On Wed, 16 Mar 2005, Gregh wrote:
[HEADERS SNIPPED]
>
>
> >
> >>From what little I read on their site, it seems to be a radius auth mech
> > based upon MAC addresses.
> >
>
> Isn't that basically what a lot of wi-fi broadband router/modems do anyway?
>
> Eg, set up a netgear DG834 (think
- Original Message -
From: "Ron DuFresne" <[EMAIL PROTECTED]>
To: "KF (Lists)" <[EMAIL PROTECTED]>
Cc:
Sent: Wednesday, March 16, 2005 12:20 PM
Subject: Re: [Full-disclosure] Wi-fi. Approaching customers
>
>>From what little I read on their site, it seems to be a radius auth mech
> ba
>From what little I read on their site, it seems to be a radius auth mech
based upon MAC addresses.
Thanks,
Ron DuFresne
On Tue, 15 Mar 2005, KF (Lists) wrote:
> hrmm... is that based on signal strength or something?
> -KF
>
> Ryan Sumida wrote:
> >
> > As a side note..
> >
> > Newbury Networ
On Tue, 15 Mar 2005, Ryan Sumida wrote:
> As a side note..
>
> Newbury Networks has a product called WiFi Watchdog that can allow/deny
> access based on physical location. As an example, it can be configured
> where anyone outside the building walls can not connect to the network but
> once they
Would guess so,
but this would be easily overtaken by using directional antenna / amplifier :)
to add my 0.1 GBP, we have written to NHS in UK on one occasion couple of years
ago, warning them on them having open wireless link. The response was somewhat
ridiculous that they employ CCNA, so they ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 15, 2005 at 09:06:05PM +, Nigel Horne wrote:
> > > # unzip -l mixed-eicar.zip
> > > Archive: mixed-eicar.zip
> > > Length Date TimeName
> > >
> > > 308 03-10-05 12:00 Test^G^[[2J^[[2;5
hrmm... is that based on signal strength or something?
-KF
Ryan Sumida wrote:
As a side note..
Newbury Networks has a product called WiFi Watchdog that can allow/deny
access based on physical location. As an example, it can be configured
where anyone outside the building walls can not connect to
As a side note..
Newbury Networks has a product called
WiFi Watchdog that can allow/deny access based on physical location. As
an example, it can be configured where anyone outside the building walls
can not connect to the network but once they move inside the building they
are allowed access.
On Mon, 14 Mar 2005, Dr. Peter Bieringer wrote:
> during investigation of Sober.l we got the idea to replace the spaces of a
> filename contained in the ZIP archive by some escape sequences.
>
[...]
>
> Also we found that at least 2 AV scan programs from 2 vendors do not detect
> the virus insid
On Tuesday 15 Mar 2005 17:29, Rodrigo Barbosa wrote:
> On Tue, Mar 15, 2005 at 05:45:58PM +0100, Dr. Peter Bieringer wrote:
> > >I STIL FIND IT happy to
> > >see there are lot of AV out there that cant scan such
> > >file properly to detect virus.
> >
> > The problem must be located in the unzip en
I'm not sure I'd use the words covered legally. Keep inmind in some areas
people might feel this type of activity violates federal wiretapping laws.
Doesn't mean they're right or wrong just means you could be causing yourself
some serious issues.
I can say for certain that I've seen small securit
Although not directly liable, you must be able to say who had what IP
at a certain time time when bad activity came from your network... If
you are unable to provide that information, you are then liable...
We too are semi-open. You can get a DHCP address, access our public
websites, our DNS ser
What about doing a targeted mail campaign (zip code, zip +4 , etc) with
a flyer about wireless security/insecurity in general with specific
statistics for the target area, or even a generic (not pinpoint gps
accuracy, but large area overview) map showing open access points?
Coral
Gregh wrote:
>
Addendum to my last Post :
Credit where Credit is due. List generated with help of
http://virusscan.jotti.org/
If you are an AV vendor pelase donate a license to this website. Thanks.
--
Thierry Zoller
http://www.sniff-em.com
___
Full-Disclosure - We
Dear List,
Updated: State as of 15/03/2005
From ftp://ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/
File unfiltered-escape-sequences-in-filename-eicar.zip
---
AntiVir : Eicar-Test-Signature
Avast
Now here's the .90 cent question:
If ISP's are not liable for the content across them, and cannot be held
liable.
And you run an Open WIFI network...
Aren't you in effect an ISP Albeit a free one?
And if you are an ISP, then wouldn't you, not be liable for content sent
across your network.
Matthew Sabin wrote:
My company has made a conscious decision to leave our WiFi open to visitors,
while our internal machines connect via IPSec on the open airwaves.
A drive-by would show the open nature of our WiFi, but wouldn't immediately
tell you that we've secured our business fairly well.
b
My lawyer advised me against approaching people with the information that
their wifi is open to hackers. Honestly, there are too many laws in your
way (in the US at least). I urge you to look into your local laws and see
if there is a good way to approach customers without making it seem like
I'm not sure I can help you on the contacting process, but question you
assumptions.
My company has made a conscious decision to leave our WiFi open to visitors,
while our internal machines connect via IPSec on the open airwaves.
A drive-by would show the open nature of our WiFi, but wouldn't im
Dear list,
Interesing findings:
Different results with different variants
[EMAIL PROTECTED] posted this POC (over FD)
http://www.geocities.com/visitbipin/test_nav.zip
AntiVir : Eicar-Test-Signature
Avast: EICAR Test-NOT
Gregh,
IMO, you're covered legally. I know it sounds fishy to approach a
potential client already knowing they're insecure...but don't all of us to
that on a regular basis? I mean I will hit google with a vengence before I
go into the kick-off meeting...I want to know what I'm up against.
