Re: [Full-Disclosure] (no subject)

2004-08-09 Thread Micheal Espinola Jr 
It's a new variant of the BAGLE worm.  Most vendors dont have
definition files still.

On Mon, 9 Aug 2004 13:03:54 -0600, Jonathan Grotegut
<[EMAIL PROTECTED]> wrote:
> (In regards to new_price.zip file attachment)
> 
> Anyone have any idea what this is, we had some clients just get pretty
> hard with this email.  I am unable to find anything on it, from my VERY
> Limited knowledge it appears to be a virus exploiting one of the many
> holes in IE.  Anyone else see anything on this yet?
> 
> Jonathan Grotegut
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
-Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] (no subject)

2004-08-09 Thread Micheal Espinola Jr 
this Symantec Rapid Release beta will catch it for NAV users, until
they roll-out the next official .def file:




On Mon, 9 Aug 2004 14:32:14 -0500, Todd Towles
<[EMAIL PROTECTED]> wrote:
> I am seeing a lot of them too. Just had a call from my e-mail people. I have
> one that is new_price.zip (5KB)
> 
> There appears to be some people on FD that are infected and we are getting a
> lot on my end.
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan
> Grotegut
> Sent: Monday, August 09, 2004 2:04 PM
> To: Full-disclosure
> Subject: RE: [Full-Disclosure] (no subject)
> 
> (In regards to new_price.zip file attachment)
> 
> Anyone have any idea what this is, we had some clients just get pretty
> hard with this email.  I am unable to find anything on it, from my VERY
> Limited knowledge it appears to be a virus exploiting one of the many
> holes in IE.  Anyone else see anything on this yet?
> 
> Jonathan Grotegut
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
-Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] found suspicious desktop.ini in startup folders

2004-08-24 Thread Micheal Espinola Jr 
This typically contains information on directory view customizations,
but can also contain some CLSID trickery for special folders, like
Favorites.


On Tue, 24 Aug 2004 09:55:59 -0500, Andrew <[EMAIL PROTECTED]> wrote:
> I actually switched to a OS X PDC and had the same problem when
> establishing a user's intial login with a windows XP workstation rather
> than a windows 2k workstation.
> It was just a file XP put into the users' profile, and as the knowledge
> base said, just delete it from the profile on your server should fix
> the problem. If I recall correctly the reason it shows up is the
> differences in how the desktop is handled in roaming profiles between
> WinXP and Win2k. The company I work for is very small, and so I'm not
> positive on the differences for win2k3
> 
> Andrew
> 
> 
> 
> On Aug 24, 2004, at 3:35 AM, Nick FitzGerald wrote:
> 
> > BillyBobKnob wrote:
> >
> >> Does anyone know if this file is used in an exploit since it was
> >> found in
> >> startup folders ?
> >
> > Does it "come back" following a restart, or a logout/login cycle, after
> > you delete it??
> >
> >> The contents of the file are:
> >>
> >> [.ShellClassInfo]
> >> [EMAIL PROTECTED],-21787
> >
> > This KnowledgeBase article mentions precisely these file contents:
> >
> >http://support.microsoft.com/?id=330132
> >
> > but gives no indication of what may cause its appearance on your
> > system.  The suggested "fix" is simply deletion...
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
-Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] win2kup2date.exe ?

2004-09-09 Thread Micheal Espinola Jr 
My what a lovely tea party...

I had no idea that this is such professional list that I have joined. 
I'm no old fart, but I feel like I'm in grade school all over again.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] AV companies better hire good lawyers soon.

2004-09-13 Thread Micheal Espinola Jr 
I disagree.  Programmer's should know to submit their code to the
various AV companies in order to avoid false-positives.


On Mon, 13 Sep 2004 12:12:35 +0200 (CEST), Feher Tamas
<[EMAIL PROTECTED]> wrote:
> Analysts urge McAfee to settle out of court on false alarm damages
> claim.
> 
> http://news.zdnet.com/2100-1009-5361660.html
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 



-- 
-Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] AV companies better hire good lawyers soon.

2004-09-14 Thread Micheal Espinola Jr 
I would say your position is ridiculous, and that your reference has
no meaning or bearing on the issue at hand - which is:

Someone is creating software that scans for 'naughty' things based on
digital fingerprints.  If your software is so important that you and
your user base cannot deal with possibly up-to a few days of
inconvenience due to a false-positive - then yes, you had better
coordinate with with that software vendor to make certain your
precious software is not one of them.

Its a free market, and you will have to deal with it if you want to
play along.  Certainly you're welcome to try to improve the game while
your playing, but complaining and suing over such long-established
issues regarding AV fingerprints seems quite OOB for this list.  What
is being disclosed here that hasn't been a standing issue for 10+
years?

Someone else said, 'what about secret software?'  Don't be silly.  If
its so secret, then no one can no that it is even exists - never mind
registering a false-positive.  In a secret environment (which I have
previously worked), there are (or should be) many more safe guards in
place to deal with this type of matter - as well as the always
workable overrides. And certainly issues can be dealt with, without
having to actually give away your secret.

Also remember, how impactive this issue can be all depends on how
automated your AV software is.  You can always quarantine until you
have verified it is not truly a virus, and you can always override the
false-positive scan until updated fingerprints are released that no
longer trigger a false-positive - allowing you to continue to use the
file(s) that are generating the false-positive.

A large percentage of my black/grey-hat tools scan as viruses.  I deal
with so-called false-positives on a daily basis without a loss of
functionality or ability.


On Tue, 14 Sep 2004 09:25:52 +0200, Florian Weimer <[EMAIL PROTECTED]> wrote:
> * Micheal Espinola, Jr.:
> 
> > I disagree.  Programmer's should know to submit their code to the
> > various AV companies in order to avoid false-positives.
> 
> This is a ridiculous proposition.  It's like suggesting that you have
> to submit your writings to the Department of Justice before you can
> exercise your free speech rights.
> 



-- 
-Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Senior M$ member says stop using passwords completely!

2004-10-16 Thread Micheal Espinola Jr 
That much is obvious.  Read the the full article, do a little
background research and get back to us when you reach a more sensible
conclusion.

Reactionary conclusions based on obvious article 'skimming' make it
apparent you didn't do your homework before posting.

