Re: [Full-Disclosure] dsniff
Hi Charlie, I had asked about a similar problem compiling dsniff on FC3. I'm guessing that your problem is similar so here is the link: http://www.enzotech.net/dsniff.html HTH, Harry [EMAIL PROTECTED] wrote: Trying different pentest, am unable to get dsniff to make running SUS 9.2. Saw similar error googling, but no fix. The only thing I did not try was back -revving libpcap. Any help would be appreciated. -charlie Charlie Bruce, CCNP,CNE,MCSE Wide Area Network Administrator North American Lighting ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Scan for IRC
Use ngrep to look for signs of irc (i.e. PRIVMSG) instead of just looking for the ports irc (ususally, but not always) runs on. something like: "ngrep -qitd eth0 'privmsg'" will probably get you much better results. HTH, Harry ALD, Aditya, Aditya Lalit Deshmukh wrote: How do u know that you are looking for the irc traffic ? Somewhere you must have see connections going out to some host or some connection attempts. You could always try sniffing using that ip address on all ports if you have set up everthing else correctly... How ever if something is not setup correctly then you would have trouble shoot this. Maybe posting some more info will help us all diagnose this for you and help u out - maybe offlist ? -aditya -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of RandallM Sent: Saturday, January 22, 2005 05:04 AM To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] Scan for IRC I am so sorry for interrupting the list. I'm trying to pick up IRC communications on the network. I've made some filters for Ethereal and Observer but can't seem to pick it up. I'm doing something wrong. Used the 6668-6669 ports. Any help? thank you Randall M ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
The fact that it is an open protocol makes it easy to spot, you don't look for specific ports you look for specific behavior (i.e. -> privmsg) Not that I'm saying this should be done. IRC is used by many ppl in very good ways! I'm just saying that the two points shouldn't be confused. SSL is a bit of a different story. --Harry Bowes, Ronald (EST) wrote: [snip] So do you intend to scan every computer on the Internet on port 6667, and shut down every server found running, the move on to random ports that zombies probably use, and start attacking sites that provide open source clients that use an open protocol? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Posting w/o checking facts
Hi, Ok, I didn't think this needed to be said but why the hell are ppl posting exploits without doing any actual testing? WTF is up with that. Umm, ok I can say that XYZ is a problem cause it "looks like it may be one". NO, YOU CAN'T Or rather you can but then when everyone says your name while trying to hold back a snicker don't seem surprised. If you think something is a problem then test it! If you can't test it than say so *clearly* in your post. Making wild claims that a users' session can be hijacked or that you can force your way into the xyz system without testing makes you sound stupid (usually with good reason). There have been at least three posts within the past couple of weeks that make claims that are questionable at best and certainly don't come with proof (or even anything that might closely resemble anything near proof). My $0.02 cents (and I'm sure others will share one way or another) ;-) --Harry ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] FAKE: RedHat: Buffer Overflow in "ls" and "mkdir"
haha, that's pretty funny. If they were going to do something like that it should have at least been in a rpm format. I'm hoping that this doesn't need to be said but if neither "yum check-update || up2date -l" report anything then chances are there are no "Official Fedora Updates" --Harry Hugo van der Kooij wrote: -BEGIN PGP SIGNED MESSAGE- Be advised. The message below is currently going around on internet. Being unsinged was the fist obvious issue. Not pointing to RPM updates, being in a different format and such were among the other reasong to suspect it. Message was send from 'University of Texas at Arlington'. I am sure none of you should be fooled by such a message but other might be. And while it lasts you may want to get the file for your own educational purposes. Hugo. - -- Forwarded message -- Date: Sun, 24 Oct 2004 17:22:20 -0500 From: RedHat Security Team <[EMAIL PROTECTED]> To: * Subject: RedHat: Buffer Overflow in "ls" and "mkdir" [logo_rh_home.png] Original issue date: October 20, 2004 Last revised: October 20, 2004 Source: RedHat A complete revision history is at the end of this file. Dear RedHat user, Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected. The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps: * First download the patch from the Security RedHat mirror: wget www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz * cd fileutils-1.0.6.patch * make * ./inst Again, please apply this patch as soon as possible or you risk your system and others` to be compromised. Thank you for your prompt attention to this serious matter, RedHat Security Team. Copyright (C) 2004 Red Hat, Inc. All rights reserved. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iQCVAwUBQXwzy6YKnAPlJw4JAQEdiQP/Q9joitf0xM69z6AvkMA0gjumokNccKB7 OQk+wDNpPYz881/BuycJ15Oory1+zIFiFyVJr7S0CYcQsZLFkeAQaGGNFj6PpHQo H6u5QdRLoK1qWLethUSa73edjEYCwpTtVlFnCuPYRVqMtFKSooLXMSS/2SV9H8pL fcdKycT5D9E= =/nEk -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal.
