Re: Re: [Full-Disclosure] Defcon spelled half backwards is Fedcon and you dumfucks walked into a trap
I took the liberty to fix a few things for you. Down with lamers, down with scene whores, down with ppl trying to make security a joke. Down with everyone profiting off stupidity. Why does Retards hang with morons and let them write a dumb emails? Why they get dumb ideas and make an ass out of themselves? Why people dont know who's who? Why ppl believe they eleet when they nothing but poo? Why people so inconsistent? Why people allow themselves to be punked and not fight back? Why so many tards? Why so many tools? WTF? Why people think information sharing among all is best? Fuck that. Why? Sorry i had to, to much of a comedy gold mine to leave alone. On Tue, 3 Aug 2004 17:35:52 -0400 (EDT), Andrew R. Reiter <[EMAIL PROTECTED]> wrote: > > funny that u post this to "FULL-DISCLOSURE" > > On Tue, 3 Aug 2004, Day Jay wrote: > > :Down with kiddies, down with admins, down with ppl > > > :trying to make security better. Down with everyone > :profiting off publicity. > : > :Why does Gobbles hang with iDEFENSE and let them buy > :him a beer? Why he get drunk and make an ass out of > :himself? > : > :Why people dont know who's who? Why ppl believe they > :eleet when they nothing but poo? > : > :Why people so inconsistent? > : > :Why people allow themselves to be punked and not fight > :back? Why so many fags? Why so many pussies? > : > :WTF? > : > :Why people think information sharing among all is > :best? Fuck that. > : > :Why? > : > : > : > : > : > : > :__ > :Do you Yahoo!? > :New and Improved Yahoo! Mail - Send 10MB messages! > :http://promotions.yahoo.com/new_mail > : > :___ > :Full-Disclosure - We believe in it. > :Charter: http://lists.netsys.com/full-disclosure-charter.html > : > : > > -- > Andrew R. Reiter > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] The Worm tard who got busted
You guys are amazing sometimes, it looks like a few of you have in fact done some googling and some detective work. Others are simply content on sitting on the sidelines and spewing only moderately informative opinions around like they are going out of style. If the topic of what this kid did and how stupid he was interests you go ahead and do some more detective work. The kid left one helluva trail on the net with SEVERAL postings on trojanforge.net (which has been offline since Friday). What was he posting about? Normal script kiddie things like y0 d00dz ch3ck 0utz my l33t st4sh 0f spl01tz 4nd tr0j4nZ. Not to mention asking about several small footprint irc based RAT's. So 1+1=2, and in my book the kid is simply an amateur crook who should get the book thrown at him. He would gain some respect from me if he had more skill, but im not a bleeding heart, you do the crime u do the time. Granted i am not one to judge but if i was in the jury there wouldn't be much of a doubt in my mind as to who was behind things. Wow he even looks to have defaced a site or two.. (look at the title of the window that loads) http://216.239.37.104/search?q=cache:t12Nd707VCkJ:www.satanosphere.com/+teek id&hl=en&ie=UTF-8 Teekids Thoughts on VB6 vs .NET http://216.239.53.104/search?q=cache:oY-N3GP1w4cJ:www.trojanforge.net/showth read.php%3Fthreadid%3D1715++site:www.trojanforge.net+teekid+trojanforge&hl=e n&ie=UTF-8 Teekid Hiting the wrong button (new thread instead of reply) http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e n&ie=UTF-8 Teekid Asking for a small footprint IRC boot with UDP features. http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e n&ie=UTF-8 Teekid Pimping his m4d l33t w4r3z.. (his trojan archive) http://216.239.53.104/search?q=cache:RFRMkPANScMJ:www.trojanforge.net/showth read/t-36.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8 Teekid shopping for a RAT http://216.239.53.104/search?q=cache:oSgqX5TAsQMJ:www.trojanforge.net/showth read/t-6016.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8 Teekid pimping his IRCBOTS site. http://216.239.53.104/search?q=cache:SUybKHSk8ncJ:www.trojanforge.net/showth read/t-2693.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8 Teekid coming to the aid of a fellow RAT developer (what a nice guy) http://216.239.37.104/search?q=cache:39FRhHqYu7cJ:www.trojanforge.net/showth read/t-5143.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8 All this was taken from only one site, if u want u can even find his flipping CS scores on several servers. He wasn't to bad of a shot with a M4. And for fun http://asmallvictory.net/archives/jabbahack.jpg Are all virus coders so stunning and athletic looking? http://us.news1.yimg.com/us.yimg.com/p/rids/20030829/i/1062184970.2617294885 .jpg Wow ever since the rash of articles about our favorite coder of the week it is allot harder to find some of the stuff that i found on fri and sat. Sorry for the rant of sorts just sort of irked me that after reading 100 or so emails about the kid no one even bothered to bring up any sort of evidence that could have been gleamed ( thank god for goggle cache). I would have posted more threads by the perp but the site is down, and while im sure with some more time and searching i could dig up irc chat logs, and other such info i unfortunately have a job to do (even though i hate it). Andre Ludwig, CISSP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Anyone have more info on this?
http://support.microsoft.com/default.aspx?scid=kb;[LN];kb824105 New patch from MS, looks like a crafted NetBIOS request could return data from memory. Anyone seen any more info on this new exploit? I am interested in an actual packet capture of the packet in question. Or other technical information surrounding this new exploit. Andre Ludwig, CISSP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] MS03-039 - Exploit ...