FWIW I have used "rainbow" tables for dictionary-styled attacks for
about 7 years now.  There have been available CLI-based tools for
generating dictionary lists using different character sets for the
better part of the past 10 years.  There are also many dictionary
lists in multiple languages available on many university public FTP
sites to build and extend your own from.

Personally, I'm surprised this style attack took this long to catch on.


On Sat, 16 Oct 2004 10:46:44 -0400, Tim
<[EMAIL PROTECTED]> wrote:
> 
> Mind you, I am no expert on M$ "cryptography", but someone on their
> security team ought to know a bit more than this.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] House approves spyware legislation

2004-10-06 Thread Micheal Espinola Jr 
I don't see how this is a law against "hacking", when it is directed
at intentional misrepresentation and system modifications of an
unsuspecting end-users system.

If you want to be a hacking purist, spyware has nothing to do with "hacking".

Any laws at this point will help because it will give corporations
that are exposed to spyware the legal ground necessary to take fiscal
action against the people mass-producing spyware.

This should inadvertently help everyone else as well.


On Wed, 6 Oct 2004 05:03:45 -0700, Gregory Gilliss
<[EMAIL PROTECTED]> wrote:
> Great, Not that I'm any fan of spyware, but this is just another law
> against hacking. Think - what's the difference between this and someone
> using XSS to "take control" of a computer? If you r00t a box and deface
> the home page, then you've broken this law.
> 
>  Instead of fixing the problem (poor software security) we pass
> laws to punish the people who do the things that illustrate the problem.
> Basic philosophical differences, blah blah blah ...
> 
> Worst of all, do you really think that the spyware rackets will slow down
> or cease because of this? Nope - they'll just migrate out of the jurisdiction.
> 
> -- Greg
> 
> 
> 
> On or about 2004.10.06 06:03:18 +, RandallM ([EMAIL PROTECTED]) said:
> 
> >
> >
> > The U.S. House of Representatives voted late Tuesday to restrict some of the
> > most deceptive forms of spyware.
> >
> > By a 399-1 vote, House members approved legislation prohibiting "taking
> > control" of a computer, surreptitiously modifying a Web browser's home page,
> > or disabling antivirus software without proper authorization.
> >
> > http://news.com.com/House+approves+spyware+legislation/2100-1028_3-5397822.h
> > tml?tag=nefd.top
> >
> >
> > thank you
> > Randall M
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> --
> Gregory A. Gilliss, CISSP  E-mail: [EMAIL PROTECTED]
> Computer Security WWW: http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
-Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] House approves spyware legislation

2004-10-06 Thread Micheal Espinola Jr 
Yes, clearly laws don't always work and people find loopholes.  So
instead of making new ones to compensate, lets just stop.

Great idea.  I'm surprised that the law enforcement community has not
come to this conclusion.

...And don't both discussing the appropriate changes to make to
existing flawed laws or the prevention of new inappropriate laws. 
Lets just be negative, pass blame, and not be proactive about a
solution.

Are there any professionals on this list, or just people who like to
rant about policies and companies that they don't like?

"By a 399-1 vote, House members approved legislation prohibiting
"taking control" of a computer, surreptitiously modifying a Web
browser's home page, or disabling antivirus software without proper
authorization."

Yes, clearly this is a law against "hacking"...   *sigh*


On Wed, 6 Oct 2004 08:07:38 -0500, Todd Towles
<[EMAIL PROTECTED]> wrote:
> Why make more computer laws...when the current computer laws can not be
> enforced correctl? We all know that the CAN-SPAM Act really cut the spam
> out of our e-mails *sigh* Then the INDUCE act will make half the stuff
> in a normal person's house illegal.
> 
> Making laws is just playing around...paper on top of paper doesn't stop
> anything. It all falls back to the old saying - Action speaks louder
> than words.
> 
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Gregory Gilliss
> > Sent: Wednesday, October 06, 2004 7:04 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Full-Disclosure] House approves spyware legislation
> >
> > Great, Not that I'm any fan of spyware, but this is just
> > another law against hacking. Think - what's the difference
> > between this and someone using XSS to "take control" of a
> > computer? If you r00t a box and deface the home page, then
> > you've broken this law.
> >
> >  Instead of fixing the problem (poor software security)
> > we pass laws to punish the people who do the things that
> > illustrate the problem.
> > Basic philosophical differences, blah blah blah ...
> >
> > Worst of all, do you really think that the spyware rackets
> > will slow down or cease because of this? Nope - they'll just
> > migrate out of the jurisdiction.
> >
> > -- Greg
> >
> > On or about 2004.10.06 06:03:18 +, RandallM
> > ([EMAIL PROTECTED]) said:
> >
> > >
> > >
> > > The U.S. House of Representatives voted late Tuesday to
> > restrict some
> > > of the most deceptive forms of spyware.
> > >
> > > By a 399-1 vote, House members approved legislation prohibiting
> > > "taking control" of a computer, surreptitiously modifying a Web
> > > browser's home page, or disabling antivirus software
> > without proper authorization.
> > >
> > >
> > http://news.com.com/House+approves+spyware+legislation/2100-1028_3-539
> > > 7822.h
> > > tml?tag=nefd.top
> > >
> > >
> > > thank you
> > > Randall M
> > >
> > >
> > > ___
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> > --
> > Gregory A. Gilliss, CISSP
> > E-mail: [EMAIL PROTECTED]
> > Computer Security WWW:
> > http://www.gilliss.com/greg/
> > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83
> > D9 B4 14 0E 8C A3
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
-Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal.

2004-10-08 Thread Micheal Espinola Jr 
I beg to differ.  This is not public domain.  This is something we all
pay for and have a vested interest in.

The days of the 'wild west' are over.  There is a new sheriff in town.
 Because of stupid script kiddies and black hat assholes, things are
going to change whether you like it or not - whether you agree with it
or not.


