RE: [Full-Disclosure] Re: Why is IRC still around?
Now... Here is the question... Which is worse... Sitting on IRC and making those comments... Or browsing bash.org to view them. *sigh* ~ IRC is still around because it does one thing. It proves that Einstein was right about stupidity: it is infinite. [frank] can you help me install GTA3? [knightmare] first, shut down all programs you aren't using frank has quit IRC. (Quit) [knightmare] ... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Why is IRC still around?
Wow, NICE analogy Jeff! While IRC is here to stay... The future seems more like servers that're only hosted through big companies/etc as most datacenters are 'forbidding' use of IRC(Ports 6660-6669, 7000) on their network. Just a thought. ~ That's because the Internet is free and no one can control what survives on it. What survives isn't what is *ethical* but what is *useful*. And IRC is very useful for some people, so it's here to stay. The problem is not IRC; the problem is the misuse some people make of it. We cannot make knives dissapear, because they are useful; instead, we must get rid of people that uses knives to kill. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] IE is just as safe as FireFox
Well, question here... Why is it that Microsoft's code has less quality even though all code that's written is instantly audited? (Each line of code is checked before it's 'passed' in to the code tree.) I just don't understand... Why is it that a software product that a company has been working on. And has so many precautions when writing... End up sub-quality? While the 'flame of the month' browser is the most secure thing since Swiss cheese? I guess I'll just never understand. ~ ... because as soon as you hit 50% marketshare, the quality of the code which has been written and distributed instantaneously and magically drops and order of magnitude ... /sarcasm ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows Time Synchronization - Best Practices
Well, while this is a reaching link Server 1 and Server 2 have different times and some vital program becomes open to tampering when not synced. (Computer that controls clock-ins says that Person A clocked in an hour before they did. Clocks get corrected and the user gets an extra hour of work they didn't do on their paychecks... A DoS if Person A times this correctly.) Sorry, I suck at examples. *gets ready to delete his own email when(if) it arrives* ~ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Stevens Sent: Tuesday, October 19, 2004 10:22 AM To: Bernardo Santos Wernesback; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Windows Time Synchronization - Best Practices Why FD? What is the direct security implications of this? I'm sure someone can construct a rather tenuous link, but really ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] symantec inconsistency
Because you have to go to their Virus def download page on their website. That one is daily. While the liveupdate one is only updated once every few days. Or unless if there is a severe virus. ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Jamie Schmidt Sent: Friday, July 09, 2004 4:53 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] symantec inconsistency Can anyone tell me what Symantec means on their website under 'latest threats' where it says 'Protection' and it shows July 9, 2004? ex. W32.KorgoX discovered - July 9, 2004 protection - July 9, 2004. If I run a live update, I get latest defs labeled 07/07/2004. According to their latest virus threats list I am vulnerable to 4 viruses since then, why the discrepancy? I am dealing with a virus right now that is not caught by symantec latest defs. -jamie- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html smime.p7s Description: S/MIME cryptographic signature
Re: [Full-Disclosure] Beta Advisories
Well, I'm personally all for announcing a beta advisory. However, when I'm all for it is as follows: Example. Eudora posts a PUBLIC beta on their website. Then fine, announce the bug anywhere. However, when it's private. It should go the normal bug ways. To the devs so they can fix it. Fine, it may take a build or two. But it'll be fixed. Also, I do consider gmail slightly private as it IS 'invite only'. So yes, you should wait before reporting this. On betas the devs are usually extra busy as they're currently having to write code everywhere. They're not just lounging around waiting for bug reports. ~ Yes, I know this isn't written very well... However... Yes, and the OIS guidelines are thinly veiled Oh please don't tell the world that we have had this bug for 6 months...we'll look bad methods for being able to quash the full disclosure model and take the pressure of respond to me, get it fixed, or thr world is going to know about it off the vendors. Do you really think that the vendors will expend resources to fix things just because it is the right thing to do? Please tell me you're not that naive...please. I'm not advocating playing bombs away, sneak attacking a vendor by issuing a 0-day disclosure publicly. I sure as hell am saying that a vendor knowing the vuln will in fact be disclosed after a reasonable period of time, fixed or not, has certainly motivated more than a few to get the fix done prior to taking a public black eye. Bart Lansing Manager, Desktop Services Kohl's IT smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] MS Anti Virus?
