Re: [Full-disclosure] let's name something after dude vanwinkle
They also drive under I695 in Baltimore. 695 is not an elevated freeway except for the Key Bridge and various causeways over wetlands. Just more errors for ya for a horrible movie. On Fri, Feb 22, 2008 at 6:09 PM, worried security [EMAIL PROTECTED] wrote: On Sat, Feb 16, 2008 at 3:33 PM, Andrew A [EMAIL PROTECTED] wrote: dear mengele, n3td3v isn't gobbles. rocky is pretty sharp and hilarious. n3td3v is only unintentionally funny. n3td3v is fucking sharp and is about the takeover and the win, fuck the comedy. i watched die hard 4.0 last night and was energised by it. the DHS keep making everything electronic, but don't think about the potential cyber terrorist attacks they create. http://ap.google.com/article/ALeqM5jE_bOUpQb6MxrxSQno3N6gEdY-MAD8UVH3800 if you make everything electronic, make sure you have old skool backups which are run by old skool methods of cup and string, because if the bad guys strike, they will strike knowing your technology and its backups. i thought the die hard 4.0 movie was going to be crap, but it actually highlighted a lot of real life potentials that got my mind thought processes working, i'm suprised the U.S government didn't VETO the release of DIE HARD 4.0, since they are still struggling to decide where to build their U.S cyber command LOL. I will apply for the MI5/GCHQ cyber command and hopefully i will get gadi evron's home address and send him my good wishes. I don't need to work for MI5/GCHQ to find out all the troll's personal infos, i already have contacts with guys in there, who pay me off with info, for being an informant in the online cyber world. seriously though, ROFL at the U.S cyber command. Played any video games lately? http://www.news.com/News.com-Extra/8601-9373_3-9869337.html?communityId=2056messageId=306273#306273 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Liba Cohn, Cruise Insurance -- What if You Get Sick on the Ship? Tips from Industry Expert Travel Insurance Services
So uh, this forum is completely unmoderated now? On Jan 17, 2008 2:45 AM, william romsay [EMAIL PROTECTED] wrote: Liba Cohn, Cruise Insurance -- What if You Get Sick on the Ship? Tips from Industry Expert Travel Insurance Services Liba Cohn Liba Lyustiger Lillian Sarah Lyustiger lillian sarah cohn sara lyustiger natalija lyustiger cohn lyustiger sarah lyustiger Walnut Creek, CA (PRWEB) March 1, 2007 -- Cruises are great. Get on board and enjoy the scenic ports of call, entertainment, pampering, and incredible food. That is usually the case. But according to Travel Insurance Services, specialists in travel-related insurance plans for over thirty years, cruise passengers get hurt or sick often enough that they should be prepared for the possibility. This can include having cruise travel insurance that covers illness, injury and medical evacuation. A University of Texas study showed that four in 100 passengers visited shipboard infirmaries, 18% for injuries and 69% for medical conditions. The study found similarities between conditions that happen on cruises and those treated at land-based emergency rooms. More than Sunburns and Hangovers Cruise lines do have medical care available on board, but many travelers don't realize the variety and seriousness of conditions cruise doctors and nurses see. Most people mistakenly think cruise line medicine consists of treating sunburns and hangovers, stated Sally van Boheemen, RN and Director of Holland America Line's Fleet Medical Operations. While those ailments certainly do occur, they are not what keeps ships' medical centres busy. Conditions can include traveler's diarrhea, a sprained ankle, a broken hip, a stroke, a heart attack or something even more serious. According to the Texas study: The most common diagnosis was respiratory tract infection (29%); and 11% of patients had a serious or potentially life-threatening diagnosis. Get Current on Your Immunizations The US Centers for Disease Control and Prevention (CDC) states the diversity of passengers and crew members on a typical large cruise ship also means diverse background in health and immunization status, medical and public health tendencies and behavior, and potential for disease exposure. The CDC therefore recommends that cruise travelers be up to date for their routinely recommended age- and medical condition- specific immunizations. Be Sure to Have Coverage for Medical Expense and Evacuation Passengers often need to leave a ship for medical reasons. In 2000, Holland America Line alone had 600 medical disembarkations. Sometimes passengers can disembark for treatment at a scheduled port or by the ship returning to a port; but other times a specially equipped medical helicopter or air ambulance is needed. That medical evacuation expense can range from $5,000 - $50,000 or more, and may not be covered in a passenger's stateside health insurance plan. Travelers should check the coverage of their current health plan. Does it cover them for medical expenses throughout their trip, including travel outside their country? Does it pay for medical evacuation? If not, they should find a short-term travel health insurance that will provide coverage. Travel Insurance Services (TIS) has developed affordable cruise travel insurance plans to meet these needs. Plans like InterMedical Insurance and Travel Insurance Select include benefits for medical expenses and emergency medical evacuation. Each plan also includes 24-hour, multilingual worldwide emergency assistance, that helps to organize emergency medical transportation, provides medical care location service, monitors medical cases, communicates treatments to physicians back home and delivers emergency messages to family and friends. Travel Insurance Services (TIS) is a USI Affinity Company () a division of USI Holdings Corporation (USI). TIS is a nationwide insurance brokerage that has met the insurance needs of travelers for 33 years. It develops, markets and administers travel insurance and international medical policies for individuals, families, groups and businesses. For more information about the company and its products, visit travelinsure.com. USI is a leading distributor of insurance and financial products and services to businesses throughout the United States. USI is headquartered in Briarcliff Manor, N.Y., and operates out of 66 offices in 18 states, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Liba Cohn, Cruise Insurance -- What if You Get Sick on the Ship? Tips from Industry Expert Travel Insurance Services
