Re: [Full-Disclosure] Re; Time Expiry Algorithm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jax == Jacqueline Singh [EMAIL PROTECTED] writes: jax /me shakes her head at Andrew Farmer. Okay, now it's just jax ridiculous to suggest that you wouldn't be able to implement jax a time limitation on something encrypted simply because jax clocks can be changed. jax What 'clocks' are talking about -- which are you basing it jax off of? jax What if you decided to code into the encryption the use of jax atomic clocks, and include more than one or two as a jax redundancy/security check? jax Someone's really going create a huge conspiracy to change a jax few of the world's atomic clocks drastically to be able to jax crack someone's encrypted data? :P Nope, but one would happily set a policy that re-routed requests to the atomic clocks to a local system, also with flawed time, in an intermediate router. There is no way to have time-limited encryption, even under control of a remote server, since the first time the document is decrypted and rendered the client just needs to save the decrypted document. Remember Apple's Fairplay and Hymn? Similar problem -- once the decrypted data stream is available on the local PC there's no way to prevent the user from saving it in a format of her choice; unless you make a blackbox appliance, which too would get cracked eventually. Regards, - -- Raju jax -jax To: Gautam R. Singh [EMAIL PROTECTED] Cc: Full-Disclosure Full-Disclosure [EMAIL PROTECTED] From: Andrew Farmer [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Time Expiry Alogorithm?? Date: Fri, 19 Nov 2004 10:28:20 -0800 jax Gautam R. Singh [EMAIL PROTECTED] wrote: I was just wondering is there any encrytpion alogortim which expires with time. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key No. Think about it for a moment. (Clocks can be changed.) - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFBoLbtyWjQ78xo0X8RAhuEAJ0Zp0ENFfd61vlrs1DvESAiUMWUYwCcCpFz DFmp9llBJjGaabDfmnnX1NM= =dQSw -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam == Adam Jacob Muller [EMAIL PROTECTED] writes: Adam Rot 13 may not be strong but rot12 is. I once posted a Adam string that I only rotated 12 chars to my blog and it took a Adam month before anyone figured it out that probably says Adam more about the iq of the people reading my blog than the Adam security of rot13. I use ROT26. Most people have trouble comprehending that too ;) - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFBntKXyWjQ78xo0X8RAtBwAKCInb9sgpr3mZQYT9UVX0Bb0lgUuQCeJHCv ywOshNdkExFhOjFJAP8qPkc= =hxxX -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Any update on SSH brute force attempts?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barrie == Barrie Dempster [EMAIL PROTECTED] writes: Barrie On Mon, 2004-10-18 at 06:41 -0500, Ron DuFresne wrote: Why not just disallow root logins directly, and force someone with a valid user account to su after getting a shell? It was my impression that was more standard, and if one has to allow remote root directly, at least restrict it to specific systems and users. All the places I have worked for forced the su after shell to root.. Barrie I'm in agreement with this, as well as combining this with Barrie use of sudo for common functions requiring root privs Barrie (such as using tools requiring raw socks support for Barrie instance) meaning you rarely have to become root and the Barrie root account becomes slightly more difficult to Barrie compromise. Using su forces the use of passwords, which are difficult to manage in a multi-admin scenario. For instance, you may have to give the root password to 3 different people (1 in each 8-hour shift). What happens when one of these people leaves the organisation? You change the root password and intimate the remaining two, as well as the replacement, of the new root password. Multiply this by 100 or 1000 machines and it becomes hell. Use key-based login instead, then all you need to do is add/delete keys to authorized_keys when people join/leave the group of administrators. Heck, you can even use cfengine or equivalent with appropriate classes to automate the whole procedure -- define admin groups on the central server and roll out public keys to all systems automatically. Next, how do you manage passwords? The options are different password for each system (which means pieces of paper in wallets with the passwords scribbled on them) or use the same password for multiple machines (security nightmare). Keys are so much simpler -- just remember the pass phrase of your own key and you're through. Regards, - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD4DBQFBc92iyWjQ78xo0X8RAp1uAJiV+aZ+Lc9b+poBT99fhjZ5I22vAJ4y6cqR MHrqYQyF4f8eHhWH9jAJdg== =HtuA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] OT: GMail invites
