- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200512-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
On Wed, 28 Dec 2005 18:28:16 +0100, GroundZero Security said:
> your last point was "*IF* you are not doing *nothing illegal*
How does a US citizen know they are doing "nothing illegal", when the
government apparently feels that secret laws are acceptable, and thus
could be in violation of some K
On Wed, 28 Dec 2005 15:24:02 EST, Michael Holstein said:
> >Rule/Policy: Sexual Discrimination
>
> Ha .. so not only do they have a misconfigured copy of Trend eMail
> scanner (eg: bounce to list) .. they try to flag on "sexual
> discrimination" words.
>
> Probably one of the flamers calling an
There are those laws that are direct and clear cut, and there are the
ones that takes an act of congress to decide what is legal or not. ;)
Regulations of HIPPA as I understand it are very confusing, and can lead
to a person being a law breaker if they do not follow the regs
correctly, same can b
On Thu, Dec 29, 2005 at 05:36:36AM -0500, [EMAIL PROTECTED] wrote:
>
> I've found that calling somebody a "fucking idiot" won't trigger most of those
> scanners, but saying that something is "a real bitch to configure correctly"
> will. Go figure. ;)
>
i believe the fucking word "fuck" triggers
Got a new test of it this morning? I am surprised Norton doesn't have it
yet.
TrendMicro has released pattern file = 3.135.00
It appears to pick up all the trojans using the WMF exploit as of right
now. Variants could affect this however.
Is this buffer overflow pretty specific like the older G
As anyone tested the well known Irfanview product? It defaults takes
over WMF files from the Microsoft Product.
-Todd
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Filters can only do so much it takes a person behind it to decide if it
was a valid bloc or not. Now I have an answer to a question but it may
have been rhetorical.
Q:
> --
> where do you want bill gates to go today?
>
1 of two places sound out clear to me.
1) Iraq, Baghdad with a sign stati
Yup got to go after the politicians and those folks that worked for the
three letter agencies or unnamed agencies or otherwise can be decent
folks. They just have a job to do. Education of the masses is key. We
can not whine about something that is in progress.
It was not done at before year X
Sunbelt has released
several sites that are being used to spread bad WMF files
http://sunbeltblog.blogspot.com/2005/12/more-than-50-wmf-variants-in-wild.html
I have added this sites
into my static blocking, but this isn't a great method..but it can
only help at this point. Wanted to sha
On Thu, Dec 29, 2005 at 08:43:14AM -0600, Leif Ericksen wrote:
> Filters can only do so much it takes a person behind it to decide if it
> was a valid bloc or not. Now I have an answer to a question but it may
> have been rhetorical.
>
doi.gov did it again.
just checking loop possibilities.
--
just checking loop possibilities.
Good idea .. try using a return address in the DFI domain that's got
'homo' in it and send it to DOI with 'fuck'. Based on the bounce reports
(and what they include) that ought to have those two idoits bouncing the
same message back for days.
/mike
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
norton detects it under the corporate version BloodHound.Exploit.56
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html
I guess you tried the norton customer version which isn't virus
definition updated everyday, compa
Ad wrote:
> norton detects it under the corporate version BloodHound.Exploit.56
>
> http://securityresponse.symantec.com/avcenter/venc/data/bloodh
> ound.exploit.56.html
>
> I guess you tried the norton customer version which isn't
> virus definition updated everyday, companies are more at ris
Anti-virus researcher Andreas Marx of Av-Test.org has concluded
an annual round of testing to see how well the various anti-virus
programs responded to recent outbreaks of viruses and worms.
The results appear to show that while the major anti-virus products
are still having trouble keeping up
Valdis worte:
> Anti-virus researcher Andreas Marx of Av-Test.org has
> concluded an annual round of testing to see how well the
> various anti-virus programs responded to recent outbreaks of
> viruses and worms.
> The results appear to show that while the major anti-virus
> products are still
Title: Message
Sorry
if this was asked before, but how do I know if my machine has been
compromised? I am working on a way to contain any damage caused by this
exploit, and it would be helpful to know for sure that what I am doing is
working or not working.
Thanks!
-Original Mes
Title: Message
Got it
. . . the mscracks site is still available, so I have been running my tests from
that, and I think I may have a workaround for anyone who is interested, but I
need people to help me test it. Here's what I did:
First:
I
created a virtual machine with SP2 installed, AV
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think jerome athias pubbed a working workaround about unloading a
dll but anyway the most evident countermeasure while browsing website
and wich I guess everyone does, it's to use firefox instead of IE :)
Discussion Lists wrote:
> Message Got it .
