Re: [Full-Disclosure] Why is IRC still around?
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? yes, some do. The three most common forms of viral use of IRC that I see are: 1. Virus/worm/trojan writers have it connect to a server and notify a channel that it has infected xx.xx.xx.xx. This is an attempt to keep the virus writer anonymous. 2. mIRC scripts (I'm not going to say more) 3. bot nets which are a form of DoS attack. 2) A considerable amount of script kiddies originate and grow through IRC? True, but some of our experts gain some of their knowlege from IRC as well. It's a two-way street. 3) A wee bit of software piracy occurs? yes, but people also have Kazaa (FastTrack), Nuttella, FTP, warez sites, and Newsgroups. 4) That many organized DoS attacks through PC zombies are initiated through IRC? This goes back to mIRC scripting. The ones that don't would be able to check a website/blog/wiki to look for commands. 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Anything on the Internet has a certain level of anonymity that is available. There are proxies, temporary e-mail accounts, etc. Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? I'm not offended. IRC has the ability to let you hold a conference with people from all over the world. Or to just have fun. Sure there are other chatting platforms that could be used, but they aren't as flexible. If IRC were to suddenly stop existing, Bulletin boards and Wiki would become even more popular. Most of them allow the same level of anonymity that IRC gives to people. Or some poor soul's blog would be overrun with comments. Unfortunately, all of the things you have listed as the downside to IRC would happen anyway. My 2c worth -- Chris Umphress http://daga.dyndns.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
--On Friday, November 19, 2004 01:12:31 PM -0500 Crotty, Edward [EMAIL PROTECTED] wrote: I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1. There is such a thing as runas for Windows. That's not all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of devis Sent: Friday, November 19, 2004 11:10 AM Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox 1) Despite recent ameliorations of MS ( multi user finally, permissions ... ) and some effort at making the system more secure, something very important is still left out: The first default user of the MS computer is made an administrator. Apparently you don't have very broad experience with OSes. ON *every* OS I'm familiar with, the first user is the administrator (or root) account. This comes down to giving uid0 to ur first unix user. Unix does NOT do that. It requieres you to use su and become root ( administrator ) after proper credentials submission ( password ). When's the last time you installed an OS from scratch? Gentoo, FreeBSD, OpenBSD, RedHat, Fedora, Slackware, Mac OS X, Debian, Solaris, *all* create the first user as uid0 during the install process. (I can't speak for the others because I haven't done those, but I'd be willing to bet that NetBSD, AIX, HP-UX, SCO et. al. work exactly the same way.) Unix does not grant users root access by default, and it does a much better job of separating privileges by requiring you to join the wheel group *and* either use sudo or su to do work as root, but Windows doesn't make users the admin by default *either*, unless you setup Fast User Switching *during* the install. The first user is NOT and administrator, and any recent Unix documentation will insist on the danger of running as root(admin). Unix keeps the admin account well separated from the user account, which MS DOESN'T, That's simply false. Windows has several groups. By default users are in the USERS group, *not* the ADMINISTRATORS group. It might make sense if you actually had knowledge of an OS before you criticize it. Please install a proper unix, create 2 accounts and try to read the home directory of the second user from the first. Please do the same in Windows. Here's a hint. You'll get the same results. 2) After all, they don;t need to know . You're on a need to know basis job Do MS really think the users are stupid ? Probably. Otherwise they wouldn't have those stupid warnings popup every time you try to delete something. Are you SURE you want to do this Yes, damn it!! [snipped the rant] Lets not hide from ourselves whats needed from MS to reach modern world security: a complete rewrite, and a ditch of old Dos base and the 20 years old legacy code. Oh baloney. Learn a little more about the OS before you make assumptions that make you look ignorant. Aside from the default permissions, you can also granularly apply privileges in many ways. For example, by default USERS have Read Execute, List Folder Contents and Read access to the Windows folder, its contents and all it's subfolders. In addition, there are fourteen (14) separate rights that can be explicity granted or denied to them at that level only or to all subfolders as well, to files only, to subfolders only, to subfolders *and* files only, etc., etc. I'm not Windows fan, but the least you can do is learn the subject before you claim expert status and presume to preach to others. While we're lecturing the unwashed, would you mind trimming your replies? Who needs six levels of FD disclaimers? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? because you can't, i'm not sure what you think IRC is.. but it isn't one network run by a few geeks. It's thousands of networks accross the world, open source IRC servers and millions/billions(?) of users. You can't stop IRC because people do bad things there, this is the internet.. what do you expect? -- zxy_rbt2 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
ive never seen so many repetitive and knee-jerk reactions to one [potentially baseless] post in all my years of watching FD [the obvious exceptions being the OT political nonsense occurring here, especially as of late] as witnessed during my reading of this thread. but moving right along ... :D my take is that Danny merely suggests burning the security candle at both ends. it is complete nonsense to approve of ANYTHING simply because it has some, or even a vast lot, of legitimate users/uses. some things are just not worth defending or perpetuating, and perhaps IRC is one of them? [this is his question]. and for the record, they would move to another resource is not a coherent argument against his position [his question, rather] concerning the elimination of a problem-child medium. perhaps the cost to society via the spread piracy and virii [more importantly the altter] isnt worth the measly gain IRC affords its legitimate users? [well?] it IS incoherent, however, to argue that IRC (1) is the kiddiots means of choice for controlling his worms because it is the easiest or most efficient way to do so, while also contending (2) that an IRC sunset would not cause the immediate dissappearance of substansial internet-wide problems. making it harder MAKES IT HARDER and must therefore to some degree reduce the probability of abuse. therefore the gain afforded to legitimate users by this medium should be weighted against the direct affect its eradication would have on REAL problems -- and, clearly, no one here is qualified to make this judgement, else they would have offered such proof in immediate response to the original post as opposed to blabbing incessantly about incredibly obvious bullshit. the only potentially useful point anyone has made [not that it wasnt obvious] concerns the difficulty in removing the medium ... but this is irrelavent, of course, since it is more likely that the security community would suggest [and perhaps assist in the developement of] a replacement [most importantly] to the larger IRC networks. if shooting people is evil, OBVIOUSLY guns are flawed, but only insofar as people are capable of abusing them, willing to abuse them, and effective in their attempts at doing so. so to burn the candle at both ends you have to fight the spread of trojans and virii by fixing the holes they exploit and providing detection services, while also continually analyzing and evolving the structure on which it all rests. ie, the internet at its core... protocols, etc. im sure the original ford model-T had plenty of legitimate users who didnt drive drunk or generally cause mayhem ... i dont see it around anymore though ... hmm, i wonder if that correlates directly to the increased safety of automobiles ... hmm hmm, indeed. /sardonicism the issue is certainly not at all as cut and dry as most of you have made it out to be. --vord #hackphreak/undernet invulnerable to the accidents of people and books. On Fri, 19 Nov 2004 22:08:33 -, Darren Wolfe [EMAIL PROTECTED] wrote: I have never replied to anything on this list (I read it to keep up to date on vulnerabilities, but im not really qualified to contribute anything) but this particular message has peaked my interest. 1. Agreed, by using flaws in IE they then go on to subvert mirc into spamming people. 2. They do. 3. A tremendous amount :) 4. This is only because IRC provides the perfect medium in which to control those zombies (a single message from one person is immediately sent to everyone in the channel at the same time). If a better medium was available, they'd use that. IRC is as close to a real time group conversation as you can get that doesn't used closed protocols. It's fast, simple and used by an enormous number of people - particuarly those who play online games, and for open source projects (#gentoo on freenode regularly has over 900 people in it). In answer to your final question - IRC is very useful for quick conversations in real time with groups of people. Sure there are other things - usenet, web based forums, email based mailing lists, IM networks etc but none have that group feeling as much as IRC. It's problem is twofold - firstly, mirc (the most popular client) has a number of flaws that make it easy to steal peoples auth passwords. But these are not automated! The user must be tricked into typing some commands to set the exploit in motion. This is also the second problem - a link may be mentioned in a channel and people will click on it - from there, if your browser is vulnerable, you can be hit by any number of trojans. There was a winamp trojan going about a few months ago (which I reported and is now fixed - go me :D ) which involved clicking a link in irc that opened winamp through a file association that exploited a security flaw that installed a script for mirc that spammed the same link to everyone in the channel. Like any other medium, it is a combination of a lack of
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 17:10:13 -0500, Tim [EMAIL PROTECTED] wrote: My mistake; I was referring to the discussion, collaboration, and creation, not the spread. You mentioned DDoS attacks below. I don't believe that use is a form of discussion, collaboration, or creation. Some say we should, but I am not one of those. My point was to get rid of the most well established tool (and easiest to use) for these types of activities. Any tool can be used by anyone for good or evil. If one knows the kiddies are all hanging out on IRC, then you can get a lot of good info about what their new attacks are by loitering on their channels. What's the difference? IRC is so well established for the type of activity I am referring to. As it is established for many productive things. Ever check out freenode? I'll leave the piracy battle for someone else - I just mentioned it as a part of the problem. If you aren't prepared to defend it on this list, better not mention it. =) Sure netcat is an alternative, but which one is easier to use? Um... netcat, or raw tcp sockets. I would argue it is easier to write something that just opens a connection, and listens for commands to come back, than something that has to speak IRC. Speaking IRC has its own advantages, but in the absence of it, it is still trivial to manage a bot net. I thought I would throw out the idea. If you want to call me a troll, then so be it, but don't get your panties in a knot over the whole thing Pardon my harsh reply. It wasn't personal, and is directed only at your reasoning. It is a similar reasoning that leads to the slippery slope toward censorship. No worries. Case closed. :) ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
james edwards wrote: It is not IRC that is the problem, it is the people on IRC that cause problems. Guns don't kill people all by by themselves; people kill people. but it's the holes they make that really do 'em in, no? %-) -- dk ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Danny [EMAIL PROTECTED] wrote: What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? To be honest: Yes, i think it is quite narrow-mindet to say that. Sure, there are some scriptkiddies and crackers who organize themselves through internet relay chats. But if you think you proposal right through to the end, you should also consider abandoning almost every email-software, instant-messenger and the like. Good luck with that. If you approach the problem this way, why not cut through your network cable, which is the best way to protect yourself? /irony Best wishes, Christian -- Christian Fromme EMail: derfromme at gmx.de PGP-Pubkey: http://www.informatik.fh-wiesbaden.de/~cfrom001/pgp/index.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [ GLSA 200411-29 ] unarj: Long filenames buffer overflow and a path traversal vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: unarj: Long filenames buffer overflow and a path traversal vulnerability Date: November 19, 2004 Bugs: #70966 ID: 200411-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis unarj contains a buffer overflow and a directory traversal vulnerability. This could lead to overwriting of arbitrary files or the execution of arbitrary code. Background == unarj is an ARJ archive decompressor. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-arch/unarj 2.63a-r2 = 2.63a-r2 Description === unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracting an archive (if the x option is used to preserve paths). Impact == An attacker could trigger a buffer overflow or a path traversal by enticing a user to open an archive containing specially-crafted path names, potentially resulting in the overwrite of files or execution of arbitrary code with the permissions of the user running unarj. Workaround == There is no known workaround at this time. Resolution == All unarj users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-arch/unarj-2.63a-r2 References == [ 1 ] CAN-2004-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0947 [ 2 ] CAN-2004-1027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1027 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200411-29.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. signature.asc Description: OpenPGP digital signature
[Full-Disclosure] [ GLSA 200411-28 ] X.Org, XFree86: libXpm vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: X.Org, XFree86: libXpm vulnerabilities Date: November 19, 2004 Bugs: #68544 ID: 200411-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis libXpm contains several vulnerabilities that could lead to a Denial of Service and arbitrary code execution. Background == libXpm is a pixmap manipulation library for the X Window System, included in both X.Org and XFree86. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 x11-base/xorg-x11 6.8.0-r3 = 6.8.0-r3 *= 6.7.0-r3 2 x11-base/xfree 4.3.0-r8 = 4.3.0-r8 --- 2 affected packages on all of their supported architectures. --- Description === Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop. Impact == An attacker could craft a malicious pixmap file and entice a user to use it with an application linked against libXpm. This could lead to Denial of Service or arbitrary code execution. Workaround == There is no known workaround at this time. Resolution == All X.Org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-base/xorg-x11-6.7.0-r3 All XFree86 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-base/xfree-x11-4.3.0-r8 References == [ 1 ] CAN-2004-0914 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200411-28.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
On 19 Nov 2004, at 18:40, Jeremy Davis wrote: Are you able to change root's name in nix? Sure. There's no reason why not. Why not if the answer is no? (Things would break right? UID 0?) Knowing the account name is two-thirds of the battle. A much better system is to have root's password unset (i.e. no direct login allowed) and use sudo instead. PGP.sig Description: This is a digitally signed message part
Re: [Full-Disclosure] Why is IRC still around?
