[Full-Disclosure] Re: (AUSCERT AA-2004.02) AUSCERT Advisory - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices (fwd)
Hello, * On Thu, May 13, 2004 at 05:52:03PM -0400 [EMAIL PROTECTED] wrote: So no, you can't take down an OFDM with a PDA that does 802.11b. A card doing FHSS (that is, for 11g) might be enough. So, FHSS-802.11, or, even better, because it hops faster, Bluetooth might be enough. For 11a, there might be more trouble. 11h might be more difficult because of its dynamic channel selection, which tries to avoid crowded subcarriers. You have to get a PDA that has an OFDM-capable card. :) Not necessarily, as stated above. Best regards, Spiro. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Support the Sasser-author fund started
After all, nobody forces anyone to purchase and use MS Products. MS has been selling imperfect products for years and people still continue to use them. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Support the Sasser-author fund started
You're a nazi... A patriot would respect other countries and their laws... I hereby invoke Godwin's Law and declare this thread dead. -caelyx -- Forwarded message -- From: van Helsing [EMAIL PROTECTED] Date: Thu, 13 May 2004 19:58:18 +0200 Subject: Re: [Full-Disclosure] Support the Sasser-author fund started To: [EMAIL PROTECTED] On Thu, 13 May 2004 11:21:10 -0400 Exibar [EMAIL PROTECTED] wrote: support the sasser writer? Yup, I'll support a big kick in the pants for him give him a year or so in jail, 5 years probation and 1000 hours of community service, that's what I'll support. As for the twerp that said that US laws aren't sane, go pound sand, your comments were not on topic, needed, nor warrented. If this kid was in the USA, he'd be standing trial just like he would in Germany... so I repeat, go pound sand, bugger off, toddle off, just plain piss off. If you don't like the US, stay the hell out, we don't want you here. Exibar You're a nazi... A patriot would respect other countries and their laws... So look in the mirror and follow the leader... And I personaly can say that US-Admins are offen too lazy. On the other hand I can't explain how McAfee produce their virus-maps. Take a look and be quiet: http://us.mcafee.com/virusInfo/default.asp?cid=9043 vh ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Call for Participation Workshop DIMVA 2004
-- C A L LF O RP A R T I C I P A T I O N -- ## Early Bird Rates available before June 1, 2004 -- Detection of Intrusions and Malware Vulnerability Assessment DIMVA 2004 Workshop of SIG SIDAR of the German Informatics Society (GI) July 6.-7. 2004 Building 1 of the Federal Institute for Occupational Safety and Health Dortmund, Germany in cooperation with IEEE Task Force on Information Assurance German Chapter of the ACM University of Dortmund http://www.gi-fg-sidar.de/dimva2004 mailto:dimva2004{at}gi-fg-sidar.de -- The special interest group SIDAR (Security - Intrusion Detection and Response) of the German Informatics Society (GI) engages in the detection and management of information security incidents. In cooperation with the IEEE Task Force on Information Assurance, the German Chapter of the ACM and the University of Dortmund the special interest group SIDAR organizes a workshop on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA 2004) taking place 6/7-07-2004 at Dortmund. The workshop brings together primarily the German-speaking players in industry, services, government and research on the topics Intrusion Detection, Malicious Agents (Malware) and Vulnerability Assessment. The presentations aim particularly at results from research, development and integration, relevant applications, new technologies and resulting product developments on a conceptual level. Papers have been submitted from 12 different countries and have been carefully selected by the program committee for presentation at the workshop. While the DIMVA workshop targets the German-speaking community, everybody is invited to participate. Papers marked with (*) are published in German. All authors are free to present their papers in German or in English. Be aware, that German might be the prevalent language at the workshop. The registration is now open. Refer to the DIMVA web site for information on the detailed workshop program, rates, registration, travel and accommodation: http://www.gi-fg-sidar.de/dimva2004 The workshop program will take place at the lecture hall in building 1 of the Federal Institute for Occupational Safety and Health. The reception and dinner will take place at the famous steel exhibition hall of the German Occupational Safety and Health Exhibition, where we will also offer guided tours. Workshop program: Keynote: Verfahren der intelligenten Transaktionsanalyse am Beispiel der Missbrauchsfrüherkennung im Kreditkartengeschäft / Hanns-Michael Hepp (Intelligent Risk Solutions, DE) Intrusion Detection Sessions: Alarm Reduction and Correlation in Intrusion Detection Systems / Tobias Chyssler, Kalle Burbeck (University of Linköping, SE), Stefan Burschka, Michael Semling, Tomas Lingvall (Swisscom, CH) Alert Verification - Determining the Success of Intrusion Attempts / Christopher Kruegel, William Robertson (University of California, Santa Barbara, USA) (*) Komponenten fuer kooperative Intrusion-Detection in dynamischen Koalitionsumgebungen / Marko Jahnke, Martin Lies, Michael Bussmann, Sven Henkel (FGAN, DE), Jens Tölle (Universität Bonn, DE) (*) Vertrauensbasierte Laufzeitüberwachung verteilter komponentenstrukturierter E-Commerce-Software / Peter Herrmann, Heiko Krumm (Universität Dortmund, DE), Lars Wiebusch (E-Plus Mobilfunk, DE) Intrusion detection in unlabeled data with quarter-sphere Support Vector Machines / Pavel Laskov, Christin Schäfer (Fraunhofer-FIRST, DE), Igor Kotenko (SPIIRAS, RU) Sensors for Detection of Misbehaving Nodes in MANETs / Frank Kargl, Andreas Klenk, Michael Weber, Stefan Schlott (Universität Ulm, DE) (*) Aktive Strategien zur Schutzzielverletzungserkennung durch eine kontrollierte Machtteilung in der Zugriffskontrollarchitektur / Joerg Abendroth (Trinity College Dublin, IE) (*) Ein Ansatz zur Intrusion Detection für Prozessautomatisierungssysteme / Martin Naedele (ABB Corporate Research, CH) (*) Visual-IDS oder eine andere Sicht der Dinge / Andreas Lindenblatt, Daniela Lindenblatt, Björn Scheuermann (Solution, DE) Honeypots Session: A Honeynet within the German Research Network -- Experiences and Results / Helmut Reiser (Ludwig Maximilian Universität München, DE), Gereon Volker (Technische Universität München, DE) (*) Ermittlung von Verwundbarkeiten mit elektronischen Ködern / Maximilian Dornseif (Universität Bonn, DE), Felix C. Gärtner, Thorsten Holz (RWTH Aachen, DE) (*) Ein Netzwerk von IDS-Sensoren für
Re: [Full-Disclosure] Sasser author
Hello. Earl Keyser wrote: Let's be clear. Sasser violates networks and causes grief. you missed one point: Sasser only violates *unpatched* networks, not networks in general. GTi ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sasser author
[EMAIL PROTECTED] wrote: Hello. Earl Keyser wrote: Let's be clear. Sasser violates networks and causes grief. you missed one point: Sasser only violates *unpatched* networks, not networks in general. Point not missed at all. Probing a network for vulnerabilities with the intent to use the found holes for sabotage (without the owners consent) is a criminal act. And stop this silly mumbling about Sasser being created as warning or heads up. Sasser was created to create havoc, nothing else. // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Support the Sasser-author fund started
| I don't really see any question of ethics, morals, or legality here. The | burgaler is at fault. Said intruder may not be guilty of theft, and may | have had pure motives, but they're still plainly guilty of Tresspass and | Breaking and Entering. But trespass is only a civil offence and not a criminal one (in the UK anyhow) and breaking and entering is not in itself a crime, only a constituent part of burglary - you'd also have to prove intent to steal. So you could sue him/her, but strictly speaking no criminal act has occured... Sorry to be a pedantiscist. Charlie ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Worm of the worm?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Roberto a.k.a. Logan There are no answers, only cross refernces. -- Weiner's Law of Libraries - --- Roberto Navarro [EMAIL PROTECTED] Registered Linux User #212565 - --- -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 iQA/AwUBQKS63MhDftHeZF7JEQLl/ACfU2fksblzy3zYh4yelCH2GxATsqcAoM+F S/UxvCt8U0dgVqP3E+TeunS2 =sEU4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Worm of the worm?