Oh well that clears it all up, thanks. On Jan 17, 2008 9:52 AM, imipak [EMAIL PROTECTED] wrote: oh ffs, do please try to keep up guiness.stout wrote: So uh, this forum is completely unmoderated now? On Jan 17, 2008 2:45 AM, william romsay [EMAIL PROTECTED] wrote: Liba Cohn, Cruise Insurance -- What if You Get Sick on the Ship? Tips from Industry Expert Travel Insurance Services ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Cybertrust ( C + )
I'm not really clear on how you are grading these companies. I've had no personal experience with them but I don't decide a companies quality of work simply by their website and what information I get from some customer support person. These grades seem pointless and frankly unfounded. You should reword your grading system to specify the ease of use of their websites and not the service they provide. Especially if you haven't ordered any services from them. I'm not defending anyone here just pointing out some flaws in this grading. On Dec 20, 2007 12:11 AM, secreview [EMAIL PROTECTED] wrote: One of our readers made a request that we review Cybertrust (http://www.cybertrust.com;). Cybertrust was recently acquired by Verizon and as a result this review was a bit more complicated and required a lot more digging to complete (In fact its now Cybertrust and Netsec). Never the less, we managed to dig information specific to Cybertrust out of Verizon representatives. We would tell you that we used the website for information collection, but in all reality the website was useless. Not only was it horribly written and full of marketing fluff, but the services were not clearly defined. As an example, when you view the Cybertrust services in their drop down menu you are presented with the following service offerings: Application Security, Assessments, Certification, Compliance/Governance, Consulting, Enterprise Security, Identity Management Investigative Response /Forensics, Managed Security Services, Partner Security Program Security Management Program, and SSL Certificates. The first thing you think is what the hell? the second is ok so they offer 12 services. Well as you dig into each service you quickly find out that they do not offer 12 services, but instead they have 12 links to 12 different pages full of marketing fluff. As you read each of the pages in an attempt to wrap your mind around what they are offering as individually packaged services you're left with more questions than answers. So again, what the hell? Here's an example. Their Application Security service page does not contain a description about a Web Application Security service. In fact, it doesn't even contain a description about a System Software/Application security service. Instead it contains a super high level, super vague and fluffy description that covers a really general idea of Application security services. When you really read into it you find out that their Application Security service should be broken down into multiple different defined service offerings. Even more frustrating is that their Application Security service is a consulting service and that they have a separate service offering called Consulting. When you read the description for Consulting, it is also vague and mostly useless, but does cover the potential for Application Security. So, trying to learn anything about Cybertrust from their web page is like trying to pull teeth out of a possessed chicken. We decided that we would move on and call Cybertrust to see what we could get out of them with a conversation. That proved to be a real pain in the ass too as their website doesn't list any telephone numbers. We ended up calling verizon and after talking to 4 people we finally found a Cybertrust representative. At last, a human being that could provide us with useful information and answers to our questions about their services. We did receive about 2mb of materials from our contact at Cybertrust, but the materials were all marketing fluff, totally useless. That being said, our conversation with the representative gave us a very clear understanding of how Cybertrust delivers there services. In all honesty, we were not all that impressed. Cybertrust does perform their own Vulnerability Research and Development (or so we were told) under the umbrella of ICSAlabs which they own. Usually we'd say that this is great because that research is often used to augment services and enhance overall service quality. With respect to Cybertrust, we couldn't find out what they were doing with their research. They just told us that they don't release advisories and then refused to tell us what they did with the research. When we asked them about their services and testing methodologies, we were first told that they couldn't discuss that. We were told that their methodologies were confidential. But after a bit of Social Engineering and sweet talking we were able to get more information... As it turns out, the majority of the Cybertrust services rely on what they say are proprietary automated scanners which were developed in-house. Their methodology is to run the automated scanners against a specific target or set of targets, and then to pass the results to a seasoned professional. That professional then verifies the results via manual testing and produces a report that contains the vetted results. This methodology
