RE: [Full-disclosure] Re: Multiple AV Vendor Incorrect CRC32BypassVulnerability.

> While it might be a vulnerability if the file is > extracted which it hasto be to be executed the > desktop scanner will detect it at that time. > Multiple layers of defense is your best option > As far as number 3 Antigen detects Eicar. YAP, i never reported Antigen vulnerable to the 3'rd o

[Full-disclosure] MailMonitor for Exchange has processed a suspicious mail

A mail addressed to you has been identified as suspicious by MailMonitor for Exchange. Event: infection Action: No action Message ID: <[EMAIL PROTECTED]> Message subject:[QUAR]RE: [Full-disclosure] Re: Multiple AV Vendor Incorrect C

RE: [Full-disclosure] Re: Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

1'st issue: Could anyone verify the existance of both vulnebrility in *Symantec products* cauz it seems like symantec engineers got the *old* broken file that i reported lately and couldn't reproduce the thing. I tried reporting the issue but the message had a broken eicarta string so i think the m

Re: [Full-disclosure] Reverse dns

Paul Schmehl([EMAIL PROTECTED])@Thu, Mar 10, 2005 at 09:57:57AM -0600: > Is there an RFC *requirement* for reverse dns? This doesn't overtly state a requirement for reverse DNS, but the existence of BCP 20 (aka RFC 2317) indicates the assumption of reverse DNS as being standard. This document des

[Full-disclosure] Re: Multiple AV Vendor Incorrect CRC32BypassVulnerability.

Title: Re: Multiple AV Vendor Incorrect CRC32BypassVulnerability. I scanned the file with McAfee 8.0i and it end up stating that it couldn't scan the EICAR.COM file because it was encrypted. Was this your Intention? -- Message: 16 Date: Fri, 11 Mar 2005 07:55

RE: [Full-disclosure] Re: Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

You are correct by doing this you are marking the zip file as encrypted. Your option at this time is to turn on the feature delete encrypted compressed files. Fri Mar 11 17:59:02 2005 (4320-4292), "INFORMATION: Internet scan found virus: Folder: SMTP Messages\Internal Message: test Fi

Re: [Full-disclosure] Stealing Free Articles and Auctioning It

On Fri, 11 Mar 2005 01:21:05 +0200 Maxim Vexler <[EMAIL PROTECTED]> wrote: > On Thu, 10 Mar 2005 23:22:03 +0530, Debasis Mohanty > <[EMAIL PROTECTED]> wrote: > > > I bought a copy, then used the techniques and fornd > > > your own paper on: > > > www.infosecwriters.com/text_resources/ > > > doc/D

Re: [Full-disclosure] Stealing Free Articles and Auctioning It

On Fri, 11 Mar 2005 01:21:05 +0200, Maxim Vexler <[EMAIL PROTECTED]> wrote: > On Thu, 10 Mar 2005 23:22:03 +0530, Debasis Mohanty > <[EMAIL PROTECTED]> wrote: > > > > Thanks to the person who informed me that one of my article called > > "De-Mystifying Google Hacks" is being sold at eBay without my

Re: [Full-disclosure] [SPAM] Fw: Newest Internet Security Patch

yep looks like a virus , I thought it was someone phreaking :) thx for the infos . - class101 Jr. Researcher Hat-Squad.com - - Original Message - From: "Florian Bauhaus"

RE: [Full-disclosure] Multiple AV Vendor Incorrect CRC32BypassVulnerability.

Sorry but this was quarantined what ever it was you sent. Steve Scholz Corporate Sales Engineer-North America Sybari Software, Inc. 631-630-8556 Direct 516-903-2464 Mobile Email: [EMAIL PROTECTED] MSN IM:[EMAIL PROTECTED] (email never checked) -Original Message- From: [EMAIL PROTEC

[Full-disclosure] Re: Complaint to be filed at grok org uk

I apologise for bringing private mail into a public forum, but I felt that this was indeed relevant and important for list members to be made aware of. On Fri, Mar 11, 2005 at 09:40:52PM +0100, Tamas Feher wrote: > Tit for tat mode activated. It is a shame that you view my actions in such a nega

Re: [Full-disclosure] US pres election was hacked away by Dumbya&cabal. (fwd)

Paul Schmehl wrote: Normally I would not post publicly a private email from someone without their permission, but this bozo deserves it. You want to threaten me, Seth? Please, contact my boss. Write hundreds of letters to the editor of whatever papers you desire. While you're at it, contact t

Re: [Full-disclosure] US pres election was hacked away by Dumbya&cabal. (fwd)

who cares? I thought this was a security related mailing list, for once this is not about US politics, I don't care about it and the rest of the world don't care about it either, please stop. Next time join a political party, go vote, march to the congress or the white house or whatever, do somethi

[Full-disclosure] [OFFTOPIC] I don't know if anyone has noticed...