That's the Dabber worm: http://vil.nai.com/vil/content/v_125300.htm Cheers, Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roberto Navarro - TusProfesionales.es Sent: 14 May 2004 13:26 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Worm of the worm? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Roberto a.k.a. Logan There are no answers, only cross refernces. -- Weiner's Law of Libraries - --- Roberto Navarro [EMAIL PROTECTED] Registered Linux User #212565 - --- -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 iQA/AwUBQKS63MhDftHeZF7JEQLl/ACfU2fksblzy3zYh4yelCH2GxATsqcAoM+F S/UxvCt8U0dgVqP3E+TeunS2 =sEU4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] DOE updated cybersecurity //no code or 0day sploits// just info
I thought you all would be intersted in this.. Secretary of Energy Launches Initiatives To Bolster Security at Nuclear Facilities Improvements To Impact Cybersystems, Guard Force Protection, and Consolidation of Nuclear Materials AIKEN, S.C. - Secretary of Energy Spencer Abraham announced a set of sweeping new initiatives today to improve security across the Energy Department's nationwide network of laboratories and defense facilities, particularly those housing weapons-grade nuclear material. Addressing a gathering of top security officers from across the DOE complex, Abraham noted that the Energy Department, which develops and maintains the nation's nuclear weapons stockpile, is responsible for protecting critical national defense assets that simply put, must not be allowed to fall into the wrong hands. The Secretary unveiled initiatives to expand the capabilities of DOE security personnel, including possibly federalizing some security units currently managed by contractors; consolidate sensitive nuclear material into fewer locations; enhance protections of classified computer information; upgrade security systems at key facilities; and make managers more receptive to security concerns. Since the stakes are so high Abraham told the security officers at DOE's Savannah River Site, everything is on the table, including the possibilities of common labor-contract language for security groups across the DOE complex or establishing a special elite federal force to protect the most sensitive installations. To maximize the effectiveness of DOE security forces, Abraham said the DOE will consider the creation of a specialized security contingent to guard the department's high-priority nuclear facilities, with capabilities similar to the military's Delta Force or Navy SEAL units. Abraham acknowledged recent reports of security lapses, such as lost keys, at some DOE sites, but he called the incidents rare. But frankly, rare or not, they are unacceptable, and the failure of any and all levels of management to address instances such as these will not be tolerated, he said. In a move to reduce the number of nuclear facilities that need high-level protection, Abraham proposed consolidating special nuclear material - the type used for weapons and other sensitive applications - into fewer sites. The consolidation effort would remove the most-sensitive nuclear material from Los Alamos National Laboratory's Technical Area 18 and the Sandia Pulse Reactor facility in New Mexico, consolidate material stored at the Y-12 National Security Complex in Tennessee, and assess whether defense-related work at Lawrence Livermore National Laboratory in California could be relocated, allowing removal of special nuclear material from that facility. To improve the protection of sensitive information, Abraham announced a Cyber Security Enhancement Initiative to help protect the confidentiality, integrity and availability of all our information systems to assure that we can continue to perform our missions even while under cyber attack. The initiative, to be implemented within the next year, would deploy intrusion-detection systems to guard against potential cyber attacks, improve procedures to guard against internet threats and enhance the security of on-line information. Citing past problems with computer disks and hard drives containing classified information, Abraham proposed an initiative to move to diskless workstations for classified computing to allow sensitive functions such as weapons design to be performed in a more-secure diskless environment. Addressing the issue of lost keys and key cards, Abraham said he intends to do away with the use of mechanical keys as an important part of our protection system and replace them with sophisticated new technologies that will allow a keyless security environment, where access is not afforded by any physical item or object that can be lost or stolen. Abraham also called for regular reviews of DOE security standards and procedures to ensure a modern efficient, effective guard force able to meet 21st century threats and for new programs to train security officers and test their readiness to respond to attacks or attempts to infiltrate facilities. He also discussed initiatives to recruit and train the best possible candidates for DOE security jobs and to increase employee retention rates. The initiatives include faster background checks for employee security clearances and an intern program to help recruit highly qualified technical personnel in the areas of cyber security, nuclear material control and physical security. To ensure that DOE's security establishment functions effectively, the Secretary also called for a change in our management culture to improve the way the department accepts, analyzes and responds to criticisms and concerns from outside the department as well as from employees, who Abraham said should be confident about raising questions or concerns without fear of retribution.
[Full-Disclosure] Orkut fake in the wild
Hi, Orkut (http://www.orkut.com) is a social network in the net, where you can meet new friends and connect your activities into communities. it is like friendstar. Now there is an orkut fake in the wild named Orcut (http://www.orcut.com). If you are a member of Orkut you receive messages with an invitation to join a community with a link inside like this: http://www.orkut.com/Community.aspx?cmm=32318 But in this message orkut is changed into orcut: http://www.orcut.com/Community.aspx?cmm=32318 If you go to this site and try to log in like you normally do, the site owner collects your user name and password of orkut. just another fake site in the net. regards nico -- Nico Golde| [EMAIL PROTECTED] | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://www.ngolde.de | GnuPG Key: http://www.ngolde.de/gpg/nico_golde.gpg Fingerprint | FF46 E565 5CC1 E2E5 3F69 C739 1D87 E549 7364 7CFF vim -c :s/^/WhfgTNabgureRIvzSUnpxreT-Tavba/|:s/[R-T]/ /Ig|:normal ggVGg? pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #1643 - 30 msgs
RandallM wrote: Are you JOKING ME!! A WAKEUP CALL?? You are an idiot. They took deliberate advantage of a release and already known exploit known by Microsoft!! The only dam wakeup call should be to those who are capable to come to the aid of mom and pops who just want to get their dam pictures of grand kids thru email but have to mull their way through YOUR destructive use of FEATURES. I mean I must be totally loosing it. This whole thing has gotten way out of hand and there will be no end in sight. A patch for an exploit, an exploit found in the patch, a patch for and exploit, etc., etc., all because you think you're sending Microsoft a message? You know what Sasser Supporter; the feature would be nothing and go away except for the sad fact that those who have to seek and destroy do so. You don't hurt Microsoft. You hurt your mom and dads, grandmas and granddads. You help Microsoft gain profits by upgrading their software to fix FEATURES! You troll the boards and news groups looking for code you can cut and paste. And then you make this intelligent statement: |When will people realise that microsofts base products are not fit to be |subjected to the hostile environment that the internet is these days? ...it's hostile because of...YOU! Idiot. Sorry but this just pissed me off. calm down and read the whole thread... it's not a one way sollution, he has a point. not that i think he is right, but there are 2 sides to look at this. probably not what you want to hear, but anyway, you should read it :) -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 [EMAIL PROTECTED] -=- http://harry.ulyssis.org -- Air conditioned environment - do not open windows! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] (AUSCERT AA-2004.02) AUSCERT Advisory - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices (fwd)
[EMAIL PROTECTED] wrote: On Thu, 13 May 2004 20:36:47 +0200, Gunter Luyten [EMAIL PROTECTED] said: The model of a shared communications channel is a fundamental factor in the effectiveness of an attack on this vulnerability. For this reason, it is likely that devices based on the newer IEEE 802.11a standard will not be affected by this attack where the physical layer uses Orthogonal Frequency Division Multiplexing (OFDM). That might be possible indeed, but this confirms to me that this vulnerability is based upon radio physics rather than shortcomings in the CSMA/CA protocol. What they're saying here is We'll not be affected by *THIS* attack (the one that transmits on 1 frequency per channel). A moment's pondering will show that all you have to do is apply the same attack to the 48 OFDM subcarriers at once. In other words, just a little more challenging. (Remember, every single card that does OFDM has the circuitry to handle this already on it). So no, you can't take down an OFDM with a PDA that does 802.11b. You have to get a PDA that has an OFDM-capable card. :) Indeed, that's right. A similar attack against OFDM takes more than just jamming one frequency, but it's still possible to interfere. Techniques as frequency hopping and multiplexing make it more difficult to exploit, but as long as the communication is based on a shared medium, the vulnerability stays. Best regards, Gunter Luyten ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] IE Crash - Anyone Seen This Before?
script type=text/javascript Wnd = window.createPopup(); Wnd.document.body.innerHTML='meta http-equiv=imagetoolbar content=no'; /script It crashs the latest IE with all patches. Dont see why it only seems to work for me with only that META tag. Has anyone seen this before with other tags or the same bit of code? Regards, Nick -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Worm of the worm?
Hi K-OTik published an exploit for sasser's ftpd : http://www.k-otik.com/exploits/05102004.sasserftpd.c.php Maybe you are seeing manual scans or a brand new worm. Have a nice day Maxime Ducharme Programmeur / Spécialiste en sécurité réseau - Original Message - From: Roberto Navarro - TusProfesionales.es [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 8:26 AM Subject: [Full-Disclosure] Worm of the worm? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Roberto a.k.a. Logan There are no answers, only cross refernces. -- Weiner's Law of Libraries - --- Roberto Navarro [EMAIL PROTECTED] Registered Linux User #212565 - --- -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 iQA/AwUBQKS63MhDftHeZF7JEQLl/ACfU2fksblzy3zYh4yelCH2GxATsqcAoM+F S/UxvCt8U0dgVqP3E+TeunS2 =sEU4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] cyberwar against US ?
hi FD, I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? fred ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Sasser author
As soon as your virus changes the content of any part of the system's memory, be it the RAM or any other medium you have already manipulated data and are guilty of the corresponding crime. It's as easy as that. In No it is not as easy as that. When I look at some random webpage, the webserver has to load data into his ram and will then deliver it to me. Thus I changed data in RAM. If this ever becomes a crime internet will become quite boring. With this email distributed to a lot of mailboxes, I changed data on many mailservers, that have to store it. Sending email is not illegal according to german law, though. This is idiotic. Yes. Because there is no simple logic behind this, we have judges. They have to aplly common sense to the law. And common sense always is a point for discussion. The real world is not digital. It is not as easy as if (MEMORY_modified) {jail($years)}; Intentions play a role here. So does the ability to judge your own actions. And (last but not least) how easy it was made for you to commit a crome is often affecting the time you have to spend in jail or the amount of cash your crome costs you. Nils ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. Bye, Raymond. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Worm of the worm?
