: >>A more ethical company would have sent HDM a polite note saying that
: the person no longer works there before curiosity got the best of them.
:
: Does your company do this for all former employee e-mail accounts?
No. But they also don't continue to accept mail to those accounts either.
:
On Wed, 6 Jun 2007, Kradorex Xeron wrote:
: > Illegal or not, this is still pretty damned shady.
: >
:
: I will seldom touch on the legal side but I have a possible scenario:
:
: -- If David is no longer at that address, it could be said that his mail
: account was taken down and the mail sen
>>A more ethical company would have sent HDM a polite note saying that
the person no longer works there before curiosity got the best of them.
Does your company do this for all former employee e-mail accounts?
Let's hope he unsubscribed from all his mailing lists before he left.
Larry Seltzer
e
There may be no impersonation going on. Could be that email for terminated
people is directed to a common mailbox which might be perused by security folks
to check whether anything wrong might have been going on and not noticed while
the person was there. In effect the mail has then gone to a wildc
On Wednesday 06 June 2007 09:47, H D Moore wrote:
> Hello,
>
> Some friends and I were putting together a contact list for the folks
> attending the Defcon conference this year in Las Vegas. My friend sent
> out an email, with a large CC list, asking people to respond if they
> planned on attending
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Larry Seltzer wrote:
> Why would this be offensive? It's a company address. Someone might send
> e-mail containing company business to the address.
>
Isn't everyone also assuming that dmaynor isn't now Dan Maynor or Doug Maynor
or John Smith who
like
One time I made everyone start calling me Waffles, but they refused to
create me an email account with that name. I was heart broken. I'm still on
anti-depressants because of it.
On 6/6/07, Brian Anderson <[EMAIL PROTECTED]> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Larry Seltzer wr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Larry Seltzer wrote:
> Why would this be offensive? It's a company address. Someone might send
> e-mail containing company business to the address.
>
Isn't everyone also assuming that dmaynor isn't now Dan Maynor or Doug Maynor
or John Smith who
lik
No, you! LOLOLOLOLOLOLOLOL!
On Wed, 06 Jun 2007 16:20:57 -0400 evilrabbi <[EMAIL PROTECTED]>
wrote:
>go fuck yourself
>
>
>
>On 6/6/07, Joey Mengele <[EMAIL PROTECTED]> wrote:
>> Mr. Moore,
>>
>> Your expert recon abilities have been established earlier in
>this
>> thread. I will not allow y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200706-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
On Wed, 06 Jun 2007 04:36:08 -, =?utf-8?B?SmFzb24gQ29vbWJz?= said:
> Until and unless a person has worked for years as a software engineer, and
> has studied technical details of information security including the creation
> and exploitation of software bugs to force software to do things that
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200706-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
AFAIK this is a very old bug and has been fixed in all modules?
I've tested your vuln against a few installs of phpBB and can't
reproduce it... so seems it's been patched allready?
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0981.html
Regards,
Jeroen
From: [EMAIL P
go fuck yourself
On 6/6/07, Joey Mengele <[EMAIL PROTECTED]> wrote:
> Mr. Moore,
>
> Your expert recon abilities have been established earlier in this
> thread. I will not allow you to trick me into giving up my Georgia
> cable modem address knowing full well that you are armed with the
> la
Hi List,
DenyHosts, Fail2ban and BlockHosts are vulnerable to remote log injection
that can lead to arbitrarily injection of IP addresses in /etc/hosts.deny. To
make it more "interesting", not only IP addresses can be added, but
also the wild card "all", causing it to block the whole Internet out
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: "Jason Coombs" <[EMAIL PROTECTED]>
Date: Wed, 6 Jun 2007 04:13:33
To:[EMAIL PROTECTED]
Cc:[EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: RE: [IACIS-L] Statement by Defense Expert
Dave_on_the_run <[EMAIL PROTECTED]> wrote:
Folks,
This is a quick and dirty release to try and get some feedback on
e-passports.
From the CHANGES:
v0.n:
add CLONE mode to 'unique.py'
make 'mrpkey.py' more intelligent about reading passport contents:
read all data groups
extract image from CBEFF block in EF.DG2
e
The only part I find legally questionable is
the impersonation of Mr. Maynor by someone at
his old company. It certainly appears legal for
his company to read the email. Acting on that
email under the guise of the addressee would
seem to tread pretty close to impersonation.
2 cents ...
On Jun
Dude VanWinkle wrote:
On 6/6/07, Larry Seltzer <[EMAIL PROTECTED]> wrote:
Really? I have gotten benefits and medical communications at my office
addy.
That stuff should be going to your home address, not least for this
reason.