Umm, should the "Paladin of Security" have weak locks? ;-) Compute Fair, Compute Fun, Compute secure Jan Clairmont Paladin of Security, Take no Prisoners! Unix Security Support/Consultant ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Computer security and Sex
Hmm, I think you've just managed to capture most "self-proclaimed experts" in I.T. and security. Gather up a bit of buzzword follow with some acronyms, and top it off with how k3wl it is to be a hacker. :-) old-school and CISSP shouldn't be in the same sentence ;-) [EMAIL PROTECTED] wrote: Being that this is "full disclosure" it seems only appropriate. I wrote a paper making fun of the many drug and sexual terms and references found in the computer security industry. I thought someone here might get a kick of out it. BE WARNED - it is probably offensive to mild mannered types, so view at your own risk. If you are easily offended, don't read it, eh? http://www.lhqi.com/~chunky I thought about hyperlinking it for putzes who don't get the references, but if anyone will its you all. Maybe it sucks, but at least I amuse myself. Sincerely, Uncle Chunky ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Severe exploit found, all UNIX are affected!
HA, you fools! "Charlie" Root is once again attempting to subvert attempts to find out his true identity. Everyone who has been tracking him for a while knows that Charlie Root is an alias! Unfortunately the only picture ever taken of this wiley character is from his youth: http://www.nwnjmediacenter.org/clipart/charlie%20brown.gif Attempts at providing an artists' rendition of him years later has failed because even as a child he resembles an elderly man. Please help bring him to justice. This can be done by learning to laugh a little and not taking things so seriously ;-) Cheers, Harry David Klotz wrote: Billy, I've been dealing with this Root fellow for years! I've found this page to be very informative! http://www.baseball-reference.com/r/rootch01.shtml -- -Dave [EMAIL PROTECTED] On Thu, 16 Sep 2004, Billy B. Bilano wrote: Dudes, http://www.baseballlibrary.com/baseballlibrary/ballplayers/R/Root_Charlie.stm ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Automated SSH login attempts?
Jay, Seeing these attempts on both work and home systems. HTH, Harry Jay Libove wrote: [ Posted to full disclosure and vulnwatch; please edit reply address(es) as appropriate. Thanks. -Jay ] My Linux system, and a Linux system run by a friend here in the same city but on a completely different netblock (different ISP), have both seen apparently automated attempts to log in to our systems via SSH in the past few days. Looks like a script. Here are some log entries from my system: Jul 15 10:01:34 panther6 sshd[8267]: Illegal user test from 62.67.45.4 Jul 15 10:01:34 panther6 sshd[8267]: Failed password for illegal user test from 62.67.45.4 port 39141 ssh2 Jul 15 10:01:36 panther6 sshd[8269]: Illegal user guest from 62.67.45.4 Jul 15 10:01:36 panther6 sshd[8269]: Failed password for illegal user guest from 62.67.45.4 port 39192 ssh2 Jul 15 10:01:37 panther6 sshd[8271]: Illegal user admin from 62.67.45.4 Jul 15 10:01:37 panther6 sshd[8271]: Failed password for illegal user admin from 62.67.45.4 port 39234 ssh2 Jul 15 10:01:38 panther6 sshd[8273]: Illegal user user from 62.67.45.4 Jul 15 10:01:38 panther6 sshd[8273]: Failed password for illegal user user from 62.67.45.4 port 39275 ssh2 Jul 15 10:01:39 panther6 sshd[8275]: Failed password for root from 62.67.45.4 port 39340 ssh2 Jul 15 10:01:41 panther6 sshd[8277]: Failed password for root from 62.67.45.4 port 39386 ssh2 Jul 15 10:44:12 panther6 sshd[8300]: Illegal user test from 62.67.45.4 Jul 15 10:44:12 panther6 sshd[8300]: Failed password for illegal user test from 62.67.45.4 port 33771 ssh2 Jul 15 10:44:14 panther6 