On Fri, 2004-05-14 at 07:26, Roberto Navarro - TusProfesionales.es wrote: I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Perhaps the Dabber worm? http://www.lurhq.com/dabber.html Regards, Frank signature.asc Description: This is a digitally signed message part
Re: [Full-Disclosure] Sasser author
various snippage Yes, but is it a crime that should be equated with holding hostages or hijacking airliners? Obviously no. Unless the -intent- (which you mention below) was to cause havoc on the internet. There is a bogus category of electronic terrorism, which is being subject to the same aggressive prosecutorial standard that is established for those who perpetrate real crimes of terror. 18 year-old kids, without /intention/ of political or ideological violence against innocents, are being held with the legal gravity of weapons smugglers. Intention is a key definition of guilt in - at least - British, and US-ian law. Well, we won't go into how skewed some of the sentencing laws are. More time in jail and bigger fines for trading MP3's than for beating someone up and stealing their money to buy drugs? Definately messed up. As for intention . . . the sasser author cann't claim he didn't intend for his worm to exploit vulnerable systems and spread. Here you have a social naive, without any experience in life that connects the gravity of consequences to his actions. Chances are, his life will be pretty much ruined. That is an equitable outcome, because some Systems Administrators were given a couple of rough days at work? Socially inept or not, he must have had a good idea of the annoyance his worm would cause if it worked. As for equitable, let's see. . . Let's give an example. Someone paints graffiti on the side of my house/barn/apartment/office/whatever. I could always have the kid imprisoned, but that wouldn't undo the damage his act of vandalism did. So, to make amends, I give him a bucket of paint and a brush, and have him repaint the wall back to its original color. Sounds fair? No jail time. The perp makes amends that are pretty much equal to the cost of thier crime. Now, let's extend the analogy. Cleaning up after the worm takes a little time, so we'll have the worm writter clean up after his infections. At 20 minutes each. For 5 MILLION (wild assed guesstimate) infected hosts. Somehow, jailtime doesn't seem right - but it -really- doesn't seem equitable to let the kid walk. Someone's paying those admins and tech support people to clean up the mess... Cheers, L4J ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Support the Sasser-author fund started
Tobias, following your logic, the people who found and disclosed the vulnerability that Sasser was abusing should be prosecuted together with the author of the viral code. What is the next stage? Jalining people who write proof of concept exploit code? Punish Fyodor for writing nmap or maybe prosecute the nessus team? If the guy wrote the code and intentionally released the worm and infected half of the Internet then he is guilty, but that remains to be proven. Nobody has cancelled the presumtion of innocence yet! My personal opinion is that more blame should be put on M$. But where would the security industry be if not for Microsoft's products :) -- Respectfully, Konstantin V. Gavrilenko Arhont Ltd - Information Security web:http://www.arhont.com http://www.wi-foo.com e-mail: [EMAIL PROTECTED] tel: +44 (0) 870 44 31337 fax: +44 (0) 117 969 0141 PGP: Key ID - 0x4F3608F7 PGP: Server - keyserver.pgp.com Tobias Weisserth wrote: Hi harry, On Thu, 2004-05-13 at 14:33, harry wrote: Tobias Weisserth wrote: snip I find your explanation why this author of a virus should be treated any different than other authors somehow illogical. The Sasser author has done nothing to foster security. So there is really no need for the security scene to support him. there is one other thing... he is correct when he says that Microsoft will say it's completely the worm writer's fault. It IS completely the author's fault. HE wrote it, HE caused the damages and HE violated German law. As much as MS products suck, MS has done nothing illegal. BUT i think Microsoft should be punished too for having so many security holes. they had to patch it faster. A patch to this problem has been available for at least two weeks prior to the release of the worm. So what's your boundary when you speak of earlier? A month? A year? Should the exploitation of a bug be legal if the vendor doesn't offer a patch in time?! That's the direction you're pushing here. who's fault is it really when you buy a door, you lock it, but a burglar finds a way to easily open it, comes in and tells you... Nobody asked the burglar to do this. He broke law. He caused damages. And he certainly didn't improve your security by doing so when the door vendor already offered a patch for your door two weeks ago. There's just no way you can justify the action of this idiot by blaming MS. I say this idiot has to be punished and punished to the full extend law allows. Maybe this deters other idiots to do the same. Tobias W. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] SUSE Security Announcement: mc (SuSE-SA:2004:012)
-BEGIN PGP SIGNED MESSAGE- __ SUSE Security Announcement Package:mc Announcement-ID:SuSE-SA:2004:012 Date: Friday, May 14th 2004 16:00 MEST Affected products: 8.0, 8.1, 8.2, 9.0, 9.1 SuSE Linux Database Server, SuSE eMail Server III, 3.1 SuSE Linux Enterprise Server 7, 8 SuSE Linux Firewall on CD/Admin host SuSE Linux Connectivity Server SuSE Linux Office Server Vulnerability Type: local privilege escalation Severity (1-10):3 SUSE default package: yes Cross References: CAN-2004-0226 CAN-2004-0231 CAN-2004-0232 Content of this advisory: 1) security vulnerability resolved: - buffer overflows - tmp file problems - format string bugs problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - sharutils - apache2* - xine* - sysconfig - clamav - exim - utempter - busybox - monit - ethereal - kphone 3) standard appendix (further information) __ 1) problem description, brief discussion, solution, upgrade information The Midnight Commander (mc) is a file manager for the console. The mc code is vulnerable to several security related bugs like buffer overflows, incorrect format string handling and insecure usage of temporary files. These bugs can be exploited by local users to gain access to the privileges of the user running mc. There is no workaround known other then avoid using mc. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command rpm -Fhv file.rpm to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mc-4.6.0-327.i586.rpm c5ad0c60348bc462db2d71735247ee1d patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mc-4.6.0-327.i586.patch.rpm 850b02c3908588ae83afd5027add43ec source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mc-4.6.0-327.src.rpm 71c511d7bfbf7cc285aed54e164e4077 SuSE-8.2: ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mc-4.6.0-327.i586.rpm c12550eca593946915b2bf39759e78d1 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mc-4.6.0-327.i586.patch.rpm 8879832d99052ac11fc40423027f4bb4 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mc-4.6.0-327.src.rpm 585c3678406be16171b26ceaeb5600c7 SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mc-4.5.55-758.i586.rpm 4fa2bd194e823ef8dce8b0ee4a7d5707 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mc-4.5.55-758.i586.patch.rpm b22258254be06b2493d1ea39a5b97b00 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/mc-4.5.55-758.src.rpm 860f9fc3b3825031b8d7c10fbf793fcd SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/mc-4.5.55-758.i386.rpm bdf10b7c25fdececa1f369b0baeaa764 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/mc-4.5.55-758.i386.patch.rpm 7e3c66bb6f257688f858424f164e360d source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/mc-4.5.55-758.src.rpm 46dd268a6e2f7c7596ed45fd9ab03c88 __ 2) Pending vulnerabilities in SUSE Distributions and Workarounds: - sharutils This update fixes a buffer overflow in shar while handling the '-o' commandline option. The buffer overflow can be abused to execute commands remotely in conjunction with other systems (CGI, ...). New packages are available on our FTP servers. - apache2/-devel/-doc/-example-pages/-prefork/-perchild/-worker, apr, libapr0 These updates fix a memory leak in the mod_ssl module of apache2 (CAN-2004-0113), a possible remote DoS attack on accessing rarely used listening ports (CAN-2004-0174), and a problem with unescaped special characters in log files that could present a security hazard for
Re: [Full-Disclosure] Support the Sasser-author fund started
[SNIP} --- Yes, but the context that he used implied that German laws are sane and US laws are not. Not just one or two laws, but ALL laws. I took offense to that. I see it time and time again where people are just into US bashing for the sake of it. Just like saying that Microsoft is to be blamed for worm outbreaks... it's just plain rubbish. For the most part US laws are very sane, You can't take pornographic pictures of children in the US, sounds sane to me... some countries this is legal You can't sell crude oil and call it medicine to heal all that ails you, sounds sane to mesome countries this is legal You ignore the fact though that the media waves are hit quite often with stories about fed, state, and more local legislation dating back to the 1700's or even 1800's that are dated, silly, and in some cases just plain stupid if not unconstitutuinal, and need or are being revised to fit the time and understanding of the present. No country is perfect, I'll give everyone that. Why don't people start bashing Antarctica for a change. Certainly, if we all paid a tad more head to this variant of he who is without fault can cast the frst stone, we have far less silly flamefests out here smile, course to err is human, and we tend to err alot and some of us, me tend to typo up a storm as well!. But, please, leave the antartic and it's frozeded inhabitants alone, but do send firewood. Thanks, Ron DuFresne ~~ Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sasser author