Gregory: According to Microsoft they are making their A/V a separate product. So it'll be sold much like Microsoft Money is. ~ So if M$ enters the A/V market and bundles their solution with Windows whatever, they likely will drive Symantec and McAfee out of the market over time by co-opting the A/V subscription market. smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code)
While the new security center complains about how I don't have a firewall or antivirus installed (it doesn't detect either), the better security more than makes up for this minor annoyance - I no longer need to worry about where I go because the simple yet absolute 'no popups' and 'no software installations' security settings lock IE down so well. Well, the Security Center will only detect your firewall/antivirus if the program tells Windows that it's protecting your computer. (New API Microsoft did... Many companies are using it now.) A note about the security center- I *think* it can be disabled by editing the %systemroot%\inf\sysoc.inf file to show the entry for it in add/remove windows components. I've tried to do this, but it either does not have immediate results, or does not work. I havn't done any real research on it because of a lack of time (or perhaps patience), but would like to know how to get rid of this if anyone knows. Well, all you have to do to disable it... Is disable the Security Center service in the services.msc! Gasp! Easy. =) BTW. Uninstalling a service pack isn't 100% supported. It's recommended to wipe and reinstall. ~ smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] Support the Sasser-author fund started
Well actually... By not patching your system you're leaving yourself open to exploit and the danger of having your machine attacking another machine. Now- If a person doesn't get something fixed that they know exists and can avoid an 'accident' then they are indirectly responsible. (EG. You know the safety seat you're sticking your baby in has a recall because it can strangle your child. Yet you never trade it in. You're still indirectly responsible for your babies death.) Then again... You'd have to prove that... . ~ (Yes, I know it's a stupid example.) -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 13, 2004 12:11 PM To: Duquette, John Cc: Full Disclosure List Subject: Re: [Full-Disclosure] Support the Sasser-author fund started On Thu, 13 May 2004 10:16:50 EDT, Duquette, John [EMAIL PROTECTED] said: Why not punish all the admins/users who failed to patch their systems in time as well. You *WILL* install this patch within 24 hours, or go to jail. The fact that it might crash your payroll system is no excuse. What's wrong with this picture? smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] Victory day - Sasser surrenders
You're kidding there, right? . ~ And a few months ago, a large amount of money was transfered to his account from a couple of popular antivirus vendors :) smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] Victory day - Sasser surrenders
I was more sarcasm than anything... Meh. It's the computer techs that're paying off the virus writers! They want more money! *sighs* You're kidding there, right? no the person who made the statement below actually oversaw all the details of the transfer! smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] Agobot/Gaobot/Phatbot
LOL. Kinda funny... I was thinking about Phatbot about uhm... 3 minutes before reading this thread. *sigh* ~ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Jacobsen Sent: Monday, May 03, 2004 5:30 PM To: Exibar; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Agobot/Gaobot/Phatbot uh, doubt it - inspect the url :) -Original Message- From: Exibar Sent: Mon 5/3/2004 10:54 AM To: [EMAIL PROTECTED] Cc: Subject: Re: [Full-Disclosure] Agobot/Gaobot/Phatbot oh joy, here comes another 900 versions of the darned thing :-( - Original Message - From: thE_iNviNciblE [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 03, 2004 12:23 PM Subject: Re: [Full-Disclosure] Agobot/Gaobot/Phatbot hello, one source code can you find here http://127.0.0.1:5554/phatbot_source.zip (plz, only people who relly wants to study this source) Best Regard thE_iNviNciblE -- Wissen ist Macht - Knowledge is Power Freie Meinung: http://www.your-mind-is-free.de.vu IT-Security : http://www.kid2elite.de.vu IT-Forum : http://www.security-focus.de.vu Nick FitzGerald wrote: [EMAIL PROTECTED] wrote: Does anybody know where to get the source of Agobot/Gaobot/Phatbot for study and analysis? There are more than 900 varaints to date. You going to study them all? Yeah right... If you really have legitimate research purposes that require you have such material, this would be the absolute last place you would never have to ask because you would have many other faster, more reliable and less unethical methods of getting the information you need. [Roll on the This is full-disclosure and we're a bunch of red-necks who don't give a sh*t about ethics... mantra...] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] no more public exploits and general PoC gui de lines
Stupid question here... So the entire point about the not releasing PoC code is so that admins don't have to worry about patching? Isn't this anti-security? I would personally prefer my computer in the middle minefield knowing where the mines are rather than being in a minefield with only half the mines active and my not knowing where they are. I personally think that companies need to look at changing their outlook on patching their boxes. Yes- I know that a 3 second downtime will kill productivity, however I also know that when the kiddy(or otherwise) that breaks in to that box and rm -f /'s everything there will be more downtime. It's just security through obscurity. It's not going to help anything. Just give people/businesses a false sense of security. Do you think that DCOM(Yes, I know it was a disaster) would have been patched half as 'fast' if it didn't have the POCC? I don't. ~ On Tue, Apr 27, 2004 at 04:05:13PM -0400, [EMAIL PROTECTED] wrote: Are you saying that unless there's an exploit that gives you access to the target machine your company wouldn't patch It's a matter of priority. For most PHBs, proactive security must be very low priority because keeping systems up to date doesn't bring any money to the company. (even if there's an exploit that crashes the target)? A DoS will usually not be enough to get some press. Unless most PHBs have read on ZDNet and Yahoo that a critical flaw has been found in xxx and is actively being exploited by black hats, they will consider patching as a waste of time. They may even yell at you if patching systems implies a small downtime, even if it'ss a critical patch, as long as it has not been covered by for-PHBs press. Best regards, -- __ /*-Frank DENIS (Jedi/Sector One) j at 42-Networks.Com-*\ __ \ '/a href=http://www.PureFTPd.Org/; Secure FTP Server /a\' / \/ a href=http://www.Jedi.Claranet.Fr/; Misc. free software /a \/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html smime.p7s Description: S/MIME cryptographic signature
RE: [Full-Disclosure] FD should block attachments
