Re: [Full-Disclosure] Multiple Vulnerabilities in Microsoft Vulnerabilities
You gotta be kidding me.This is one of the worst disclosure i've seen lately. L. Quoting Willie G [EMAIL PROTECTED]: Multiple Vulnerabilities in Microsoft Vulnerabilities Original issue date: February 02, 2004 Last revised: -- February 04, 2004 Source: PERFIDIOUS DOT ORG SECURITY TEAM Systems Affected All Microsoft Products Overview Microsoft contains multiple vulnerabilities within their vulnerabilities the most serious of which could allow another vulnerability to execute another vulnerability and open a Pandora's box of vulnerabilities which can lead to a Denial of Service attack on an administrator's inbox. Description Microsoft Security Bulletins describe vulnerabilities. When issuing these vulnerability bulletins, Microsoft has been creating localhost based Denial of Service attacks on administrator mailboxes worldwide. The problem arises by various security organizations releasing too many Microsoft vulnerability alerts for programs which have security flaws. / [EMAIL PROTECTED]:~ mutt -y --- Mutt --- defrauded : ~/Maildir/.ms-sec [ 1743765209473471876432 msgs SEGMENTATION FAULT / Impact This problem is becoming a costly one for administrators worldwide and a estimates show billions of dollars in losses incurred by this vulnerability because of the time spent sifting through these vulnerabilities, adding patches, updating, etc. Solutions Remove your email address from mailing lists which post Microsoft Security updates Install an alternative Operating System -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- That vulnerability is theoretical Willie G. [EMAIL PROTECTED] Shafted US Security Team 00-212-555-1269 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] antivirus s/w
You can also take a look @ BitDefender ( www.bitdefender.com ). Got pretty good reviews and good pricining. /luca Quoting Patrick J Okui [EMAIL PROTECTED]: Hi all, (.*flames.*/dev/null) 1. I'm trying to decide on an AV solution for a campus wide n/w. I'm basically looking for something that'll respond as quick as possible to new viruses. I'm currently evaluating NAV, and Fprot. Any other suggestions/recomendations? 2. Fprot have an AV 4 linux/bsd workstationsdoes this just scan for virii from infected winbloze or are there un*x virii i'm ignorant about? thx. patrick. -- patrick ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Anti-MS drivel
David, Your company is obivously a geek friendly enviroment where not using m$ products is ok and not a business requirement.But when you have tons of presentations monthly where the client is only using Powerpoint ( and only powerpoint because it's working for him ) , using OpenOffice it's NOT an option.Same goes for the rest of office products. We have around 600 desktops running a mix of win 2k/ xp pro and maybe 50 servers running 2k server and 2k3 server.We use a checkpoint fw and symantec corporate edition for antivir. Last time I've seen a server infected was 3 years ago ( one nt machine everybody forgot about got owned using unicode exploit ).As for virii we NEVER had an infection. It all boils down to keeping an eye on what's out there in terms of exploits and being pro-active.And don't give the we dont have enough manpower to deal with all the windows exploits stuff. I dont even remember when was the last time i had to go to a machine and install a patch ( we're using software update services for that - does a good job and it's free ). The antivirus server is deploying updated virus def files as soon is it gets any...and so on. Ah, and the mail server strips any funny mail attachments. Luca. Quoting Edward W. Ray [EMAIL PROTECTED]: Mary: Cisco at least has competition. Juniper Networks has about a 25% share of the router market, which keeps Cisco honest. Microsoft has almost market penetration at the desktop for both the home and business. IMHO, they deserve all the anti-MS drivel people can dish out. I will tire of it when I don't have to spend an hour each month clearing my firewall logs of attempted Code Red and Nimda infection attempts Edward W. Ray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mary Landesman Sent: Thursday, January 15, 2004 10:55 AM To: David F. Skoll; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause That's pretty much like teaching your kids to never talk to strangers, or never visit the bad part of town. Fact is, most crimes are committed by people we know. Microsoft is often victimized, mainly because they are so ubiquitous. Cisco is running a poll right now to see which of the 17 critical patches are most important to users, because they only have the manpower to fix 10 of them. Should we all stop using Cisco products? This anti-MS drivel is so tiresome. -- Mary - Original Message - From: David F. Skoll [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, January 15, 2004 12:06 PM Subject: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause On Wed, 14 Jan 2004 [EMAIL PROTECTED] wrote: I just wanted to remind everybody that tomorrow is Personal Firewall Day. http://www.personalfirewallday.org/ That Web site is utterly disingenuous. Rather than giving low-value information, how about high-value information that actually protects people: 1) Don't use Windows. 2) Don't use Outlook. Our company uses neither Windows nor Outlook, and although we do have a firewall, we do not use anti-virus software. Of course, the sponsors of the site (Microsoft and a bunch of anti-virus vendors) can hardly see it as being in their interest to actually create a secure computing environment. Regards, David. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Networking security problem?
