RE: [Full-Disclosure] Possible First Crypto Virus Definitely Disc overed!
At 08:59 AM 6/9/2004 -0400, [EMAIL PROTECTED] wrote: Someone call a memetic scientist to fight this evil scourge... Snowcrash lives. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!
At 10:53 AM 6/8/2004 -0500, Billy B. Bilano wrote: Bill Bilano here, reporting in from the front-lines! I've got some disturbing news that I've got to get some answers about while I share. I think we're about to come under full hacker attack at any second! And to those people that said us folks talking about crypto viruses were being chicken littles... let me tell you, the sky just fell! And it is HEAVY! Anyone else notice that it's getting harder and harder to tell F-D from The Onion? ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Breaking Laws Cisco's stolen code
At 12:41 PM 5/28/2004 -0500, [EMAIL PROTECTED] wrote: Put down the crack pipe and back away slowly. You are surely not suggesting that this issue of Cisco's code has anything...at all...remotely...in common with the people and actions you listed...seriously...you're kidding...right?? I dunno. Seems like it's logically right in line with the thinking that teenagers who deface Web pages deserve jail sentences equal to or in some cases even exceeding those of violent criminals. This is the dawning of the Age of Ridiculous. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Cisco's stolen code
At 10:45 AM 5/25/2004 -0700, Harlan Carvey wrote: Valdis, I sincerely hope that you do not presume to speak for everyone... He's not offering an opinion, merely stating a fact: if whitehats are security researchers who don't break the law, then they don't audit code the possession of which is illegal. The only debatable point here is the definition of whitehat, but that's really just a matter of semantics. This code is the proprietary property of Cisco. Anyone who knowingly examines it or even possesses it without Cisco's permission is in violation of the law in most countries, and therefore not, by definition, acting as a whitehat. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Support the Sasser-author fund started
At 10:47 PM 5/17/2004 -0600, John Galt wrote: Once every so often is public service. Twice in a month is SPAM. Not when it's in response to a valid whine...er, complaint. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] New therad: sasser, costs, support etcalltogether
At 08:42 AM 5/17/2004 -0700, [EMAIL PROTECTED] wrote: Uhmm, irregardless is not a word. The word is regardless. Well, in fact, irregardless *is* an accepted word; it just has no justification for existence, like utilize. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] (AUSCERT AA-2004.02) AUSCERT Advisory - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices (fwd)
At 11:20 AM 5/13/2004 -0400, [EMAIL PROTECTED] wrote: Am I the only person around who's been in this business long enough to remember how one jabbering transciever can take down an entire Ethernet thinwire or thickwire segment?? Heh. No, I remember data storms quite well. Painfully well. I also remember the sniper bug in SMC cards, that randomly disconnected nodes from the network. A booger to diagnose and track. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Calcuating Loss
At 06:44 PM 5/11/2004 +0200, Anders B Jansson wrote: If you take you car for a drive, and is killed by a drunk driver, the drunk is to blame, even if you didn't wear your seatbelt. Can we move this sort of thing over to Bad-Analogies, please? m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Consistent browser crash on standard site?
At 03:01 AM 5/6/2004 +, axid3j1al axid3j1al wrote: Hey d000ds Whats with this site? www.tvland.com/shows/lucy or www.tvland.com/shows It consistently crashes iexplore XP all patches installed. Doesn't affect IE 6.0.2800.1106.xpsp2.030422-1633. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] morning_wood is really a blackhat
At 05:52 PM 5/4/2004 +0200, Christian Fromme wrote: Cutting out the bad bits and what the bad bits are depends in some cases too much on the opinion of the moderator. That's certainly a valid point. What I'd vastly prefer is that we all exercise self-censorship before we post. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] morning_wood is really a blackhat
At 04:37 PM 5/4/2004 +0200, Christian Fromme wrote: Censorship is not what we're looking for. I think that's a debatable issue. It seems to me that some people on this list confuse full disclosure of exploit-related code and advisories with unfettered posting of any shit that comes into a 14 year old's head at the moment. This list would be far more productive if we weren't constantly subjected to this barrage of pointless flaming and adolescent taunting. I trust at least one person will reply to this with something that illustrates my point. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] morning_wood is really a blackhat
At 11:59 AM 5/3/2004 +0200, Sebastian Krahmer wrote: Nice, but moderation bites with full disclosure I think. Not in this case. Kurt only moderates the noise. All the code and advisories are there, from both F-D and Bugtraq. I highly recommend it if you don't care to wade through obnoxious flames and endless reiterations of the same lame questions. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] A rather newbie question
At 07:18 PM 5/3/2004 -0400, you wrote: (And I am told that in fact, hospitals *do* require all their staff to get at least basic CPR training and the like...) Yep. In the U.S., at least, it's required in order to be accredited. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
At 11:59 AM 4/14/2004 -0400, Exibar wrote: Microsoft bashing because they're in Redmond, WA and you feel they should be in Texas somewhere? NO! Washington is just fine. We have enough pollution problems down here in Texas already, thank you. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] ron1n phone home, episode 5
At 08:27 AM 4/9/2004 -0700, John Sage wrote: Here's a one-way journey that's worked well: :0: # Luz3rz L1zt * ^From:.*( -snip- |[EMAIL PROTECTED]| -snip- ) Luz3rz_L1zt Captain Bitbucket to the rescue! m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] FAT32 input output = null?
At 10:56 AM 4/8/2004 -0500, jamie wrote: Big, long, slow moving line.. and this Certain Ethnic woman was on her cell phone.. talking at the top of her vocal volume, like she was on a tin can and string about 100 miles long, really annoying everyone in line. This lady in front of me finally piped up Will you be quiet? Take that outside. The CE woman gave this pissoff look to the lady in front of me, and kept talking. Well now, that's when you whip out your handy-dandy Ronco Pocket Cell Phone Jammer and set it to transmit that 18 KHz 120 dB Rudeness Termination Signal. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] ron1n phone home, episode 5
At 04:17 PM 4/8/2004 -0500, Alerta Redsegura wrote: anyone knowing your IP address (Internet Physical address, the street address where your computer is located) can send you a ping of Death, which will not harm you physically, but will give you the blues. Submitted for your consideration: a motley crew of smart-assed computer security geeks suddenly finds themselves slipping through a wormhole to a world a decade in the past. Temporary mass hallucination, or a one-way journey into the Twilight Zone? m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Off-Topic: IKEA ownz Microsoft
At 04:03 PM 4/7/2004 +0100, Jos Osborne wrote: Too many concurrent entries? Or excessive load? Forking too many processes. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Wiretap or Magic Lantern?
