Re: [funsec] You have just violated the Computer Fraud and Abuse Act...

2012-11-29 Thread Rob Thompson 
On 11/29/2012 04:36 PM, phester wrote:
 
 
 http://cfaadefensefund.com/

+1

 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] thanx so much for uhelp ican going to graduate to now

2010-11-15 Thread Rob Thompson 
If you think that's bad, try getting one of those tools to count back
change.  Don't forget your Polaroid to capture the moment forever...

On Mon, Nov 15, 2010 at 9:15 AM, Shawn Merdinger shawn...@gmail.com wrote:
 http://chronicle.com/article/The-Shadow-Scholar/125329/

 The Shadow Scholar
 The man who writes your students' papers tells his story
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Hackers (the movie) 15th Anniversary Party on Oct 2nd

2010-09-24 Thread Rob Thompson 
On 09/24/2010 01:21 PM, michael.blanch...@emc.com wrote:
 $500 gets you a hacker slave that has to wear a dress to the party.

That's exactly what I was thinking.  ;p

 
  SWEET!!! ;-)
 
 Michael P. Blanchard
 Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
 Office of Information Security  Risk Management
 EMC ² Corporation
 4400 Computer Dr.
 Westboro, MA 01580
 
 
 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On 
 Behalf Of Shawn Merdinger
 Sent: Friday, September 24, 2010 3:56 PM
 To: funsec
 Subject: [funsec] Hackers (the movie) 15th Anniversary Party on Oct 2nd
 
 A fun Kickstarter.com project.
 
 http://www.kickstarter.com/projects/fred/hackers-the-movie-15th-anniversary-party-on-oct-2n
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Google is Evil indeed...

2010-07-21 Thread Rob Thompson 
On Wed, Jul 21, 2010 at 6:42 AM, Jeffrey Walton noloa...@gmail.com wrote:
 I'd make the leap that Google's actions in other countries were not
 'inadvertent' either.

Those were my thoughts, exactly.


 Jeff




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Google is Evil indeed...

2010-07-20 Thread Rob Thompson 
http://www.prnewswire.com/news-releases/googles-wi-spying-and-intelligence-ties-prompt-call-for-congressional-hearing-98769559.html

The patent makes repeated reference to 'capturing' packets,
including paragraph [0055], which states that the system will enable
geolocations so long as the equipment being used 'is able to capture
and properly decode a packet...'



It has also been widely reported that Google has been working in
partnership with the National Security Agency, the very same
government body that illegally intercepted the private communications
of millions of Americans during the Bush administration.

-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] The ultimate Rickroll?

2009-09-15 Thread Rob Thompson 
You gotta see the pic.  It's priceless ;p

--

Early Wednesday morning, hackers installed seven notes on the great
dome’s temporary scaffolding, commenting on its close resemblance to a
musical score. The notes were the first seven of Rick Astley’s “Never
Gonna Give You Up.”

http://tech.mit.edu/V129/N35/graphics/notehack.html

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Hello. I live in Salem, and I believe in witches.

2009-09-09 Thread Rob Thompson 
ch...@blask.org wrote:
 
  What else can/should a president say to every kid in the country?

He may have wanted to include, I'm not as bad as all of your parents
say I am...really.

*under his breath - Even though they are right.

 
 -chris
 
 
   
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Hello. I live in Salem, and I believe in witches.

2009-09-09 Thread Rob Thompson 
valdis.kletni...@vt.edu wrote:
 On Wed, 09 Sep 2009 13:27:55 EDT, Adriel T. Desautels said:
 Witches are real... technical speaking
 
 And most Wiccan belief systems are more reality-based and have a higher chance
 of producing actual results than the majority religion around here...
 
 Kinda like how most people end up buying Microsoft even though there's better
 alternatives...
 

+1

Free alternatives at that...

 
 
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?

2009-09-08 Thread Rob Thompson 
Nick FitzGerald wrote:
 Rob Thompson wrote:
 
 This is akin to closing down a freaking bank, because they cashed a
 fraudulent check.
 
 No -- to stick with your grievously weak analogy, it is much more like 
 very heavily (punitively -- get it?) fining a bank and its manager for 
 repeatedly cashing fraudulent checks _from one known fraudster_.

Point taken.

I still do not agree with it.  I think that it is a piss poor job on
behalf of law enforcement.  Get the _one known fraudster_ that is
committing the actual act.  BEFORE it is permitted to be repeated.

Now if the hosting site is hosting (as in advertising, come here to host
your illegal warez for $$$) to cater to the criminal, that's another
story.  But that isn't how I am interpreting this.  I am interpreting
this as sheer laziness and quite frankly it's rather pathetic.  Passing
the buck isn't okay.  We count on the schools to raise our kids and the
ISP to police the interwebs.  Bullshit!

 
 If the penalty is enough to actually put the bank out of the business, 
 the other customers move their accounts with that bank to another bank 
 and get on with their lives.
 
 AND you can bet that they will be quite a bit more careful in checking 
 out the bona fides and likely business practices when evaluating the 
 prospective banks for that move!
 
 
 Finally, as all that is at issue in this case are just bits at rest on 
 server drives and zipping around fibre and copper circuits, it's much 
 easier and MUCH LESS disruptive to the other customers of the 
 convicted, active, complicit fraud-enabler in the online world than in 
 your bricks-and-mortar bank analogy.
 
 
 If you're going draw analogies, please at least try to make them 
 modestly apposite...
 

Guns don't kill people, people kill people???

Let's get Remington on the phone.  If you didn't sell the gun to the gas
station robber, he wouldn't have knocked off those seven petrol stands...

 
 
 Regards,
 
 Nick FitzGerald
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?

2009-09-08 Thread Rob Thompson 
Paul Ferguson wrote:
 On Mon, Sep 7, 2009 at 11:14 PM, Rob Thompsonmy.security.li...@gmail.com
 wrote:
 
 Now if the hosting site is hosting (as in advertising, come here to host
 your illegal warez for $$$) to cater to the criminal, that's another
 story.  But that isn't how I am interpreting this.  I am interpreting
 this as sheer laziness and quite frankly it's rather pathetic.  Passing
 the buck isn't okay.  We count on the schools to raise our kids and the
 ISP to police the interwebs.  Bullshit!
 
 
 Have you ever heard of criminal negligence?

http://www.thefreedictionary.com/criminal+negligence

Noun1.  criminal negligence - (law) recklessly acting without reasonable
caution and putting another person at risk of injury or death (or
failing to do something with the same consequences)

--

From the article:

In a lawsuit brought by fashion company Louis Vuitton, a jury ruled that
two ISPs -- Akanoc Solutions and Managed Solutions Group -- knew about
counterfeit Vuitton goods that were being sold on their customers'
sites, but didn't act quickly to pull the plug on those sites. The
decision was first reported on Tuesday.

 
 I suppose you think that's bullshit, too?

Yes, I do.  It's a hand bag.  If someone is at risk of personal injury
or death because a hand bag was sold illegally, then I guess I stand
corrected.

Otherwise, we'll have to agree to disagree.

I'm not saying that the ISP (if they _really_ did know - and the proof
wasn't given - so I am skeptical) couldn't have done something about it.
 But to make another one of these half-assed laws, when is enough
enough?  If the ISP were mine, I would have removed it, on my own
accord...but not because of yet another unnecessary law.

The right way to do it, don't buy the counterfeit goods.  If there is no
 money in it, no one will do it.  There are other, better ways, than this.

 
 - ferg
 

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?

2009-09-08 Thread Rob Thompson 
Best I can say is this...from my last reply.  And this is the last I'll
say.  I can see my opinion is far from popular.

If they were selling Anthrax, I wouldn't have said a word.  _THAT_ is
different.

Freaking handbags!!!


Paul Ferguson wrote:
 On Mon, Sep 7, 2009 at 11:14 PM, Rob Thompsonmy.security.li...@gmail.com
 wrote:
 
 Now if the hosting site is hosting (as in advertising, come here to host
 your illegal warez for $$$) to cater to the criminal, that's another
 story.  But that isn't how I am interpreting this.  I am interpreting
 this as sheer laziness and quite frankly it's rather pathetic.  Passing
 the buck isn't okay.  We count on the schools to raise our kids and the
 ISP to police the interwebs.  Bullshit!
 