The fact that it is an open protocol makes it easy to spot, you don't look for specific ports you look for specific behavior (i.e. - privmsg) Not that I'm saying this should be done. IRC is used by many ppl in very good ways! I'm just saying that the two points shouldn't be confused. SSL is a bit of a different story. --Harry Bowes, Ronald (EST) wrote: [snip] So do you intend to scan every computer on the Internet on port 6667, and shut down every server found running, the move on to random ports that zombies probably use, and start attacking sites that provide open source clients that use an open protocol? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] phpBB 2.0.10 execute command by pokleyzz pokleyzz at scan-associates.net
phpBB 2.0.10 execute command by pokleyzz pokleyzz at scan-associates.net http://www.securitylab.ru/49574.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Dude, mplayer2 rulez!! I use it to play all sorts of things. =) I'm glad they left it there... the newer MS media player is just bloat. Media Player Classic (that comes with RealAlternative and QuickTime Alternative) is another one of my favs. =D Yeah, not really anything to do with the topic, but I felt it had to be said. Don't go knocking my v6.4. ;) -- Peace. ~G On Fri, 19 Nov 2004 12:41:25 -0600, Todd Towles [EMAIL PROTECTED] wrote: Microsoft integration: You remove the application that plays MPEG movies from a system that has never needed to play MPEG movies, and never will need to - and your system won't boot anymore. Example - Anyone with XP, do a search for mplayer2.exe? What is this you ask? It is media player 6.4 =) You only think you upgraded to Media player 10..lol -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around? (Because anything less would be uncivilized)
Well, fellow F-D'ers, thanks to the vast array of intelligence and experience found on this list, my rant about abolishing IRC has been proven to be far from a solution. I..can't tell if it's sarcasm or not, damn those trolls and their mind poisoning ways. -- zxy_rbt2 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 2004-11-19 at 12:40 -0500, Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? Not as much as email does. What about that old TCP/IP do you know how many viruses use that? according to leading antivirus vendors I believe the official figure is LOTS 2) A considerable amount of script kiddies originate and grow through IRC? Yep, I've heard they've also migrated to HTTP as well, let's get rid of that. 3) A wee bit of software piracy occurs? Nothing compared to bittorrent and the other p2p networks, it's called sharing information, if some people want to share illegal information that's inevitable. (Do you know how many terrorists use phones to communicate? the figures would scare your family for generations!) 4) That many organized DoS attacks through PC zombies are initiated through IRC? Yeh, so we should take that communication mechanism away as they are obviously not clever enough to use, MSN,YAHOO,JABBER,ICQ,Email,Web Forums, BBS, Telephones, VOIP, Roger Wilco, talkd, the unix write command, windows messaging, snail mail, Pigeons, Cups and string, Shouting very loud, morse code, hand signals. 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? It's more anonymous than the other communication mechanisms on the net is it? Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? Sorry to offend you if I do, but based on your reasons for getting rid of IRC, we'd have to get rid of alot of communication mechanisms. The reason IRC is used alot for the things you've described is because it's been around for a long time and the networks and relations built on IRC have lasted, taking it away (which is far from possible) would only mean that all the activities would migrate to other mediums. Can I ask if you missed the whole shadowcrew incident? they had an IRC channel but did alot of their stuff on a web forum... Think about it for a second what good would closing IRC down do to prevent that? BTW... Most OSS was also built around IRC collaboration, just have a look at freenode and ask the currently 800+ people in #gentoo, the 700+ people in #debian or the 300+ that are in #slackware and #fedora. Now that you've thought it through and you want to take away a massive support mechanism from all these people, how do you propose we do it? I tried smoking the same drugs as you and I firmly believe magic monkeys are the solution to our problems, I'll create a #magicmonkeys IRC channel so we can co-ordinate it. Disclaimer: If this reply seemed like it was in jest, it may be because I consider the original message to be a joke Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] signature.asc Description: This is a digitally signed message part
Re: [Full-Disclosure] Sober.I worm is here
On Fri, 19 Nov 2004 14:39:13 -0600, Bowes, Ronald (EST) [EMAIL PROTECTED] wrote: How does it infect somebody if it's using a .txt file? They (peoples uneducated in Windows file extenstions) think it's a txt file. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] SecurityForest - Public Release #1
ok greg drop another tab On Fri, 19 Nov 2004 08:27:27 -0800, Gregory Gilliss [EMAIL PROTECTED] wrote: Yeah, I'd like for my country to accummulate all the available computer security knowledge too...one heck of a competative advantage to have. Registrant: Alon Swartz Har Sinai St Raanana, NA 43307 Israel Registered through: GoDaddy.com Domain Name: SECURITYFOREST.COM Created on: 14-Sep-04 Expires on: 14-Sep-05 Last Updated on: 14-Sep-04 Administrative Contact: Swartz, Alon [EMAIL PROTECTED] Har Sinai St Raanana, NA 43307 Israel 97745657 Fax -- Technical Contact: Swartz, Alon [EMAIL PROTECTED] Har Sinai St Raanana, NA 43307 Israel 97745657 Fax -- Domain servers in listed order: NS1.EVERYDNS.NET NS2.EVERYDNS.NET Pity the US is so busy scaring the population that they have no time to come up with ideas like this... -- Greg On or about 2004.11.19 12:41:29 +, [EMAIL PROTECTED] ([EMAIL PROTECTED]) said: Community Website: http://www.securityforest.com Community IRC channel: irc://irc.unixgods.net:/securityforest Table of contents = Summary The Open Source Idea Tree's in the Forest ExploitTree ToolTree TutorialTree LinkTree GreenHouse Thanks Summary === SecurityForest.com is a collaboratively edited Forest consisting of Trees which anyone can contribute to. SecurityForest's trees are specific security repositories that are categorized for practical reasons. The technologies currently in use in these repositories are based on Wiki technology and CVS (Concurrent Versioning System) technology. Depending on the species of the tree - the suitable technology will be used. SecurityForest.com is a collection of repositories (trees) for the community - by the community. In other words - the updating, modifying and improving can be done by anyone in the community. This public release is posted at http://www.securityforest.com/wiki/index.php?title=SecurityForest_-_Public_Release_no.1 The Open Source Idea The basic idea behind Open Source is very simple: When people can read, modify and improve a piece of software, the software evolves. People improve it, people adapt it, people fix bugs. And this can happen at a speed that, if one is used to the slow pace of conventional development, seems astonishing. We at SecurityForest have learned that this rapid evolutionary process produces better results than the traditional closed model, in which only very few people improve the Security Repositories and everybody else must use what these individuals have come across and added. SecurityForest is not only based on OpenSource software, but itself is opensource meaning the updating, modifying and improving can be done by anyone in the community. Tree's in the Forest SNIP -- Gregory A. Gilliss, CISSP E-mail: [EMAIL PROTECTED] Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- - illwill http://illmob.org ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
Paul Schmehl wrote: Even *if* they are correct (which is at least debateable) the 130,000 vote discrepancy they argue for won't overcome Bush's lead of 380,000, so this is, at best, an academic exercise. If they are even possibly correct a discrepancy that large must be investigated to make sure it won't happen in a future election which might be a lot closer. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam == Adam Jacob Muller [EMAIL PROTECTED] writes: Adam Rot 13 may not be strong but rot12 is. I once posted a Adam string that I only rotated 12 chars to my blog and it took a Adam month before anyone figured it out that probably says Adam more about the iq of the people reading my blog than the Adam security of rot13. I use ROT26. Most people have trouble comprehending that too ;) - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFBntKXyWjQ78xo0X8RAtBwAKCInb9sgpr3mZQYT9UVX0Bb0lgUuQCeJHCv ywOshNdkExFhOjFJAP8qPkc= =hxxX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
On 19 Nov 2004, at 10:50, Anders Langworthy wrote: Pavel Kankovsky wrote: Now the other possibility: That somebody discovers a better way to factor primes (please don tinfoil hats before replying to tell me that the NSA has already done this, in Area 51, with help from Elvis). Mathematically, this is a very remote possibility, as factoring primes is probably an NP problem, and P is probably not NP. Neither of these has been proven, however. Even allowing for the miniscule possibility that there is a shortcut to factoring primes, that doesn't necessarily mean that factoring huge primes will be an easy task. Using larger keys will still provide a measure of security. nitpick Factoring primes is a solved problem. You probably mean factoring the product of two large primes. /nitpick PGP.sig Description: This is a digitally signed message part
Re: [Full-Disclosure] Why is IRC still around?