Jason == richajap [EMAIL PROTECTED] writes: Jason Sorry, all gone. Should be getting more soon and will let Jason you all know. Jason Please don't. AOL is that-a-way -- -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Re: open telnet port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry == Barry Fitzgerald [EMAIL PROTECTED] writes: Barry Dave Ewart wrote: Quite so, as I suggested. Are there even any legitimate uses for running a telnet daemon any more? (That is a genuine question - as far as I can see, SSH is always a perfect replacement). Barry Sure - a situation where a system needs a low-bandwidth/low Barry CPU-use shell-based communication protocol and sniffing is Barry not an issue for whatever reason. Remove low-bandwidth from the list of requirements, since ssh can compress traffic on the fly and reduce bandwidth consumption significantly. Barry [snip] - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFBQRgwyWjQ78xo0X8RAnWeAJ42DhmuXmTHzdP0eZblezstclmAWQCgi6Z0 01BVsQt/ny6DP068eCLh77U= =HfOV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Crack Microsoft Office encryption
Anyone have pointers to a free (open source) tool or methodology to crack MS Office encrypted files? Both brute-force and smarter methods are fine, smarter preferred, of course :) I believe that Office encrypts files using RC4, is that correct? Thanks, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Web sites compromised by IIS attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Valdis == Valdis Kletnieks [EMAIL PROTECTED] writes: Valdis On Wed, 30 Jun 2004 21:08:27 CDT, Paul Schmehl Valdis [EMAIL PROTECTED] said: I attended a presentation yesterday for a security product in the application firewall field. During the presentation, the CISSP stated that in every 1000 lines of code there will be 15 errors. I don't know if I'd agree with that - I suspect most coders are a bit better than that - but I had to chuckle, because, of course, I immediately thought, So you admit that your code is riddled with holes! Valdis Actually, I suspect most coders are *worse* than that. Valdis Sendmail 8.13.0 weighs in at just about 90K lines of C Valdis code for the main program. By that metric, there should Valdis only have been 135 bugs in it. In fact, there are 441 Valdis occurrences of 'Problem noted by' in the release notes. Valdis BIND 9.2.3 has 1,525 entries in the CHANGELOG file, of Valdis which 774 are listed as '[bug]' entries. I'm fairly sure Valdis that BIND9 is well under 510,000 lines of code, so again Valdis we're running well above 15 bugs per KLOC. Valdis So either (a) Sendmail and BIND were written by people who Valdis were *incredibly* worse than the average programmer, or Valdis 15 errors/KLOC is a vast understatement. Now although Valdis Sendmail may not be a paragon of excellent programming Valdis practice, it would be hard to argue that it's literally 4 Valdis times as buggy as code written by the average programmer Valdis - think back to your intro to programming class and ask Valdis what the *lower* half of the class would have done if they Valdis had done a rewrite of Sendmail... ;) My arithmetic is pretty bad too, so... [EMAIL PROTECTED] ~]$ bc -l bc 1.06 Copyright 1991-1994, 1997, 1998, 2000 Free Software Foundation, Inc. This is free software with ABSOLUTELY NO WARRANTY. For details type `warranty'. 9/1000*15 1350. 51/1000*15 7650. Regards, - -- Raju Valdis I might be willing to accept 15 *security-critical* errors Valdis per 1,000 - the vast majority of bugs are *not* a security Valdis issue. - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFA5MalyWjQ78xo0X8RAn20AJwNPfbOGfPd2C9T01az+poYVsZyVgCeNo1d +oP8ykZEn/w3A2REGIzPNb8= =q4at -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] gcc: Internal compiler error: program cc1 got fatal signal 11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dale == Dale Harris [EMAIL PROTECTED] writes: Dale On Sat, Jan 10, 2004 at 12:41:20AM +0100, [EMAIL PROTECTED] Dale elucidated: No Segmentation Fault on Slackware 9.1, Kernel 2.4.24, GCC 3.2.3. Confimed - Segmentation Fault OS = Slackware 9.1.0 Kernel = 2.4.22 GCC = 3.2.3 int main(void) { printf(%c,msux[0xcafebabe]); } $ gcc gcc-crash.c $ ./a.out Segmentation fault Dale Well, honestly... is this interesting if seg. faults when Dale