Please
correct me if I am wrong but it looks like this nessus script was written
for the eeye exploit. (judging by the 4 requests in the script).
Andre
Ludwig, CISSP
-Original Message-From: Elv1S
[mailto:[EMAIL PROTECTED]Sent: Wednesday, September 10, 2003
4:24 PMTo: [EMAIL PROTECTED]Subject:
[Full-Disclosure] MS03-039 - Exploit ...
from nessus lol
# The script code starts here#function
dcom_recv(socket){local_var buf, len;buf = recv(socket:socket,
length:10);if(strlen(buf) != 10)return NULL;len =
ord(buf[8]);len += ord(buf[9])*256;buf += recv(socket:socket,
length:len - 10);return buf;}port =
135;if(!get_port_state(port))port = 593;else {soc =
open_sock_tcp(port);if(!soc)port = 593;else
close(soc);}if(!get_port_state(port))exit(0);#-#function
hex2raw(s){local_var i, j,
ret;>for(i=0;i{ if(ord(s[i]) >=
ord("0") && ord(s[i]) <= ord("9")) j =
int(s[i]); else j = int((ord(s[i]) - ord("a")) +
10); j *= 16; if(ord(s[i+1]) >= ord("0") &&
ord(s[i+1]) <= ord("9")) j += int(s[i+1]);
else j += int((ord(s[i+1]) - ord("a")) + 10); ret +=
raw_string(j);}return
ret;}#--#function
check(req){ local_var soc, bindstr, error__code, r;soc =
open_sock_tcp(port);if(!soc)exit(0);bindstr =
"05000b03100048000100d016d01601000100a001c046045d888aeb1cc9119fe808002b1048600200";send(socket:soc,
data:hex2raw(s:bindstr));r =
dcom_recv(socket:soc);if(!r)exit(0);send(socket:soc,
data:req);r = dcom_recv(socket:soc);if(!r)return
NULL;close(soc);error_code = substr(r, strlen(r) - 4,
strlen(r));return error_code;}function check2(req){
local_var soc,bindstr, error_code, r;soc =
open_sock_tcp(port);if(!soc)exit(0);bindstr =
"05000b03100048000100d016d01601000100a001c046045d888aeb1cc9119fe808002b1048600200";send(socket:soc,
data:hex2raw(s:bindstr));r =
dcom_recv(socket:soc);if(!r)exit(0);send(socket:soc,
data:req);r = dcom_recv(socket:soc);if(!r)return
NULL;error_code = substr(r, strlen(r) - 24, strlen(r) -
20);return
error_code;}#---##
Determine if we the remote host is running Win955/98/MEbindwinme =
"05000b031000480053535641d016d01601000100e6730ce6f988cf119af10020af6e72f40200045d888aeb1cc9119fe808002b1048600200";soc
= open_sock_tcp(port);if(!soc)exit(0);send(socket:soc,
data:hex2raw(s:bindwinme));rwinme =
dcom_recv(socket:soc);close(soc);lenwinme =
strlen(rwinme);stubwinme = substr(rwinme, lenwinme-24,
lenwinme-21);# This is Windows 95/98/ME which is not
vulnerableif("02000100" ><
hexstr(stubwinme))exit(0);##REGDB_CLASS_NOTREG
= "5401048000";CO_E_BADPATH = "0400088000";NT_QUOTE_ERROR_CODE_EQUOTE
= "";#req1 =
"05031000b0030100980304000500020090051400680368034d454f570400a201c0463803c0463803300301100800c8003003d8000200070018018d00b8018d000700b901c046ab01c046a501c046a601c046a401c046ad01c046aa01c04607006000580090005800200068003000c1100800500001100800485d889aeb1cc9119fe808002b1048601100b8470a005800
050006000100c04601100800800020ba0900600060004d454f570400c001c0463b03c04631000100673c70941333fd4687244d093988939d02000100011008004800b07e0900f0890a000d000d00730061006a00690061006400650076005f0078003800360008000110080011100
RE: [Full-Disclosure] Mystery DNS Changes
Somewhat off topic, but a killer dhcp toolset that i have played with a bit is Gobbler from www.networkpenetration.com . Might give some people who don't understand the whole DHCP vulnerability thing a bit of an education. Andre Ludwig http://www.networkpenetration.com/downloads.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 1:11 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Mystery DNS Changes ... DHCP enabled workstations have had their DNS reconfigured to point to two of the three addresses User-driven trojan or not, machines running DHCP can pretty much be told by a DHCP server that their leases are up and it's time to renumber, and then that their new DNS servers are X Y and maybe Z. This is part of the protocol, astoundingly enough, but spells "attack vector" any way *I* look at it. This would probably work on most cable-modem infrastructures, at least where the provider hasn't done anything about the fact that any customer [i.e. customer's box, forget the human] can become a rogue DHCP server. Within a soft chewy corporate net, a rogue server probably presents an even higher risk cuz *none* of the end user boxes would have the benefit of a somewhat protective device [cable modem with clueful config] in between it and the rogue. Expect it. Script your bootup to nuke dhclient/dhcpcd/whatever after it's gotten an address, and sanity-check what you get back. DHCP clients, at least in the unix world, generally run OUTSIDE your filters, as ROOT. Windows users, you're probably just hosed, because if you stop "DHCP client" you release your address. _H* ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Semi OT, Half Life 2 source code leaked due to Outlook flaw.