Is IRC bad? Yes. Is SMTP bad? Yes. Why? Because they are simple and basic protocol implementations created decades ago. Not that they aren't efficient and easy, but they certainly have their shortcomings in terms of security and AAA. Yes, people can certainly switch to other mediums which will in turn be subject to abuse and exploits - but at least a more modern medium will likely have more controls and accountability in place. Whether or not there is any legitimate use of the IRC, we all know that it has been a haven for illegal activity and abuse for at least (2) decades now. We need to move forward with technology. Or would you rather be like Microsoft - and attempt to be backward compatible for all-time - and continue to use products that have fundamental flaws in them? On Fri, 19 Nov 2004 12:17:09 -0800, Mister Coffee [EMAIL PROTECTED] wrote: Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? And? There are a hell of a lot of normal users on IRC too who don't wreck havoc. A lot of spam comes in email. Does that make email bad? 2) A considerable amount of script kiddies originate and grow through IRC? And AIM, ICQ, Jabber, web-forums, mailing lists, etc. IRC is one medium amungst many. 3) A wee bit of software piracy occurs? Some, perhaps. But unlike, say BitTorrent or Kazaa, IRC's primary role is communication rather than file transfer. You could make the same argument for ANY of the IM clients that support file transfer. 4) That many organized DoS attacks through PC zombies are initiated through IRC? Many do. Yes. But many also originate through other media, and, again, it's not the medium's fault that people use it for nefarious purposes. Hitmen get calls on their cell phones. Should we eliminate cell phones to stop the hitmen? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Anonymity is not a bad thing in many, man, respects. And the list of legitimate uses goes on and on as well. Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? No offense. But the arguments aren't especially strong. We're not pushing to sunset the IRC protocol because there are still thousands and thousands of -legitimate- users in the world. Unlike most IM systems, the IRC nets are completely independant. There are some serious advantages to that. What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? Yes? IRC is a protocol. A tool like any other. Last I looked there were still hundreds to thousands of IRC users at any given time who were there just to hang out and BS with their friends. It's still a valid community if you will, in spite of the nefarious uses other people have put it to. If you sunset something like IRC, the 3v1L [EMAIL PROTECTED] will just move their bots and trojans somewhere else. ...D Cheers, L4J ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 http://www.santeriasys.net/rss.php ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
Andrew Farmer wrote: nitpick Factoring primes is a solved problem. You probably mean factoring the product of two large primes. /nitpick Oops. Andrew is absolutely correct. I apologize if anybody was confused about the distinction. I should have proofread. //Anders ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around? (Because anything less would be uncivilized)
On Fri, 19 Nov 2004 22:48:46 +, Andrew Smith [EMAIL PROTECTED] wrote: Well, fellow F-D'ers, thanks to the vast array of intelligence and experience found on this list, my rant about abolishing IRC has been proven to be far from a solution. I..can't tell if it's sarcasm or not, damn those trolls and their mind poisoning ways. I am serious. That concludes this topic. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
Thanks list for the good discussion, now I going back to read crypto basics :) Thanks regards, Gautam Yo Gautum! On Fri, 19 Nov 2004, Gautam R. Singh wrote: I was just wondering is there any encrytpion alogortim which expires wit h time. IPSec, kerboros, etc. all use time as part of the auto-generated session key to prevent playback attacks. If a black hat has an intercepted message he wants to decode then he can set his clock to anything he wants to. Time is no help there, except to expand the key search space if they are looking for an unknown key. If they have the key already nothing you can do if they can reset their clock. All that time gets you is protection from replays. RGDS GARY -- Gautam R. Singh [MCP, CCNA, CSPFA, SA1 Unemployed] pgp: http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
been on yahoo lately? or AOL channels or hell how bout gnutella? -Original Message- From: Danny [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 2:53 PM To: Keith Pachulski Cc: Mailing List - Full-Disclosure Subject: Re: [Full-Disclosure] Why is IRC still around? On Fri, 19 Nov 2004 14:47:31 -0500, Keith Pachulski [EMAIL PROTECTED] wrote: how bout because it is entertaining and it is an easy way to communicate with a large group of ppl at once So that trumps it's infestion of illegal activites? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Microsoft Internet Explorer 6 SP2 Vulnerabilities / FD vs. Security by Obscurity
Let s play, on Wednesday 17, Nov - Secunia released the advisory Microsoft Internet Explorer Two Vulnerabilities, related to a vulnerability discovered by cyber flash. This file download security warning bypass (unpatched) flaw could be exploited to download a malicious executable file masqueraded as a HTML document. Microsoft said : Secunia you're bad, this vulnerability was not disclosed responsibly Secunia said NO ! No ! We did not release the technical details of this flaw and our policy is to not reveal vulnerability details until a fix had been provided, unless they were already in the wild. We did not discover this vulnerability, so we can not censure it Some people said Who is cyberflash ? perhaps Secunia discovered this flaw, but masked it behind a third party researcher K-OTik Says to Some people : cyber flash is not a fictitious security researcher K-OTik Says to MS Secunia : There is no security through obscurity...and full disclosure is our policy Internet Explorer 6.0 SP2 File Download Security Warning Bypass Exploit - http://www.k-otik.com/exploits/20041119.IESP2Unpatched.php Technical Details - http://www.k-otik.com/exploits/20041119.IESP2disclosure.php all credits go to Cyber flash A.K.A Vengy Regards K-OTik Security Research Survey Team 24/7 kttp://www.k-otik.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
how bout because it is entertaining and it is an easy way to communicate with a large group of ppl at once -Original Message- From: Danny [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 12:40 PM To: Mailing List - Full-Disclosure Subject: [Full-Disclosure] Why is IRC still around? Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Well if hacking Windows cold across a tcp/ip service such as web this may be helpful, but it doesn't require much more than that to figure out what the admin account is for a given machine. joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Davis Sent: Friday, November 19, 2004 9:40 PM To: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Are you able to change root's name in nix? Why not if the answer is no? (Things would break right? UID 0?) Knowing the account name is two-thirds of the battle. In windows it's fairly easy to change the admin name. Not a professional here just curious... J ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Devis: I guess you probably mean me. I don't take offense to it though as you aren't really technically correct but I understand where you are trying to come from (I think) and trust that you believe what you say versus just being a zealot and thinking anything but Windows. 1. The first account created on Windows is Administrator, it is the administrator account, just like *NIX's first account is root. Outside of that then the next account is the account of the person building the box. I haven't built one through the default processes in several months but I think the last time I did I was offered the choice of making the account limited or admin. I personally didn't like the term limited because who is going to give themselves a limited account if an unlimited account is available as an option. Everyone wants the bigger/better whatever when the two choices sit next to each other even if they don't know what is supposed to be better about it. It is why people buy the newer electronics every couple of years and the single guy buys the Excursion over the Expedition over the Explorer over the escort. He has one person to carry around but the SUVs are bigger and better even though he may never carry a single thing or another living soul the whole time he has it. Anyway, the base cause is a simple one, Windows is consumer based and *nix wasn't and really still isn't. Look at the market penetrations. *nix tends to have people already knowledgeable with its workings or people who WANT to learn the details using it, windows primary users have no experience and want none. A *nix user with no computer experience will get extremely frustrated very quickly, every time they go to do something they feel they should, they get slapped down (I, in my security thoughtful opinion do not think this is a bad idea). Windows initially was a standalone OS, recall it was Microsoft initially thinking there was nothing to the internet and spinning the opposite direction. UNIX was designed from scratch to be networked, and even it had poor initial security when it was really tested. Couple that with the idea that MS doesn't like to leave people behind and it is all logical progression as to where we have gotten where we are (contrast with Apple - can you run an Apple II app on OSX? I have DOS apps written in 86/87 still running fine today, doesn't require admin either). However, that being said, they are offering more and more tools to make it possible to run securely. You will be seeing a rather cool app in the fairly near time frame to help the whole running as admin issue. Outside of new stuff that is coming, there are a ton of features that have been around for some time to help with this stuff. I personally have run corporate Windows NT Machines as non-admin for some time, had a whole bank division department running as Power User at best in 1996, it was possible if you knew what you were doing as an admin. You had SU and net user /user: in NT4 and the API was fully open but sorry if you can't write something based on docs and instead need the source of the API instead. The big issue from my standpoint was that it wasn't pushed as the way to do things, this stuff wasn't mentioned in the MCSE courses[1]. In the end however, you could blame the OS or you could blame the people using the machines. You have blinkers on a car, it is the drivers choice to actually use them. 2. I completely disagree here. Your experience is most likely with tech people. Most users don't know and don't want to know the differences between accounts and have to work out the idea that you have to log on in special ways to install the latest game or image editing software for their digital camera they just got for xmas. They are there to use the machine, not understand it. Something MS could have done a long time ago and didn't probably because it was outside of the normal mindset is to reduce permissions when running certain apps. Say someone is running as admin, if they fire up IE, that process gets run as guest or anything that is only available to the administrator group is unavailable because that admin group SID is removed from the token. This is done with the most recent version of netmon which was surprising and quite annoying the first time I used it and tried to save a CAP to c:\temp. Lets not hide from ourselves whats needed from MS to reach modern world security: a complete rewrite, and a ditch of old Dos base and the 20 years old legacy code. Imagine, if you will, if they did this. Think of the fall out of SP2 alone on this list which is supposed to have competent security professionals primarily... Bill might as well just say, you know, I have made enough money for myself and those I care about, let me just close the company down. Doing this would most likely break just about everything if not everything. People who already don't want to move from Win9x to WinXP because some odd piece of crap software doesn't work the same
Re: [Full-Disclosure] Why is IRC still around?