you execute it? Or am I just missing something? You're Dale accessing an array that hasn't been defined, that is a big Dale DUH! in my book. It is interesting if it kills the Dale compiler while trying to compile it, when it should be Dale issuing a syntax error, not if the binary is executed. Dale Hell, I have programs seg. fault all the time, no surprise Dale there. The program is not accessing an array that hasn't been defined. If you go back to KR you'd remember that a[i] is treated as *(a+i). Hence, addition being commutative, it doesn't matter whether you use a[i] or i[a], as long as one of (a, i) is an integer type and the other a pointer to a non-void, known type. To illustrate, try the following: main() { char array[] = ABCD; printf ( %c\n , array[2] ); printf ( %c\n , 2[array] ); } Both printfs will print out C. Regards, - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard http://www.gnupg.org/ iD8DBQE//2rmyWjQ78xo0X8RApXMAKCZcvF94fXcrpfr7VkF4t1lwvyNYwCglduj o1KOr6D3/vyHr+7wR+zDv5E= =TDEf -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] India gov IT hacked
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Devdas == Devdas Bhagat [EMAIL PROTECTED] writes: Devdas On 28/11/03 23:04 +, Morning Wood wrote: *cough* http://timesofindia.indiatimes.com/articleshow/320561.cms Devdas Nothing important here. If you have a bunch of morons who Devdas will not listen to clued up people, this is exactly what Devdas will happen. Typical triumph of bureaucratic management Devdas over technical staff. Also note that ``Darren Wood'' is making completely unsubstantiated claims that have been cleverly juxtaposed with Mohanty's statements to make it look like Mohanty is acknowledging the break-ins. A closer reading of the article, OTOH, doesn't provide a shred of proof for Wood's statements. Regards, - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard http://www.gnupg.org/ iD4DBQE/yWR2yWjQ78xo0X8RAuL0AJiEm6no0OIVM7e/Wmf/ruv26aoDAJ9P/FGf J7ip3kVktbircDhwy8ujhQ== =Srvz -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Fw: Red Hat Linux end-of-life update and transition planning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric == Eric Bowser [EMAIL PROTECTED] writes: Eric Basically Screw OpenSource, we want to make money. I've Eric always said they're the MS Linux Distro. Might help to know the complete picture before the hanging: http://fedora.redhat.com/ What was earlier Red Hat Linux will now be available as a community-supported OS a la Debian. - -- Raju Eric I'm glad I've always stuck by Slackware right now. Eric Licensing/transiting 45 servers would be expensive/a pain. Eric On Mon, 2003-11-03 at 13:16, Joshua Levitsky wrote: It's happened. Red Hat has officially said [EMAIL PROTECTED] YOU to us all. Hey Red Hat.. I've got a migration plan for you... it's called BSD / SuSE / Mandrake. -Josh - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard http://www.gnupg.org/ iD8DBQE/pyBiyWjQ78xo0X8RAjjdAJ4t8EMOLvcIDnJiZ216uRX0v6wqxwCeNZal ZUxO5D03wZYfjSB6CtRIPSg= =0Jrq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Application level firewall
Jason == Jason Freidman [EMAIL PROTECTED] writes: Jason Is there any sort of application level firewall for linux? Jason Something like Zone alarm where you can trust an Jason application? I think that openBSD has something that Jason allows you to choose which system calls a program can run. firestarter.sourceforge.net? Jason The idea would be to restrict a bind call and connect call Jason using kernel modules unless the program is in a config Jason file. It would make it easier (i would think) to lockdown Jason a computer for outgoing connections as well as add a new Jason layer of security. -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly
Chris == Chris Cozad [EMAIL PROTECTED] writes: Chris On Tuesday, 30 September 2003 11:49 PM, Valdis.Kletnieks Chris said: [snip] So why are we tolerating computers that have cranks and choke buttons and need major maintenance every few hundred hours? Chris We definitely shouldn't tolerate this, but until there is a Chris viable solution... Here's a viable solution... I guess: http://linux.omnipotent.net/article.php?article_id=8568 -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] BugTraq Speed