Re: [Full-disclosure] [Professional IT Security Providers -Exposed] Cybertrust ( C + )
What kind of grading scale will you use? A through F or maybe a 1 to 10 type scale? I am very interested in your services! On Dec 20, 2007 10:09 AM, Kurt Dillard [EMAIL PROTECTED] wrote: Because its absurd to write a review for a service without actually experiencing the service. The original poster's messages have only had entertainment value, they've had no value from an information security perspective. If you'd like to provide a link to your MSN profile and facebook pages I'll write up a resume for you. Does that sound like a good idea? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Epic Sent: Thursday, December 20, 2007 11:56 AM To: c0redump Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [Professional IT Security Providers -Exposed] Cybertrust ( C + ) Isn't ANY review subjective to opinion?I do not understand the basis of this flame. It appears to me that a lot of the reviews on this site offer some great insight into the companies being presented. Granted it is an opinion, but that is what a blog is isn't it? On 12/20/07, c0redump [EMAIL PROTECTED] wrote: Exactly. Your 'grading' is based on your personal opinion. Do us all a favour and get a proper job. - Original Message - From: guiness.stout [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Thursday, December 20, 2007 2:05 PM Subject: Re: [Full-disclosure] [Professional IT Security Providers -Exposed] Cybertrust ( C + ) I'm not really clear on how you are grading these companies. I've had no personal experience with them but I don't decide a companies quality of work simply by their website and what information I get from some customer support person. These grades seem pointless and frankly unfounded. You should reword your grading system to specify the ease of use of their websites and not the service they provide. Especially if you haven't ordered any services from them. I'm not defending anyone here just pointing out some flaws in this grading. On Dec 20, 2007 12:11 AM, secreview [EMAIL PROTECTED] wrote: One of our readers made a request that we review Cybertrust (http://www.cybertrust.com;). Cybertrust was recently acquired by Verizon and as a result this review was a bit more complicated and required a lot more digging to complete (In fact its now Cybertrust and Netsec). Never the less, we managed to dig information specific to Cybertrust out of Verizon representatives. We would tell you that we used the website for information collection, but in all reality the website was useless. Not only was it horribly written and full of marketing fluff, but the services were not clearly defined. As an example, when you view the Cybertrust services in their drop down menu you are presented with the following service offerings: Application Security, Assessments, Certification, Compliance/Governance, Consulting, Enterprise Security, Identity Management Investigative Response /Forensics, Managed Security Services, Partner Security Program Security Management Program, and SSL Certificates. The first thing you think is what the hell? the second is ok so they offer 12 services. Well as you dig into each service you quickly find out that they do not offer 12 services, but instead they have 12 links to 12 different pages full of marketing fluff. As you read each of the pages in an attempt to wrap your mind around what they are offering as individually packaged services you're left with more questions than answers. So again, what the hell? Here's an example. Their Application Security service page does not contain a description about a Web Application Security service. In fact, it doesn't even contain a description about a System Software/Application security service. Instead it contains a super high level, super vague and fluffy description that covers a really general idea of Application security services. When you really read into it you find out that their Application Security service should be broken down into multiple different defined service offerings. Even more frustrating is that their Application Security service is a consulting service and that they have a separate service offering called Consulting. When you read the description for Consulting, it is also vague and mostly useless, but does cover the potential for Application Security. So, trying to learn anything about Cybertrust from their web page is like trying to pull teeth out of a possessed chicken. We decided that we would move on and call Cybertrust to see what we could get out of them with a conversation. That proved to be a real pain in the ass too as their website doesn't list any telephone numbers. We ended up calling verizon and after talking to 4
[Full-disclosure] APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal
Synopsis: APC PowerChute Network Shutdown 2.21 is vulnerable to directory transversal Background: APC PowerChute Network Shutdown is used to perform graceful shutdowns of network servers from one main server. Affected Versions: = 2.21 build 116 Description: APC PowerChute Network Shutdown is vulnerable to a directory transversal by appending special characters such as %5c and %2e to the end of a URL. This is due to an existing vulnerability in Acme.Serve which is a Java HTTP server which PowerChute Network Shutdown is built on. Vendor Notified April 9th 2007 Vendor Response April 10th 2007 A fix is being worked on for the next release. April 25th 2007 Spoke to vendor again, no ETA. May 3rd 2007 No ETA. June 1st 2007 No ETA. Reference: CVE-2001-0748 http://xforce.iss.net/xforce/xfdb/6634 http://www.securityfocus.com/bid/2809 http://www.apc.com/products/family/index.cfm?id=127 http://www.acme.com/java/software/Acme.Serve.Serve.html Chris Castaldo An ounce of prevention is worth a pound of cure. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/