Is should relevant? Is it a violation of HIPAA
Hi Nico,
I agree that there isn't much point in going through with the process
if you already have an open shell. In order to replicate not only
the original vulnerability report but the subsequent behaviour, it
was the only method discovered that even came close. Source code
analysis sh
On 6/6/07, Larry Seltzer <[EMAIL PROTECTED]> wrote:
> >>Really? I have gotten benefits and medical communications at my office
> addy.
>
> That stuff should be going to your home address, not least for this
> reason.
>
Is should relevant? Is it a violation of HIPAA to read these
communications, ev
>>Really? I have gotten benefits and medical communications at my office
addy.
That stuff should be going to your home address, not least for this
reason.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
On Wed, 6 Jun 2007, blah wrote:
> It seems there's a presumption that an employee, when he leaves, still owns
> that email address that the former employeer provided.
Yeah. And if the e-mail in question is [EMAIL PROTECTED], a generic
business contact point, he is perfectly OK to hand it over to
On 6/6/07, Larry Seltzer <[EMAIL PROTECTED]> wrote:
> >>Would you feel the same way if it was a voicemail left on his machine?
> >>What about a postal letter addressed to the person?
>
> To the company phone or address? Yes. Of course. They're company
> property, there for company purposes.
Really
>>Would you feel the same way if it was a voicemail left on his machine?
>>What about a postal letter addressed to the person?
To the company phone or address? Yes. Of course. They're company
property, there for company purposes.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.ew
On 6/6/07, Larry Seltzer <[EMAIL PROTECTED]> wrote:
> Why would this be offensive? It's a company address. Someone might send
> e-mail containing company business to the address.
Would you feel the same way if it was a voicemail left on his machine?
What about a postal letter addressed to the pers
Why would this be offensive? It's a company address. Someone might send
e-mail containing company business to the address.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
_
> It seems there's a presumption that an employee, when he leaves, still owns
> that email address that the former employeer provided. I do not believe
> that's the case, anymore than the ex employee owns the cell phone provided
> by the former employer.
>
> If a call comes into the cell phone of
It seems there's a presumption that an employee, when he leaves, still owns
that email address that the former employeer provided. I do not believe
that's the case, anymore than the ex employee owns the cell phone provided
by the former employer.
If a call comes into the cell phone of the former
Hi,
* Sûnnet Beskerming <[EMAIL PROTECTED]> [2007-06-06 15:19]:
[...]
> ~user(screen) $ echo Once the process is killed, I should not reappear.
> Once the process is killed, I should not reappear.
> ~user(screen) $ ^a+x
> Key: [1234]
> Again: [1234]
> Screen used by User .
> Password:
>
> At this
Cyberspace Law Institute
http://www.cli.org/emailpolicy/ECPA.html
/* BOTTOM LINE LEGALESE */
The special limitations on disclosure of private email, in ECPA,
expressly apply only to those who provide electronic communications
services to the public -- and an internal system provided by an emp
Tim wrote:
This definitely could apply in the case of the ECPA, but could get
dicey, since "ordinary course of business" is ill-defined and I suspect
would require some serious legal wrangling to argue. Does this business
regularly read everyone's email?
In any case, whether they were legally p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0021-2
Published: 2007-05-24
Updated:
21007-06-06 The previously released version of madwifi which fixes this
security issue erroneously did not contain the kernel modules necessary for
madwifi to properly
On 6/6/07, Joey Mengele <[EMAIL PROTECTED]> wrote:
In any event, I have alerted the FBI to your hacking attempt. I do
not wish to become your latest victim of police kidnapping,
choking, and beating.
Woot Woot ..what Hacking attempt ??
Send Bait. Check Log. Pub finding - the recon worked
Tim wrote:
As mentioned multiple times by multiple posters, but apparently eluded
your reading, the recipient's consent:
A) May have never been given
B) May have expired with the employment contracts
C) May not apply at all if the monitoring party was not given
authorization by the comp
Mr. Moore,
Your expert recon abilities have been established earlier in this
thread. I will not allow you to trick me into giving up my Georgia
cable modem address knowing full well that you are armed with the
latest version of the 'preter. Besides, Richard (who stresses the
importance of ima
> Spare me and the list legalities. One it is slightly offtopic then again
> this is fd so I retract.
>
> That entire argument and any thread arising from what is legal and what
> is not is likelier
> to be answered, dissected, studied on a legal forum.
