Michael, thank you for the explanation. And thank you everyone for the
thoughts. Appreciate it. My apologies if I get on the nerves of people with
my dumb question :-) .
Now after further reading, I am now educated of how bad software use holes
in apps like browser and the plugins to do bad stuff
Steve really needs to ask himself, if all his pop does is run Firefox
and email, why he's running Windows on that machine at all? Not safer
per se, but a less meaty target. Still needs a nightly auto-update, though.
Also, (hi, John) filtering egress is pretty well moot on $home_router,
most connec
Seriously? This is some home user who has nary a clue about how to use
Automatic Updates...and you want to teach him about egress filtering?
I'd rather hear about n3td3v or whatever the fuck his name is.
> - Original Message -
> From: "john s"
> To: "G. D. Fuego"
> Cc: "full-disclosur
Bullshit.
Screw NAT, screw routers, screw bots.
The *FIRST* thing Steve should be doing is patching his computer. There is
absolutely no freaking excuse for having an unpatched or halfway patched
computer running Windows whatever. Microsoft has made Windows Update
idiotproof...to the point w
It works for smf 2.0 rc1.2 too
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
In Simple Machine Forum application version 1.1.10,
everybody can see some PHP files as like as index.php by any browsers
just added "~" symbol to end of filename.
examples:
http://vulnsite.com/path_of_SMF/index.php~
http://vulnsite.com/path_of_SMF/ssi_examples.php~
http://vulnsite.com/path_of_SMF/
Therefore, some onions must be ogres.
On Tue, Sep 22, 2009 at 3:22 PM, Dave wrote:
> Layers. Onions have layers. Ogres have layers. Security should have layers.
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclo
Hello Tõnu!
I'm glad that you liked my article (and advisories) about Cross-Site
Scripting attacks via redirectors.
You can read my next article on English - Redirectors: the phantom menace
(http://websecurity.com.ua/3495/).
> And do not forget, this is feature, not bug :P
First, vulnerability
Layers. Onions have layers. Ogres have layers. Security should have layers.
On Tue, Sep 22, 2009 at 3:11 PM, Abhijeet Jain
wrote:
> Myth No. 2- Using Firefox does not make you safe! In fact, IE 7/8 is the
> safest browser when used with Windows Vista because it runs on lower
> privileges.
>
> On
Hi Steve,
I hope you haven't caused a storm with aggressive mails here^^
This maillinglist is more about now detected holes in soft- and hardware...
First, you certainly mean not a normal router (which is on most cases 100%
transparent in both directions), but a NAT-router.
What the NAT blocks (
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:243
http://www.mandriva.com/security/
Debian/Ubuntu latest with updates...
(gdb) shell cat bof.c
#include
#include
int main(int argc, char *argv[])
{
if(argc < 2) return 0;
char buf[128];
strcpy(buf, argv[1]);
return 0;
}
(gdb) r `perl -e 'print "BABA" x 74'`
Starting program: /home/rife/bof `perl -e 'print "BABA" x 74'`
Progr
CALL FOR PAPERS - Hackers 2 Hackers Conference 6th edition
The call for papers for H2HC 6th edition is now open. H2HC is a hacker
conference \
taking place in Sao Paulo, Brazil, from 28 to 29 November 2009.
[ - Introduction - ]
For the sixth consecutive year and past success we have been havin
On Tue, Sep 22, 2009 at 4:09 PM, G. D. Fuego wrote:
>
> On Sep 22, 2009, at 3:18 PM, john s wrote:
>
>> On Tue, Sep 22, 2009 at 2:01 PM, G. D. Fuego wrote:
>>>
>>> On Sep 22, 2009, at 2:29 PM, Steven Anders wrote:
I have always thought that having a computer behind the router
(si
You could run IP against spam bl's, ISC lookup, dronebl, proxybl for flagging.
-Travis
On Tue, Sep 22, 2009 at 2:36 PM, Steven Anders wrote:
> Thanks Andrew for the suggestion.
> Yes, it does make sense to do all the checks you described. These days, as
> manual process, we just make a phone cal
On Sep 22, 2009, at 3:18 PM, john s wrote:
> On Tue, Sep 22, 2009 at 2:01 PM, G. D. Fuego
> wrote:
>>
>> On Sep 22, 2009, at 2:29 PM, Steven Anders
>> wrote:
>>>
>>> I have always thought that having a computer behind the router
>>> (since router has firewall) is generally safe, but I woul
> I have a dumb question: Is a Windows box
> behind a router safe ?
No.
> It is my father's PC and the Windows OS was not updated regularly.
