Re: [funsec] You have just violated the Computer Fraud and Abuse Act...
On 11/29/2012 04:36 PM, phester wrote: http://cfaadefensefund.com/ +1 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] thanx so much for uhelp ican going to graduate to now
If you think that's bad, try getting one of those tools to count back change. Don't forget your Polaroid to capture the moment forever... On Mon, Nov 15, 2010 at 9:15 AM, Shawn Merdinger shawn...@gmail.com wrote: http://chronicle.com/article/The-Shadow-Scholar/125329/ The Shadow Scholar The man who writes your students' papers tells his story ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Hackers (the movie) 15th Anniversary Party on Oct 2nd
On 09/24/2010 01:21 PM, michael.blanch...@emc.com wrote: $500 gets you a hacker slave that has to wear a dress to the party. That's exactly what I was thinking. ;p SWEET!!! ;-) Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Shawn Merdinger Sent: Friday, September 24, 2010 3:56 PM To: funsec Subject: [funsec] Hackers (the movie) 15th Anniversary Party on Oct 2nd A fun Kickstarter.com project. http://www.kickstarter.com/projects/fred/hackers-the-movie-15th-anniversary-party-on-oct-2n ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Google is Evil indeed...
On Wed, Jul 21, 2010 at 6:42 AM, Jeffrey Walton noloa...@gmail.com wrote: I'd make the leap that Google's actions in other countries were not 'inadvertent' either. Those were my thoughts, exactly. Jeff -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Google is Evil indeed...
http://www.prnewswire.com/news-releases/googles-wi-spying-and-intelligence-ties-prompt-call-for-congressional-hearing-98769559.html The patent makes repeated reference to 'capturing' packets, including paragraph [0055], which states that the system will enable geolocations so long as the equipment being used 'is able to capture and properly decode a packet...' It has also been widely reported that Google has been working in partnership with the National Security Agency, the very same government body that illegally intercepted the private communications of millions of Americans during the Bush administration. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] The ultimate Rickroll?
You gotta see the pic. It's priceless ;p -- Early Wednesday morning, hackers installed seven notes on the great dome’s temporary scaffolding, commenting on its close resemblance to a musical score. The notes were the first seven of Rick Astley’s “Never Gonna Give You Up.” http://tech.mit.edu/V129/N35/graphics/notehack.html -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Hello. I live in Salem, and I believe in witches.
ch...@blask.org wrote: What else can/should a president say to every kid in the country? He may have wanted to include, I'm not as bad as all of your parents say I am...really. *under his breath - Even though they are right. -chris ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Hello. I live in Salem, and I believe in witches.
valdis.kletni...@vt.edu wrote: On Wed, 09 Sep 2009 13:27:55 EDT, Adriel T. Desautels said: Witches are real... technical speaking And most Wiccan belief systems are more reality-based and have a higher chance of producing actual results than the majority religion around here... Kinda like how most people end up buying Microsoft even though there's better alternatives... +1 Free alternatives at that... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?
Nick FitzGerald wrote: Rob Thompson wrote: This is akin to closing down a freaking bank, because they cashed a fraudulent check. No -- to stick with your grievously weak analogy, it is much more like very heavily (punitively -- get it?) fining a bank and its manager for repeatedly cashing fraudulent checks _from one known fraudster_. Point taken. I still do not agree with it. I think that it is a piss poor job on behalf of law enforcement. Get the _one known fraudster_ that is committing the actual act. BEFORE it is permitted to be repeated. Now if the hosting site is hosting (as in advertising, come here to host your illegal warez for $$$) to cater to the criminal, that's another story. But that isn't how I am interpreting this. I am interpreting this as sheer laziness and quite frankly it's rather pathetic. Passing the buck isn't okay. We count on the schools to raise our kids and the ISP to police the interwebs. Bullshit! If the penalty is enough to actually put the bank out of the business, the other customers move their accounts with that bank to another bank and get on with their lives. AND you can bet that they will be quite a bit more careful in checking out the bona fides and likely business practices when evaluating the prospective banks for that move! Finally, as all that is at issue in this case are just bits at rest on server drives and zipping around fibre and copper circuits, it's much easier and MUCH LESS disruptive to the other customers of the convicted, active, complicit fraud-enabler in the online world than in your bricks-and-mortar bank analogy. If you're going draw analogies, please at least try to make them modestly apposite... Guns don't kill people, people kill people??? Let's get Remington on the phone. If you didn't sell the gun to the gas station robber, he wouldn't have knocked off those seven petrol stands... Regards, Nick FitzGerald ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?
Paul Ferguson wrote: On Mon, Sep 7, 2009 at 11:14 PM, Rob Thompsonmy.security.li...@gmail.com wrote: Now if the hosting site is hosting (as in advertising, come here to host your illegal warez for $$$) to cater to the criminal, that's another story. But that isn't how I am interpreting this. I am interpreting this as sheer laziness and quite frankly it's rather pathetic. Passing the buck isn't okay. We count on the schools to raise our kids and the ISP to police the interwebs. Bullshit! Have you ever heard of criminal negligence? http://www.thefreedictionary.com/criminal+negligence Noun1. criminal negligence - (law) recklessly acting without reasonable caution and putting another person at risk of injury or death (or failing to do something with the same consequences) -- From the article: In a lawsuit brought by fashion company Louis Vuitton, a jury ruled that two ISPs -- Akanoc Solutions and Managed Solutions Group -- knew about counterfeit Vuitton goods that were being sold on their customers' sites, but didn't act quickly to pull the plug on those sites. The decision was first reported on Tuesday. I suppose you think that's bullshit, too? Yes, I do. It's a hand bag. If someone is at risk of personal injury or death because a hand bag was sold illegally, then I guess I stand corrected. Otherwise, we'll have to agree to disagree. I'm not saying that the ISP (if they _really_ did know - and the proof wasn't given - so I am skeptical) couldn't have done something about it. But to make another one of these half-assed laws, when is enough enough? If the ISP were mine, I would have removed it, on my own accord...but not because of yet another unnecessary law. The right way to do it, don't buy the counterfeit goods. If there is no money in it, no one will do it. There are other, better ways, than this. - ferg -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?
Best I can say is this...from my last reply. And this is the last I'll say. I can see my opinion is far from popular. If they were selling Anthrax, I wouldn't have said a word. _THAT_ is different. Freaking handbags!!! Paul Ferguson wrote: On Mon, Sep 7, 2009 at 11:14 PM, Rob Thompsonmy.security.li...@gmail.com wrote: Now if the hosting site is hosting (as in advertising, come here to host your illegal warez for $$$) to cater to the criminal, that's another story. But that isn't how I am interpreting this. I am interpreting this as sheer laziness and quite frankly it's rather pathetic. Passing the buck isn't okay. We count on the schools to raise our kids and the ISP to police the interwebs. Bullshit! Have you ever heard of criminal negligence? I suppose you think that's bullshit, too? - ferg -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?
