In some mail from [EMAIL PROTECTED], sie said:
1) This seems like a case of old code somehow creeping back in to the
current versions, and that's a phenomenon I've seen happen at a couple of
different places that I've worked at over the years. It's kind of a
special case of version
In some mail from Joe Shamblin, sie said:
How about just uncommenting the following from /etc/default/login
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console
Not a fix to be sure, but at least prevents a
In some mail from Jim Harrison, sie said:
..and similar statements can be made for Basic (pickyourflavor) as well.
This argument proves my point that there is no such thing as a truly
secure language; it's entirely dependent on the dev skills.
I disagree. But then the above could be taken
In some mail from Jim Harrison, sie said:
No; this wasn't flame-bait, although I'd be silly not to expect some.
Let me make my position clear; the goals of secure coding and secure
languages are both grand and well worth the time spent.
There are two primary factors which make this an
In some mail from Nicolas RUFF, sie said:
Hello,
You might be referring to the SMM vulnerability that has been presented
at CanSecWest'06 (?)
http://www.cansecwest.com/slides06/csw06-duflot.ppt
Yes...are there any more details related to this ?
(Whitepaper, code, etc...)
Darren
In some mail from Nicolas RUFF, sie said:
Hello,
You might be referring to the SMM vulnerability that has been presented
at CanSecWest'06 (?)
http://www.cansecwest.com/slides06/csw06-duflot.ppt
To answer my own followup question:
In recent discussion, the topic of the Xorg server being a huge
security vulnerability because of its DRI model has come up.
The problem being that you have user space code communicating
with chips in the system and being able to control DMA and what
goes which way on the system bus...
Does
In some mail from George Capehart, sie said:
rant
This is truer than you know. I've been writing code since 1974, and I
see the same mistakes being made over and over and over and over . . .
again. Just as in wars, it seems that every generation is destined to
make the mistakes that their
In some mail from Bob Beck, sie said:
And I think vulnerabilities disclosed are a much better indicator
of the changes to QA/development of products than any hyperbole
from those responsible (be it management or developers.)
No, I think vulnerabilities disclosed is simply a
Does anyone have statistics on the cumulative vulnerabilities
in LAMP vs the equivalent for Microsoft ? (I'm also interested
in whether there are better, as in more secure, environments than
LAMP.)
If the number of vulnerabilities is graphed over time, is either
heading down or both heading up
Would you prefer to use something that was designed to be secure
or something that had security applied to it as an afterthought?
As time goes by, if something is designed to be secure then the
number of bugs that impact security should diminish with time
because they are flaws in the
In some mail from Tonnerre Lombard, sie said:
Salut,
On Sun, 2006-06-25 at 08:42 +1000, Darren Reed wrote:
There have barely a *handful* of JRE/JVM security problems.
I know for the fact that there are quite some though. Also, what should
one think about a company that didn't manage
In some mail from john mullee, sie said:
--- Darren Reed [EMAIL PROTECTED] wrote:
From my own mail archives, PHP appears to make up at least 4%
of the email to bugtraq I see - or over 1000 issues since 1995,
out of the 25,000 I have saved.
People complain about applications like
From my own mail archives, PHP appears to make up at least 4%
of the email to bugtraq I see - or over 1000 issues since 1995,
out of the 25,000 I have saved.
People complain about applications like sendmail...in the same
period, it has been resopnsible for less than 200.
Do we have a new
In some mail from Yiming Gong, sie said:
Below is an ipfilter security issue, and my previous mail to author
Darren was bounced back, so I think maybe I should mail it to this
mailing list.
Actually, you consistently sent email to the wrong place, in the wrong
manner. There's an email
In some mail from Ed3f, sie said:
SECURITY ALERT
Systems Affected
100% of packet filtering systems included commercial
embedded devices
(no unaffected system known at the moment)
Well, not quite 100%...
You have
In some mail from [EMAIL PROTECTED], sie said:
[...]
The Resolution Theory
The idea is simple. Usually, when a denial of service attack is
initiated against a target host, it's something like:
# ./attack target.com
In order to send the spoofed packets to
In some mail from Colin Stefani, sie said:
Be sure to read the new EULA/privacy statement for Windows update, it has an
interesting portion about how Windows Update and Automatic Update (which
gets installed with SP3) can, by agreeing to this license, send the
following pieces of info to
In some mail from Dug Song, sie said:
Most firewalls these days (especially Linux and OpenBSD ones)
actually do reassembly inbound.
this isn't quite true. most stateful inspection firewalls do virtual
reassembly for IP fragments, and a few do basic window tracking for
TCP connections,
Given your history in the industry, what is your impression of the
average lag time between a virus being released into the wild and a
fingerprint update being available from a vendor ? Is it days, weeks
or months ? Also, what's the average interval in updates for anti-
virus software users ?