sshd[8302]: Illegal user guest from 62.67.45.4 Jul 15 10:44:14 panther6 sshd[8302]: Failed password for illegal user guest from 62.67.45.4 port 33828 ssh2 Jul 15 10:44:15 panther6 sshd[8304]: Illegal user admin from 62.67.45.4 Jul 15 10:44:15 panther6 sshd[8304]: Failed password for illegal user admin from 62.67.45.4 port 33876 ssh2 Jul 15 10:44:16 panther6 sshd[8306]: Illegal user user from 62.67.45.4 Jul 15 10:44:16 panther6 sshd[8306]: Failed password for illegal user user from 62.67.45.4 port 33916 ssh2 Jul 15 10:44:17 panther6 sshd[8308]: Failed password for root from 62.67.45.4 port 33988 ssh2 Jul 15 10:44:19 panther6 sshd[8310]: Failed password for root from 62.67.45.4 port 34032 ssh2 Jul 15 17:07:15 panther6 sshd[8912]: Illegal user test from 131.234.36.152 Jul 15 17:07:15 panther6 sshd[8912]: Failed password for illegal user test from 131.234.36.152 port 38287 ssh2 Jul 15 17:07:16 panther6 sshd[8914]: Illegal user guest from 131.234.36.152 Jul 15 17:07:16 panther6 sshd[8914]: Failed password for illegal user guest from 131.234.36.152 port 38326 ssh2 Jul 15 17:07:18 panther6 sshd[8916]: Illegal user admin from 131.234.36.152 Jul 15 17:07:18 panther6 sshd[8916]: Failed password for illegal user admin from 131.234.36.152 port 38370 ssh2 Jul 15 17:07:19 panther6 sshd[8918]: Illegal user admin from 131.234.36.152 Jul 15 17:07:19 panther6 sshd[8918]: Failed password for illegal user admin from 131.234.36.152 port 38412 ssh2 Jul 15 17:07:21 panther6 sshd[8920]: Illegal user user from 131.234.36.152 Jul 15 17:07:21 panther6 sshd[8920]: Failed password for illegal user user from 131.234.36.152 port 38468 ssh2 Jul 15 17:07:22 panther6 sshd[8922]: Failed password for root from 131.234.36.152 port 38516 ssh2 Jul 15 17:07:23 panther6 sshd[8924]: Failed password for root from 131.234.36.152 port 38558 ssh2 Jul 15 17:07:25 panther6 sshd[8926]: Failed password for root from 131.234.36.152 port 38611 ssh2 Jul 15 17:07:26 panther6 sshd[8928]: Illegal user test from 131.234.36.152 Jul 15 17:07:26 panther6 sshd[8928]: Failed password for illegal user test from 131.234.36.152 port 38675 ssh2 Jul 19 22:05:07 panther6 sshd[30439]: Illegal user test from 83.103.27.66 Jul 19 22:05:07 panther6 sshd[30439]: Failed password for illegal user test from 83.103.27.66 port 52671 ssh2 Jul 19 22:05:08 panther6 sshd[30441]: Illegal user guest from 83.103.27.66 Jul 19 22:05:08 panther6 sshd[30441]: Failed password for illegal user guest from 83.103.27.66 port 52687 ssh2 Jul 21 06:30:12 panther6 sshd[1103]: Illegal user test from 219.103.193.130 Jul 21 06:30:12 panther6 sshd[1103]: Failed password for illegal user test from 219.103.193.130 port 55802 ssh2 Jul 21 06:30:14 panther6 sshd[1105]: Illegal user guest from 219.103.193.130 Jul 21 06:30:14 panther6 sshd[1105]: Failed password for illegal user guest from 219.103.193.130 port 55823 ssh2 .. and some log entries from my friend's system: Jul 19 21:04:33 quack sshd[28379]: Illegal user test from 131.234.157.10 Jul 19 21:04:34 quack sshd[28381]: Illegal user guest from 131.234.157.10 Jul 19 21:04:36 quack sshd[28383]: Illegal user admin from 131.234.157.10 Jul 19 21:04:37 quack sshd[28385]: Illegal user admin from 131.234.157.10 Jul 19 21:04:38 quack sshd[28387]: Illegal user user from 131.234.157.10 Jul 19 21:04:43 quack sshd[28400]: Illegal user test from 131.234.157.10 Jul 22 09:39:10 quack sshd
Re: [Full-Disclosure] Ancient Trivia: +++ath0
LOL, How do you really feel then? ;-) *> *> You're probably the sort that would appreciate this page then... *> *>http://tinyurl.com/2c9no *> *> *> Regards, *> *> Nick FitzGerald -- Harry Hoffman [EMAIL PROTECTED] -- November 2, 2004: National Bush trimming day - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Comcast using IPS to protect the Internet from their home user clients?