>TrendMicro has released pattern file = 3.135.00
>It appears to pick up all the trojans using the WMF exploit as of right
>now. Variants could affect this however.
If they're blindly detecting anything that contains the SetAbortProc, then
they're detecting the legitimate use of a documented func
On Thu, 29 Dec 2005, Peter Ferrie wrote:
Perhaps you should read about it on Microsoft's site. It's not a buffer
overflow. WMF files since at least Windows 3.0 days have been allowed
to carry executable code in the form of their own SetAbortProc handler.
This is perfectly legitimate, though t
Mix in a generous helping of 'type sniffing' by MS so that you can name
WMF files .gif or .jpg or some other random suffix and you have one hell
of a problem that can only really be completely fixed by MS releasing a
patch to kill execution of embedded executable code in WMF files.
Has anyone
List,
When I reboot my computer I have 2 GB space. After about 4 hours of plain
web browsing, I get a low space message. The space left is 1 MB.
Something keeps on filling up my hard drive when my machine is on. How do I
figure out what? Anyone heard of this
Help appreciated
Thanks
When I reboot my computer I have 2 GB space. After about 4 hours of
plain web browsing, I get a low space message. The space left is 1 MB.
Something keeps on filling up my hard drive when my machine is on. How
do I figure out what? Anyone heard of this
Um .. this is a bit O/T for full-disclosur
The browser cache is limited. Also, this is not due to browsing. I suspect
it is due to some program that is installed on my machine.
I ran an anti-virus too. No results.
Just wondering if there has been any maliicous programs lately that do this
- Original Message -
From: "Michael Hol
On Thu, 29 Dec 2005 09:25:17 EST, Michael Holstein said:
> ignoring the magic bits in the header. The next round of "social
> engineering" emails that say :
>
> "rename the attached .fix file to .exe so you can run it correctly"
>
> are just around the corner.
I believe this has already been sp
On Thu, 29 Dec 2005 08:04:43 CST, Leif Ericksen said:
> There are those laws that are direct and clear cut, and there are the
> ones that takes an act of congress to decide what is legal or not. ;)
And then there are those you're not allowed to even *see*. In Gilmore v.
Ashcroft,
the Department
use filemon.exe from www.sysinternals.com to see disk io. This will tell
you what is writing and where.
To make it easier, shutdown as many programs as possible including av while
you watch.
I doubt it's a virus. Filling up a hard-disk is counter productive to
propagation. Though I do think
[EMAIL PROTECTED] wrote:
On Thu, 29 Dec 2005 08:04:43 CST, Leif Ericksen said:
There are those laws that are direct and clear cut, and there are the
ones that takes an act of congress to decide what is legal or not. ;)
And then there are those you're not allowed to even *see*. In Gi
Peter wrote:
> Perhaps you should read about it on Microsoft's site.
> It's not a buffer overflow. WMF files since at least Windows
> 3.0 days have been allowed to carry executable code in the
> form of their own SetAbortProc handler. This is perfectly
> legitimate, though the design is a po
those god damn filters are a real fuck ing bitch to configure correctly
aren't they?
- Original Message -
From: "Georgi Guninski" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, December 29, 2005 9:17 AM
Subject: Re: [Full-disclosure] Re: [MailServer Notification]To
rec
--On December 29, 2005 2:05:23 PM -0500 [EMAIL PROTECTED] wrote:
On Thu, 29 Dec 2005 08:04:43 CST, Leif Ericksen said:
There are those laws that are direct and clear cut, and there are the
ones that takes an act of congress to decide what is legal or not. ;)
And then there are those you're n
Paul Schmehl wrote:
So, while everybody eagerly portrays Mr. Gilmore as an innocent citizen
just trying to about his daily life, he was far from it, knew when he
entered the airport he was going to cause trouble, deliberately chose to
do so anyway and now whines about his rights being violated.
The security directives are secret because you don't
show your hand to the enemy (except if you work for the New York Times.)
Uh huh .. so the newspaper informing the public about an illegal
government program (after holding the article for a year at the
government's request) is "helping the e
It comes back to ignorance of the law is no excuse.
So depending on the Lawyers, and the judges and possible jury you are
either boned or get a slight slap and are told do not do it again!