Paul Ferguson wrote: Okay, a better question -- how do you feel if it's truly a criminal enterprise (e.g. click fraud, DNS Changer malware, credential stealing malware, credit card theft/trafficking, child porn, et al.)? I'm digging myself a hole I won't be able to crawl out of here, but let me try. I am not very well spoken and what I am trying to say, isn't coming out right. click fraud, DNS Changer malware, credential stealing malware, credit card theft/trafficking Most of these things can be prevented with basic care by the end user. No ISP involvement needed. Keep your computer up to date, use a OS that isn't broken, FF - Noscript (goes _a long_ way), AV that is current and enabled. I typically do not feel bad for the folks that have those things happen them. I do not know about you, but most people I meet that have computer troubles tell me about them. I explain that it is a virus and what can happen. They don't care. Until it does happen and they lose their identity. Then it is too late and the bad guy won. With the fact that this type of stuff is on the 7 o'clock news regularly now, excuses are running paper thin. child porn That is a whole different can of worms and _that_ is the type of stuff that should be acted on. There someone is being hurt. If the hosting provider doesn't clean it upon finding it, or upon the first reporting, then not only should the poster, but the hosting provider, be lit on fire. Are you familiar with Atrivo/Intercage, McColo, and Cernel? Russkrainain criminal activity right here in the Good Ole U.S. of A,? What's you position on that? I am familiar with these things, yes. For example, McColo, made no significant difference. It was closed, and spam levels dropped briefly. They are right back where they were, like it never happened. If the folks would stop buying it, the senders would stop sending. - ferg -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?
Nick FitzGerald wrote: Paul Ferguson to Rob Thompson: What's you position on that? Based on his posts to date, I'd hazard bent double, legs spread and with as firm grip as possible on his ankles... You know, I have refrained from personal attacks. But you sir, are a grade a asshole, and a fucking prick on top of that. Lemme know when you're on this side of the pond, I'd love to meet you face to face. Regards, Nick FitzGerald ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] OT: New England Lemmings and The Herd Mentality
Alex Eckelberry wrote: Now, for an In-And-Out burger, I could understand. But Sonic...? Try their Oceanwater. It's worth the wait. -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Jon Kibler Sent: Monday, September 07, 2009 3:56 AM To: funsec@linuxbox.org Subject: [funsec] OT: New England Lemmings and The Herd Mentality I find myself on vacation just outside of Peabody, MA. While trying to locate the hotel, noticed that the entire right shoulder of the road for almost a half mile before the hotel was a solid line of cars. They even had cops directing traffic. Asking at the registration desk what was up with the line, was told that the line was for the new Sonic Drive-In (http://www.sonicdrivein.com/) that had opened last Wednesday 2 blocks further up US-1! I then had to ask what was the big deal, were they giving away free food or something? It turns out that this is the first Sonic in New England. People have been coming from as far away as Maine, Vermont, Rhodes Island, Connecticut, and New York just to try out the latest junk food chain! Some have driven 4 or more hours just to sit in line to eat a hamburger in their car. Those arriving late have been finding the restaurant out of food and closing early. In addition to the line down US-1, I also found that there is a back entrance that has a line that stretches further than one can see. Thinking about it, this has to make Sonic one of the highest carbon footprint foods in the world!! Coming from an area that is saturated with Sonics, I cannot believe that anyone would wait in line -- and apparently do so for hours -- for Sonic Drive-In food. IMHO, the food at just about every other burger and shake joint is better. The only novelty is that it is like a 50s drive-in where you are waited on by servers in roller skates and you have to eat in your car or take it home (no inside dining). Geeze, and all these years I had thought that lemmings were herbivores. :-) Jon == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?
Gadi Evron wrote: Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml 'Landmark case' indicates that ISPs may be held liable if they know about criminal activity on their customers' Websites and fail to act A federal jury in California this week levied a total of $32 million in damages from two Internet service providers that knowingly supported Websites that were running illegal operations. In a lawsuit brought by fashion company Louis Vuitton, a jury ruled that two ISPs -- Akanoc Solutions and Managed Solutions Group -- knew about counterfeit Vuitton goods that were being sold on their customers' sites, but didn't act quickly to pull the plug on those sites. The decision was first reported on Tuesday. The ruling has been called a landmark decision by some legal experts, who note that ISPs historically have been protected by the Digital Millennium Copyright Act, which limits service providers' liability for criminal actions that take place on their networks. Way to go...way to go after the _real_ criminal. This is akin to closing down a freaking bank, because they cashed a fraudulent check. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] New Zealand Woman Fired for Sending ALL CAPS E-Mail
quispiam lepidus wrote: Way to be judgemental about someone you have no clue about. Have no clue about? She aired her dirty laundry for the world. She sued them, instead of holding her head high, accepting she wasn't wanted and moving on - then passed blame because she couldn't find another job for two years. Actions speak loudly, she made her character crystal clear. She looks just like one of those accounting ladies that will hold your spiff-check over the weekend, if you got busy and forgot to help her with her lame excel formula. Just because she can and as far as she is concerned, you inconvenienced her, so she will return the favor. Versus accepting your apology and explanation and trying to move on. Whether you agree with being judgmental or not, you know that there is truth to it. It's all on your tact and how you handle it. There aren't that many types of people. We all lump into one category or another. I wouldn't just walk up to her and say, you look like a bitch and deserved what you got, but that doesn't mean I'm not thinking it... On Thu, Sep 3, 2009 at 8:55 AM, Rob Thompsonmy.security.li...@gmail.com wrote: I'm sure there's more to the story than that. They probably just picked a poor excuse to get rid of her. I dunno about you, but to me she doesn't look like a very pleasant person. She probably asked for it. Then cried to all after she got fired. Instead of accepting responsibility and moving on like an adult, she sued. Lame. Ned Fleming wrote: The Kiwis are some hard-hearted mother dogs. http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1objectid=10594014 WON'T THE CARE POLICE STEP UP AND PROTECT THIS POOR CREATURE? what do they do to people eschewing all capitals, such as i, i ask. prison sentences? -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] New Zealand Woman Fired for Sending ALL CAPS E-Mail
I'm sure there's more to the story than that. They probably just picked a poor excuse to get rid of her. I dunno about you, but to me she doesn't look like a very pleasant person. She probably asked for it. Then cried to all after she got fired. Instead of accepting responsibility and moving on like an adult, she sued. Lame. Ned Fleming wrote: The Kiwis are some hard-hearted mother dogs. http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1objectid=10594014 WON'T THE CARE POLICE STEP UP AND PROTECT THIS POOR CREATURE? what do they do to people eschewing all capitals, such as i, i ask. prison sentences? -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] How [not] to Secure Your Browser's Saved Passwords
Ali, Saqib wrote: Gina Trapani of Lifehacker wrote a small piece on how to save passwords for websites in firefox and secure it using a master password: http://blogs.harvardbusiness.org/trapani/2009/09/how-to-secure-your-browsers-sa.html snip Your thoughts? Do you think saving passwords in a browser is safe and secure? Only if you want to end up in the next episode of zf0. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] If Swine Flu Weren't Enough, Now There's Swine Ebola
