On Fri, 28 May 2010, d...@securityfocus.com wrote:
And this is the sort of thing that would be appropriate:
- www.example.com (this is really the best way to go)
Except that www.example.com, while reserved according to RFC 2606,
actually resolves to a host with a web server (running, interest
On Fri, May 28, 2010 at 08:38:57AM -0700, Nate Eldredge wrote:
> On Fri, 28 May 2010, d...@securityfocus.com wrote:
>
> >And this is the sort of thing that would be appropriate:
> >- www.example.com (this is really the best way to go)
>
> Except that www.example.com, while reserved according to
Hey everybody,
I just wanted to clarify our policy about accepting posts that contain
real domains and websites in proof-of-concept and exploit examples. We
don't. If I see this, my normal response is to bounce it back to the poster and
ask them to sanitize the example and resend their post. But
Bugtraq Subscribers,
Due to a recent lateral shift I've made, I am no longer moderating
the Bugtraq mailing list. I haven't moderated full time for a
while, and now it's time to hand the list over to a new manager.
David McKinney <[EMAIL PROTECTED]> will be taking over Bugtraq
as primary m
This is a troll for out-of-office autoreplies, bounces, list
unsubscription acknowledgements, list rejection replies, support ticket
generation notices and other irritating junk-mail responses that are
triggered by Bugtraq posts.
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 E
Good day,
Today, SecurityFocus and Symantec announced that Symantec is acquiring
SecurityFocus. Symantec sees real value in the services SecurityFocus
provides to its customers and believes they are an excellent fit with
their current offerings. We at SecurityFocus see this as an opportunity to
p
Dear subscribers,
I regret to inform those who have not noticed already that there have been
significant delays in distribution of Bugtraq traffic. This was due
to severe problems that we have been having with lists.securityfocus.com
and our two outgoing mailservers. It could not have come at a
Hello,
I hope you've all had a pleasant weekend.
Over the past few months, the number of posts to Bugtraq discussing
cross-site scripting and other vulnerabilities in websites/online
services has increased. To be consistent with a precedent set
before my time, I have approved them when I felt t
When using GPG or PGP to sign your messages please make sure your
key is in one of the publicly available key servers or include an
URL to where it can be found in your message. Otherwise we can't
verify your signature.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem,
Folks,
Please, do not quote whole messages in your replies. Doing so is a waste
of bandwidth and makes the list difficult to read for the people using
the digest. Please, only quote the section of the message you are replying
to. Thank you.
--
Elias Levy
SecurityFocus.com
http://www.securityfoc
Now that the storm has passed for the most part I will only be approving
a few final messages on this topic. Please, use the incidents mailing
list if you wish to follow up on Core Red. You can find it at
[EMAIL PROTECTED]
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pac
[EMAIL PROTECTED] wrote:
> I am killing this thread. If you must continue with the discussion please
> take it to the www-mobile-code or secprog mailing lists.
Or perhaps use the PHP mailing lists. Surprisingly enough, we do
discuss issues like this. ;) (See http://php.net/support.php)
I am killing this thread. If you must continue with the discussion please
take it to the www-mobile-code or secprog mailing lists.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Some follow up comments. All messages to the list now have a List-Id
header. This is a recently proposed RFC to standardize mailing list
identification. Please make use of it for filtering messages.
RFC2919: http://www.mit.edu/afs/athena/reference/rfc/authors/rfc2919.txt
Subject line prefixing w
Good day,
[ I apologize to those that will receive this message multiple times ]
As undoubtedly you will have noticed by now we experienced some problem
with our mailing lists this past week. In short, LISTSERV finally croaked.
It simply could not handle the load. We hoped to perform the the
We have been experiencing some mail problems which have resulted in
some messages to the list simply disappearing in route to the list
or during the approval process.
If you sent an important message to the list during the past few
days and have not seen it posted either send it in again or c
Its common for people to attempt to post messages to BUGTRAQ about
security but not related to vulnerabilities simply because there is
no better venue. With this in mind we've created a number of new
mailing lists.
SECTOOLS - For the announcement of new or updated (free) security tools.
SECPAPE
Elias wrote:
> I am getting very frustrated by how badly designed are some antivirus
> products. Every time someone posts something to the list that even
> mentions VBS, some viruses, or other innocuous text strings I get flooded
> by warning messages from this useless products.
>
> Particularly
I am getting very frustrated by how badly designed are some antivirus
products. Every time someone posts something to the list that even
mentions VBS, some viruses, or other innocuous text strings I get flooded
by warning messages from this useless products.
Particularly bad are the Sybari Softwa
Please ignore those RedHat advisories that got approved earlier. Someone
is looping the list onto itself and those slipped by.