Why not? Is he incapable of clicking on an OK button? With Automatic
Updates, there is absolutely no excuse to NOT be fully updated. Don't
give me t
Yeah, but the original poster made it clear that the box was running
Windows XP Service Pack 2, so both your comments are largely irrelevant. :)
--Rohit Patnaik
yersinia wrote:
> On Tue, Sep 22, 2009 at 9:11 PM, Abhijeet Jain
> mailto:abhijeet.ecsta...@gmail.com>> wrote:
>
> Myth No. 2- Usi
No, I would not consider your father's box to be safe. There are enough
drive-by-download attacks and e-mail scams to make infection a very real
possibility even if the automated worm route is blocked by a NAT
router. However, if you installed SP2 with default settings, it
probably enabled th
On Tue, Sep 22, 2009 at 15:29, Steven Anders wrote:
> 2. If a Windows box is behind a router, could a botnet be installed to it ?
> Assuming, the end user does not install/download any applications from the
> Internet and always use Firefox.
USB sticks are easy to infect
___
Abhijeet Jain wrote:
> Myth No. 2- Using Firefox does not make you safe! In fact, IE 7/8 is the
> safest browser when used with Windows Vista because it runs on lower
> privileges.
>
But if not patching windows, then they are also not patching IE.
Firefox has updates also.
That router may also
Pretty much all it's going to take is one exploit delivered through
email (link, pdf, etc.) and the box is owned.
Botnet clients work by connecting outward (phoning home) so the
firewall & router won't do anything for illicit outgoing traffic
unless you set up egress filtering to catch it.
I woul
On Tue, Sep 22, 2009 at 9:11 PM, Abhijeet Jain
wrote:
> Myth No. 2- Using Firefox does not make you safe! In fact, IE 7/8 is the
> safest browser when used with Windows Vista because it runs on lower
> privileges.
>
> Not on Linux(Fedora) with Selinux Enabled, better if you run with the
guest_u se
On Tue, 22 Sep 2009 11:29:20 -0700, Steven Anders
wrote:
> I received great responses and am very grateful to the help from
community
> of this list. Thank you.
>
>
> I have a dumb question: Is a Windows box behind a router safe ?
>
> It is my father's PC and the Windows OS was not updated reg
On Tue, Sep 22, 2009 at 2:01 PM, G. D. Fuego wrote:
>
> On Sep 22, 2009, at 2:29 PM, Steven Anders wrote:
>>
>> I have always thought that having a computer behind the router
>> (since router has firewall) is generally safe, but I would love to
>> hear insights or thoughts.
>
> Nope. A firewall
On Tue, 22 Sep 2009 11:29:20 PDT, Steven Anders said:
> I have always thought that having a computer behind the router (since router
> has firewall) is generally safe, but I would love to hear insights or
> thoughts.
In general, that's true. Most of the current popular infection vectors are
conn
Myth No. 2- Using Firefox does not make you safe! In fact, IE 7/8 is the
safest browser when used with Windows Vista because it runs on lower
privileges.
On Tue, Sep 22, 2009 at 1:57 PM, Kos wrote:
> Ancompuger behind a router/firewall does not make it safe.
> Vulnerabilities and exploits are no
On Sep 22, 2009, at 2:29 PM, Steven Anders wrote:
>
> 1. There are many exploits and vulnerabilities of Windows, but I
> was wondering if outdated Windows box behind router generally
> safe ? Since, the Windows box was not updated with the latest
> updates.
>
> I have always thought that
Ancompuger behind a router/firewall does not make it safe.
Vulnerabilities and exploits are not limited to a network level, which
is generally what a firewall is used for. Vulnerabilities sent via any
protocol used (http, imap, pop, other protocols that may be in use)
are not suddenly secur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:242-1
http://www.mandriva.com/security/
Thanks Andrew for the suggestion.
Yes, it does make sense to do all the checks you described. These days, as
manual process, we just make a phone call and do a follow-up email.
We ask for a copy of the credit card to be faxed and a proof of ID. Many
times the fraudsters do a reply with very "bad En
I received great responses and am very grateful to the help from community
of this list. Thank you.
I have a dumb question: Is a Windows box behind a router safe ?
It is my father's PC and the Windows OS was not updated regularly. The
Windows box was connected through wire (RJ45) to the router.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:242
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:241
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:240
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:239
http://www.mandriva.com/security/
Steven Anders wrote:
> Hi everyone,
>
> I work as an engineer at an online company that sells online
> subscription service for online tool. We accept orders online using
> credit cards numbers and we use Authorize.net to process credit card
> payments.
>
> Our standard operating procedure for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1891-1 secur...@debian.org
http://www.debian.org/security/ Steffen Joeris
September 22, 2009
Ummm have you ever heard of a botnet?
Steven Anders wrote:
> Hi everyone,
>
> I work as an engineer at an online company that sells online
> subscription service for online tool. We accept orders online using
> credit cards numbers and we use Authorize.net to process credit card
> payment
39 matches
Mail list logo