On Fri, 8 Oct 2004 16:11:06 +0100, Andrew Smith <[EMAIL PROTECTED]> wrote:
> This is the internet.
> This isn't your home, your car, your wallet.
> This is the internet.
> Offline analogies do not work. They also make my brain hurt, please do
> not use them.
> Whilst "breaking a weak lock" is criminal on the internet and in real
> life, it's also a hell of a lot easier to do on the internet, and a
> hell of a lot harder to get caught.
> The fact that something is illegal discourages no-one, the fact that
> they may get caught and punushed discourages most. The amount of laws
> it is possible to break by clicking a few links is insane, and only
> ever enforced if a large corporation is involved. I don't know what
> you expect from this rant, but i am quite concerned that someone with
> a CitiGroup (a bank?!) email address is talking about credit cards
> being stolen and "weak locks".
> 
> 
> 
> 
> On Fri, 08 Oct 2004 10:26:13 -0400, KF_lists <[EMAIL PROTECTED]> wrote:
> > Who pissed in your Wheaties?
> > -KF
> >
> >
> >
> >
> > Clairmont, Jan M wrote:
> > > I just don't understand people who think by using some cheap trick they
> > > get into my files or website and hack them, that they have no personal 
> > > responsibility.
> > > It's insane to think and criminal that anything you can get into is fair game.
> > >
> > > Just because I have a cheap lock you can break does not make invading my home or 
> > > personal property yours.  Eh gods man, how does this type of idiotic logic 
> > > prevail,
> > > just becasue I lost my wallet does not constitute your right to use my credit
> > > card, atm card and personal information for your enrichment. Because you can get 
> > > into
> > > some sieve unsecured systems gives you the right to exploit or rape a persons 
> > > bank account, steal their identity and generally destroy someone's life.
> > >
> > > I have found a number of wallets and purses and returned them intact to the 
> > > rightful
> > > owners, as I have done with computer systems that my friends, neightbors and
> > > clients have used with vulnerablilties or virii. Sometimes they didn't even know 
> > > I helped or fixed something.  You know why because I respect the privacy and 
> > > property of others. And if you don't, you deserve the indignation and the 
> > > handcuffs they put on you
> > > when they drag you down to chinatown, baby.
> > >
> > > Compute Fair, Compute Fun, Compute secure
> > > Jan Clairmont Paladin of Security, Take no Prisoners!
> > > Unix Security Support/Consultant
> > >
> > >
> > > ___
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] RE: [Full-Disclosure]Open the doors to hell hire a hicker Full-Disclosure Posts

2004-10-18 Thread Micheal Espinola Jr 
Yea, but the l0pht was never an exploit group.  They were the most
true hackers I have ever personally known.

But it should also be considered that way back then, the youngest
member was in his teens, while the rest were significantly older than
him.  Now, that youngest member (Kingpin) should be about 30 y/o.

Their maturity and _responsibility_ to their passions has always kept
them a cut above in the professional game.


On Mon, 18 Oct 2004 17:38:18 -0500, Kevin <[EMAIL PROTECTED]> wrote:
> On Mon, 18 Oct 2004 10:28:39 -0400, Clairmont, Jan M
> 
> And this is excluding the obvious L0pht->@Stake->Symantec progression.
> People mature over time, grow into a more "professional" attitude
> without losing the inventiveness and insight that makes them
> effective.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Re: Web browsers - a mini-farce

2004-10-19 Thread Micheal Espinola Jr 
Just out of curiosity, can you you refer to anything in a professional
manner - or must you always use demeaning word-play against anything
you don't like?

Also out of curiosity, when do you hit puberty?  Perhaps some of us
can rejoin the list when you have matured.


On Tue, 19 Oct 2004 23:17:16 +0300, Georgi Guninski
<[EMAIL PROTECTED]> wrote:
> just out of curiousity, do you use internet exploder for browsing ?
> 
> --
> georgi
> 
> 
> 
> On Mon, Oct 18, 2004 at 04:18:53PM +0200, Michal Zalewski wrote:
> > 3) Results summary
> >
> >   All browsers but Microsoft Internet Explorer kept crashing on a regular
> >   basis due to NULL pointer references, memory corruption, buffer
> >   overflows, sometimes memory exhaustion; taking several minutes on
> >   average to encounter a tag they couldn't parse.
> >
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Re: Web browsers - a mini-farce

2004-10-19 Thread Micheal Espinola Jr 
"All browsers but Microsoft Internet Explorer kept crashing on a regular
basis due to NULL pointer references, memory corruption, buffer
overflows, sometimes memory exhaustion; taking several minutes on
average to encounter a tag they couldn't parse."

All browser BUT microsoft internet explorer...   Yet, all Georgi can
reply is this:

"just out of curiousity, do you use internet exploder for browsing ?"

I've been on this list for a short time, but I can't believe the
amount of completely pointless posts, horrible attitudes, and complete
disrespect for ones peers takes place here.

This is probably a worthless rant, but regardless of any technical
skill at exploiting code that Georgi might have - he comes off as
being incredibly immature.


On Wed, 20 Oct 2004 00:31:00 +0200, Rainer Duffner
<[EMAIL PROTECTED]> wrote:
> Am Di, den 19.10.2004 schrieb Micheal Espinola Jr um 23:43:
> > Just out of curiosity, can you you refer to anything in a professional
> > manner - or must you always use demeaning word-play against anything
> > you don't like?
> 
> What's the point ?
> After all, it was Internet-Exploder (oops), in the form of the
> Internet-Explorer OLE-control in Outlook that brought to life all those
> jokes about emails that could damage your computer when read that were
> circulating via email in the early 90s of the last century.
> Back then, they were filed under "urban legends".
> 
> > Also out of curiosity, when do you hit puberty?  Perhaps some of us
> > can rejoin the list when you have matured.
> 
> 
> You can't read this list anyway without a filter (IMO).
> 
> Rainer
> --
> ===
> ~ Rainer Duffner - [EMAIL PROTECTED] ~
> ~   Freising - Munich - Germany   ~
> ~Unix - Linux - BSD - OpenSource - Security   ~
> ~  http://www.ultra-secure.de/~rainer/pubkey.pgp  ~
> ===
> 
> ___
> 
> 
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Re: Web browsers - a mini-farce

2004-10-19 Thread Micheal Espinola Jr 
I know he does, and I respect him for that.  In fact, I held him in a
much higher ideal of respect until I joined this list.