All I can say is I hope that EVERYONE takes note of this hack. >From the description of the official mouthpiece of Sierra software it sounds like his machine was root kitted. Any thoughts on this? Ever have one of those weeks? This has just not been the best couple of days for me or for Valve. Yes, the source code that has been posted is the HL-2 source code. Here is what we know: 1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule. 2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled. 3) For the next week, there appears to have been suspicious activity on my webmail account. 4) Around 9/19 someone made a copy of the HL-2 source tree. 5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools). 6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent. Well, this sucks. What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great. We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community. Gabe http://games.slashdot.org/games/03/10/02/1547218.shtml?tid=126&tid=127&tid=1 56&tid=186 http://www.shacknews.com/onearticle.x/28619 Andre Ludwig, CISSP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Shortcut...... may cause 100% cpu use!!!
This guy is a fraud if u haven't figured it out, cant eve get broken English down properly, nice usage of the blackcode.com email service as well. That site is good for some laughs on its own. Keep up the good chain yanking. Made me laugh Might want to watch out for that switch vuln, that is a bigie i heard it will even work on some routers as well! OHHH NOOEEE!!!111 http://www.club-portal.com/images/haxorpc.jpg Andre Ludwig -Original Message- From: bipin gautam [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 9:11 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Shortcut.. may cause 100% cpu use!!! mmm... ALL THOSE flamings* won't make me run! I SEE, you old fellows HAVE nothing to do except typing BULLSHIT* to eachother.. STAYING on those security forms! - My grand pa. use to say, A person becomes a child 2 times in his life! ONCE, when he is just born and again WHEN is TOO old to think anything creative! - CHILDERN... IT'S your time of retirement! --- Bipin Gautam <[EMAIL PROTECTED]> wrote: > hi, > well, dude... Its a similar bug but not the same!!! > do you consider every bufferoverflow exploit the > same??? > > > see... you didn't read the shit clearly !!! WELL, > here [in this discovery] the shortcut is pointing to > itself > > [ not to a different file.. as you inicated > in...http://www.securityfocus.com/archive/1/315151] > ya. IF YOU MAKE A TWO SHORTCUT THAT POINT TO > EACHOTHER, nothing > happens..[ i feel its patched] > > > BUT THE POINT HERE IS... THE SHORTCUT IS > POINTING TO ITSELF WHICH WILL EVENTUALLY LEAD TO A > DOS!!! > > PLEASE READ IT BEFORE YOU POST!!! > > --- > > >I haven't looked at your shortcut file(s) yet, but > it sounds like the > >same as: > > http://www.securityfocus.com/archive/1/315151 > > >If you find something like this on your own, at > least do a *little* > >googling before reporting to a list. Else, sound > like a fool. If you > >re blatantly ripping off other peoples' stuff, > well, shame on you. > > >tim > > > __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: Gates: 'You don't need perfect code' fo r good security
I think the issue at hand is how Bill has simply given ideas for band aid patches and not ways to ultimate secure systems. Fire walling and virus protection has its place in any environment. But poorly designed software with bugs known and unknown should not be a part of a "secure" system. So while some choose to look at the problem at a higher level then others the issue still remains no matter how many firewalls, av products, IPS's, IDS's you have in place if your still running shitty software at the end of the line it is a liability. PLAIN AND SIMPLE And look at it from Bills view, he cant play on the fact that ultimately it is the quality of your code that makes a software system safe, not add on measures. If he was to openly admit that then it would be the same as Bill kicking himself in the nuts. Lets face it Bill isn't stupid, he knows what the real deal is and regardless of what any of us "mailing list experts" deem is the "truth". (he is mighty keen on manipulating media as well) Andre Ludwig, CISSP -Original Message- From: Geoincidents [mailto:[EMAIL PROTECTED] Sent: Friday, October 31, 2003 4:30 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: Gates: 'You don't need perfect code' for good security > First, firewalling and patching can not in fact shield networks from > all of the impact of worms and viruses. Ask any experienced network > admin. There will always be users who bring into a firewalled network > a laptop that was, for example, infected at home. Part of the problem here is network design. For example, if when laptops are brought in they were only allowed to connect to a wireless network and that wireless network was on the far side of the firewall (perhaps slightly more access than from the internet but still majorly firewalled) and treated as untrusted systems which they in fact are, then it would not be such an issue. There is no rule that says you can't have internal firewalls to separate untrusted from trusted systems. But you have to design your network around this idea for it to work. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Gates: 'You don't need perfect code' for go od security
Your logic of basing how secure a software system is by the amount of patches is at the least fool hardy. If anything where i come from the amount of patches can be construed as a positive thing rather then a negative as you attempt to portray it. Just think of all those wonderful little exploits and bugs hidden deep within the bowels of code you will never have the chance to audit nor understand fully. Now just think about that wonderful code you have sitting in front of you in its full naked glory that you can audit, you can modify, and of course you can compile your self. Isn't it wonderful to know that while you may have a few more patches at least the software you running has passed the most critical of all reviews (social peer review). Anyways i am going to end this little rant, but my original point was attempting to base the quality of software off of the patches is a ludicrous thing to do, esp. when your comparing open vs. closed source. In order to deduce which is better you would have to analyze the source of EACH respective program against EACH other. And not simply spouting off some bull shit about who has had more patches in the last XX amount of weeks or months. Andre Ludwig -Original Message- From: Matthew Murphy [mailto:[EMAIL PROTECTED] Sent: Sunday, November 02, 2003 8:43 AM To: Full Disclosure Subject: Re: [Full-Disclosure] Gates: 'You don't need perfect code' for good security Even though MS, by the time you factor in the large number of components they ship, has had many times fewer patch releases than competing Linux distributions? 