 
 Have you ever heard of criminal negligence?
 
 I suppose you think that's bullshit, too?
 
 - ferg
 

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?

2009-09-08 Thread Rob Thompson 
Paul Ferguson wrote:
 
 Okay, a better question -- how do you feel if it's truly a criminal
 enterprise (e.g. click fraud, DNS Changer malware, credential stealing
 malware, credit card theft/trafficking, child porn, et al.)?

I'm digging myself a hole I won't be able to crawl out of here, but let
me try.  I am not very well spoken and what I am trying to say, isn't
coming out right.

click fraud, DNS Changer malware, credential stealing
 malware, credit card theft/trafficking

Most of these things can be prevented with basic care by the end user.
No ISP involvement needed.  Keep your computer up to date, use a OS that
isn't broken, FF - Noscript (goes _a long_ way), AV that is current
and enabled.

I typically do not feel bad for the folks that have those things happen
them.  I do not know about you, but most people I meet that have
computer troubles tell me about them.  I explain that it is a virus and
what can happen.  They don't care.  Until it does happen and they lose
their identity.  Then it is too late and the bad guy won.

With the fact that this type of stuff is on the 7 o'clock news regularly
now, excuses are running paper thin.

child porn

That is a whole different can of worms and _that_ is the type of stuff
that should be acted on.  There someone is being hurt.  If the hosting
provider doesn't clean it upon finding it, or upon the first reporting,
then not only should the poster, but the hosting provider, be lit on fire.

 
 Are you familiar with Atrivo/Intercage, McColo, and Cernel? Russkrainain
 criminal activity right here in the Good Ole U.S. of A,?
 
 What's you position on that?

I am familiar with these things, yes.

For example, McColo, made no significant difference.  It was closed, and
spam levels dropped briefly.  They are right back where they were, like
it never happened.

If the folks would stop buying it, the senders would stop sending.

 
 - ferg
 

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?

2009-09-08 Thread Rob Thompson 
Nick FitzGerald wrote:
 Paul Ferguson to Rob Thompson:
 
 What's you position on that?
 
 Based on his posts to date, I'd hazard bent double, legs spread and 
 with as firm grip as possible on his ankles...
 

You know, I have refrained from personal attacks.

But you sir, are a grade a asshole, and a fucking prick on top of that.

Lemme know when you're on this side of the pond, I'd love to meet you
face to face.

 
 
 Regards,
 
 Nick FitzGerald
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] OT: New England Lemmings and The Herd Mentality

2009-09-07 Thread Rob Thompson 
Alex Eckelberry wrote:
 Now, for an In-And-Out burger, I could understand.  But Sonic...? 

Try their Oceanwater.

It's worth the wait.

 
 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Jon Kibler
 Sent: Monday, September 07, 2009 3:56 AM
 To: funsec@linuxbox.org
 Subject: [funsec] OT: New England Lemmings and The Herd Mentality
 
 I find myself on vacation just outside of Peabody, MA. While trying to
 locate the hotel, noticed that the entire right shoulder of the road for
 almost a half mile before the hotel was a solid line of cars. They even
 had cops directing traffic. Asking at the registration desk what was up
 with the line, was told that the line was for the new Sonic Drive-In
 (http://www.sonicdrivein.com/) that had opened last Wednesday 2 blocks
 further up US-1!
 
 I then had to ask what was the big deal, were they giving away free food
 or something? It turns out that this is the first Sonic in New England.
 People have been coming from as far away as Maine, Vermont, Rhodes
 Island, Connecticut, and New York just to try out the latest junk food
 chain! Some have driven 4 or more hours just to sit in line to eat a
 hamburger in their car. Those arriving late
 have been finding the restaurant out of food and closing early. In
 addition to the line down US-1, I also found that there is a back
 entrance that has a line that stretches further than one can see.
 Thinking about it, this has to make Sonic one of the highest carbon
 footprint foods in the world!!
 
 Coming from an area that is saturated with Sonics, I cannot believe that
 anyone would wait in line -- and apparently do so for hours -- for Sonic
 Drive-In food.
 IMHO, the food at just about every other burger and shake joint is
 better. The only novelty is that it is like a 50s drive-in where you are
 waited on by servers in roller skates and you have to eat in your car or
 take it home (no inside dining).
 
 Geeze, and all these years I had thought that lemmings were herbivores.
 :-)
 
 Jon

==
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] ruling: liability for providers who don't act on clients' illegal activities?

2009-09-07 Thread Rob Thompson 
Gadi Evron wrote:
 Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites
 http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml
 
 'Landmark case' indicates that ISPs may be held liable if they know
 about criminal activity on their customers' Websites and fail to act
 
 A federal jury in California this week levied a total of $32 million in
 damages from two Internet service providers that knowingly supported
 Websites that were running illegal operations.
 
 In a lawsuit brought by fashion company Louis Vuitton, a jury ruled that
 two ISPs -- Akanoc Solutions and Managed Solutions Group -- knew about
 counterfeit Vuitton goods that were being sold on their customers'
 sites, but didn't act quickly to pull the plug on those sites. The
 decision was first reported on Tuesday.
 
 The ruling has been called a landmark decision by some legal experts,
 who note that ISPs historically have been protected by the Digital
 Millennium Copyright Act, which limits service providers' liability for
 criminal actions that take place on their networks.
 

Way to go...way to go after the _real_ criminal.

This is akin to closing down a freaking bank, because they cashed a
fraudulent check.

 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] New Zealand Woman Fired for Sending ALL CAPS E-Mail

2009-09-04 Thread Rob Thompson 
quispiam lepidus wrote:
 Way to be judgemental about someone you have no clue about.

Have no clue about?  She aired her dirty laundry for the world.  She
sued them, instead of holding her head high, accepting she wasn't wanted
and moving on - then passed blame because she couldn't find another job
for two years.  Actions speak loudly, she made her character crystal clear.

She looks just like one of those accounting ladies that will hold your
spiff-check over the weekend, if you got busy and forgot to help her
with her lame excel formula.  Just because she can and as far as she is
concerned, you inconvenienced her, so she will return the favor.  Versus
accepting your apology and explanation and trying to move on.

Whether you agree with being judgmental or not, you know that there is
truth to it.  It's all on your tact and how you handle it.  There aren't
that many types of people.  We all lump into one category or another.

I wouldn't just walk up to her and say, you look like a bitch and
deserved what you got, but that doesn't mean I'm not thinking it...

 
 On Thu, Sep 3, 2009 at 8:55 AM, Rob Thompsonmy.security.li...@gmail.com 
 wrote:
 I'm sure there's more to the story than that.  They probably just picked
 a poor excuse to get rid of her.

 I dunno about you, but to me she doesn't look like a very pleasant
 person.  She probably asked for it.  Then cried to all after she got
 fired.  Instead of accepting responsibility and moving on like an adult,
 she sued.

 Lame.


 Ned Fleming wrote:
 The Kiwis are some hard-hearted mother dogs.


 http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1objectid=10594014

 WON'T THE CARE POLICE STEP UP AND PROTECT THIS POOR CREATURE?

 what do they do to people eschewing all capitals, such as i, i ask.
 prison sentences?


 --
 Rob

 +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
 | _   |
 |  ASCII ribbon campaign ( )  |
 |   - against HTML email  X   |
 |/ \  |
 | |
 +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.

 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] New Zealand Woman Fired for Sending ALL CAPS E-Mail

2009-09-02 Thread Rob Thompson 
I'm sure there's more to the story than that.  They probably just picked
a poor excuse to get rid of her.

I dunno about you, but to me she doesn't look like a very pleasant
person.  She probably asked for it.  Then cried to all after she got
fired.  Instead of accepting responsibility and moving on like an adult,
she sued.

Lame.


Ned Fleming wrote:
 
 The Kiwis are some hard-hearted mother dogs.
 
 
 http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1objectid=10594014
 
 WON'T THE CARE POLICE STEP UP AND PROTECT THIS POOR CREATURE?
 
 what do they do to people eschewing all capitals, such as i, i ask.
 prison sentences?
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] How [not] to Secure Your Browser's Saved Passwords

2009-09-01 Thread Rob Thompson 
Ali, Saqib wrote:
 Gina Trapani of Lifehacker wrote a small piece on how to save
 passwords for websites in firefox and secure it using a master
 password:
 http://blogs.harvardbusiness.org/trapani/2009/09/how-to-secure-your-browsers-sa.html
snip
 Your thoughts? Do you think saving passwords in a browser is safe and secure?