At 02:22 PM 4/7/2004 -0400, [EMAIL PROTECTED] wrote: And quite frankly, I'd rather worry about living in a world where there's still a few terrorists on the loose than 5 years from now, not being able to get on a plane because the first paragraph of my reply has flagged me as an enemy of the state in some database. The real irony is that no amount of privacy obliteration is going to stamp out terrorism. The end result will be a virtual police state where getting onto public transport is just as dangerous, if not more so, than it is now. As Richard Forno points out in his book Weapons of Mass Delusion, in many ways the terrorists have already won. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] A sucker is born every day
At 12:40 AM 4/6/2004 +0100, Paul Farrow wrote: Attrition is the Weekly World News of web sites. Martin's site says I defaced the New York Times web site and says I have herpes encephalitis, which has an 80% mortality rate and leaves the other 20% vegetables. (Do a web search on herpes encephalitis, ye unbelievers.) Would Martin lie to you? Forbes picked up Martin's story, on attrition.org, that John Vranesevich paid someone to deface the Senate web site. Surely he wouldn't just make up that story. Stories in the New York Times and Vanity Fair quoted the FBI saying Martin was wrong, but what does the FBI know? Jay Dyson tells you to believe, so believe you must, because it is cool. Such an elegant refutation. I'm certainly convinced. At least Jericho does his best to provide factual material to back up his claims. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: The Return of Carolyn Meinel (was Re: [Full-Disclosure] ron1n phone home...)
At 03:33 PM 4/4/2004 -0700, Etaoin Shrdlu wrote: Oh. My. God. I thought that the first post was a delayed April Fool's Prank. I feel as though the world has been stood on end. This is posted (in part) by none other than Carolyn Meinel, who is coming from the same site as Jay D. Dyson (someone I respect). I can promise you that there is NO connection between Jay and CM. They're on completely opposite ends of the clue spectrum, CM representing one of the very few extant examples of an almost total clue vacuum. So? Did the (security) world undergo a sea change while I slept? Has CM suddenly become part of the *in* crowd? In Absurdum, perhaps. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] NOT GOOD: Outlook Express 6 + Internet Explorer 6
At 02:53 PM 3/31/2004 -0500, [EMAIL PROTECTED] wrote: On Wed, 31 Mar 2004 22:06:29 +0300, Georgi Guninski said: is this tru$tworthy computing part 2 or are we at part 1 still? It's more like the 386th book in a Harlequin Romance series - Same Stuff, Different Day. Since we've haven't actually seen anything trustworthy come out of Redmond, I thought we must still be in the preamble stage: We the lusers of Microsoft, in order to turn a more perfect profit, establish a smokescreen, insure fiscal liquidity, provide for the highest dividend, promote media goodwill, and secure the blessings of monopoly to ourselves and our stockholders, do ordain and establish this Trustworthy Computing Initiative. Eventually. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: Microsoft Coding / National Security Risk
At 01:23 PM 3/26/2004 -0500, joe wrote: I would hope the US government isn't using Windows in the way normal home users are. And in fact having personally spoken with several folks from the US Government and the US Military (US Army specifically which was interesting...) in charge of this stuff this week at a conference I can actually in fact say that they don't use Windows like normal home users. A sample size of several is hardly adequate for drawing a conclusion of this magnitude. The fact is that there are no universal standards for Windows installations in the US government. There are mountains of best practices, mandates, regulations, and policies, but none of these ensure rigid compliance. The degree to which Windows workstations are locked down runs the full spectrum, right up to 'virtually wide open.' The US military is considerably more rigorous than the civilian government in this regard, but even then there are systems which have slipped through the cracks. Evidence for this is the fact that Web defacement mirrors still occasionally contain both .gov and .mil entries. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] SHUT UP
At 01:24 PM 3/24/2004 -0500, [EMAIL PROTECTED] wrote: It's God's fault for putting the apple in the garden It's been downhill ever since. :) Are you saying that Apple is responsible for corrupting mankind? That would make Steve Jobs Satan. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] viruses being sent to this list
At 12:48 PM 3/23/2004 -0600, Frank Knobbe wrote: Question then: Do stupid malicious people cancel themselves out? No, they get elected to Congress. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] FREE LIFETIME VIP MEMBERSHIP SEE GADI EVERON NEKKID!!!!
At 07:37 PM 3/22/2004 -0800, [EMAIL PROTECTED] wrote: FULL ACCESS - FREE LIFETIME VIP MEMBERSHIP SEE GADI EVERON NEKKID! It's great to see this level of creativity from a third grader. There may be some hope for your potty-training, after all. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: rfc1918 space dns requests
At 10:08 AM 3/18/2004 +0100, Martin F Krafft wrote: Bet there's a bunch over at the Dept of the Interior. :) There's nothing wrong with infosec at DOI. It's just a pissing contest between the DOI leadership and Judge Lambreth. Politics, not incompetence. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: Administrivia (was: RE: [Full-Disclosure] Re: Microsoft Security, baby steps ? )
At 11:40 AM 3/19/2004 +1300, Nick FitzGerald wrote: Also, when sending messages to multiple lists (say F-D and Bugtraq), it seems you may slightly reduce the multiple message spew that often results on F-D because of the above by putting all the addresses in the To: header, rather than one in the To: and the other(s) in CC:. Why is that, do you think? m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: Administrivia (was: RE: [Full-Disclosure] Re: Microsoft Security, baby steps ? )
At 03:30 PM 3/19/2004 +1300, Nick FitzGerald wrote: Because, from a rather cursory look at several such multiple mails, _some_ of those braindead I'll forward it to every address I can find in the message headers even though it did not originate on-site re- posters only seem to do this with messages that have CC: headers. Well, I suppose that makes a certain twisted sense, at least in the context of braindead mailers, anyway. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Book of unreleased exploits?
