RE: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-11 Thread Mike 
Nice but when you have physical access you don't need to worry about
headers:)

Plus I would never lick spoons at the company cafe, I would just take them
home and give them a good wash.

Mike
www.infosec.co.nz

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike
Sent: Wednesday, January 11, 2006 10:55 PM
To: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] How to Determine My System Vulnerabilities

I lick spoons in the company cafeteria when no one is looking.

(hah, mike left his terminal open)

Mike
www.infosec.co.nz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-11 Thread Mike 
I lick spoons in the company cafeteria when no one is looking.

(hah, mike left his terminal open)

Mike
www.infosec.co.nz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-11 Thread Mike 
There is of course the other (remote?) possibility that Eugene's company has
experienced a serious compromise and various mail accounts are now sending
out erroneous emails.

Mike
www.infosec.co.nz

-Original Message-
From: Mike [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 11, 2006 10:38 PM
To: 'full-disclosure@lists.grok.org.uk'
Subject: RE: [Full-disclosure] How to Determine My System Vulnerabilities

You may have nailed it Nick, we used unlocked PCs to shock users into
compliance at my previous company. (One) of the techniques was to send
emails on behalf of the offender.

Looks of surprise and denial from the perceived senders "but I didn't send
that!"
"Lock your PC next time!! And while you're here please re-read this security
policy!"

We only sent to internal addresses though :)

Mike
www.infosec.co.nz

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick
FitzGerald
Sent: Wednesday, January 11, 2006 4:56 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] How to Determine My System Vulnerabilities

[EMAIL PROTECTED] wrote:

> I have three servers running Linux Red Hat OS.  I would lke to find a 
> source for information regarding "How Too" when it comes to determining 
> what level of kernel, SSH, PHP, ect my servers are running.  I do know how

> to check some of these things but am looking for someone who is very 
> knowledgeble and is willing to answer questions about this OS.

Do I detect a case of "I went to get coffee without locking my 
terminal"??

(Quickly followed by a case of "HR wants to have a talk with "...)


Regards,

Nick FitzGerald

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-11 Thread Mike 
You may have nailed it Nick, we used unlocked PCs to shock users into
compliance at my previous company. (One) of the techniques was to send
emails on behalf of the offender.

Looks of surprise and denial from the perceived senders "but I didn't send
that!"
"Lock your PC next time!! And while you're here please re-read this security
policy!"

We only sent to internal addresses though :)

Mike
www.infosec.co.nz

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick
FitzGerald
Sent: Wednesday, January 11, 2006 4:56 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] How to Determine My System Vulnerabilities

[EMAIL PROTECTED] wrote:

> I have three servers running Linux Red Hat OS.  I would lke to find a 
> source for information regarding "How Too" when it comes to determining 
> what level of kernel, SSH, PHP, ect my servers are running.  I do know how

> to check some of these things but am looking for someone who is very 
> knowledgeble and is willing to answer questions about this OS.

Do I detect a case of "I went to get coffee without locking my 
terminal"??

(Quickly followed by a case of "HR wants to have a talk with "...)


Regards,

Nick FitzGerald

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread Chris Umphress 
On 1/10/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> I have three servers running Linux Red Hat OS.  I would lke to find a source
> for information regarding "How Too" when it comes to determining what level
> of kernel, SSH, PHP, ect my servers are running.  I do know how to check
> some of these things but am looking for someone who is very knowledgeble and
> is willing to answer questions about this OS.

The man pages are your friend. This list probably is not.

--
Chris Umphress 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread Nick FitzGerald 
[EMAIL PROTECTED] wrote:

> I have three servers running Linux Red Hat OS.  I would lke to find a 
> source for information regarding "How Too" when it comes to determining 
> what level of kernel, SSH, PHP, ect my servers are running.  I do know how 
> to check some of these things but am looking for someone who is very 
> knowledgeble and is willing to answer questions about this OS.

Do I detect a case of "I went to get coffee without locking my 
terminal"??

(Quickly followed by a case of "HR wants to have a talk with "...)


Regards,

Nick FitzGerald

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread Morning Wood 
> > I know I feel like the Federal Reserve is safe now.

well..., the headers appear to be genuine
IS THIS FOR F*CKING REAL 

The director for IT of the FDRB of Minneapolis is asking the most basic
question possible. ARE YOU SERIOUS?!?!?