Only if you want to end up in the next episode of zf0.

 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] If Swine Flu Weren't Enough, Now There's Swine Ebola

2009-08-26 Thread Rob Thompson 
chaim.rie...@gmail.com wrote:
 When the dude said on that little hill in the middle of the desert, don't eat 
 pork. He meant it.

But what would life be, without bacon?

*oink

 
 Ps. I don't listen to the dude
 --Original Message--
 From: Paul Ferguson
 Sender: funsec-boun...@linuxbox.org
 To: funsec@linuxbox.org
 Subject: [funsec] If Swine Flu Weren't Enough, Now There's Swine Ebola
 Sent: Aug 26, 2009 14:12
 
 Don't worry, it can't hurt youyet. :-)
 
 http://www.scientificamerican.com/article.cfm?id=swine-ebola-discovered
 
 Enjoy!
 
 - ferg
 

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Thoughts on Bing

2009-08-11 Thread Rob Thompson 
rac...@mcs.anl.gov wrote:
 My daughter bruings up a  couple of questions after getting malware
 hits while doing searches on Bing.
 
 Since Bing is backed by MS, it's a default that people will or
 are probably getting with new MS installs or upgrades.  Meaning
 you have a highly targette audience.  Is that community targetting
 Bing any heavier than others?
 
 Since Bing's advertising is all about giving you the answers you
 want, not some random stuff that may be close, is it a more
 valuable/trustworthy result?

No.

I finaly caved and gave it a whirl and it's as worthless as the rest of
the other search engines out there (Google excluded).  Personally, I am
sticking with Google.  If it aint broke...

 
 If people get a fakeAV popup from Bing, are they more likely
 to trust it than if they got it from Facebook, MySpace, or Google?
 

It only depends on how misinformed they are.

 --Gene
 
 PS: My impression of Bing has been that MS has done it again.
 Bing is the sound that the cartoon Ricochet Rabbit made just before
 speeding off and crashing into a cactus, wall or pile of junk.
 It's also the sound that a small rusty bolt makes just before it
 busts you knuckles while trying to extract it and twists off
 instead of coming out of the hole.
 
 /~\ The ASCII Gene Rackow   email: rac...@anl.gov
 \ / Ribbon Campaign   Cyber Security Office voice: 630-252-7126
  X  Against HTML  Argonne National Lab  
 / \ Email!9700 S. Cass Ave. / Argonne, IL  60439
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Bank security

2009-07-23 Thread Rob Thompson 
Rich Kulawiec wrote:
 About a year ago, I went several rounds with a local financial institution
 while trying to deposit money into an account.  They wanted a thumbprint
 in order to verify that fraud wasn't being attempted, and were utterly
 impervious to the point that it was a DEPOSIT, not usually a profitable
 means of fraud.

If it was a deposit into an account other than your own and it was a
check, that would make a little bit of sense, but I would think it would
drive customers away.  That's not a Federal guideline, if you're in the
US, btw - it would have been a local policy.

If it was your own account, I would recommend you to change banks.
Personally, I would never do business with a place that has rules of
that sort.

Depositing is a profitable means of fraud.  It's how check kiting is done.

 
 ---Rsk
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] File this one under WTF

2009-07-23 Thread Rob Thompson 
quispiam lepidus wrote:
 http://news.bbc.co.uk/2/hi/technology/8161190.stm
 
 UAE Blackberry update was spyware

Why is this such big news?  Did we all forget?

http://www.schneier.com/blog/archives/2008/05/blackberry_givi_1.html

BlackBerry Giving Encryption Keys to Indian Government

 
 An update for Blackberry users in the United Arab Emirates could allow
 unauthorised access to private information and e-mails.
 
 The update was prompted by a text from UAE telecoms firm Etisalat,
 suggesting it would improve performance.
 
 In the statement, RIM told customers that Etisalat appears to have
 distributed a telecommunications surveillance application...
 independent sources have concluded that it is possible that the
 installed software could then enable unauthorised access to private or
 confidential information stored on the user's smartphone.
 
 The update has now been identified as an application developed by
 American firm SS8. The California-based company describes itself as a
 provider of lawful electronic intercept and surveillance solutions.
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Canadian Television

2009-06-09 Thread Rob Thompson 
Trailerpark Boys is rather entertaining when you're killing a few brain
cells.


Gadi Evron wrote:
 Chris Boyd wrote:
 On Jun 9, 2009, at 5:01 PM, Ned Fleming wrote:

 Canadian TV? Utterly unremarkable, like watching snow fall.
 No, not entirely (and I'm not Canadian either).

 Early Red Green episodes are hilarious, but the later ones just  
 cover too much of the same ground.  The segments where Red Green  
 builds or repairs something are the best, IMO.  If the women don't  
 find you handsome they should at least find you handy.

 There's also a show that aired in the US as The Industry that's sort  
 of like (but predates) The Office but it covers the infighting in a  
 company that produces a TV show.

 
 Canadian scifi makes me want to kill myself, but they have nice 
 cooperation with Germany which means nudity (Lexx). ;)
 
 The show I like most from .CA recently is Flashpoint. It's scripted so 
 that every episode evokes emotion in me the same exact way, but I love 
 it anyway.
 
   Gadi.
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Death by code release

2009-01-14 Thread Rob Thompson 
Peter Evans wrote:
 On Tue, Jan 13, 2009 at 06:19:25PM -0800, Rob Thompson wrote:
 Peter Evans wrote:
 Well, I wonder if it is as anal as vista (which I have, but
 to be quite honest, can't be arsed to install) about HDCP and
 content encraption.
  
 It would be a safe assumption that it will be worse.  Remember,
 Micro$oft was the fine group that force Palladium down our throats.  But
 to be fair, we all know what can be said about assumptions.
 
   Ah, but Palladium stops spam!
 
   All I can find though, is FUD though. Does it really exist?

That was the name of the project before people were put off by what it
really was.

Now it is TPM.

 
   P
  
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Death by code release

2009-01-14 Thread Rob Thompson 
valdis.kletni...@vt.edu wrote:
 On Wed, 14 Jan 2009 13:07:54 +0900, Peter Evans said:
 On Tue, Jan 13, 2009 at 06:19:25PM -0800, Rob Thompson wrote:
 Peter Evans wrote:
Well, I wonder if it is as anal as vista (which I have, but
to be quite honest, can't be arsed to install) about HDCP and
content encraption.
  
 It would be a safe assumption that it will be worse.  Remember,
 Micro$oft was the fine group that force Palladium down our throats.  But
 to be fair, we all know what can be said about assumptions.
  Ah, but Palladium stops spam!

  All I can find though, is FUD though. Does it really exist?
 
 Many systems now include a TPM chipset.  That's about all that's *really*
 happened. Most of the rest evaporated when it became clear that consumers
 really prefer their media without insane DRM attached to it (except for
 all the Vista DRM stuff that still ended up in there anyhow).
 

I guess I should have read up one more message before my other response.

What Valdis said...  ;p

 
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.


-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] UK Censorship: Brit Porn Filter Censors 13 Years of Net History

2009-01-14 Thread Rob Thompson 
Paul Ferguson wrote:
 Completely whacked.
 
 Via El Reg.
 
 [snip]
 One Demon customer tells us he was unable to visit archived versions of
 websites run by the BBC, Parliament, the United Nations, the Internet Watch
 Foundation, Demon Internet, and Thus. In other words, this customer points
 out, Thus is blocking its own web history. It is nuts, he says.

Isn't this why god invented proxy?  It is horribly sad that it has come
to this point.

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Death by code release

2009-01-13 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I can't believe that there are really that many people that are
interested in Windoze 7, after Vista sucked as badly as it did.

People just do not learn, do they???

This is coming from a reformed Windoze (l)user.

Rob.


Rob, grandpa of Ryan, Trevor, Devon  Hannah wrote:
 I loved the BBC cutline on this story:
 
  * Windows 7 now 'available to all' *
 Microsoft has announced the latest Windows release will not be limited, after
 the initial launch crashed the whole of the Microsoft site. 
 
