I like how security professionals see themselves as part of the intellectual elite and the computer users as the ignorant hoards.
In a field where anyone is call an expert, and 16 year olds can pass a CISSP, how is it that these experts forget they are only a certification away from being
Put information infront of the user, on unrelated pages. Keep doing it and
eventually users will educated on a reasonable level to better check and patch
systems, before the authors of malicious code and script kids get to them
first. n3td3v
No, your receptionist really couldnt give a shit,
On the site tanfoglio.it, there is a small php script that provides a small
popup with a picture of their product. The vulnerability lies in the fact that
this script fails to sanitize input. This can allow a user to put arbitrary
code into the file.
POC:
Virus Friendly and phased might be to young to remember the old saying what
you want the next generation to believe begin teaching this generation. It
is a known fact that the major cause of computer criminal acts is the result
of careless and uneducated users. I have said it again and again, the
On Mon, 3 Oct 2005, Randall M wrote:
Virus Friendly and phased might be to young to remember the old saying what
you want the next generation to believe begin teaching this generation. It
That's a nicely worded brainwashing statement. How about having the next
generation believe truth not
On Mon, 03 Oct 2005 07:49:33 EDT, J. Oquendo said:
On Mon, 3 Oct 2005, Randall M wrote:
Virus Friendly and phased might be to young to remember the old saying what
you want the next generation to believe begin teaching this generation. It
That's a nicely worded brainwashing statement.
On Mon, 03 Oct 2005 07:49:33 EDT, J. Oquendo said:
On Mon, 3 Oct 2005, Randall M wrote:
is a known fact that the major cause of computer criminal acts is the result
of careless and uneducated users. I have said it again and again, the User
is the best defense any Admin can have.
by
In theory, what you say is incorrect.
They may take you in but, in court they have to prove it was yours.
It is not your responsibility to prove your innocence.
It is their responsibility to prove your guilt.
In fact, there are more that a couple cases where the prosecutor told
the jury the
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
One acronym: BSOD. Why have users learned what it is, and grown accepting of
seeing one? Do you know any Windows users who have *never* encountered one?
The majority of BSODs are caused by buggy third-party drivers and malware
Date
October 3, 2005
Vulnerability
The Kaspersky Antivirus Library provides file format support for virus
analysis. During analysis of cab files Kaspersky is vulnerable to a heap
overflow allowing attackers complete control of the system(s) being protected.
This vulnerability can be exploited
While its easy to recognize your point, it's also quite moot.
The supportability issues of long ago, are just that - long ago. The
customer base was, when the PC market first expanded and continues to
be, vastly larger from when computer companies offered that type of
service. ...and at at much
The stash was in the bushes out side the residence. The kid and anyone
else passing by had access to it. Reasonable doubt of ownership exists.
Reasonable doubt costs money.
~Mike.
___
Full-Disclosure - We believe in it.
Charter:
On Mon, 3 Oct 2005, Debasis Mohanty wrote:
Paul,
This does not include the version 3.7.159 you are testing.
Didn't get the meaning by what you mean by This does not include. Do u
mean whether or not version 3.7.159 is vulnerable it shouldn't be
conscidered??
What I'm saying is that
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200510-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
--On Monday, October 03, 2005 09:38:16 -0400 Lane Weast
[EMAIL PROTECTED] wrote:
In theory, what you say is incorrect.
They may take you in but, in court they have to prove it was yours.
It is not your responsibility to prove your innocence.
It is their responsibility to prove your guilt.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200510-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
[Description]
The Windows XP tftp.exe software is vulnerable to a local Heap Based
overflow,
allowing to run arbitrary commands on the system as the user issuing the
overflow.
[Complete advisory]
CIRT.DK Advisory 38 can be read at http://www.cirt.dk/
Regards
CIRT.DK
On Mon, 3 Oct 2005, Steve Friedl wrote:
The majority of BSODs are caused by buggy third-party drivers and malware
(rootkits, etc.) Is that part of Microsoft's monopolistic abuse?
Does any kind of evidence (apart from PR-flack-based spin) exist for this
conclusion?
Can you point me to it?
Bruce, I don't think you are going to find hard evidence for either
conclusion. But Bruce's conclusion is consistent with my own
experiences, and that of many other Administrators that I discuss
issues like this with.
Since its inception, supporting NT 3.0 beta and onward, I have been
dealing
err, But Steve's conclusion is consistent with my own...