Danny: there's not need to keep replying, this is a mailing list. Here's what happens: 1) Question posted. 2) Valid replies posted. 3) 30-40 others repeat replies at 2) 4) In come the trolls.. -- zxy_rbt2 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
I agree with your initial comment, they can both be changed. I also agree they both do little. I don't agree that the hardcoding in the source does anything for you. -- Pro-Choice Let me choose if I even want a browser loaded thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Knobbe Sent: Friday, November 19, 2004 10:42 PM To: Jeremy Davis Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox On Fri, 2004-11-19 at 20:40, Jeremy Davis wrote: Are you able to change root's name in nix? Why not if the answer is no? (Things would break right? UID 0?) Knowing the account name is two-thirds of the battle. In windows it's fairly easy to change the admin name. Not a professional here just curious... You can change the name of the root account in Unix, just like the Administrator account in Windows. But you can not change the UID of the root account (0) just like you can not change the SID of the Administrator account (500). I argue that changing the account name in Unix does as little or much as changing the account name in Windows. If you have access to the system you can easily find the account name of the UID 0 account, just as easily as you can figure out the name of the SID x-500 account. The difference is that you can change and hard code that change in the source of Unix (at least with those that you have the source for, Linux, *BSD, whatever). Can you do that with Windows? Regards, Frank ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
On 15/11/2004, at 22:50, Stuart Fox ((DSL AK)) wrote: Can the Firefox settings be controlled centrally? Yes, and more flexible than IE versions zoo at user computers. Download a Firefox ZIP (not Firefox_Setup_1.0.exe but Firefox 1.0.zip), unpack it to R/O share on file server, edit JS configuration files in .\defaults\pref and .\greprefs, then create a shortcut to firefox.exe on user desktops. To change FF settings, edit JS configs again. Voila! Can the executable reside on the workstation with the settings stored on the network? In an ideal world, you'd be able to control the settings via Group Policy (which is how you do it with IE). I'm not sure your method is any more flexible than using Group Policy to be honest. Thats exactly what you DON'T want. If you store the .exe on the client, then they can overwrite it with a virus and gain control more easily. Sharing read-only from a file server is the real solution. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Gautum! On Fri, 19 Nov 2004, Gautam R. Singh wrote: I was just wondering is there any encrytpion alogortim which expires wit h time. IPSec, kerboros, etc. all use time as part of the auto-generated session key to prevent playback attacks. If a black hat has an intercepted message he wants to decode then he can set his clock to anything he wants to. Time is no help there, except to expand the key search space if they are looking for an unknown key. If they have the key already nothing you can do if they can reset their clock. All that time gets you is protection from replays. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBnj458KZibdeR3qURAhRrAKCmRRsEOWNYysATUTetYkc0ldoZtACeIM5h aYw7P4ACKK0dqhJhivG1lYE= =JwrG -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
In the last year or two of subscribing to FD, that is the single most idiotic statement I have ever read. -Original Message- From: [EMAIL PROTECTED] on behalf of Danny Sent: Fri 19/11/2004 17:40 To: Mailing List - Full-Disclosure Cc: Subject: [Full-Disclosure] Why is IRC still around? Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
I think if the main design of any system was run as mortal and do runas for things that need more, you would have a system that by default, NEVER allowed interactive logon to an account that does more. Further it wouldn't let you change that code to allow it. Heck I would even take it further and say that the raised levels of access would be process only based, once that process completed, it would revert. joe -- Pro-Choice Let me choose if I even want a browser loaded thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 19, 2004 5:14 PM To: Crotty, Edward Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox On Fri, 19 Nov 2004 13:12:31 EST, Crotty, Edward said: I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1. There is such a thing as runas for Windows. Yes, but is *the main design* of the system run as a mortal, and use the 'runas' for those things that need more? Or is the *main design* We'll just elect the first user as Administrator, and include 'runas' in case somebody wants to Do It The Right Way? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
there is some great stuff developed on irc. have you ever used a cvsbot? I just love those check-in privmsg notifications. chris == 'when all you have is a nail-gun, every problem looks like a messiah' Danny wrote: On Fri, 19 Nov 2004 17:10:13 -0500, Tim [EMAIL PROTECTED] wrote: My mistake; I was referring to the discussion, collaboration, and creation, not the spread. You mentioned DDoS attacks below. I don't believe that use is a form of discussion, collaboration, or creation. Some say we should, but I am not one of those. My point was to get rid of the most well established tool (and easiest to use) for these types of activities. Any tool can be used by anyone for good or evil. If one knows the kiddies are all hanging out on IRC, then you can get a lot of good info about what their new attacks are by loitering on their channels. What's the difference? IRC is so well established for the type of activity I am referring to. As it is established for many productive things. Ever check out freenode? I'll leave the piracy battle for someone else - I just mentioned it as a part of the problem. If you aren't prepared to defend it on this list, better not mention it. =) Sure netcat is an alternative, but which one is easier to use? Um... netcat, or raw tcp sockets. I would argue it is easier to write something that just opens a connection, and listens for commands to come back, than something that has to speak IRC. Speaking IRC has its own advantages, but in the absence of it, it is still trivial to manage a bot net. I thought I would throw out the idea. If you want to call me a troll, then so be it, but don't get your panties in a knot over the whole thing Pardon my harsh reply. It wasn't personal, and is directed only at your reasoning. It is a similar reasoning that leads to the slippery slope toward censorship. No worries. Case closed. :) ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 2004-11-19 at 17:40, Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? Who is 'we' and what makes you think anyone cares what you 'sunset'. What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? This has to be a troll. It's just too stupid. - M ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? I don't think that it would have any impact at all with regard to stopping malware and crackers. Even if the legitimate IRC servers were shut down, it would still be a simple matter for them to create their own servers on non-standard ports. Barring their ability to do that, they'll completely move to IM or P2P protocols (like WASTE) to carry out their attacks. They've already created the tools to do this and they're actively doing it right now. In fact, in this regard IRC is a godsend with regard to tracking down attackers. It's easier to determine the location of an IRC bot and to track unencrypted IRC traffic than it is to track WASTE packets or IM connections. Protocols (and their implementations) aren't causing the illegal activity as much as the drive to carry out illegal acts is. -Barry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Micheal Espinola Jr wrote: Is SMTP bad? Yes. Why? Because they are simple and basic protocol implementations Are or were ? smtp supports tls for example (I dropped irc because I have very little knowledge about it). Not that they aren't efficient and easy, but they certainly have their shortcomings in terms of security and AAA. smtp supports both plaintext (login/password) and tls/certificate authentications. Configuration is not a technology issue but a sysadmin issue. We need to move forward with technology. Or would you rather be like Microsoft - and attempt to be backward compatible for all-time - and continue to use products that have fundamental flaws in them? smtp is backward compatible with fossile like technology (sendmail comes to mind as it have a 'good' bugs record) but also 21th century technology aware (s/mime, tls). Much could be said against protocols such as rpc, ftp, telnet, iiop, http, ... but some/most of them are also supporting some somewhat new technology (encryption, authentication, ...) some of them do not add much value when used over the internet (rpc comes to mind) these are more lan protocols. Microsoft don't try to be backward compatible: w2k is not backward compatible with nt or dos, even xp sp2 is not backward compatible with xp sp1:-) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
On Sat, 2004-11-20 at 08:20, joe wrote: I agree with your initial comment, they can both be changed. I also agree they both do little. I don't agree that the hardcoding in the source does anything for you. Well, it *allows* you to change the ID of the superuser account to something else. But of course that is obfuscation, and is quickly discovered (just check what ID owns /bin/* and so on). Nevertheless, you have the *ability* to change the ID. You can't do that with Windows. (Yeah, cheap shot I know... ;) Cheers, Frank signature.asc Description: This is a digitally signed message part
[Full-Disclosure] Windows user privileges
On Fri, Nov 19, 2004 at 04:19:49PM -0600, Paul Schmehl wrote: Windows has several groups. By default users are in the USERS group, *not* the ADMINISTRATORS group. On every XP install that I've seen from every major OEM (Dell, Compaq, Gateway, etc) fast user switching is on by default and every user is an administrator. Not on most; on every single one. Furthermore, these machines don't have actual XP OS install CDs, they usually come with restore CDs that just return the PC to this same initial state if they're used, which they almost never are. I have never seen a home user, that is to say change that setting or create a user who is actually just a User. Not once, ever. It might make sense if you actually had knowledge of an OS before you criticize it. I don't think the question should be why is IRC still around, I think the question should be why is full-disclosure turning into IRC? - Mike Hoye -- Buy land. They've stopped making it. - Mark Twain ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 13:54:30 -0500, bkfsec [EMAIL PROTECTED] wrote: Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? I don't think that it would have any impact at all with regard to stopping malware and crackers. Even if the legitimate IRC servers were shut down, it would still be a simple matter for them to create their own servers on non-standard ports. Barring their ability to do that, they'll completely move to IM or P2P protocols (like WASTE) to carry out their attacks. They've already created the tools to do this and they're actively doing it right now. In fact, in this regard IRC is a godsend with regard to tracking down attackers. It's easier to determine the location of an IRC bot and to track unencrypted IRC traffic than it is to track WASTE packets or IM connections. Protocols (and their implementations) aren't causing the illegal activity as much as the drive to carry out illegal acts is. Fair enough... I just need to be enlightened. Thanks for your time. ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 14:47:31 -0500, Keith Pachulski [EMAIL PROTECTED] wrote: how bout because it is entertaining and it is an easy way to communicate with a large group of ppl at once So that trumps it's infestion of illegal activites? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sober.I worm is here
On Fri, 19 Nov 2004 11:22:31 EST, KF_lists said: Any new features / functionality? Oooh.. new features/functionality in software intentionally designed to be malware (as opposed to the misfeatures and misfunctions shipped in the unintentional malware shipped by all too many vendors). Even after a quarter of a century in this field, there's still new amusing concepts to be found ;) pgpvPOiQuNxtu.pgp Description: PGP signature
Re: [Full-Disclosure] Why is IRC still around?