 So, Microsoft has decided to release, to the whole world, a product that 
 crashed 
 their systems?
 
 Well, not quite:
 
 http://news.bbc.co.uk/go/em/-/2/hi/technology/7825111.stm
 
 
 ==  (quote inserted randomly by Pegasus Mailer)
 rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
 Looked up the Biblical description of the Beast, who wears [666]
 ...says he has two horns, like a sheep, can call down fire from
 out of the sky, and that people would worship him because of this
 ability ... I *knew* there was something creepy about Pikachu...
  - R. H. Draney on a.f.u
 http://victoria.tc.ca/techrev/rms.htm 
 http://blog.isc2.org/isc2_blog/slade/index.html
 http://blogs.securiteam.com/index.php/archives/author/p1/
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.


- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is Bliss...

iEYEARECAAYFAkltMqIACgkQcfN68iZZIcdoLgCg3uEDfadeMJ4ib+alIynsQ2+G
n+sAoIjWEkP8k3AN8HabSE854QI/WbqZ
=n2hQ
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Death by code release

2009-01-13 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Peter Evans wrote:
   Well, I wonder if it is as anal as vista (which I have, but
   to be quite honest, can't be arsed to install) about HDCP and
   content encraption.

It would be a safe assumption that it will be worse.  Remember,
Micro$oft was the fine group that force Palladium down our throats.  But
to be fair, we all know what can be said about assumptions.

 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.


- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is Bliss...

iEYEARECAAYFAkltS6UACgkQcfN68iZZIcdy2QCgqNYHVtScpwwRFBQv0IvG2a6D
mzUAn1phV52yvPXPGTQ8lQHgANE4e3rj
=w9Ni
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] NYPD Eyes Disrupting Cell Phones in Event of Terrorist Attack

2009-01-09 Thread Rob Thompson 
Paul Ferguson wrote:
 Another brilliant idea.

Man, if this one isn't a winner, I don't know what is...

You'd think that this J/O must be consulting with the British folks that
want to remove all of the privacy from their citizens...in the name of
security, of course.

 
 Kelly stressed the need for law enforcement to be able to disrupt cell
 phone calls and other communications during an attack, pointing to threats
 posed by the media when they disclose law enforcement tactics during live
 coverage that can get passed back to the attackers.

You should also disable that service so that the lady that is walking
down the street and sees the terrorists fleeing can not call in and
report it.

Maybe they will disable short wave as well.  I mean hell, why not just
EMP the whole downtown core?  That will fix them ALL!

WE HAVE A WEENER!!!

 
 [snip]
 
 More:
 http://www.foxnews.com/politics/2009/01/08/nypd-interrupt-cell-phone-servic
 e-event-terrorist-attack/
 
 - ferg
 

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Home of the free

2008-08-26 Thread Rob Thompson 
I think that there were some death threats to Obama...

You'd think that we were, but it seems like our Country is not yet
mature enough for a black president.

Freaking sad if you ask me...  Though I do understand where you're
coming from, in regards to that is a TOUCH overboard.  What are they
going to do if he WINS???

On Mon, Aug 25, 2008 at 1:30 PM, Rob, grandpa of Ryan, Trevor, Devon 
Hannah [EMAIL PROTECTED] wrote:
 Two U.S. cities will become virtual fortresses during the Democratic and
 Republican nominating conventions, protected by airplanes, helicopters, 
 barriers,
 fences, and thousands of police officers, National Guard troops, and Secret 
 Service
 agents. In Denver, Colorado, where Democrats assemble next week, police are
 spending $18 million on equipment alone and will be bolstered by National 
 Guard
 troops and hundreds of officers from surrounding suburbs. In St. Paul, 
 Minnesota,
 site of the September 1-4 Republican nominating convention, police are 
 calling on
 80 law- enforcement agencies to provide 3,000 officers to supplement the 
 city's
 500-person force. The federal money is being spent for security measures such 
 as
 fencing and high- tech camera-surveillance systems. More than 1,000 National
 Guard troops will help with communication and supplies in Denver, said a
 spokesman for the Colorado National Guard. More than 1,000 Minnesota
 National Guard troops will help provide security at sites outside the Xcel 
 Center
 that are being used by convention participants, said a Guard spokesman. The
 North American Aerospace Defense Command, based at Peterson Air Force Base
 in Colorado Springs, will also participate. The Federal Bureau of 
 Investigation
 plans to use a new version of a computer network that lets all its branch 
 offices
 build leads on cases. The Coast Guard will monitor the Mississippi River near 
 the
 Xcel Energy Center.

 http://www.bloomberg.com/apps/news?pid=20601070sid=aJgx7Uji1acIrefer=ho
 me

 ==  (quote inserted randomly by Pegasus Mailer)
 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 Blessed are they who have nothing to say and who cannot be
 persuaded to say it.  - James Russell Lowell
 victoria.tc.ca/techrev/rms.htm 
 blogs.securiteam.com/index.php/archives/author/p1/

 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Off Beat: Tennessee Police Use Controversial Drug to Subdue Prisoners

2008-07-18 Thread Rob Thompson 
What the shit is going on in this country?

The cops can drug you?

Cameras on every freaking street corner.

Electronic monitoring in Massachusetts that's coming up...

WTF?

Anyone ever seen Equilibrium?  Is this where we are headed?

On Fri, Jul 18, 2008 at 12:12 PM, Paul Ferguson [EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 WTF?

 Via WSMV.com.

 [snip]

 While the [Nashville, TH] Metro police had banned the use of Tasers for a
 time, they still used a controversial method to subdue unruly people,
 according to an I-Team report.

 The city's policy to use the method, which calls for the injection of a
 drug into a person, came as a total surprise to people most would expect
 to know all about it.

 For almost two years, Metro police have had the option of calling for a
 needle loaded with a strong sedative to control the most unruly people they
 encounter on the street.

 One of the doctors who came up with the protocol said it's the safest
 option out there and that it is used all over the country.

 But many people said that the injection was news to them, and a top medical
 ethicist said it's a troubling precedent.

 The drug is called Midazolam, which is better known as Versed. People who
 have had a colonoscopy have probably had a shot of the drug for the
 procedure.

 The drug has an amnesia effect, and we use that therapeutically because
 one of the nice ways to take care of the discomfort is to make people
 forget that they've had it, said biomedical ethics and law enforcement
 expert Dr. Steven Miles.

 But the shots have also been used on the streets on people police said were
 out of control.

 [snip]

 More:
 http://www.wsmv.com/news/16844880/detail.html

 Hat-tip, Schneier:
 http://www.schneier.com/blog/archives/2008/07/midazolam_as_a.html

 And as Schneier points out:

 The biggest side effect is amnesia, which makes it harder for any
 defendant to defend himself in court.

 - - ferg

 -BEGIN PGP SIGNATURE-
 Version: PGP Desktop 9.6.3 (Build 3017)

 wj8DBQFIgOskq1pz9mNUZTMRArEaAKDZsEu17xdyhG3WKE3Z5dy4Nwl2+QCfRT2L
 T3qXO5PJ9Mj48lrQbyBvU90=
 =JB+W
 -END PGP SIGNATURE-



 --
 Fergie, a.k.a. Paul Ferguson
  Engineering Architecture for the Internet
  fergdawg(at)netzero.net
  ferg's tech blog: http://fergdawg.blogspot.com/


 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] the most brilliant advertising: Penis Reduction

2008-07-18 Thread Rob Thompson 
On Fri, Jul 18, 2008 at 7:54 AM, RandallMan [EMAIL PROTECTED] wrote:

 --

 Message: 1
 Date: Thu, 17 Jul 2008 19:11:24 -0500 (CDT)
 From: Gadi Evron [EMAIL PROTECTED]
 Subject: [funsec] the most brilliant advertising: Penis Reduction
 To: funsec@linuxbox.org
 Message-ID: [EMAIL PROTECTED]
 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

 Ever since Viagra if it lasts more than four hours, go see a doctor,
 there just hasn't been anything that compares.

 And now, introducing--Penis Reduction Pills!

 Just leave them where the girl you are interested in can find them. :)

 http://www.penisreductionpills.com/

 And make sure to check:
 http://www.projectwonderful.com/img/uploads/pics/16697-1214194541.gif

Gadi.