I would r
I have asked this on another list and there has been discussion but nothing
that really seems like an answer so I am asking for help in here.
I did a war drive (and in MY terms that means just driving along gathering SSID
data showing open and closed and nothing else BUT that) and found one HELL
Hi Michael,
--On Tuesday, March 15, 2005 01:51:55 PM -0600 "Michael J. Pomraning"
<[EMAIL PROTECTED]> wrote:
> On Mon, 14 Mar 2005, Dr. Peter Bieringer wrote:
>
>> during investigation of Sober.l we got the idea to replace the spaces of
>> a filename contained in the ZIP archive by some escape s
J.A. Terranson wrote:
This "story" really just reflects what has been going on in the real world
for some time now.
Yes. Another incident from two years ago that demonstrates this
philosophy quite well:
[From http://www.eweek.com/article2/0,1759,921855,00.asp]
[FEDS MOVE TO SECURE NET]
"The most
AUTHOR
Komrade
[EMAIL PROTECTED]
Original advisory:
http://unsecure.altervista.org/security/goodtechtelnet.htm
DATE
15/03/2005
PRODUCT
The product turns a Windows NT/2000/XP/2003 system into a multi-user
Telnet server. Gives Telnet users full access to Windows NT command
line. (informations from th
Andrew J Caines wrote:
Any good security books fellow members have read recently and would
like to recommend?
Bruce Schneier, "Secrets & Lies: Digital Security in a Networked World"[1]
and "Beyond Fear: Thinking Sensibly about Security in an Uncertain
World"[2].
Yes, these are excellent.
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 15, 2005 at 05:45:58PM +0100, Dr. Peter Bieringer wrote:
> >I STIL FIND IT happy to
> >see there are lot of AV out there that cant scan such
> >file properly to detect virus.
>
> The problem must be located in the unzip engine:
>
> We've
>> i guess, companies should know learn how to treat ppl.
>> who write to them. For this, i've always admired
>> Microsoft. (O; (no flames)
>> -bipin
This is something I must agree with you Bipin. Microsoft has always been
polite and responsible atleast to whatever I have posted them in the p
--On Dienstag, 15. März 2005 08:34 -0800 bipin gautam
<[EMAIL PROTECTED]> wrote:
I STIL FIND IT happy to
see there are lot of AV out there that cant scan such
file properly to detect virus.
The problem must be located in the unzip engine:
We've created a mixed ZIP now:
# unzip -l mixed-eicar.zip
Dr. Peter,
My rants regarding similar issue dates back, Mar 05,
2004. There was some other issues in NAV product that
i tried contacting SYMANTEC in 2003 (i guess).
Symantec, discarded this issue.
http://www.securityfocus.com/archive/1/357065
So did they to latest advisory!!!
http://www.geocitie
Dr. Peter,
My rants regarding similar issue dates back, Mar 05,
2004. There was some other issues in NAV product that
i tried contacting SYMANTEC in 2003 (i guess).
Symantec, discarded this issue.
http://www.securityfocus.com/archive/1/357065
So did they in to latest advisory!!!
http://www.geoci
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200501-38:03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200503-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
NICE FIND. (O;
But hey, That something quite similar to my old
advisory
:http://www.securityfocus.com/bid/9811/discussion/
Norton AntiVirus 2002 ASCII Control Character Denial
Of Service Vulnerability
Norton AntiVirus 2002 has been reported to crash when
performing manual scans on files containe
Scott White wrote:
Any good security books fellow members have read recently and would like
to recommend?
Apart from decent books on your favourite security software:
"Intrusion Detection" by Stephen Northcutt and Judy Novak
"Secrets and Lies" by Bruce Schneier
"Crash! How t
===
Ubuntu Security Notice USN-95-1 March 15, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0209, CAN-2005-0210, CAN-2005-0384, CAN-2005-0529,
CAN-2005-0530, CAN-2005-0531, CAN-2005-0532, CAN-2005-0736
===
All of the books mentioned are great. Hacking Exposed is a must. Most of
them (necessarily) only go 90% of the way.
If you really want to learn the stuff then read a few of the books and
then spend time at some of these sites reading white papers and looking
at actual code, vuln descriptions, meth
Am Dienstag, 15. März 2005 09:04 schrieb Ron:
> I am vairly well versed in all of these fields, and they all interest
> me. ... and can't think of anything exciting
> to do with any of these.
Pick the one you dislike most - that's where things are probably farthest away
from you present state and
- Original Message -
From: "Ron" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, March 15, 2005 12:04 AM
Subject: [Full-disclosure] Ideas for school project...
> Hi everybody,
>
> I'm taking a fourth year University course called "Topics in Computer
> Security." One of our assignments is a "majo
Nice work there.
I think there is alot of commersial programs out there that lend alot
of code from various open source programs (GPL because if they are BSD
then it's allright even for commersial programs to use it).
It's hard to prove because as you say, if you sit and change all
strings you woul
Hi everybody,
I'm taking a fourth year University course called "Topics in Computer
Security." One of our assignments is a "major project" (probably a 10
or so page report, although she hasn't been very specific on the
requirements) that's due in a few weeks. We have been given a choice of
to
41 matches
Mail list logo