*Why should technology be the final tier to be fully implemented in a
security program?*
**
I am thinking in terms of the Digital Liability Management model:
http://daemonic.wordpress.com/2006/04/26/it-security/
___
Full-Disclosure - We believe in it.
Cha
Hello,
Just try this :
- go to this page with GranParadiso
http://video.music.yahoo.com/up/music/music/?
rn=1301797&vid=45557508&stationId=&curl=http%3A%2F%2Fmusic.yahoo.com%
2Fmusicvideos
Wait that the video is starting and you begin hearing sound.
Now just close the tab you have opened, yo
On 10/11/07, Ray P <[EMAIL PROTECTED]> wrote:
>
> There is a good reason. There are two types of copyrights in the US:
> implicit and registered. For a long time now, a work receives an implicit
> copyright at the instant it is created. If someone violates an implicit
> copyright, the owner's only
On 10/11/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> The problem is that it's *really* hard to write the disclaimer with a
> copyright
> attached to it. The tricky part is to figure out how to make it *legal*
> to
> cite the text in a reply - how would you phrase your copyright statement
part b can be said about your email also
On 10/11/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> On Wed, 10 Oct 2007 19:41:30 BST, worried security said:
>
> > Even the government goto jail sometimes...
> >
> > Kiefer Sutherland, the star of hit TV show '24′ has been given 48 days
> in
> >
There is a good reason. There are two types of copyrights in the US: implicit
and registered. For a long time now, a work receives an implicit copyright at
the instant it is created. If someone violates an implicit copyright, the
owner's only legal recourse is to go to court and get an order to
My employer does this, but I think its easier to fool users, say we craft a
website say which again asks for username/password & most users will blindly
give away their credentials thinking it as a new session..
On 10/11/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> Not to step in to the mi
Security in depth is a tactic, not a process or definition. And it works
for what it's designed to, which is the same thing most security solutions
are designed to. That is, they raise the bar of entry. Ideally, it makes
it hard to find the one-kink in the armor to bring it all down and makes th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
there's a tikiwiki (tikiwiki.org) remote code execution exploit in the
wild, targetting v.1.9.8 and earlier. This vulnerability is being
exploited by multiple hosts (likely a botnet) using multiple payload
websites since at least Tue 08:00 PM UT
pdp (architect) wrote:
> Thor, with no disrespect but you are wrong. Security in depth does not
> work and I am not planning to support my argument in any way. This is
> just my personal humble opinion. I've seen only failure of the
> principles you mentioned. Security in depth works only in a perf
"..I am not planning to support my argument in any way.."
That's a shame.
If you can prove your hypothesis, it lends credibility to your claims.
A refusal to do so only weakens your position.
As others have pointed out, your attack only works if security in depth has
been blatantly, intentionally
rPath Security Advisory: 2007-0214-1
Published: 2007-10-11
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local Information Exposure
Updated Versions:
[EMAIL PROTECTED]:1/8.12-8.10-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1825
Descriptio
Hello,
Just try this :
- go to this page with GranParadiso
http://video.music.yahoo.com/up/music/music/?
rn=1301797&vid=45557508&stationId=&curl=http%3A%2F%2Fmusic.yahoo.com%
2Fmusicvideos
Wait that the video is starting and you begin hearing sound.
Now just close the tab you have opened, yo
##
- S21Sec Advisory -
##
Title: OPAL SIP Protocol Remote Denial of Service
ID: S21SEC-037-en
Severity: Medium - Remote DoS
Histor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SHUT UP VLADIS
On Thu, 11 Oct 2007 14:54:52 -0400 [EMAIL PROTECTED] wrote:
>On Wed, 10 Oct 2007 14:05:28 EDT, [EMAIL PROTECTED]
>said:
>
>> SHUT UP VLADIS IF ANYONE CARED THEY WOULD JUST FREQUENT YOUR
>BLOG
>> GET OFF THIS LIST THIS IS FOR SERIOUS SEC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VLADIS YOU ARE NOT LAWYER! YOU DO NOT EVEN KNOW HOW TO USE
COMPUTER!
SHUT UP VLADIS!
On Thu, 11 Oct 2007 13:56:36 -0400 [EMAIL PROTECTED] wrote:
>On Wed, 10 Oct 2007 22:44:08 PDT, Troy said:
>
>> I'm surprised we don't see more disclaimers with a co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
VLADIS YOU ARE NOT LAWYER!
SHUT UP VLADIS!
On Thu, 11 Oct 2007 13:52:08 -0400 [EMAIL PROTECTED] wrote:
>On Thu, 11 Oct 2007 12:38:02 +1000, Kelly Robinson said:
>
>> specific examples at the moment) I am wondering if Disclaimers
>can be
>> referenced
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Thus "Slythers Bro" <[EMAIL PROTECTED]> spake on Thu, 11 Oct 2007
22:29:30 +0200:
> n3td3v here it's Full Disclosure, not a gay tv serie fan mailing list
didn't know canadians are also homophobic. what a shame.
-BEGIN PGP SIGNATURE-
Versio
n3td3v here it's Full Disclosure, not a gay tv serie fan mailing list
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On Wed, 10 Oct 2007 19:41:30 BST, worried security said:
> Even the government goto jail sometimes...
>
> Kiefer Sutherland, the star of hit TV show '24$B!l(B has been given 48 days
> in
> jail, we can reveal.
Wake us up when you:
a) Figure out the difference between an actor and his role.
Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities
iDefense Security Advisory 10.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 11, 2007
I. BACKGROUND
Free Lossless Audio Codec (FLAC) is a popular file format for audio data
compression. AOL Corp.'s Winamp me
CA BrightStor ARCserve Backup Server Arbitrary Pointer Dereference
Release Date:
October 11, 2007
Date Reported:
June 18, 2007
Severity:
High (Remote Code Execution)
Vendor:
Computer Associates (CA)
Systems Affected:
BrightStor ARCserve Backup 11.5
BrightStor ARCserve Backup 11.1
BrightStor AR
I'd guess that the only disclaimer that carries any weight, and it'll
probably be minimal, is the kind that says something along the lines
of "The person who wrote this email is not an officer of the
organization, and statements contained herein that contradict
organization policy are not enforceab
===
Ubuntu Security Notice USN-529-1 October 11, 2007
tk8.3, tk8.4 vulnerability
CVE-2007-5137
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubu
That may be a possible process/policy in some environments, but probably not
most.
Take education/academic environments for example. We really have to try to
balance competing interests.
For example, the very security and accessibility issues you describe on a macro
scale.
Not to mention other i
On Wed, 10 Oct 2007 14:05:28 EDT, [EMAIL PROTECTED] said:
> SHUT UP VLADIS IF ANYONE CARED THEY WOULD JUST FREQUENT YOUR BLOG
> GET OFF THIS LIST THIS IS FOR SERIOUS SECURITY MATTERS ONLY
You seem a tad confused regarding the use of the "reply" button, since:
> On Wed, 10 Oct 2007 07:14:32 -0400
gboyce, cheers... nice example! although I had something else in mind.
maybe I shouldn't have used the term "security in depth" since your
version differs a bit from mine. I guess different semantics. but yes,
i agree that systems, processes, data, etc needs to be separated and
blended into a balan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup
Multiple Vulnerabilities
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon Bald
Even the government goto jail sometimes...
Kiefer Sutherland, the star of hit TV show '24′ has been given 48 days in
jail, we can reveal.
According to the New York Daily news, Kiefer , who's known for his
prominent role as 'Jack Bauer' in the hit TV series must serve 18 days
starting Dec. 21 to
BreakingPoint Systems is making available the details we have
discovered from October's Microsoft Tuesday patches. We have released
details on what we've discovered so far to our Strike Center blog:
https://strikecenter.bpointsys.com/articles/2007/10/10/october-2007-
microsoft-tuesday
We app
On Wed, 10 Oct 2007 22:44:08 PDT, Troy said:
> I'm surprised we don't see more disclaimers with a copyright statement in
> them. I would think that using copyright law as an argument against
> unauthorized distribution of an email would stand a better chance in court
> than a non-binding disclaime
On Thu, 11 Oct 2007 12:38:02 +1000, Kelly Robinson said:
> specific examples at the moment) I am wondering if Disclaimers can be
> referenced in a courtroom in a client's defence and if not, is it specificly
There is one place that the "This message may contain privileged information"
variety of
Well, what is your definition of "Security in Depth"?
On Thu, 11 Oct 2007, pdp (architect) wrote:
> gboyce, cheers... nice example! although I had something else in mind.
> maybe I shouldn't have used the term "security in depth" since your
> version differs a bit from mine. I guess different sem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
None of you are lawyers.
SHUT UP VLADIS.
On Thu, 11 Oct 2007 01:44:08 -0400 Troy <[EMAIL PROTECTED]> wrote:
>On 10/10/07, Ray P <[EMAIL PROTECTED]> wrote:
>>
>> Would the _intended_ recipient have a case against the sender
>for
>> contractual failure
> Not to step in to the middle of this, but I once worked for an employer
with what I
> considered the best way of stopping attacks cold: a proxy server that
prompted you for your
> credentials when you went to an external web site and gp settings that
disabled the ability
> to save your usernam
At the risk of going off topic - this kind of approach makes end users to get
really used to entering their username and password in the web browser. Guess
what happens when a (possibly malicious) website asks for credentials (using
basic auth/whatever)?
These kind of solutions not only limit u
Dear All,
Hi everyone. This is Jonathan from the SWI team in the MSRC. Weve just
released
Security Advisory 943521 regarding a vulnerability affecting Windows Server
2003 and
Windows XP with Internet Explorer 7 installed. As you have probably noted
theres
been a fair amount of discussi
On Thu, 11 Oct 2007, pdp (architect) wrote:
> Thor, with no disrespect but you are wrong. Security in depth does not
> work and I am not planning to support my argument in any way. This is
> just my personal humble opinion. I've seen only failure of the
> principles you mentioned. Security in dept
Not to step in to the middle of this, but I once worked for an employer with
what I considered the best way of stopping attacks cold: a proxy server that
prompted you for your credentials when you went to an external web site and gp
settings that disabled the ability to save your username/passwo
Microsoft acknowledged that it was "their" problem all along:
Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows
Internet Explorer 7 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/943521.ms
Thor, with no disrespect but you are wrong. Security in depth does not
work and I am not planning to support my argument in any way. This is
just my personal humble opinion. I've seen only failure of the
principles you mentioned. Security in depth works only in a perfect
world. The truth is that yo
It is important to note that you can block this though a setting in the
Terminal Sevices Configuration admin tool. There is a setting to not allow
initial programs to be launch or to always launch a specific program. This
will always override any program specified by the client. You can also
config
Dear all,
I just released version 0.2 of SIPVicious tool suite at:
http://sipvicious.googlecode.com/files/sipvicious-0.2.tar.gz
or http://tinyurl.com/3xu5z9
Put up a screencast of the tools in action at:
http://tinyurl.com/3yq8k7
What is SIPVicious tool suite?
Consists of 4 tools:
* svmap
hi full-disclosure,
CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability
by cocoruder of Fortinet Security Research Team
http://ruder.cdut.net
Summary:
A remote stack overflow vulnerability exist in the RPC interface of CA
BrightStor ARCServe BackUp. An arbitr
44 matches
Mail list logo