 --


 Gadi
 Don't bother with them, they don't work

That just sucks.  Because the tip in the cold water is getting old...


 ===
 I was not dru k. I could lay on the floor and not hold on just fine.

 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Where does the Republican Party stand on the 1st Amendment?

2008-07-18 Thread Rob Thompson 
Sorry for top posting, but to answer the question:

Where does the Republican Party stand on the 1st Amendment?

Right on top of it, with dog - crap covered shoes...

Not that the Demo's are any better...

On Fri, Jul 18, 2008 at 10:47 AM, Richard M. Smith
[EMAIL PROTECTED] wrote:
 http://blog.wired.com/27bstroke6/2008/07/gop-threatening.html

 GOP Threatens CafePress Over Shirts, Stickers and Logos

 The Republican National Committee is threatening to sue CafePress for
 hosting an online venue for vendors to hawk GOP-related regalia like
 T-shirts, stickers and portrayals of elephants.

 The committee, as it turns out, owns the trademarks to GOP, Grand Old
 Party, Republican National Committee, RNC and the official GOP elephant
 logo.

 Sean Cairncross, the party's chief counsel, wrote (.pdf) the Foster City,
 California online vendor that the GOP takes infringements upon its
 trademarks seriously.

 Please cease and desist from allowing vendors to utilize the federally
 registered trademarks of the RNC or we will be forced to consider a legal
 remedy, Cairncross wrote CafePress.

 ...


 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] SF serving malware?

2008-07-18 Thread Rob Thompson 
On Fri, Jul 18, 2008 at 4:47 PM, Rob, grandpa of Ryan, Trevor, Devon 
Hannah [EMAIL PROTECTED] wrote:
 OK, if Childs is behind this, fry him: if he isn't, fry them.

I'm with you on this one...


 Finjan reported Wednesday that the city of San Francisco Web site was one of
 over 1,000 sites treating visitors to malicious code. Vulnerable users got a 
 Trojan
 loaded onto their machines that tries to join them to the Asprox botnet, a 
 smaller
 botnet that began expanding in May. The SFgov site is apparently fixed. The
 deputy director of San Francisco's department of telecommunications and
 information services said the city detected and fixed the problem. He said 
 SFGov
 was vulnerable over the last weekend in June. He does not know how many people
 visited the site, but said no city employees' machines were affected.

 http://www.sfgate.com/cgi-bin/blogs/sfgate/detail?blogid=19entry_id=28215

 ==  (quote inserted randomly by Pegasus Mailer)
 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 I like pigs. Dogs look up to us. Cats look down on us. Pigs treat
 us as equals.- Winston Churchill
 http://victoria.tc.ca/techrev/rms.htm

 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] This is a test

2008-07-17 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I had sent in a few comments earlier and never saw them come through...

Just checking to make sure that everything is working right...
- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is bliss...

iEYEARECAAYFAkiAAusACgkQcfN68iZZIceLJwCeOJ6LFd2pExeaitGAH93vf2AD
j4kAmwWVwHkxxwoMa4i7ABRPVFWEbZwY
=OCzG
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Off Beat: Proposed Bush Sewage Plant Will Appear SF Ballot

2008-07-17 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Paul Ferguson wrote:
 Via CBS5.com (AP).
 
 [snip]
 
 A San Francisco measure seeking to commemorate President Bush's years in
 office by slapping his name on a city sewage plant has qualified for the
 November ballot.
 
 The measure certified Thursday would rename the Oceanside Water Pollution
 Control Plant the George W. Bush Sewage Plant.
 
 Backers said the idea is to commemorate the mess they claim Bush has left
 behind by actions such as the war in Iraq.

Or gas prices?  State of the Country's employment?  Housing market?
Price of food?  Value of the dollar?

Gee, where to begin.

And I voted for that assclown...  :(

 
 [snip]
 
 How apropos.
 
 More:
 http://cbs5.com/local/bush.sewage.plant.2.774019.html
 
 Also:
 http://www.independent.co.uk/news/world/americas/san-francisco-to-vote-on-n
 aming-sewer-after-george-bush-855433.html
 
 - ferg
 

- --
Fergie, a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is bliss...

iEYEARECAAYFAkiAEL0ACgkQcfN68iZZIce/MwCgpssBKcrfUKA2ndNxMRUntM04
ZXoAn32l58sy2nHl8XE8kbIZkYhBQc59
=BOcD
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] SF Worker Accused Of Tampering With City's Computer Network

2008-07-15 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Paul Ferguson wrote:
 Via NBC11.com.
 
 [snip]

The funny part about all of this, at least according to what I read on
The Register this morning...they're still locked out of the network.

It's been approx a week.  lol

While I normally wouldn't find this so funny, I just can't stop thinking:

I wonder if they ever heard of the phrase Disaster Recovery???

Priceless...  A whole week and they can't get back in...

 
 San Francisco prosecutors charged a city worker Monday with illegally
 tampering with the city's computer network, potentially exposing the
 information of both city workers and anyone who does business with the
 city.
 
 Police arrested Terry Childs, 43, a network administrator for San
 Francisco's Department of Telecommunications and Information Services, over
 the weekend, according to the San Francisco District Attorney's Office.
 
 According to District Attorney Kamala Harris, Childs is believed to have
 disrupted the city's FiberWAN network system between June 20 and July 10.
 He was arrested on Sunday at his home in Pittsburg and is being held on $5
 million bail, she said.
 
 At a news conference in San Francisco Monday afternoon, Harris was vague
 about the facts or motive behind the sensitive case, citing an ongoing
 investigation.
 
 Harris said the charges relate to rules about accessing our computer
 systems and about who has authorized or unauthorized access to those
 systems.
 
 According to Harris, Childs is believed to have temporarily denied services
 to authorized users on the network, and to have set up devices that would
 allow a user to gain unauthorized access to the network.
 
 [snip]
 
 More:
 http://www.nbc11.com/news/16884468/detail.html
 
 - ferg
 

- --
Fergie, a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is bliss...

iEYEARECAAYFAkh9WF0ACgkQcfN68iZZIcf0PgCfbnSmn6wYCJ6BxQmcj6IeaGoa
0d0AoLaSV/oJLtVh7VUZEJkW691XN4w3
=A40f
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting

2008-07-15 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Richard M. Smith wrote:
 http://www.darkreading.com/document.asp?doc_id=158750WT.svl=news1_4

I'm not familiar with this product.  To me it sounds like a bad idea on
it's own.  With AV, possible benefits...

Thoughts?

Personally, if they don't like Symantec and their pricing, they shoulda
checked out eEye's Blink product.  That's pretty nice...

 
 Brent Rickels, senior vice president at First National Bank of Bosque
 County, had grown tired of dealing with antivirus software. He was tired of
 regularly updating virus signatures, tired of hackers constantly tweaking
 malware, and tired of worrying about what users had downloaded onto their
 PCs. So Rickels dumped the bank's AV software for a whitelisting product and
 in the process, become one of its first commercial customers. 
 
 First National Bank of Bosque County, which serves the Waco, Texas, area and
 manages approximately $100 million in assets, had seen the volume of spam
 and spyware it had to beat back increase tenfold in four years. So when it
 was time for the bank to renew its Symantec AV license at the end of 2006,
 the timing was right to make a change. 
 
 It seemed like the antivirus updates came out only after new malware had
 already been released, Rickels says. Running a routine system scan with
 hundreds of thousands of signatures was taking half an hour or more. So the
 bank's tiny IT department of only a handful of employees was spending more
 time maintaining its security software and less time on business
 applications. 
 
 The financial services firm decided to look for a different solution that
 was simpler to maintain and more effective. It considered GreenBorder, which
 quarantines any software downloaded via a user's browser until someone moves
 it to the main system. But that option appeared to still require a fair
 amount of manual intervention. 
 
 FNB was intrigued by Lumension Security's Sanctuary Device and Application
 Control systems, which offered theoretical rather than proven benefits at
 the time. The tools let users run administratively approved programs only
 and restricts any unknown and unauthorized executables from springing to
 life. We liked the product's basic design; it is easier to contain a known
 universe than an unknown one, Rickels says. 
 