On Friday 19 November 2004 3:31 pm, Poof wrote: Wow, NICE analogy Jeff! While IRC is here to stay... The future seems more like servers that're only hosted through big companies/etc as most datacenters are 'forbidding' use of IRC(Ports 6660-6669, 7000) on their network. As any other service, you can put IRC on any port you want. Max -- Linux garaged 2.6.9-ac9 #2 SMP Tue Nov 16 17:07:13 CST 2004 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux -BEGIN GEEK CODE BLOCK- Version: 3.12 GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L+ E--- W++ N* o-- K- w O- M-- V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z** --END GEEK CODE BLOCK-- gpg-key: http://garaged.homeip.net/gpg-key.txt ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
Might as well ask yourself Why are trolls like me still around? Hooked 'em good, monkey. :o) On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
If you are on the box, having changed the name of the Admin is useless. Naming doesn't safe you from a lot...a simple registry pull in Windows will get you all the hashed passwords. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Davis Sent: Friday, November 19, 2004 8:40 PM To: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Are you able to change root's name in nix? Why not if the answer is no? (Things would break right? UID 0?) Knowing the account name is two-thirds of the battle. In windows it's fairly easy to change the admin name. Not a professional here just curious... J On Fri, 19 Nov 2004 17:13:36 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Fri, 19 Nov 2004 13:12:31 EST, Crotty, Edward said: I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1. There is such a thing as runas for Windows. Yes, but is *the main design* of the system run as a mortal, and use the 'runas' for those things that need more? Or is the *main design* We'll just elect the first user as Administrator, and include 'runas' in case somebody wants to Do It The Right Way? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
Gautam R. Singh [EMAIL PROTECTED] wrote: I was just wondering is there any encrytpion alogortim which expires with time. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key No. Think about it for a moment. (Clocks can be changed.) PGP.sig Description: This is a digitally signed message part
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
This is true. It will also play many other types of files (with something like ffdshow) that WMP 9/10 can, although it will do so with about have the memory footprint and start twice as fast. Gotta love upgrades. =/ I moved more to BS Player, as it's pretty quick and comes with all the bells and whistles you'll need. Of course VideoLAN (VLC) is also a nice choice. I prefer the BS Player interface (think PowerDVD Crystal theme). =D -- Peace. ~G On Sat, 20 Nov 2004 14:41:59 -0600, Todd Towles [EMAIL PROTECTED] wrote: Ohh don't worry I am not knocking it. The 6.4 version will play some of those AVI files that the version 9 and 10 won't play because of codec stuff, kinda of funny. =) -Original Message- From: GuidoZ [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 1:15 AM To: Todd Towles Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Dude, mplayer2 rulez!! I use it to play all sorts of things. =) I'm glad they left it there... the newer MS media player is just bloat. Media Player Classic (that comes with RealAlternative and QuickTime Alternative) is another one of my favs. =D Yeah, not really anything to do with the topic, but I felt it had to be said. Don't go knocking my v6.4. ;) -- Peace. ~G On Fri, 19 Nov 2004 12:41:25 -0600, Todd Towles [EMAIL PROTECTED] wrote: Microsoft integration: You remove the application that plays MPEG movies from a system that has never needed to play MPEG movies, and never will need to - and your system won't boot anymore. Example - Anyone with XP, do a search for mplayer2.exe? What is this you ask? It is media player 6.4 =) You only think you upgraded to Media player 10..lol -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
Vincent Archer wrote: Other apps flatly refuse to work with anything but IE. None of these are strictly web applications anymore - they are applications that use an UI processor, which happens to be the HTML processor as well. You see, this is precisely the problem. HTML processors in web browsers should be designed to take in untrusted data and treat it, exclusively, in an untrusted fashion. The problem with latching trust zones onto this is that you provide a backdoor that allows any person who can exploit the complex internal trust relationships (or otherwise bypass it) to do whatever the HTML processor allows it to do, which in the case of IE is almost anything. The web browser was never meant to be a trusted application engine. It was meant to display data, not interact with the software on your computer. If done carefully and responsibly, add-ons that allow for code launching are fine - as long as they can be removed at will and without difficulty and do NOTHING transparently. What we have here is misuse of a technology. That's where the root of these problems exist. And any company that relies on the misuse of technology, frankly, needs to address their IT strategy immediately and think very clearly about what the ultimate end result of that is. -Barry p.s. There will always be buffer overflows and ways to exploit programs using input, but following my line of thinking above, it becomes MUCH easier to secure the browser so that those issues can be effectively mitigated. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows user privileges
Dell gives the full OS cd and then a separate drivers CD, at least on the business side. Not sure about the home side. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hoye Sent: Saturday, November 20, 2004 7:19 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Windows user privileges On Fri, Nov 19, 2004 at 04:19:49PM -0600, Paul Schmehl wrote: Windows has several groups. By default users are in the USERS group, *not* the ADMINISTRATORS group. On every XP install that I've seen from every major OEM (Dell, Compaq, Gateway, etc) fast user switching is on by default and every user is an administrator. Not on most; on every single one. Furthermore, these machines don't have actual XP OS install CDs, they usually come with restore CDs that just return the PC to this same initial state if they're used, which they almost never are. I have never seen a home user, that is to say change that setting or create a user who is actually just a User. Not once, ever. It might make sense if you actually had knowledge of an OS before you criticize it. I don't think the question should be why is IRC still around, I think the question should be why is full-disclosure turning into IRC? - Mike Hoye -- Buy land. They've stopped making it. - Mark Twain ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
I think its about time to sunset this discussion, how many people need to send emails saying the same thing? - Original Message - From: Keith Pachulski [EMAIL PROTECTED] To: Danny [EMAIL PROTECTED]; Mailing List - Full-Disclosure [EMAIL PROTECTED] Sent: Friday, November 19, 2004 2:47 PM Subject: RE: [Full-Disclosure] Why is IRC still around? how bout because it is entertaining and it is an easy way to communicate with a large group of ppl at once -Original Message- From: Danny [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 12:40 PM To: Mailing List - Full-Disclosure Subject: [Full-Disclosure] Why is IRC still around? Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Time Expiry Alogorithm??
Anders Langworthy wrote: snip Whoops, should have proofread. I meant to say factoring to primes, not actually factoring prime numbers (which I think we can all agree is both P and NP :-) //Anders ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Secret Vulns: Places of confusion
hello list Sometimes ago I have examined the websites of many Government's if it's possible to put malicious code in their URLs. In November 2004 I inform some Deparments about my successful work. On most Sites it is possible to: - inject SQL - account hijacking - user exploitation - server manipulation - read complete dir ect. ect. In Arrangement with the Victims I will not reveal vulnerability or victim details until a fix became published. I will answer no questions! This is only for Your information! Credits: d.w., ms, [...] -- [EMAIL PROTECTED] online - MM -- .//sometimes its better to know somewhat as all but at later times would be better to know nothing - This email was sent using FREE Catholic Online Webmail! http://webmail.catholic.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Ohh don't worry I am not knocking it. The 6.4 version will play some of those AVI files that the version 9 and 10 won't play because of codec stuff, kinda of funny. =) -Original Message- From: GuidoZ [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 1:15 AM To: Todd Towles Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Dude, mplayer2 rulez!! I use it to play all sorts of things. =) I'm glad they left it there... the newer MS media player is just bloat. Media Player Classic (that comes with RealAlternative and QuickTime Alternative) is another one of my favs. =D Yeah, not really anything to do with the topic, but I felt it had to be said. Don't go knocking my v6.4. ;) -- Peace. ~G On Fri, 19 Nov 2004 12:41:25 -0600, Todd Towles [EMAIL PROTECTED] wrote: Microsoft integration: You remove the application that plays MPEG movies from a system that has never needed to play MPEG movies, and never will need to - and your system won't boot anymore. Example - Anyone with XP, do a search for mplayer2.exe? What is this you ask? It is media player 6.4 =) You only think you upgraded to Media player 10..lol -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
joe the expert (was Re: [Full-Disclosure] IE is just as safe as FireFox )
joe [EMAIL PROTECTED] wrote: [1] Don't get me started on MCSEs. As a whole I think they hurt Windows far more than any other thing. A bunch of people who feel they are experts in Windows because they took a couple of tests that 10 year olds could memorize and pass and yet still not be able to run anything. The best I can say about MCSEs is that I will *try* not to look down upon them for being MCSEs and let them prove themselves to be worthless before I assume it in person. Now from joe's own site, comes this fully untrue statement: 'So what is a Microsoft MVP? The flip response is a Microsoft MVP is a person who answers the questions the MCSE/MCD/MCT folks ask.' My dear Joe, Let's see what Microsoft has to say about MVPs: http://mvp.support.microsoft.com/default.aspx?scid=fh;EN-US;mvpfaqsstyle=flat Are Microsoft MVPs experts in all Microsoft technologies and products? No. Although many MVPs have in-depth knowledge of more than one product or technology, none of them are experts in all Microsoft technologies or products. So, my dear joe, you are nothing but an ego-inflated bullshitter. Your verbal diarrhea is only matched by your unbelievably low level of competence when it comes to Microsoft products. Being an MCSE is much more than answering some how do I send a message with Outlook in one or two newsgroups. I worked really hard for my MCSE titles and honestly, the idea that I (or any of my colleagues) could seek enlightenment from you is simply ridiculous. If you think that passing exams like 216, 296 or the design exams is something an... er, MVP could do... then you'd better think again. While I'm an MCSE, I'm by no means an ass-kisser for Microsoft, as your MVPiness seems to be. Their products, contrary to popular belief, could be extremely complex (try real life business environment, compared to that unlicensed version of Windows 2003 server you're running at home) and many times extremely badly written and vulnerable -- but very complex nevertheless. Saying otherwise, only proves your lack of specialization (hint: familiarity is NOT specialization; you may be 'familiar' with your colorful XP, but that makes you by no means a 'specialist'). Oh, and something else: for some 10 years before I became an MCSE, I was the typical Unix admin. I used to laugh at Windows NT, I stopped laughing at 2000. I'm by no means friends with hip-kiddies who think Linux is cooler than Window$$$, I really dislike Microsoft-moronized Windows ass-kissers like you, who only know buzzwords, but have no real knowledge of the system. You should go together and exchange some fanatic e-mails; you belong in a place where 'my-OS-is-longer-yours' fights 'windows-2003-is-secure-by-default-'cause-Billy-told-us-so'. Anything else... is just proving yourself how MVP and not MCSE you are. Or whatever Unix/IT certification you may choose, other than the ridiculous MVP thingie. Take care and don't let the bedbugs bite. __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Secret Vulns: Places of confusion