Hello, Anders B Jansson wrote: [EMAIL PROTECTED] wrote: you missed one point: Sasser only violates *unpatched* networks, not networks in general. Point not missed at all. Probing a network for vulnerabilities with the intent to use the found holes for sabotage (without the owners consent) is a criminal act. not here where I'm living. But IANAL in your country. So, it depends on where you are living if it's illegal or not. And stop this silly mumbling about Sasser being created as warning or heads up. That's your *interpretation*, not what I said. And this interpretation is *wrong*. Sasser was created to create havoc, nothing else. ACK. But only unpatched computers were vulnerable - we had no problems here 'cause we've already patched our machines. So, our network was not violated and we had time for more important things then solving problems caused by a worm that could spread because of unpatched computers. GTi ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Sasser author
Hi Nils, On Fri, 2004-05-14 at 15:54, Nils Ketelsen wrote: As soon as your virus changes the content of any part of the system's memory, be it the RAM or any other medium you have already manipulated data and are guilty of the corresponding crime. It's as easy as that. In No it is not as easy as that. When I look at some random webpage, the webserver has to load data into his ram and will then deliver it to me. Thus I changed data in RAM. If this ever becomes a crime internet will become quite boring. The webserver is offering a public service. A victim's PC is not offering a public server that any virus may use... The fact that I actually have to explain this difference is quite amusing in itself. Are you that stupid or is it just you being a troll? With this email distributed to a lot of mailboxes, I changed data on many mailservers, that have to store it. Sending email is not illegal according to german law, though. Same as the webserver. Mail servers offer a public service and are actually welcoming connections. You have the permission to use the service. It becomes illegal data manipulation as soon as you don't have a permission to use a service or exploit a bug where there is no service at all. In the case of Sasser, it's even more obvious. Sasser doesn't make fraudulent use of a service, it exploits a bug and installs itself, running an own service (FTP). Anybody claiming this is not illegal data manipulation is simply a troll, blackhat or idiot. Or possibly all three of those. This is idiotic. Yes. Because there is no simple logic behind this, we have judges. They have to aplly common sense to the law. And common sense always is a point for discussion. I guess the judges won't disappoint you. They'll judge him allright. He can be lucky he doesn't get grown-ups law but is treated under law for minors. 3 years behind bar are possible though and I really hope it is going to be 3 years and lots of rear-end penetrations for this guy. The real world is not digital. It is not as easy as if (MEMORY_modified) {jail($years)}; Let's just hope they'll use an eternal loop to calculate his penalty :-) At least the damages he'll have to repay will probably be calculated this way... Intentions play a role here. Well, the prosecution won't have to prove what his intention was when they have evicence he wrote it and spread it. Apart from that, he has already confessed. And then it's up to him to prove he had good intentions, not the prosecution. So does the ability to judge your own actions. Well, I'm really interested to learn why someone should write a virus and spread it. There's really not a single answer that could explain why it makes sense to write a virus and actually spread it. And (last but not least) how easy it was made for you to commit a crome is often affecting the time you have to spend in jail or the amount of cash your crome costs you. The judge will also hold into account how great the damages were he caused. THAT will be an essential part of the consideration regarding his punishment. Tobias ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
Frederic Charpentier wrote: hi FD, I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. Imminent death of net predicted...film at 11? does anyone have heard about that ? There was a much-hyped hack the world competition last year (in July or August IIRC) - I got to waste a nice Sunday afternoon waiting for a wave of attacks that of course never materialised. I'm sceptical of anything that gets announced in advance (apart from worms based on MS patches, that is ;) fred cheers \a -- Andrew Simmons Penetration Tester | Security Consultant yuk :/ The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the intended recipient. If you are not the intended recipient any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on +44 (01622) 723410. This email is intended for the recipient only and contains confidential information, some or all of which may be legally privileged. If you are not the intended recipient, you must not use, save, disclose, distribute, copy, print or rely on this email or any information contained within it. Please notify the sender by return and delete it from your computer. Thank you. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Worm of the worm?
Roberto Navarro - TusProfesionales.es wrote: I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Dabber worm : http://www.theregister.co.uk/2004/05/14/dabber_worm/ The worm of the worm - all we need now are the feature film and the novelisation. Roberto a.k.a. Logan cheers \a -- Andrew Simmons Penetration Tester | Security Consultant bleurgh The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the intended recipient. If you are not the intended recipient any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on +44 (01622) 723410. This email is intended for the recipient only and contains confidential information, some or all of which may be legally privileged. If you are not the intended recipient, you must not use, save, disclose, distribute, copy, print or rely on this email or any information contained within it. Please notify the sender by return and delete it from your computer. Thank you. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Worm of the worm?
I think you guys are talking about the Dabber worm. http://vil.nai.com/vil/content/v_125300.htm Exibar - Original Message - From: Maxime Ducharme [EMAIL PROTECTED] To: Roberto Navarro - TusProfesionales.es [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:01 AM Subject: Re: [Full-Disclosure] Worm of the worm? Hi K-OTik published an exploit for sasser's ftpd : http://www.k-otik.com/exploits/05102004.sasserftpd.c.php Maybe you are seeing manual scans or a brand new worm. Have a nice day Maxime Ducharme Programmeur / Spécialiste en sécurité réseau - Original Message - From: Roberto Navarro - TusProfesionales.es [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 8:26 AM Subject: [Full-Disclosure] Worm of the worm? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Roberto a.k.a. Logan There are no answers, only cross refernces. -- Weiner's Law of Libraries - --- Roberto Navarro [EMAIL PROTECTED] Registered Linux User #212565 - --- -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 iQA/AwUBQKS63MhDftHeZF7JEQLl/ACfU2fksblzy3zYh4yelCH2GxATsqcAoM+F S/UxvCt8U0dgVqP3E+TeunS2 =sEU4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] New therad: sasser, costs, support etc alltogether
I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. It is obvious that almost every legal system in the world treats #3 as crime, while #2 and #1 are broadly tolerated. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. Is it right? Or - is it wrong? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. Am I alone? cikasole ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Sasser (Author) worm thread
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, I'm having as much fun as many others seeing you people spitting on each other. It has been really entertaining. Loads of fun. But isn't this time to drop this thread ? []s - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFApOxkpdyWzQ5b5ckRAs8oAKC6spHAi5v7eWIrji6kdPWXNyyU+QCgsVMt QHCRCTQLhRalDXJLgNh6Di8= =RWAN -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
Technically, there _is_ sort of a sense of national borders in cyberspace in the form of what backbone providers own which IP blocks ane where they geographically distribute them. - Original Message - Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
Well, if I had to venture a guess I would think: http://www.iana.org/assignments/ipv4-address-space Would be most usefull in finding out who is where. On Fri, May 14, 2004 at 04:13:25PM +0200, Raymond Dijkxhoorn wrote: Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. Bye, Raymond. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- [District Attorneys] learn in District Attorney School that there are two sure-fire ways to get a lot of favorable publicity: (1) Go down and raid all the lockers in the local high school and confiscate 53 marijuana cigarettes and put them in a pile and hold a press conference where you announce that they have a street value of $850 million. These raids never fail, because ALL high schools, including brand-new, never-used ones, have at least 53 marijuana cigarettes in the lockers. As far as anyone can tell, the locker factory puts them there. (2) Raid an adult book store and hold a press conference where you announce you are charging the owner with 850 counts of being a piece of human sleaze. This also never fails, because you always get a conviction. A juror at a pornography trial is not about to state for the record that he finds nothing obscene about a movie where actors engage in sexual activities with live snakes and a fire extinguisher. He is going to convict the bookstore owner, and vote for the death penalty just to make sure nobody gets the wrong impression. -- Dave Barry, Pornography pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] Worm of the worm?
On Fri, 14 May 2004 14:19:12 BST, Randal, Phil [EMAIL PROTECTED] said: That's the Dabber worm: http://vil.nai.com/vil/content/v_125300.htm It's really sad that Sasser has nailed *so many* machines that Dabber is able to propagate. Out in the real world, a virus that could only spread between people who were actively infected with the contagious phase of measles, or polio, or smallpox wouldn't be able to spread very well at all. Obviously, Sasser is yet another strain of herpes for the Internet. pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] cyberwar against US ?