I just received my first "Digest" version of F.D. since the switchover. Seeing all the subject lines in a row kind of made it stand out that "US pres election was hacked away by Dumbya & Cabal." was the subject line on 10 out of 31 posts. That's about 32%. Think about that. Or if you don't wan

Re: [Full-disclosure] US pres election was hacked away by Dumbya&cabal. (fwd)

All of you, kindly take it off list. This is not the appropriate forum, and publicising private retorts to a public forum is childish. On Fri, 11 Mar 2005 09:54:00 -0600, Paul Schmehl <[EMAIL PROTECTED]> wrote: > Normally I would not post publicly a private email from someone without > their per

Re: [Full-disclosure] Stealing Free Articles and Auctioning It

On Mar 10, 2005, at 18:21, Maxim Vexler wrote: In fact I wasn't able to find in the document text under what licence it's being published, from that one could conclude that it's "Public Domain" which is even less restrictive then "Free Licence". No, the default is "all rights reserved." ___

Re: [Full-disclosure] Stealing Free Articles and Auctioning It

At least in the US, works are protected by copyright from the moment of creation, with or without any explicit copyright notice. Registering for copyright lets you sue if you find someone violating your copyright, but it's not required for a work to be protected. See: http://www.copyright.gov/help

Re: [Full-disclosure] Fwd: NDA & SOX?

Christoph Gruber wrote: > If a manufactorer of software gets to knowledge of a certain weakness > (vulnerability), does he have to inform the public immediatly? > Is it even worse, if the manufactorer forces everyone, who has > knowledge about that thing, to sign NDAs? Let me take your question a l

Re: [Full-disclosure] Multiple Vulnerabilities of PY Software Active Webcam WebServer

It appers that the server does not use multithreading... QUOTE START: Before the administrator press "Cancel" or "Yes",the other request will be paused,that means the other user cannt Access the HTTP Server,thus leading to a Denial Of Service QUOTE END Sowhat . wrote: Multiple Vulnerabilities of PY

[Full-disclosure] [Fwd: Re: Web security breach changes the lives of 119 people]

Once again, securityfocus.com refuses to post the truth. Anyone who has been following the story of the Harvard Business School applicants and others who allegedly hacked a Web site operated by ApplyYourself Inc. will find the following information valuable. And you can't get it on securityfocus

[Full-disclosure] Administrivia: SpamCop Issue Resolved

Hi The erroneous listing of Full-Disclosure in the SpamCop SCBL has now been resolved. The change of list IP address led to the list traffic being reported when it should now have been, and SpamCop wish to extend their apologies to the list for this mixup. I'd like to thank list members Devdas

Re: [Full-disclosure] Re: Reverse dns (whether you want it or not)

On Fri, 11 Mar 2005 13:48:05 -, Dave Korn <[EMAIL PROTECTED]> wrote: > "TheGesus" wrote in message news:[EMAIL PROTECTED] > > On this subject (marginally), last year we moved a rather large CIDR > > block from one ISP to another. > > > > The new ISP took it upon themselves to give *ALL* our unu

[Full-disclosure] Windows rootkits get all the hype

Hello, There is much much talk lately about Windoze rootkits, more precisely Win32 full process hiding technologies as used in malicious code. How it is being used by spyware and adware as well as worms and hackers, etc. Companies are starting to scare people and to offer protection. First Wi

[Full-disclosure] Re: Full-Disclosure Digest, Vol 1, Issue 8

Message: 8 Date: Thu, 10 Mar 2005 12:10:42 -0800 From: Taoists Hurdled <[EMAIL PROTECTED]> Subject: Re: [Full-disclosure] US pres election was hacked away crumby&cabal. To: Full Disclosure Message-ID: <[EMAIL PROTECTED] drop.org> Content-Type: text/plain; char set=us-ascii > If you don't

Re: [Full-disclosure] [SPAM] Fw: Newest Internet Security Patch

>This might be helpful to spot out this fake microsoft mail telling you to download the attachement. >It does several times that Im receiving it and I guess many users trusts it's from ms but it is not. >(attachement removed from this mail), looks like the sender is a wanadoo.fr host. It's W32

RE: [Full-disclosure] Multiple AV Vendor Incorrect CRC32BypassVulnerability.