1. OpenSSH v. Remote Desktop / Terminal Services OpenSSH: Two vulnerabilities in recent weeks RD/Terminal Services: Zero vulnerabilities this year 2. Sendmail v. Exchange As buggy as many people claim Exchange is, it has had two patches this year -- if you include OWA. Even though it provides substantially larger amounts of functionality for some uses, it has still had fewer vulnerabilities than its main competitor, Sendmail. 3. Apache v. IIS Apache 2.0 especially, has never established itself as a server worthy of production use, due to the fact that it is riddled with security vulnerabilities. Apache 1.3 has also had some vulnerabilities -- the recent sub-request issue, Chunked encoding, etc. IIS has steadily improved in security, particularly with IIS 6.0. For a relatively new product, IIS has always been an innovator in security. Especially on Windows platforms, IIS offers many times better security and performance. That said, I do realize that Apache 1.3 was not initially written for Win32. However, its Unix releases also lack much of the account seperation found in IIS 6. It is currently not possible to serve requests from different sites as different users in 1.3. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Microsoft Announces Anti-Virus Reward Program (expanded)
More then simply 250k for sobig and other authors. Looks like a great marketing ploy for MS. Haven't caught up on the entire "other thread" but it seemed to only cover a portion of the story. Andre Ludwig Microsoft Announces Anti-Virus Reward Program Microsoft Teams With Law Enforcement to Root Out Malicious Coders With $5 Million Reward Fund as a Part of Broader Security Initiative WASHINGTON - Nov. 5, 2003 -Microsoft Corp. today announced the creation of the Anti-Virus Reward Program, initially funded with $5 million (U.S.), to help law enforcement agencies identify and bring to justice those who illegally release damaging worms, viruses and other types of malicious code on the Internet. Microsoft will provide the monetary rewards for information resulting in the arrest and conviction of those responsible for launching malicious viruses and worms on the Internet. Residents of any country are eligible for the reward, according to the laws of that country, as Internet viruses affect the Internet community worldwide. For more information about on this announcement, please visit http://www.microsoft.com/presspass/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffe r overflow
Just barely. Andre Ludwig, CISSP -Original Message- From: dave kleiman [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 8:53 AM To: 'Kristian Hermansen'; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Is there actually anyone on the list who is over the age of 20? ___ Dave Kleiman, CISSP, MCSE, CIFI [EMAIL PROTECTED] www.SecurityBreachResponse.com "High achievement always takes place in the framework of high expectation." Jack Kinder -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kristian Hermansen Sent: Thursday, December 04, 2003 10:56 To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Dude, thanks for the calc tips!!! LATE makes perfect sense ;-) Kristian Hermansen [EMAIL PROTECTED] -Original Message- From: List Account [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:41 AM To: 'Kristian Hermansen' Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Funny you should be talking about Calculus, I'm finishing 152 now (finals next week). Integration by parts not that bad. Here's a tip; LATE Logs Algebraic Trig Exponentials What this is for is to find u, so that du will be something simpler. So to use LATE to find u, try them in order, i.e. is there a ln? No, then is there an algebraic function you can integrate?, etc. HTH, Nathan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kristian Hermansen Sent: Thursday, December 04, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow OMFG Tri, hahahahaha!!! Remember when you couldn't figure out who hijacked yer mail/Paypal accounts? Looks like we know who did it now. Did he take any money from yer Paypal account? I do agree with one thing that he said..."Stop leaking and killing my bug kid. Go to school to learn more." Dude you missed calculus class again and don't forget we are doing integration by parts/series this week/next week. Maybe you aren't as slick as I thought you were. Stealing bugs from other people? Dude, I had a lot of respect for you...but now...I'm just not so sure about your "integrity". Are you really finding these bugs with OllyDebug/IDAPro, or are you monitoring security researchers email accounts to get your info? Dude, I only ask because I believe everyone here has the right to know... Kristian Hermansen [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of De Blanc Sent: Thursday, December 04, 2003 2:17 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Yeah! Yahoo is sux. Yahoo Messenger has tons of bugs. But you are more sux than yahoo since you stole my work and posted my found bug to yahoo and bugtraq. Funny enough when your little company SentryUnion is trying to sell "Indetify Theft" protection service but you got owned, stole mail and money from your paypal account, logged everything your chatted with gf via one another yahoo messenger 0day. Stop leaking and killing my bug kid. Go to school to learn more. The Blanc <[EMAIL PROTECTED]> wrote: >Hi all, >This bug is a lame bug, very lame actually. I release it in order to >show that how a big company don't even do a basic QA. If we look through >the security records of YIM, almost any YIM's ActiveX/Com >components do have some kind of buffer overflow and it is very easy >to spot them too (by fuzzing the IDispatch interface). I have no idea >how can QA guys in the YIM project can manage to let these >dangerous bugs survival through the testing state. Maybe they >are so busy watching the new "Joe Millionaire" show :- >Trihuynh >Sentryunion >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Tri Huynh >Sent: Wednesday, December 03, 2003 10:07 >To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] >Subject: [Full-Disclosure] Yahoo Instant Messenger YAUTO.DLL buffer overflow > >Yahoo Instant Messenger YAUTO.DLL buffer overflow >= >PROGRAM: Yahoo Instant Messenger (YIM) >HOMEPAGE: http://messenger.yahoo.com >VULNERABLE VERSIONS: 5.6.0.1347 and below > >DESCRIPTION >= >YIM is one of the most popular instant messenger. This is a cool product, >that allows me to chat with my gf from a very long distant :-). > >DETAILS >=
[Full-Disclosure] Associated Press Sports Desk Email "Mistake"
Just curious to see what everyone's thoughts are on the AP sports wire "mistake". Allot of big names are on the list guess that is the price of fame. http://www.snopes.com/humor/mediagoofs/apsports.asp Andre Ludwig, CISSP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] RE: W2K source "leaked"?
