[Full-Disclosure] mail.yahoo.com issue
When visiting http://mail.yahoo.com, occasionally the server will serve up a strange page saying only "do you yahoo?". With a few refreshes (which likely pulls the content from other servers), you will get to the yahoo mail login page. It looks like some of their servers are not returning correct results. I'm not sure whether it's malicious, but it's worth noting Source of strange page: do you yahoo? do you yahoo? Dallas LaRose === Notice You may have noticed the increased number of notices for you to notice. We notice that some of our notices have been noticed. On the other hand, some of our notices have not been noticed. This is very noticeable. It is noticed that the responses to the notices have been noticeably unnoticeable. This notice is to remind you to notice the notices and respond to the Notices because we do not want the noticed to go unnoticed. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] MS03-039 has been released - critical
Paul Schmehl ([EMAIL PROTECTED]) Wrote: >> I downloaded the MS scanner today and ran it against one 24. It reports >> the computers as "patched with KB823980", so it doesn't look like it's >> testing for the new stuff yet. The results of the scan are a bit misleading. What you have to look for is the line with: Patched with KB824146 and KB823980 0 Here is a sample output of a _patched_ installation: Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86 Copyright (c) Microsoft Corporation 2003. All rights reserved. <+> Starting scan (timeout = 5000 ms) Checking x.x.x.100 x.x.x.100: patched with KB824146 and KB823980 <-> Scan completed Statistics: Patched with KB824146 and KB823980 1 Patched with KB823980 . 0 Unpatched . 0 TOTAL HOSTS SCANNED ... 1 DCOM Disabled . 0 Needs Investigation ... 0 Connection refused 0 Host unreachable .. 0 Other Errors .. 0 TOTAL HOSTS SKIPPED ... 0 TOTAL ADDRESSES SCANNED ... 1 Here is the sample output of an _unpatched_ installation: Microsoft (R) KB824146 Scanner Version 1.00.0249 for 80x86 Copyright (c) Microsoft Corporation 2003. All rights reserved. <+> Starting scan (timeout = 5000 ms) Checking x.x.x.4 x.x.x.4: patched with KB823980 <-> Scan completed Statistics: Patched with KB824146 and KB823980 0 Patched with KB823980 . 1 Unpatched . 0 TOTAL HOSTS SCANNED ... 1 DCOM Disabled . 0 Needs Investigation ... 0 Connection refused 0 Host unreachable .. 0 Other Errors .. 0 TOTAL HOSTS SKIPPED ... 0 TOTAL ADDRESSES SCANNED ... 1 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Sophos Anti-Virus alert: W32/Blaster-E
The target for the Distributed Denial-of-Service attack has been changed to kimble.org Does anyone have the original IP of kimble.org? It's been changed in DNS to localhost. I'm seeing a DDOS attack with dest 63.208.192.192 tcp/80 -Original Message- From: B$H [mailto:[EMAIL PROTECTED] http://www.sophos.com/virusinfo/analyses/w32blastere.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Need contact in the BTOPENWORLD.COM security department
Does anyone have an email address for a live human being who works in the BTOPENWORLD.COM security department? -- If BT is compliant with RFC2142, the following addresses should be active: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] The RIPE lookup on that IP reflects the following: remarks: Please send abuse notification to [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] new virii? - Tinh` cho khong bieu' khong
Google search: http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%2B%22Tinh%60+cho +khong+bieu%27+khong%22+%2Bvirus Take the first hit and then search on a US virus site: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_LOVELOR N.A Does this look familiar? -Original Message- From: KF [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 7:09 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] new virii? - Tinh` cho khong bieu' khong is anyone familiar with a win32 based virus with the following text in the email message? Tinh` cho khong bieu' khong It appears to drop a file named "temp.exe" if anyone wants the .html I can send it your way... -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Automating patch deployment
Mark is right on the money but left out one important detail. Microsoft SUS [1] allows you deploy a patch repository at your site. This saves network bandwidth and allows for greater control of deployment. You can push the client software out via login scripts for your NT4 domains or MSIs for your AD domains. Client settings such as servernames and intervals can be configured via registry imports for NT4 or GPOs for AD. Good luck. Dallas [1] http://www.microsoft.com/windows2000/windowsupdate/sus/susdeployment.asp -Original Message- From: Johnson, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 4:13 PM To: George Peek; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Automating patch deployment Look at Microsoft Article 328010 for information on setting up Windows 2000, XP and 2003 to automatically update Microsoft's patches. I know this isn't the full solution, but maybe a start. Hope this helps. Mark J. -Original Message- From: George Peek [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 3:37 PM To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Cc: George Peek Subject: [Full-Disclosure] Automating patch deployment We have two networks, one AD and one NT4.0. We can not use AD to deploy MSI patch packages to workstations that are not part of the AD (Active Directory), but are part of the NT domain. Not really interested in purchasing SMS as it seems too costly (why should we?). Considering HFNetChkPro 4 to automate the deployment of patches to our workstations and servers, as doing it manually is far too costly and time consuming for the company. Are there any other utilities or software that anyone (possibly free?) recommends that could be used to simplify patch deployment and management to every workstation and server. We use Windows NT, 2000 and XP workstation products, and NT4.0/2000/2000 Adv server products. Thank You, George K. Peek Network Specialist Allstate Ticketing ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Oh no - the feds are on to us :-)
Although we encourage you to pay attention to all security bulletins and to deploy patches in a timely manner, we want to call special attention to this particular instance. We have become aware of some activity on the Internet that we believe increases the likelihood of exploiting this vulnerability. "activity on the internet", that's us, right?? ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] IIS/Outlook Web Access..
-Original Message- From: Christopher F. Herot [mailto:[EMAIL PROTECTED] Maybe you should upgrade from Exchange 5.5 to 2000. We have had people using Outlook 2003 client and OWA with Exchange 2000 for several months without incident. == Although I'll recognize that an upgrade to E2K is prudent and may resolve the issue, a problem in a product that is still in use should be recognized and documented. Although my company is interested in upgrading to both Outlook 2003 and Exchange 2K+, the upgrade to Outlook 2003 will likely come first due to complexities in the Exchange upgrade. I think it's fair to test the combination of Outlook 2003 and Exchange 5.5 OWA, and I'm interested to know the results. Does Microsoft have a Q article that acknowledges the issue? Dallas LaRose Senior Network Engineer S2 Systems, Inc. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html