Correct me if I'm wrong (which I know the list members will take me up on that), the FD mailing list is about *discussing* vulnerabilities and revealing important information to the community. This post seems to comment on general problems with general products--so general in fact that the products or specific problems are not addressed. If you cannot or will not (for privacy issues) share any details about your findings, I believe that the posted findings are quite useless to the community. I mean this in a constructive sense. However, if some of the other community members feel that this post is informative in some way, I will gladly hear their reasoning. -Michael On Sat, 20 Nov 2004 20:11:40 - (GMT), gp [EMAIL PROTECTED] wrote: hello list Sometimes ago I have examined the websites of many Government's if it's possible to put malicious code in their URLs. In November 2004 I inform some Deparments about my successful work. On most Sites it is possible to: - inject SQL - account hijacking - user exploitation - server manipulation - read complete dir ect. ect. In Arrangement with the Victims I will not reveal vulnerability or victim details until a fix became published. I will answer no questions! This is only for Your information! Credits: d.w., ms, [...] -- [EMAIL PROTECTED] online - MM -- .//sometimes its better to know somewhat as all but at later times would be better to know nothing - This email was sent using FREE Catholic Online Webmail! http://webmail.catholic.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
I use WinAmp for Music and the Microsoft stuff for Video...I don't do a lot of video stuff. The lastest Winamp is pretty nice. I can always stream shoutcast or video to my XBOX so..lol -Original Message- From: GuidoZ [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 3:03 PM To: Todd Towles Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox This is true. It will also play many other types of files (with something like ffdshow) that WMP 9/10 can, although it will do so with about have the memory footprint and start twice as fast. Gotta love upgrades. =/ I moved more to BS Player, as it's pretty quick and comes with all the bells and whistles you'll need. Of course VideoLAN (VLC) is also a nice choice. I prefer the BS Player interface (think PowerDVD Crystal theme). =D -- Peace. ~G On Sat, 20 Nov 2004 14:41:59 -0600, Todd Towles [EMAIL PROTECTED] wrote: Ohh don't worry I am not knocking it. The 6.4 version will play some of those AVI files that the version 9 and 10 won't play because of codec stuff, kinda of funny. =) -Original Message- From: GuidoZ [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 1:15 AM To: Todd Towles Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox Dude, mplayer2 rulez!! I use it to play all sorts of things. =) I'm glad they left it there... the newer MS media player is just bloat. Media Player Classic (that comes with RealAlternative and QuickTime Alternative) is another one of my favs. =D Yeah, not really anything to do with the topic, but I felt it had to be said. Don't go knocking my v6.4. ;) -- Peace. ~G On Fri, 19 Nov 2004 12:41:25 -0600, Todd Towles [EMAIL PROTECTED] wrote: Microsoft integration: You remove the application that plays MPEG movies from a system that has never needed to play MPEG movies, and never will need to - and your system won't boot anymore. Example - Anyone with XP, do a search for mplayer2.exe? What is this you ask? It is media player 6.4 =) You only think you upgraded to Media player 10..lol -Todd ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows user privileges
They do the same on the home side. (Well, at least they did last time I bought a Dell laptop. Been a few years.) I was going to point this out too but you beat me to it. =) -- Peace. ~G On Sat, 20 Nov 2004 14:44:41 -0600, Todd Towles [EMAIL PROTECTED] wrote: Dell gives the full OS cd and then a separate drivers CD, at least on the business side. Not sure about the home side. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hoye Sent: Saturday, November 20, 2004 7:19 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Windows user privileges On Fri, Nov 19, 2004 at 04:19:49PM -0600, Paul Schmehl wrote: Windows has several groups. By default users are in the USERS group, *not* the ADMINISTRATORS group. On every XP install that I've seen from every major OEM (Dell, Compaq, Gateway, etc) fast user switching is on by default and every user is an administrator. Not on most; on every single one. Furthermore, these machines don't have actual XP OS install CDs, they usually come with restore CDs that just return the PC to this same initial state if they're used, which they almost never are. I have never seen a home user, that is to say change that setting or create a user who is actually just a User. Not once, ever. It might make sense if you actually had knowledge of an OS before you criticize it. I don't think the question should be why is IRC still around, I think the question should be why is full-disclosure turning into IRC? - Mike Hoye -- Buy land. They've stopped making it. - Mark Twain ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Sat, 20 Nov 2004 09:58:48 -0500, ntx0f [EMAIL PROTECTED] wrote: I think its about time to sunset this discussion, Sunsets are nice to watch in the summer months over here. Thanks,n3td3v http://www.geocities.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: joe the expert (was Re: [Full-Disclosure] IE is just as safe as FireFox )
Neither viewpoint is 100%. But, over-all I would have to agree with joe. MCSE's (in my experience) are typically not worth the credit [automatically] applied to them - not unless they have the experience to back it. That is of course true for any certification in any industry. MCSE's are easy to pick on, because the industry (employers) see it fit to give them preferential treatment equal to System Engineer qualifications of other products/OSs/etc - yet many MCSE's do not hold the underlying understanding necessary for that title - and have simply remembered and regurgitated a series of questions and answers within an allotted time period. I would think that members of this particular list would agree that the larger percentile of computer users/administrators/developers that know the least about the hardware and software they are using - are Microsoft/Windows/PC users. Don't take personal offense to generalizations and stereotypes that may sound like they apply to you. They exist only because there is some truth to them, but they are not considered absolute. Next time you wish to express your viewpoint, why don't you try it with a little more professionalism and decorum suitable for a public forum. Your accusations again joe's expertise and knowledge in this area are completely unsubstantiated. On Sat, 20 Nov 2004 12:16:52 -0800 (PST), Maurizio Trinco [EMAIL PROTECTED] wrote: joe [EMAIL PROTECTED] wrote: [1] Don't get me started on MCSEs. As a whole I think they hurt Windows far more than any other thing. A bunch of people who feel they are experts in Windows because they took a couple of tests that 10 year olds could memorize and pass and yet still not be able to run anything. The best I can say about MCSEs is that I will *try* not to look down upon them for being MCSEs and let them prove themselves to be worthless before I assume it in person. Now from joe's own site, comes this fully untrue statement: 'So what is a Microsoft MVP? The flip response is a Microsoft MVP is a person who answers the questions the MCSE/MCD/MCT folks ask.' My dear Joe, Let's see what Microsoft has to say about MVPs: http://mvp.support.microsoft.com/default.aspx?scid=fh;EN-US;mvpfaqsstyle=flat Are Microsoft MVPs experts in all Microsoft technologies and products? No. Although many MVPs have in-depth knowledge of more than one product or technology, none of them are experts in all Microsoft technologies or products. So, my dear joe, you are nothing but an ego-inflated bullshitter. Your verbal diarrhea is only matched by your unbelievably low level of competence when it comes to Microsoft products. Being an MCSE is much more than answering some how do I send a message with Outlook in one or two newsgroups. I worked really hard for my MCSE titles and honestly, the idea that I (or any of my colleagues) could seek enlightenment from you is simply ridiculous. If you think that passing exams like 216, 296 or the design exams is something an... er, MVP could do... then you'd better think again. While I'm an MCSE, I'm by no means an ass-kisser for Microsoft, as your MVPiness seems to be. Their products, contrary to popular belief, could be extremely complex (try real life business environment, compared to that unlicensed version of Windows 2003 server you're running at home) and many times extremely badly written and vulnerable -- but very complex nevertheless. Saying otherwise, only proves your lack of specialization (hint: familiarity is NOT specialization; you may be 'familiar' with your colorful XP, but that makes you by no means a 'specialist'). Oh, and something else: for some 10 years before I became an MCSE, I was the typical Unix admin. I used to laugh at Windows NT, I stopped laughing at 2000. I'm by no means friends with hip-kiddies who think Linux is cooler than Window$$$, I really dislike Microsoft-moronized Windows ass-kissers like you, who only know buzzwords, but have no real knowledge of the system. You should go together and exchange some fanatic e-mails; you belong in a place where 'my-OS-is-longer-yours' fights 'windows-2003-is-secure-by-default-'cause-Billy-told-us-so'. Anything else... is just proving yourself how MVP and not MCSE you are. Or whatever Unix/IT certification you may choose, other than the ridiculous MVP thingie. Take care and don't let the bedbugs bite. __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- ME2 http://www.santeriasys.net/rss.php ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Why is IRC still around?