Now he just seems like so many other anti-MS turd evangelists.  FD is
one thing, but the constant and incessant rantings diminish his
reputation as well as any legitimate message he might be trying to
convey.



On Tue, 19 Oct 2004 18:40:26 -0400, Byron L. Sonne <[EMAIL PROTECTED]> wrote:
> > Just out of curiosity, can you you refer to anything in a professional
> > manner - or must you always use demeaning word-play against anything
> > you don't like?
> > Also out of curiosity, when do you hit puberty?  Perhaps some of us
> > can rejoin the list when you have matured.
> 
> The thing is that Georgi delivers the goods; consequently he can say
> pretty much whatever he wants however he wants to. He's earned it. And
> besides, if you've dealt with M$ as much as he, myself or others in the
> field have, then you'd know he's right on the mark. Shitty M$ security
> stopped being funny a long, long time ago, and it's been maddening for
> years now. How else is someone supposed to vent? ;)
> 
> 


-- 
Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Windows Time Synchronization - Best Practices

2004-10-22 Thread Micheal Espinola Jr 
You can certainly have multiple time servers specified with Windows
Time Service (SNTP).  RTM.  It has the ability to failover through a
list.

If you need the full features of NTP, by all means use a third party
daemon.  However, in keeping my routers, RADIUS, and Kerberos sync'd
properly -  I have yet to require anything that SNTP is unable to
provide.

I've never heard of time.microsoft.com, and have never seen any
indication in any documentation to ever suggest using it.  MS's docs
have always suggested US naval observatory sites (since the
documentation is US-based).

I missed something.  Why would the requester time sync to Seattle, WA
USA if they are in Brazil?  That certainly goes against NTP RFC's,
regardless of any suggestions of the use of time.microsoft.com.

I have used 3rd party daemons as well as the built-in SNTP.  Both work
equally well.  The built-in tools can work just fine if you understand
the components and know how to properly use them.  There  is more
functionality available than what is simply represented by NET TIME.
Again, its a matter of RTM.



On Thu, 21 Oct 2004 14:47:25 -0700 (PDT), Gary E. Miller <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Yo David!
> 
> On Thu, 21 Oct 2004, Cushing, David wrote:
> 
> > > In my experience NTP will work a lot better for
> > > you than Windows Time server.
> >
> > Windows time service uses SNTP.
> 
> SNTP is RFC 2030, It says:
> 
>   "SNTP can be used when the ultimate performance of the full
>   NTP implementation described in RFC-1305 is not needed or justified."
> 
> So right off the bat you know you are sacrificing something.  Why settle
> for less than the best when the best is free?
> 
> RFC 2030 Continues:
> 
>   "It is strongly recommended that SNTP be used only at the extremities
>   of the synchronization subnet. SNTP clients should operate only at
>   the leaves (highest stratum) of the subnet and ..."
> 
>   "The full degree of reliability ordinarily expected of primary servers
>   is possible only using the redundant sources, diverse subnet paths
>   and crafted algorithms of a full NTP implementation. "
> 
> Seems to me that rules out using it to connect to the stratum 1 in
> Seattle, WA from Brazil.
> 
> > > The protocol is robust and you are not dependent on the
> > > single point of failure called: time.microsoft.com.
> >
> > Never heard of time.microsoft.com being down or incorrect.
> 
> Me neither, but it has been unreachable.  Since the original requestor
> was from Brazil I would think that reachability would be an issue
> for him.  Last time I was monitoring reachability to Brazil there
> were often outages and bottlenecks to there from the US.
> 
> > You can use 'net time' or regedit to change it.
> >
> > http://www.microsoft.com/windows2000/docs/wintimeserv.doc
> 
> Yeah, but you are still stuck with only ONE server, you are stuck with
> SNTP and you have almost no way to tell if the time daemon is doing the
> right thing.
> 
> With NTP you can designate a local master that gets it's time from a
> diverse set of sources.  It is easy to verify and monitor it's proper
> functioning.  Then you can redistribute it to your local hosts.
> 
> Contrary to what some may believe, accurate time is very important to
> security.
> 
> One time keys, like S/Key, depend on accurate time for their functioning.
> 
> Any stronge encryption scheme, like IPSec, needs a good clock at both
> ends to default antireplay attacks
> 
> When debugging a major system crash, involving many routers, switches,
> hosts, etc. it is important to have well synced clocks to determine
> first failure.
> 
> Stick exchanges require members to use accurate clocks to help prevent
> fraud.
> 
> Etc...
> 
> RGDS
> GARY
> - ---
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
>[EMAIL PROTECTED]  Tel:+1(541)382-8588 Fax: +1(541)382-8676
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.3 (GNU/Linux)
> 
> iD8DBQFBeC5w8KZibdeR3qURAjDhAJ9kue1cKLMrcVykpL4P03XyCnuB+ACbBL4b
> mNs+1jkUA470nRGx6ZXPGGA=
> =9SAK
> -END PGP SIGNATURE-
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
Micheal

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] [off-topic] Gmail won't be 100% free

2004-11-15 Thread Micheal Espinola Jr 
Why would/should forwarding (for gmail) be free?  If you are
forwarding the mail, then Google gets no way to incorporate "Sponsored
Links".

I'd rather have the "Sponsored Links" on the page were they are right
now (at the bottom), then ads embedded into the message itself.


On Mon, 15 Nov 2004 15:30:21 +, n3td3v <[EMAIL PROTECTED]> wrote:
> Clues to Gmail's future have made an appearence since the
> implementation of the e-mail forwarding service. In the help section,
> Gmail admits forwarding will only be free during the beta testing
> period.
> 
> I feel the Gmail we have at the moment, will not be the same free
> version we get once the service goes live on a real-time launch of the
> popular e-mail service.
> 
> I think the features on Gmail, not just forwarding, will be a limited
> package for free. While paying consumers will benifit from the full
> version of Gmail we are experiencing right now.
> 
> Therefore, I see Yahoo and Hotmail amoung others, as not being as bad
> an offer as Gmail is making them out to look at the moment. We see
> Yahoo and Hotmail only at 250MB, whereas Gmail is offering 1GB. Now
> Here is me thinking the vendors have inside knowledge of what is going
> to be the free package of Gmail and what features will indeed be a
> premium service.
> 
> Thanks,
> n3td3v
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] MSIE src&name property disclosure

2004-11-16 Thread Micheal Espinola Jr 
Not to be a smart-ass, but - sales reps typically dont know techinical
details, nor should they.