--
Lhe
On Thu, 2005-12-29 at 14:14 -0500, bkfsec wrote:
> [EMAIL PROTECTED] wrote:
>
> >On Thu, 29 Dec 2005
On Thu, 29 Dec 2005, Paul Schmehl wrote:
--On December 29, 2005 2:05:23 PM -0500 [EMAIL PROTECTED] wrote:
That's a silly misrepresentation of the facts of the case. There *is* no law
requiring the presentation of ID at an airport. There *is* a law that makes
it illegal to hijack a plane, and
Uh, not even close.
--On December 29, 2005 12:06:45 PM -0800 Blue Boar <[EMAIL PROTECTED]>
wrote:
Paul Schmehl wrote:
So, while everybody eagerly portrays Mr. Gilmore as an innocent citizen
just trying to about his daily life, he was far from it, knew when he
entered the airport he was going
Actually MOST states in the US require that you have a photo ID if you
are over the age of 18. It can be A Driver License or it can be a
generic state issued ID. As far as air travel is concerned, a quick
looks see gave me this:
http://www.tsa.gov/public/display?content=090005198004a900
Personall
HUMMM Could it be CACHE! just what is plain web browsing?
On Thu, 2005-12-29 at 10:44 -0800, Hochin Chen wrote:
> List,
>
> When I reboot my computer I have 2 GB space. After about 4 hours of plain
> web browsing, I get a low space message. The space left is 1 MB.
> Something keeps on filling up
* Leif Ericksen ([EMAIL PROTECTED]) [051229 12:29]:
> Actually MOST states in the US require that you have a photo ID if you
> are over the age of 18. It can be A Driver License or it can be a
> generic state issued ID. As far as air travel is concerned, a quick
> looks see gave me this:
> http://
--On December 29, 2005 3:06:35 PM -0500 Michael Holstein
<[EMAIL PROTECTED]> wrote:
The security directives are secret because you don't
show your hand to the enemy (except if you work for the New York Times.)
Uh huh .. so the newspaper informing the public about an illegal
government program
That is a good question... but showing and ID is good enough for you to
purchase alcohol if you are 21 or over in the US. Folks are supposedly
trained to be able to spot fakes as well they have a book available to
compare them against if they are unsure.
So with a good fake ID a person can mak
How does showing ID to an official make anyone safer?
It doesn't. Any kid with Photoshop and some time can download templates
for any state driver license on the Internet and print one that would
easily fool the bean counters at the airport.
/mike
Now with air travel how hard is it for an East German or say a
Palestinian to travel on the Israeli Airlines (what is its name again)
How about even a US citizen of E German decent or has a VISA stamp from
a country that Israel considers hostile. Personally I would only know
from what I have seen
* Leif Ericksen ([EMAIL PROTECTED]) [051229 12:47]:
> That is a good question... but showing and ID is good enough for you to
> purchase alcohol if you are 21 or over in the US. Folks are supposedly
> trained to be able to spot fakes as well they have a book available to
> compare them against if
This one I could not leave alone
Speaking of the terrorist COWARDS. If their cause is so just and noble
to their God, how come they have to hide their faces under a black hood.
I equate them to nothing less the a group we had in and sadly still can
find here in the US at times. I might make
On Thu, Dec 29, 2005 at 02:37:44PM -0600, Paul Schmehl wrote:
> We could remove the ID checks for airports and
> just let the terrorists blow planes up willy-nilly.
The leap from A to B in that statement could make it to the moon.
--
Stephen J Friedl | Security Consultant | UNIX Wizard | +1
On Thu, 29 Dec 2005, Paul Schmehl wrote:
Yes, because 1) the program isn't illegal
Well, about five years ago a lwa was passed forbidding *any* government
employee including the president from such spying seems to make it
illegal. This is will be determined by the legal and political proce
On Thu, 29 Dec 2005, Paul Schmehl wrote:
That's a silly misrepresentation of the facts of the case. There *is* no law
requiring the presentation of ID at an airport. There *is* a law that makes
it illegal to hijack a plane, and there *are* security directives, issued by
the FAA, which define
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: TinyMCE Compressor Vulnerabilities
Release Date: 2005/12/29
Last Modified: 2005/12/29
Au
Leif Ericksen wrote:
It comes back to ignorance of the law is no excuse.
Ahh, but there's a BIG difference between willful or unwillful ignorance
and intentional ignorance.
It's one thing to not know a law that you should know; it's a completely
different thing to be blocked from knowing
Paul Schmehl wrote:
Yes, they have. Especially the anti-war bozos who think they can tame
a Zarqawi by giving in to his demands. And apparently many more who
think terrorism is no menace at all.