Yeah... I've got Dialup and don't see a problem with the attachments. Heck. Emailing it to everybody rather than hosting the file(s) is better for me as I dislike hosting files on my own webspace. ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Zach Forsyth Sent: Friday, April 02, 2004 12:33 AM To: Michael Gale; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] FD should block attachments How much precious bandwidth is wasted by FD attachements exactly? Per month? Per year? I am sure it is a staggering amount of data wasted :) Who cares about the attachements even if they are a virus. Surely 99.9% of all FD readers are secured adequately and are smart enough not to open things they shouldn't. z -Original Message- From: Michael Gale [mailto:[EMAIL PROTECTED] Sent: Friday, 2 April 2004 7:23 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] FD should block attachments Hello, Being a member of this I do not mind the carrying on of list members. I usually enjoy reading the banter and I do not care about the noise ratio. What is annoying is the amount of viruses or waste of my bandwidth attachments that come from this list. I think FD should change their policy and block all attachments, except maybe plain text file's. Most people on this list are smart enough that exe's, zip and pif attachments do not need to be send, I am tired of the excuses: I had a virus I did not know what the file was ... ... FD should block attachments except for plain text. People can post links to web pages or what ever that way only people who want to see the attachment would get it, plus it would save on your bandwidth. Michael. -- Hand over the Slackware CD's and back AWAY from the computer, your geek rights have been revoked !!! Michael Gale Slackware user :) Bluesuperman.com -- Hand over the Slackware CD's and back AWAY from the computer, your geek rights have been revoked !!! Michael Gale Slackware user :) Bluesuperman.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: Re[2]: [Full-Disclosure] Windows 2000 Source Code
Well- first- I wouldn't ask for it on a security list that I know that Microsoft is on. It's like walking in to the MPAA's offices and asking where the closest bootlegger is. (It's not going to get you far.) Anyhow- I'm personally amazed that Microsoft hasn't contacted any of these Warez channels that have the source at least advertised in their topic(s). Stupid IRC warez groups- I'd swear they were dropped on their head. Anyhow- I'm going to shut up now that I'm -REALLY- off topic. ~ Didn't even notice that, the image was considered an Ad and blocked in my case. Still, where can an interested party find the source code? P Yeah- and makes users 'vote' for his ranking at I think his classes website. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Infections
Yeah- I've already received OVER 200 copies of this darn virus. =/ . Both in Mailer Daemon and direct to me emails . ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Jos Osborne Sent: Tuesday, January 27, 2004 9:32 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Infections Okay - I think someone on here's infected. Within a couple of hours of my address first appearing on this list, I got the following: -- Undeliverable: Delivery Status Notification (Failure) Your message did not reach some or all of the intended recipients. Subject:Delivery Status Notification (Failure) Sent: 27/01/04 14:17 The following recipient(s) could not be reached: [EMAIL PROTECTED] on 27/01/04 14:30 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. kempton.twkempton.co.uk #5.1.1 [EMAIL PROTECTED] on 27/01/04 14:30 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. kempton.twkempton.co.uk #5.1.1 -- My system clock was reading 14:27 at the time I recieved this - an ever so slight discrepancy... From the reports I've been getting from users it looks like the virus is spoofing the sent address with a randomly chosen address from the host's address list. Jos ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Is the FBI using email Web bugs?
No- because the cache server on its first request will usually give it an X-REQUESTER-IP (Something like that- I don't remember the exact name though.) ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Paulo Pereira Sent: Sunday, January 11, 2004 9:45 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs? Isn't it true that transparent caching systems defeat the purpose of web bugs? Sure that whoever is running the bug still knows that his email is being read but he loses the ability to get the specific addresses and only gets the address of the cache. Paulo Pereira ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Is the FBI using email Web bugs?
Actually- the problem with that is that fine... it won't allow any ports except for the needed 25/110/143... Then what's to stop an image from using http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever) ... Nothing! Nice try though... Best protection is through your email client. O2K3 does it native ^^ ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Ben Nelson Sent: Wednesday, January 07, 2004 7:34 PM To: Gregh Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs? Gregh wrote: wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express (or whatever you like) access to different ports. So, I tell it to disallow access to or from port 80 by OE. Thus, a received HTML email with pics and such in it just shows blanks, x or placeholders, really. Now, while saying this, if you decided to use some other port to report back on, sure, you would get around this but the majority of spam operators who spam you don't require JUST the click to remove to be clicked to verify you DO exist thus send more spam and sell the address to another spammer. They also have port 80 and if the email is clicked on by a typical OE setup, just to delete, it phones home. For those described earlier in this paragraph, ZA blocking OE in/out on port 80 stops most of the phone home stuff. Couldn't you just block all port access from OE *EXCEPT* those that are needed? (probably 25, 110, 143) --Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Microsoft's plans for making XP more secure