chaim.rie...@gmail.com wrote: When the dude said on that little hill in the middle of the desert, don't eat pork. He meant it. But what would life be, without bacon? *oink Ps. I don't listen to the dude --Original Message-- From: Paul Ferguson Sender: funsec-boun...@linuxbox.org To: funsec@linuxbox.org Subject: [funsec] If Swine Flu Weren't Enough, Now There's Swine Ebola Sent: Aug 26, 2009 14:12 Don't worry, it can't hurt youyet. :-) http://www.scientificamerican.com/article.cfm?id=swine-ebola-discovered Enjoy! - ferg -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Thoughts on Bing
rac...@mcs.anl.gov wrote: My daughter bruings up a couple of questions after getting malware hits while doing searches on Bing. Since Bing is backed by MS, it's a default that people will or are probably getting with new MS installs or upgrades. Meaning you have a highly targette audience. Is that community targetting Bing any heavier than others? Since Bing's advertising is all about giving you the answers you want, not some random stuff that may be close, is it a more valuable/trustworthy result? No. I finaly caved and gave it a whirl and it's as worthless as the rest of the other search engines out there (Google excluded). Personally, I am sticking with Google. If it aint broke... If people get a fakeAV popup from Bing, are they more likely to trust it than if they got it from Facebook, MySpace, or Google? It only depends on how misinformed they are. --Gene PS: My impression of Bing has been that MS has done it again. Bing is the sound that the cartoon Ricochet Rabbit made just before speeding off and crashing into a cactus, wall or pile of junk. It's also the sound that a small rusty bolt makes just before it busts you knuckles while trying to extract it and twists off instead of coming out of the hole. /~\ The ASCII Gene Rackow email: rac...@anl.gov \ / Ribbon Campaign Cyber Security Office voice: 630-252-7126 X Against HTML Argonne National Lab / \ Email!9700 S. Cass Ave. / Argonne, IL 60439 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Bank security
Rich Kulawiec wrote: About a year ago, I went several rounds with a local financial institution while trying to deposit money into an account. They wanted a thumbprint in order to verify that fraud wasn't being attempted, and were utterly impervious to the point that it was a DEPOSIT, not usually a profitable means of fraud. If it was a deposit into an account other than your own and it was a check, that would make a little bit of sense, but I would think it would drive customers away. That's not a Federal guideline, if you're in the US, btw - it would have been a local policy. If it was your own account, I would recommend you to change banks. Personally, I would never do business with a place that has rules of that sort. Depositing is a profitable means of fraud. It's how check kiting is done. ---Rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] File this one under WTF
quispiam lepidus wrote: http://news.bbc.co.uk/2/hi/technology/8161190.stm UAE Blackberry update was spyware Why is this such big news? Did we all forget? http://www.schneier.com/blog/archives/2008/05/blackberry_givi_1.html BlackBerry Giving Encryption Keys to Indian Government An update for Blackberry users in the United Arab Emirates could allow unauthorised access to private information and e-mails. The update was prompted by a text from UAE telecoms firm Etisalat, suggesting it would improve performance. In the statement, RIM told customers that Etisalat appears to have distributed a telecommunications surveillance application... independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user's smartphone. The update has now been identified as an application developed by American firm SS8. The California-based company describes itself as a provider of lawful electronic intercept and surveillance solutions. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Canadian Television
Trailerpark Boys is rather entertaining when you're killing a few brain cells. Gadi Evron wrote: Chris Boyd wrote: On Jun 9, 2009, at 5:01 PM, Ned Fleming wrote: Canadian TV? Utterly unremarkable, like watching snow fall. No, not entirely (and I'm not Canadian either). Early Red Green episodes are hilarious, but the later ones just cover too much of the same ground. The segments where Red Green builds or repairs something are the best, IMO. If the women don't find you handsome they should at least find you handy. There's also a show that aired in the US as The Industry that's sort of like (but predates) The Office but it covers the infighting in a company that produces a TV show. Canadian scifi makes me want to kill myself, but they have nice cooperation with Germany which means nudity (Lexx). ;) The show I like most from .CA recently is Flashpoint. It's scripted so that every episode evokes emotion in me the same exact way, but I love it anyway. Gadi. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Death by code release
Peter Evans wrote: On Tue, Jan 13, 2009 at 06:19:25PM -0800, Rob Thompson wrote: Peter Evans wrote: Well, I wonder if it is as anal as vista (which I have, but to be quite honest, can't be arsed to install) about HDCP and content encraption. It would be a safe assumption that it will be worse. Remember, Micro$oft was the fine group that force Palladium down our throats. But to be fair, we all know what can be said about assumptions. Ah, but Palladium stops spam! All I can find though, is FUD though. Does it really exist? That was the name of the project before people were put off by what it really was. Now it is TPM. P ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Death by code release
valdis.kletni...@vt.edu wrote: On Wed, 14 Jan 2009 13:07:54 +0900, Peter Evans said: On Tue, Jan 13, 2009 at 06:19:25PM -0800, Rob Thompson wrote: Peter Evans wrote: Well, I wonder if it is as anal as vista (which I have, but to be quite honest, can't be arsed to install) about HDCP and content encraption. It would be a safe assumption that it will be worse. Remember, Micro$oft was the fine group that force Palladium down our throats. But to be fair, we all know what can be said about assumptions. Ah, but Palladium stops spam! All I can find though, is FUD though. Does it really exist? Many systems now include a TPM chipset. That's about all that's *really* happened. Most of the rest evaporated when it became clear that consumers really prefer their media without insane DRM attached to it (except for all the Vista DRM stuff that still ended up in there anyhow). I guess I should have read up one more message before my other response. What Valdis said... ;p ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] UK Censorship: Brit Porn Filter Censors 13 Years of Net History
Paul Ferguson wrote: Completely whacked. Via El Reg. [snip] One Demon customer tells us he was unable to visit archived versions of websites run by the BBC, Parliament, the United Nations, the Internet Watch Foundation, Demon Internet, and Thus. In other words, this customer points out, Thus is blocking its own web history. It is nuts, he says. Isn't this why god invented proxy? It is horribly sad that it has come to this point. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Death by code release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I can't believe that there are really that many people that are interested in Windoze 7, after Vista sucked as badly as it did. People just do not learn, do they??? This is coming from a reformed Windoze (l)user. Rob. Rob, grandpa of Ryan, Trevor, Devon Hannah wrote: I loved the BBC cutline on this story: * Windows 7 now 'available to all' * Microsoft has announced the latest Windows release will not be limited, after the initial launch crashed the whole of the Microsoft site. So, Microsoft has decided to release, to the whole world, a product that crashed their systems? Well, not quite: http://news.bbc.co.uk/go/em/-/2/hi/technology/7825111.stm == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Looked up the Biblical description of the Beast, who wears [666] ...says he has two horns, like a sheep, can call down fire from out of the sky, and that people would worship him because of this ability ... I *knew* there was something creepy about Pikachu... - R. H. Draney on a.f.u http://victoria.tc.ca/techrev/rms.htm http://blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is Bliss... iEYEARECAAYFAkltMqIACgkQcfN68iZZIcdoLgCg3uEDfadeMJ4ib+alIynsQ2+G n+sAoIjWEkP8k3AN8HabSE854QI/WbqZ =n2hQ -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Death by code release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Evans wrote: Well, I wonder if it is as anal as vista (which I have, but to be quite honest, can't be arsed to install) about HDCP and content encraption. It would be a safe assumption that it will be worse. Remember, Micro$oft was the fine group that force Palladium down our throats. But to be fair, we all know what can be said about assumptions. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is Bliss... iEYEARECAAYFAkltS6UACgkQcfN68iZZIcdy2QCgqNYHVtScpwwRFBQv0IvG2a6D mzUAn1phV52yvPXPGTQ8lQHgANE4e3rj =w9Ni -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] NYPD Eyes Disrupting Cell Phones in Event of Terrorist Attack