Stops sending eicar.  What’s your problem?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Scholz Sent: Friday, March 11, 2005 6:59 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Multiple AV Vendor Incorrect CRC32BypassVulnerability. Impor

RE: [Full-disclosure] Nothing is real. Video makes it easy to fake anything!

What's the point of this troll? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Feher Tamas Sent: Friday, March 11, 2005 2:29 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Nothing is real. Video makes it easy to fake anything! http

Re: [Full-disclosure] Nothing is real. Video makes it easy to fake anything!

--On Friday, March 11, 2005 09:28:53 AM +0100 Feher Tamas <[EMAIL PROTECTED]> wrote: http://www.newswatch50.com/news/national/story.aspx?content_id=422B960A-2 6BA-4891-9E60-21C8818788D4 This story has already been thoroughly debunked. 1) There were no Marines involved in the capture of Sadaam. It

[Full-disclosure] Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.

In Local file header if you modify "general purpose bit flag" 7th & 8'th byte of a zip archive with \x2f ie: "\" F-port, Kaspersky, Mcafee, Norman, Sybari, Symantec seem to skip the file marking it as clean!!! This was discoverd during the analysis of "Multiple AV Vendor Incorrect CRC32 Bypass Vuln

Re: [Full-disclosure] US pres election was hacked away by Dumbya&cabal. (fwd)

Normally I would not post publicly a private email from someone without their permission, but this bozo deserves it. You want to threaten me, Seth? Please, contact my boss. Write hundreds of letters to the editor of whatever papers you desire. While you're at it, contact the Governor and requ

Re: [Full-disclosure] Publishing exploit code ruled illegal in France?

> nothing would have happened to the hacker, if he had not published his > eye-catching stuff. > the corporation wanted to punish this hacker because he somehow ruined > their reputation ... and they did it successfully. Omg and how is the reputation of ms ? oracle? phpbb ? ca ? etc .. is their r

Re: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

[EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE > ANTIVIRUS-TE> in the text file rather then a valid > eicar. yap, i admit; i was uploaded the file... and soon relized i uploaded the wrong file. But, i think for altest about 30 min

[Full-disclosure] Re: iDownload/iSearch responds to Spyware Critics

Paul Laudanski wrote: Slashdot ran two stories earlier on how iDownload/iSearch sent letters to anti-spyware companies/websites telling them to [ http://yro.slashdot.org/article.pl?sid=05/02/23/1830243&from=rss ] stop listing their brand as spyware or malware. The spyware critics [ http://yro.slas

Re: [Full-disclosure] Publishing exploit code ruled illegal in France?

Hi , so , in France , since three years , the laws are very hard , by default , alls security researchers community are criminals ! you don't have the right to have or use a security tool , you don't have the right to have a copy of a virus for studing , you don't have the right to publish some t

Re: [Full-disclosure] Nothing is real. Video makes it easy to fake anything!

On Fri, Mar 11, 2005 at 09:28:53AM +0100, Feher Tamas wrote: > http://www.newswatch50.com/news/national/story.aspx?content_id=422B960A-26BA-4891-9E60-21C8818788D4 > > UPI: Ex-Marine Says Public Version of Saddam Capture Fiction Congratulations on becoming the first moderated member at lists.grok.

Re: [Full-disclosure] Reverse dns

All other debates about it being required or not aside, I recently was working with someone for whom reverse DNS stopped working properly for a period. They found that although it didn't "break" some protocols, a large number of things slowed down while a reverse DNS request timed out these include

full-disclosure@lists.grok.org.uk

I agree, we all know that the voting machines had problems (cell phones have problems, cars have problems). Maybe Bush's cell phone had something to do with all of this? That doesn't make sense does it? Cellphones are political, but every time we talk about voting exploits, names are thrown in and

[Full-disclosure] Re: Reverse dns (whether you want it or not)

"TheGesus" wrote in message news:[EMAIL PROTECTED] > On this subject (marginally), last year we moved a rather large CIDR > block from one ISP to another. > > The new ISP took it upon themselves to give *ALL* our unused IP > addresses a bogus reverse lookup in the (general) format of > > 10.20.30.4

[Full-disclosure] Fwd: NDA & SOX?