In some mail from gregory duchemin, sie said:
hello,
know if the TCP silly window syndrome might be used too ?
Uploading/downloading files byte per byte to/from a remote ftp server with a
stupid window size of one byte may generate a very high overhead.
Silly window sizes aren't so bad.
In some mail from Russ, sie said:
-BEGIN PGP SIGNED MESSAGE-
According to MSDN, NT 3.5/3.51/4.0 and Windows 2000 implement a
minimum MSS of 68 bytes (found under the discussion of PMTU and RFC
791 and 1191), as prescribed by RFC 791.
I think some people are not understanding the
paccels. The obvious use is making it hard for anything (be it a
firewall or IDS) to scan packet data content. Where once the entire
HTTP header (or almost) was in one packet, it is no longer and neither
are any fragments buzzing around...
Cheers,
Darren
/*
* (C)Copyright 2001 Darren Reed
In some mail from Chris St. Clair, sie said:
Another way to bypass other URL filtering software is to convert
the IP octets into hex using 0xnnn representation. I've been working
with other vendors for a fix on this and will be posting a more
detailed followup regarding the software I've
In some mail from [EMAIL PROTECTED], sie said:
Actually, the logic is "This has been up for 300 days. It probably is not
being maintained so it likely has that unpatched exploit avaialable".
I thought about this before I posted that email but decided against any
inclusion of it. Why ?
There
So when do we change things like "uname" such that they no longer report
the system "identity" (OS, OS rev) to anyone but root ?
Why do you think all timestamps should not reveal uptime information ?
What do you think is at risk here ?
Are script kiddies going to say "ooh, he's been up for 500
In some mail from Ben Laurie, sie said:
Aleph1 wrote:
A flaw in the standard not on the stack. RFC 1122 "Requirements for
Internet
Hosts -- Communication Layers" covers this issue although without
pointing
out its security consequences.
In the case that a host is not routing, it is
In some mail from Woody, sie said:
Subject: Loopback and multi-homed routing flaw in TCP/IP stack.
Author: Woody [EMAIL PROTECTED]
We believe there to be a serious security flaw in the TCP/IP stack of
several Unix-like operating systems. Whilst being "known" behavior on
technical mailing
In response to the debate on bugtraq, people should read this...
If Paul hasn't already forwarded a copy there, that is...
To: BIND-Members Forum Information:;
Subject: FREQUENTLY ASKED QUESTIONS ABOUT THE BIND-MEMBER FORUM
Date: Sat, 03 Feb 2001 22:32:01 -0800
From: Paul A Vixie [EMAIL
In some mail from Ryan Russell, sie said:
[...]
The attack would have to be subtle (i.e. not crash the browser) and the
site would have to be popular, but not very carefully watched by the
administrators. In fact, given a powerful enough hole, this is a good way
to build an army of
In some mail from Elias Levy, sie said:
All reports so far seems to indicate this IE warning was a false
alert.
Read what the poster originally said - it was Macintosh only. There
were numerous ( 100 last time I spoke to them) reports from people
doing the test on Windows98 which does not run
In some mail from Andrew Alston, sie said:
[...]
On recieving a RST packet (TCP Reset) from a given host with the correct
source and destination port, the PIX will drop the state entry for that
particular connection, which means the tcp connection dies due to the fact
that no state entry the
In some mail from Mitchell Blank Jr, sie said:
Mikael Olsson wrote:
* Send an email to the address in question containing an img
src ftp://ftp.rooted.com:23456 and hope that the firewall
won't realise that port 23456 is FTP.
It would be nice if the browsers had a "disallow FTP
In some mail from Mikael Olsson, sie said:
* RealAudio/Video (secondary UDP channel)
This can't be exploited in even close to the same way, if the proxy is
properly implemented. You might be able to write a java class to exploit
this from a web server which was waiting more easily than
In some mail from Mike Frantzen, sie said:
With the re-occurrence of this unused TCP flags fiasco, I am getting off my
ass and releasing a tool to stress test IP stacks, firewall rulesets,
firewall resilience and IDS implementations.