Paul Ferguson wrote: Another brilliant idea. Man, if this one isn't a winner, I don't know what is... You'd think that this J/O must be consulting with the British folks that want to remove all of the privacy from their citizens...in the name of security, of course. Kelly stressed the need for law enforcement to be able to disrupt cell phone calls and other communications during an attack, pointing to threats posed by the media when they disclose law enforcement tactics during live coverage that can get passed back to the attackers. You should also disable that service so that the lady that is walking down the street and sees the terrorists fleeing can not call in and report it. Maybe they will disable short wave as well. I mean hell, why not just EMP the whole downtown core? That will fix them ALL! WE HAVE A WEENER!!! [snip] More: http://www.foxnews.com/politics/2009/01/08/nypd-interrupt-cell-phone-servic e-event-terrorist-attack/ - ferg -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Home of the free
I think that there were some death threats to Obama... You'd think that we were, but it seems like our Country is not yet mature enough for a black president. Freaking sad if you ask me... Though I do understand where you're coming from, in regards to that is a TOUCH overboard. What are they going to do if he WINS??? On Mon, Aug 25, 2008 at 1:30 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah [EMAIL PROTECTED] wrote: Two U.S. cities will become virtual fortresses during the Democratic and Republican nominating conventions, protected by airplanes, helicopters, barriers, fences, and thousands of police officers, National Guard troops, and Secret Service agents. In Denver, Colorado, where Democrats assemble next week, police are spending $18 million on equipment alone and will be bolstered by National Guard troops and hundreds of officers from surrounding suburbs. In St. Paul, Minnesota, site of the September 1-4 Republican nominating convention, police are calling on 80 law- enforcement agencies to provide 3,000 officers to supplement the city's 500-person force. The federal money is being spent for security measures such as fencing and high- tech camera-surveillance systems. More than 1,000 National Guard troops will help with communication and supplies in Denver, said a spokesman for the Colorado National Guard. More than 1,000 Minnesota National Guard troops will help provide security at sites outside the Xcel Center that are being used by convention participants, said a Guard spokesman. The North American Aerospace Defense Command, based at Peterson Air Force Base in Colorado Springs, will also participate. The Federal Bureau of Investigation plans to use a new version of a computer network that lets all its branch offices build leads on cases. The Coast Guard will monitor the Mississippi River near the Xcel Energy Center. http://www.bloomberg.com/apps/news?pid=20601070sid=aJgx7Uji1acIrefer=ho me == (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Blessed are they who have nothing to say and who cannot be persuaded to say it. - James Russell Lowell victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Off Beat: Tennessee Police Use Controversial Drug to Subdue Prisoners
What the shit is going on in this country? The cops can drug you? Cameras on every freaking street corner. Electronic monitoring in Massachusetts that's coming up... WTF? Anyone ever seen Equilibrium? Is this where we are headed? On Fri, Jul 18, 2008 at 12:12 PM, Paul Ferguson [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 WTF? Via WSMV.com. [snip] While the [Nashville, TH] Metro police had banned the use of Tasers for a time, they still used a controversial method to subdue unruly people, according to an I-Team report. The city's policy to use the method, which calls for the injection of a drug into a person, came as a total surprise to people most would expect to know all about it. For almost two years, Metro police have had the option of calling for a needle loaded with a strong sedative to control the most unruly people they encounter on the street. One of the doctors who came up with the protocol said it's the safest option out there and that it is used all over the country. But many people said that the injection was news to them, and a top medical ethicist said it's a troubling precedent. The drug is called Midazolam, which is better known as Versed. People who have had a colonoscopy have probably had a shot of the drug for the procedure. The drug has an amnesia effect, and we use that therapeutically because one of the nice ways to take care of the discomfort is to make people forget that they've had it, said biomedical ethics and law enforcement expert Dr. Steven Miles. But the shots have also been used on the streets on people police said were out of control. [snip] More: http://www.wsmv.com/news/16844880/detail.html Hat-tip, Schneier: http://www.schneier.com/blog/archives/2008/07/midazolam_as_a.html And as Schneier points out: The biggest side effect is amnesia, which makes it harder for any defendant to defend himself in court. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIgOskq1pz9mNUZTMRArEaAKDZsEu17xdyhG3WKE3Z5dy4Nwl2+QCfRT2L T3qXO5PJ9Mj48lrQbyBvU90= =JB+W -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] the most brilliant advertising: Penis Reduction
On Fri, Jul 18, 2008 at 7:54 AM, RandallMan [EMAIL PROTECTED] wrote: -- Message: 1 Date: Thu, 17 Jul 2008 19:11:24 -0500 (CDT) From: Gadi Evron [EMAIL PROTECTED] Subject: [funsec] the most brilliant advertising: Penis Reduction To: funsec@linuxbox.org Message-ID: [EMAIL PROTECTED] Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Ever since Viagra if it lasts more than four hours, go see a doctor, there just hasn't been anything that compares. And now, introducing--Penis Reduction Pills! Just leave them where the girl you are interested in can find them. :) http://www.penisreductionpills.com/ And make sure to check: http://www.projectwonderful.com/img/uploads/pics/16697-1214194541.gif Gadi. -- Gadi Don't bother with them, they don't work That just sucks. Because the tip in the cold water is getting old... === I was not dru k. I could lay on the floor and not hold on just fine. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Where does the Republican Party stand on the 1st Amendment?
Sorry for top posting, but to answer the question: Where does the Republican Party stand on the 1st Amendment? Right on top of it, with dog - crap covered shoes... Not that the Demo's are any better... On Fri, Jul 18, 2008 at 10:47 AM, Richard M. Smith [EMAIL PROTECTED] wrote: http://blog.wired.com/27bstroke6/2008/07/gop-threatening.html GOP Threatens CafePress Over Shirts, Stickers and Logos The Republican National Committee is threatening to sue CafePress for hosting an online venue for vendors to hawk GOP-related regalia like T-shirts, stickers and portrayals of elephants. The committee, as it turns out, owns the trademarks to GOP, Grand Old Party, Republican National Committee, RNC and the official GOP elephant logo. Sean Cairncross, the party's chief counsel, wrote (.pdf) the Foster City, California online vendor that the GOP takes infringements upon its trademarks seriously. Please cease and desist from allowing vendors to utilize the federally registered trademarks of the RNC or we will be forced to consider a legal remedy, Cairncross wrote CafePress. ... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] SF serving malware?
