Re: [Full-Disclosure] GWB Can't keep his own campaign certificates straight
OH man!! I missed the part in the debates where GW mentioned his sysadmined his own machines. Your statment is as dumb as the people that are finding any connection to prove Kerry will win: you know in 1992 and 1996 the sun rose in the east and set in the west and Clinton won. On Nov 2nd the sun is rising in the east and setting in the west so you know what that means, KERRY WILL WIN!!! Can you please take you political banter elsewhere. On Mon, 1 Nov 2004 18:08:10 -0600 (CST), J.A. Terranson [EMAIL PROTECTED] wrote: ...so why are we surprised he can't talk the native tongue, or eat a pretzel without choking? http://www.georgewbush.com/Secure/BushTeamLeaderSignUp.aspx You have attempted to establish a connection with www.georgebush.com. However, the security certificate presented belongs to a248.e.akamai.net. It is possible, though unlikely, that someone may be trying to intercept your communication with this web site. If you suspect the certificate shown does not belong to www.georgebush.com, please cancel the connection and notify the site administrator. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF An ill wind is stalking while evil stars whir and all the gold apples go bad to the core S. Plath, Temper of Time ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Stupid idea
Sure they would. They could write a proof that will conclude, based on all scientific findings 99% of intruders will come in through water pipes then set forth an idea of a water pipe monitoring system to prevent this. If you were to ask him about this he would just respond that you don't understand physical security like he does because you don't have a phd. He will say this while someone is stealing his wallet. After the next break-in he will claim the fault was not in his water pipe monitoring system but instead the intruder wasn't playing by established burglar rules and that a new proof must be derived to take this unpredictability into account. If you point out someone just broke a window to get in and maybe investment in shatterproof glass or motion detectors should be made he will scoff, once again pointing out that you can't possibly understand physical security like he does. After this statement he will then ask for a ride home because someone stole his car. -- Forwarded message -- From: Joe Random [EMAIL PROTECTED] Date: Tue, 19 Oct 2004 21:50:41 +0100 Subject: [Full-Disclosure] Re: Stupid idea To: [EMAIL PROTECTED] On Tue, 19 Oct 2004 12:11:04 -0600, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Just wanted to help you out in no-flame mode. The reason no one hires known burglars to secure their homes is that the occupation of burglars is to break into buildings and steal things. If this still seems unclear to you, hire someone who is out on bail awaiting trial on burglary charges to secure your home. Yes, I would ask him to secure my home. I wouldn't get a jumped up academic to do it, thats for sure. They wouldn't know the first place to start and certainly wouldn't have a natural burglar way of thinking. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] EEYE: Windows VDM #UD Local Privilege Escalation
Its not that ISS doesn't feel like its a problem, its just when you let an attacker get to the point where they could run a local attack its game over. ISS's goal is to stop the attacker from getting close enogh to execute a local attack. On Wed, 13 Oct 2004 10:30:27 -0400, KF_lists [EMAIL PROTECTED] wrote: ISS would like to have you believe otherwise... when I contacted them about the Local SYSTEM escalation in BlackICE we went in circles over the fact that I feel that taking local SYSTEM on a win32 box IS a problem and they don't. They tryed to say some crap like in all our years in the industry we have never had a customer state that local windows security was a concern... blah blah (paraphrasing). And something along the lines of Windows is not a true multi-user system (like unix) so local escalation means nothing. -KF Also, at least in MS Windows, it's my personal feeling that local privilege escalation issues (particularly escalation to kernel or system status) should be critical issues. Whether people can run arbitrary code on MS Windows systems these days isn't an exercise for the mind anymore, it's an exercise of go look at your neighbors computer and see that it's done regularly. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Defcon spelled half backwards is Fedcon and you dumfucks walked into a trap
On Tue, 3 Aug 2004 14:09:07 -0700 (PDT), Day Jay [EMAIL PROTECTED] wrote: Down with kiddies, down with admins, down with ppl trying to make security better. Down with everyone profiting off publicity. Why does Gobbles hang with iDEFENSE and let them buy him a beer? Why he get drunk and make an ass out of himself? Not just iDefense, he was also at the Microsoft party. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Bagle worm status + more blocking information