Been there, done that.
ISIC - 0.05 (IP Stack Integrity
I don't recall this being reported before...
When booting into single user with redhat 6.0, it prompt you for
the root password (maintenance mode) just like solaris does.
Unlike Solaris, pressing ^C drops you straight to a "bash#" prompt.
I imagine this has since been fixed...
In some mail from Hugh LaMaster, sie said:
[...]
The simplest ingress filtering to stop IP address
spoofing on a Cisco is simply to apply the following
to stub network interfaces:
ip verify unicast reverse-path
I assume that this is mostly what people are talking about
in
In some mail from Andrzej Bialecki, sie said:
On Sun, 13 Feb 2000, Darren Reed wrote:
In some mail from Elias Levy, sie said:
[...]
Network Ingress Filtering:
--
All network access providers should implement network ingress filtering
to stop any
In some mail from Alan Brown, sie said:
On Sun, 13 Feb 2000, Darren Reed wrote:
You know if anyone was of a mind to find someone at fault over this,
I'd start pointing the finger at ISP's who haven't been doing this
due to "performance reasons".
To be fair, if you do th
In some mail from Ofir Arkin, sie said:
I will try to focus more on the subject.
FW-1 do accept: ACK, SYN-ACK, NULL, FIN-ACK (and more) as valid
traffic if they match the rule base, even if no connection establishment
was in progress and no session state was in the firewalls table.
[...]
In some mail from The Tree of Life, sie said:
I've been informed today by an irc admin that a new exploit is circulating
around. It "sends tcp-established bitstream shit" and makes the "kernel
fuck up".
It's called stream.c.
The efnet ircadmin told me servers on Exodus (Exodus
In some mail from Ryan Russell, sie said:
[...]
For Windows users, The MS guys gave an interesting talk at the NTBugtraq
Canada Day Party at Russ' house last year. NT2000 will include a feature that
is similar to su on unix, which will allow one to have different windows open
as different
In some mail from "±è¿ëÁØ KimYongJun (99Á¹¾÷)", sie said:
[Hackerslab bug_paper] Solaris chkperm buffer overflow
File : /usr/vmsys/bin/chkperm
SYSTEM : Solaris 2.x
How amusing.
On of my Solaris7 box's (incidently was pre-installed by Sun) doesn't
appear to have SUNWfac installed.
In some mail from Henrik Nordstrom, sie said:
Darren Reed wrote:
ftpd's which limit connections to 1 per user@host or similar may have some
defense against this, or if they don't support multiple data connections
open at the same time.
FTP does NOT support multiple data channels
In some mail from Henrik Nordstrom, sie said:
Darren Reed wrote:
3. The port specification is changed by a command from the
user.
PASV falls into this category. PASV changes the server side of the port
specification of the data channel. Remember that the port
In some mail from Renaud Deraison, sie said:
On Tue, 7 Dec 1999, Darren Reed wrote:
Who has more free file descriptors network ports, you or the ftp server ?
The attack you are describing is not new - this is just a PASV attack,
which has been around for years.
Hopefully, this problem
Who has more free file descriptors network ports, you or the ftp server ?
ftpd's which limit connections to 1 per user@host or similar may have some
defense against this, or if they don't support multiple data connections
open at the same time. I suspect "many" is the number of ftpd's which
In some mail from Mixter, sie said:
The impact of the syslogd Denial Of Service vulnerability seems to
be bigger than expected. I found that syslog could not be stopped from
responding by one or a few connections, since it uses select() calls
to synchronously manage the connections to
Finally(!), it seems syslog is going to become something more than an
ad-hoc protocol. A new working has been proposed for formation within
the IETF to at first document what exists now and then design a new
protocol that can hopefully fulfill most, if not all, of our needs in
terms of security
In some mail from Lancashire, Andrew, sie said:
This is to clarify what is being put out by Cisco and what we are being told
by Cisco.
Two e-mails below is what Cisco is telling us and makes allot more sense
than what Cisco is telling Bugtraq. The last post to Bugtraq made mention
that the
In some mail from L. Sassaman, sie said:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This was first posted to the FreeBSD security list on the 9th of August,
subsequently discussed on freebsd-stable and freebsd-hackers... no one
seems to care, even though it is able to lock up 2.2.6,
51 matches
Mail list logo