I am still up in the air on if this is legit or not. If it is yes the bar has been lowered for simple exploits. It will also have the effect of empowering those skilled individuals into creative and more advanced attacks and exploits against the windows platform. From the source file listings floating around on the net it looks legit, but i doubt it is the entire source tree most likely a branch or two. Been told that the .zip file is only 300 mb or so compressed. Which is no where near the size of the reported win2k source tree (50gb or so) as reported here. http://www.usenix.org/events/usenix-win2000/invitedtalks/lucovsky_html/sld01 5.htm Andre Ludwig CISSP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, February 12, 2004 1:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] RE: W2K source "leaked"? This is not the first time that people have reported leaked copies of Windows source code. In 2000, Wired News reported that the source code for Whistler (now Windows XP) had been leaked, though they never confirmed it. http://www.wired.com/news/business/0,1367,35135,00.html WinBeta is also reporting on the new leak http://www.winbeta.org/winbeta/forums/index.php?showtopic=2663&st=0&#ent ry9449 0-day exploits being used on Microsofts network, foul play by privileged partners or a hoax? Let's see what Microsoft reports. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com [EMAIL PROTECTED] Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -Original Message- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Thursday, February 12, 2004 1:49 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Thor Larholm Subject: W2K source "leaked"? A couple of days ago a friend of mine drew my attention to the source making rounds on the encrypted p2p networks, I was hoping it would take a bit longer for it to be "out", but that was just day-dreaming. Thor Larholm just gave me this URL, as you can notice, the server is busy: http://www.neowin.net/comments.php?id=17509 I never believed in 0-days. "New" or more to the point un-known-to-the-public exploits and vulnerabilities exist and are being used. In my opinion "0-days" virtually don't exist. It's usually either some vulnerability that is long known and a COP or a worm is created. Or exploits that will nearly never see the "public" but exist and are used by few individuals.. but now... I don't know. How often does a brand new exploit come out without prior warning and "attack" the net? *If* this really is the.. _real_ source code for W2K (and according to the article NT4 as well) we'll see what happens next. People didn't need help finding vulnerabilities in Windows before, but it just became a whole lot easier and a lot less demanding on the "m4d #4x0r 5k111z". I can't really say that the article is right and the source was "leaked" or "stolen". The source is being sold/given (?) for years now to EDU's and commercial companies for research purposes (not to mention China..). I suppose foul play is always possible. Can anyone confirm this is the real source code? How about a press release? :) Gadi Evron ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Microsoft confirms source code leak
The actual press release can be found here http://www.microsoft.com/presspass/press/2004/Feb04/02-12windowssource.asp Andre Ludwig CISSP -Original Message- From: Thor Larholm [mailto:[EMAIL PROTECTED] Sent: Thursday, February 12, 2004 6:49 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: th-research Subject: [Full-Disclosure] Microsoft confirms source code leak There has been discussions on this mailing list as well as others about a possible leak of Windows 2000 and Windows NT 4 source code. Microsoft has now confirmed these rumours to be true. http://www.komotv.com/stories/29778.htm Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com [EMAIL PROTECTED] Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
It is my general feeling that the power failure could be SCADA related. If it was an attack or an accident i do not know, nor do i think the appropriate information will ever be released to the public. Allot of SCADA systems from my research do RUN MS software (from win95 all the way up to win2000), granted these are not full fledge systems but stripped down machines with some functionality disabled. I have found out that RPC is used on several SCADA systems, to what extent i do not know, nor do i know if they are vulnerable to the recent rash of RPC based exploits. If someone with more knowledge on these systems can please come forward i would greatly appreciate it. Did anyone watch the PBS cyber war series that was on months ago? I remember Richard Clarke ranting about possible SCADA attacks on the power grid. If anyone has more info please do come forward as this is a rather interesting subject matter. Andre Ludwig, CISSP -Original Message- From: KF [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 3:54 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] east coast powergrid / SCADA [OT?] Anyone wanna comment on SCADA and the "cascading failure" that happened today in the north east, like potential for a similar outage from a "cyber based" attack, etc? Sorry ... I need to read about something other than blaster before I go insane. =] -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
More fuel for the diversion from the drawn out ms blaster debate! http://www.cnn.com/US/9608/10/power.outage.update/ and http://www.cnn.com/TECH/9608/11/power.outage/index.html The more and more research i do the weirder it gets. *cue X files theme song* :) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
I just confirmed that a major utility in Northern CA uses SCADA systems based off of NT4. And yes the systems in question do use RPC as a means of communication, as well as frame relays, modems and private trunks. Andre Ludwig, CISSP -Original Message- From: -SIMON- [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 4:32 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What OS would you say that they use? [EMAIL PROTECTED] wrote: >At least on the west coast they do not, I think the requirements of the >systems are way out of Microsoft's range. Lot's and Lot's of Unix > >-Original Message- >From: Michael Scheidell [mailto:[EMAIL PROTECTED] >Sent: Friday, August 15, 2003 11:36 AM >To: tetsujin >Cc: [EMAIL PROTECTED] >Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?] > > > > >>Paller said it is "highly unlikely" that the process control computers >> >> > > > >>behind critical infrastructure like power in the United States would >>run on the Windows operating system. >> >> > >well, ONTARIO HYDRO does seem to have SOME windoes boxes.. at least here >is one that appears to have been infected with slammer: > >http://www.hackertrap.net/LID.pl?IID=39335068 > >(Aug 9th through the 12th?) > > > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/PW1cf3Elv1PhzXgRAlO9AJoCKovH1NXofkKkhqC/5rEz250qSgCfeTvr iWwC42tz+rCjx3BJIWvywy0= =Fpk+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] SCADA makes you a target for terrorists take 2