On Fri, 14 May 2004 16:13:25 +0200, Raymond Dijkxhoorn said: Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. OK.. Tell me where you expect to see traffic spikes if you launch a DDoS on the following targets: 1) www.microsoft.com 2) AOL's mail servers 3) www.whitehouse.gov 4) www.bbc.co.uk 5) The Al-Ghazeera website. As you were saying? pgp0.pgp Description: PGP signature
Re: [Full-Disclosure] cyberwar against US ?
here the link to the zone-h news : http://www.zone-h.org/en/news/read/id=4225/ Fred. Raymond Dijkxhoorn wrote: Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. Bye, Raymond. -- __ X-m.co Partners Frédéric Charpentier Consultant Securite / Test d'intrusion tel : 33 1 53 45 28 63 mob : 33 6 14 36 68 83 mail : [EMAIL PROTECTED] 16 place Vendome 75001 PARIS _ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
Hello Frederic, Friday, May 14, 2004, 9:51:51 AM, you wrote: FC hi FD, FC I've read on zone-h that a group of hackers, called HAA, plans a massive FC cyberattack against usa. Hope they dont or they will be caught like flies. FC does anyone have heard about that ? I heard it from some script kiddies, nothing to worry about. FC fred RaFa. FC ___ FC Full-Disclosure - We believe in it. FC Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] New therad: sasser, costs, support etc alltogether
So society is to blame I guess. This is the same brain-dead logic that concludes that we shouldn't arrest poor people who commit crimes. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Radule Soskic Sent: Friday, May 14, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] New therad: sasser, costs, support etc alltogether I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. It is obvious that almost every legal system in the world treats #3 as crime, while #2 and #1 are broadly tolerated. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. Is it right? Or - is it wrong? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. Am I alone? cikasole ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. OK.. Tell me where you expect to see traffic spikes if you launch a DDoS on the following targets: 1) www.microsoft.com 2) AOL's mail servers 3) www.whitehouse.gov 4) www.bbc.co.uk 5) The Al-Ghazeera website. You list one nice example, and also one that is pointing to what i were saying. microsoft is, if i am right, still akamized. I am sure you get the picture, i still think its hard to define 'US' but never mind. Even if you lookup things, its all depeding of the view they give you for your lookup. Specific sites you may be able to pinpoint. Bye, Raymond. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sasser author
I am responsible for security in a small business' network (50-or-so machines, most of them running MS OSs). I have been aware of MSS bulletins as soon as they where out, and made sure to apply patches as specified. Sasser did nothing to my offices' network. But, on the other hand, I have a single PC at home, one I don't use very much, and I often forget to deal with security patches on that machine. Well - would you bet? - I got a Sasser infection at home, which caused me the discomfort of a late-night session of cleaning, disinfeting, patching and do on. I put the blame on me, of course. But sure I could have spent that night doing something better, chat-cheating the wife, reading a book, going to the movies and so on. So my question is: what wrong did al this do to The Microsoft BEAST? It only did some wrong to me and my personal life. I could have avoided that, but can't I feel safe at home? Should I be satisfied at thinking that this guy is a social naive whith no conscience of the consequences of his acts? Isn't this what the law is meant for, to protect citizens and business from the consequences of other people's acts? Just another 0.02 worth comment in this thread, that is going stale IMO... Paolo Mattiangeli ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Sasser Hackers Against America
This is a great story. Someone is trying to raise money for the Sasser author via a website. "After all, SASSER was intended as a harmless wake-up call to the world. " http://story.news.yahoo.com/news?tmpl=storycid=74ncid=1212e=9u=/cmp/20040514/tc_cmp/20300950 As far as Hackers Against America, I wonder if the mean US govt systems or well-known US companies. i guess we'll all have to seeBradford ShedwickAmerican by birth, Patriot by choice Do you Yahoo!?SBC Yahoo! - Internet access at a great low price.
[Full-Disclosure] Symantec Multiple Firewall DNS Response Denial-of-Service (PoC)
Symantec Multiple Firewall DNS Response Denial-of-Service (PoC) HOD-symantec-firewall-DoS-expl [-fi:str] [-tp:int] [-ti:str] [-n:int] -fi:IPFrom (sender) IP address -tp:int To (recipient) port number -ti:IPTo (recipient) IP address -n:intNumber of times to send message http://www.securitylab.ru/45219.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Orkut fake in the wild
whois registrations for both sites seem to be the same. The ip addresses of both servers are 66.28.205.19 and .22 respectively. I'm inclined to think that it's legit and they've simply taken steps to stop what you believe is happening. -Original Message- From: Nico Golde [mailto:[EMAIL PROTECTED] Sent: Thursday, May 13, 2004 2:32 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Orkut fake in the wild Hi, Orkut (http://www.orkut.com) is a social network in the net, where you can meet new friends and connect your activities into communities. it is like friendstar. Now there is an orkut fake in the wild named Orcut (http://www.orcut.com). If you are a member of Orkut you receive messages with an invitation to join a community with a link inside like this: http://www.orkut.com/Community.aspx?cmm=32318 But in this message orkut is changed into orcut: http://www.orcut.com/Community.aspx?cmm=32318 If you go to this site and try to log in like you normally do, the site owner collects your user name and password of orkut. just another fake site in the net. regards nico -- Nico Golde| [EMAIL PROTECTED] | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://www.ngolde.de | GnuPG Key: http://www.ngolde.de/gpg/nico_golde.gpg Fingerprint | FF46 E565 5CC1 E2E5 3F69 C739 1D87 E549 7364 7CFF vim -c :s/^/WhfgTNabgureRIvzSUnpxreT-Tavba/|:s/[R-T]/ /Ig|:normal ggVGg? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Support the Sasser-author fund started
Nobody asked the burglar to do this. He broke law. He caused damages. And he certainly didn't improve your security by doing so when the door vendor already offered a patch for your door two weeks ago. if the burglar was a really a good guy he would have come over knocked your door, ring your bell till you open the door and *then* demonstrate this in front of u and then instruct u to repair it. I say this idiot has to be punished and punished to the full extend law allows. Maybe this deters other idiots to do the same. may we add ms to the above list ? -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
On Fri, 14 May 2004 19:08:32 +0200, Raymond Dijkxhoorn said: You list one nice example, and also one that is pointing to what i were saying. microsoft is, if i am right, still akamized. Sort of. Their DNS seems to be, but not their hosting. % dig www.microsoft.com gives us: www.microsoft.com. 58 IN CNAME www.microsoft.akadns.net. www.microsoft.akadns.net. 6 IN CNAME www2.microsoft.akadns.net. www2.microsoft.akadns.net. 36 IN A 207.46.244.188 % dig -x 207.46.244.188 188.244.46.207.in-addr.arpa. 3600 INPTR origin2.microsoft.com. traceroute 207.46.244.188 traceroute to 207.46.244.188 (207.46.244.188), 30 hops max, 38 byte packets ... (lopping out uninteresting details of our local net) 7 atm1-0.11.roa.networkvirginia.net (192.70.187.194) 2.192 ms 2.423 ms 1.797 ms 8 sl-gw20-rly-2-2.sprintlink.net (160.81.255.1) 7.583 ms 7.175 ms 7.269 ms 9 sl-bb23-rly-3-2.sprintlink.net (144.232.14.45) 10.779 ms 7.325 ms 7.291 ms 10 sl-bb21-rly-9-0.sprintlink.net (144.232.14.133) 7.985 ms 7.439 ms 7.279 ms 11 sl-bb22-rly-13-0.sprintlink.net (144.232.7.254) 7.700 ms 7.277 ms 7.237 ms 12 sl-bb22-sj-10-0.sprintlink.net (144.232.20.186) 69.326 ms 69.370 ms 69.075 ms 13 sl-bb23-tac-14-0.sprintlink.net (144.232.20.9) 91.104 ms 91.112 ms 91.018 ms 14 sl-bb22-tac-9-0.sprintlink.net (144.232.17.181) 91.250 ms 90.928 ms 91.237 ms 15 sl-bb20-sea-0-0.sprintlink.net (144.232.9.150) 91.991 ms 91.753 ms 92.084 ms 16 sl-gw14-sea-7-0.sprintlink.net (144.232.6.154) 91.898 ms 91.464 ms 91.744 ms 17 sl-webtv1-1-0-0.sprintlink.net (144.232.192.6) 95.027 ms 96.160 ms 95.345 ms 18 gig6-0.core1.sea1.ntwk.msn.net (207.46.40.1) 94.487 ms 94.626 ms 94.558 ms 19 pos7-0.iusnixcpxc1201.ntwk.msn.net (207.46.36.66) 95.011 ms 94.662 ms 94.800 ms 20 pos1-0.iustixcpdc1201.ntwk.msn.net (207.46.155.10) 92.327 ms 92.637 ms 93.528 ms Here to Roanoke to San Jose to Tacoma to Seattle... Looks like it ends up back at MSN.. ;) And yes, there *is* a Akamai node in my machine room, so if it was fully akamai'ed it wouldn't go cross country... pgp0.pgp Description: PGP signature
RE: [Full-Disclosure] Sasser author ( off thread post about duplicate emails )
i have been getting a lot of emails twice. is any one on the list experiencing the same problem? -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] New therad: sasser, costs, support etc alltogether