Ahoi! Listening to a presentation on Thursday I wondered about the follwing thing: SOX (Sarbanes Oxley Act 2004) forces the disclosure of information which could be relevant to investors (very short form). For example: If a manufactorer of cars gets to knowledge of a certain weakness in his car

[Full-disclosure] Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.

Hi, Well, technically these would be separate vulnerabilities, wouldn't you say? Could you perhaps share a bit more information about which headers work well in circumventing which AV products? -- Lise get the new updates at, http://www.geocities.com/visitbipin/crc.html strangely, after modifying

full-disclosure@lists.grok.org.uk

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Etaoin Shrdlu > Sent: 10 March 2005 20:11 > To: Full Disclosure > Subject: Re: [Full-disclosure] US pres election was hacked > away byDumbya&cabal. > > mike lieman wrote: >[snip] > If you don't lik

Re: [Full-disclosure] Stealing Free Articles and Auctioning It

On Thu, 10 Mar 2005 23:22:03 +0530, Debasis Mohanty <[EMAIL PROTECTED]> wrote: > Hey Folks, > > While my efforts are always to contribute free knowledge to the community > like many others, there exists many lames and craps who has mastered Ctrl-C > and Ctrl-V and use this lame methods to copy pas

Re: [Full-disclosure] US pres election was hacked away by...

Typical American? No. Loud-mouth American that gets attention? Yes. I'm sure it's the same in every country. Please, lets get back to real Full Disclosure. On Thu, 10 Mar 2005 17:37:23 +, Filipe Varela <[EMAIL PROTECTED]> wrote: > That's tipical american. To think that the whole world is

Re: [Full-disclosure] 2 nice pop/pop/ret :) (update)

> I had the same problem with that universal w2k offset you posted about on > 9th Feb (Subject: Nice call to ebx found). I went and looked for it on my > W2k Pro Sp2 system at home. It wasn't there :-( Yep normal, because if I remember , I have mentionned that it was for w2k pro&srv , SP4's seri

Re: [Full-disclosure] Publishing exploit code ruled illegal in France?

On Thu, Mar 10, 2005 at 09:59:35AM -0700, Burnes, James wrote: > So, in France, which of the following statements are true? > > 1. You must literally own the software in question before reverse > engineering it? A normal user license is not good enough. In other > words, only Microsoft may rever

[Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

Hi Bipin,   Actually by removing the file name size you made the Eicar.com invalid. Antigen does scan this file and when it extracts the eicar.com.txt we get a [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE in the text file rather then a valid eicar. Since you made the name length a zer

[Full-disclosure] Nothing is real. Video makes it easy to fake anything!

http://www.newswatch50.com/news/national/story.aspx?content_id=422B960A-26BA-4891-9E60-21C8818788D4 UPI: Ex-Marine Says Public Version of Saddam Capture Fiction A former U.S. Marine who participated in capturing ousted Iraqi President Saddam Hussein said the public version of his capture was a fa

RE: [Full-disclosure] Publishing exploit code ruled illegal in France?

better is stops talking about thos fuckers at TEGAM, To resume their job, they spend your money in court instead of to enhance their crappy AV. Cheers to my compatriot tena... - class101 Jr. Researcher Hat-Squad.com

Re: [Full-disclosure] Publishing exploit code ruled illegal in France?

nothing would have happened to the hacker, if he had not published his eye-catching stuff. the corporation wanted to punish this hacker because he somehow ruined their reputation ... and they did it successfully. now french guys will think twice before publishing eye-catching stuff("i'm using

Re: [Full-disclosure] Reverse dns

On Thu, 10 Mar 2005 13:37:07 CST, Paul Schmehl said: > 3) Rather than hiding hostnames (which is a trivial security gain anyway) > we should *move* hosts to private space unless their owners can provide a > compelling reason for needing an internet-resolveable address. And having done that, mak

RE: [Full-disclosure] Reverse dns

RFC1123 Section 6, especially 6.1.5 -Original Message- From: Paul Schmehl [mailto:[EMAIL PROTECTED] Sent: Thursday, March 10, 2005 8:14 PM To: Dale Babiy; full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Reverse dns --On Thursday, March 10, 2005 11:35:10 AM -0500 Dale Ba

full-disclosure@lists.grok.org.uk

On Mar 10, 2005, at 12:45 PM, Todd Towles wrote: You post a article which you knew would start a political debate. If you want to talk about the security of electronic voting, then what can people people against you? But you aren't being general. Now an article describing or a demonstration of an

[Full-disclosure] I don't know if anyone has noticed...