-Original Message- From: Danny [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 12:40 PM To: Mailing List - Full-Disclosure Subject: [Full-Disclosure] Why is IRC still around? Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? A lot us MS to spread, does that mean we should drop it? 2) A considerable amount of script kiddies originate and grow through IRC? E-mail, AIM, and other methods, list drop all of them? 3) A wee bit of software piracy occurs? FTP, SCP, RCP 4) That many organized DoS attacks through PC zombies are initiated through IRC? E-mail, worms and viruses spread via udp and exploit NetBIOS, let's drop them. 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Freedom of speech Let's kill that. Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? D As with anything, there is good and bad, lets not throw the baby out with the bath water. The malicious ones are the minority, lets not punish the majority for their actions. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Secret Vulns: Places of the confusion
hello list Sometimes ago I have examined the websites of many Government's if it's possible to put malicious code in their URLs. In November 2004 I inform some Deparments about my successful work. On most Sites it is possible to: - inject SQL - account hijacking - user exploitation - server manipulation - read complete dir ect. ect. In Arrangement with the Victims I will not reveal vulnerability or victim details until a fix became published. I will answer no questions! This is only for Your information! Credits: d.w., ms, [...] -- [EMAIL PROTECTED] online - MM -- .//sometimes its better to know somewhat as all but at later times would be better to know nothing - This email was sent using FREE Catholic Online Webmail! http://webmail.catholic.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gmail anomaly
I never said it wasn't working - I said it leaves much to be desired. =) I prefer the convienance of CookieCuller personally. I can easily, with one click: view all cookies, remove all cookies, or keep only certain cookies. It even comes with a handy little cookie icon I have nested after the address bar and before the search bar. To each their own. Don't knock it till you tried it. I've tried the default manager. Have you tried this? -- Peace. ~G On Fri, 19 Nov 2004 15:09:35 +0100, evilninja [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 GuidoZ schrieb: I agree - the default cookie manager leaves much to be desired. I've found a very useful extension called CookieCuller that handles them [...] On Fri, 19 Nov 2004 00:10:33 -0500, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Yep, something is awry with Firefox's cookie management. it pisses me off. I disconnect from a site (close the browser), but the next time I open FF, all my cookies are acting as if they are still live. the Remember Cookies: Until FF is closed (or whatever it's called) does not work? then file a bug, please. FF = 1.0pre is/was working here... - -- BOFH excuse #61: not approved by the FCC -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBnf6fC/PVm5+NVoYRAvRWAJ4sR5svtUdWtE8YzFFKQx85qG81mwCg2qox Dt+Ss0rcYBNLu0je9W7FVac= =vaD5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida
--On Friday, November 19, 2004 1:15 PM -0600 [EMAIL PROTECTED] wrote: Paul, do you really feel that as long as the (potentially) fraudulent votes did not change the outcome (as far as we know...knowing absolutely nothing for certain at this point) it's perfectly ok that a method for fixing the e-votes exists and is in use...hypothetically? Absolutely not. In fact I think that voting systems should be checked *routinely* rather than waiting until just before (or after) an election to suddenly think about it. (And by systems I mean not just the boxes but the people and the methodology involved.) I *hope* that the work being done to determine the security of e-voting systems will continue and result in improvements in both awareness and security of the sytems. I'm just trying to understand where you are coming from on this...does it only stop becoming an acedemic excersize if the shoe is on the other foot? It's *always* an academic exercise if it doesn't change the outcome. What I object to is studies that purport to be scientific, but in fact are not. For example, the study by Berzerley scientists that proves somewhere between 130,000 to 260,000 excess votes for Bush is seriously flawed. The conclusion that President Bush was more likely to improve his vote in counties with e-voting is laughable on its face. Using the Excel spreadsheet provided by the authors, I totaled the votes for counties with and without e-voting, and came up with this: Percentage Change for Bush in Counties WITH E-Voting: 2.25% Percentage Change for Bush in Counties WITHOUT E-Voting: 2.54% It looks like e-voting suppressed the President's vote by about 0.29% -- or 7,800 votes! Taking each of these counties as data points, was the President significantly more likely to have increased his support in counties with e-voting? Again, no. E-Voting Counties with Increased Bush Vote: 13/15 (86.7%) Non-E-Voting Counties with Increased Bush Vote: 46/52 (88.5%) http://www.patrickruffini.com/archives/2004/11/fisking_berkele.php Just because someone or some institution has a credible name does not mean that you accept what they say without even bothering to think about it. Their study just invigorates the conspiracy theorist element of society without contributing anything substantive to the debate. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, Nov 19, 2004 at 12:40:26PM -0500, Danny wrote: 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? You answered yourself. Because such mostly unregulated, seminanonymous medium is needed. You have problem with unpatched machines? Patch them, then and do not waste time whining. And what would we do without bash.org? Alex -- mors ab alto 0x46399138 pgpLG8cJJB87E.pgp Description: PGP signature
Fwd: Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
Daniel Veditz [EMAIL PROTECTED] wrote: From: Daniel Veditz <[EMAIL PROTECTED]>To: Paul Schmehl <[EMAIL PROTECTED]>CC: Jason Coombs <[EMAIL PROTECTED]>, [EMAIL PROTECTED],[EMAIL PROTECTED]Subject: Re: [Full-Disclosure] University Researchers Challenge Bush Win InFloridaDate: Fri, 19 Nov 2004 14:30:55 -0800Paul Schmehl wrote: Even *if* they are correct (which is at least debateable) the 130,000 vote discrepancy they argue for won't overcome Bush's lead of 380,000, so this is, at best, an academic exercise. *** If they are even possibly correct a discrepancy that large must beinvestigated to make sure it won't happen in a future election which mightbe a lot closer. * I believe the real question here is IF the discrepancy was as great as purported then why would anybody assume that otherdiscrepancy's don't exist in other states as well? I'm constantly amazed at the naiveteof themany individuals whoplace their trustin officials who'vecome to power through less than stellar means to begin with, and who are as crooked as three dollar bills and wouldn't hesitate to lie in order to further their gains in the first place. There was no election in america this year, it isas it was planned for during the course of the first 4 years that truly andwithout doubt,WERE stolen. ___Full-Disclosure - We believe in it.Charter: http://lists.netsys.com/full-disclosure-charter.html Do you Yahoo!? Meet the all-new My Yahoo! Try it today!
Re: [Full-Disclosure] Why is IRC still around?
Danny wrote: Well, it sure does help the anti-virus (anti-malware) and security consulting business, but besides that... is it not safe to say that: 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc? 2) A considerable amount of script kiddies originate and grow through IRC? 3) A wee bit of software piracy occurs? 4) That many organized DoS attacks through PC zombies are initiated through IRC? 5) The anonymity of the whole thing helps to foster all the illegal and malicious activity that occurs? The list goes on and on... Sorry to offend those that use IRC legitimately (LOL - find something else to chat with your buddies), but why the hell are we not pushing to sunset IRC? What would IT be like today without IRC (or the like)? Am I narrow minded to say that it would be a much safer place? I daresay the world would not be much different. The early dedicated DDoS systems had their own inter-agent communication channels of varying complexity and sophistication. I'm sure if something easy and convenient such as IRC were not around for the skiddie copycats that came along later to usurp, at least one or two of said copycats would probably have managed to scrape together just enough talent to roll their own simple, lightweight distributed messaging system to use as a communication and coordination channel for their bot armies and thus we'd have ended up more or less where we are. Likewise, other methods of more or less anonymous intercommunication between like-minded skiddies would have evolved had IRC not, as the nature of the underlying structure of the Internet is essentially anonymous communication (recall that this is a completely unintended, and perfectly expected, effect of the purpose of the underlying network technology -- it was to be used for a physically closed network, where the fact a machine was on the network _meant_ that machine was supposed to be there _and_ that its location _AND_ the names and whereabouts of the ranking officers responsible for the techies running it would be readily available). Ditto, s/w piracy would have found other largely untraceable online outlets such rooted FTP and web servers, compromised SOHO machines with fast connections and totally clueless admins, P2P, etc, etc... In short, without IRC I'd expect we'd be pretty much exactly where we are anyway (save we would have had one less inane question to answer on some mailing list). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Fri, 19 Nov 2004 14:55:12 -0500, Keith Pachulski [EMAIL PROTECTED] wrote: been on yahoo lately? or AOL channels or hell how bout gnutella? Do they organize zombies, foster the creation of backdoors, round up DoS attacks? Sure, getting rid of the big piracy rings would be nice, but I am focusing on the malware, zombies, bots, organized DoS attacks, etc. aspect of IRC. ..D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] irc legaility
Hi guys / gals, Had a conversation tonight, and have been reading the IRC threads and wondered if anyone could answer the following. In the following scenario; you are a business, is IRC logs of conversations and lists of hosts be help up in a court of law if a client you spoke to refused to pay or hold up the end of a bargain or agreement, and is faxing a document (no hard copies sent via post) accepted as a legal document in a court of law. I appreciate any help you can give. Regards Simon Lorentsen --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
[Full-Disclosure] sms/t9
topic: read out user-specific words in mobile-phones with T9 input for sms (short message service) tested on: some nokia and siemens (gsm)mobiles howto: Just enter one character (a,d,g,j,m,p,t,w). now press the key who switches normally the words (if there is more than one possibility). you will see all words you enter with T9, in worst case: passwords (and maybe other thinks your wife for example mustn`t see ;) ) so don`t forget to reset the phone (if that helps?) when sell this little spy ;) greetz soylent ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows user privileges
--On Saturday, November 20, 2004 8:19 AM -0500 Mike Hoye [EMAIL PROTECTED] wrote: On every XP install that I've seen from every major OEM (Dell, Compaq, Gateway, etc) fast user switching is on by default and every user is an administrator. Not on most; on every single one. Furthermore, these machines don't have actual XP OS install CDs, they usually come with restore CDs that just return the PC to this same initial state if they're used, which they almost never are. I have never seen a home user, that is to say change that setting or create a user who is actually just a User. Not once, ever. And this is a flaw of the *OS*? Or of the *OEM*? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] GET /M83A making rounds again?