Got link/more info/etc as to what you are referring to?


On Mon, 15 Nov 2004 15:37:42 -0500, Dave Aitel <[EMAIL PROTECTED]> wrote:
> 
> 
> That's a good question for your Microsoft sales rep. If you want
> technical details, Immunity has a working and reliable Wins exploit in
> the Vulnerability Sharing Club version of CANVAS. I think there's an
> interesting difference between how the Linux community handled the
> recent kernel bugs, and how Microsoft and other commercial vendors
> handle all bugs.
> 
> Dave Aitel
> Immunity, Inc.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Gmail anomaly

2004-11-18 Thread Micheal Espinola Jr 
Yep, something is awry with Firefox's cookie management.  it pisses me
off.  I disconnect from a site (close the browser), but the next time
I open FF,  all my cookies are acting as if they are still live.

The Maxthon add-on for IE does the same thing

Its annoying as hell when you are testing web apps.


On Thu, 18 Nov 2004 16:33:07 -0800, ifconfig_xl0 <[EMAIL PROTECTED]> wrote:
> This is not a security risk but a weirdness worth noting. I reported
> it as a bug to gmail but im not sure if its a bug on their part it may
> be firefox not doing something right.
> 
> If you open  two gmail accounts in two different firebird/fox browsers
> the first account logged into after a refresh becomes the second
> acccount. Or if you send an e-mail with the second account, it may
> send as the first and refresh back as account1.
> 
> So if you login with GmailAccount1 and then open another browser and
> log into GA2, go back to GA1 browser and hit refresh, GA1 will be in
> the mailbox of GA2.
> 
> This obviously is not a security risk because the mailbox was already
> logged into, but I still thought it was a weird thing to do. It doesnt
> act that way with internet exploder though so it must be something
> with Firefox ...
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Gmail anomaly

2004-11-19 Thread Micheal Espinola Jr 
Thanks, will do!


On Fri, 19 Nov 2004 10:43:06 +, GuidoZ <[EMAIL PROTECTED]> wrote:
> I agree - the default cookie manager leaves much to be desired. I've
> found a very useful extension called "CookieCuller" that handles them
> much better, allowing you to save or clear cookies with a single
> click. Plus, you can view the information contained in the cookie
> without having to do anything special. It's so simple, yet so powerful
> when used properly. I haven't had any more problems with FireFox and
> cookies after I started using it (back with FireFox 0.9.x)
> 
> Check it out here:
> - http://mozdev.sweetooth.org/cookieculler/
> 
> HTH. It certainly did the trick for me.
> 
> --
> Peace. ~G
> 
> On Fri, 19 Nov 2004 00:10:33 -0500, Micheal Espinola Jr
> 
> 
> <[EMAIL PROTECTED]> wrote:
> > Yep, something is awry with Firefox's cookie management.  it pisses me
> > off.  I disconnect from a site (close the browser), but the next time
> > I open FF,  all my cookies are acting as if they are still live.
> >
> > The Maxthon add-on for IE does the same thing
> >
> > Its annoying as hell when you are testing web apps.
> >
> > On Thu, 18 Nov 2004 16:33:07 -0800, ifconfig_xl0 <[EMAIL PROTECTED]> wrote:
> > > This is not a security risk but a weirdness worth noting. I reported
> > > it as a bug to gmail but im not sure if its a bug on their part it may
> > > be firefox not doing something right.
> > >
> > > If you open  two gmail accounts in two different firebird/fox browsers
> > > the first account logged into after a refresh becomes the second
> > > acccount. Or if you send an e-mail with the second account, it may
> > > send as the first and refresh back as account1.
> > >
> > > So if you login with GmailAccount1 and then open another browser and
> > > log into GA2, go back to GA1 browser and hit refresh, GA1 will be in
> > > the mailbox of GA2.
> > >
> > > This obviously is not a security risk because the mailbox was already
> > > logged into, but I still thought it was a weird thing to do. It doesnt
> > > act that way with internet exploder though so it must be something
> > > with Firefox ...
> > >
> > > ___
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> >
> > --
> > ME2
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 


-- 
ME2
<http://www.santeriasys.net/rss.php>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

2004-11-19 Thread Micheal Espinola Jr 
An excellent question.


On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
> 
> ...D
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

2004-11-20 Thread Micheal Espinola Jr 
Is IRC bad?  Yes.
Is SMTP bad?  Yes.

Why?  Because they are simple and basic protocol  implementations
created decades ago.  Not that they aren't efficient and easy, but
they certainly have their shortcomings in terms of security and AAA.

Yes, people can certainly switch to other mediums which will in turn
be subject to abuse and exploits - but at least a more modern medium
will likely have more controls and accountability in place.

Whether or not there is any legitimate use of the IRC, we all know
that it has been a haven for illegal activity and abuse for at least
(2) decades now.

We need to move forward with technology.  Or would you rather be like
Microsoft - and attempt to be backward compatible for all-time - and
continue to use products that have fundamental flaws in them?