At 02:46 PM 3/12/2004 -0800, david cohen wrote: I've never heard of any of these guys, but one of these jokers has to be on this mailing list. You're kidding, right? You've never heard of David Litchfield or Dave Aitel? Check the archives, or google them. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Meth and hacking?
At 09:44 AM 3/10/2004 -0800, Steven Alexander wrote: http://www.msnbc.msn.com/id/4460349/ The drugs and the crime fit neatly together; addicts strung out on meth can stay awake and focused for days at a time, making them expert hackers and mailbox thieves. And ID theft is easy money, the perfect income for drug addicts who have no other way to fund their habit. Expert hackers? WTF? Just more uninformed media raving. Seems to be all the rage lately. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Meth and hacking?
At 11:51 AM 3/10/2004 -0800, Geoff Shively wrote: Did they get meth confused with caffine? To each his stimulant, I suppose. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: FW: [Full-Disclosure] Meth and hacking?
At 05:03 PM 3/10/2004 -0700, Vince wrote: I believe Bob has reached his highest level of incompetence. MSNBC will most likely promote him. Yeah, maybe he and Verton can coauthor the Ultimate Guide to Bullshit. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Hey, ya! =))
At 09:12 AM 3/9/2004 -0600, [EMAIL PROTECTED] wrote: Any virus that is inside a password protected zip file, and that requires the user to type in the password should never have made it to it's 2nd/3rd infection. This one is social engineering at it's finest.. Ooooh, a password, what's inside must be secret! :^) I can't really think of any legitimate reason to pwd-zip an attachment and then include the pwd in plain text in the body. I think it's safe to assume that any such message is malware and discard it as far up the chain as possible. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
At 10:53 AM 3/3/2004 -0600, Schmehl, Paul L wrote: We need new/different technology that doesn't depend upon knowledge of the malicious program to prevent it from entering our networks. *Re*active technology will *always* fail initially, and that means there will always be a door open for bad things to happen. As Rob Rosenberger has been preaching for years, the most sensible solution to this problem lies in heuristics, not reactive tactics. An ounce of prevention has always been worth a pound of cure. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Knocking Microsoft
At 03:38 PM 2/27/2004 -0500, [EMAIL PROTECTED] wrote: Go back and re-read http://news.bbc.co.uk/1/hi/technology/3485972.stm and ask yourself how serious a company can *really* be about security when the CTO of their Business Security unit is saying stuff like that. Sometimes it's difficult for me to decide which I loathe more: honest idiots in high places, or slimy spin doctors. MS certainly has their share of both. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] stuffs
At 11:53 PM 2/27/2004 +0100, B$H wrote: http://saxonsoft.hu Great name! ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Knocking Microsoft
At 07:17 PM 2/27/2004 -0500, James F. Wilkus wrote:
and now they try to make it secure. UNIX was made to be secure, and
I think people are doing a disservice by claiming that linux is
something it is not, or more accurately, generalizing all UNIX's to be
secure.
How many times must we rehash this? NO operating system in common
use today is secure in and of itself--not *nix, not Microsoft, not
Apple, not Novell, not IBM. Security is a function of diligent,
intelligent administration by a clueful human being, not some
life raft that inflates automatically when you install the OS.
A competent, motivated admin can secure ANY operating system.
A incompetent, lazy admin won't be able to guarantee decent
security on even the most bulletproof install.
While(1) {
argue(Unix is {more,less} secure than {Windows,OS X,Linux});
return 1;
}
is getting very, very tiresome.
m5x
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
At 09:12 AM 2/18/2004 -0800, Tim wrote: Say you are an engineer at a large car manufacturing company. The nominees in the Endless Automotive Industry-Infosec Analogies category are... ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] InfoSec sleuths beware ...
At 01:45 PM 2/18/2004 -0800, you wrote: Did I miss the thread or has no one yet postulated that the Microsoft source code subset was leaked intentionally in order to afford M$ the free services of hundreds or thousands of security researchers auditing their code for them? You missed the thread: From: Exibar [EMAIL PROTECTED] Sun, 15 Feb 2004 12:39:25 -0500 Subject: Microsoft source code leak Anyone ever think that perhaps Microsoft leaked this section of code on purpose? Right now there are 1,000's of hacker types and curious types pouring over that code looking for flaws. Sounds like there was already a flaw found using a signed integer as an offset, I've also heard that there is an exploited version of Notepad floating around now too... Microsoft can't pay to have this kind of QA done in house (who could?), so why not release a piece of source and let everyone do it for them? Could be that it's a clever way to distract from the ASN.1 flaw that was found too... release a bit of code that is meaningless and the exploit writers will be too busy looking through that code to write a huge exploit for ASN.1? Ok, sounds like a conspiracy theroys doesn't it? And it probably isn't true, but stranger things have happened :-) Exibar ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] InfoSec sleuths beware ...
At 11:10 PM 2/18/2004 -0500, Byron Copeland wrote: Mad, OK, you have a good point there, but its only a fraction of the code anyway. 'Twas not I. From: Exibar [EMAIL PROTECTED] ^^ Sun, 15 Feb 2004 12:39:25 -0500 Subject: Microsoft source code leak m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: http://federalpolice.com:article872@1075686747
At 10:48 AM 2/16/2004 +0100, [EMAIL PROTECTED] wrote: More info on this here: http://spamwatch.codefish.net.au/modules.php?op=modloadname=Newsfile=articlesid=55 This statement on the site is a bit wonky: Email's Originating Network(s): Hispeed.ch (Chinese Network) / RoadRunner (US DSL Network) Last time I checked, .ch was Switzerland, not China. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
At 10:08 PM 2/14/2004 -0800, [EMAIL PROTECTED] wrote: .. Rggghhhttt. Way to go, using a signed integer for an offset. Now all we have to do is create a BMP with bfOffBits 2^31, I would caution everyone against assuming that this code has not been altered since it left the confines of Redmond. If I were to steal Microsoft code and release it to the Internet, I'd be tempted to make a few strategic modifications first, just to stir things up. Especially if I were, shall we say, not exactly a Microsoft fan... m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] RE: W2K source leaked?