No cap yet, I just started seeing the email come in this morning so it shouldn't be long. On Mon, 2004-01-19 at 11:23, Donahue, Pat wrote: Anyone have a packet capture? -Original Message- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Monday, January 19, 2004 3:45 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Full-Disclosure] Bagle worm status + more blocking information Although some AV firms web pages still call this a not so serious threat, the latest checks and cross-checks between vendors which are members of TH-Research (The Trojan Horses Research Mailing List) conclude that this is a serious Outbreak. I believe new threat levels will be posted tomorrow morning, but it is no longer a *possible* outbreak, it is BIG. New information on the worm: Status of the web pages this worm tries to connect to is still unclear. Some vendors report it downloading a certain Trojan, but we see no information on that so far since the web pages status is still unclear, as mentioned. Mcafee also reports it listening on port 6777. The worm tries to connect to the following hacked box: 151.201.0.39. Finally now all AV products speak of this worm. Response times for detecting/cleaning/webpages updates were not so good. As I mentioned earlier, Kaspersky and The Cleaner (MooSoft) were the noticeable exceptions. FYI. Gadi Evron. The Trojan Horses Research Mailing List - http://ecompute.org/th-list ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html signature.asc Description: This is a digitally signed message part
RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffe r overflow
I AM 12!! On Thu, 2003-12-04 at 16:10, Andre Ludwig wrote: Just barely. Andre Ludwig, CISSP -Original Message- From: dave kleiman [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 8:53 AM To: 'Kristian Hermansen'; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Is there actually anyone on the list who is over the age of 20? ___ Dave Kleiman, CISSP, MCSE, CIFI [EMAIL PROTECTED] www.SecurityBreachResponse.com High achievement always takes place in the framework of high expectation. Jack Kinder -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kristian Hermansen Sent: Thursday, December 04, 2003 10:56 To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Dude, thanks for the calc tips!!! LATE makes perfect sense ;-) Kristian Hermansen [EMAIL PROTECTED] -Original Message- From: List Account [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:41 AM To: 'Kristian Hermansen' Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Funny you should be talking about Calculus, I'm finishing 152 now (finals next week). Integration by parts not that bad. Here's a tip; LATE Logs Algebraic Trig Exponentials What this is for is to find u, so that du will be something simpler. So to use LATE to find u, try them in order, i.e. is there a ln? No, then is there an algebraic function you can integrate?, etc. HTH, Nathan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kristian Hermansen Sent: Thursday, December 04, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow OMFG Tri, hahahahaha!!! Remember when you couldn't figure out who hijacked yer mail/Paypal accounts? Looks like we know who did it now. Did he take any money from yer Paypal account? I do agree with one thing that he said...Stop leaking and killing my bug kid. Go to school to learn more. Dude you missed calculus class again and don't forget we are doing integration by parts/series this week/next week. Maybe you aren't as slick as I thought you were. Stealing bugs from other people? Dude, I had a lot of respect for you...but now...I'm just not so sure about your integrity. Are you really finding these bugs with OllyDebug/IDAPro, or are you monitoring security researchers email accounts to get your info? Dude, I only ask because I believe everyone here has the right to know... Kristian Hermansen [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of De Blanc Sent: Thursday, December 04, 2003 2:17 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow Yeah! Yahoo is sux. Yahoo Messenger has tons of bugs. But you are more sux than yahoo since you stole my work and posted my found bug to yahoo and bugtraq. Funny enough when your little company SentryUnion is trying to sell Indetify Theft protection service but you got owned, stole mail and money from your paypal account, logged everything your chatted with gf via one another yahoo messenger 0day. Stop leaking and killing my bug kid. Go to school to learn more. The Blanc [EMAIL PROTECTED] wrote: Hi all, This bug is a lame bug, very lame actually. I release it in order to show that how a big company don't even do a basic QA. If we look through the security records of YIM, almost any YIM's ActiveX/Com components do have some kind of buffer overflow and it is very easy to spot them too (by fuzzing