^wrongdoing^evildoing and you could use this to justify another Bush war :-) G On or about 2004.05.14 17:27:48 +, Radule Soskic ([EMAIL PROTECTED]) said: I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. It is obvious that almost every legal system in the world treats #3 as crime, while #2 and #1 are broadly tolerated. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. Is it right? Or - is it wrong? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. Am I alone? cikasole ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED] Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] New therad: sasser, costs, support etc alltogether
- Original Message - From: Radule Soskic [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 11:27 AM Subject: [Full-Disclosure] New therad: sasser, costs, support etc alltogether I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. MS releases patches for the holes that are found in their software. No software is perfect, look at the hole in SASSER itself!! Would you rather MS not release patches to save your users the time of applying said patches? (don't answer that... :-) 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. Admins have their choice whether or not to protect their systems. If they choose not to, shame on them, they shouldn't be able to whine about how much money they lost because they didn't patch either. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. Worm authors who release their creations into the wild, are writing programs whose sole purpose in creation is to infiltrate other people's computer systems. sure sounds illegal and immoral to me. Exibar ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Support the Sasser-author fund started
Umm, I'm confused. Fairly new to the security scene, but, didn't the worm come out AFTER the patch? I guess Microsoft could have patched it sooner so that the worm could have come out sooner. The biggest question I have is why all the hostility at Microsoft for patching their system? the problem is many times when the patch is released it tends to break many applications and other random stuff! ms is patching a hole but manages to break other things in the process quite frequently. There are plenty of holes still in the system that warrant your wrath. When I see a worm that comes out before Microsoft patches, I'll be all over Microsoft just as the rest of you Microsoft can do no right doomsayers. just wait till the next worm / malware that comes and tries to infect all the computers then we will welcome u to our clan. -aditya p.s i am not a ms basher but i wish the ms products were not a glass house where repairing one thing causes other things to crack. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Orkut fake in the wild
Hello John, * John LaCour [EMAIL PROTECTED] [2004-05-14 21:57]: whois registrations for both sites seem to be the same. The ip addresses of both servers are 66.28.205.19 and .22 respectively. I'm inclined to think that it's legit and they've simply taken steps to stop what you believe is happening. orcut.com Registrant: BUYUKKOKTEN, ORKUT (LMVKFPHCFD) 2400 W El Camino Real, Apt 419 MOUNTAIN VIEW, CA 94040-1680 US Domain Name: ORCUT.COM Administrative Contact: BUYUKKOKTEN, ORKUT (OBD36) [EMAIL PROTECTED] 2400 W El Camino Real, Apt 419 MOUNTAIN VIEW, CA 94040-1680 US 650 888 5822 fax: 123 123 1234 Technical Contact: Network Solutions, LLC. (HOST-ORG) [EMAIL PROTECTED] 13200 Woodland Park Drive Herndon, VA 20171-3025 US 1-888-642-9675 fax: 571-434-4620 Record expires on 04-Dec-2004. Record created on 04-Dec-2003. Database last updated on 14-May-2004 16:39:17 EDT. Domain servers in listed order: NS73.WORLDNIC.COM 216.168.225.213 NS74.WORLDNIC.COM 216.168.225.214 Registrant: Google Inc. (DOM-439093) 2400 E. Bayshore Pkwy MOUNTAIN VIEW CA 94040-1680 US Domain Name: orkut.com Registrar Name: Markmonitor.com Registrar Whois: whois.markmonitor.com Registrar Homepage: http://www.markmonitor.com Administrative Contact: DNS Admin (NIC-14247233) Google Inc. 2400 E. Bayshore Pkwy MOUNTAIN VIEW CA 94043 US [EMAIL PROTECTED] +1.6508885822 Fax- +1.6506181434 Technical Contact, Zone Contact: DNS Admin (NIC-14247234) Google Inc 2400 E. Bayshore Pkwy Mountain View CA 94043 US [EMAIL PROTECTED] +1.6508885822 Fax- +1.6506181434 Created on..: 2002-Dec-08. Expires on..: 2008-Dec-08. Record last updated on..: 2004-May-06 09:27:48. Domain servers in listed order: NS1.GOOGLE.COM 216.239.32.10 NS2.GOOGLE.COM 216.239.34.10 NS3.GOOGLE.COM 216.239.36.10 NS4.GOOGLE.COM 216.239.38.10 not exact the same data!? regards nico ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Support the Sasser-author fund started
On Fri, 2004-05-14 at 17:23, Konstantin Gavrilenko wrote: Tobias, following your logic, the people who found and disclosed the vulnerability that Sasser was abusing should be prosecuted together with the author of the viral code. Why is that? Did they break German law? Are they responsible by their actions that third parties sustained damages? Did *they* attack by direct or indirect means the systems of third parties? The answer is no. Releasing an advisory in full-disclosure manner is something totally different than writing a virus and spreading it. Say, why do I have to explain these things anyway?! Do you guys have no moral perception at all?! What is the next stage? Jalining people who write proof of concept exploit code? If a proof of concept exploit is released and it illegally manipulates data on third party computers, spreads autonomously and proves an exploit against the permission of third parties on their systems, this is an illegal activity and as such should be prosecuted and prosecuted hard. Punish Fyodor for writing nmap or maybe prosecute the nessus team? Now you're being irrational. Comparing Sasser to nmap or nessus is a bit far fetched, won't you say? And don't tell me there is no sharp boundary between those two, because nobody ain't going to believe it. If the guy wrote the code and intentionally released the worm and infected half of the Internet then he is guilty, He already confessed that at the instant the police searched his house. but that remains to be proven. The police has already confiscated and verified that he is the author of Sasser. The police is also investigating leads that friends helped him spread the virus. Nobody has cancelled the presumtion of innocence yet! Well, a made confession isn't exactly a very strong presumption of innocence, is it? My personal opinion is that more blame should be put on M$. The company is called Microsoft or MS in short. Why don't you use its proper name? And why should blame be put on MS when they released a patch and advised their customers to install the patch two weeks prior to the release of Sasser? There is no law against bad code or bad products but there is law against the abuse and sabotage of computers. Let me get this right for you again: the Sasser author is the bad guy here. He is the reason I have to stay informed about bugs because *he* is exploiting them and not MS. MS doesn't break my computer, it's him and his creation Sasser (Actually this is somehow wrong because I don't have a MS system anymore, but the point is still the same). But where would the security industry be if not for Microsoft's products :) Did you know that the Sasser author's mother runs a little IT consultant company? Now you can talk about self-interest... Tobias ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Support the Sasser-author fund started - Please stop this thread
Guys, I request you all to please stop this thread. There is no need to fill up mailboxes with some non-sense topic. Let's maintain the quality of the list by posting something useful to all. thnx, Manu Garg http://manugarg.freezope.org [EMAIL PROTECTED] wrote on 05/14/2004 11:06:57 PM: Nobody asked the burglar to do this. He broke law. He caused damages. And he certainly didn't improve your security by doing so when the door vendor already offered a patch for your door two weeks ago. if the burglar was a really a good guy he would have come over knocked your door, ring your bell till you open the door and *then* demonstrate this in front of u and then instruct u to repair it. I say this idiot has to be punished and punished to the full extend law allows. Maybe this deters other idiots to do the same. may we add ms to the above list ? -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ForwardSourceID:NTDC2E DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery of the message to such person) and may contain legally privileged and confidential information belonging to Tata Consultancy Services. It must not be printed, read, copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person other than the addressee. Unauthorized use, disclosure or copying is strictly prohibited and may constitute unlawful act and can possibly attract legal action, civil and/or criminal. The contents of this message need not necessarily reflect or endorse the views of Tata Consultancy Services on any subject matter. Any action taken or omitted to be taken based on this message is entirely at your risk and neither the originator of this message nor Tata Consultancy Services takes any responsibility or liability towards the same. Opinions, conclusions and any other information contained in this message that do not relate to the official business of Tata Consultancy Services shall be understood as neither given nor endorsed by Tata Consultancy Services or any affiliate of Tata Consultancy Services. If you have received this message in error, you should destroy this message and may please notify the sender by e-mail. Thank you.
