i am a undergraduate student. will get a btech ie BS in computer science degree in 2007. to start a path in security is ccsp good enough? the more advanced ones like cissp either need experience or are just too expensive... those certifications can come along the way.. but to start a career is ccsp
If you're asking about how to MITM a conversation without a full
compromise of the client, the server, or any intermediate network
equipment, it's a bit tricky, but you still have some options.
I'd pinpoint DNS as one of the biggest points of vulnerability.
- One possibility is DNS cache poisonin
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
z3n wrote:
> Great Bug indeed!
>
> But don't you think this issue is kind of similar to issue 3 in this
> (old) advisory:
> http://archives.neohapsis.com/archives/bugtraq/2003-01/0203.html
Indeed it appears that 2.0.44 did not completely plug th
yes these are fakes. report them to paypal under spoof emails. dr geoffrey
smith
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Ipswitch IMail IMAP List Command DoS Vulnerability
iDEFENSE Security Advisory 12.06.05
www.idefense.com/application/poi/display?id=347&type=vulnerabilities
December 6, 2005
I. BACKGROUND
Ipswitch Imail Server is an email server that is part of the IpSwitch
Collaboration suit. Imail Supports POP
Ipswitch Collaboration Suite SMTP Format String Vulnerability
iDEFENSE Security Advisory 12.06.05
www.idefense.com/application/poi/display?id=346&type=vulnerabilities
December 6, 2005
I. BACKGROUND
Ipswitch Collaboration Suite provides e-mail and real-time
collaboration, calendar and contact l
On Tue, Dec 06, 2005 at 05:41:05PM +, Mark Knowles wrote:
> Thanks!
>
> I really appreciate the help. I have found a new interest. no more
> ASM for a month or 2
>
> So those warning are "boiling water is hot!" - there is nothing i can
> do about it - Its similar to the cash machines here no
Dear Juha-Matti Laurio,
JML> Only some seconds of Googling and
JML> http://www.osvdb.org/vendor_dict.php used..
Google? What's that? ;)
I tried more then these email addresses, I went even so far as to fill
out contact forms for some of them. I think that's "responsible"
enough.
A responsible A
If anybody of the following vendors is reading this list, please get
in touch with me :
---clip---
NOD32- secure@ security@ - no repsonse
Kaspersky - secure@ security@ - no repsonse
Avast- secure@ security@ sales@ - no repsonse
DrWeb- secure@ security@ sales@ - no repsonse
Panda AV
On Tue, 06 Dec 2005 07:55:55 PST, Daniel Sichel said:
> Anyhow, Jason summed this up elegantly and succinctly. Is anybody
> addressing this problem with cheap software a small business can afford,
> even to test just the basics?
Plenty of people. Lots of people. Probably 80% or more of the peop
If anybody of the following vendors is reading this list, please get
in touch with me :
NOD32- secure@ security@ - no repsonse
Kaspersky - secure@ security@ - no repsonse
Avast- secure@ security@ sales@ - no repsonse
DrWeb- secure@ security@ sales@ - no repsonse
quickheal.com -
AVK (G
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wilder_jeff
Wilder
Sent: Tuesday, December 06, 2005 12:41 PM
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] IT security professionals in demand in 2006
I didnt know
I didnt know that they gave out scores?... have they started doing that?
-Jeff Wilder
CISSP,CCE,C/EH
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
G e*
Christopher Kunz writes:
Well, actually, I think this is some kind of "feature" and is associated with
the behavior that is i.e. demonstrated on default installations of Apache (which
have several index.html index.html.de .en .jp etc.), only that this time not
mod_negotiation, but mod_mime is r
I was already in the door and had been doing the work for years. Then
the "Company" decided that I needed the Cert to make myself saleable to
perspective customers. I went to Borders and picked up a copy of "CISSP
For Dummies". Cracked the book 2 nights before the test to take the
practice exam
Dear all,
for your information. Please excuse possible cross-postings.
---
CALL FOR PAPERS
IMF 2006
International Conference on
Hey Guys,
I'm doing some research about performing federal level work.
Anyone have any resources listing requirements for a company to contract/
perform federal network security work? Pen-testing for example?
If I remember you have to pass certain clearance levels and pass an internal
audit...