At 11:21 AM 2/13/2004 -0500, [EMAIL PROTECTED] wrote: Anybody want to place bets that *some* idiot is going to try to blame our failure to find Osama bin Laden on the source code leak? Of course--it's so obvious. Bin Laden slipped out through one of the government-mandated backdoors when no one was looking. RGF ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] (no subject)
At 04:18 PM 2/11/2004 -0600, roberta bragg wrote: 300-1,000 words. Essays longer than 1,000 words will not be read. Oh yeah -- we'll also pay you $50 for your efforts. $50 for 1,000 words. You must be kidding. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Solaris
At 04:52 PM 2/9/2004 -0800, Jeremiah Cornelius wrote: Look! One of Ashcroft's trolls! They'll have this list shutdown before the end of '05! Wonder if he means the operating system or the movie? ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] more security people =3D less securityi
At 12:05 PM 2/5/2004 -0500, Damian Gerow wrote: I finished in twenty minutes, and passed. The last person walked out of there two hours into the exam. I signed an NDA that I don't remember the details of, so I'm loathe to disclose any specific details, but let's just say that I'd be surprised if my technophobic mother failed the exam. I'm a CISSP because I made a bet I could walk in off the street and pass the exam. I did. I'd been doing it for a living for 15 years already at that point, though. Having said that, however, let me also state that if someone has CISSP or CISM or whatever, at least an employer knows they've been exposed to the concepts and terminology of the field. That's really all these certs are good for. They don't separate the wheat from the chaff, just the infosec chaff from the other chaff. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Gee Why don't you teach then! Help out the community.
At 01:42 PM 2/5/2004 -0500, Clairmont, Jan wrote: For those who think more people less security, why don't you TEACH. I'm an infosec mentor for local gifted high school students, I teach Internet investigation techniques to law enforcement officers, and I maintain several online tutorials. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Email
At 11:32 AM 2/4/2004 -0500, [EMAIL PROTECTED] wrote: Damn.. the spooks outsourced Echelon to a help desk in India? I think it's all being handled by that kid there who works for the CIA... ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] sco.com Press Release
At 11:14 AM 2/3/2004 -0700, Burnes, James wrote: Kent Torokvei: Well, I'm gonna get you guys. You know, you'll rue the day! Chris Knight: Rue the day? Who talks like that? I drank what? m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: Fw: [Full-Disclosure] [TOTALLY OT] Google fun
At 04:16 PM 1/29/2004 +0100, Nico Golde wrote: how does such a google bombing work? Hi Nico, One of the ways Google determines ranking is by how many links exist to a given site or object. If you convince a number of people to provide a link from the word bastards pointing to www.sco.com, Google assumes it's a popular site for that topic and ranks it accordingly. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Hello Mydoom
At 05:39 PM 1/28/2004 -0500, Juari Bosnikovich wrote: It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12. Nice analysis, Juari. Thanks. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] MyDoom Email targets
At 09:26 AM 1/27/2004 -0800, Scott Manley wrote: I've noticed I'm getting a load of messages to my catch all domains with addresses like [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] - it's highly unlikely that this would be part of anyone's address book - is there some mechanism in the worm to try and propagate to random e-mail within a domain? Yeah, here's a list of the names it can use, from a copy I got and UPX/ROT-13 decoded: sandra linda julie jimmy jerry helen debby claudia brenda anna alice brent adam ted fred jack bill stan smith steve matt dave dan joe jane bob robert peter tom ray mary serg brian jim maria leo jose andrew sam george david kevin mike james michael alex john accoun certific list servntivi support icrosoft admin page the.bat gold-certs cafeste submit not help service privacy somebody nosoft contacts iterating bugs me you your someone anyone nothing nobody noone webmaster postmaster samples info root be_loyal: mozilla There are a lot of interesting strings in this thing. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Mydoom
At 10:08 AM 1/28/2004 +1300, Nick FitzGerald wrote: That page does not specifically address the zip attachment form at all, and to the extent that it does mention .ZIP extensions it (_quite_ incorrectly) implies that the virus' executable is simply packaged with such an extension. In fact, if it sends itself with a .ZIP extension, Mydoom sends itself as a proper zip archive that contains a stored (i.e. not compressed) copy of its executable. Two of the copies I've gotten have been proper .zip archives (with .zip extension) which contained a UPX compressed executable, many of whose ASCII strings were further obfuscated with ROT-13. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Anti-MS drivel
At 12:12 PM 1/20/2004 -0500, Mary Landesman wrote: There is absolutely nothing I can do to secure my home from break-in. I can minimize the risks, but I cannot alleviate the risk entirely. However, we don't blame the builders when a home invasion occurs. We rightfully blame the burglar. The blame goes to the crackers and virus writers. I am loathe to participate in yet around round of questionable analogies, but if the builder provided you with door locks that you had to install yourself, I believe the blame might shift somewhat. The issue here, if I've understood it correctly, is that MS has historically been lax in providing security mechanisms that operate out of the box. In an increasingly insecure environment, this is neither a credible nor responsible business practice. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] January 15 is Personal Firewall Day, help the cause
At 05:21 PM 1/14/2004 -0800, [EMAIL PROTECTED] wrote: I just wanted to remind everybody that tomorrow is Personal Firewall Day. http://www.personalfirewallday.org/ Excellent, excellent idea. Kudos to all involved. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] 45% of the free files collected via KaZaA contained malware
At 01:17 PM 1/9/2004 -0500, Mary Landesman wrote: Hmmm... Interesting stuff. I also noted the report says The number of viruses exploiting known vulnerabilities to infect or spread grew from 36 to 50 in 2003 and notes that 28 of these exploit MS01-020. My research, which I thought was incomplete, shows 160 viruses exploiting known vulnerabilities, 54 of which exploit MS01-020. So much for statistics. :-) Well, you know what they say: 95.8% of all statistics are made up on the spot. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] 3 new MS patches next week... but none fix
At 08:44 PM 1/9/2004 -0800, Tim wrote: In a little mum's-the-word response, the vendor representative implied that they could make that problem go away with something they called virtual patches, which he was quite smug about. Sounds like this ISS propaganda to me: http://www.nwfusion.com/news/2003/0526isspatch.html Be very afraid. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Is the FBI using email Web bugs?