I fully support you in your quest my friend. I think it is completely asinine that the people who run these systems do the things they do. I mean this is critical infrastructure after all! And I still have not seen any evidence to sway my thoughts on this matter. If you look at the NERC reports as to what caused the outages there was no mention of Ohio in them. Unless of course they changed them from sat night. Andre Ludwig, CISSP -Original Message- From: Bernie, CTA [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 6:03 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] SCADA makes you a target for terrorists take 2 Over a year ago the NIPC put out a warning about threats regarding the SCADA Systems Again, my point is regardless of what caused the Blackout, attention needs to be given on improving and integrating System Security first, and replacing the so called worn out Grid (cables and related infrastructure) last. Vulnerable components should be identified, isolated and neutralized immediately. Worry about the sagging cables later. I can not understand why the same basic principles of systems security engineering should not apply to the Power Industry i.e., analyze potential Threats (Accessibility, Integrity, Confidentiality), Vulnerabilities and Attacks. Ok I'm done... for now. >>>> National Infrastructure Protection Center Terrorist Interest in Water Supply and SCADA Systems Information Bulletin 02-001 30 January 2002 NIPC Information Bulletins communicate issues that pertain to the critical national infrastructure and are for information purposes only. A computer that belonged to an individual with indirect links to USAMA BIN LADIN contained structural architecture computer programs that suggested the individual was interested in structural engineering as it related to dams and other water- retaining structures. The computer programs included CATIGE, BEAM, AUTOCAD 2000 and MICROSTRAN, as well as programs used to identify and classify soils using the UNIFIED SOIL CLASSIFICATION SYSTEM. In addition, U.S. law enforcement and intelligence agencies have received indications that Al-Qa'ida members have sought information on Supervisory Control And Data Acquisition (SCADA) systems available on multiple SCADA-related web sites. They specifically sought information on water supply and wastewater management practices in the U.S. and abroad. There has also been interest in insecticides and pest control products at several web sites. Recipients can find additional information regarding posting sensitive infrastructure-related information on Internet web sites in NIPC Advisory 02-001 issued on 17 January 2002 at http://www.nipc.gov/warnings/advisories/2002/02-001.htm. The intent of this bulletin was to encourage Internet content providers to review the sensitivity of the data they provide online. The NIPC encourages recipients of this Information Bulletin to report information concerning criminal or terrorist activity to their local FBI office http://www.fbi.gov/contact/fo/fo.htm or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or [EMAIL PROTECTED] Bernie Chief Technology Architect Chief Security Officer [EMAIL PROTECTED] Euclidean Systems, Inc. *** // "There is no expedient to which a man will not go //to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *** ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [fd] RE: [Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd)
I nominate this thread most useless thread EVAR! With that being said, can you guys please move on, and repeat after me. CERTS MEAN NOTHING! I know several people who have certs that run *nix machines who are complete idiots for the simple fact that they have not expanded their horizons past a command prompt. I also know people who wouldn't be able to properly use dir(or ls) and cd from a command prompt if the fate of the world depended on it. So my point is this, shut up already mcse, cissp, ccie, ccna, ccnp, and what ever else you have behind your name means absolutely nothing in the real world. Maybe the PHB's in the cube farms and offices of Corp America care but lets face it in the trenches letters mean dick. SO stop ragging on MCSE's simply because it is a Microsoft cert, that is asinine and completely immature. I mean think of all the business M$ has created, hell if it wasn't for them the INFOSEC field would be 100 or so Sun consultants running around trying to sell the latest and greatest (please note the sarcasm in that comment, and yes i know it would be a totally different market then that). SO be thankful that good ole Billie Boy keeps us all so gainfully employed and entertained. Please take this post for what it is, A RANT! Andre Ludwig, M-I-S-S-I-S-S-I-P-P-I < 4m 1 l33t n0w? -Original Message- From: Mike Vasquez [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 9:56 AM To: 'Disclosure Full' Subject: Re: [fd] RE: [Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd) - Original Message - From: "Gerald Cody Bunch" <[EMAIL PROTECTED]> > Please define the term real MCSE, being as the first word in the acronym > stands for 'Microsoft' > it would stand to reason that a real MCSE is nothing more than trained > 'Microsoft' marketing monkey. Gee wiz -- sign me up for one of your logic classes, please. That's brilliant rock solid reasoning. Not reality based, but on this list, that doesn't matter. :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Al Qaida claims responsibility for blackout
Just to add to the deluge of articles that should be driving the point home. http://straitstimes.asia1.com.sg/world/story/0,4386,205339,00.html "Industry officials said that during the second half of last year, 60 per cent of the country's power and energy companies experienced hacking attacks. None was successful." So don't simply dismiss the theories that we have brought to light simply because you think that "they" don't have the intelligence to do these things. All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. Hold out baits to entice the enemy. Feign disorder, and crush him. -Sun Tzu Andre Ludwig, CISSP -Original Message- From: Michael Scheidell [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 1:58 PM To: Geoff Shively Cc: Drew Copley; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Al Qaida claims responsibility for blackout > I particularly like this: > > http://www.foxnews.com/story/0,2933,95049,00.html > "In the entire history of FirstEnergy, FirstEnergy spokesman Todd Schneider > said there hasn't been an outage of any system due to hackers, and that that > the weather in northeastern Ohio did more damage. In light of this: "The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned. " see: http://www.security-focus.com/news/6767 -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [fd] Re: [Full-Disclosure] Google Private IP is 10.7.0.73 !!!!!!