On Fri, Jul 18, 2008 at 4:47 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah [EMAIL PROTECTED] wrote: OK, if Childs is behind this, fry him: if he isn't, fry them. I'm with you on this one... Finjan reported Wednesday that the city of San Francisco Web site was one of over 1,000 sites treating visitors to malicious code. Vulnerable users got a Trojan loaded onto their machines that tries to join them to the Asprox botnet, a smaller botnet that began expanding in May. The SFgov site is apparently fixed. The deputy director of San Francisco's department of telecommunications and information services said the city detected and fixed the problem. He said SFGov was vulnerable over the last weekend in June. He does not know how many people visited the site, but said no city employees' machines were affected. http://www.sfgate.com/cgi-bin/blogs/sfgate/detail?blogid=19entry_id=28215 == (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] I like pigs. Dogs look up to us. Cats look down on us. Pigs treat us as equals.- Winston Churchill http://victoria.tc.ca/techrev/rms.htm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] This is a test
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I had sent in a few comments earlier and never saw them come through... Just checking to make sure that everything is working right... - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is bliss... iEYEARECAAYFAkiAAusACgkQcfN68iZZIceLJwCeOJ6LFd2pExeaitGAH93vf2AD j4kAmwWVwHkxxwoMa4i7ABRPVFWEbZwY =OCzG -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Off Beat: Proposed Bush Sewage Plant Will Appear SF Ballot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Ferguson wrote: Via CBS5.com (AP). [snip] A San Francisco measure seeking to commemorate President Bush's years in office by slapping his name on a city sewage plant has qualified for the November ballot. The measure certified Thursday would rename the Oceanside Water Pollution Control Plant the George W. Bush Sewage Plant. Backers said the idea is to commemorate the mess they claim Bush has left behind by actions such as the war in Iraq. Or gas prices? State of the Country's employment? Housing market? Price of food? Value of the dollar? Gee, where to begin. And I voted for that assclown... :( [snip] How apropos. More: http://cbs5.com/local/bush.sewage.plant.2.774019.html Also: http://www.independent.co.uk/news/world/americas/san-francisco-to-vote-on-n aming-sewer-after-george-bush-855433.html - ferg - -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is bliss... iEYEARECAAYFAkiAEL0ACgkQcfN68iZZIce/MwCgpssBKcrfUKA2ndNxMRUntM04 ZXoAn32l58sy2nHl8XE8kbIZkYhBQc59 =BOcD -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] SF Worker Accused Of Tampering With City's Computer Network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Ferguson wrote: Via NBC11.com. [snip] The funny part about all of this, at least according to what I read on The Register this morning...they're still locked out of the network. It's been approx a week. lol While I normally wouldn't find this so funny, I just can't stop thinking: I wonder if they ever heard of the phrase Disaster Recovery??? Priceless... A whole week and they can't get back in... San Francisco prosecutors charged a city worker Monday with illegally tampering with the city's computer network, potentially exposing the information of both city workers and anyone who does business with the city. Police arrested Terry Childs, 43, a network administrator for San Francisco's Department of Telecommunications and Information Services, over the weekend, according to the San Francisco District Attorney's Office. According to District Attorney Kamala Harris, Childs is believed to have disrupted the city's FiberWAN network system between June 20 and July 10. He was arrested on Sunday at his home in Pittsburg and is being held on $5 million bail, she said. At a news conference in San Francisco Monday afternoon, Harris was vague about the facts or motive behind the sensitive case, citing an ongoing investigation. Harris said the charges relate to rules about accessing our computer systems and about who has authorized or unauthorized access to those systems. According to Harris, Childs is believed to have temporarily denied services to authorized users on the network, and to have set up devices that would allow a user to gain unauthorized access to the network. [snip] More: http://www.nbc11.com/news/16884468/detail.html - ferg - -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is bliss... iEYEARECAAYFAkh9WF0ACgkQcfN68iZZIcf0PgCfbnSmn6wYCJ6BxQmcj6IeaGoa 0d0AoLaSV/oJLtVh7VUZEJkW691XN4w3 =A40f -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard M. Smith wrote: http://www.darkreading.com/document.asp?doc_id=158750WT.svl=news1_4 I'm not familiar with this product. To me it sounds like a bad idea on it's own. With AV, possible benefits... Thoughts? Personally, if they don't like Symantec and their pricing, they shoulda checked out eEye's Blink product. That's pretty nice... Brent Rickels, senior vice president at First National Bank of Bosque County, had grown tired of dealing with antivirus software. He was tired of regularly updating virus signatures, tired of hackers constantly tweaking malware, and tired of worrying about what users had downloaded onto their PCs. So Rickels dumped the bank's AV software for a whitelisting product and in the process, become one of its first commercial customers. First National Bank of Bosque County, which serves the Waco, Texas, area and manages approximately $100 million in assets, had seen the volume of spam and spyware it had to beat back increase tenfold in four years. So when it was time for the bank to renew its Symantec AV license at the end of 2006, the timing was right to make a change. It seemed like the antivirus updates came out only after new malware had already been released, Rickels says. Running a routine system scan with hundreds of thousands of signatures was taking half an hour or more. So the bank's tiny IT department of only a handful of employees was spending more time maintaining its security software and less time on business applications. The financial services firm decided to look for a different solution that was simpler to maintain and more effective. It considered GreenBorder, which quarantines any software downloaded via a user's browser until someone moves it to the main system. But that option appeared to still require a fair amount of manual intervention. FNB was intrigued by Lumension Security's Sanctuary Device and Application Control systems, which offered theoretical rather than proven benefits at the time. The tools let users run administratively approved programs only and restricts any unknown and unauthorized executables from springing to life. We liked the product's basic design; it is easier to contain a known universe than an unknown one, Rickels says. The software had other appealing features. Because user software was restricted, there would be less administrative work, and Sanctuary actually ran better than AV software because it was a lighter program. And the final selling point was that the Lumension system cost about 30 percent less than the Symantec option. ... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is bliss... iEYEARECAAYFAkh9WVYACgkQcfN68iZZIcfZhQCfR+dSMV7mbhPzYwT/urNiygFq 4HoAoJyi0CrxvWMDeEOXYdixhGNKeXga =pbwG -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Webroot founder missing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andy Sutton wrote: On Fri, 2008-07-11 at 20:10 -0700, Rob Thompson wrote: If any of you know him...Omega 3. I swear to god, it will help. Paran0ia in the b3dr00m? Send $$ now for the 0m3ga pillz! (I realize I'm going to the special hell for that, but I couldn't resist.) LOL - I was afraid that my message may come off like that. I really did send it, just in case any of you can reach him... It really will help. I put the specific brand because that's the one that I take. I have researched it and it is safe. There is a risk of heavy metal poisoning if you take a cheap or unfiltered brand. Thanks for the laugh. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is bliss... iEYEARECAAYFAkh47/IACgkQcfN68iZZIcc5HwCffm6rrB9ghOdvN5g2ayknwfGg 4PgAoLZXZmfXYcO0x/Z7RjqaASB/ZgHn =w7Gy -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Jabber
