>
> Hows about instead of moderation, we try vote-kicking?
I support this one, but who decides how many votes are
sufficent to get someone kicked ? And what about the
Votes that can be automated ?
I bet someone will create a huge farm for voting
Whenever there is any voting all the results wi
> Why not do a self-regulating list? Something along the lines
> of keeping
> track of signup dates and IP addresses, then when a yahoo starts
> spouting crap, put it to a vote on list. (only members older then xyz
> date have a vote) If the list's wish is to have the user
> banned, then so
>
> No offense intended directly to the OP:
>
> Honestly, who gives a shit. Is this what this list is to be used for
> these days? Are there no better OT forums, channels, cups w/string
> that can be reserved for this type of chatter?
For this kind of posts we have a mailing list :
Fun and Misc
Heck they even block WinPcap_3_1.exe the network drivers that are
Used by many programs And these are just the drivers.
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
__
>
> > That is a "help and support account" that you should disable.
> > Also set very long random password and forget it.
> I prefer simply delete it. Good choice?
>
> But I heard a rumours that this account can be activated remotely
> without user's aware decision and used for Remote Assistance
> How about one-time passwords? Just go ahead and *let* them
> keylog it all
> they like; by the time they've snarfed a pw, it's no use any
> more. (See S/Key for more details.)
Please no one time passwords: they are a nightmare to manage
_
> I'm looking for input on what you all believe the most common
> keystroke loggers are.
http://keylogger.org/ claims to be an independent testing site
for all keyloggers, but they have all the old versions of the
Keylogger.
You can use this site as starting point for your search.
Visit the
> Hi list, I've been a firm advocate of Sygate Pro for some
> time but as Symantec
> has bought and canned it I'm wondering what you guys would
> recommend as a
> replacement.
Tiny Firewall 2005 works for both 64 and 32 bit machines
And is good - I have been using in since version 2.1.5
And no
>
> > Why cant you use google to find out this ?
>
> The same reason you can't use Google and find your answer fuckbag.
Are you n3td3v ?
>
> > *In the para 4*
> > "Protecting whistleblowers is an essential component of an ethical
> > and open work environment."
>
> No mention of an anon emai
See below marc email part
>> Aditya Deshmukh [EMAIL PROTECTED] wrote:
>>
>>If you read the last line in para 6 you will find that anon
>> mailbox is
>> a requirement for SOX compliance.
>>
>> >And mailbox was ment for email Michael :)
>>
> Seeing how my question was ignored. I will tell you the answer.
>
> There is no requirement in SOX to do this.
Why cant you use google to find out this ?
---
http://www.nonprofitrisk.org/nwsltr/archive/employprac091005-p.htm
*In
> I has wondered the meaning of "support_388945a0" too,
> but not the meaning of the account, but the meaning of "388945a0".
>
> As you may know, it can be interpreted as 4 Bytes hexadecimal
> number...
It's a randomly generated number that generated for this
account name
___
> Hello full-disclosurers,
>
> Does anyone know anything interesting about Support_388945a0 account
> which is created by default during Windows XP/2003 installation?
>
> I have seen MS technet links, maybe someone knows more about?
That is a "help and support account" that you should disable.
How do I create a totally anon mailbox as required by the sox ?
How are you doing this in your site ?
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_
this does not work on win2k sp4
srp5
Not sure if you guys are aware of this issue windows
XP...!!
create an folder on deskop and name it as "notepad".
open internet explorer > go to view > source code > this will
open the contents of notepad folder!!
> > > create an folder on deskop and name it as "notepad".
> > > open internet explorer > go to view > source code > this
> will open the
> > > contents of notepad folder!!
> > Even better: rename any exe to notepad.exe ;)
>
> Is this IE being so stupid as to run with a CWD of Desktop
> an
> I hope the turkey returns... we need more useless local root
> exploits...
Which can run only when you are root ;)
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_
Sorry for the top post
If you are going to do something like this then RSA cards are the best
specially securid
It can be implemented almost out of the box and it has great lib support
also.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Was doing some testing [xfocus-AD-051115]
Ie Multiple antivirus failed to scan
malicous filename bypass vulnerability
The system is windows 2000 sp4 srp5 with
all other patches upto date.
At the command prompt cmd.exe execute
the following with the results.