On Fri, 19 Nov 2004 12:17:09 -0800, Mister Coffee
<[EMAIL PROTECTED]> wrote:
> Danny wrote:
> > Well, it sure does help the anti-virus (anti-malware) and security
> > consulting business, but besides that... is it not safe to say that:
> >
> > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> >
> And?  There are a hell of a lot of "normal" users on IRC too who don't
> wreck havoc.  A lot of spam comes in email.  Does that make email bad?
> 
> > 2) A considerable amount of "script kiddies" originate and grow through IRC?
> >
> And AIM, ICQ, Jabber, web-forums, mailing lists, etc.  IRC is one medium
> amungst many.
> 
> > 3) A wee bit of software piracy occurs?
> >
> Some, perhaps.  But unlike, say BitTorrent or Kazaa, IRC's primary role
> is communication rather than file transfer.  You could make the same
> argument for ANY of the IM clients that support file transfer.
> 
> > 4) That many organized DoS attacks through PC zombies are initiated through 
> > IRC?
> >
> Many do.  Yes.  But many also originate through other media, and, again,
>  it's not the medium's fault that people use it for nefarious purposes.
>  Hitmen get calls on their cell phones.  Should we eliminate cell
> phones to stop the hitmen?
> 
> > 5) The anonymity of the whole thing helps to foster all the illegal
> > and malicious activity that occurs?
> > The list goes on and on...
> > 
> Anonymity is not a bad thing in many, man, respects.  And the list of
> legitimate uses goes on and on as well.
> 
> > Sorry to offend those that use IRC legitimately (LOL - find something
> > else to chat with your buddies), but why the hell are we not pushing
> > to sunset IRC?
> > 
> No offense.  But the arguments aren't especially strong.  We're not
> pushing to sunset the IRC protocol because there are still thousands and
> thousands of -legitimate- users in the world.  Unlike most IM systems,
> the IRC nets are completely independant.  There are some serious
> advantages to that.
> 
> > What would IT be like today without IRC (or the like)? Am I narrow
> > minded to say that it would be a much safer place?
> > 
> Yes?
> 
> IRC is a protocol.  A tool like any other.  Last I looked there were
> still hundreds to thousands of IRC users at any given time who were
> there just to hang out and BS with their friends.   It's still a valid
> "community" if you will, in spite of the nefarious uses other people
> have put it to.
> 
> If you sunset something like IRC, the 3v1L [EMAIL PROTECTED] will just move 
> their
> bots and trojans somewhere else.
> 
> > ...D
> 
> Cheers,
> L4J
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: joe the "expert" (was Re: [Full-Disclosure] IE is just as safe as FireFox )

2004-11-20 Thread Micheal Espinola Jr 
Neither viewpoint is 100%.  But, over-all I would have to agree with
joe.  MCSE's (in my experience) are typically not worth the credit
[automatically] applied to them - not unless they have the experience
to back it.

That is of course true for any certification in any industry.  MCSE's
are easy to pick on, because the industry (employers) see it fit to
give them preferential treatment equal to System Engineer
qualifications of other products/OSs/etc - yet many MCSE's do not hold
the underlying understanding necessary for that title - and have
simply remembered and regurgitated a series of questions and answers
within an allotted time period.

I would think that members of this particular list would agree that
the larger percentile of computer users/administrators/developers that
know the least about the hardware and software they are using - are
Microsoft/Windows/PC users.

Don't take personal offense to generalizations and stereotypes that
may sound like they apply to you.  They exist only because there is
some truth to them, but they are not considered absolute.  Next time
you wish to express your viewpoint, why don't you try it with a little
more professionalism and decorum suitable for a public forum.

Your accusations again joe's expertise and knowledge in this area are
completely unsubstantiated.


On Sat, 20 Nov 2004 12:16:52 -0800 (PST), Maurizio Trinco
<[EMAIL PROTECTED]> wrote:
> "joe" <[EMAIL PROTECTED]> wrote:
> 
> > [1] Don't get me started on MCSEs. As a whole I
> think they hurt Windows far
> > more than any other thing. A bunch of people who
> feel they are experts in
> > Windows because they took a couple of tests that 10
> year olds could memorize
> > and pass and yet still not be able to run anything.
> The best I can say about
> > MCSEs is that I will *try* not to look down upon
> them for being MCSEs and
> > let them prove themselves to be worthless before I
> assume it in person.
> 
> Now from joe's own site, comes this fully untrue
> statement:
> 
> 'So what is a Microsoft MVP? The flip response is a
> Microsoft MVP is a person who answers the questions
> the MCSE/MCD/MCT folks ask.'
> 
> My dear Joe,
> 
> Let's see what Microsoft has to say about MVPs:
> http://mvp.support.microsoft.com/default.aspx?scid=fh;EN-US;mvpfaqs&style=flat
> 
> Are Microsoft MVPs experts in all Microsoft
> technologies and products?
> No. Although many MVPs have in-depth knowledge of more
> than one product or technology, none of them are
> experts in all Microsoft technologies or products.
> 
> So, my dear joe, you are nothing but an ego-inflated
> bullshitter. Your verbal diarrhea is only matched by
> your unbelievably low level of competence when it
> comes to Microsoft products. Being an MCSE is much
> more than answering some "how do I send a message with
> Outlook" in one or two newsgroups. I worked really
> hard for my MCSE titles and honestly, the idea that I
> (or any of my colleagues) could seek enlightenment
> from you is simply ridiculous. If you think that
> passing exams like 216, 296 or the design exams is
> something an... er, MVP could do... then you'd better
> think again.
> While I'm an MCSE, I'm by no means an ass-kisser for
> Microsoft, as your MVPiness seems to be. Their
> products, contrary to popular belief, could be
> extremely complex (try real life business environment,
> compared to that unlicensed version of Windows 2003
> server you're running at home) and many times
> extremely badly written and vulnerable -- but very
> complex nevertheless. Saying otherwise, only proves
> your lack of specialization (hint: familiarity is NOT
> specialization; you may be 'familiar' with your
> colorful XP, but that makes you by no means a
> 'specialist').
> Oh, and something else: for some 10 years before I
> became an MCSE, I was the typical Unix admin. I used
> to laugh at Windows NT, I stopped laughing at 2000.
> I'm by no means friends with hip-kiddies who think
> Linux is cooler than Window$$$, I really dislike
> Microsoft-moronized Windows ass-kissers like you, who
> only know buzzwords, but have no real knowledge of the
> system. You should go together and exchange some
> fanatic e-mails; you belong in a place where
> 'my-OS-is-longer-yours' fights
> 'windows-2003-is-secure-by-default-'cause-Billy-told-us-so'.
> Anything else... is just proving yourself how MVP and
> not MCSE you are. Or whatever Unix/IT certification
> you may choose, other than the ridiculous MVP thingie.
> 
> Take care and don't let the bedbugs bite.
> 
> __
> Do you Yahoo!?
> The all-new My Yahoo! - Get yours free!
> http://my.yahoo.com
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Lavasoft Ad-Watch SE fails to detect registry deletion

2004-12-22 Thread Micheal Espinola Jr 
Lavasoft Ad-Watch SE 1.05 fails to detect registry key deletions when
the value is null.