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Many many moons ago, I used to join the Funsec Jabber server. Is that still around? I can't find my connect info's anymore. If possible, please reply to this one at [EMAIL PROTECTED]. I tried to send this from there, but it was rejected. Otherwise I may miss it. I get HUNDREDS of e-mails to this account a day. The other is my personal account that I actually can catch everything that I'm looking for... ;p Thanks. :) - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is bliss... iEYEARECAAYFAkh4HQUACgkQcfN68iZZIcc6KQCfbgES/wYiPRbqcLHrKtxVVtoj VtgAmwaWLgjeyO6F6oMGiSazjhLWTKuN =FMvM -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Webroot founder missing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard M. Smith wrote: This is really sad situation…… If any of you know him...Omega 3. I swear to god, it will help. Nordic Naturals - Complete. Take 2 a day. EVERY day at the same time. I'm not trying to sell this product, just trying to help this guy out. For as bad off as he sounds, he is going to have to take it solid for a few months BEFORE any positive effects will be noticed, but it _will_help. http://www.foxnews.com/story/0,2933,380402,00.html *HONOLULU — The millionaire founder of an Internet software security company remained missing on Hawaii's main island of Oahu this week, police said.* Steven Thomas, 36, was last seen June 30 at the Princess Kaiulani Hotel in Waikiki, where his mother and a cousin were staying. His family said he was diagnosed with bipolar disorder in April but has refused medication. He thinks everyone on the island is out to get him, Candis Thomas said of her husband's bipolar condition. He thinks the military is involved, he thinks that aliens are involved, and he's just been in a real delusion state of being fearful. Thomas was arrested April 27 and taken to Castle Medical Center after he ran naked into the middle of a race/walk in front of his home in Lanikai. He also owns a home in Boulder, Colo. He is the founder of Boulder-based Webroot Software Inc. The software company that created the Spy Sweeper and Window Washer programs was sold in 2004 to a group of investors for about $108 million. Thomas was concerned about the poor performance of his investment portfolio and discussions about moving back to Colorado full-time, his wife said. … ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Ignorance is bliss... iEYEARECAAYFAkh4II0ACgkQcfN68iZZIcetTACeI8TCbiHHgRXpuw5SDKdZBtYd KM0AoNFUix/26AOFTGpUpOBcSjfYJ4pe =0QwE -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Unnatural airport environment ...
Yeah, this sounds like BS to me. My BS-o-meter is off the charts. They may as well hand out joints, instead...or wait, not treat us all like we're criminals??? I don't know about y'all, but I have done all I can to stay out of airports. I obey the law, but going through their inspection makes me feel like I may as well have done something wrong. And there is NO flashing light or soothing sound that is going to take that away. But that's just my 2 cents. Sorry about the top posting... Rob. On Thu, May 1, 2008 at 10:34 AM, Rob, grandpa of Ryan, Trevor, Devon Hannah [EMAIL PROTECTED] wrote: I find this extremely suspicious. It sounds too reasonable ... CBS News – A new airport security system, designed to better identify a terrorist or a suspicious traveler by reducing anxiety levels of passengers, was introduced Monday at Baltimore's Thurgood Marshall International airport. The security checkpoint combines new high-tech x-ray machines with calming lights and soothing music. The system is aimed at reducing the stress of passengers as they shove carry-ons through airport metal detectors while trying to balance themselves as they remove their shoes and dig for their boarding pass. The Homeland Security Secretary said that by lowering the stress level for everybody with a more soothing environment, it is hoped that someone who is up to no good will stand out more. The system is expected to be installed at airports across the country in future. http://www.cbsnews.com/stories/2008/04/29/cbsnews_investigates/main4053175.sh tml or http://tinyurl.com/6znc4h == (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] I would like to take you seriously, but to do so would insult your intelligence. http://victoria.tc.ca/techrev/rms.htm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] CompUSA Refuses To Accept Cash
I vote we take loose pennies and purchase laptops at that joke of a store. Yet another reason that I will not shop that that beheamoth of a mess. CompUSA is such a freaking riot - they're better than Calvin and Hobbes! ;p I just wish I understood why they are still in business from their obviously wonderful business ethic! I konw people that work there and would purposefully break peoples boxes worse than they were when they were brought in, to make them buy more in repairs. On Jan 24, 2008 3:56 AM, Juha-Matti Laurio [EMAIL PROTECTED] wrote: A CompUSA cashier summoned her manager and a security guard when Bud tried to pay for his purchases with cash. The promise of 40% discounts drew Bud to the Boisie, Idaho store, but he settled for a 10% discount on an iMac and several accessories. This is how the customer describes the case: I start counting out hundred dollar bills and the clerk goes nuts! Sir, we don't accept cash for this kind of purchase! You must use a credit card! she says at the top of her lungs. (I see her also hit a button on the phone at the same time.) Instantly a man shows up, clearly the manager from his nametag and the rent-a-cop security guy. Both tell me the same thing, NO CASH! You have to pay with a credit card! And he or she continues: So I called the store to see if the items I wanted were in stock, after I asked the guy about them he said, I know who you are, your the guy that wanted to pay cash. My district manager corporate called me and read me the riot act over this. Thanks for getting me in trouble! More at http://consumerist.com/346965/compusa-refuses-to-accept-cash Juha-Matti ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Math not Ironport's top suite?