I copy and paste from cmd.exe
-
> axo> Demonstration here:
> axo> Choose a malicious file which would be detected, such as nc.exe,
> axo> rename the file as nc??.exe (?? =Hex C0 D7 BA DC)
> axo> Because these special names are unable directly to input, so if you
> axo> want to run these file, you should use the followin
>
> > Could you please stop mailing your Bug-Fix-Reports aka "Package xyz
> > updated" to the Full*-Mailinglist?
>
> I don't find those mailings objectionable. I think this is an
> appropriate forum.
These mailings are not objectionable but when they have their own
Mail list so why send a copy
> Offtopic: Is the 64bit version of Windows XP
> worth getting? My gf just bought a new Compaq
> with a 64bit Turion in it, and it came with the
> regular XP Home. She's debating whether or not
> to buy the 64bit version, and I'm of no help
> since I don't really use Windows on any of my
> ma
> EMINEM LYRICS
Isn't this a bit over the top ? May I suggest we unsubscribe
this guy or atleast put him on the moderated list ?
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
> Blocking Skype Using Squid and OpenBSD
Hey I cant wait to try out this one - this is really intresting one.
Very informative writeup. Thanks rootn0de
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.c
> ideas for other good bug lists besides full disclosure?
VulnWatch: vulnerability disclosure list
http://www.vulnwatch.org/
This one is good. There is a discuss list also that you might want to
subscribe...
___
Full-Disclosure - We
> If the term "future law suits for copyright infringement"
> pops into your head, you wouldn't be alone.
Would you give them any real info ?
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
__
> > Thanks in advance if you can send in .txt format
>
> No need - you can download most of it off the Spamcop web site then
> write a trivial wrapper.
>
trivial wrapper! No it is not. There is some java script in that
form which is stopping the mail reports from being send out, to the
Admins,
> Has anyone got a automated spamcop reporting script?
>
>
> Thanks in advance if you can send in .txt format
> preferably offlist.
I hit the send before I could explain what I wanted to do...
I have a spamcop account - and I managed to get the spamcop
Url with the reportID to a file using fet
Has anyone got a automated spamcop reporting script?
Thanks in advance if you can send in .txt format
preferably offlist.
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
__
> > > Yes
> > Note to list admins -- add filtering rule to reject messages with
> > Subject: lines matching "*Digest, Vol*"...
>
> Nick, hi... why would you want to filter out the digests? will this
> eliminate digests from my subscriptioin?
He is saying to filter the replies to the digest that
> something else that's different between your two setups?
This I would agree, would you both be helpful to send the .dmp file
Or aleast windbg.exe output ?
Delivered using the Free Personal Edition of Mailtraq (www.mai
> views?
Only on 2 of them
> --
> AES
I would put my money on this one because this is a std. does all the
encryption very fast and can be extended as per the security requirments:
you want more security than 128 bit you can have 192, you want more you can
go to virtually any number AES2
> I have a perl script I'd like to release(GPL), but I don't really know
> how to describe it.
Don't do anything - just release the source code and let others
decide what it is :)
If your audience a bit buiness minded who like good words
then it is an auditting tool for sure.
__
I have been seeing this in my logs over all the public smtp server, from
all over the net.
Anyone know what sends these kinds of helo ?
*please* when responding to this mail trim out anything below this --
124 09/10/2005 09:54:35 HELO -1209283632 ---> 250 my.smtp.domain.server
125 09/1
> Doug,
> I know you asked for a reply concerning "multi-vendor IM clients", but, I
> have to ask "WHAT ABOUT SECURITY"!!
Trillian is pretty good
> I fight daily with pesky spam, maleware, viruses, and back-doors. Every
> computer I clean has some type of IM client or a residual of one inclu
> Sorry for the very noob question, but I'm having very hard times finding
such products.
What are you going to use that product for. Give us a idea of the end users
and how they are going to use this Your details right now are bit on the
less side.
For what I make out of your post are your l
>
> I myself use this method to open up the SSH port for a particular IP
> address. When you try to open a particular URL on my website,
> you get a 404
> because that document doesn't exist. The webserver logs this.
> A script in
> the background sees in the log that this happened, and opens
> As for people committing suicide, I believe those who did commit suicide
> actually were in possession with intent. If not why commit suicide. I
> would have fought tooth and nail.
I hate to say this but with these kinds of cases where the media crucify the
accused even before they are convicted
> I have one user who keeps getting cyrilic spam, but I cant find a rule
> anywhere.
> Is anyone else getting this kind of spam??