A google search for 'GET /M83A' finds lots of 'awstats' pages reporting this, as well as some discussions, but no on seems to have an answer. Is this a vulnerabilities scanning tool signature? The preamble of a p2p file sharing network? An attack against some undisclosed application? Scan your logs, see what you get. One of the latest comes from ip 193.84.40.199 (shown hitting 20 networks, 13000 times) http://www.mynetwatchman.com/ListIncidentsbyIP.asp?IP=193.84.40.199 packet payload is: IPv4: 193.84.40.199 - xxx.xxx.xxx.xxx hlen=5 TOS=0 dlen=62 ID=37178 flags=2 offset=0 TTL=113 chksum=33442 TCP: port=30668 - dport: 80 flags=***AP*** seq=1601629704 ack=907044503 off=5 res=0 win=65535 urp=0 chksum=65397 Payload: length = 22 000 : 47 45 54 20 2F 4D 38 33 41 20 48 54 54 50 2F 31 GET /M83A HTTP/1 010 : 2E 30 0D 0A 0D 0A .0 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Secret Vulns: Places of the confusion
When can we expect more like this from the super ereet catholic kid security? (SECKS) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gp Sent: Saturday, November 20, 2004 10:51 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Secret Vulns: Places of the confusion hello list Sometimes ago I have examined the websites of many Government's if it's possible to put malicious code in their URLs. In November 2004 I inform some Deparments about my successful work. On most Sites it is possible to: - inject SQL - account hijacking - user exploitation - server manipulation - read complete dir ect. ect. In Arrangement with the Victims I will not reveal vulnerability or victim details until a fix became published. I will answer no questions! This is only for Your information! Credits: d.w., ms, [...] -- [EMAIL PROTECTED] online - MM -- .//sometimes its better to know somewhat as all but at later times would be better to know nothing - This email was sent using FREE Catholic Online Webmail! http://webmail.catholic.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] sacred (pcgame) server flaw
Program: Sacred (pc game) http://sacred-game.com type: simple DoS, no client-auth affected version: 1.0.6.2 note: -fixed in later versions (1.0.7.0) (dated:31.08.2004) -this security-lag exits for nearly half a year. although ascaron was informed at the date of release (02.03.2004), nothing happens long time. exploit-scenario: Use telnet client to connect to game-port, u will see that a valid(!) user connects. 16 times, and server will not accept any more connections (from valid users for example). after fake-clients get a timeout, only one of them gets kicked. example: http://forum.sacred-game.com/attachment.php?attachmentid=1209 (nothing special) greetz soylent --- stop that Why is IRC still around? -crap !!! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
--On Friday, November 19, 2004 2:30 PM -0800 Daniel Veditz [EMAIL PROTECTED] wrote: Paul Schmehl wrote: Even *if* they are correct (which is at least debateable) the 130,000 vote discrepancy they argue for won't overcome Bush's lead of 380,000, so this is, at best, an academic exercise. If they are even possibly correct a discrepancy that large must be investigated to make sure it won't happen in a future election which might be a lot closer. I disagree. Until the research is credible and vetted, investigating is premature. Many people don't seem to understand, investigating supposed discrepancies in the vote costs millions of dollars. The recount in Ohio will cost the state $1.5 million. That's money that could pay for other things. So you don't run off on wild goose chases just because some researcher says, Oo, look at this. This looks really unusual. *If* the research is credible and stands up to scrutiny, *then* you spend whatever is necessary to get to the bottom of it and determine if there is a problem. In this particular case, their research is laughable and doesn't merit followup, much less the expenditure of millions to get to the bottom of a nonexistent problem. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Why is IRC still around? (n3td3v is a troll)
--- n3td3v [EMAIL PROTECTED] wrote: I wish it was possible, but it just wouldn't work. The hackers would move onto the next best chat system, whatever that may be at the time. For it ever to work, you would need to ban all chat communications and peer 2 peer on the internet, and thats unlikely to happen, and would be hard to police. In the meantime what would you do with the billions of legitimate users of IRC, IM and P2P? Tell them to go away as well? I'm anti-malicious hackers, but this idea just would never work. Thanks,n3td3v First you say that *you* would even close IRC channels and then you state that this idea would never work. Which side of the troll fence are you muppet? The only thing that needs a tighter grip is your hands around your cock to stop the blood rushing to your head. And as for If I was in gov, fuck no, we already have enough dickheads in government thank you very much without you adding to the pile. From the archives (QED): http://lists.netsys.com/pipermail/full-disclosure/2004-November/028931.html FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment n3td3v n3td3v [EMAIL PROTECTED] Wed, 17 Nov 2004 17:53:44 + * Previous message: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment * Next message: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] On Wed, 17 Nov 2004 11:41:20 -0600, Todd Towles [EMAIL PROTECTED] wrote: Well, it is given that posting to FD does give a site exposure (good and bad). But I wouldn't say that FD was the cause of it..it was the illegal activity that was the cause of it. We all know SCC does some underground stuff and they post here each time they move. So...I wouldn't blame the FD list for anything. I wouldn't use the word blame? I think its a good thing if Full-Disclosure is helping to catch online criminals. I don't know if you like malicious hackers and other criminals, but yeah I dislike them. I would do anything in my power to stop online crime, from scriptkiddie stuff, to sex stuff,spam,scams, fraud, terrorism and back again. I have no space for anyone thinking they are elite and all the other hacker scene crap. Its time to clamp down on the BS thats on the net. If I was in gov, I would shut a site down that looks remotely hax0rish, even if they've done nothing wrong. All these crews and hacker groups, fk them all. The net needs zero tollerence with online crime. Govs should have the authority to close anything done because they feel like it, without needing to prove shit. I would even close IRC channels. Hackphreak on undernet looks harmless, but fk that. Close it anyway, its time to get a tighter grip on things. Thanks,n3td3v * Previous message: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment * Next message: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] ___ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Why is IRC still around?
IRC is still around because it does one thing. It proves that Einstein was right about stupidity: it is infinite. [frank] can you help me install GTA3? [knightmare] first, shut down all programs you aren't using frank has quit IRC. (Quit) [knightmare] ... ___ Win a castle for NYE with your mates and Yahoo! Messenger http://uk.messenger.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
Paul Schmehl wrote: --On Friday, November 19, 2004 01:12:31 PM -0500 Crotty, Edward [EMAIL PROTECTED] wrote: I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1. There is such a thing as runas for Windows. That's not all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of devis Sent: Friday, November 19, 2004 11:10 AM Cc: [EMAIL PROTECTED] Subject: Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox 1) Despite recent ameliorations of MS ( multi user finally, permissions ... ) and some effort at making the system more secure, something very important is still left out: The first default user of the MS computer is made an administrator. Apparently you don't have very broad experience with OSes. ON *every* OS I'm familiar with, the first user is the administrator (or root) account. Are You an idot ? When i start MS and look at my emty desktop, under what ID that graphic interface runs ? If i configure my oulook and go to fetch nice infected mails, who i am then launching outlook ? Administrator On unix, launching a graphic interface under root would have printed a big warning panel or for more descent OSes not allowed me AT ALL. I am NOT argueing that the first user is and admin, i am argueing that the DEFAULT user is an admin. The default user on UNIX is not root. Try to re reading before making a fool of yourself. This comes down to giving uid0 to ur first unix user. Unix does NOT do that. It requieres you to use su and become root ( administrator ) after proper credentials submission ( password ). When's the last time you installed an OS from scratch? Gentoo, FreeBSD, OpenBSD, RedHat, Fedora, Slackware, Mac OS X, Debian, Solaris, *all* create the first user as uid0 during the install process. (I can't speak for the others because I haven't done those, but I'd be willing to bet that NetBSD, AIX, HP-UX, SCO et. al. work exactly the same way.) See up there. You need to learn to read and make sense of it. Once again, I AM NOT ARGUEING THAT THE FIRST ACCOUNT CREATED HAS AN UID0. Please open ur eyes and try to pinpoint the difference beetween first user and default user. Even MS is confused on that subject it seems. Unix does not grant users root access by default, and it does a much better job of separating privileges by requiring you to join the wheel group *and* either use sudo or su to do work as root, but Windows doesn't make users the admin by default *either*, unless you setup Fast User Switching *during* the install. IT does makes the first installer of the box the default user. And that first default user HAS administrator priviledges. What what part of this is not clear ? With or without Fast User Switching. Ever installed XP ? many unixes don't use a wheel group. - snip --- % grep wheel /etc/group % Debian linux --- Playing on words ? Sure Linux isn't Unix, but then write Unix like so: Unix(tm) and i will know. The first user is NOT and administrator, and any recent Unix documentation will insist on the danger of running as root(admin). Unix keeps the admin account well separated from the user account, which MS DOESN'T, That's simply false. Windows has several groups. By default users are in the USERS group, *not* the ADMINISTRATORS group. It might make sense if you actually had knowledge of an OS before you criticize it. Please proove ur point and run IIS from an unpriviledged account. Please install a proper unix, create 2 accounts and try to read the home directory of the second user from the first. Please do the same in Windows. Here's a hint. You'll get the same results. 2) After all, they don;t need to know . You're on a need to know basis job Do MS really think the users are stupid ? Probably. Otherwise they wouldn't have those stupid warnings popup every time you try to delete something. Are you SURE you want to do this Yes, damn it!! [snipped the rant] Lets not hide from ourselves whats needed from MS to reach modern world security: a complete rewrite, and a ditch of old Dos base and the 20 years old legacy code. Oh baloney. Learn a little more about the OS before you make assumptions that make you look ignorant. Aside from the default permissions, you can also granularly apply privileges in many ways. For example, by default USERS have Read Execute, List Folder Contents and Read access to the Windows folder, its contents and all it's subfolders. In addition, there are fourteen (14) separate rights that can be explicity granted or denied to them at that level only or to all subfolders as well, to files only, to subfolders only, to subfolders *and* files only, etc., etc. I ahve admined nt4 boxes, and before being insulting, u should maybe look up again and re read. I do know nt ways, and it is just a pale implementation of permissions. They perfected it in 2003 but still has much to be desired. Took them
Re: [Full-Disclosure] IE is just as safe as FireFox
Its not because it has a great market 'penetration' in the 'real' world that it isn't wrong. Not saying it was wrong before...but nowadays...we know better than DOS, don't we ? Lets not go into the argument NT isn't DOS etc etc ...please. So even if the world IT computing economy is standing on it, one day or the other, when it is 'really' apparent to ALL eyes that you cannot 'cross' eras of computing with the same OS base, not at days where the OS was not designed to be networked, as joe pointed out. The internet has rised, mainly due to MS for its democratisation but now, its is time to wake. Its is security wise a bad base, and instead of hacking on it, a more proven secure model should be adapted, unix for example. Even Apple understood that. Where will they be without OS X today ? Joe, i do understand ur agument and it is valid in the real world, but realise that the more MS waits to rewrite and the worse it will be. We cannot progress with a bad base and patching it forever in hopes it runs good one day. Time to clean up. And yes time to throw away the old 80's stuff. Or keep a box for it, load win 3.11 on it . We have museums for OS's that aren't case sensitive in 2004. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