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob, grandpa of Ryan, Trevor, Devon Hannah wrote: | Date sent:Sun, 03 Feb 2008 17:48:14 -0800 (PST) | From: Chris Blask [EMAIL PROTECTED] | | 01000111 0111 01100100 01101001 0010 01110111 | 01100101 0111 01110010 01110011 0010 01100110 | 01110101 01101110 01101110 0001 0010 01101000 | 0111 01110100 01110011 0010 0111 01101110 | 01100100 0010 0110 01110010 01101001 0111 | 01101110 0010 01110011 01101101 01100101 01101100 | 01101100 01110011 0010 0110 01100110 0010 | 01000101 01101100 01100100 01100101 01110010 01100010 | 01100101 01110010 01110010 0001 0011 0010 | 0010 0010 00111010 0110 00101001 1101 | 1010 1101 1010 01101000 01100101 01100101 | 0010 01101000 01100101 01100101 0010 01101000 | 01100101 01100101 0011 1101 1010 1101 | 1010 1101 1010 1101 1010 1101 1010 | | 01000101 01101110 0110 01110101 01100111 01101000 00101100 | 0010 0111 01101100 01110010 01100101 0111 01100100 | 0001 00101100 0010 01110111 01100101 0010 0111 | 01101100 01101100 0010 01101011 01101110 0110 01110111 | 0010 01110111 01101000 01100101 01110010 01100101 0010 | 01110100 01101000 01100101 0010 01100011 0110 01101110 | 01110110 01100101 01110010 01110011 01101001 0110 01101110 | 0010 0111 0111 0111 01101100 01100101 01110100 | 0010 01101001 01110011 00101110 | 01011001 0110 01110101 0010 01101101 01100101 0111 01101110 0010 01001001 0010 01100100 0110 01101110 01110100 0010 01101000 0111 01110110 01100101 0010 01110100 0110 0010 01100010 01100101 0010 01100100 0110 01101001 01101110 01100111 0010 01110100 01101000 01101001 01110011 0010 01100010 0001 0010 01101000 0111 01101110 01100100 I'm sorry, I just couldn't resist... ;p | == (quote inserted randomly by Pegasus Mailer) | [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] |`*If* he finds out.'`If! If is good.'- Pain and Panic | http://victoria.tc.ca/techrev/rms.htm | ___ | Fun and Misc security discussion for OT posts. | https://linuxbox.org/cgi-bin/mailman/listinfo/funsec | Note: funsec is a public and open mailing list. | - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAken3CMACgkQcfN68iZZIcfT7gCgy1aSKkC8G1rnlJNTbFBQHZuu euEAn0cP1qG87DLegePGeZI/VPX9gY1Y =JoS6 -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Math not Ironport's top suite?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Drsolly wrote: | On Mon, 4 Feb 2008, Nick FitzGerald wrote: | | Hi all, | | What's wrong with this picture? Well, opening sentence... | |http://www.ironport.com/toc/ | |IronPort Threat Operations Center | |The 24x7x365 IronPort Threat Operation Center provides human |oversight to ensure speed and accuracy. Experienced analysts use |sophisticated tools to verify anomalies and approve automatically |generated Outbreak Rules. | | (and nit-picks about leap years don't count). | | Oooh, I know, I know. That should be 24x7x52, or maybe 24x365. Or maybe | 1x8760? What is the problem with taking just ONE day off every four years? :) PS - Chris, this is for you: 01010111 0110 01100011 01101011 0111 0010 01010111 0110 01100011 01101011 0111 | | ___ | Fun and Misc security discussion for OT posts. | https://linuxbox.org/cgi-bin/mailman/listinfo/funsec | Note: funsec is a public and open mailing list. | - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAkemXasACgkQcfN68iZZIceQJwCeJP7cCYOJl6UV3Qmr3Hb4HiX6 o00AmwfwJhsBDvlOlFa673UivN3RV/xt =Whmk -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Caught in a (Real) Security Bind
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Ferguson wrote: | Via eWeek. | | [snip] | | RealNetworks finds itself at the mercy of an exploit writer who refuses to | share details of a gaping hole in the widely deployed RealPlayer software. | | More than a month ago, on Dec. 16, 2007, a Russian security research firm | released an exploit for a zero-day vulnerability in RealNetworks' Maybe I'm naive... How hard would it be for RealNetworks, to purchase a copy of the software that has the exploit, reverse engineer it and then fix their program? It screams to me to make sense this way...am I missing something here? snip - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAkej5hYACgkQcfN68iZZIcdmAACfRXgs1WJ0utAbFmB3sadBsgVw JE4AoJHAbJaSfKiveoybGRSZN6eqdf5B =Rl3Z -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Removing Local Administrator Account
I wanted to thank every one that responded to the e-mail that I sent out previously (below). I had intended on writing back my 2 cents on the whole thing and acknowledge receipt of the responses, a while ago. I got wrapped up and haven't really been able to get to too much else... I didn't mean to be rude. Anywho - I think that it is a bad idea to remove the Local Admin acct. With the account gone, the only thing you are really doing is inhibiting the functionality of your IT department. If someone is going to do something malicious to the machine, they are going to do it whether that account is there or not. Again, thank you very much to every one that responded. I really do appreciate your time. Dear List, I have cross posted this question to another security list that I belong to, but I wanted to send this here as well, as I am specifically interested in your responses. I know you are all on this list and I can find you all here, which is why I am sending it...well, here. I know that this is off topic and this is not any kind of Fun Security, but I highly respect each of your opinions. I know I do not make many comments on this list, but I have watched it for over a year and I do pay attention to your responses. In my opinion you guys are all the best of breed in what you do... --- I am asking this as I will be presenting this to a company, as they have proposed this idea and I want to show them exactly what they are considering getting themselves into. What is your professional opinion on removing the local administrator account? Does this pose a security risk to have a local administrator account on a computer, so that IT staff (which are the only people in the organization that are entitled to this user/pass) can do work on a computer in a way that can not be securely audited? What I mean by this is, they all use this one account (for emergencies only), instead of using their own credentials over the network - thereby showing the local admin account was used, but not who used it. What are the risks involved in removing this account? Is this a general best practice, from a security point of view? If not, what is the best practice from a security point of view? Lastly, do you believe or not, that if the IT staff wanted to compromise a box, anonymously, would they really need this local administrator account on the box? Or would they still be able to do this, without the account there? Why? I sincerely appreciate your time and thank you in advance for any answers that you may pose. Also, if you see something that I did not consider in my questions, please feel free to include that as well. Please remember, if you think that this is a wise decision or not, PLEASE state your answers and why. -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Re: Removing Local Administrator Account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob Thompson wrote: | Dear List, | snip I would like to thank everyone that has replied to this as of yet. I am still collecting answers to this question. Tomorrow I am going to send a response with my own opinion in it. I just have not wanted to do so as of yet, as I do not want to taint the answers that I have recieved yet. I appreciate every single response that I have gotten back so far. Thank you very much! - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAkeMREoACgkQcfN68iZZIcdNogCgzXYcFPRw6lT+8h67fFJEyUGe wdUAn1CFjYV5ifA8Yf4ztpd/cOt7q+p3 =KdBu -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Old News - Can you help?