 The software had other appealing features. Because user software was
 restricted, there would be less administrative work, and Sanctuary actually
 ran better than AV software because it was a lighter program. And the final
 selling point was that the Lumension system cost about 30 percent less than
 the Symantec option. 
 ...
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 


- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is bliss...

iEYEARECAAYFAkh9WVYACgkQcfN68iZZIcfZhQCfR+dSMV7mbhPzYwT/urNiygFq
4HoAoJyi0CrxvWMDeEOXYdixhGNKeXga
=pbwG
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Webroot founder missing

2008-07-12 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andy Sutton wrote:
 On Fri, 2008-07-11 at 20:10 -0700, Rob Thompson wrote:
 If any of you know him...Omega 3.  I swear to god, it will help.
 
 Paran0ia in the b3dr00m?  Send $$ now for the 0m3ga pillz!
 
 (I realize I'm going to the special hell for that, but I couldn't
 resist.)

LOL - I was afraid that my message may come off like that.

I really did send it, just in case any of you can reach him...  It
really will help.

I put the specific brand because that's the one that I take.  I have
researched it and it is safe.  There is a risk of heavy metal poisoning
if you take a cheap or unfiltered brand.

Thanks for the laugh.

- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is bliss...

iEYEARECAAYFAkh47/IACgkQcfN68iZZIcc5HwCffm6rrB9ghOdvN5g2ayknwfGg
4PgAoLZXZmfXYcO0x/Z7RjqaASB/ZgHn
=w7Gy
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Jabber

2008-07-11 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Many many moons ago, I used to join the Funsec Jabber server.

Is that still around?  I can't find my connect info's anymore.

If possible, please reply to this one at [EMAIL PROTECTED].

I tried to send this from there, but it was rejected.  Otherwise I may
miss it.  I get HUNDREDS of e-mails to this account a day.  The other is
my personal account that I actually can catch everything that I'm
looking for...  ;p

Thanks.  :)
- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is bliss...

iEYEARECAAYFAkh4HQUACgkQcfN68iZZIcc6KQCfbgES/wYiPRbqcLHrKtxVVtoj
VtgAmwaWLgjeyO6F6oMGiSazjhLWTKuN
=FMvM
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Webroot founder missing

2008-07-11 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Richard M. Smith wrote:
 This is really sad situation……

If any of you know him...Omega 3.  I swear to god, it will help.

Nordic Naturals - Complete.  Take 2 a day.  EVERY day at the same time.

I'm not trying to sell this product, just trying to help this guy out.

For as bad off as he sounds, he is going to have to take it solid for a
few months BEFORE any positive effects will be noticed, but it _will_help.

 
  
 
 http://www.foxnews.com/story/0,2933,380402,00.html
 
 *HONOLULU —  The millionaire founder of an Internet software security
 company remained missing on Hawaii's main island of Oahu this week,
 police said.*
 
 Steven Thomas, 36, was last seen June 30 at the Princess Kaiulani Hotel
 in Waikiki, where his mother and a cousin were staying.
 
 His family said he was diagnosed with bipolar disorder in April but has
 refused medication.
 
 He thinks everyone on the island is out to get him, Candis Thomas said
 of her husband's bipolar condition. He thinks the military is involved,
 he thinks that aliens are involved, and he's just been in a real
 delusion state of being fearful.
 
 Thomas was arrested April 27 and taken to Castle Medical Center after he
 ran naked into the middle of a race/walk in front of his home in
 Lanikai. He also owns a home in Boulder, Colo.
 
 He is the founder of Boulder-based Webroot Software Inc. The software
 company that created the Spy Sweeper and Window Washer programs was sold
 in 2004 to a group of investors for about $108 million.
 
 Thomas was concerned about the poor performance of his investment
 portfolio and discussions about moving back to Colorado full-time, his
 wife said.
 
 …
 
  
 
  
 
 
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.


- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Ignorance is bliss...

iEYEARECAAYFAkh4II0ACgkQcfN68iZZIcetTACeI8TCbiHHgRXpuw5SDKdZBtYd
KM0AoNFUix/26AOFTGpUpOBcSjfYJ4pe
=0QwE
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Unnatural airport environment ...

2008-05-02 Thread Rob Thompson 
Yeah, this sounds like BS to me.  My BS-o-meter is off the charts.

They may as well hand out joints, instead...or wait, not treat us all
like we're criminals???  I don't know about y'all, but I have done all
I can to stay out of airports.  I obey the law, but going through
their inspection makes me feel like I may as well have done something
wrong.  And there is NO flashing light or soothing sound that is going
to take that away.

But that's just my 2 cents.

Sorry about the top posting...

Rob.


On Thu, May 1, 2008 at 10:34 AM, Rob, grandpa of Ryan, Trevor, Devon 
Hannah [EMAIL PROTECTED] wrote:
 I find this extremely suspicious.  It sounds too reasonable ...

 CBS News – A new airport security system, designed to better identify a 
 terrorist
 or a suspicious traveler by reducing anxiety levels of passengers, was 
 introduced
 Monday at Baltimore's Thurgood Marshall International airport. The security
 checkpoint combines new high-tech x-ray machines with calming lights and
 soothing music. The system is aimed at reducing the stress of passengers as 
 they
 shove carry-ons through airport metal detectors while trying to balance
 themselves as they remove their shoes and dig for their boarding pass. The
 Homeland Security Secretary said that by lowering the stress level for 
 everybody
 with a more soothing environment, it is hoped that someone who is up to no 
 good
 will stand out more. The system is expected to be installed at airports 
 across the
 country in future.


 http://www.cbsnews.com/stories/2008/04/29/cbsnews_investigates/main4053175.sh
 tml

 or

 http://tinyurl.com/6znc4h

 ==  (quote inserted randomly by Pegasus Mailer)
 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
  I would like to take you seriously,
 but to do so would insult your intelligence.
 http://victoria.tc.ca/techrev/rms.htm

 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] CompUSA Refuses To Accept Cash

2008-02-04 Thread Rob Thompson 
I vote we take loose pennies and purchase laptops at that joke of a store.

Yet another reason that I will not shop that that beheamoth of a mess.

CompUSA is such a freaking riot - they're better than Calvin and Hobbes!  ;p

I just wish I understood why they are still in business from their
obviously wonderful business ethic!  I konw people that work there and
would purposefully break peoples boxes worse than they were when they
were brought in, to make them buy more in repairs.

On Jan 24, 2008 3:56 AM, Juha-Matti Laurio [EMAIL PROTECTED] wrote:
 A CompUSA cashier summoned her manager and a security guard when Bud tried 
 to pay for his purchases with cash.
 The promise of 40% discounts drew Bud to the Boisie, Idaho store, but he 
 settled for a 10% discount on an iMac and several accessories.

 This is how the customer describes the case:
 I start counting out hundred dollar bills and the clerk goes nuts!
 Sir, we don't accept cash for this kind of purchase! You must use a credit 
 card! she says at the top of her lungs. (I see her also hit a button on the 
 phone at the same time.)

 Instantly a man shows up, clearly the manager from his nametag and the 
 rent-a-cop security guy. Both tell me the same thing, NO CASH! You have to 
 pay with a credit card!

 And he or she continues:
 So I called the store to see if the items I wanted were in stock, after I 
 asked the guy about them he said,
 I know who you are, your the guy that wanted to pay cash. My district 
 manager  corporate called me and read me the riot act over this. Thanks for 
 getting me in trouble!

 More at
 http://consumerist.com/346965/compusa-refuses-to-accept-cash

 Juha-Matti
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Math not Ironport's top suite?

