 07 13 10 20 22 0c d2 5b 13 95 d8 ee 50 18 .1... "..[P. 0030 3f 31 fe 93 00 00 50 52 49 56 4d 53 47 20 23 31 ?1PRIVMSG #1 0040 30 30 2b 20 3a 5b 02 4e 54 53 63 61 6e 02 5d 3a 00+ :[.NTScan.]: 0050 20 57 65 61 6b 70 61 73 73 77 6f 72 64 2e 2e 0d Weakpassword... 0060 0a . Anyone know what this could be ? Regards Jan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disney Down?
Perhaps the same problem as CNN, ABC, etc: http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html - ferg -- David Wilde <[EMAIL PROTECTED]> wrote: A buddy of mine who's fiance works for Disney just told me that they have sent everyone home for the day. When I say everyone I mean, Disney Land, Disney World, Disney Corporate, etc... He's not sure what the virus is called but it's apparently very nasty. Anyone have any more info on this? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Help put a stop to incompetent computer fore nsics
...and let me remind you, Mr. Terranson, that the majority of information that originates from SANS (primarily from the ISC Daily Handlers Diary, and DSHield.org), is far more substantive that the juvenile B.S. that goes on in this forum most of the time. But, of course, you knew that already, right? Being a "for-profit" organization is not the Sign of the Beast; the last time I checked, it was a Good Thing (tm), insofar as being truthful, honest, and doing a service to the online community. - ferg p.s. You call that cheap shot "full dsiclosure"? -- "J.A. Terranson" <[EMAIL PROTECTED]> wrote: > http://www.sans.org/resources/glossary.php While I realize that this is not going to be a wildly popular point, let me remind you that SANS is not the kind of place I would use as an authoritative reference in terms of debate. SANS is a for profit corp., and was run as such even when they were playing possum as a non-profit. They are *not* a "disinterested third party" any more than the anti-virus firms are - and not many people would use *them* as an authoritative reference (assuming of course that there are other sources). -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Motorist wins case after maths whizzes break spe ed camera code (fwd)
...and speaking of MD5, this showed up on Bruce Schneier's Blog this morning: [snip] A team of Chinese maths enthusiasts have thrown NSW's speed cameras system into disarray by cracking the technology used to store data about errant motorists. [snip] The MD5 Defense http://www.schneier.com/blog/archives/2005/08/the_md5_defense.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Help put a stop to incompetent computer fore nsics
*plonk* --filtered-- [snip] Jason Coombs [EMAIL PROTECTED] [snip] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Help put a stop to incompetent computer fore nsics
Hello? I can't believe I'm getting suckered into this... Wikipedia: Trojan horse (computing): In the context of computer software, a Trojan horse is a malicious program that is disguised as legitimate software. The term is derived from the classical myth of the Trojan horse. http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 Dictionary.com: Trojan horse n. 1. A subversive group or device placed within enemy ranks. 2. The hollow wooden horse in which, according to legend, Greeks hid and gained entrance to Troy, later opening the gates to their army. 3. Computer Science. A program that appears to be legitimate but is designed to have destructive effects, as to data residing in the computer onto which the program was loaded. - ferg -- Jason Coombs <[EMAIL PROTECTED]> wrote: Thierry Zoller wrote: > Or in better English : > A computer trojan horse is a program which appears to be something good, > but actually conceals something bad. Interesting. What dictionary are you reading this definition from? [snip] Jason Coombs [EMAIL PROTECTED] -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Pipe dreams & candy canes [Was: perfect security architecture (network )]
The closest approximation of "100% network security" comes in the form of a pair of wire-cutters... - ferg p.s. Network security is an architecture, and most importantly, it is a frame of mind... -- "Charles Heselton" <[EMAIL PROTECTED]> wrote: Although Daniel's comments may be tongue-in-cheek, there is some truth. Here are a few ideas that have become more or less mantras for me, personally There IS NO *perfect* security. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/