Well my CISSP, got me a date with angelina jolie...
So there!
On a more serious note, as previous posters have mentioned, it does
have its place. The CISSP in particular SHOULD NOT BE USED AS A
MEASURE OF TECHNICAL KNOWLEDGE, SKILL, OR UB3R L33TN3SS!!!
Did i learn from studying for it? Yupo, all
Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability
iDefense Security Advisory 12.05.05
www.idefense.com/application/poi/display?id=344&type=vulnerabilities
December 5, 2005
I. BACKGROUND
Xpdf is an open-source viewer for Portable Document Format (PDF) files.
II. DESCRIPTION
Local
Multiple Vendor xpdf DCTStream Progressive Heap Overflow
iDefense Security Advisory 12.05.05
www.idefense.com/application/poi/display?id=343&type=vulnerabilities
December 5, 2005
I. BACKGROUND
Xpdf is an open-source viewer for Portable Document Format (PDF) files.
II. DESCRIPTION
Local exploit
I'll second that
-Jeff Wilder
CISSP,CCE,C/EH
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
G e* h--- r- y+++*
--END GEEK CODE BLOCK--
From
The certs get you in the door
Being crappy at your job and showcasing your shortcomings will show you
out the door.
sk wrote:
Not everyone who gets involved in security gets there because it was the
primary objective. The implication I was trying to make was that some
people get pushed d
Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability
iDefense Security Advisory 12.05.05
www.idefense.com/application/poi/display?id=342&type=vulnerabilities
December 5, 2005
I. BACKGROUND
Xpdf is an open-source viewer for Portable Document Format (PDF) files.
II. DESCRIPTION
Lo
Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
iDefense Security Advisory 12.05.05
www.idefense.com/application/poi/display?id=345&type=vulnerabilities
December 5, 2005
I. BACKGROUND
Xpdf is an open-source viewer for Portable Document Format (PDF) files.
II. DESCRIPTION
Loc
Thanks!
I really appreciate the help. I have found a new interest. no more
ASM for a month or 2
So those warning are "boiling water is hot!" - there is nothing i can
do about it - Its similar to the cash machines here now that have
stickers on them saying people can read you pin number always co
I'm sure there are problems with this, but here's my idea of preventing improper authentication. At best, I think the attacker would only be able to DoS the device, or attempt replay - which would fail without the correct time-delay. I think some kind of two-part blackbox auth with time delay was w
I've got one with no CISSP
On 12/5/05, Curt Purdy <[EMAIL PROTECTED]> wrote:
>
> Jeff Wilder sent:
> > Not to validate the cissp... but try to get a good security
> > job with out it.
>
> I agree Jeff, for some reason it is considered the gold standard, though not
> sure why. Never took a class,
You are confusing terms here I think. VUlnerability Assessment = scanner tools
Pen-Test = actual skill. At least thats how those consultants with a
clue should be selling it. A Vuln Assessment has value, but can be
done by anyone. A Pen-Test, takes a lot more time, the value is
aguable, and on
Never cast perls before swine.
--On Tuesday, December 06, 2005 12:05:28 -0500 "J. Patterson Wicks"
<[EMAIL PROTECTED]> wrote:
What does being able to write code have to do with physically securing a
data center? What does being able to write code have to do planning for
disaster recovery?
On Tue, Dec 06, 2005 at 04:26:19PM +, Mark Knowles wrote:
> Hello, please see inline answers :) sorry for the poor 'netiquette
> > > Comp1(victim1) = Windows xp box, Connected via dial up to a free ISP
> > > Comp2(attacker) = windows/*nix, connected via broadband to different
> > > ISP than co
What does being able to write code have to
do with physically securing a data center? What does being able to write code
have to do planning for disaster recovery? There is more to IT security
than exploits and viruses. Business (both big and small) need professionals
to interface with t
===
Ubuntu Security Notice USN-225-1 December 06, 2005
apache2 vulnerability
CVE-2005-2970
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Wartho
Hello, please see inline answers :) sorry for the poor 'netiquette
>
> > Comp1(victim1) = Windows xp box, Connected via dial up to a free ISP
> > Comp2(attacker) = windows/*nix, connected via broadband to different
> > ISP than comp1
> > Comp3(webserver/victim2)
> >
> > C1< - > C3
> >
> > C2-
>Content-Type: text/plain
>
>Commercial pressures are just as harmful to security as are complexity
and ignorance.