I just received my first "Digest" version of F.D. since the switchover. Seeing all the subject lines in a row kind of made it stand out that "US pres election was hacked away by Dumbya & Cabal." was the subject line on 10 out of 31 posts. That's about 32%. Think about that. 32% of the band

[Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

    Actually by removing the file name size you made the Eicar.com invalid. Antigen does scan this file and when it extracts the eicar.com.txt we get a [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE in the text file rather then a valid eicar. Since you made the name length a zero

RE: [Full-disclosure] Re: Reverse dns (whether you want it or not)

I would ask your ISP to give reverse domain delagation to your DNS servers. This will allow your DNS servers to defeine the reverse DNS, and the root servers will point to them instead of your ISP's DNS. This is a common request and most ISPs (including mine) do this. Edward W. Ray CISSP, MC

full-disclosure@lists.grok.org.uk

"Paul Schmehl" wrote in message news:[EMAIL PROTECTED] > --On Thursday, March 10, 2005 08:39:41 AM -0800 Edward Ray > <[EMAIL PROTECTED]> wrote: > > You may not care that the partner of the losing candidate for the most > > important elected national leader in the world is apparently claiming

[Full-disclosure] [SPAM] Fw: Newest Internet Security Patch

This might be helpful to spot out this fake microsoft mail telling you to download the attachement. It does several times that Im receiving it and I guess many users trusts it's from ms but it is not. (attachement removed from this mail), looks like the sender is a wanadoo.fr host.   Details:

Fw: [Full-disclosure] 2 nice pop/pop/ret :) (update)

and the XP SP2 english: File Version:0x000500010a280884 Product Version: 0x000500010a280884 File Flags: File OS: NT WINDOWS32 File Type: DLL File Subtype:Not currently supported File Date: 0x Translation table: - 0409 04b0

Re: [SPAM] [Full-disclosure] Stealling Free Articles and Auctioning It

Hi! I have heard about something like Google Alerts: http://www.google.com/alerts?promo=app-us If you write something and publish it on the net you can check if someone is using your work without your permission (or find out that you were cited on some "noble" site :P). It can be good for a start

re: [Full-disclosure] 2 nice pop/pop/ret :) (update)

sorry, got a problem to copy paste as I have said I think we have 2 different versions, mine is File Version:0x000500010a280452 Product Version: 0x000500010a280452 File Flags: File OS: NT WINDOWS32 File Type: DLL File Subtype:Not currently supported File Date:

[Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

Hi Bipin,   Actually by removing the file name size you made the Eicar.com invalid. Antigen does scan this file and when it extracts the eicar.com.txt we get a [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE in the text file rather then a valid eicar. Since you made the name length a zer

[Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

Hi Bipin,   Actually by removing the file name size you made the Eicar.com invalid. Antigen does scan this file and when it extracts the eicar.com.txt we get a [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE in the text file rather then a valid eicar. Since you made the name lengt

full-disclosure@lists.grok.org.uk

Not that anyone hates America here, but this is not a political mailing list. This is FULL-DISCLOSURE. Unless those links contain information how how the machines were "hacked" along with some real documentation, stop posting this pointless drivel to this mailing list. If you want to talk about

Re: [Full-disclosure] Reverse dns

On Thu, 10 Mar 2005 11:30:51 CST, Paul Schmehl said: give details. I'll give you this much. We're having a > philosophical disagreement about the value of disallowing reverse dns for > hosts on our network. It's the ancient security by obscurity discussion. > > My concern is that we should n

[Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

    Actually by removing the file name size you made the Eicar.com invalid. Antigen does scan this file and when it extracts the eicar.com.txt we get a [EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TE in the text file rather then a valid eicar. Since you made the name length a zero