On 10/3/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote:
Bruce, I don't think you are going to find hard evidence for either
conclusion. But Bruce's conclusion is consistent with my own
experiences, and that of many other Administrators
I have been following this in the background because a number of my
friends who got zapped in the high tech spindown out here in California
have ended up in computer forensics and datamining because that's what
gets money these days. Some are happy and some are a bit concerned. I am
Paul Laudanski
What I'm saying is that the vendor never claimed ZAP versions prior to 5
are not vulnerable in the report.
Funny Paul!! You are simple exaggerating upon the same point again and again
in a new style each time. Well, They don't even say that ZAP versions prior
to v5 are
* Jason Coombs: /* There is simply no way for law enforcement to know the
difference between innocent and guilty persons based on hard drive data
circumstantial evidence. */
Jason,
Are you stumping for work as a defense expert? I hope so, because I know
several Law Enforcement Officers who
hello list,
Lately 'Debasis Mohanty' was refreshing some old issues. Anyways... is
Bypassing Personal Firewall let an internal (evil) application
communicate with the external world, the hard. I mean... OK try
this Lets.. me give you a simple concept. I'll call it
'passive communication'
Bipin,
That's very old news, we were discussing an approach a bit more elgant
than this. And yes, it's that hard nowadays Kerio will easily block
your bat file due to it's integrated HIPS. (although a fonction which
can be very annoying sometimes.)
BG the batch file will get executed Internet
On Mon, Oct 03, 2005 at 10:37:05AM -0600, Bruce Ediger wrote:
Does any kind of evidence (apart from PR-flack-based spin) exist
for this conclusion?
This is what Microsoft tells me what they gather from the online error
reporting and crash analysis, and it comports with my experience as
well. I
Bipin Gautam wrote:
Anyways... is Bypassing Personal Firewall let an internal (evil)
application communicate
with the external world, the hard.
Yes Indeed !! As long as you are trying out this concept with the current
versions of ZA Pro and few prior versions... The beauty of ZA Pro is, it
integrated HIPS. (although a fonction which
can be very annoying sometimes.)
To be more precise they call it behavior blocking.
--
Thierry Zoller
mailto:[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter:
Just to correct my last statement in my previous reply -
There is another way by which an evil-code can get this run is by moving
the batch file to system startup
or pointing it in the registry to run on system boot but this will be a
warning signal for the user.
Even ZA Pro blocks and
On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said:
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
One acronym: BSOD. Why have users learned what it is, and grown accepting
of
seeing one? Do you know any Windows users who have *never* encountered one?
The majority
On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said:
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
Perhaps if they hadn't been so busy designing baroque undocumented APIs for
the
use of their own monopolistic software(*), they could have designed a cleaner
API
that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think the main problem of every kind of security precaution is, that
the user has to understand what he is being told.
i had customers who just let everything in and out because they thought
that their setup would need it.
a few major tricks in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: kernel
Advisory ID:
On Mon, Oct 03, 2005 at 03:41:58PM -0400, TheGesus wrote:
In NT4 they redesigned the GDI so that the user could bypass
userland and talk straight to the kernel.
It's been so long I don't recall the exact details, but this re-hack
paved the way for DirectX and sped up the response of the new
Can you give me an example of a trojan, worm, or another program which has
added the last USB device installed in the Windows Registry,
yes, see below
or how about a program, worm, trojan -
some ASM code... ( edited )
any_key1 db SYSTEM\CurrentControlSet\AnyKeyIWant, 0
another_key2 db
On Mon, 3 Oct 2005, Debasis Mohanty wrote:
Paul Laudanski
What I'm saying is that the vendor never claimed ZAP versions prior to 5
are not vulnerable in the report.
Funny Paul!! You are simple exaggerating upon the same point again and again
in a new style each time. Well, They
If a bulb in my car was found to cause a fire in certain models from a
certain manufacturer, I would want to know exactly which one were in
danger...not the other way around. Has ZA tested the other versions?
They know 6 isn't vulnerable but if they don't say that 3 is vulnerable
then we have to
say... a backdoor want to communicate to its server... It can do
is, use a trusted internal application to do the job. Suppose; it
creates a batch file run the batch file (evil.bat) executes this
command
this has been going on for years - there are some trojans that create
An
38 matches
Mail list logo