Dave Ahmad picked up on my post and responded privately. He doesn't have any objections to my forwarding his messages to FD, hence forwarding without prejudice. -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves [Message from Dave Ahmad] Return-Path: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII From: Dave Ahmad [EMAIL PROTECTED] To: Raj Mathur [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] BugTraq Speed Date: Thu, 25 Sep 2003 10:19:31 -0600 (MDT) Raj, I appreciate you being the voice of reason. I can offer you a simple explanation, off-list. Bugtraq is a moderated list, Full-Disclosure is not. Of course Full-Disclosure is going to be faster. It takes me some time read through all of the submissions to Bugtraq and decide which ones are to be on the list. Unfortunately, Bugtraq is not my only responsibility here. I have to balance trying to moderate as quickly as possible with managing my team and maintaining/supporting some of the products here which depend on the vulnerability database. Despite all of this, I believe, Bugtraq is consistently faster than the other moderated lists. There's no conspiracy to withhold messages while our customers get priority. That is absurd, all one has to do is monitor the list during regular business hours. For example, the FreeBSD advisory mentioned by Rainer: I approved it as soon as I was at my desk, before 9AM here. It hit my mail spool about 30 minutes later (50,000 users on the list means 50,000 SMTP transactions -- there's some latency in delivery, though we try to improve performance by using QMQP with concurrent outgoing servers). During the day I approve messages as they arrive. Once in a while messages slip. It happens. I have hundreds of messages in the queue. Sometimes a single message is surrounded by OOTO replies, A/V bounces, spam, virus/worm mails, etc, and I don't see it until I review the queue when I have time. Follow-up messages sometimes take a little longer because there are so many of them, many of which say the same things. To keep the noise down, I read over them all and select the best messages for approval. It takes me hours of my time both at work and outside of the office. I'm not asking that anyone take my word for it. The Bugtraq delivery times are available to anyone on the list. With all of the speculation I'm surprised nobody has actually put in the effort to try and prove we are withholding information. I assure that any such investigation would show that the pattern of message approval is not consistent with us withholding the precious zero-day of the community. There's not really any commercial advantage anyways, since there are so many lists now and much of what goes to Bugtraq is sent everywhere else as well. Most importantly, it's simply not ethical and I would have no part in doing that. But again, don't take my word for it. Thanks again. [Personal stuff snipped -- Raju] David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- The battle for the past is for the future. We must be the winners of the memory war. Uh, has anyone bothered asking DMA the reason for the delay? You may not get any reasonable explanation, but at least give the man a chance to defend himself before condemning him. - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] New Hacking Zine: p62
Rony == I Rony I writes: Personally, I wouldn't trust _any_ pair of breasts to be a reliable source of security-related information. Rony I think, nevertheless, that this warrants an extended, wide Rony ranging and in-depth study. Rony It's our responsibility as security professionals. Rony What we need is a mailing list, but what would be an Rony appropriate name? full-exposure? securitits? booby-trap? ...back to dealing with tonnes of Swen... -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] BugTraq Speed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael == Michael Renzmann [EMAIL PROTECTED] writes: Michael Hi. Rainer Gerhards wrote: I wonder if someone else is sharing this experience? Michael So far I second your feeling. BugTraq is lagging behind a Michael lot, and I remember that the lag has been less worse some Michael time ago. I'm not sure about the reason, but it's nothing Michael I'm really happy about. On the other hand there isn't too Michael much that gets posted solely to BugTraq, so you can Michael retrieve important things from other lists as well - Michael nevertheless this is a sad development in my eyes. Uh, has anyone bothered asking DMA the reason for the delay? You may not get any reasonable explanation, but at least give the man a chance to defend himself before condemning him. - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard http://www.gnupg.org/ iD8DBQE/clX8yWjQ78xo0X8RAoCHAJ9mRTPag9SN3YgNH90szljrdoYXlACfbfcB /fvZOCemDM9yMHNbei4ub3k= =93kG -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!