Hey Paul!
What do you think about obeying the list charter and at least try
to tie your
Yet in my defense, CERT calls it a "buffer overflow" ;)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Peter Ferrie
> Sent: Thursday, December 29, 2005 11:51 AM
> To: full-disclosure@lists.grok.org.uk
> Subject: RE: Re[2]: [Full-disclosure] tes
2005/12/29, bkfsec <[EMAIL PROTECTED]>:
Paul Schmehl wrote:> Yes, they have. Especially the anti-war bozos who think they can tame
> a Zarqawi by giving in to his demands. And apparently many more who> think terrorism is no menace at all.>Hey Paul! What do you think about obeying the lis
On Thu, 29 Dec 2005 14:37:44 CST, Paul Schmehl said:
> And the funniest thing of all is that they got stupid Americans all riled
> about about civil and privacy rights in the process, completely losing
> track of what's really important - preventing another attack on our soil.
You have this so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
not your fault todd, they are too gay at cert
http://www.us-cert.gov/cas/techalerts/TA05-362A.html
huhu...
Todd Towles wrote:
>
> Peter wrote:
>> Perhaps you should read about it on Microsoft's site.
>> It's not a buffer overflow. WMF files since
--On December 29, 2005 4:14:12 PM -0500 [EMAIL PROTECTED] wrote:
On Thu, 29 Dec 2005, Paul Schmehl wrote:
Yes, because 1) the program isn't illegal
Well, about five years ago a lwa was passed forbidding *any*
government employee including the president from such spying seems to
make it il
--On December 29, 2005 4:20:51 PM -0500 gboyce <[EMAIL PROTECTED]> wrote:
Mr. Gilmore, who is an activist civil libertarian, deliberately entered
an airport without an form of ID, then refused to produce ID when
requested. When he was then asked to undergo a more thorough screening,
he refused
--On December 29, 2005 11:21:09 PM +0100 fok yo <[EMAIL PROTECTED]> wrote:
Hey Paul!
What do you think about obeying the list charter and at least try
to tie your degenerate apologist misrepresentations of the world into
information security somehow?
Can't but second this.
Interesting
> Or have you already forgetten that terrorists have been killing us (and
> many others around the world) since the 1970's without pause?
It's been going on for A LOT longer than that.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.or
2005/12/29, Peter Ferrie <[EMAIL PROTECTED]>:
>Is there a registry key for the emf file extention also? I noticed in all of the articles, that they say disabling the >wmf file extention won't affect the emf file extention vulnerabilities.
EMF files do not support this function, so they are not vu
Technica Forensis escribió:
Or have you already forgetten that terrorists have been killing us (and
many others around the world) since the 1970's without pause?
So, is it a must to read all this in a technical mailing list? If we
want to start a political thread I can put my piece...
___
[EMAIL PROTECTED] to Michael Holstein:
> > ignoring the magic bits in the header. The next round of "social
> > engineering" emails that say :
> >
> > "rename the attached .fix file to .exe so you can run it correctly"
> >
> > are just around the corner.
>
> I believe this has already been spo
Since when did Iraq have terrorists? I thought you guys were going in to rid them of weapons of mass instruction. After nearly 16 years and your government still has yet to find these so called weapons. I have more mitre listings then Iraq has weapons op Mass instruction
--tadaOn 12/29/05, Paul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo All!
Sorry to actually talk about security here, but this has been bugging
me for a while. Check out the headers in the email I just got from
this list below.
Pay particular attentiom to this header that shows gmail signed the
original message:
On Thu, 29 Dec 2005, Benjamin Krueger wrote:
* Leif Ericksen ([EMAIL PROTECTED]) [051229 12:47]:
That is a good question... but showing and ID is good enough for you to
purchase alcohol if you are 21 or over in the US. Folks are supposedly
trained to be able to spot fakes as well they have a
Hello everybody,
due to some internal communication problems, I was not able to reply
here earlier :-(
I really apologize for that !
Our Solution Bank record
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp
?solutionId=27438&id=27438
is pointing you to the related fix and
-- Utility to backup you Oracle Password Hashes
-- Modified from http://lists.grok.org.uk/pipermail/full-disclosure/2005-
October/038290.html
-- Code by anonymous
-- Exemple:
--##startc0GtJBi1
DECLARE
i1 INTEGER;
i2 INTEGER;
i6 INTEGER;
iHostToSearchFor INTEGER;
reference_ip varchar2(1000);
On 12/29/05, Michael Holstein <[EMAIL PROTECTED]> wrote:
> > The security directives are secret because you don't
> > show your hand to the enemy (except if you work for the New York Times.)