Actually, it wasn't 'just' released. It was released on the date on the top of the article. I think the 13th. (I know because I read it then.) So there! ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Richard M. Smith Sent: Tuesday, December 16, 2003 11:26 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Microsoft's plans for making XP more secure Microsoft has just released a document describing the changes they will be making in service pack 2 to make Windows XP more secure. Many of the interesting changes are in Internet Explorer. The attached links provide the details. Richard M. Smith http://www.ComputerBytesMan.com Changes to Functionality in Microsoft Windows XP Service Pack 2 http://tinyurl.com/z0rv In Microsoft Windows XP Service Pack 2, Microsoft is introducing a set of security technologies that will help to improve the ability of Windows XP-based computers to withstand malicious attacks from viruses and worms. The technologies include network protection, memory protection, safer e- mail handling, more secure browsing, and improved computer maintenance. Together, these security technologies will help to make it more difficult to attack Windows XP, even if the latest updates are not applied. These security technologies together are particularly useful in mitigation against worms and viruses. This document specifically focuses on the changes between earlier versions of Windows XP and Windows XP Service Pack 2 and reflects Microsoft's early thinking about Service Pack 2 and its implications for developers. Examples and details are provided for several of the technologies that are experiencing the biggest changes. Future versions of this document will cover all new and changed technologies. http://tinyurl.com/z2zv . Safer e-mail handling. Security technologies help to stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that are more secure, improved attachment control for Outlook Express and Windows Messenger, and increased Outlook Express security and reliability. As a result, potentially unsafe attachments that are sent through e-mail and instant messages are isolated so that they cannot affect other parts of the system. . More secure browsing. Security technologies that are delivered in Microsoft Internet Explorer provide improved protection against malicious content on the Web. One enhancement includes locking down the Local Machine zone to prevent against the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveXR controls and spyware from running on customers' systems without their knowledge and consent. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: Several Things about IE bugs
*starts to remember why he doesn't have windows installed on a 'normal' path. Meh. -_- What happens with these exploits if you use %SystemRoot% instead? Will that work within IE? ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, December 15, 2003 10:13 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] Re: Several Things about IE bugs Unbelievable. Yet another 'silent delivery and installation of an executable on a target computer. No client input other than viewing a web page ' fully patched XP and Internet Explorer 6 series of browsers: http://www.safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc- Xp/index.html All one needs to do is point a spoofed link to something like this. Can the so-called PCHealth gimmick be uninstalled? -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Saddam Hussein Captured
Thanks, I read that when I woke up. Anyhow, please don't send HTML email to the list- Many people don't have outlook* to read the blob that results. Also, what does this have to do with this list? ^^ (Sorry. Heh) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA Sent: Sunday, December 14, 2003 10:59 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Saddam Hussein Captured http://www.cnn.com/2003/WORLD/meast/12/14/sprj.irq.main/index.html U.S.: 'We got him' Coalition captures Saddam, 'talkative,' in raid near Tikrit Sunday, December 14, 2003 Posted: 10:10 AM EST (1510 GMT) TIKRIT, Iraq (CNN) -- After nine months of scurrying from house to house, Saddam Hussein appeared to be a tired, resigned man who offered no resistance when U.S. troops extracted him from a hole in a rural farmhouse Saturday night. L. Paul Bremer, head of the Coalition Provisional Authority, announced Sunday morning, Ladies and gentlemen, we got him. The audience responded with cheers, and Iraqis took to Baghdad streets dancing, doling out candy and firing rifles into the air. But in Tikrit -- Saddam's ancestral hometown and a base of loyalty to him -- the streets were quiet. President Bush will address the nation at noon Sunday about the capture of Saddam. Coalition video showed the ventilated spider hole six to eight feet underground where Saddam was hiding with two other men, who have not yet been identified. The video showed Saddam with graying hair and a long beard, undergoing a medical examination after his capture. Several Iraqi journalists stood up and shouted Death to Saddam after the video was shown. I'm very happy for the Iraqi people. Life is going to be safer now, 35-year-old Yehya Hassan, a resident of Baghdad, told The Associated Press. Now we can start a new beginning. And in Kirkuk, Mustapha Sheriff told the Associated Press, We are celebrating like it's a wedding. We are finally rid of that criminal. (Full story) The 66-year-old longtime Iraqi leader was number one on the coalition's 55 most wanted list, and his evasion has been a political sore spot for the U.S. administration. (Saddam profile) Raid in rural town Lt. Gen. Ricardo Sanchez, who leads coalition troops in Iraq, said the former leader was uninjured, talkative and cooperative, after 4th Infantry Division and Special Operations forces nabbed him in Operation Red Dawn. Today is a great day for the Iraqi people and the coalition, Sanchez said. About 600 4th Infantry Division soldiers and Special Operations forces conducted the raid in Adwar, near a compound of ramshackle buildings about 9 miles outside Saddam's hometown of Tikrit, Saturday night. The raid was based on intelligence that Saddam was at a particular location in the area, the officials said. Forces arrived at the location within three hours of receiving a tip from an Iraqi, and Saddam had no time to move to another location. The U.S. forces moved easily into the area where there were no security forces to protect the ousted leader. Saddam, thin, dirty and hiding in the cellar of mud hut, willingly identified himself to interpreters. He was wearing a white T-shirt, dark trousers and a long-sleeved dark shirt. Video following that raid -- exclusively shot by CNN's Alphonso Van Marsh -- showed a group of U.S.-led coalition soldiers patting each other on the back -- apparently in celebration -- and taking group photos in front of a military vehicle. Sanchez said Operation Red Dawn targeted two locations and troops began a cordon and search operation when they failed to find Saddam initially. The ventilated spider hole, its entrance camouflaged with bricks and dirt was near one of the locations. He was a tired man, the general said. Also, I think, a man resigned to his fate. Sanchez said the hole where forces found Saddam was wide enough for a man to lie down in, with a fan and a air hole. Preparing for retaliation Adnan Pachaci, a member of the Iraqi Governing Council, said Saddam would be tried for his crimes against Iraqis, and would be tried by Iraqis. Lt. Gen. Ricardo Sanchez says Saddam was uninjured, talkative and cooperative, after 4th Infantry Division and Special Operations forces nabbed him. The terrorist, Saddam Hussein, the biggest terrorist on earth, has been arrested, said Hamid Ali al-Kifaey. He will be tried before a special court in Iraq soon. With his arrest the Iraqi people will begin a new life, and hopefully they will have a democratic and pluralistic system and no more mass graves, and no more Saddam Hussein and no more terrorism. A senior U.S. official told CNN's Dana Bash in Washington that Defense Secretary Donald Rumsfeld told President Bush on Saturday afternoon (EST) of the capture. The Iraq war began on March 19 when U.S. forces launched a decapitation attack aimed at the Iraqi president and other top members of the