On Jan 12, 2008 3:39 PM, Young, Keith [EMAIL PROTECTED] wrote: I am trying to track down some information but am having a hell of a time finding it. I recall many moons ago, that AOL was shipping CD's that had a virus on it. Does anyone else remember this? AOL, no. I remember Microsoft shipping a Word macro infected doc on CDs and the Good Times AOL hoax that floated around for a while. Sure that you aren't thinking of one of these? Yeah, I am sure. I was talking to another one of my friends and he recalls it as well. He remembers it having to do with the cd's being found on a tanker off the coast of the UK or Asia. I don't quite remember it like that, but I do remember it. All of my searches keep pulling info to do with AOL's new AV service... ;p Thanks though, I do appreciate the response. --Keith Keith Young, Security Official Department of Technology Services Montgomery County, Maryland phone - (240) 777-2955 -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Removing Local Administrator Account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear List, I have cross posted this question to another security list that I belong to, but I wanted to send this here as well, as I am specifically interested in your responses. I know you are all on this list and I can find you all here, which is why I am sending it...well, here. I know that this is off topic and this is not any kind of Fun Security, but I highly respect each of your opinions. I know I do not make many comments on this list, but I have watched it for over a year and I do pay attention to your responses. In my opinion you guys are all the best of breed in what you do... - --- I am asking this as I will be presenting this to a company, as they have proposed this idea and I want to show them exactly what they are considering getting themselves into. What is your professional opinion on removing the local administrator account? Does this pose a security risk to have a local administrator account on a computer, so that IT staff (which are the only people in the organization that are entitled to this user/pass) can do work on a computer in a way that can not be securely audited? What I mean by this is, they all use this one account (for emergencies only), instead of using their own credentials over the network - thereby showing the local admin account was used, but not who used it. What are the risks involved in removing this account? Is this a general best practice, from a security point of view? If not, what is the best practice from a security point of view? Lastly, do you believe or not, that if the IT staff wanted to compromise a box, anonymously, would they really need this local administrator account on the box? Or would they still be able to do this, without the account there? Why? I sincerely appreciate your time and thank you in advance for any answers that you may pose. Also, if you see something that I did not consider in my questions, please feel free to include that as well. Please remember, if you think that this is a wise decision or not, PLEASE state your answers and why. - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAkeKZhAACgkQcfN68iZZIcd6tgCdH/esec+OQ+LKIlb+cDYnkel3 z6EAoLdbxU2lL1yC8G/GoSq3gEZSi7tT =y46m -END PGP SIGNATURE- ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Old News - Can you help?
Hello everyone. While this isn't any current news, it is still a tad fun so I hope it applies... I am trying to track down some information but am having a hell of a time finding it. I recall many moons ago, that AOL was shipping CD's that had a virus on it. Does anyone else remember this? If so, you wouldn't by any chance have any information laying around about it that you could either forward to me or point me to the right direction? I have been looking all day, on and off and have yet to find anything. It's beginning to get a tad frustrating... ;p I was telling someone about this a few days ago and they didn't believe me...so I'm trying to get something together to show them that I wasn't really joking at all. It's still humorous to me, as AOL is a virus, but... Thanks in advance for any help that you may have with this... -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Change the Channel... to Death!
On Jan 11, 2008 1:43 PM, Dude VanWinkle [EMAIL PROTECTED] wrote: Unbelievable: http://www.theregister.co.uk/2008/01/11/tram_hack/ snip It think we are lucky it was just a kid pulling a prank and the rest of the world should make sure this is not how their systems operate before the copycats come out of the woodworks.. Just imagine this type of information in the hands of terrorists... /me shudders. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] What do we do with 13 year old leet kiddies?
Thank you for the laugh. That was priceless. As a matter of fact, if you're ever interested in some company while doing that, shoot me a note. I'll egg them on. ;p On Dec 4, 2007 11:03 AM, Paperghost [EMAIL PROTECTED] wrote: See, first I found this guy. http://www.vitalsecurity.org/2007/11/portrait-of-artist-as-young-man.html Then I saw he had a little posse of wannabe hackers and phishers. http://www.vitalsecurity.org/2007/11/want-to-see-13-year-old-kids-going.html The solution? Make them wet their pants for 14 hours... http://www.vitalsecurity.org/2007/12/rise-up-with-fists-strike-down-with.html then flip the electrocution switch. http://www.vitalsecurity.org/2007/12/helgi-bernodus-witness-collapse-of-self.html I'd be lying if I said I didn't enjoy every second of that. Pg ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Buy our drugs and ...
On Dec 6, 2007 9:49 AM, Rob, grandpa of Ryan, Trevor, Devon Hannah [EMAIL PROTECTED] wrote: I have been noting, in some of the spam subject lines, not only the usual disregard of grammar, but one specific mistake. A number of them assert something along the lines of Say goodbye to ED dysfunction. Since ED stands for erectile dysfunction (how many spam filters did I just trip?), that means that they are promising to get rid of dysfunctional dysfunction, and presumably give you the real thing. So, logically, if you buy drugs from them the result will be ... Kinda reminds you of when you hear someone talking about those NIC cards (Network Interface Card cards) or better yet, TCBY Yogurt (The Country's Best Yogurt - Yogurt)... ;p -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Off Beat: U.S. Navy to Mask Swastika-Shaped Barracks
Thanks for the good laugh. Though on a more serious note. Those jerk off nazis really screwed that one up. That is a very powerful religious symbol, that the Nazi's ended up perverting and ruining the general populations perception of what that symbol means. Now people see it and what is the first thing that you think of? WW2 - Hitler - Nazi's - Death... What a shame. On 9/26/07, Paul Ferguson [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Too funny. Via The LA Times (props, Truthdig). [snip] The U.S. Navy has decided to spend as much as $600,000 for landscaping and architectural modifications to obscure the fact that one its building complexes looks like a swastika from the air. The four L-shaped buildings, constructed in the late 1960s, are part of the amphibious base at Coronado and serve as barracks for Seabees. - From the ground and from inside nearby buildings, the controversial shape cannot be seen. Nor are there any civilian or military landing patterns that provide such a view to airline passengers. But once people began looking at satellite images from Google Earth, they started commenting about on blogs and websites about how much the buildings resembled the symbol used by the Nazis. [snip] More: http://www.latimes.com/news/local/la-me-swastika26sep26,0,2973328.story - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFG+v+0q1pz9mNUZTMRAkt1AJ9fY2BP+jfaGkZBdWjft0+hvcAlZwCghaJs hPd7qrg5URe304uKnLVQ4sk= =Em4M -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Off Beat: U.S. Navy to Mask Swastika-Shaped Barracks
On 9/27/07, Ken Dyke [EMAIL PROTECTED] wrote: On Thu, Sep 27, 2007 at 02:37:25PM -0500, Brian Loe ([EMAIL PROTECTED]) wrote: If you want to twist those comments into a political statement, feel free, but leave me out of it since I'm NOT making a political statement! Claiming that the Iranians would be interested in sat images of a Seebee base on US soil with the implication of evil intent is a political statement. It is fear mongering of the very sort that the White House is presently engaged in to demonize Iran. The White House isn't the one that is demonizing Iran. Iran is doing that all on their own. -- Ken Dyke, 406.581.0495 Linux can win as long as services/protocols are commodities. By folding extended functionality into today's commodity services and creating new protocols, we raise the bar and change the rules of the game. -- from an internal Microsoft memo ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Research: Men Use Phones to Flirt
On 11/15/06, Rob, grandpa of Ryan, Trevor, Devon Hannah [EMAIL PROTECTED] wrote: Date sent: Thu, 16 Nov 2006 00:36:10 +0200 (EET) From: Juha-Matti Laurio [EMAIL PROTECTED] I know this is off-topic, maybe, On funsec? Research by Sheffield Hallam University and Virgin Mobile is reporting that British men consider their mobile phone an important status symbol - particularly in helping to attract the opposite sex. I assume size matters ... Why do you think I carry around the phone with the cord and seperate battery pack??? (Think of Lethal Weapon era) Oh yeah! == (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] That was Zen. This is Tao. Dictionary of Information Security www.syngress.com/catalog/?pid=4150 http://victoria.tc.ca/techrev/rms.htm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Rob ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.