Re: [Full-Disclosure] Safari/WebCore Content Sniffing
Hi! > All other browser I tested so far have the right behavior > and treat plain text files as plain text files. MSIE doesn't. :) Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Key loggers and Anti Key loggers
Hi Lan Guy wrote: > Which ones, do they work? I use to use Optix Pro as my primary rat for the win32 machines in my LAN. It has a keylogger included, and well it works just fine. Lately Optix also includes some kind of root kit, or at least a function that makes the server file invisible as long as windows is booted. bug warning: Even optix pro does not see the file so you cannot delete or modify it with optix. Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] "Sample" not running but preventing Win2k fromShutdown
Hi Steve! > So what are you doing right now, killing the process via the Task > Manager? No. I booted linux and made a backup of the hdd. no I'm waiting for some tips about how to extract the sample program for later analysis. If noone has any ideas, i'll overwrite it with a clean image. > Hmmm I am glad I am not in a commercial environment > where I am forced to use MSIE. In a commercial environment, you wouldn't go "fishing for [...] plugins on some porn sites", would you? Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] "Sample" not running but preventing Win2k from Shutdown
Hi guys, I was fishing for some nice MSIE "plugins" on some porn sites and found a mysterious one. It does not appear anywhere, neither in my Firewall nor as a toolbar, and there is no new process running on the sandbox machine. But whenever I try to shut it down or reboot it, an application called "sample" does not want to terminate voluntarily. As said before, there is no such app in the process list before shutting down, and there is no unknown sample*.* file on any of the sandbox'es hard disks. Does anyone know this "sample"? Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Reading WEP-Key from Win 2000 Network Config
Hi! I'm just playing around with my wireless LAN config in Windows 2000 Professional. There is some security dialog where you can enter your WEP key in 26 hex digits. You may enter them but not read them because they are masked with ***. I have a tool which reads the plaintext of such password boxes but in this case it is not applicable because the code surrenders as soon as the box receives the focus. Solution: enter sobe chars that are not hex digits. You will receive an error message. Select a different one of the 4 av/ keys. It will be shown in plaintext. Is this fresh news? Is it exploitable remotly, meaning without sitting in front of the box? Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] removing sasser
Hi Alerta! > 2. Look for avserve.exe or avserve2.exe in the %Windir% directory > 3. Delete "avserve.exe" [...] in > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run thx, thats the info I was looking for Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] removing sasser
Hi folks! Is ther a way to remove Sasser without downloading a full av-software? Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Registry Watcher
Hi RandallM wrote: > Any programs out there that "watches" changes to registry and > can give an alert? My registry is protected by the Geek SuperHero. You can find it via google. Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: Subject: [Full-Disclosure] Some suspicious files
Hi dila wrote: > how did you come to obtain it? +--- in <[EMAIL PROTECTED]>, I wrote: | I've just received some suspicious files via IRC. My anti-virus | apps don't find anything. It was sent to me from a friend, but | he said he didn't send it. May I send it to the list and would | someone analyze it? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: Subject: [Full-Disclosure] Some suspicious files
Hi all, there are so many people interested I don't wanna send each of you a single mail so I'll put it to my webserver. It would be nice if someone would mirror it because this "web server" is not a business server, it's my own PC :) http://temp.gameszone.kicks-ass.net:180/temp/fd/ irc_files.zip, 278 KB Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Some suspicious files
Hi! I've just received some suspicious files via IRC. My anti-virus apps don't find anything. It was sent to me from a friend, but he said he didn't send it. May I send it to the list and would someone analyze it? Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Detecting newly added Windows Services (was: no more public exploits)
Hi! > [...] and won't even notice an additional listener on their system. > This last thing is not surprising, because when you keep 20 > unnecessary default services running, it is not likely you will > notice one more A human won't. That's why I'd like to remind all windows sysops in this ml of my personal watch dog: the Geek SuperHero. You can dowload a trial version at http://www.geeksuperhero.com/ . Yours, Marcel ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [newbie] Reply-to missing?
Hi! I'm quite a freshman on this list and I think you've already discussed this question in the past, so a link to a mail in the archives would be appreciated. The mailing lists I'm used to add a Reply-To: header to each mail sent to the list, pointing at the mail distributor. However, the mail I receive from this list does not have these. I'm trying to get used to replacing the To: headers of my replies in order to get them public, but there is the laziness factor, too. Where's the option to tell the server I want such Reply-To: headers? Is there any? If not, why not? cya, Marcel -- an unannounced attachment... it's a DOCument... does he really think i'll either start the deamonic tool from redmond or reboot my machine to boot my linux and use open office? ph33r my 1337 w1nd0z3 up71m3! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing
Hi! > can anybody confirm this, or is it just an april's fool joke ? > http://www.heise.de/security/news/meldung/46175 for the ones reading this mailing list offline: the text says we all should not use HTTP because there are problems with browser authentication. I am reading c't, another magazine heise produces, and they *always* have an april joke. The article mentioned above does not tell how the hole can be exploited, but it says sth. about a "Browser-in-the-Middle-Program (BMP)". Well, the sheer fact that they invent a new meaning for the bitmap file extension makes me consider this article as a great joke. cya, Marcel -- an unannounced attachment... it's a DOCument... does he really think i'll either start the deamonic tool from redmond or reboot my machine to boot my linux and use open office? ph33r my 1337 w1nd0z3 up71m3! ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html