I'm sorry but I think that's a bunch of crap. Enforcing the AUP towards the outside world is not enforcing the AUP. Comcast has before and still does take the stand that they do not protect their End Users. AUP's are used to protect the business from lawsuits by placing blame on the customer (whether or not it was the customer's direct fault). Otherwise the AUP would read "We will protect your from the other users on our network by providing X, Y, and Z" instead of "If we find you doing certain things that a) we aren't profiting on or b) are causing us to spend more on infrastructure then you can expect us to go medieval on your ass!" How can it be Comcast (or any other ISP) use an AUP to stifle communications to the outside world yet still allow attacks within it's network from one customer to another? And it is indeed censorship! While the justification may be the safety of the "net" in general aren't we currently dealing with that in our own country with the Patriot Bill! It's an oft used method to scare everyone into submission. Private company or not when a service becomes common-place it transcends what the private company may or may not do. Consider things like the tel-co's, privatized garbage collection or privatized public transit. Lots of times the only difference is regulation/small subsidies from the govt. (which by the way is the people!). Don't forget that without the customer their wires aren't worth anything. The unfortunate position is that the customers are tied into a service because of a certain needs. Quoting "Randal L. Schwartz" <[EMAIL PROTECTED]>: *> But they also have the right/responsibility to enforce an AUP, and to *> play "good net neighbor". *> *> In this case, they are disconnecting users who are violating AUPs *> or causing them to collectively no longer play "good net neighbor". *> *> It's not censorship. It's especially not "censorship" when it's a *> private company (you can always take your business elsewhere). *> *> "Freedom of the press" doesn't mean you get to use everyone's press *> for free, or that everyone gets a free press. Comcast is entirely *> within their right to cut people off as clients or from the net or *> both. It's their wires. *> *> -- *> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 *> <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> *> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. *> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl *> training! *> *> ___ *> Full-Disclosure - We believe in it. *> Charter: http://lists.netsys.com/full-disclosure-charter.html *> -- Harry Hoffman [EMAIL PROTECTED] -- radical: 1) Someone waiting in line to become "The Establishment" - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: A new look at PGP (WAS: Re: [Full-Disclosure] OpenPGP (GnuPG) vs. S/MIME)
One of Kurt's suppositions was that web of trusts in PGP are difficult because there in no centralizing authority in which to place the initial trust (or something similar to that idea) :-) My thought was that a service, along the lines of Friendster or Orkut, might more easily permit trust relationships to form and allow a client to assign a level of trust to one of their "friends" (much the way these services currently work). The reason I thought it may work is that there were times when going to conferences (and such) the people who knew (and had a certain trust level) each other would sign one anothers keys. OK, now it's dead ;-) (I still think it has a chance of working though) --Harry Quoting Byron Copeland <[EMAIL PROTECTED]>: *> On Fri, 2004-02-27 at 22:19, Harry Hoffman wrote: *> > That brings up an interesting question. Does anyone out there think that *> PGP *> > "web of trusts" would be easier if encorporated into something like *> "Orkut" or *> > "Friendster"? *> > *> *> wtf? *> *> > *> *> > *> This thread is dead. It was dead when it was started. It was dead 3 *> years *> > *> ago. *> > *> *> *> dang. Lets bring it to life again. *> *> *> -- Harry Hoffman [EMAIL PROTECTED] -- radical: 1) Someone waiting in line to become "The Establishment" - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
A new look at PGP (WAS: Re: [Full-Disclosure] OpenPGP (GnuPG) vs. S/MIME)
That brings up an interesting question. Does anyone out there think that PGP "web of trusts" would be easier if encorporated into something like "Orkut" or "Friendster"? Obviously, those types of sites would need to evolve (change) it order to more easily facilitate a trust but it could possibly be doable. Just a thought, Harry Quoting Kurt Seifried <[EMAIL PROTECTED]>: *> *> This thread is dead. It was dead when it was started. It was dead 3 years *> ago. *> -- Harry Hoffman [EMAIL PROTECTED] -- radical: adj 1) Someone waiting in line to become "The Establishment" - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Gee Why don't you teach then! Help out the community.