>
>Regards,
>
>Jason Coombs
>[EMAIL PROTECTED]
That is a profound insite (at least for me). It crystalizes what I have
experienced for many years and am about to again. My company i
[EMAIL PROTECTED] wrote:
On Tue, 06 Dec 2005 05:31:02 GMT, mary said:
On Mon, 5 Dec 2005, Technica Forensis wrote:
what are floppies formatted with, again? as bad as FAT is, it's
hardly outdated.
depends on the OS...
You find a random floppy during a search of an offic
Hi Igor,
many thanks for not being a sucker, but being a responsible person and
notifying us about what you found before disclosing this issue.
If you had turned your brain on for a minute and talked to us, we
would have let you know that I discovered this flaw already and am
working on a
Mark Knowles wrote:
> Comp1(victim1) = Windows xp box, Connected via dial up to a free ISP
> Comp2(attacker) = windows/*nix, connected via broadband to different
> ISP than comp1
> Comp3(webserver/victim2)
>
> C1< - > C3
>
> C2---¦
Are you asking what's possible or what's easiest? I think
Hello All,
PRELUDE
What is HORDE?
http://www.horde.org/about/
The Mission
The Horde Project is about creating high quality Open Source
applications, based on PHP and the Horde Framework.
The guiding principles of the Horde Project are to create solid
standards
Hi
In regard to recent auto-responses from 4daily.com to list members:
an unknown third party appears to be forwarding FD posts to their
support system.
I have received assurances from 4daily.com that this situation was
resolved. This is clearly not the case. Please bear with me whilst I
attemp
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of H D Moore
Sent: Monday, December 05, 2005 11:42 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Rogue Network Link Detection
"Unauthorized network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:kernel
Announcement ID:SUSE-SA:2005:067
Date:
Damn... What the hell it supposed to be?
New spam and advert strategy?
Nice :)
Thanks,
Dan
PS: List admin, please check that email - seems they subscribed only to get
email addresses ;)
PPS: Sorry for list noice.
--- Begin Message ---
== Please reply above this line ==
Ag. System Admin
Hi List!
Is anybody use/used tool called loghound (http://kodu.neti.ee/~risto/loghound/)?
Seems that is verry usefull tool and I'm interested in examples of usage (tips,
tricks, patterns, etc..)
Not a lot of examples on the web site (and even google don't know a lot) :(
Thanks a lot,
Dan
__
Hi all,
I have been thinking about packet sniffing and packet capture - it is
because of all of those alerts in IE - you know the ones - This page
is not encrypted and a 3rd party might be listening.
I have been doing some googling and not really found much, but then
I am not too sure what I am
z3n wrote:
> Great Bug indeed!
>
> But don't you think this issue is kind of similar to issue 3 in this
> (old) advisory:
> http://archives.neohapsis.com/archives/bugtraq/2003-01/0203.html
>
Well, actually, I think this is some kind of "feature" and is associated with
the behavior that is i.e. d
Great Bug indeed!
But don't you think this issue is kind of similar to issue 3 in this
(old) advisory:
http://archives.neohapsis.com/archives/bugtraq/2003-01/0203.html
Regards,
Peter zenster
___
Full-Disclosure - We believe in it.
Charter: http://list
Hi,
H D Moore wrote:
I found an old document and some crappy perl code on my system, figured
someone might find it interesting:
I wouldn't say crappy.
Indeed this is quite a handy little tool. I quickly discovered that I
can now spoof traffic using our 3rd parties Data Center servers for
Certification have their place in the industry.it is a base line to judge a person and his technical knowledge.
yes i agree to you all about the fact that people with little knowledge or no knowledge doing this certifications.Also they this certificates require some prerequisites to write.
botto
===
Ubuntu Security Notice USN-224-1 December 06, 2005
krb4, krb5 vulnerabilities
CVE-2005-0468, CVE-2005-0469, CVE-2005-1174, CVE-2005-1175,
CVE-2005-1689
===
A security issue
49 matches
Mail list logo