I agree that the subscribers to FD are no
On Wed, 6 Jun 2007, J. Oquendo <[EMAIL PROTECTED]> wrote:
> H D Moore wrote:
>> Hello,
>>
>> Some friends and I were putting together a contact list for the folks
>> attending the Defcon conference this year in Las Vegas. My friend sent out
>> an email, with a large CC list, asking people to
Tim wrote:
Spare you what? If this is somehow off topic, please elaborate.
Spare me and the list legalities. One it is slightly offtopic then again
this is fd so I retract.
That entire argument and any thread arising from what is legal and what
is not is likelier
to be answered, dissec
I'm certainly not a laywer, but the below cases refer to an employer and
employee relationship. That isn't the case here and is likely an important
distinction. You're also assuming that while he was an employee he consented
to monitoring and had no expectation of privacy. While that is generally
This is clearly a forged electronic mail trolling attempt and
attempt at assassinating the character of HD. The real HD Moore
(famous inventor of the Millerpreter and Skapesploit) would not be
so naive/ignorant in a matter like this.
Grow up list, don't feed the trolls.
J
On Wed, 06 Jun 2007
> Spare me and the list...
Spare you what? If this is somehow off topic, please elaborate.
> / * SNIPPED * /
> What about an employer's right to read e-mails as
> they come in? As they hit the inbound server? ...
> If the e-mail is not subject to the consent of
> all parties, and one of the part
Symantec Ghost Multiple Denial of Service Vulnerabilities
iDefense Security Advisory 06.05.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 05, 2007
I. BACKGROUND
Symantec Ghost Solution Suite is an enterprise disk imaging software
that allows administrators to remotely back-up and
Tim wrote:
Why would it be illegal if his former employer accessed his email using
this method. The information going to their network is considered their
property and they could do as they see fit.
This is a poor assumption. See the Wiretap Act and the Electronic
Communications Privacy A
> Why would it be illegal if his former employer accessed his email using
> this method. The information going to their network is considered their
> property and they could do as they see fit.
This is a poor assumption. See the Wiretap Act and the Electronic
Communications Privacy Act. Of cours
H D Moore wrote:
Hello,
Some friends and I were putting together a contact list for the folks
attending the Defcon conference this year in Las Vegas. My friend sent
out an email, with a large CC list, asking people to respond if they
planned on attending. The email was addressed to quite a fe
This surprises you? You and everyone else at this point should know all
these "security" companies that have been spawned the last few years are all
fucking scumbags, who would sell their own mothers organs after a shot to
the head for a coupon to get a free ice cream sundae. They are soulless
mon
*IANAL*
> Is this illegal? I could see reading email addressed to him being within
> the bounds of the law, but it seems like trying to download the "0day"
> link crosses the line.
It might be. The ECPA prohibits this kind of behavior unless one of
several exceptions applies. Typically, empl
Hello,
Some friends and I were putting together a contact list for the folks
attending the Defcon conference this year in Las Vegas. My friend sent
out an email, with a large CC list, asking people to respond if they
planned on attending. The email was addressed to quite a few people, with
one
CSIS Security Group has discovered an "Integer division by zero" flaw in
the GDI+
component in Windows XP. This condition are activated when a malformed
ICO file
are viewed through either Windows Explorer or other components like
"Windows
Picture and Fax Viewer".
The consequence of this flaw is a
str0ke took down the forum. If you want forums like his try www.ryan1918.comor
www.h4cky0u.org.
On 6/5/07, Mark Sec <[EMAIL PROTECTED]> wrote:
does any1 know what's wrong with milw0rm forums?
i can't find the http://forums.milw0rm.com login page, repair?
- mark
Hi all
This is zeroknock. I feel pleased to announce that
project CERA is up again. There are some subtle problem
occurred previously.
CERA : Cutting Edge Research Analysis is project of
SecNiche : Dwelling Security.
The Sec Niche which will be up very soon which holds my work.
The
After fiddling around with different signal codes and looking at the
process shown by Paul, it looks like we can replicate this bypass on
other systems now. Tested and working on OS X 10.4.9 (screen
4.00.03). By following the slightly modified procedure, it should be
repeatable across all
You know there are plenty of people wanting to fill the
shoes(finally,huh)of the sec researcher...poor souls.
To guide them along the right path(I know I am going to catch Hell for
this,)there is a new forum.
Be easy on newbies,you were there once!!!Or twice!!!
Seriously,new posts are welcome.
h
On 04/06/07, Johnny Storm <[EMAIL PROTECTED]> wrote:
> Basic Analysis and Security Engine (BASE)
> (http://base.secureideas.net/)
>
>
> One more security product with lame bugs...
>
> Let's look at Kevin's authentication code,
> for example in base_main.php (all pages vulnerable):
>
> [...]
> 64
55 matches
Mail list logo