Its all a part of googles plans to gobble up all the Ips in the w0rld!!! WITH OUT OUR 1PZ W3 W1LL N0 L0NG3R H4V3 TH3 INT4W3B! OH NOEZ W3 H4V3 b33n H4X0RZ3D!!! Th3Y H4v3 ST0L3N 0UR M3G4HURTZ Sorry im bored at work again :) Andre Ludwig -Original Message- From: Mike V [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 4:34 PM To: [EMAIL PROTECTED] Subject: Re: [fd] Re: [Full-Disclosure] Google Private IP is 10.7.0.73 !! - Original Message - From: "Servicios de Seguridad Informatica" <[EMAIL PROTECTED]> El Jue 21 Ago 2003 16:23, Nicolas Cartron escribió: > > I have found private ip address used by google servers. here are the > > details. > > [...] > > This 10.7.0.73 is google private ip address. >has anyone know how this site know my private address? Google has apparently hacked your network, and stolen your own private IP address. SCANDALOUS! I'd hire a good lawyer. Maybe if you're *real* lucky you can get it back. IP theft! I hear it's the next big thing. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Sobig has a surprise...
http://207.195.54.37/sobig.html a page that shows the status of those ips. Taken from Dshield mailing list. Andre Ludwig, CISSP -Original Message- From: Michael Scheidell [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:15 PM To: Florian Weimer Cc: Steve Postma; '[EMAIL PROTECTED]' Subject: Re: [Full-Disclosure] Sobig has a surprise... > Why don't they publish the list of IP addresses so that people can put > filters on their networks? rumor has it: 12.158.102.205 12.232.104.221 24.197.143.132 24.202.91.43 24.206.75.137 24.210.182.156 24.33.66.38 61.38.187.59 63.250.82.87 65.177.240.194 65.92.186.145 65.92.80.218 65.93.81.59 65.95.193.138 66.131.207.81 67.73.21.6 67.9.241.67 68.38.159.161 68.50.208.96 218.147.164.29 -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
[fd] For me. (option 2 isn't it?) Andre Ludwig, CISSP ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: Speculation in the media (Was: Re: [Full-Disclosure] CERT Employee Gets Owned)
Speculation is the mother of all f*ckups. I know this list is a "free" list where people can discuss things back and forth. But come on people, i am glad the original poster posted this story. I find it amusing and well informative. Well can we all agree to disagree and if you want to flame please do it off list, as it is more fun that way (think of all the icky words and foul language u can use!). Anyways thanks to the original poster i do think it was a bit OT but i was glad i read it. Andre Ludwig -Original Message- From: Peter Busser [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 1:15 PM To: [EMAIL PROTECTED] Subject: Speculation in the media (Was: Re: [Full-Disclosure] CERT Employee Gets Owned) Hi! > You have *zero* knowledge about *this* incident. And *that* was my > point. It's bad enough that the damn news media speculates about > everything under the sun these days. Right, the media do speculate about almost everything. Yesterday there was speculation on the Dutch tv about ``cyberterrorism''. The program started about sobig, saying it caused a lot of damage. Then it went on to stating that developing sobig and others takes a lot of people, time and money. Therefore the only organisations who are capable of doing such development are mafia and terrorist organisations. The program went on to conclude that especially public utilities, like power companies, are vulnerable to this kind of terrorism. And of course the obligatory politician who vows to take measures was part of the program. I sent these people an e-mail message saying that the terrorist angle doesn't sound very convincing. Terrorists are, it seems to me, after terrifying people. I don't think shutting down a power plant is a really effective way to do that. Also that most virusses and worms are likely to be written by individuals who try to show off their skills. The only answer I got was: We didn't address this subject, that was a different program. (Nonwithstanding the fact that the title of the broadcast was: Computer-terrorism, something everyone can verify at their web site.) Groetjes, Peter Busser -- The Adamantix Project Taking trustworthy software out of the labs, and into the real world http://www.adamantix.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] MS Anti Virus?