At 12:13 PM 1/8/2004 -0800, Gary E. Miller wrote: A web bug can be much more than that. When you read an HTML email or web page your workstation can send back gobs of information aount you. True. And FYI, Web bug does not refer to bug as in software flaw, as someone who posted earlier seems to think. It refers to bug as in concealed listening device. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Is the FBI using email Web bugs?
At 02:27 PM 1/7/2004 -0500, [EMAIL PROTECTED] wrote: http://www.privoxy.org is one such beast. I've been using Privoxy for well over a year now. Highly recommend it if you're forced to use Windoze for whatever reason. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Bugtraq Security Systems XMAS Advisory 0001
At 02:52 PM 12/24/2003 -0500, Bugtraq Security Systems wrote: It should also be noted that the internet security rock-star Mudge, along with several other famed w00w00 members, uses Squirrelmail. We at Bugtraq Security Systems would expect more proactive auditing of basic infrastructure used by famed black-hat[1] hackers such as Mudge, or Weld Pond a.k.a. Chris Wysopal. Hmm. The poster doth protest too much, methinks. Jealousy is a bitter taskmistress. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] 13 NASA Servers Hacked
At 09:25 AM 12/20/2003 +, Choe.Sung Cont. PACAF CSS/SCHP wrote: They also have mirrors of the hack. Apparently, the hacker(s) linked to a video of CNN showing american soldiers killing an iraqi and cheering. I analyzed that video frame by frame and it definitely doesn't show what the narrator describes. The victim is shot from the other side of the compound (presumably by whomever the soldiers are fighting) and the cheering is most likely dubbed in. The interview with the soldier at the end is heavily (and amateurishly) edited and has absolutely no context. In short, despite the CNN logo, I doubt that CNN had anything to do with this, other than possibly having shot the various video clips that were spliced together to make this shoddy piece of propaganda. m5x
RE: [Full-Disclosure] 13 NASA Servers Hacked
At 03:48 PM 12/19/2003 +, Richard Stevens wrote: the first result on a search on google for '13 nasa servers' yields: http://www.fcw.com/fcw/articles/2003/1215/web-nasa-12-18-03.asp There's also coverage at http://www.gcn.com/vol1_no1/daily-updates/24475-1.html m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Cert Sucks and Leaks
At 09:31 AM 12/18/2003 -0800, Daniel Sichel wrote: I have to ask, does CERT leak at the same rate they suck? That would be a weird equilibrium. Leak--Suck. It's more a continuum than an equilibrium. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] A funny (but real) story for XMAS
At 09:38 AM 12/16/2003 -0500, [EMAIL PROTECTED] wrote: What exactly is supposed to suck about the site, I wonder?? I don't know that anyone believes the site itself sucks. There are those who have an objection to the fact that CERT is taxpayer-funded, yet charges a fee for its 'premium' services; i.e., for earliest notification. For those of us who don't pay that fee, CERT advisories most often come along far too late to do any good. Add to that numerous charges of conflict of interest and less than sterling competence, and you can see that CERT is perhaps not the resource they would like you to believe. Here's Jericho's rant outlining some of the issues: http://www.attrition.org/security/rant/z/jericho.007.html There are myriad others available with a little Googling. The reason OSVDB isn't well populated yet is that each vulnerability has to be evaluated and written up afresh in order to avoid violating any existing DB's copyrights. That takes time. If you want to shorten that time, go volunteer. :-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow
At 01:30 PM 12/4/2003 -0600, Preston Newton wrote: I have a feeling that the Secret Service and FBI might be visiting you very very soon and I really hope your whois is not your actual name and location. I have a sneaking suspicion that any death threat/reference is a federal offense. You bet. 18 USC 871(a): Whoever knowingly and willfully deposits for conveyance in the mail or for a delivery from any post office or by any letter carrier any letter, paper, writing, print, missive, or document containing any threat to take the life of, to kidnap, or to inflict bodily harm upon the President of the United States, the President-elect, the Vice President or other officer next in he order of succession to the office of President of the United States, or the Vice President-elect, or knowingly and willfully otherwise makes any such threat against the President, President-elect, Vice President or other officer next in the order of succession to the office of President, or Vice President-elect, shall be fined under this title or imprisoned not more than five years, or both. Hasta la vista, baby. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Cripes
At 08:32 PM 12/4/2003 -0500, Cael Abal wrote: My distaste for heavy-handed police action, however, is nothing compared to my desire for you to just shut the hell up. To speed up the process, maybe you should go outside, flag down a cop car and confess? Not to mention the fact that even if his plot succeeded, we'd then be faced with President Cheney. Big improvement. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow
At 10:02 PM 12/4/2003 -0500, Kristian Hermansen wrote: You are censoring your child's freedom of speech based on your own problem in dealing with the fact the society generally does not accept this sort of language. Good for you, I hope your child becomes another upstanding citizen of our US population, unaware of the world around them, conforming to their leaders (aka you, the father - later the prez) and not questioning authority. Sigh. Spoken like a true teenager. Study the history of the 1960s for even a few minutes and you'll realize that my generation blazed the trail for your idealism (yep, I'm a whole lot older than 20). While I don't expect you to listen, let me state here for the record that (hopefully) someday you'll understand that idealism must be tempered with pragmatism in order to be effective. Shouting down with the establishment is all well and good, but eventually, whether you like it or not, you'll become that very establishment. Then *you'll* have to deal with people like you. I hope I'm there to see it. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Potentially new Virus