Not the end of the world, but not a thorough manner of detecting
registry changes either.
-- 
ME2

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] I thought Microsoft were releasing new security patches today (11 Jan 2005)?

2005-01-11 Thread Micheal Espinola Jr 
Nope, its the typically the 2nd Tuesday of the month. Also, they are
PST.  Myself being EST, I dont expect to see anything until
mid-afternoon.

MS did pre-announce that there would be a release today.  You can
verify this on the web site.


On Tue, 11 Jan 2005 17:11:17 +0100, Vincent Archer <[EMAIL PROTECTED]> wrote:
> On Tue, Jan 11, 2005 at 03:13:45PM -, Mike Diack wrote:
> > Where are they?
> > Mike
> 
> Thursday usually, not tuesday?
> 
> --
> Vincent ARCHER
> [EMAIL PROTECTED]
> 
> Tel : +33 (0)1 40 07 47 14
> Fax : +33 (0)1 40 07 47 27
> Deny All - 5, rue Scribe - 75009 Paris - France
> www.denyall.com
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

rss: 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER

2005-01-12 Thread Micheal Espinola Jr 
He's referring to Windows Explorer (the Windows GUI interface,
C:\WINDOWS\explorer.exe).

It is a joke.


On Wed, 12 Jan 2005 01:48:29 -0500, Kevin Reiter <[EMAIL PROTECTED]> wrote:
> 
> 
> : Windows Explorer is an advanced browsing tool made by Microsoft. It is used
> : in daily tasks to open folders, copy files, delete files, rename files and
> : view files on a system. It is the foundation of the World Wide Web and used
> 
> OK, we need to figure out which "Explorer" this guy is talkin' about - 
> Internet
> Explorer or Windows Explorer.
> 
> : Shogun Suzuki discovered that a remote user can connect to any machine via
> : numerous exploits and use Windows Explorer to view files, rename files,
> : delete files, change permissions on files stored on a remote machine that
> : has been pwned.
> 
> ..such as ...  (HINT:  What 'sploits?)
> 
> : On a command prompt: del C:\WINDOWS\explorer.exe
> 
> Erm...sure...OK.   But what happens when the poor sucker reboots the box and
> discovers the O/S is inop (provided the O/S even lets you delete the file in 
> the
> first place, since explorer.exe is the shell ...)?
> 
> Sorry, but this was the very first post I saw after I joined this list a 
> little
> bit ago, and I couldn't resist a few comments.  Is this guy for real, or is 
> this a
> joke?
> 
> -K
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

rss: 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Steam looses its power

2005-01-17 Thread Micheal Espinola Jr 
At approx. 7PM EST, Steam - the network that powers Valve gaming
applications (such as Half-Life 2 and Counter-Strike:Source) -
officially lost power.

All users/servers simulatenously lost connectivity, and none were
available for re-entry - save (1) Half-Life 2 server,
WHITE_WIDOW_[S2].

Anyone know what happened?  Exploit, Attack, BOFH?

-- 
ME2

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] OT: Tool for sanitizing MS office documents?

2005-01-31 Thread Micheal Espinola Jr 
Remove Hidden Data Tool 1.1.  It's is a free tool from MS, and works
on on Office XP and 2003




On Mon, 31 Jan 2005 09:32:13 -0500, David Gianndrea
<[EMAIL PROTECTED]> wrote:
> I thought I saw something about a tool on this list that
> would clean out the revisions and personal info from MS
> office docs.
> 
> Could some point me to this tool, or correct me if
> im just making this up in my mind!
> 
> --
> David Gianndrea
> Senior Network Engineer
> Comsquared Systems, Inc.
> 
> Email:   [EMAIL PROTECTED]
> Web: www.comsquared.com
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] A parent's primer to computer slang

2005-02-17 Thread Micheal Espinola Jr 
Who cares.  Its high-level for parents.  Why would you expect any of
this to be absolutely current or accurate?  I would compare talking to
most parents similar to talking to PHB's.

Is there something here to be disclosed about MS trying to provide
information to parents so they at least have some sort of clue as to
what their children might be doing?

I would think its good that they even trying to broach the subject.


On Thu, 17 Feb 2005 15:17:27 -0500, Paul Kurczaba
<[EMAIL PROTECTED]> wrote:
> Seriously, doesn't Microsoft has anything better to do...
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Berend-Jan
> Wever
> Sent: Thursday, February 17, 2005 10:14 AM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] A parent's primer to computer slang
> 
> M$ is informing the public about scriptkiddies:
> http://www.microsoft.com/athome/security/children/kidtalk.mspx but
> unfortunately, their information is incorrect:
> "Characters of similar appearance can be used to replace the letters they
> resemble." --> The only two words in 311715h written with a $ are M$ and
> Micro$oft.
> "sploitz" (short for exploits): Vulnerabilities in computer software used by
> hackers. --> A vulnerability is called a "vuln" and a tool (mostly a program
> or script) exploiting the vuln is called an exploit or "sploit".
> 
> Cheers,
> SkyL1n3d.
> 
>.---,
>   / Berend-Jan Wever aka SkyLined   )
>  / [EMAIL PROTECTED]/ \
> / http://www.edup.tudelft.nl/~bjwever /  /
>/ PGP key ID 0x48479882   /  /
>   / .., /  /
>  / (  '  /   /  . __   __/ /  /
> /   `'-._   /.' | / /  / ( / /_.'.' / /  /
>( ) / )  |/ /  / / ) (__ (__/ /  /
> \---' --` '-<  /
>  \__.`\__\/\_\/
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

my home: 
my photos: 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] IDS Signatures

2005-02-22 Thread Micheal Espinola Jr 



Thanks for the attachment spam.
 
--
ME2
 
my home: my photos: 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of preeth 
kSent: Tuesday, February 22, 2005 4:36 AMTo: 
full-disclosure@lists.netsys.comSubject: [Full-Disclosure] IDS 
Signatures

Hi,I am designing a Network Intrusion Detection System in Linux. I want 
to  create a database of intrusion signatures using MySQL database. Can 
anyone please give an idea about what all fields I have to include, how to store 
packet payload, which pattern matching algorithm to use, etc. (Will Boyer-Moore 
algorithm be appropriate for pattern matching in 
IDS?)Regards,Preeth. 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Please help me update my address book on Ringo

2005-02-24 Thread Micheal Espinola Jr 
This is most likely an address retreiving spam.


