reat as the internet.
There's less threats inside, but, because they ARE inside, they are more
likely to succeed. And saying that 192.168.* is a security measure is
about as accurate as sticking your head in the sand and thinking
no one can see you.
--
Vincent Archer
o avoid this very
problem (namely, tar extracting a file outside of the directory hierarchy
where it is executed), then yes, it is a problem.
Even if you happen to think the root cause of all computing evil is what
is between the chair and the keyboard, trojans are a valid attack
vector.
ommand to EPSV. EPSV does what you seem
to expect the PASV to do: get a TCP port to connect to, and let the IP
be the same as the control connection. However, not every FTP server
support this, and many firewalls/NAT boxes will fail to detect the
command and will not open the data conduit for the FTP
ng available on solaris 10
years ago, I think).
> Anyone else running Solaris?
We do, and we confirm. The info is spreading like wildfire, and justifiably
so - I thought this bug category (-fuser) was squashed last with AIX over
10 years ago.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0
On Fri, Jun 23, 2006 at 05:12:13PM +0200, Amit Klein (AKsecurity) wrote:
> On 23 Jun 2006 at 10:35, Vincent Archer wrote:
> > The same problem did exist in RFC821, which specified the data path as
> > being 7-bit, with the MSB set to 0. The venerable ancestor sendmail did
> >
oblem with it (which happened to me, when one of my customers did
ask for a domain transfer, and had problems proving his ownership of the
domain - I kept telling him he obviously wasn't Santa Claus, and I wasn't
moving the domain until I got a copy of Santa Claus' ID)
--
Vincent ARCHER - [EMAIL PROTECTED]