At 10:12 AM 11/25/2003 -0500, [EMAIL PROTECTED] wrote: On Tue, 25 Nov 2003 00:56:59 EST, Tireman [EMAIL PROTECTED] said: Has anyone come across a virus with the following message body and attached a file called 'Private.zip' which unzips to wendynaked.jpg.exe ^ Hello my dear Mary, *SIGH*. Whatever happened to craftsmanship and pride in your work? :) Maybe it was a ménage à trois... m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] automated vulnerability testing
At 03:01 PM 11/21/2003 -0500, David Maynor wrote: On Fri, Nov 21, 2003 at 03:29:52PM -0500, Cael Abal wrote: Wasn't there a slint tool or something like that? Yup, Splint -- from 'Secure Programming Lint'. I provided a link to their site in a previous message. THe one I am thinking of was done by the l0pht i thought.. The l0pht did develop Slint, but it was never released. They dropped it when RATS and ITS4 came out, because they were similar in functionality. @Stake now offers SafeApps though, which is in some ways a descendent of Slint. http://www.atstake.com/products/safeapps/ [I have no connection to @stake, BTW] m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] .hta virus analysys
bryce [EMAIL PROTECTED] wrote: I'm new to this list, and sorta new to security on a computer. But can someone tell me what program runs a .hta file?? Sigh. Since no one else seems inclined actually to answer this question, I'll do it. In a (pea)nutshell, Microsoft Internet Explorer is the application by which .hta files are designed to be interpreted. However, any browser that understands the syntax (e.g., Netscape) can in theory handle them. They provide functionality above and beyond HTML; they were originally supposed to supply designers with a way of prototyping Web-based applications that employ dynamic HTML, and thus would never be present in a production system. In reality, they get used for a lot of producation purposes: password/access control lists, triggering helper applications such as Office components, and in fact for launching just about any local program while providing a simple user interface similar to the password entry box included with most browsers. Convenient, and quite nasty if misused. Hopefully this brief overview will make it obvious to you what a serious security risk these files represent, and how laughably easy it was (is) to use them as a vector for malware. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] SSH Exploit Request
At 10:21 PM 11/14/2003 -0800, Jeremiah Cornelius wrote:
Solaris ('til v 7, at least) keeps a Bekeley-syntax shutdown in
/usr/ucb/bin/
Looks like it's still there in 8, also.
m5x
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] SSH Exploit Request
At 10:13 PM 11/14/2003 -0600, Paul Schmehl wrote: Nope. But I sure do in a lot of other unixes. Wasn't thinking of Solaris at the time. Sorry. 'shutdown -g -i[n] -y' is the System V command 'shutdown now' is BSD. IIRC, SunOS used the BSD version, but starting with SunOS 5.5 they switched to System V shutdown. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Eudora 6.0.1 attachment spoof
At 11:40 AM 11/13/2003 +1100, you wrote: print From: me\n; [...] print \n; To save yourself a little effort in the future, try print EOF; From: me [...] EOF Cleans up the code a lot. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Shortcut...... may cause 100% cpu use!!!
At 07:37 AM 10/30/03 -0800, Bipin Gautam wrote: BUT THE POINT HERE IS... THE SHORTCUT IS POINTING TO ITSELF WHICH WILL EVENTUALLY LEAD TO A DOS!!! It seems to me that what you've discovered is that infinite loops are resource hogs. I wouldn't call this a vulnerability so much as a computer science 101 revelation. Interesting from a theoretical perspective, perhaps, but not really worthy of a lot of discussion here. If someone is able to plant a self-referencing shortcut on your desktop, you have, as they say, larger fish to fry. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Shortcut...... may cause 100% cpu use!!!
At 11:52 AM 10/30/03 -0500, Maxime Ducharme wrote: Just laugh and take it easy ... Possibly the best advice I've seen on this list. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Off topic programming thread
At 09:36 AM 10/27/03 -0600, Schmehl, Paul L wrote: Can we move this irrelevant programming thread somewhere where it is on-topic? It may be interesting, but it belongs on comp.programming or something. I might be willing to join in, but it doesn't belong here on FD. I have seen irrelevant stuff on this list. I fail to see how a discussion of buffer overflows and race conditions in code is off topic. I suspect that many people, including myself, would benefit from a better understanding of how and why they occur, and what needs to be done to fix the problem. Agreed. I find this discussion to be one of the more on-topic I've seen here. Let's not discourage it, shall we? m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [inbox] [Full-Disclosure] Is bugtraq even worth it anymore?
At 02:55 PM 10/27/03 -0600, Curt Purdy wrote: I'm still subscribed to several securityfocus lists, but have not submitted for some time as I kept getting returned rejects even though they were on-topic valid points. I changed email addresses about ten months ago. I unsubscribed from the dozen or so SF lists I was on and resubscribed using the new address. I got and replied to the 'confirm subscription request' messages, and received the welcome message for each list, but never got a single post beyond those. I've gone through this process several times, each time with the same result. I finally gave up. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] RE: Linux (in)security
At 09:57 AM 10/23/03 -0700, John Sage wrote: I simply cannot think of a more clear, distinct, and comprehensive indictment of Microsoft and its operating systems than the unrelenting torrent of patches that it issues to fix the defective products that its monopoly position in the marketplace has allowed it to foist upon the world. Sure, the UNIX'es and Linux'es of the world have some problems, but really now, nothing like Windows. And a patch, when issued, pretty much works as expected. Don't get me wrong, I agree with almost all of what you're saying about Microsoft's poor track record. However, in the interest of fairness I'd like to add that I've had to back out of a fair number of patches to various Unices and Linux systems because the patch broke something else, usually in a fairly complex enterprise environment. I think the reality is that patching comes in a poor second to engineering secure code in the first place, and that is an area in which virtually everyone in the industry desperately needs improvement. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] No Subject (re: openssh exploit code?)