2008-02-04 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rob, grandpa of Ryan, Trevor, Devon  Hannah wrote:
| Date sent:Sun, 03 Feb 2008 17:48:14 -0800 (PST)
| From: Chris Blask [EMAIL PROTECTED]
|
| 01000111 0111 01100100 01101001 0010 01110111
| 01100101 0111 01110010 01110011 0010 01100110
| 01110101 01101110 01101110 0001 0010 01101000
| 0111 01110100 01110011 0010 0111 01101110
| 01100100 0010 0110 01110010 01101001 0111
| 01101110 0010 01110011 01101101 01100101 01101100
| 01101100 01110011 0010 0110 01100110 0010
| 01000101 01101100 01100100 01100101 01110010 01100010
| 01100101 01110010 01110010 0001 0011 0010
| 0010 0010 00111010 0110 00101001 1101
| 1010 1101 1010 01101000 01100101 01100101
| 0010 01101000 01100101 01100101 0010 01101000
| 01100101 01100101 0011 1101 1010 1101
| 1010 1101 1010 1101 1010 1101 1010
|
| 01000101 01101110 0110 01110101 01100111 01101000 00101100
| 0010 0111 01101100 01110010 01100101 0111 01100100
| 0001 00101100 0010 01110111 01100101 0010 0111
| 01101100 01101100 0010 01101011 01101110 0110 01110111
| 0010 01110111 01101000 01100101 01110010 01100101 0010
| 01110100 01101000 01100101 0010 01100011 0110 01101110
| 01110110 01100101 01110010 01110011 01101001 0110 01101110
| 0010 0111 0111 0111 01101100 01100101 01110100
| 0010 01101001 01110011 00101110
|

01011001 0110 01110101 0010 01101101 01100101 0111 01101110
0010 01001001 0010 01100100 0110 01101110 01110100 0010
01101000 0111 01110110 01100101 0010 01110100 0110 0010
01100010 01100101 0010 01100100 0110 01101001 01101110 01100111
0010 01110100 01101000 01101001 01110011 0010 01100010 0001
0010 01101000 0111 01101110 01100100

I'm sorry, I just couldn't resist...  ;p

| ==  (quote inserted randomly by Pegasus Mailer)
| [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
|`*If* he finds out.'`If!  If is good.'- Pain and Panic
| http://victoria.tc.ca/techrev/rms.htm
| ___
| Fun and Misc security discussion for OT posts.
| https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
| Note: funsec is a public and open mailing list.
|


- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAken3CMACgkQcfN68iZZIcfT7gCgy1aSKkC8G1rnlJNTbFBQHZuu
euEAn0cP1qG87DLegePGeZI/VPX9gY1Y
=JoS6
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Math not Ironport's top suite?

2008-02-03 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Drsolly wrote:
| On Mon, 4 Feb 2008, Nick FitzGerald wrote:
|
| Hi all,
|
| What's wrong with this picture?  Well, opening sentence...
|
|http://www.ironport.com/toc/
|
|IronPort Threat Operations Center
|
|The 24x7x365 IronPort Threat Operation Center provides human
|oversight to ensure speed and accuracy. Experienced analysts use
|sophisticated tools to verify anomalies and approve automatically
|generated Outbreak Rules.
|
| (and nit-picks about leap years don't count).
|
| Oooh, I know, I know. That should be 24x7x52, or maybe 24x365. Or maybe
| 1x8760?

What is the problem with taking just ONE day off every four years?

:)

PS - Chris, this is for you:

01010111 0110 01100011 01101011 0111 0010 01010111 0110
01100011 01101011 0111

|
| ___
| Fun and Misc security discussion for OT posts.
| https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
| Note: funsec is a public and open mailing list.
|


- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAkemXasACgkQcfN68iZZIceQJwCeJP7cCYOJl6UV3Qmr3Hb4HiX6
o00AmwfwJhsBDvlOlFa673UivN3RV/xt
=Whmk
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Caught in a (Real) Security Bind

2008-02-01 Thread Rob Thompson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Paul Ferguson wrote:
| Via eWeek.
|
| [snip]
|
| RealNetworks finds itself at the mercy of an exploit writer who refuses to
| share details of a gaping hole in the widely deployed RealPlayer software.
|
| More than a month ago, on Dec. 16, 2007, a Russian security research firm
| released an exploit for a zero-day vulnerability in RealNetworks'

Maybe I'm naive...

How hard would it be for RealNetworks, to purchase a copy of the
software that has the exploit, reverse engineer it and then fix their
program?

It screams to me to make sense this way...am I missing something here?

snip

- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAkej5hYACgkQcfN68iZZIcdmAACfRXgs1WJ0utAbFmB3sadBsgVw
JE4AoJHAbJaSfKiveoybGRSZN6eqdf5B
=Rl3Z
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Removing Local Administrator Account

2008-01-29 Thread Rob Thompson 
I wanted to thank every one that responded to the e-mail that I sent out
previously (below).  I had intended on writing back my 2 cents on the
whole thing and acknowledge receipt of the responses, a while ago.  I
got wrapped up and haven't really been able to get to too much else...
I didn't mean to be rude.

Anywho - I think that it is a bad idea to remove the Local Admin acct.
With the account gone, the only thing you are really doing is inhibiting
the functionality of your IT department.

If someone is going to do something malicious to the machine, they are
going to do it whether that account is there or not.

Again, thank you very much to every one that responded.  I really do
appreciate your time.

 Dear List,
 
 I have cross posted this question to another security list that I belong
 to, but I wanted to send this here as well, as I am specifically
 interested in your responses.  I know you are all on this list and I can
 find you all here, which is why I am sending it...well, here.
 
 I know that this is off topic and this is not any kind of Fun
 Security, but I highly respect each of your opinions.  I know I do not
 make many comments on this list, but I have watched it for over a year
 and I do pay attention to your responses.  In my opinion you guys are
 all the best of breed in what you do...
 
 ---
 
 I am asking this as I will be presenting this to a company, as they have
 proposed this idea and I want to show them exactly what they are
 considering getting themselves into.
 
 What is your professional opinion on removing the local administrator
 account?
 
 Does this pose a security risk to have a local administrator account on
 a computer, so that IT staff (which are the only people in the
 organization that are entitled to this user/pass) can do work on a
 computer in a way that can not be securely audited?  What I mean by
 this is, they all use this one account (for emergencies only), instead
 of using their own credentials over the network - thereby showing the
 local admin account was used, but not who used it.
 
 What are the risks involved in removing this account?
 
 Is this a general best practice, from a security point of view?
 
 If not, what is the best practice from a security point of view?
 
 Lastly, do you believe or not, that if the IT staff wanted to compromise
 a box, anonymously, would they really need this local administrator
 account on the box?  Or would they still be able to do this, without the
 account there?  Why?
 
 I sincerely appreciate your time and thank you in advance for any
 answers that you may pose.  Also, if you see something that I did not
 consider in my questions, please feel free to include that as well.
 
 Please remember, if you think that this is a wise decision or not,
 PLEASE state your answers and why.
 

-- 
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Re: Removing Local Administrator Account

2008-01-14 Thread Rob Thompson 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rob Thompson wrote:
| Dear List,
|
snip

I would like to thank everyone that has replied to this as of yet.  I am
still collecting answers to this question.  Tomorrow I am going to send
a response with my own opinion in it.  I just have not wanted to do so
as of yet, as I do not want to taint the answers that I have recieved yet.

I appreciate every single response that I have gotten back so far.
Thank you very much!

- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAkeMREoACgkQcfN68iZZIcdNogCgzXYcFPRw6lT+8h67fFJEyUGe
wdUAn1CFjYV5ifA8Yf4ztpd/cOt7q+p3
=KdBu
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Old News - Can you help?

2008-01-13 Thread Rob Thompson 
On Jan 12, 2008 3:39 PM, Young, Keith
[EMAIL PROTECTED] wrote:

  I am trying to track down some information but am having a hell of a
  time finding it.  I recall many moons ago, that AOL was shipping CD's
  that had a virus on it.  Does anyone else remember this?

 AOL, no. I remember Microsoft shipping a Word macro infected doc on CDs and 
 the Good Times AOL hoax that floated around for a while. Sure that you 
 aren't thinking of one of these?

Yeah, I am sure.

I was talking to another one of my friends and he recalls it as well.
He remembers it having to do with the cd's being found on a tanker off
the coast of the UK or Asia.

I don't quite remember it like that, but I do remember it.  All of my
searches keep pulling info to do with AOL's new AV service...  ;p

Thanks though, I do appreciate the response.



 --Keith
 Keith Young, Security Official
 Department of Technology Services
 Montgomery County, Maryland
 phone - (240) 777-2955






-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Removing Local Administrator Account

2008-01-13 Thread Rob Thompson 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dear List,

I have cross posted this question to another security list that I belong
to, but I wanted to send this here as well, as I am specifically
interested in your responses.  I know you are all on this list and I can
find you all here, which is why I am sending it...well, here.

I know that this is off topic and this is not any kind of Fun
Security, but I highly respect each of your opinions.  I know I do not
make many comments on this list, but I have watched it for over a year
and I do pay attention to your responses.  In my opinion you guys are
all the best of breed in what you do...