I have no idea whatsoever where the problem really is...first of all in 9x land you don't have an admin share ( c$, etc ) so the payroll machine had the entire c drive shared ( talking about security... ). Dunno if you have a local domain or using a workgroup in which case you shouldn't even use the word security in this context. As for a screen saver password protected to reset the network connections that's something I haven't seen yet. Take linux for example and your favorite desktop manager ( ximian for example ). Lock the screen and see if your still able to access the defined samba shares ( I'm using samba to be in the same windoze like world ) on that machine.Well, they're still accessible and if you use nt domain auth you don't need a u/p to connect ( if you are already logged into the domain ). If the payroll stuff is so sensible and you guys have a problem w/ disgruntled employees maybe you should install nt/2k on that box and use ntfs permissions ( much easier to implement if you have a domain ). Just my 2 penny, Luca. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gregh Sent: Thursday, July 10, 2003 8:56 PM To: Disclosure Full Subject: [Full-Disclosure] Networking security problem? Tested on XP Home and 98SE only. I wont make this a real long formal thing as it is quite simple and rather than make it a bug style report, I am asking for your input. Scenario: -- Last year I was working on a 98SE network problem that turned out to be a busted NIC. The particular NIC was in a payroll machine with obviously very sensitive info in it. In order to give some sense of security to the payroll woman, at some time in the past, someone had set up a screen saver password that she knew how to change. Eg, resume from screen saver required typing the password to get any further on the machine to a novice and as she kept the payroll room door locked anyway, it was deemed enough by management. Unfortunately, though, along came I to fix a minor problem and to be sure the NIC was responding each way (eg, it could be seen by the machine in the same office) I installed the NIC, then went to the other machine to ping it and see if programs were working OK. Normal routine. Prior to me getting to the other machine, she had questions and we spent 10 minutes talking and then I went to the other machine and ran programs, pinged, searched the C drive on the ! payroll machine and came back to the payroll machine. I found the machine was locked out by password and as she was standing nearby, I got her to type the password in and away it all went. Then it hit me - I had been running programs on the payroll machine from the other machine in the network. Curious, I went to another office and did the same thing after forcing the screen saver on. Again it all worked and I could look up sensitive data. The LAN they have there does have internet access and has a basic out of the box firewall and they think they are safe. I pointed out how I easily got in from within their office and others could do the same straight to the payroll machine from outside but the manager said they couldn't as we have a firewall. Well, not wanting to push the point as this was the first time I had been there, I left it alone but then decided to report those findings to MS. Eventually they did respond but they said they don't see it as a problem but WOULD make it an OPTION in the next SP for XP and also I presume the next full OS (Longhorn?) they issue. Am I being pedantic here? To my mind, if a password is required to use the machine locally, it should automatically require the network connection to be broken. XP goes back to the Welcome screen depending on your settings or the NT looking username and password box you would all know. I find it totally mystifying that a machine that is protected at keyboard level by a password so people cant get into it and look up sensitive info can still be gotten into at least by the local LAN and info STILL gained. The problem here is if a disgruntled employee went postal and knew this info, he/she could do what they want. I understand the programs and data could be protected in other ways but it also hit me that there must be quite a few small to medium companies living in a delirious limbo like this, too. Any comments? Am I just pedantic or is this really a headbanger? Greg. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