At 04:18 AM 10/21/03 -0700, John Sage wrote: So by the word - you yourself have chosen - you're somebody important's subordinate, temporary flunky. I know I'm impressed. Almost all of us fit that description. Stop it. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows covert channel
At 07:04 PM 10/19/03 -0400, James Kelly wrote: I seem to remember in the dim reaches of my memory a covert channel in the Windows file system where you could paste one file at the end of another without it being detectible when you edited the orginal file. can someone aim me at the right buzz phrase that describes this so I can Google it further? Sounds like NTFS file streaming. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] NASA.GOV SQL Injections
At 02:12 PM 10/17/03 -0400, Jonathan A. Zdziarski wrote: The gov't in general has a terrible track record in security, primarily due to the fact that they're not willing to pay more than $45,000 and a Buick...NASA on the other hand has got the gov't throwing billions of dollars at them so I'd hope they could afford to pay decent rates...anyone on this list who works for NASA? I would love to hear them speak up on the subject. Federal employees of NASA are subject to the same pay schedules as other federal employees. While agency-specific pay banding is gradually replacing the traditional GS (general schedule) system, one agency really can't pay much more than another for the equivalent position. If you compare job security and certain other less tangible benefits, the federal government becomes a much more attractive employer, especially for those who resisted the siren call of ludicrous salaries during the dot com boom and are, as a result, still comfortably employed. As to political considerations, yes, they exist. But except at the highest level they really aren't any worse than corporate politics, and often a great deal less arbitrary. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] FW: Last Microsoft Patch
At 01:49 PM 10/16/03 +, petard wrote: You verified Curt Purdy's certification. Congratulations. Now verify that Curt Purdy posted the message. (I'm not claiming that he did or didn't, and don't know Curt Purdy at all.) You, like the OP, might be putting too much trust in where an email says it's from. People, we all know that certs are meaningful only within a certain context. Curt made a simple mistake--he probably posted that before he fully thought about the issue. Happens to all of us. Judging him by his certs, or vice-versa, is petty and pointless. I have an idea. Since we've apparently decided that full disclosure equates to no real topic control, let's make the best of it by trying to help each other through infosec issues, not blasting anyone who posts a misspelled word or a poorly thought-out statement/question into their component molecules. Debates over the validity of an infosec-related point are useful and constructive; character assassination and personal attacks are not. I can't speak for the rest of you, but if people stopped making mistakes, I'd personally be out of a job. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] SPAM, credit card numbers, what would you do?
At 05:57 PM 10/14/03 -0400, Jonathan A. Zdziarski wrote: Hero? Hardly. His willingness to help out the companies he hacked into was quickly overshadowed by the fact that he stole hundreds of thousands of dollars worth of services while he was doing it. He's no hero, he's an idiot. Mostly Lamo is a sterling illustration of technical knowledge without concurrent wisdom. Not unusual for our profession, though. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Student faces suit over key to CD locks
At 10:06 AM 10/10/03 -0500, Ron DuFresne wrote: This story and suit is going to make its waves in the techie circles, but, will most likely not get alot of real play in the real world. http://www.dailyprincetonian.com/archives/2003/10/10/news/8797.shtml They dropped the suit later in the day; I don't think they have the stomach for the kind of battle that would probably have ensued. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] OT: Hamilton v. Microsoft lawsuit complaint is now online
At 09:31 AM 10/3/03 -0500, Schmehl, Paul L wrote: We have a long established tradition in America of rooting for the little guyuntil he becomes big and successful. Then we hate him and do everything we can to tear him down and destroy him. And since we've mastered the art of litigation, that's the easiest way to transfer his winnings to the lawyers. :-) And therein lies a fundamental truth: Capitalism is the art of redistributing wealth from the consumer to the legal profession via intermediaries we call businesses and governments. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] NINCOMPOOPERY OF MICROSOFT
At 01:32 PM 10/1/03 -0700, Gregory A. Gilliss wrote: Reality - the Federal Bureau of Investigation (FBI) likely will not even make the effort to prosecute computer crimes that cannot be said to have caused significant (like US$500,000) amounts of damage. It's just not worth the time and resources for them to assign people to port scanning. Minor point: the reason the FBI is unlikely to investigate crimes with smaller dollar amounts is because the US Attorney's Office will not prosecute them. Since the FBI is a federal agency, it investigates federal crimes, and those crimes are prosecuted by the US Attorney's Office. The FBI can only pursue cases with the potential for successful prosecution, ergo the monetary damage limitation (although it's more like $5,000 than $500,000). Also remember that the DOJ generally only prosecutes felonies, and these often have lower monetary boundaries. That's why it's very important if you want to bring in law enforcement that you make a credible attempt at quantifying your losses first. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] More on Dan Geer
At 10:18 AM 9/30/03 -0400, Stormwalker wrote: The following quotes clarify @Stake's position. It's worse than even I thought. They know better, but don't care anymore. M$ is more important than truth. Perhaps. I caution you, however, to make a distinction between @Stake as a corporate entity and some of the individual employees thereof. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] More on Dan Geer
At 12:32 PM 9/30/03 -0400, Keith W. McCammon wrote: A corporate entity is just a collection of individuals. And in this case, those individuals have (it seems) a great deal of influence within that entity. Thus, for the purposes of this argument, the two can be treated almost interchangeably. OK, let me phrase it a different way. I know some of the people involved, even at the higher levels of the corporation, who don't share in the official @Stake stance. In the same way that I don't necessarily blame Microsoft's employees for the decisions of Gates, et al., I don't want to see everyone at @Stake automatically crucified for this unfortunate action. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] More on Dan Geer
At 01:42 PM 9/30/03 -0400, Keith W. McCammon wrote: It would be nice if the clowns at @stake responsible for this would just take themselves quietly out of the loop, in the same manner as was done to someone else... Agreed. Has anyone asked Dan for his take, I wonder? m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Daniel Geer, author of cybersecurity screwed