RE: [Full-Disclosure] Saddam Hussein Captured
Actually, what I asked is what it had to do with the list. The point I was trying to make is why is he sending HTML email. Anyhow, yes, I'm sure it'll affect the computers/security in some way- However currently that way isn't evident. When it is... Sure post away. Otherwise... You could post anything in the 'hopes' that it'll affect the security industry. Meh, I'm not making ANY sense even to myself right now- I'll blame it on the movie. I know... I should erase this email rather than sending it... But I'm too lazy to erase it ^^ -Original Message- From: dave kleiman [mailto:[EMAIL PROTECTED] Sent: Sunday, December 14, 2003 10:57 PM To: 'Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA'; 'Henrik Persson' Cc: [EMAIL PROTECTED]; 'Poof' Subject: RE: [Full-Disclosure] Saddam Hussein Captured Gideon, You had no reason to apologize! Unfortunately they are looking at the small picture and do not even realize the effect of things like this have on the economy etc. How did homeland security get started? And what effect did have on the computer security industry? ___ Dave Kleiman, CISSP, MCSE, CIFI [EMAIL PROTECTED] www.SecurityBreachResponse.com High achievement always takes place in the framework of high expectation. Jack Kinder -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA Sent: Sunday, December 14, 2003 12:52 To: Henrik Persson Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Saddam Hussein Captured I apologize. I was excited. In the future, I'll keep to the list's charter. Gideon Gideon T. Rasmussen CISSP, CFSO, CFSA, SCSA Boca Raton, FL Henrik Persson wrote: On Sun, 2003-12-14 at 16:58, Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA wrote: *snip* Just what the heck does this have to do with computer related security? There are times what i wish full-disclosure was moderated.. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] moving
Although you won't be seeing this... Hope you have a fun move... I'm moving starting tomorrow too. ^^ But, no, I don't think you need to notify anybody... Only the listadmin if you're not a regular poster and all... (Since otherwise spammers will tend to join a list and go nomail... Gotta 'love' them.) ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of bscabl Sent: Saturday, November 29, 2003 3:26 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] moving I don't know if I have to notify anyone on this list, im going nomail as im moving, ill be back on the 4th ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] SSH Exploit Request
Carefully read the subtext in his note. He would like an exploit if possible (or at least that's his claim) so that he can prove to someone else that yes, it DOES need to be patched, right now. I.e. he's got a boss with pointy hair that isn't cooperating. You don't have to believe his story. Having dealt with many bosses (my own, or someone else's) exactly like that, I'm willing to entertain his story. Calling the admin who wants to apply the patch, but isn't allowed to without jumping through hoops, lazy or stupid doesn't help anyone. Uhm, if his boss is that way to an admin that's asked to secure a box/set of computers I personally wouldn't work there. There is too much on my head then. Your boss should respect what you say and what you know and allow you to do your job instead of wanting to do it himself. Anyhow, I personally don't want a DCOM For nix... Since I know of a LOT of boxes that haven't been patched yet. There is really no need for a 'box and shipped' version of the vuln. There is a whitepaper out... Go read it and figure it out yourself. Moo~ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows hosts file changing.
(Sending from the right email addy now) Anyhow... I just didn't expect it? And... What the HECK is with these bounces? -_- Can't people subscribe to FD on email accounts that aren't secured to hell? Gets quite annoying. =/ (Bounce message I just got:) Your mail to [EMAIL PROTECTED]; was filtered because of the potential spam or virus keyword [boobs] please contact the user by fax or telephone thank you. For this email filter system and other powerful software visit http://software.high-pow-er.com Meh. Doesn't even give me the person it's happening on. Nice software! -Original Message- From: gregh [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 2:44 AM To: Kevin Gerry; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Windows hosts file changing. - Original Message - From: Kevin Gerry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 6:01 PM Subject: [Full-Disclosure] Windows hosts file changing. Does -ANYBODY- know how it occurs? I've had this happen to a couple boxes of mine now... New one: -- 127.0.0.1 localhost 66.40.16.131 livesexlist.com 66.40.16.131 lanasbigboobs.com 66.40.16.131 thumbnailpost.com 66.40.16.131 adult-series.com 66.40.16.131 www.livesexlist.com 66.40.16.131 www.lanasbigboobs.com 66.40.16.131 www.thumbnailpost.com 66.40.16.131 www.adult-series.com -- Any idea how the search site is replacing that? =/ It's starting to piss me off =/ I had some custom information in there that's now overwritten (Not backed up) Not to answer your question directly but ask another - why don't you just set your hosts file to what you want and then just lock it so it cant ever be hijacked again? Easy to do even with Windows. Regards, Greg. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows hosts file changing.
Hate to say... But no filesharing software is installed on this computer. And only legal software is installed. So... Nice try? =p Also, AdAware is installed. Along with an up to date virus scanner. Plus all email is scanned before it enters. (Up to date too). AdAware was run BEFORE the hosts file changed. Without any spyware found. And -AFTER- it was changed. Without any mention of any spyware (It was updated both times) So... Hrm? =/ -Original Message- From: V.O. [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 3:06 AM To: Kevin Gerry; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Windows hosts file changing. spyware... brought in by kazaa or something similar :) http://www.google.com.au/search?q=66.40.16.131+thumbnailpost.comie=UTF- 8oe=UTF-8hl=enbtnG=Google+Searchmeta= check this - http://miataru.computing.net/security/wwwboard/forum/6491.html dont download illegal files :))) and install a virus scanner, or at least AdAware - Original Message - From: Kevin Gerry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 6:01 PM Subject: [Full-Disclosure] Windows hosts file changing. Does -ANYBODY- know how it occurs? I've had this happen to a couple boxes of mine now... New one: -- 127.0.0.1 localhost 66.40.16.131 livesexlist.com 66.40.16.131 lanasbigboobs.com 66.40.16.131 thumbnailpost.com 66.40.16.131 adult-series.com 66.40.16.131 www.livesexlist.com 66.40.16.131 www.lanasbigboobs.com 66.40.16.131 www.thumbnailpost.com 66.40.16.131 www.adult-series.com -- Any idea how the search site is replacing that? =/ It's starting to piss me off =/ I had some custom information in there that's now overwritten (Not backed up) Thanks =/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows hosts file changing.