As its painfully obvious to many we have reached a point were we have
outgrown LISTSERV. We are looking for alternatives. Ideally we would like
to find a well written and
I am killing the Strong ES model vs Weak ES model thread unless someone
was something substantial to add. It is obvious both models have value
and that people disagree on their relative merit. Obviously this is the
reason they were both described in the RFC and neither recommended over the
other.
Over the weekend, I will be returning the Bugtraq helm to Aleph One. It
has been a pleasure and an honor to moderate the list, and thank you all
for your patience with me while I "got the hang of it". It's certainly
more difficult than it looks :)
Best wishes,
Ben Greenbaum
Director of Site Conte
One question I've always wrestled with is whether to approve messages that
affect services (such as specific web sites), instead of applications.
During the last couple of weeks I've seen an increase in the number of
such messages submitted to the list.
Normally I do not like to approve such mess
I am killing the DB security thread. Please take it to a more appropriate
forum such as comp.databases.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
I am killing the ISP/spoofing/money/suing thread. This topic does not to be
discussed but BUGTRAQ is not the correct forum. You'll be at home
discussing the topic in the inet-access mailing list. You can subscribed
to it by sending a message with a body of "subscribe" to
"[EMAIL PROTECTED]". Pleas
I apologize for the trickle of messages during this past week. The recent
DDOS attacks have kept us busy. I will be approving a number of backlogged
messages.
BTW, BUGTRAQ has now over forty thousand subscribers. Its actually had
them for a couple of weeks now.
I'll also take this time to remind
Well it seems that EICAR attachment set off a lot of alarms. To clear
things up the EICAR file is a test file used to test an antivirus
basic functions are working. You can find out more about EICAR at
http://www.iecar.org/.
A reminder: BUGTRAQ is a vulnerability mailing list. As such some of
the
I am killing the Network Solutions / domain hijacking thread. I think its
very clear that Network Solutions registrar system is hopelessly insecure.
If you must continue using them try to use the PGP or CRYPT-PW authentication
methods, otherwise I would evaluate some of the competing registrars.
It seems the folks at ORBS (orbs.org) have decided that since our mail
server its hosted of above.net, and above.net is filtering their
probes since they claim they are a DoS, ORBS is adding any mail servers
connected via above.net (including ours) to their spam relaying list,
regardless that our
I am killing the vulnerability and licensing/copyright protection thread.
Copyright protection is an unsolvable problem. You are trying to protect
code running in an untrusted environment. There is little you can do.
Knowing you will fail it boils down to figuring out whether you at least
want to
When BUGTRAQ was first created its charter called it a list to
discuss UNIX vulnerabilities. Not much time passed before
the list discussed vulnerabilities in other platforms such as
VMS, routers and other network aware devices. As more Windows 95/98
and Windows NT machines came online we started
As some of you may have guessed I been out of town for the
last two weeks for both a business and pleasure trip to Japan.
I had someone covering for me while I was away. A couple of messages
got through that should have been killed but things seems to have
moved smoothly. I'd like to thank the p
We are pleased to host a new security mailing list that may be of
interest BUGTRAQ subscribers.
What is EXPLOIT-DEV?
There are many forums for reporting security bugs and distributing exploit
code or examples. A prime example of such a forum is the BUGTRAQ
mailing-list. However, nearly all o
Sorry for that earlier exchange today. I thought I was pointing
out the fact that an exploit has been available in the underground
for a vulnerability whose details have been kept away from the
public and that this is an example as to why security through
obscurity does not work. Obviously Russ th
This is just a short message to remind people to filter out
mailing lists (such as BUGTRAQ) when you use vacation messages.
They are very annoying and will get you removed from the list.
LISTSERV gives you the option to stop mail delivery while you
are away by setting your account options to NOMAI
Well it took longer that I thought it would, but that is always the
case. Right? This message is to announce the availability of three
new mailing lists.
The first two are BUGTRAQ-JP (Japanese) and BUGTRAQ-ES (Spanish).
The first one will be moderated by Nobuo Miwa <[EMAIL PROTECTED]>
and the sec
Every so often I get requests to post job openings on the list.
As that is not within the charter of the list I reject them.
With this in mind we've created a few mailing list: SecurityJobs.
SecurityJobs is a mailing list and Forum on SecurityFocus developed to
help IT Security Professionals find
If you you a confirmation message for BUGTRAQ from Netspace you can
ignore it. The transfer of the list to the new address cancels all
those confirmation requests.
--
Elias Levy
Security Focus
http://www.securityfocus.com/
If anyone posted any messages of interested yesterday afternoon
you may want to send it back in. Had seven messages that got
nuked on the transfer. I think most of the where replies to
the Administrivia but just in case...
--
Elias Levy
Security Focus
http://www.securityfocus.com/
OK. This should be the first message you receive from the new list
address.
--
Elias Levy
Security Focus
http://www.securityfocus.com/
40 matches
Mail list logo