I think you meant to credit "Aleph One" as the author? Quoting [EMAIL PROTECTED]: *> *> Hint: It was released for the same reasons that Solar Designer *> released "Smashing the Stack for Fun and Profit". *> *> Hmm.. how long would it have taken you to figure out the concept of *> a buffer overflow without Solar's paper, or some other similar hint? *> *> *> -- Harry Hoffman [EMAIL PROTECTED] - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re:[Full-Disclosure] sco.com -> slow? :)
As pointed out to me by Sebastian it seems that SCO has removed the DNS entry for www.sco.com. Don't know if they planned to do that from the get-go, as no other DNS servers that I contacted have it cached. I don't know what the original entry looked like though. --Harry Either they Quoting Thomas Zangl - Mobil <[EMAIL PROTECTED]>: *> *> Am Sun, 1 Feb 2004 13:36:19 +0100, schrieb José_María Mateos *> <[EMAIL PROTECTED]>: *> *> >No, you're not the only one. It looks completely... toasted: *> > *> >$ lynx -source www.sco.com >/dev/null *> > ... *> > *> >Alert!: Unable to connect to remote host. -- Harry Hoffman [EMAIL PROTECTED] - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] sco.com -> slow? :)
I'll say. Keeps timing out for me :-) Quoting Thomas Zangl - Mobil <[EMAIL PROTECTED]>: *> *> Hi, *> *> Am I the only one who notices that sco.com is a bit.. unresponsive? Seems *> the storm has begun.. *> *> Okay, its sunday and most of you have families to cope with :) -- Harry Hoffman [EMAIL PROTECTED] - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Fwd: Re: [Full-Disclosure] Anti-MS drivel]
Dan, I think you've got it wrong there. The bickering actually brings people together, albiet smaller groups with similar interests. Sometimes it's just plain fun to beat a dead horse :-) And sometimes it's not about fixing things but rather having a good bitch session cause you know the problem isn't gonna get fixed anytime soon and you need to vent in some manner. --Harry Quoting "Daniel H. Renner" <[EMAIL PROTECTED]>: *> Yo guys, *> *> How do you keep a group of people from attaining any sort of goal *> whatsoever? How do you make any group smaller and less powerfull? *> *> SIMPLE. Keep them bickering about ANYTHING. Which color, creed, beer, *> pizza, or operating system is better than the other. *> *> Fall into that trap and you've made your group that much smaller, that *> much less powerfull because instead of doing what they like to do - *> they're bickering about something. *> *> And even a newbie can see that nothing gets handled, fixed or done when *> you're wasting time bickering like a bunch of fish-wives... *> *> I'm not saying that these things can't be discussed, but when it goes on *> for rediculous lengths of time, it's only bickering and nothing more. *> *> *> Cheers, *> Dan *> -- Harry Hoffman [EMAIL PROTECTED] ## # Harry: version 4.0a# # Known bugs:# # 1) Verbal output may occur before data processing is complete. # # 2) Loudspeaker option may activate without being invoked. # # 3) Other bugs as reported # ## - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Anti-MS drivel
Yeah, but if the builder built the house in such a way that the door would never stay closed then you would "sue the pants off of that builder" as well as blame the criminal. That's pretty much what MS has done. :-) --Harry Quoting Mary Landesman <[EMAIL PROTECTED]>: *> On January 20, 2004 11:55 AM, "Tobias Weisserth" claimed: *> *> > And the blame goes on MS for this. Nobody else. *> *> There is absolutely nothing I can do to secure my home from break-in. I can *> minimize the risks, but I cannot alleviate the risk entirely. However, we *> don't blame the builders when a home invasion occurs. We rightfully blame *> the burglar. *> *> The blame goes to the crackers and virus writers. *> *> -- Mary *> *> ___ *> Full-Disclosure - We believe in it. *> Charter: http://lists.netsys.com/full-disclosure-charter.html *> -- Harry Hoffman [EMAIL PROTECTED] ## # Harry: version 4.0a# # Known bugs:# # 1) Verbal output may occur before data processing is complete. # # 2) Loudspeaker option may activate without being invoked. # # 3) Other bugs as reported # ## - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Show me the Virrii!