Well, this isn't my specific computer. So, I have no real control at what they screw up on it. They just expect me to fix it. -_- ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Austin Ehlers Sent: Wednesday, October 22, 2003 6:54 AM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Windows hosts file changing. Why are you browsing the internet on an Administrator account? The HOSTS file is only editable by Admin accounts. Never never never do daily work from an account with full priveleges, that's what the Power Users' group is for. Admin accounts are for maintenance-only (installing and configuring s/w), not general work. Austin Ehlers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kevin Gerry Sent: Wednesday, October 22, 2003 03:01 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Windows hosts file changing. Does -ANYBODY- know how it occurs? I've had this happen to a couple boxes of mine now... New one: -- 127.0.0.1 localhost 66.40.16.131livesexlist.com 66.40.16.131lanasbigboobs.com 66.40.16.131thumbnailpost.com 66.40.16.131adult-series.com 66.40.16.131www.livesexlist.com 66.40.16.131www.lanasbigboobs.com 66.40.16.131www.thumbnailpost.com 66.40.16.131www.adult-series.com -- Any idea how the search site is replacing that? =/ It's starting to piss me off =/ I had some custom information in there that's now overwritten (Not backed up) Thanks =/ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] mIRC DCC Exploit
Look at the logs. It was recently told. Also, version 6.12 fixes the error. Unless if youre talking about the userhost bug that was in version 6.1 Further, I havent noticed that the dcc bug affects version 6.03. But it kills 6.1/6.11 (6.03 seems sketchy on being affected) Hope this helps. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saint Sent: Tuesday, October 14, 2003 23:14 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] mIRC DCC Exploit There is some new bug in mirc6.0x which can crash the prog when sending a DCC-request(or something). Does anyone know more about this? thanks btw, my first post to this group =) Patrik Nisen ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] FW: Last Microsoft Patch
Uhm How long have you been ON this list? Its Swen. (A virus.) Simple eh? Also, HTML email is evil ^^ ~ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Curt Purdy Sent: Wednesday, October 15, 2003 12:05 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] FW: Last Microsoft Patch Anybody else get this? Looks legit, originating address is from msnbc.com. But can't believe even Microsoft would be this stupid after the rash of trojan-attached patch announcements lately. Plus all security people have been saying that Microsoft would never email a patch out. Or are they thinking, Send this out so all the stupid people will click on this before they click on a real trojan? Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions [EMAIL PROTECTED] If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Technical Services Sent: Tuesday, October 14, 2003 11:33 AM To: MS Corporation User Subject: [inbox] [admin] Last Microsoft Patch Microsoft All Products | Support | Search | Microsoft.com Guide Microsoft Home Microsoft User this is the latest version of security update, the October 2003, Cumulative Patch update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your system. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Choose Yes on displayed dialog box. How to use You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us. Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. The names of the actual companies and products mentioned herein are the trademarks of their respective owners. Contact Us | Legal | TRUSTe ©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] logs cant e edited remotly?
Wow, and I thought my removing of those 3 miles of flooding of my channel in my logs was possible. Guess I should check them again to see if it's still there. GASP! It's deleted. Weird. I did something impossible! ~ (500 points to the person who can guess the point of this message) -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of morning_wood Sent: Wednesday, October 15, 2003 13:03 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] logs cant e edited remotly? http://news.zdnet.co.uk/0,39020330,39116986,00.htm --- snip -- The court heard that police examinations of Caffrey's machine recovered log files of a chatroom conversation that recorded the exact moment the attack took place. But the defence argued that if a vulnerability exists, the log files could easily have been changed by someone who had accessed the system remotely. The defence counsel asked Stunt if it was possible to cut some text from one log file and paste it into another log file from a remote computer. Stunt dismissed the idea: Remotely, the answer would be no. It is impossible, the technology does not exist, he said. --- snap -- ummm... *bzt* WRONG Donnie Werner http://e2-labs.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] FW: Last Microsoft Patch
Maybe theyre giving those certs out now with every icee or something you buy. Must be it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Exibar Sent: Wednesday, October 15, 2003 18:13 To: Curt Purdy; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] FW: Last Microsoft Patch You're CISSP, GSEC,MCSE+I,CNE, and CCDA and you actually think this is a real patch from Microsoft? I doubt if anyone will believe that you earned those premium certs after reading this last message from you Exibar - Original Message - From: Curt Purdy To: [EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 3:04 PM Subject: [Full-Disclosure] FW: Last Microsoft Patch Anybody else get this? Looks legit, originating address is from msnbc.com. But can't believe even Microsoft would be this stupid after the rash of trojan-attached patch announcements lately. Plus all security people have been saying that Microsoft would never email a patch out. Or are they thinking, Send this out so all the stupid people will click on this before they click on a real trojan? Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions [EMAIL PROTECTED] If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Technical Services Sent: Tuesday, October 14, 2003 11:33 AM To: MS Corporation User Subject: [inbox] [admin] Last Microsoft Patch Microsoft All Products | Support | Search | Microsoft.com Guide Microsoft Home Microsoft User this is the latest version of security update, the October 2003, Cumulative Patch update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your system. This update includes the functionality of all previously released patches. System requirements Windows 95/98/Me/2000/NT/XP This update applies to MS Internet Explorer, version 4.01 and later MS Outlook, version 8.00 and later MS Outlook Express, version 4.01 and later Recommendation Customers should install the patch at the earliest opportunity. How to install Run attached file. Choose Yes on displayed dialog box. How to use You don't need to do anything after installing this item. Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us. Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. The names of the actual companies and products mentioned herein are the trademarks of their respective owners. Contact Us | Legal | TRUSTe ©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] SPAM, credit card numbers, what would you do?