Jonathan == Jonathan Grotegut [EMAIL PROTECTED] writes: Jonathan My vote is for number two, to shorten to HD or to have Jonathan nothing at all... Are two votes allowed??? Half-Disclosure? *Running before Len really sends goons to maim me this time!* -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Desperately OT] [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Steve == Stephen Clowater [EMAIL PROTECTED] writes: Steve [snip] Steve Then agian the chicks that are looking for asucsfull man Steve would naturally gravitate away from the mscse's . :) Rrrright! Have to keep the chixqu0rs away with a bat when I go out wearing my `Running 2.6.0-test3' t-shirt! Sorry, couldn't resist that one :) -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Binary Executables w/o Source
Len == Len Rose [EMAIL PROTECTED] writes: Len Please don't send binary executables on the list unless you Len include the source code. We should add this to the charter Len shortly. How about implementing a mail size limit too while we're about it? No reason to send mails over, say, 50K to the list -- you can always put up larger items on the web and add a URL to your mail. Heck, even a shared Yahoo folder or something would do. -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] GUNINSKI THE SELF-PROMOTER
dhtml == dhtml [EMAIL PROTECTED] writes: dhtml http://seattletimes.nwsource.com/cgi-bin/PrintStory.pl?document_id=135262788zsection_id=268448455slug=softwarebugs14date=20030714 dhtml Hackers, software companies feud over disclosure of dhtml weaknesses dhtml [snip] dhtml Those in Smith's camp back a model of limited full dhtml disclosure. Am I the only one who finds the phrase `limited full disclosure' an oxymoron? dhtml [snip] -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Please Vote Today
David == David Vincent [EMAIL PROTECTED] writes: David [snip] David free speech is nothing less than free speech. censorship David sucks. much like html email. That's rather simplistic. My freedom to move my fist ends where the tip of your nose begins. My right to freedom of speech ends where it starts impinging on your rights to freedom, of whatever kind. Every forum that I know of, whether electronic or physical has rules, dos and don'ts. If you don't like the rules you are always free to include yourself out. You can question the rules, and then a decision must be reached by consensus or other means. However you do not have the freedom of flouting the rules of the forum that you are in on the questionable pretext of `free speech'. -- Raju David [more snip] -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Netscape 6/7 crashes by a simple stylesheet...
Jocke == jux [EMAIL PROTECTED] writes: Jocke Hi, I'm new here so I don't know if I posted this in the Jocke correct list... Jocke I've found out that some simple CSS-code can crash Netscape Jocke 6 and 7. Jocke This is a simple html-page containing this code: Jocke html body div style=position:absolute; Jocke div style=position:absolute; overflow:scroll Jocke /div /div /body /html Jocke Was this already known? Tested on following browsers on Red Hat Linux 8.0, i386: galeon-1.2.6-0.8.0: Consumes 100% CPU but continues to respond to events. kdebase-3.0.3-14 (Konqueror): No effect mozilla-1.0.1-26: Consumes 100% CPU, stops responding to events (or takes overly long to respond -- I didn't wait more than a couple of minutes). netscape-communicator-4.79-1: No effect. Regards, -- Raju Jocke /Jocke -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html