>
>I have three servers running Linux Red Hat OS.  I would lke to find a
>source for information regarding "How Too" when it comes to determining
>what level of kernel, SSH, PHP, ect my servers are running.  I do know how
>to check some of these things but am looking for someone who is very
>knowledgeble and is willing to answer questions about this OS.

HOW DID YOU EVEN GET THE JOB???

I BET YOU TOOK A TEST AND HAVE SOME BIG FANCY LETTERS *sigh*

this ignat is making what? 75-125k$ / yr and dont know
how to get versions from his daemons?!?!  wtf wtf wtf omg omg omg

*shocked and awed*
/me falls over
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread InfoSecBOFH 
Yup switching to open sores when you know nothing about it makes perfect sense.

www.linuxfaq.com is ok I guess.  Redhat has a searchable knowledge
base.. etc etc..

Or, give me their external ip addresses and I'll let you know whats
wrong with them,.



On 1/10/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> I have three servers running Linux Red Hat OS.  I would lke to find a source
> for information regarding "How Too" when it comes to determining what level
> of kernel, SSH, PHP, ect my servers are running.  I do know how to check
> some of these things but am looking for someone who is very knowledgeble and
> is willing to answer questions about this OS.
>
> Gene Smith
> Federal Reserve Bank of Minneapolis
> IT/ Telecom  612 204 6355
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread prb 

Robert Wesley McGrew wrote:

On 1/10/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


I have three servers running Linux Red Hat OS.  I would lke to find a source
for information regarding "How Too" when it comes to determining what level
of kernel, SSH, PHP, ect my servers are running.  I do know how to check
some of these things but am looking for someone who is very knowledgeble and
is willing to answer questions about this OS.

Gene Smith
Federal Reserve Bank of Minneapolis
IT/ Telecom  612 204 6355



I know I feel like the Federal Reserve is safe now.


I know what you mean.

To Gene,

Such a question will get a fair percentage of this list trying to break 
into the Federal Reserve Bank of Minneapolis. Still, I'll throw you this 
bone:


Kernel version: uname -srv
SSH version: ssh -v
PHP version: php -v

For a basic Linux reference: Red Hat's Web site has a lot of 
information. Also, you might try these PDFs:

http://nighty.ulyssis.org/linuxmanuals/misc/Linux_Newbie_Administrators_Guide.pdf
http://nighty.ulyssis.org/linuxmanuals/misc/Linux_Command_Refference.pdf
http://nighty.ulyssis.org/linuxmanuals/misc/Linux_Sysadmin_Guide.pdf

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread Stan Bubrouski 
This is not the right list for this kind of question.  How you managed
to find this list but not the answers you are looking from google is
astounding (no offense intended, this is a list to discuss the full
disclosure of vulnerabilities).

-sb

On 1/10/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> I have three servers running Linux Red Hat OS.  I would lke to find a source
> for information regarding "How Too" when it comes to determining what level
> of kernel, SSH, PHP, ect my servers are running.  I do know how to check
> some of these things but am looking for someone who is very knowledgeble and
> is willing to answer questions about this OS.
>
>  Gene Smith
> Federal Reserve Bank of Minneapolis
> IT/ Telecom  612 204 6355
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread Robert Wesley McGrew 
On 1/10/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> I have three servers running Linux Red Hat OS.  I would lke to find a source
> for information regarding "How Too" when it comes to determining what level
> of kernel, SSH, PHP, ect my servers are running.  I do know how to check
> some of these things but am looking for someone who is very knowledgeble and
> is willing to answer questions about this OS.
>
>  Gene Smith
> Federal Reserve Bank of Minneapolis
> IT/ Telecom  612 204 6355

I know I feel like the Federal Reserve is safe now.

--
Robert Wesley McGrew
http://cse.msstate.edu/~rwm8/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] How to Determine My System Vulnerabilities

2006-01-10 Thread Eugene . Smith 

I have three servers running Linux Red
Hat OS.  I would lke to find a source for information regarding "How
Too" when it comes to determining what level of kernel, SSH, PHP,
ect my servers are running.  I do know how to check some of these
things but am looking for someone who is very knowledgeble and is willing
to answer questions about this OS.

Gene Smith
Federal Reserve Bank of Minneapolis
IT/ Telecom  612 204 6355___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/