Welcome to the club of cyrilic spam recipects, we have many existing members
The rule that you want to create is this
If the message body or header contains "Windows
> FYI,
>
> I've had the site www.ok-ok.biz disabled by the ISP, at least
> it will deny the
> perps the ability to find out who has been compromised. The
> molecularmultimedia
> site is obvioulsy just a front, will see what can be done about this.
The site was found after 2 different attempts here
> say... a backdoor want to communicate to its server... It can do
> is, use a trusted internal application to do the job. Suppose; it
> creates a batch file run the batch file (evil.bat) & executes this
> command
this has been going on for years - there are some trojans that create
An invi
Recently 2 days ago I saw this in a compromised system.
Both this file and cpshost.dll were deleted from C:\InetPub\scripts
This file was recovered but I was unable to recover cpshost.dll
Anyone know what is this ?
<% Response.Buffer = TRUE %>
Version=1.5
<%
PathTo
> Not if the U.S security services decide to have a "war on
> cyber terror sites".
>
>
> On 9/27/05, str0ke <[EMAIL PROTECTED]> wrote:
> > KF is right on the dot. There will always be a defacement site.
> >
Where is this going ? By your (netdev's) logic: we should shut down all the
defacement si
> SUICIDE bombers...typically DEAD. Tough to solicit videos from
> them, and rather pointless to keep a top ten list as
> they...well...can't exactly do it again.
Now the real entertainment begins
Delivered using the Free
> -Original Message-
> From: [EMAIL PROTECTED]
Maybe you should send this to [EMAIL PROTECTED]
More info at
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Many of the people at this list are subscribed over
at funsec...
smime.p7s
Description: S/MIME cryptographic signature
[EMAIL PROTECTED] Wrote :
> IPSEC has nothing to do with PGP. Also there is really no such thing
> as a PGP key. PGP uses what ever key scheme you ask it to use. IPSEC
> is the same way. Both use keys, but are not themselves key standards.
>
> OpenVPN similarly can use what ever key scheme
> > What alternatives are there to pgpnet ?
>
> Have a look at OpenVPN.
Thanks Martijn, but isn`t that a SSL vpn ? And from what I
have read about PGPnet I need a IPSEC VPN that uses
PGP keys to do the auth.
I know for ipsec VPNs I could use the winxp's builtin
But that would require moving a
I have a client who was using pgp corporate desktop on win2k for VPN,
security and email encryption. ( it has a built in disk encryption,
firewall, email encryption and vpn with very good key management ) security
was something that happened almost automatically.
Now they are planning to move to
> > (on system you want to copy)
> > dd if=/dev/hda | nc otherhost 5000
>
> If you are running bash, then you do not even need netcat:
>
> dd if=/dev/hda > /dev/tcp/otherhost/5000
This is interesting. Which version of bash are you using ?
I havent found it in my man page!
_
> > (on system you want to copy)
> > dd if=/dev/hda | nc otherhost 5000
> >
> > (on your lappy or whatever)
> > nc -l -p 5000 | dd of=./blah
>
> That's a cool way to do it! We always use ssh pipes but the crypto
> overhead is sometimes unnecessarily slow. A great piece of *nixfoo.
>
I have b
> > Another address they use is [EMAIL PROTECTED]
> > (noticed aol abuse about this, but I guess that's /dev/null)
>
> I'm going to start putting both those addresses into all
> the unsubscribe
> links I get in all my spam... >:->
>
This might be someones' 0wned email address.
_
>
> Hey,
> Anyone ever notice Windows Media Player trying to connect to
> the Department
> of Homeland Security? See the attachment I captured.
Yes and it is not only the wmplayer.exe there is another
Setup_wm.exe also trying to connect after some time.
Since you have sygate just block them of
One of domains is getting a *very* high number of 419 spams from an address
delegated to multilinks.com.
Where do I send the spam reports ? I have already send everything to
spamcop.net but that has not stopped anything yet
___
Please
keep this off list - no place for politics over here
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sp
> Is there a best practice for assign a router name ?
> e.g.: router type + city + room.id and > so on
> Wich method is usually used to assign a router name ?
Think of social engg. Put in some name that would not
thing that is not so simple to guess because if someone
manages to figure out how th
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Bernardo Martín
> Sent: Tuesday, August 30, 2005 1:11 PM
> To: Full Disclosure
> Subject: RE: [Full-disclosure] RE: Example firewall script (iptables)
>
> In my first email i requested about bad exam
> Personally, I'm very afraid of the power that Google is gaining . I
> mean, most searches are done through google, so they know what you're
> interested in, then a lot of peoples email's going through them, with
> gmail, now italk . next is world domination?
