Hi,
"Jonathan G. Lampe" <[EMAIL PROTECTED]> writes:
> OK, I'm sure this one will start a flame war, but...I work for a vendor
> whose products overwrite files when "deleting" them as a way of
> protecting old data. Lately several customers have been asking for "NSA"
> or "DoD" standard overwrit
This is the tip of the iceberg.
Another concern is NTFS filesystems, data can be stored in the MFT if it is
small enough (i.e. under 1 or 4k depending on how your drive got formatted).
I also found that when using alternate data streams:
cat "this_is_a_string_of_text" > somefile.txt:an_ads_stream
+ Poduct:
TOPo.
TOPo is a free TOP system written in PHP that works without MySQL database.
TOPo is specially designed for web sites hosted in web servers that not
offer a quality MySQL support.
More
info:
http://ej3scripts.loadedweb.com/modules.php?name=Info_Scripts&file=index&func=topo
+ Web S
Three different rebasing scenarios:
(1) other people's compiled code
(2) other people's source code
(3) your own code
Points:
A. There are better things to do in the case of (2) and (3) than rebase the
binary.
B. In the case of (1) rebasing offers some value in certain circumstances,
particular
On 2003/02/04 11:12:40 +, GreyMagic Software wrote:
> GreyMagic Security Advisory GM#005-OP
> =
>
> By GreyMagic Software, Israel.
> 04 Feb 2003.
>
> Available in HTML format at http://security.greymagic.com/adv/gm005-op/.
For the five advisories posted t
Hello,
The Quake3 Engine's feature for automatically downloading modifications from
the server to the client bears great potential of abuse and could even lead
to execution of arbitrary code. Because this is quake3 engine related many
games aside from quake3 suffer from the same problem as well
> Near as I can tell if someone says they are doing NSA overwrites, they are
> full of shit. In addition, based upon Mr. Gutmann's paper and the fact
> that it is quite old, one can assume that with advanced forensics the
> simple 3, 7, or 9 time overwrites that these products are claiming as
> s
First of all, thank a lot for your comments and (dis)encouragements. I will
not trumpet my "brand-new" old idea here.
Anyway, I would like to briefly discuss the my further analysis of the SQL
Sapphire Worm.
Code OffsetFunctionality
; 000-060 Buffer Buster
; 061-064 Critical Jum
> DL> Server install on the planet. In fact if I rebase every DLL on my
system and
> DL> every executable then I can make my box almost invulnerable to a given
> DL> exploit, past, present or future. It's not that my box is invulnerable
to a
>
> Bullshit. I
> -Original Message-
> From: David Litchfield [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 04, 2003 12:09 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Preventing exploitation with rebasing
>
> So how easy is it to rebase DLLs and executables? Ver
Hey David,
(first off, Secfocus seems to have you on "fast moderator approval"
track, I see your reply's before mine show up on BQ ;)
DL> Keyword in my preceding statement : "almost" - as in "almost invulnerable".
DL> The context of the discussion was a method to defeat exploits that use fixed
DL
Jonathan,
When I was developing ncrypt (http://ncrypt.sourceforge.net/) I wanted to
include a wiping function for the original plaintext file. I did a lot of
searching and found numerous references to NSA or DoD standards, but that
particular DoD reference was also as close as I got.
I have imple
Hi David,
> [...] Eventually I've rebased all of the DLLs used by SQL Server mutating
> it's "genetic code", making it considerably different to any other SQL
> Server install on the planet. In fact if I rebase every DLL on my system
and
> every executable then I can make my box almost invulnerabl
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated 2.4 kernel fixes various vulnerabilities
Advisory ID: RHSA-2003:025-20
Issue date:2003-01-24
Updated on:2003-02-03
Produ
---
Title : Majordomo info leakage (all versions)
Date: 03/02/2003
Article by : Marco van Berkum ([EMAIL PROTECTED])
Bug finder : Jakub Klausa ([EMAIL PROT
OK, I'm sure this one will start a flame war, but...I work for a vendor
whose products overwrite files when "deleting" them as a way of protecting
old data. Lately several customers have been asking for "NSA" or "DoD"
standard overwrites, usually with a value of 3, 7 or 9. (Our response to
th
> Rebasing
> ***
> The problem with operating systems is that they all have pretty much the
> same "genetic code" which makes each and every one of them vulnerable to a
> new exploit. So we need to make them different and this can be achieved
> through rebasing. Rebasing is the process of chang
GreyMagic Security Advisory GM#006-OP
=
By GreyMagic Software, Israel.
04 Feb 2003.
Available in HTML format at http://security.greymagic.com/adv/gm006-op/.
Topic: Sniffing Opera's Tracks.
Discovery date: 29 Jan 2003.
Affected applications:
=
hi,
On Mon, Feb 03, 2003 at 09:08:35PM -0800, David Litchfield wrote:
> Defeating Exploits
> **
> The ideas in this "paper" present a method for defeating exploits; not the
> actual vulnerability. Before getting to the details let's consider slammer
> (again).
>
> What made slammer s
#
#
# COMPASS SECURITYhttp://www.csnc.ch/
#
#
#
# Topic:WebSphere Advanced Server Edition 4.0.4
# Subject: Insufficient Password Protection in
This is a follow up to my original email..
First of all i just want to add, that with this vulnerability, it is
possible to change other user's avatars to either text, or to different
images. all you need to find out is their UID and username.
And also i came up with this solution for the problem
I've received a great number of mails about rebasing a system. So I'll
sumarise here
> This won't protect against heap overflows etc.
Agreed. The suggestion I was making was that exploits that rely on a
specific instruction such as "jmp esp" being at a specific address can be
defeated or slowed d
GreyMagic Security Advisory GM#002-OP
=
By GreyMagic Software, Israel.
04 Feb 2003.
Available in HTML format at http://security.greymagic.com/adv/gm002-op/.
Topic: Opera's Security Model is Highly Vulnerable.
Discovery date: 14 Nov 2002.
Affected application
23 matches
Mail list logo