Yes, I know it was a via clickable link and the site was ridiculously unsecured, but that probably wouldn't make a difference to a court. You know... That's the big thing about reporting anymore... If you do... You're assumed just as guilty. And they -WILL- go after you for reporting it if they can't get the original person! It's sad... Look at some of the reports on some 'hacker' being arrested for pointing out a problem in some companies network. (WiFi maybe?) Sorry, it just gets old for me. Not safe to try to be the 'nice guy' anymore. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Hacker suspect says his PC was hijacked
Well... Tell me where honeypotting goes if that happens? *cry* -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Steve Wray Sent: Sunday, October 12, 2003 02:15 To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Hacker suspect says his PC was hijacked Will Knowingly allowing a computer under your control to remain in an exploitable state become a crime? (if it isn't already...) I am in two minds on whether it should or should not :( [mailto:[EMAIL PROTECTED] On Behalf Of Paul Tinsley http://www.cnn.com/2003/TECH/internet/10/10/hijacked.hacker.re ut/index.html Caffrey is accused of triggering the paralyzing data blast on a vital computer server used to coordinate ship movements in the Houston port -- the sixth biggest shipping port in the world Ok, so somebody explain to me why in the world this vital computer server is on a public network? He said his machine may have been taken over by another individual or group who then set the digital onslaught in motion. 'My computer was completely and utterly vulnerable to many exploits' If anybody needed more ammo to convince people that patching is important this might be a good one to add to the stack, whether he is lying or not I sure wouldn't want to try and defend that position... ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] SunnComm to sue 'Shift key' student for $10m
Okay... So according to the law it's illegal to remove the program if later you decide to not agree to the EULA? (Which I'm sure it says that the terms can be changed at any time within it) That sure doesn't seem kosher to me... I feel that you should be able to remove/disable whatever on your computer. According to this logic... Using Ad-Aware is illegal because it removes spyware from your system without their non-existent uninstall interface! Oh, and you're also not allowed to know what the file/driver name of the program that they've installed is either? Nice! -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Florian Weimer Sent: Thursday, October 09, 2003 23:52 To: Nick Jacobsen Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] SunnComm to sue 'Shift key' student for $10m Nick Jacobsen wrote: it seems to me the perfect chance for a countersuite... cause at least as far as I know, most state's definition of computer crime would include installing software on a machine withough the owners permission. or knowlege.. and since that is what SunnComm's protection is doing... According to the report, the software shows an EULA before the system is modified, so there is user consent. By the way, the subject line is misleading. SunnComm doesn't sue because of the shift key description (the company isn't *that* stupid), but because of the removal instructions for the Trojan Horse. These instructions could be indeed illegal to publish in the United States and other countries because they are specifically designed to circumvent an effective measure for restricting copies. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Has Verisign time arrived ?
Hey... No need to personally bash somebody... He's not stupid for liking it... He's just weird... Erk! -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Nick FitzGerald Sent: Saturday, October 04, 2003 02:50 To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Has Verisign time arrived ? Truly sad. I personally liked the service... I'm prone to typoz (did I mean typos?) with every sentence I write. I am stupid and found it useful, therefore it is good. Sounds just like your president justifying yet another immoral war... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Has Verisign time arrived ?
Doesn't seem that anybody else had replied to this ^^ Kinda weird... Or am I missing traffic? -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Frank Knobbe Sent: Friday, October 03, 2003 13:08 To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Has Verisign time arrived ? On Fri, 2003-10-03 at 11:56, Rodrigo Barbosa wrote: Looks like ICANN has decided it was time to pick a fight, and now Verisign has 36 hours to turn sitefinder off or be sued. http://www.icann.org/announcements/advisory-03oct03.htm By the time this arrives, others will probably have posted the same. Knowing that I might clog up the list with me-too's, I believe it's important enough to share over and over again. Here it is, straight from NANOG... -Forwarded Message- From: Tim Wilde [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: VeriSign Capitulates Date: Fri, 03 Oct 2003 15:44:26 -0400 http://www.washingtonpost.com/wp-dyn/articles/A40241-2003Oct3.html And they act like they're the victims. Amazing. Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service, said VeriSign spokesman Tom Galvin. We will accede to their request while we explore all of our options. How about a public outcry? Did you miss that part? You don't deserve a hearing. Of course, they haven't removed the wildcard yet: dig is-it-gone-yet.com. @a.gtld-servers.net. +short 64.94.110.11 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Has Verisign time arrived ?