- ---

I am asking this as I will be presenting this to a company, as they have
proposed this idea and I want to show them exactly what they are
considering getting themselves into.

What is your professional opinion on removing the local administrator
account?

Does this pose a security risk to have a local administrator account on
a computer, so that IT staff (which are the only people in the
organization that are entitled to this user/pass) can do work on a
computer in a way that can not be securely audited?  What I mean by
this is, they all use this one account (for emergencies only), instead
of using their own credentials over the network - thereby showing the
local admin account was used, but not who used it.

What are the risks involved in removing this account?

Is this a general best practice, from a security point of view?

If not, what is the best practice from a security point of view?

Lastly, do you believe or not, that if the IT staff wanted to compromise
a box, anonymously, would they really need this local administrator
account on the box?  Or would they still be able to do this, without the
account there?  Why?

I sincerely appreciate your time and thank you in advance for any
answers that you may pose.  Also, if you see something that I did not
consider in my questions, please feel free to include that as well.

Please remember, if you think that this is a wise decision or not,
PLEASE state your answers and why.

- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|/ \  |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAkeKZhAACgkQcfN68iZZIcd6tgCdH/esec+OQ+LKIlb+cDYnkel3
z6EAoLdbxU2lL1yC8G/GoSq3gEZSi7tT
=y46m
-END PGP SIGNATURE-
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Old News - Can you help?

2008-01-12 Thread Rob Thompson 
Hello everyone.  While this isn't any current news, it is still a tad
fun so I hope it applies...

I am trying to track down some information but am having a hell of a
time finding it.  I recall many moons ago, that AOL was shipping CD's
that had a virus on it.  Does anyone else remember this?  If so, you
wouldn't by any chance have any information laying around about it
that you could either forward to me or point me to the right
direction?  I have been looking all day, on and off and have yet to
find anything.  It's beginning to get a tad frustrating...  ;p

I was telling someone about this a few days ago and they didn't
believe me...so I'm trying to get something together to show them that
I wasn't really joking at all.  It's still humorous to me, as AOL is a
virus, but...

Thanks in advance for any help that you may have with this...

-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Change the Channel... to Death!

2008-01-12 Thread Rob Thompson 
On Jan 11, 2008 1:43 PM, Dude VanWinkle [EMAIL PROTECTED] wrote:
 Unbelievable: http://www.theregister.co.uk/2008/01/11/tram_hack/
snip
 It think we are lucky it was just a kid pulling a prank and the rest
 of the world should make sure this is not how their systems operate
 before the copycats come out of the woodworks..

Just imagine this type of information in the hands of terrorists...

/me shudders.

-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] What do we do with 13 year old leet kiddies?

2007-12-12 Thread Rob Thompson 
Thank you for the laugh.

That was priceless.  As a matter of fact, if you're ever interested in
some company while doing that, shoot me a note.  I'll egg them on.  ;p

On Dec 4, 2007 11:03 AM, Paperghost [EMAIL PROTECTED] wrote:
 See, first I found this guy.

 http://www.vitalsecurity.org/2007/11/portrait-of-artist-as-young-man.html

 Then I saw he had a little posse of wannabe hackers and phishers.

 http://www.vitalsecurity.org/2007/11/want-to-see-13-year-old-kids-going.html

 The solution? Make them wet their pants for 14 hours...

 http://www.vitalsecurity.org/2007/12/rise-up-with-fists-strike-down-with.html

 then flip the electrocution switch.

 http://www.vitalsecurity.org/2007/12/helgi-bernodus-witness-collapse-of-self.html

 I'd be lying if I said I didn't enjoy every second of that.

 Pg
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.




-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Buy our drugs and ...

2007-12-10 Thread Rob Thompson 
On Dec 6, 2007 9:49 AM, Rob, grandpa of Ryan, Trevor, Devon  Hannah
[EMAIL PROTECTED] wrote:
 I have been noting, in some of the spam subject lines, not only the usual 
 disregard
 of grammar, but one specific mistake.  A number of them assert something along
 the lines of Say goodbye to ED dysfunction.  Since ED stands for erectile
 dysfunction (how many spam filters did I just trip?), that means that they are
 promising to get rid of dysfunctional dysfunction, and presumably give you the
 real thing.  So, logically, if you buy drugs from them the result will be ...

Kinda reminds you of when you hear someone talking about those NIC
cards (Network Interface Card cards) or better yet, TCBY Yogurt (The
Country's Best Yogurt - Yogurt)...

;p


-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Off Beat: U.S. Navy to Mask Swastika-Shaped Barracks

2007-09-27 Thread Rob Thompson 
Thanks for the good laugh.

Though on a more serious note.  Those jerk off nazis really screwed
that one up.  That is a very powerful religious symbol, that the
Nazi's ended up perverting and ruining the general populations
perception of what that symbol means.

Now people see it and what is the first thing that you think of?  WW2
- Hitler - Nazi's - Death...  What a shame.

On 9/26/07, Paul Ferguson [EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Too funny.

 Via The LA Times (props, Truthdig).

 [snip]

 The U.S. Navy has decided to spend as much as $600,000 for landscaping and
 architectural modifications to obscure the fact that one its building
 complexes looks like a swastika from the air.

 The four L-shaped buildings, constructed in the late 1960s, are part of the
 amphibious base at Coronado and serve as barracks for Seabees.

 - From the ground and from inside nearby buildings, the controversial shape
 cannot be seen. Nor are there any civilian or military landing patterns
 that provide such a view to airline passengers.

 But once people began looking at satellite images from Google Earth, they
 started commenting about on blogs and websites about how much the buildings
 resembled the symbol used by the Nazis.

 [snip]

 More:
 http://www.latimes.com/news/local/la-me-swastika26sep26,0,2973328.story

 - - ferg

 -BEGIN PGP SIGNATURE-
 Version: PGP Desktop 9.6.3 (Build 3017)

 wj8DBQFG+v+0q1pz9mNUZTMRAkt1AJ9fY2BP+jfaGkZBdWjft0+hvcAlZwCghaJs
 hPd7qrg5URe304uKnLVQ4sk=
 =Em4M
 -END PGP SIGNATURE-


 --
 Fergie, a.k.a. Paul Ferguson
  Engineering Architecture for the Internet
  fergdawg(at)netzero.net
  ferg's tech blog: http://fergdawg.blogspot.com/


 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.



-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Off Beat: U.S. Navy to Mask Swastika-Shaped Barracks

2007-09-27 Thread Rob Thompson 
On 9/27/07, Ken Dyke [EMAIL PROTECTED] wrote:
 On Thu, Sep 27, 2007 at 02:37:25PM -0500, Brian Loe ([EMAIL PROTECTED]) wrote:
  If you want to twist those comments into a political statement, feel
  free, but leave me out of it since I'm NOT making a political
  statement!

 Claiming that the Iranians would be interested in sat images of a Seebee
 base on US soil with the implication of evil intent is a political
 statement.  It is fear mongering of the very sort that the White House
 is presently engaged in to demonize Iran.

The White House isn't the one that is demonizing Iran.  Iran is doing
that all on their own.

 --
 Ken Dyke,
 406.581.0495

 Linux can win as long as services/protocols are commodities.  By folding
 extended functionality into today's commodity services and creating new
 protocols, we raise the bar and change the rules of the game.
   -- from an internal Microsoft memo
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.



-- 
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Research: Men Use Phones to Flirt

2006-11-15 Thread Rob Thompson 

On 11/15/06, Rob, grandpa of Ryan, Trevor, Devon  Hannah
[EMAIL PROTECTED] wrote:

Date sent:  Thu, 16 Nov 2006 00:36:10 +0200 (EET)
From:   Juha-Matti Laurio [EMAIL PROTECTED]

 I know this is off-topic, maybe,

On funsec?

 Research by Sheffield Hallam University and Virgin Mobile is reporting that
 British men consider their mobile phone an important status symbol -
 particularly in helping to attract the opposite sex.

I assume size matters ...


Why do you think I carry around the phone with the cord and seperate
battery pack???  (Think of Lethal Weapon era)

Oh yeah!



==  (quote inserted randomly by Pegasus Mailer)
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
   That was Zen.  This is Tao.
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.




--
Rob
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.