>
> Uh huh .. so the newspaper informing the public about an illegal
> government program (after holding the
I am sick and tired of posts like
thisI don't see any else's government doing a
damn thing about it, at least we're friggin DOING SOMETHING. While
other countries sit blindly on their rear-ends Ok, that's not entirely
fair, UK is helping and so are a few others, you know what wo
--On December 29, 2005 10:22:12 PM -0500 Stan Bubrouski
<[EMAIL PROTECTED]> wrote:
Especially when "the enemy" is anyone who publicly or *privately*
disagrees with the president. Worse now US citizens are enemies with
no civil rights and are imprisoned indefinately like rats...exactly
what are
On 12/29/05 5:47 PM, "Paul Schmehl" <[EMAIL PROTECTED]> wrote:
> --On December 29, 2005 11:21:09 PM +0100 fok yo <[EMAIL PROTECTED]> wrote:
>>
>> Hey Paul!
>>
>> What do you think about obeying the list charter and at least try
>> to tie your degenerate apologist misrepresentations of the
Some facts and logic may prove useful.
Why do you think that the US government would wish to spy on its own citizens?
Ah-ah - Islamo-terrorist sleeper cells have infiltrated the US for possibly a
decade. First examine the terrorist angle and then return to the necessity for
internal spying.
Ni
Since the list appears to have gone on yet another holiday, I proffer
below a reply to the many schizophrenic rants recently posted by our
Resident Fascist and Associate Professor of Modern Bullshit, Paul Schmeil.
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF
'The right of self defenc
On Fri, 30 Dec 2005, Pete Simpson wrote:
> Some facts and logic may prove useful.
Agreed: we're still waiting for some...
> Why do you think that the US government would wish to spy on its own
> citizens?
Because it is currently inhabited by a fascist neocon.
> Ah-ah - Islamo-terrorist sleep
to sum it all up...
1 giant catch 22.
You are damned if you do and you are damned if you do not.
--l
On Thu, 2005-12-29 at 16:35 -0500, bkfsec wrote:
> Leif Ericksen wrote:
>
> >It comes back to ignorance of the law is no excuse.
> >
> >
> >
> Ahh, but there's a BIG difference between willful
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Dec 30, 2005 at 03:36:05AM -, Pete Simpson wrote:
> Nineteeen Islamo-terrorists changed the world irrevocably in September 2001.
Changed the world ? Wow. How american of you to think that the USA is the
world.
Ok, wait. Let me look around
The bible code believers was that history channel or discovery???
Say there are WMD but they are not in Iraq... They have decrypted the
hidden message and the WMD are out of Iraq, and were moved out some time
ago but they do exists.
how they come up with some of their ideas is just nuts if you as
Gary E. Miller wrote:
> Yo All!
>
> Sorry to actually talk about security here, but this has been bugging
> me for a while. Check out the headers in the email I just got from
> this list below.
If you think DomainKeys has anything to do with "security" you either
have no clue what DomainKeys i
There is that large "turd nugget" again. Seems people like to throw around the "if you don't like it get out" I'm of the opinion and inclination that if I don't like something, I'll change, but only on my terms, not yours or your silly rabbit of a leader
Exibar, I assume that's a made up name; sort
On Thursday 29 December 2005 22:21, J.A. Terranson wrote:
>
> On Fri, 30 Dec 2005, Pete Simpson wrote:
>
> > Some facts and logic may prove useful.
>
> Agreed: we're still waiting for some...
Devolution into a bottomless cesspool of contrived and meandering arguments is
a painful (okay, perhap
On Thu, 29 Dec 2005 21:33:23 PST, zap zoid said:
> happiness. Who saved your ass when the British were coming? Your fore
> fathers stood up and said NO more. Well, maybe not your fore father.
Actually, it was his mom that couldn't say no when the British were coming... ;)
pgpSrWuSrrZXa.pgp
Des
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Nick!
On Fri, 30 Dec 2005, Nick FitzGerald wrote:
> > Sorry to actually talk about security here, but this has been bugging
> > me for a while. Check out the headers in the email I just got from
> > this list below.
>
> If you think DomainKeys ha
83 matches
Mail list logo