Hi, Quoting [EMAIL PROTECTED]: I'm not sure that not protecting against known threats is a good idea. The willingness to accept a "0-day" is limited by the necessity of Internet usage, which (usually today) is a nesessity. Not to protect against known virii would be negligent and lazy which is why most modern OS's provide these "fixes" as patches to eventually become part of the main OS. Cheers, Harry *> Why? *> *> Think it through - the Big Boys may have 6,000 patterns in their database, *> but *> let's face it, after the first few dozen, it's just penis-extender time. *> *> Remember we're hopefully trying to *manage risk*. And let's be honest with *> ourselves here - which is more likely to show up at the virus scanner, a *> copy *> of Michelangelo, or a new Klez/Sobig/Gibe variant that neither you nor the *> Big *> Boys have a pattern for because it only came out 4 hours ago? *> *> But you're perfectly willing to accept the risk of a 0-day that you don't *> have *> a pattern for, so why should you be unwilling to accept the risk of *> something *> even less likely? *> -- Harry Hoffman [EMAIL PROTECTED] ## # Harry: version 4.0a# # Known bugs:# # 1) Verbal output may occur before data processing is complete. # # 2) Loudspeaker option may activate without being invoked. # # 3) Other bugs as reported # ## - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Whois acting funny in FreeBSD
Did you read Randall Schwartz's commentary on why this happens? Quoting "Bassett, Mark" <[EMAIL PROTECTED]>: *> One more update ( sorry for the multiple postings.. *> *> So looks like whois.godaddy.com whois.gandi.net and *> whois.itsyourdomain.com are the offenders. *> *> *> Server Name: MSN.COM.TW *>Registrar: GO DADDY SOFTWARE, INC. *>Whois Server: whois.godaddy.com *>Referral URL: http://registrar.godaddy.com *> *> *> *>Server Name: MSN.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM *>IP Address: 80.190.192.23 *>Registrar: GANDI *>Whois Server: whois.gandi.net *>Referral URL: http://www.gandi.net *> *> *> Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM *>IP Address: 80.190.192.24 *>Registrar: GANDI *>Whois Server: whois.gandi.net *>Referral URL: http://www.gandi.net *> *> *> *>Server Name: *> GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM *>IP Address: 209.187.114.130 *>Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM *>Whois Server: whois.itsyourdomain.com *>Referral URL: http://www.itsyourdomain.com *> *> *> *>Domain Name: GOOGLE.COM *>Registrar: ALLDOMAINS.COM INC. *>Whois Server: whois.alldomains.com *>Referral URL: http://www.alldomains.com *>Name Server: NS2.GOOGLE.COM *>Name Server: NS1.GOOGLE.COM *>Name Server: NS3.GOOGLE.COM *>Name Server: NS4.GOOGLE.COM *> *> Mark Bassett *> Network Administrator *> World media company *> Omaha.com *> 402-898-2079 *> *> *> *> -Original Message- *> From: Chris McGinnis [mailto:[EMAIL PROTECTED] *> Sent: Tuesday, December 30, 2003 12:43 PM *> To: [EMAIL PROTECTED] *> Subject: [Full-Disclosure] Whois acting funny in FreeBSD *> *> Today I've noticed something weird on all my FreeBSD boxes. When I *> whois *> domains like msn.com, microsoft.com, aol.com and others I get stuff *> like: *> *> $ whois msn.com *> *> Whois Server Version 1.3 *> *> Domain names in the .com and .net domains can now be registered *> with many different competing registrars. Go to http://www.internic.net *> for detailed information. *> *> MSN.COM.TW *> MSN.