On Thu, 24 Feb 2005 00:51:00 -0600 (CST), J.A. Terranson <[EMAIL PROTECTED]> 
wrote:
> 
> On Thu, 23 Feb 2005, Ahmad Naazir wrote:
> 
> > Hi
> >
> > I'm updating my address book.  Please click on the link below and enter
> > your contact info for me:
> >
> > http://ringo.com/i?uid=Jg8rPqPWwgOT2n9Y&;
> >
> > I'm using a new, free service where I put in my contact info for you,
> > you put in your contact info for me, and everyone stays up to date
> > automatically.  It's surprisingly easy and useful.
> >
> > Thanks for your help.
> >
> > Rana Ahmad
> 
> First person to hack into Ahmad's shiny new Ringo account gets a prize: a
> genuine Paris Hilton Address Book.
> 
> Ahmad: Nobody gives a shit.  Fully Disclosing that you are dumb enough
> to let an untrusted third party have full control over private and
> personal information serves only to disclose that you shouldn't be
> hanging around lists where concepts like privacy are given serious
> discussion.
> 
> --
> Yours,
> 
> J.A. Terranson
> [EMAIL PROTECTED]
> 0xBD4A95BF
> 
> "Quadriplegics think before they write stupid pointless
> shit...because they have to type everything with their noses."
> 
>http://www.tshirthell.com/
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

my home: 
my photos: 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] client - server

2005-02-28 Thread Micheal Espinola Jr 
A MAC address can be queried on a windows box via the registry - if
you have access.  This can be done with [null] sessions and netbios.

So, depending on security, connectivity, access permissions, etc - it
may be possible to obtain this information.


On Mon, 28 Feb 2005 11:18:49 -0500, Michael Holstein
<[EMAIL PROTECTED]> wrote:
> 
> > which informations can a server get about a client running M$ windows XP ?
> > I cannot access a website because i have been "banned" and I'd like to
> > understand how they recognize me for sure.
> 
> All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a
> bunch of tests. Java is one excellent way to steal the goods (and many
> browserspy tests use that).
> 
> The 'short' answer is, however, probably a simple IP check.
> >
> > I mean:
> > - a simple ip check doesn't work with dynamic addresses...
> > - cookies can be deleted
> > - computer name can be changed
> > - mac address can be changed (even I wasn't able to, because I have a usb 
> > dsl
> > modem and I cannot change its MAC working with regedit or using tools like 
> > smac )
> 
> MAC address? That's not visible past the DSLAM. As for dynamic
> addresses, have you kept track? I have (supposed) dynamic addresses at
> home and it's not changed in over a year.
> 
> You should dump the DSL modem and get a conventional ethernet one. Then
> change the MAC on your ethernet card at will (this will get you new
> addresses). There probably is a way to access the innerds of the USB one
> but you'd probably have to take it apart and locate the serial port.
> 
> ~Mike.
> >
> > Anything else ?
> > How the hell do they recognize me ?
> >
> > Matteo Giannone
> >
> >
> >
> >
> > 
> > 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero!
> > Scaricalo su INTERNET GRATIS 6X http://www.libero.it
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

my home: 
my photos: 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] client - server

2005-02-28 Thread Micheal Espinola Jr 
What is the game?  Perhaps they are blocking you by an internal
User/Player ID number.

I know that's how "effective" blocking is done in CounterStrike:Source.


On Mon, 28 Feb 2005 17:49:01 +0100, Matteo Giannone <[EMAIL PROTECTED]> wrote:
> It is impossible that they banned a block of addresses of my ISP, because that
> is a webserver where you "play games": most of the people playing games there
> use my same ISP and also live near me.
> 
> I am sure that my IP address changes in couple of hours after disconnections.
> 
> I deleted cookies, changed computer name, used different browsers
> ActiveX controls are disabled by default on Internet explorer.
> 
> I really don't understand how they can ban me.
> 
> Are you all sure they cannot know my MAC address? I think they know it when I
> connect to the server (i remember something of TCP/IP stack and
> encapsulation/decapsulation)
> 
> 
> >Most likely they might have blocked the entire pool of IP belonging to
> >your ISP try to visit the website with a proxy server
> >
> >
> >On Sun, 27 Feb 2005 21:29:18 -0500, Eric Windisch <[EMAIL PROTECTED]> wrote:
> >> On Mon, 2005-02-28 at 02:43 +0100, Matteo Giannone wrote:
> >> > - a simple ip check doesn't work with dynamic addresses...
> >>
> >> It will work for as long as your IP is valid.  They can also ban the
> >> entire IP block (aka, your ISP)
> >>
> >> > - computer name can be changed
> >> > - mac address can be changed (even I wasn't able to, because I have a usb
> >> dsl
> >> > modem and I cannot change its MAC working with regedit or using tools 
> >> > like
> >> smac )
> >>
> >> Your browser will not (or should not, anyway) reveal your "computer
> >> name" or mac address.
> >>
> >> > Anything else ?
> >>
> >> User-agents and referers.  Some browsers can send quite a bit of
> >> information in the user-agent string.
> >>
> >> It could also be a content filter between you and the web site in
> >> question.  Schools and parents setup these to censor the surfing of
> >> children.  Many companies filter their content too, due to the
> >> distraction (and legal ramifications) brought about by warez and
> >> pornography.
> >>
> >> > How the hell do they recognize me ?
> >>
> >> By the tin-foil hat ;)
> >>
> >> --
> >> Eric Windisch <[EMAIL PROTECTED]>
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.netsys.com/full-disclosure-charter.html
> >>
> >
> >--
> >Gautam R. Singh
> >http://www.google.com/search?q=gautam.singh%40gmail.com
> >[mcp,ccna,cspfa,] t: +91 9885576081 | pgp:
> >http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: [EMAIL PROTECTED]
> >
> 
> 
> Navighi a 2 MEGA e i primi 3 mesi sono GRATIS.
> Scegli Libero Adsl Flat senza limiti su http://www.libero.it
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2

my home: 
my photos: 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html