[Full-Disclosure] [ GLSA 200405-07 ] Exim verify=header_syntax buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Exim verify=header_syntax buffer overflow Date: May 14, 2004 Bugs: #50217 ID: 200405-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis When the verify=header_syntax option is set, there is a buffer overflow in Exim that allows remote execution of arbitrary code. Background == Exim is an highly configurable message transfer agent (MTA) developed at the University of Cambridge. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 net-mail/exim= 4.33 = 4.33-r1 Description === When the option verify = header_syntax is used in an ACL in the configuration file, Exim is vulnerable to a buffer overflow attack that can be triggered remotely by sending malicious headers in an email message. Note that this option is not enabled in Exim's default configuration file. Impact == This vulnerability can be exploited to trigger a denial of service attack and potentially execute arbitrary code with the rights of the user used by the Exim daemon (by default this is the mail user in Gentoo Linux). Workaround == Make sure the verify=header_syntax option is not used in your exim.conf file. Resolution == All users of Exim should upgrade to the latest stable version: # emerge sync # emerge -pv =net-mail/exim-4.33-r1 # emerge =net-mail/exim-4.33-r1 References == [ 1 ] CAN-2004-0400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0400 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200405-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFApR4zvcL1obalX08RAj4qAKCImDLrj24oLDw0LWp9GjS3dxeHpQCglZvQ fQIUyrGQF9T14nRKUWCceS4= =T3cu -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Fw: [Full-Disclosure] Sasser author
- Original Message - From: Paolo Mattiangeli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 5:41 PM Subject: Re: [Full-Disclosure] Sasser author I am responsible for security in a small business' network (50-or-so machines, most of them running MS OSs). I have been aware of MSS bulletins as soon as they where out, and made sure to apply patches as specified. Sasser did nothing to my offices' network. But, on the other hand, I have a single PC at home, one I don't use very much, and I often forget to deal with security patches on that machine. Well - would you bet? - I got a Sasser infection at home, which caused me the discomfort of a late-night session of cleaning, disinfeting, patching and do on. I put the blame on me, of course. But sure I could have spent that night doing something better, chat-cheating the wife, reading a book, going to the movies and so on. So my question is: what wrong did al this do to The Microsoft BEAST? It only did some wrong to me and my personal life. I could have avoided that, but can't I feel safe at home? Should I be satisfied at thinking that this guy is a social naive whith no conscience of the consequences of his acts? Isn't this what the law is meant for, to protect citizens and business from the consequences of other people's acts? Just another 0.02 worth comment in this thread, that is going stale IMO... Paolo Mattiangeli ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
On or about 2004.05.14 16:37:01 +, Frederic Charpentier ([EMAIL PROTECTED]) said: here the link to the zone-h news : http://www.zone-h.org/en/news/read/id=4225/ Oooh, Famous Brazilian newspapers have been informed... - not infamous Brazilian newspapers or those crappy Brazilian newspapers that no one's ever heard of ... :-) G -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED] Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] New therad: sasser, costs, support etc alltogether
Hi Radule, On Fri, 2004-05-14 at 17:27, Radule Soskic wrote: I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. Guess what. Everybody releases software that has bugs in it. That's totally not the point. What MS does wrong is the non-disclosure of security, the sometimes bad quality of the patches and their late and untimely release (though the later isn't true with Sasser). Still, these shortcomings (a more suitable word than wrongdoing) are no crime. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. This is again a shortcoming but no crime. If I don't patch and nobody exploits me, then where is the problem? 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. There's the financial loss on one side and the fact that they are in fact criminals. All I'm asking for is that these crimes be punished by the letters of the law. It is obvious that almost every legal system in the world treats #3 as crime, while #2 and #1 are broadly tolerated. Exactly my point. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. That's because the other two simply are shortcomings in contrast to actually wrongdoing or crime with intent. Is it right? Or - is it wrong? Well, should a 16 year old girl, wandering late about New York Central Parc be punished when somebody rapes her? Obviously she did something wrong, wandering late at night and without protection in a dangerous place? Should this wrongdoing of her be used in the legal defence of the guy raping her? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. If I don't patch a bug and nobody exploits it I don't suffer damages. Now, is not patching immediately leading to damages? Only if someone actually exploits this bug. *Their* criminal behaviour is needed to make my shortcoming a part of the problem. Am I alone? I guess many people are scrambling to the rescue of this kiddo because his victims were using M$ products. Would the victims have been users of OpenBSD products or some Linux distribution or VMS or some other superior product, everybody would have gone for the kids head. Let's be colourblind for a moment, OK? Let's pretend you don't know what bug has been exploited on what product. Let's still suppose there has been a patch available for two weeks and the problem was well announced in the media. Now let's look at what the Sasser author has done, the damages he has caused. I guess the reaction would have looked a bit different. I've never heard of a fund being raised for the guys that broke into the Debian server (well, they haven't been caught yet...). This whole debate about MS guilt is hypocritical. Who am I talking to anyway?! I'm not even using a single MS product... Tobias ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
http://www.iana.org/assignments/ipv4-address-space On Fri, May 14, 2004 at 12:32:51PM -0400, [EMAIL PROTECTED] wrote: On Fri, 14 May 2004 16:13:25 +0200, Raymond Dijkxhoorn said: Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. OK.. Tell me where you expect to see traffic spikes if you launch a DDoS on the following targets: 1) www.microsoft.com 2) AOL's mail servers 3) www.whitehouse.gov 4) www.bbc.co.uk 5) The Al-Ghazeera website. As you were saying? -- A Mormon is a man that has the bad taste and the religion to do what a good many other people are restrained from doing by conscientious scruples and the police. -- Mr. Dooley pgpWyozlno7ak.pgp Description: PGP signature
Re: [Full-Disclosure] New therad: sasser, costs, support etc alltogether
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Radule Soskic 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. My parents are at fault for not creating a child with a body that can withstand/deflect bullets. 2. Admins are wrongdoing by not applying patches to the systems they maintain. I am at fault for not carrying body armour (bullet-proof vest, etc) with me everywhere I go. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. People shooting guns at me are at fault for taking advantage of my non-bulletproof body. Mihai -- - [EMAIL PROTECTED] - http://www.cs.wisc.edu/~mihai - --- The man of knowledge must be able not only to love his enemies but also to hate his friends. - Friedrich Nietzsche --- -- Feed the machine that burns in your head. -- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Support the Sasser-author fund started
--- Konstantin V. Gavrilenko wrote: snip snip My personal opinion is that more blame should be put on M$. But where would the security industry be if not for Microsoft's products :) But Microsoft released a patch for the security hole that was found, I don't care if it was 5 days or 5 years after they were told about it, they still released the patch before the worm was written! THEY are not to blame and shouldn't be prosecuted, nor should the IDIOTS that didn't apply that patch, the person that wrote and released the worm is the one that pulled the trigger. Plain and simple. In this case he wrote more than one (he did write NetSky as well), and knowingly and admittingly released the worms to cause harm to other people's computer systems. Supposedly to increase business for a familiy computer shop. this kid is as guilty as the day is long guys he should pay for his crime, perhaps not with 20 years in prison, but at least 6 - 12 months in prison, 5 years of probation and 1000 hours community service with zero access to computers for those 5 years. Exibar ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] cyberwar against US ?
Lets try this again. the last two attempts were rejected by some lousy filter. http://www.iana.org/assignments/ipv4-address-space On Fri, May 14, 2004 at 12:32:51PM -0400, [EMAIL PROTECTED] wrote: On Fri, 14 May 2004 16:13:25 +0200, Raymond Dijkxhoorn said: Hi! I've read on zone-h that a group of hackers, called HAA, plans a massive cyberattack against usa. does anyone have heard about that ? Can you define US in terms of internet routing ? Is there one US 'border' ? There is networks, no US or Europe or anything on the net. OK.. Tell me where you expect to see traffic spikes if you launch a DDoS on the following targets: 1) www.microsoft.com 2) AOL's mail servers 3) www.whitehouse.gov 4) www.bbc.co.uk 5) The Al-Ghazeera website. As you were saying? pgpOfcATXC69H.pgp Description: PGP signature
Re: [Full-Disclosure] New therad: sasser, costs, support etc alltogether
I agree highly with point's 2 and 3 but not so much with point 1. If MS is wrong by releasing buggy software then so is Sun, Ibm, Cisco, Every Linux vendorhell anybody who has ever written a piece of software. Now I am not trying to flame, and I am not a MS fan at all but lataly I have been getting sick of all the finger pointing being done to them. Did everybody flame Linus over all the Linux kernel vulnerabilities over the last few months? fuck no... Everybody has there opinions on each of the os's and I respect all of you, but let's be reasonable about it. MS patched the vulnerability before it was exploited. What the fuck else do we want? Bill Gates to personally fly out and patch our systems for us? Sorry for the rant guys... Chris Locke http://stageofbattle.org On Fri, 2004-05-14 at 10:27, Radule Soskic wrote: I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. It is obvious that almost every legal system in the world treats #3 as crime, while #2 and #1 are broadly tolerated. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. Is it right? Or - is it wrong? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. Am I alone? cikasole ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: Fw: [Full-Disclosure] Sasser author
any firewall even the one inside xp would have stopped sasser and you would have been able to patch at your leisure. Paolo Mattiangeli wrote: - Original Message - From: Paolo Mattiangeli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 5:41 PM Subject: Re: [Full-Disclosure] Sasser author I am responsible for security in a small business' network (50-or-so machines, most of them running MS OSs). I have been aware of MSS bulletins as soon as they where out, and made sure to apply patches as specified. Sasser did nothing to my offices' network. But, on the other hand, I have a single PC at home, one I don't use very much, and I often forget to deal with security patches on that machine. Well - would you bet? - I got a Sasser infection at home, which caused me the discomfort of a late-night session of cleaning, disinfeting, patching and do on. I put the blame on me, of course. But sure I could have spent that night doing something better, chat-cheating the wife, reading a book, going to the movies and so on. So my question is: what wrong did al this do to The Microsoft BEAST? It only did some wrong to me and my personal life. I could have avoided that, but can't I feel safe at home? Should I be satisfied at thinking that this guy is a social naive whith no conscience of the consequences of his acts? Isn't this what the law is meant for, to protect citizens and business from the consequences of other people's acts? Just another 0.02 worth comment in this thread, that is going stale IMO... Paolo Mattiangeli ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- My Foundation verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] IDS/IPS Info
Hi all, I'm a student doing a research paper on the IDS/IPS industry, from the perspective of analyzing products - what works and what doesn't, and also analyzing vendors - who will succeed. Anyone had good/bad experiences with these vendors? (Your response will be kept strictly confidential.) Thanks all for your help! Network Associates Sana Security GreenBorder Tech Argus Systems Cisco Intrusion Inc. Tippingpoint Tech Internet Security (ISSX) Symantec -Deborah Do you Yahoo!?SBC Yahoo! - Internet access at a great low price.