Why do you have to use gmail
>
> I forget the name of a tool that can be used to intercept TCP
> packet and allow you to modify the packet before it was
> sent out.
Netcat ?
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
> has anyone else received this?
Everyone gets them by dozens
> Subject: [SPAM] - TREAT AS URGENT - Bayesian Filter detected spam
Maybe you should look at the subject once again :)
Delivered using the Free Personal Edition
> root:OM0PNa4I9RlNk:0:3:gecos:/home/root:/sbin/sh
If you have this level of access why don't you just change
The password ?
To obtain this password if it was easy one it should take
2 days at the most or you will be looking for a 2 month
hammering on the password without knowing for sure that
> I myself have an agent with a few basic O/S rules like :
>
> - No application may write other applications memory space
> - No application may inject code into other programs
> (dll hooks and such)
> - No application may access system functions from code
> executing in data or stack space
>
> thinking security-minded people always backed up their hdds daily :D
Backups are for hobos - we prefer rsync over ssh :)
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_
netstat gives me the following results
inetinfo.exe LISTENING on port 80
if I am not mistaken this is the internet father
process present in all the windows systems
Paul Schmehl wrote:
>> Is there a compelling reason for posting this pissing contest to the
list?
>Yes, there is, Paul. But you weren't paying attention, as usual.
I have created a mailing list to discuss this case of injustice
List address
[EMAIL PROTECTED] or
[EMAIL PROTECTED]
Subscribe addres
> Very hard to say without having a sample or knowing what service your
server
> performs. svchost.exe is a valid Windows process and also commonly used
> by/with many many malware.
Care to send a sample ?
Delivered using
> > Very good points, but can you think of another worm that
> downloaded XXX
> > spyware/adware ?
>
> I can't give you a specific name -- when I first saw it it didn't
> strike me as any more significant than the warez and porn FTP servers
> I'd seen years earlier, so didn't make specific note of
>
> Morning Wood wrote:
> >> Does it install child pornographic malware
> > wtf would you ask that anyway?
>
> Because people are being prosecuted for possession of child pornography
> based on what is found on their hard drives and in their IE history, and
> most of these people are being convic
> On 8/14/05, Aditya Deshmukh
> <[EMAIL PROTECTED]> wrote:
> > I would like to know is there some imap exploit floating about ?
>
> Even if there was, who would still be using unencrypted protocols ?
I thing there would be plenty of legacy systems out there which would d
My personal logs for imap scan for last 3 days -
11/08/2005 10:47:29 IMAP: (Accept) Receiving from 218.47.179.77
11/08/2005 10:48:00 IMAP: (Accept) Receiving from 218.47.179.77
12/08/2005 10:31:06 IMAP: (Accept) Receiving from 220.224.38.222
12/08/2005 14:00:34 IMAP: (Accept) Receiving from 61.15
> stopped opening any attachments they get that they don't know who they are
> form and so on. As we all know the end user is the z factor in the whole
> situation of choosing a good security product.
Norton is pretty good enough but I have installed clamav on winxp machines
It has a outlook plug
> whitehat* shite ..., so please be so kind as to have a cup of shut the
> fuck up.
I second it please discuss this offlist and don't put me or the list on CC
begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$'
M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# [EMAIL
> > [EMAIL PROTECTED]:~$
> > who runs the site?
> > I want access
>
> You need to hack into it, obviously.
Wont have to hack just type your password and you are inside - now was that
difficult... ?
begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$
> Today I realized that many "secured" web sites reference their secure
> login page from an insecure page.
Now a days most of the secure WebPages have both the forms and the login
Page ref'ed
See hotmail & yahoo and for insecure pages that you described man in
The middle attacks are a
> Aditya Deshmukh wrote:
>
> > I need some advice about allowing plaxo running on my
> internal network.
> >
> > Shoud I allow it or ban it ?
>
> Default deny.
Yes that's my kind of thinking!
>
> If you need to ask, there is clearly _no_ need t
I need some advice about allowing plaxo running on my internal network.
Shoud I allow it or ban it ?