Wow, you must be one of the few people that actually liked it ^^ I personally hated it =/ Still do! -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Byron Copeland Sent: Friday, October 03, 2003 14:09 To: 'Frank Knobbe'; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Has Verisign time arrived ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Truly sad. I personally liked the service... I'm prone to typoz (did I mean typos?) with every sentence I write. - -- I always wonder why people choose to support MS and then complain about all of these issues that are known in advance. -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Frank Knobbe Sent: Friday, October 03, 2003 4:08 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Has Verisign time arrived ? On Fri, 2003-10-03 at 11:56, Rodrigo Barbosa wrote: Looks like ICANN has decided it was time to pick a fight, and now Verisign has 36 hours to turn sitefinder off or be sued. http://www.icann.org/announcements/advisory-03oct03.htm By the time this arrives, others will probably have posted the same. Knowing that I might clog up the list with me-too's, I believe it's important enough to share over and over again. Here it is, straight from NANOG... -Forwarded Message- From: Tim Wilde [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: VeriSign Capitulates Date: Fri, 03 Oct 2003 15:44:26 -0400 http://www.washingtonpost.com/wp-dyn/articles/A40241-2003Oct3.html And they act like they're the victims. Amazing. Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service, said VeriSign spokesman Tom Galvin. We will accede to their request while we explore all of our options. How about a public outcry? Did you miss that part? You don't deserve a hearing. Of course, they haven't removed the wildcard yet: dig is-it-gone-yet.com. @a.gtld-servers.net. +short 64.94.110.11 -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBP33lcWHZJr/4PEW4EQKykACg61PCmq8r5WzoL6Mvo1WQ314r0u4AoIrT 4AURHny+uBaYOak7wO062HKA =y790 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Google FILTERS searches for possible DMCA infringable content!!!
Yeah... But if you read the complaint that they show it gives the URLs there ^^ But, yeah, I dislike how the DMCA allows this. =/ You can show somebody doing/buying drugs on TV Which tells people how to get them etc But you cant do the same thing online Sucks eh? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kristian Hermansen Sent: Wednesday, October 01, 2003 17:11 To: Full Disclosure Subject: [Full-Disclosure] Google FILTERS searches for possible DMCA infringable content!!! I don't know if you guys noticed this or not, but recently Google has started FILTERING requests for information that may violate the DMCA. This just started recently, but test it yourself. Go to Google.com and try searching for kazaa lite k++, which is the enhanced version of the popular P2P client. If you notice, the website will not show up in the lists. In fact, it seems that the site that offered this client is now no longer online. What's REALLY SAD is that Google admits to the filtering at the bottom of the page and gives an explanation, along with some documentation. Here's what it says: http://www.google.com/search?hl=enlr=ie=UTF-8oe=UTF-8q=kazaa+lite+k%2B%2B In response to a complaint we received under the Digital Millennium Copyright Act, we have removed4 result(s) from this page. If you wish, you may read the DMCA complaint for these removed results. If you click on the second link, you can read the complaint from Sharman Networks against Google. http://www.chillingeffects.org/dmca512/notice.cgi?NoticeID=861(text) http://www.chillingeffects.org/dmca512/notice.cgi?action="">(PDF) This is a sad day for us all. It seems that Sharman Networks weren't happy enough with the profits they made on advertising -a business that is run solely on the attraction that customerscan download digital content, which they may or may not own legally. Now, why would they want to block this program so badly? My guess...K++'s anonymous enhancements make it much too difficult to track downpiracy and since users would benefit from this, it is a danger to their business. Also, they are probably making even more money on the side by selling information about who is massively sharing MP3/VIDEO to the RIAA and MPAA. BUT IRONICALLY THEY ARE USING THE F**KING DMCA TO HAVE GOOGLE FILTER SEARCHES!!! If anything, the DMCA should be used against THEM for making it easy for people to download illegal content. Hey you don't have the right to steal what I am currently stealing!!! Reminds me of Microsoft stealing from Apple. This is the most improper use of the DMCA I have ever seen. What do you guys all think of this? Kris Hermansen CEO- HT Technology Solutions PS - Since Google won't allow you to find the new K++ homepage, here it is: http://www.klitesite.com/
RE: [Full-Disclosure] Rootkit
You know... You can -REALLY- scare somebody with those figures there ^^ /me runs away -FAST- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcus H. Sachs Sent: Friday, September 26, 2003 19:13 To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Rootkit It's been a painful last two months. Could you imagine the pain if this epoch started on November 1st instead of July 16th? Here's what it would look like: Cisco IOS July 16 - Nov 1 Microsoft dcom1 July 17 Nov 2 MSBlaster Aug 11 Nov 27 (Thanksgiving) Northeast Power Aug 14 Nov 30 (Sunday) Sobig.F Aug 18 Dec 4 (Thursday) Nachi Aug 18 Dec 4 (Thursday) Microsoft Office Sep 4 Dec 21 (Sun before Christmas) Microsoft dcom2 Sep 10 Dec 27 (Sat after Christmas) OpenSSH Sep 16 Jan 2 (Fri after New Years) Sendmail Sep 18 Jan 4 (Monday) Swen Sep 18 Jan 4 Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Hane Sent: Friday, September 26, 2003 4:57 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Rootkit Also, am I the only one who is totally exhausted from trying to keep up with the last couple of week's patch frenzy? I would have had my last server patched before the attack but things like, sleep, food, and bathroom time got in the way :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] email worms, spam etc etc
Thanks ^^ Would you know any good DBSBLs? I've been looking for some good ones... But since Osiru died... I can't find a good one *cry* Also, would it be too much for the mod of this list to just cause new subscribers to be moderated until their first VALID post? Just an idea =/ - Original Message - From: Michael Evanchik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 09:01 Subject: [Full-Disclosure] email worms, spam etc etc If you were as annoyed as i was with your mailboxes being bombarded I looked up native email filtering for microsoft environments. Attatched is a basic script to get u started. This works on the Microsoft SMTP service on NT4,2000, and 2003 Michael Evanchik www.high-pow-er.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