Oh this should be good... http://www.reuters.com/newsArticle.jhtml?storyID=5429092 SEATTLE (Reuters) - Microsoft Corp. (MSFT.O: Quote, Profile, Research) is still on track to offer an anti-virus product that will compete against similar software offered by Symantec Corp. (SYMC.O: Quote, Profile, Research) and Network Associates Inc. (NET.N: Quote, Profile, Research) , the world's largest software maker said late on Monday. Mike Nash, chief of Microsoft's security business unit, told reporters that Microsoft is developing software to protect personal computers running Windows against malicious software, the worms and viruses that have plagued users with data loss, shutdowns and disruptions in Web traffic in recent years. "We're still planning to offer our own AV (anti-virus) product," Nash said. Asked if that would hurt sales of competing products, such as Network Associates' McAfee and Symantec's Norton family of products, Nash said that Microsoft said that it would sell its anti-virus program as a separate product from Windows, rather than including it in Windows. Redmond, Washington-based acquired anti-virus technology from GeCAD Software Srl., a Romanian software company, last year to develop its own software. Microsoft, whose Windows operating system is a favorite target for computer viruses, launched a company-wide "Trustworthy Computing" campaign in early 2002 to boost the security and reliability of its software. Nash did not give a time frame for the release of Microsoft's anti-virus software. and another http://www.entmag.com/news/article.asp?EditorialsID=6272 by Scott Bekker 6/16/04 Microsoft is leaning toward offering a paid anti-virus subscription service. Mike Nash, corporate vice president for the security business and technology unit at Microsoft, said Microsoft will probably sell its own anti-virus software and subscription service. It is the first public signal that Microsoft intends to turn its acquisition of the Romanian anti-virus company GeCAD into a product customers pay for. The comments came up at a dinner with reporters in Seattle on Monday night when Nash was asked how Microsoft's anti-virus efforts might affect Symantec. "I want to make sure customers have another choice," the Bloomberg News agency quoted Nash as saying. "Some people will continue to use Symantec, and some will use ours." -- advertisement -- Shares of Symantec, which gets 85 percent of its revenues from anti-virus products, were down following Nash's comments, according to Bloomberg. Previously, Microsoft had been coy about its plans for GeCAD, which it acquired last June. "This acquisition will help us and our partner anti-virus providers further mitigate risks from these threats," Nash said at the time, implying Microsoft would use GeCAD's programming talent to make Windows and other Microsoft products more resistant to viruses. But Microsoft also immediately indicated at the time that it was fully evaluating how to proceed with GeCAD's technology and employees. In a white paper published last June on Microsoft's Web site, the company wrote, "Details of the Microsoft antivirus solution, including any product plans, pricing, and a timeline for delivery, are not yet available. Microsoft strongly recommends that customers continue to use antivirus solutions from industry partners and keep their virus signatures updated." ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Yahoo upgraded all accounts to 100MB
Just think of all those l33t 0-days you can now have in your webmail!!! ;) This is definatly OT.. Andre Ludwig CISSP On Tue, 15 Jun 2004 11:42:10 -0500 (CDT), Ron DuFresne <[EMAIL PROTECTED]> wrote: > > > The real questions fellows is though, what does any of this have to do > with security, and who cares how much storage space your particular ISP or > e-mail provider supplies? > > Thanks, > > Ron DuFresne > > > > On Tue, 15 Jun 2004, William Warren wrote: > > > hrmm my yahoo account still shows 4.0 megs..do you have a paid account? > > > > > > Syed Imran Ali wrote: > > > > > Hiya, > > > > > > It is nice to see my inbox today, having 100MB or storage space, 84% > > > remaining. Yahoo now allows up to 10MB attachment too I am not sure > > > about .co.uk is still allowing POP or not with 100MB, as it was with 6MB. > > > > > > Regards, > > > > > > S. Imran Ali > > > > > > > > > ___ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > -- > > My "Foundation" verse: > > Isa 54:17 No weapon that is formed against thee shall prosper; and > > every tongue that shall rise against thee in judgment thou shalt > > condemn. This is the heritage of the servants of the LORD, and their > > righteousness is of me, saith the LORD. > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > ~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] MS Anti Virus?
Think the mafia refers to this as a protection racket... man so much can be made of this its a techy comedy gold mine. "our software sucks so bad that the market for anti virus software for our platform is such a lucrative market that we cant stay out of it" Andre Ludwig CISSP On Wed, 16 Jun 2004 19:41:49 -0400, slacker <[EMAIL PROTECTED]> wrote: > > > > SEATTLE (Reuters) - Microsoft Corp. (MSFT.O: Quote, Profile, > > Research) is still on track to offer an anti-virus product that will > > compete against similar software offered by Symantec Corp. (SYMC.O: > > Quote, Profile, Research) and Network Associates Inc. (NET.N: Quote, > > Profile, Research) , the world's largest software maker said late on > > Oh yeah, what's the average delay to release on exploit patches? What makes > me think that they are going to be that slow on releasing AV updates? =P > > slacker > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Successful in blocking all known exploits
Could it be because if it was a windows box it would have only have been 876 min uptime instead of days? ;) ha ha I just had to Andre Ludwig CISSP On Sat, 3 Jul 2004 22:55:20 +0200, Maarten <[EMAIL PROTECTED]> wrote: > On Saturday 03 July 2004 18:25, J.A. Terranson wrote: > > On Sat, 3 Jul 2004, RandallM wrote: > > > After a number of years, much thought,and long nights I have developed a > > > systematic method to prevent and thwart exploits on my system! > > > > > > NEVER REBOOT! > > > > > > I have been up and running for 876 days straight and have had no problems > > > to date! > > > > Yeah, but what about Windowz boxes? > > Hum, how did you guess he isn't talking about a windows box ? 8-)) > > -- > Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