Re: [Full-Disclosure] Sasser author
[EMAIL PROTECTED] wrote: Anders B Jansson wrote: And stop this silly mumbling about Sasser being created as warning or heads up. That's your *interpretation*, not what I said. And this interpretation is *wrong*. No, it's not an interpretation, it caused havoc, that's a fact. If it had been designed as a a warning, it would have provided a warning, instead of spreading out of control and crashing machines. Sasser was created to create havoc, nothing else. ACK. But only unpatched computers were vulnerable - we had no problems here 'cause we've already patched our machines. So, our network was not violated and we had time for more important things then solving problems caused by a worm that could spread because of unpatched computers. Well good for you, and actually good for us, we had 50.+ computers patched in time, and the few we missed was a minor nuisance. It doesn't change the fact that releasing the worm was a criminal act and the person who did should face the consequences if his/her actions. Which leads back to the ever repeating: Using a bad lock might be a moronic act, but breaking the bad lock is, and will always be, a criminal act. The Sasser author didn't find a vulnerability, nor did he/she report it, he/she wrote a worm to exploit it, nothing else, And that's a criminal act, and hopefully he/she will get a stiff sentence. // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] New therad: sasser, costs, support etc alltogether
You are making the assumption that Microsoft knew of the bugs that caused Sasser before they released the software. If any manufacturers of any goods had to be sure that there were no possible defects before they started selling it, you would never have anything on sale. There is no such thing as bug free software. So MS was not at fault for releasing it. It even did the correct thing and replaced the version with a bug with an update for free and made it widely available. So MS did not try to hide the fact that there was software that needed to be replaced. There are two guilty parties in the spread of the Sasser worm. 1. the person who first spread it into the Internet. 2. People who did not patch their systems when the patch was made available, or else didn't their systems from they Internet if they could not patch. An analogy: An automobile manufacturer is told that a particular model has a gas tank that will leak gasoline all over the road if gasoline with a particular additive is put into the tank and it is liable to set on fire nearby vehicles if it does leak. They advertise widely that they will replace the gas tank and do so for many of their customers. Oil companies stop using that additive. But someone decides to figure out a way to add that corrosive additive to all gasoline being piped though New Jersey. Hundreds of cars blow up and lots of people are killed. Who is to blame? The car manufacturer, the car drivers who didn't get their cars repaired, or the criminal who attacked the oil pipeline? Fault is not absolute. The fault of the criminal who spread the destruction is not diminished because there were other mistakes made. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Radule Soskic Sent: May 14, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] New therad: sasser, costs, support etc alltogether I can't post this to all the threads that I would like to, so I'm opening a new one. Follow this: 1. MS is wrongdoing by releasing (and charging for use of) software that has bugs in it. Users of such software have losses in time/money by trying to keep up with applying pathches, or just by trying to keep the uptime high. 2. Admins are wrongdoing by not applying patches to the systems they maintain. There are losses tied to such misspractice, too. 3. Worm authors are wrongdoing by writing software that propagate through the networks by exploiting all of the above. Again, the losses occur in time/money spent to remove the worms from the systems affected. It is obvious that almost every legal system in the world treats #3 as crime, while #2 and #1 are broadly tolerated. Noone here is against the book of law, but it just seems to be in contrast to the natural and intuitive feeling of justice that majority of people might have regarding the issues like these. See - only one of the three wrongdoers is being punished. Is it right? Or - is it wrong? BTW, I have a funny feeling that damages/losses caused by #3 might very often be far less than the ones caused by #2 and #1. Am I alone? cikasole ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] No gimmicks here, just great ratsx
Title: wednesday Re-finance now, even with bad-credit! *Best Re-finance Rate for credit challenged. *Best Customer Service *Lowest Interest-Rates in Years *SAVE n100-p400 per month Our easy application only takes 1 minutes. Visit here for more information To opt out from our mailing list, please follow this link. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [inbox] Re: Fw: [Full-Disclosure] Sasser author
I'ts not really that simple though. Ok, this guy has 50 or so machines on a (assumed) flat network. He's running Checkpoint-1 firewall and blocking all not-needed ports, etc etc. He feels that because he has a firewall blocking the Sasser ports at the only internet ingress/egress point that he's safe and doesn't care that 90% of those 50 machines aren't patched because he's safe, he has the ports blocked at the firewall. WRONG!!! All it takes is his Vice President, whose not patched yet because the admin didn't want to disturb him late on a Friday, to plug his machine into his home internet connection and WHAM, now he's infected but doesn't know it yet. Sure his machine shuts down but he just figures he'll bring it into the office on Monday and ask the admin what he did wrong. Comes Monday morning that VP plugs into the network and infects the entire network in seconds... Where's your precious firewall only solution going to help now? Oh yah, it'll keep the worm from spreading OUTSIDE the company now tsk tsk tsk should have patched when he had the chance Exibar -Original Message- From: William Warren [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 5:39 PM Cc: [EMAIL PROTECTED] Subject: [inbox] Re: Fw: [Full-Disclosure] Sasser author any firewall even the one inside xp would have stopped sasser and you would have been able to patch at your leisure. Paolo Mattiangeli wrote: - Original Message - From: Paolo Mattiangeli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 5:41 PM Subject: Re: [Full-Disclosure] Sasser author I am responsible for security in a small business' network (50-or-so machines, most of them running MS OSs). I have been aware of MSS bulletins as soon as they where out, and made sure to apply patches as specified. Sasser did nothing to my offices' network. But, on the other hand, I have a single PC at home, one I don't use very much, and I often forget to deal with security patches on that machine. Well - would you bet? - I got a Sasser infection at home, which caused me the discomfort of a late-night session of cleaning, disinfeting, patching and do on. I put the blame on me, of course. But sure I could have spent that night doing something better, chat-cheating the wife, reading a book, going to the movies and so on. So my question is: what wrong did al this do to The Microsoft BEAST? It only did some wrong to me and my personal life. I could have avoided that, but can't I feel safe at home? Should I be satisfied at thinking that this guy is a social naive whith no conscience of the consequences of his acts? Isn't this what the law is meant for, to protect citizens and business from the consequences of other people's acts? Just another 0.02 worth comment in this thread, that is going stale IMO... Paolo Mattiangeli ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- My Foundation verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Fwd: Want Pills XAn@x ' V|@grA ~ Va|ium ( V |Soma| \ :P:ntermin ywrsdazhdyuo
Title: rxspecials.biz Hi Full-disclosure, Our online store is the place to find many prescription drugs without a prior prescription. Always Available: & X_A_Nax . V|AGR@ ? Val.i.um \ S:o:ma ( Pnt3rmin = A.t|[EMAIL PROTECTED] Plus: S'0naTa, Fl'3xeril, C.e|3brex, Fi0:ric3t, [EMAIL PROTECTED]|, U'|[EMAIL PROTECTED], L3.v|tra, Pr'0p3cia, Acyc`|0vir, [EMAIL PROTECTED], P@'xil, Busp@:r, Ad|p:3x, I0nam|:n, M3r.idia, X3'nica|, Amb:i3n No waiting rooms to increase your chances of getting sick. Buy online in the comfort of your home. www.rxspecials.biz. Best Regards, alyssa fortney <[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]>
RE: [Full-Disclosure] Sasser author ( off thread post about duplicate emails )
Hi! i have been getting a lot of emails twice. is any one on the list experiencing the same problem? -aditya Yes, same here. Looks someone is re-mailing them ? Bye, Raymond. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200405-06 ] libpng denial of service vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng denial of service vulnerability Date: May 14, 2004 Bugs: #49887 ID: 200405-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A bug in the libpng library can be abused to crash programs making use of that library to decode PNG images. Background == libpng is a standard library used to process PNG (Portable Network Graphics) images. Affected packages = --- Package/ Vulnerable / Unaffected --- 1 media-libs/libpng = 1.2.5-r4= 1.2.5-r5 Description === libpng provides two functions (png_chunk_error and png_chunk_warning) for default error and warning messages handling. These functions do not perform proper bounds checking on the provided message, which is limited to 64 bytes. Programs linked against this library may crash when handling a malicious PNG image. Impact == This vulnerability could be used to crash various programs using the libpng library, potentially resulting in a denial of service attack on vulnerable daemon processes. Workaround == There is no known workaround at this time. All users are advised to upgrade to the latest available version of libpng. Resolution == All users of libpng should upgrade to the latest stable version: # emerge sync # emerge -pv =media-libs/libpng-1.2.5-r5 # emerge =media-libs/libpng-1.2.5-r5 You should also run revdep-rebuild to rebuild any packages that depend on older versions of libpng : # revdep-rebuild References == [ 1 ] CAN-2004-0421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200405-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFApR03vcL1obalX08RAtw0AJ9x/7ZI+ImD7HDn5wfHffBCKEUX8QCgl+yv lCuLlKjIGkvUe9nB4RBFWoE= =8wUV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: Fw: [Full-Disclosure] Sasser author
William Warren to Paolo Mattiangeli's grizzle about being Sasser'ed at home: any firewall even the one inside xp would have stopped sasser and you would have been able to patch at your leisure. And, depending on your network architecture, it can be even easier than that. Why would any vaguely competent system admin even have the services that Sasser depends on bound to their Inernet-facing network interface in the first place?? Yeah -- I know, ethernet to DSL/cable/satellite/etc which doubles as the house LAN interface. So far all the SOHO users I've helped clean up Sasser have been on dial-up so why does MS still insist on binding MS client (and FP ??) to dial-up interfaces by default? -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] RE: Full-Disclosure New therad: sasser, costs, support etc alltogether
QUESTION: If a tree falls in the woods where no one is around to hear it does it make a sound? If there wasn't someone looking for bugs or exploits would there be any? In a perfect world this list wouldn't exist. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html