the IDispatch interface). I have no idea how can QA guys in the YIM project can manage to let these dangerous bugs survival through the testing state. Maybe they are so busy watching the new Joe Millionaire show :- Trihuynh Sentryunion -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tri Huynh Sent: Wednesday, December 03, 2003 10:07 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Full-Disclosure] Yahoo Instant Messenger YAUTO.DLL buffer overflow Yahoo Instant Messenger YAUTO.DLL buffer overflow = PROGRAM: Yahoo Instant Messenger (YIM) HOMEPAGE: http://messenger.yahoo.com VULNERABLE VERSIONS: 5.6.0.1347 and below DESCRIPTION = YIM is one of the most popular instant messenger. This is a cool product, that allows me to chat with my gf from a very long distant :-). DETAILS = YAUTO.DLL is an ActiveX/COM component
Re: [Full-Disclosure] unsubscribe
On Tue, Nov 25, 2003 at 03:23:26PM -0800, Dan Wilder wrote: I expect you do. Unfortunately I'm not in a position personally to do anything about this, and I suspect the same goes for most or all readers of the list. This is a sad fact of life which applies to nearly every mailing list I've ever been on. Rather than further harassing the readers of this list who quite likely have no power to help you, please consider investigating the links shown in the header of every list email: List-Unsubscribe: http://lists.netsys.com/mailman/listinfo/full-disclosure, mailto:[EMAIL PROTECTED] These provide you with the means to unsubscribe yourself, quickly and easily. WHAT? Surely you cannot expect anyone to READ!! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] automated vulnerability testing
On Fri, Nov 21, 2003 at 02:41:00PM +, [EMAIL PROTECTED] wrote: Dear All, Apologies if this is slightly off topic... I am currently developing a automated vulnerability scanner to scan source code for potential errors. Firstly, I would like to hear the communities opinions on this type of software as well as the possible requirements needed from this type of system. Looking forward to some interesting feedback, How will this differ from rats or the other source code scanners? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] automated vulnerability testing
On Fri, Nov 21, 2003 at 11:48:36AM -0500, Cael Abal wrote: Dear All, Apologies if this is slightly off topic... I am currently developing a automated vulnerability scanner to scan source code for potential errors. Firstly, I would like to hear the communities opinions on this type of software as well as the possible requirements needed from this type of system. Looking forward to some interesting feedback, Are you familiar with lint or any of its clones? http://lclint.cs.virginia.edu Wasn't there a slint tool or something like that? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] automated vulnerability testing
On Fri, Nov 21, 2003 at 03:29:52PM -0500, Cael Abal wrote: Wasn't there a slint tool or something like that? Yup, Splint -- from 'Secure Programming Lint'. I provided a link to their site in a previous message. THe one I am thinking of was done by the l0pht i thought.. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sidewinder G2
On Tue, Nov 18, 2003 at 11:03:06AM -0600, Brent J. Nordquist wrote: On Tue, 18 Nov 2003, Kruse, Steve [EMAIL PROTECTED] wrote: Repeated hacker challenges by Secure Computing against the Sidewinder have proven it hasn't been compromised. Proven is much too strong a word. See: http://www.schneier.com/crypto-gram-9812.html#contests I think that may be a bad example as that talks about crypto challenges as oppsoed to operational security products. There is a big diffrence in cryptanalysis and bug hunting in firewalls. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Sidewinder G2
On Tue, Nov 18, 2003 at 02:50:13PM -0500, [EMAIL PROTECTED] wrote: Testing can prove the presence of flaws, but not their absence -- Dijkstra. The same exact logic of why a crypto challenge doesn't prove anything applies to a firewall challenge as well. Lets take a example. I have firewall A that uses crypto method B. Cryptalanysis against B will not prove that the firewall implemented it properly. On the flip side failing to comprimise the firewall will not prove the method B is sound. The logic maybe the same but the implementation of the logic is diffrent. The reasons that were mentioned in the article applies to crypto far more than vulndev of products. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] defense against session hijacking