At 05:35 PM 9/26/03 -0400, Stormwalker wrote: If this is all true, this event is way past a bad precedent. @Stake has crossed an important line and can no longer be trusted at all, no matter what their roots are. If the rest of the employees at @Stake tolerate this, then they are not to be tusted either. While I agree with your basic sentiment here, it's premature to condemn @Stake categorically. The facts are undoubtedly a great deal more complex than the media portrayals to date have revealed. Let's wait until we know the whole story before we lower the boom. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] An open question for Snort and Project Honeynet
At 04:18 PM 9/25/03 -0400, Matsu Kandagawa wrote: All the while wishing I could spit in your face. For the life of me, I cannot fathom why people devote so much time and mental effort to assassinating each others' character publicly in this forum. Let's just get this out of the way once and for all: Everyone who subscribes to this list--no that's not good enough; it doesn't include future and past subscribers-- everyone on the planet Earth who owns, accesses, or has even casual contact with a computing device is a clueless moron who has no chance of comprehending even the beverage menu at Denny's, much less the details of a buffer overflow. We should all just go back to making notches on sticks. Now, assuming there's no one out there whom I've failed to offend, may we please limit ourselves to discussions directly germane to information security? If you want to call each other names, there are plenty of outlets for that. Might I suggest Jerry Springer for starters? m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Ankit Fadia - A Reality
At 11:16 AM 9/8/03 -0400, [EMAIL PROTECTED] wrote: Re-read this slowly and carefully, and pay attention. He *has* made up his mind. Unfortunately, the real world has intervened. Most people discover sometime around Ankit's age that just because they've made up their mind to work for the FBI, or play lead guitar for Aerosmith, or play football for the Houston Oilers, that they really better have a backup plan in case the job offer doesn't come through. When I first came across this kid a couple of years ago, I wrote him off as a less-than-clueful media whore, as well. On careful reevaluation, though, I think he's more a victim of media hype than a generator of it. He's essentially a big fish in the very small ocean of Indian infosec. Because he was active in an arena where there weren't many competent players, he did draw more than his share of attention from government agencies and big corporations. Being young and technically aware, yet able to express yourself without resorting to foul language or w4r3z-5p33k, does have its attractions for the adult world... m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] DCOM/RPC story (Analogy)
At 11:40 AM 9/1/03 +1200, Nick FitzGerald wrote: Yeah, good plan... Though, please explain how you would do the remote profiling to be sure that the clueless kiddie bragging about his skillz on IRC is the type who will confess to precisely the required actions when the FBI comes knocking a week or so later? Those behaviors are probably found in tandem rather frequently, I would guess. Nevertheless, I'm not necessarily suggesting that this kid was framed. I'm only putting forth for argument's sake the possibility that the suspect is being used as a diversionary tactic by someone more deeply involved, and the only reason I'm bothering with *that* is that something about this case doesn't smell right. It could simply be a paucity of facts being reported by the media, I don't know. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Authorities eye MSBlaster suspect
At 10:39 AM 8/30/03 -1000, Jason Coombs wrote: let's not jump to conclusions and revoke this person's civil, constitutional, and human rights. Hear, hear. Let's not give up on what little is left of our once-beloved Constitution. Remember: innocent until *proven* guilty in a court of law. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] DCOM/RPC story (Analogy)
At 12:19 PM 8/31/03 -0700, Steven Fruchter wrote: That is completely moronic to act as if he did not do anything but just hex edit the code and change the name for example on the .exe . He also like a moron had the infected drones contact his website (which he is registered to) so that he can see who has been infected to control them. \ Assuming that he is, in fact, responsible. If I wanted to release a worm and blame someone else for it, the first thing I'd do is pick out some basically clueless kiddie who's been bragging about his skillz on IRC and set him up exactly like this. Next thing you know, the FBI and virtually everyone on the planet is convinced he's guilty, and I get off scot free, ready to release my next new and improved worm. Piece o' cake. m5x
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
At 09:18 AM 8/29/03 -0700, morning_wood wrote: this can be seen everywhere in todays American society... commonly refered as to the poor me syndrome.. Personal responsibility is dead, and I'll sue the pants off anyone who says otherwise. Microsoft made me type that. ;-) m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] AV feature does more DDoS than Sobig
At 10:05 AM 8/28/03 -0300, Fabio Gomes de Souza wrote: Anti-virus products are causing more harm than the Sobig Worm. The problem is that many e-mail virus scanners send a You are infected reply to the address contained in the From header. Since the messages are spoofed, the inoccent, uninfected user A is flooded by automatic complaints from C,D,E regarding the virus that B sends. I agree. Any sort of automated response based on perceived sender IP address is not only brain-dead, but irresponsible. It does nothing but compound the problem and needs to be curtailed. Now. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
At 09:43 AM 8/20/03 -0500, Schmehl, Paul L wrote: I would go farther. SMTP was never designed as a file transfer mechanism, and it should not allow file transfer. This would solve both the problem of email attachment viruses *and* the scourge of the Internet, HTML email. I concur completely. I've been preaching a similar gospel for many years; to wit, that we've been employing SMTP in a manner for which it was not designed, and we're now paying the price for that misuse. MIME and similar initiatives were well-intentioned, but fundamentally they're still little more than kludges. I was the manager of a large (18,000+ users) email system back in the 1997-98 era, when it first became de rigeur to attach cute binaries and, more insidious, Powerpoint presentations to emails. I can't tell you how many times I had to reset the SMTP queue at 3:00 AM because it contained 1,000 copies of rudolph.exe or some series of 500 slides from a conference sent to an all-user mailing list, the vast majority of which were simply text on a colored background, anyway. I can't see any immediate solution to this problem, however. We've painted ourselves into a corner by trying to adapt SMTP to FTP, rather than enforcing implementations that respect the protocol's original purpose. That way lies madness, as well as long-term frustration. m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Full Disclosure Awards
At 01:58 PM 8/5/03 -0500, Martin Ekendahl wrote: hahaha, I hope you will keep this weekly award thing up, its a nice refreshing change from the usual tone of the list. Yeah, it's a lot easier than State of the Hack Awards was (is). m5x ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