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM *> MSN.COM *> *> My linux boxes seem to work fine. When I query a specific whois server *> such as whois.networksolutions.com it works fine also. Is anyone else *> getting anything like this? I'm thinking maybe the default whois server *> *> that the whois program queries has been compromised? I'm not sure what *> the *> default whois server is. *> *> -Chris *> *> *> ___ *> Full-Disclosure - We believe in it. *> Charter: http://lists.netsys.com/full-disclosure-charter.html *> *> *> *> Omaha World-Herald Company computer systems are for business use only. *> This e-mail was scanned by MailSweeper *> *> *> ___ *> Full-Disclosure - We believe in it. *> Charter: http://lists.netsys.com/full-disclosure-charter.html *> -- Harry Hoffman [EMAIL PROTECTED] ## # Harry: version 4.0a# # Known bugs:# # 1) Verbal output may occur before data processing is complete. # # 2) Loudspeaker option may activate without being invoked. # # 3) Other bugs as reported # ## - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Fw: Red Hat Linux end-of-life update and transition planning
You can really blame that on Mandrake :-) Those LG guys should be flogged for that. I've always felt that Mandrake was more of a "cozy" linux, where everything is a GUI to keep you out of editing files. Quoting Frank Knobbe <[EMAIL PROTECTED]>: *> On Mon, 2003-11-03 at 13:48, Bassett, Mark wrote: *> > Well as far as similarity goes Mandrake is a modified Redhat so you *> > will notice less of a change going that way. *> *> Except for a few damaged CD-Rom drives... :) *> *> http://slashdot.org/article.pl?sid=03/10/25/1737244&mode=thread&tid=137&tid=147&tid=187 *> *> *> *> -- Harry Hoffman [EMAIL PROTECTED] ## # Harry: version 4.0a# # Known bugs:# # 1) Verbal output may occur before data processing is complete. # # 2) Loudspeaker option may activate without being invoked. # # 3) Other bugs as reported # ## - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Hacker suspect says his PC was hijacked
Great give MS another service to sell ;-) Of course they will require complete access to your computer to give you the "full service". Cheers, Harry Quoting Bojan Zdrnja <[EMAIL PROTECTED]>: *> Ok, I think car-computer anology is *COMPLETELY* stupid, but here comes *> another ... *> *> > -Original Message- *> > From: [EMAIL PROTECTED] *> > [mailto:[EMAIL PROTECTED] On Behalf Of *> > Joshua Levitsky *> > Sent: Tuesday, 14 October 2003 5:21 a.m. *> > To: [EMAIL PROTECTED] *> > Cc: [EMAIL PROTECTED] *> > Subject: Re: [Full-Disclosure] Hacker suspect says his PC was *> > hijacked *> > *> > Or is it -your- responsibility to take it to an authorized dealer to *> > have the recall performed? Nobody makes you service your car. Nobody *> *> Nobody makes you service your car? *> *> In all countries I lived in so far, you have to check your car at an *> official service at least once a year, and somewhere once each six months to *> be able to drive it. That official service should check all critical things *> about your car and if something is wrong, it'll sent you to a mechanic. *> *> I don't see that being done with computers (ie. No official service checks *> your Windows every 6 months and if they are not ok, you can't use them *> anymore). *> *> I also think this thread is stupid :) But that's my opinion only. *> *> Cheers, *> *> Bojan *> *> ___ *> Full-Disclosure - We believe in it. *> Charter: http://lists.netsys.com/full-disclosure-charter.html *> -- Harry Hoffman [EMAIL PROTECTED] ## # Harry: version 4.0a# # Known bugs:# # 1) Verbal output may occur before data processing is complete. # # 2) Loudspeaker option may activate without being invoked. # # 3) Other bugs as reported # ## - This mail sent through IpSolutions: http://www.ip-solutions.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