On Mon, Nov 17, 2003 at 03:16:55PM -0600, Thomas M. Duffey wrote: Sorry if this is common knowledge or regularly discussed; I'm fairly new to the list. I see quite a few messages on this and other security lists about session hijacking in Web applications. Isn't it good defense for a programmer to store the IP address of the client when the session is initiated, and then compare that address against the client for each subsequent request, destroying the session if the address changes? Do many programmers really overlook this simple method to protect against such an attack? It's not perfect but should significantly increase the difficulty of such an attack with little or no annoying side effects for the legitimate user. Would it be useful to extend the session modules of the common Web scripting languages (e.g. PHP) to enable an IP address check by default? This would break things like NATed machines and such. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] defense against session hijacking
On Mon, Nov 17, 2003 at 05:44:24PM -0500, Damian Gerow wrote: Thus spake David Maynor ([EMAIL PROTECTED]) [17/11/03 17:30]: This would break things like NATed machines and such. Could you explain how, please? If machine A gets NATed to firewall B, and webserver C gets the session... It's going to record the address of firewall B, not machine A. I fail to see how using the connection source's IP address would break NAT.* And I don't know what you mean by 'and such'. You assume a straight 1 to 1 natting, that is not always the case. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Funny article
On Thu, Nov 13, 2003 at 03:20:14AM +0100, Mikael Olsson wrote: I'm sorry to disappoint you, but the script kiddies don't care about zealotry. I have yet to hear one say Oh, this is a Linux box, so I can't use this Apache bug to own it. That'd be rong. I don't think anybody said a linux box can't be owned with an apache flaw. My arugemnt for count of bugs is the should be counted against the people who actually WROTE the code. In Microsofts case it is becasue they wrote IIS, 2000/XP/2003, and Exchange. In contrast the Linux kernel projecn that just wrote the kernel. It sounds like you want a list of opensource bugs vs. Microsoft Bugs. Saying the linux kernel has only foo bugs while every microsoft app combined has foo^3 bugs makes no sense in a security discussion. You don't read mail or serve web pages with a kernel. No one is saying this. To be truely useful a list of bugs should be done by developer, not by instance of software. This will help establish trends in my software development practices. Publishing an _unbiased_ report of total vulnerability counts for two or more OSes, with common apps installed, is a service to admins everywhere. (And no, I _really_ don't think comparing RH6 with W2K3 is unbiased. I think it stinks.) I think blaming OS developers for code they didn't write nor have any control over isn't unbiased. It would be a diffrent story if it was a flaw in something like redhat-update. That is clearly a Redhat bug, but that is still not a Linux bug. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] why commcerical software *could* be better
I never said there ISN'T, but it means that not EVERY kid in the block can. With a freeware copy of IDApro it could not be easier. Also, let me stress *again* that my examples were _not_ about Microsoft. There is more to the world about Microsoft, if you claim to hate it so much, for whatever reasons you may have, stop talking about it all the time. Use software that you like, whatever that may be, and leave the rest of the world alone. Micrsoft's dominance in the marketing is slowing the growth of software many of us like. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Microsoft prepares security assault on Linux ]
On Wed, Nov 12, 2003 at 02:24:37PM -0800, Jeremiah Cornelius wrote: Is this a closed box? http://www.gotdotnet.com/team/brada/LHArch.PDC2003.png No. Thats a godawful mess that makes me weep for the future. That's the system architecture design for Longhorn. That BIG pile of blue/yellow/green on the top is all of the new stuff built up on top of .net (xml/rpc meets jvm). I am waiting for the Spike Proxy .net edition. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Funny article
On Wed, Nov 12, 2003 at 10:49:49PM +0100, Mikael Olsson wrote: Of course it should. You don't just run an OS. Obviously, you want your machine to actually do something useful. I disagree. If its a 3rd party app if should not count against the OS unless every instance of the OS runs that app. Granted, you shouldn't count bugs in every single piece of linux/bsd software, the same way you shouldn't count bugs in every piece of windows software out there, but counting bugs in the most commonly used ones is most certainly reasonable. What about apps that run on both windows and linux? When you start counting 3rd party apps in the equation, you are throwing a horrible slant into the mix. This is similar to getting a new 3rd party part for your car then blaming the carmaker when that part fails. Microsoft needs to include things like apache becasue the make both their OS and the webserver, so a comaprsion of security flaws broken down by responsible groups would make Microsoft look horrible. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html