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
__
> http://www.pokersverige.se/IMAGE0004.php
.exe file of some kind using only the headers will
have to download it and test in some vmware machine to
debug it - anyone volunteer for that task ?
begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$'
M`0``H(
> No that wouldn't happen. You'd need to spell it correctly. ;-}
And this has been used by some malious site some time in the recent past
Something along the lines of [somedomain].com.net and when .com went offline
Everyone was directed to .com.net and got infected with spyware so it
better to
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of C0BR4
> Sent: Monday, August 08, 2005 11:05 AM
> To: [EMAIL PROTECTED]
> Subject: [Full-disclosure] perfect security architecture (network)
> How should we deal with these attacks? People talk about
>
Title: Recall: Arcor Customer P/W SAP App
Once an arrow is
fired it cannot be called back just like a words that come out of the mouth
cannot be called back
- Some
wise man
Sorry
chap but not everyone uses exchange out there from where you can recall this
email but you did manage
The only most secure protection is a one time password with a challenge /
response scheme. Most of the banks in europe already do this.
They give out a calculator like device to the customers and when u want to
login you are presented with a challenge that you punch into you device
which spits a r
> > proximity of mouse cursor on every mouse click? It's not that
> > resource consuming, and easy to arrange.
>
> You'd need to squeeze in some OCR code as well, or figure it out
> manually (or maybe use the same techniques as for getting around
> "captchas").
Another simple method capture the s
>
> i am sure cisco would love to sue someone over this.
Or maybe just maybe someone would want to do that to cisco !
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_
files whatever the case spelled
out clearly in AUP. Also spell out everthing clearly about security
- Aditya Deshmukh,
Chief Security Officer ,
Enterprise Security Solutions.
Delivered using the
>
> VNC does support 'reverse shells'. Look in the manual for your
> particular version.
Yes I am looking and testing this out
> You would need to open one or more ports on your company's
> firewall, but
> that isn't too big a problem, is it? Just tunnel it over something
> reasonably safe, and t
Hi List,
I have a very peculiar problem about accessing VNC server behind gateways
and proxy server...
Here is the background info...
I have a client who has pretty big vnc installation base mostly windows but
Linux and Solaris also includes.
Most of the Road Warriors have windows with vnc and
>
> I noticed one of my customers using the "special" date of 11/11/11 in
> their database.
These sort of shortcuts are frequently taken by the programmers or the
DB admins after the whole system has been setup :)
> For this customer 11/11/11 in the date field means, don't process
> this record,
This just came in from korea from one my other lists that I am subscribed
to. Anyone have contacts in korea or with the .co to take care of this one ?
begin 666 ATT00455.eml
M1G)O;3H@(K39M-DB(#QG87!E,D!H86YM86EL+FYE=#X-"E-E;F1E2!N;[EMAIL PROTECTED]('9I'0O:'1M;"!-24U%('!A2!W:&EC:"!N86UE(&ES#0I(
> About the best you could do to hide the "super secret sauce" (lol ..
> Vladis) is put it on a secure token (eg: SmartCard) and call it from
> there. While not foolproof, hardware is [generally] more
> difficult to hack.
>
Not for someone who has more knowledge than time and above all more ego t
> friends,
>
> We are developing a software that makes use of a COM DLL. The whole
> logic lies in the dll. The User Interface is in VC++. DLL exposes
> functions, application calls it and displays result. Now, we found
> that anybody can copy the DLL, register it and make use of those
> functions.
AD> The win32 tcp stack was stolen from bsd
> ^^
>Get your facts right.
Yes bsd lic was used so they dint actually steal it - but as it was 12 am
when I send the mail so please excuse me for the mistake.. :)
But I say in the lower lines in my that it was not copi
>Hey, I am looking for Windows TCP/IP stack information, I
>would like to know why it behaves inconsistently to SYN|FIN|URG|PSH!
Mate when does it behave consistently ? It behaves consistently
inconsistent! How ever can u tell me why are u looking this info for maybe I
can help u there. The win32
>And yes, there are of course also bots that use encrypted communication
>or IPv6-only botnets.
All these bots are already in the wild I think - I had removed bots sometime
ago that used DNS requests to communicate nothing big but these already
exist and are usable but not widely deployed yet
-a
>You've signed an NDA.
>
>What do you do?
Revel all the info anonymously ?
-aditya
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
___
Full-Disclosure -
hi list,
Today I noticed that when ever I try to download anything with the norton
firewall enabled the downloaded file becomes corrupted. If I connect using a
ssh connection when the norton firewall is active the connection is closed
after some time with a error message saying "Incomming Packet
>
>Hello list members,
>Here is an interesting piece of spam I received that originated
>from "205.206.231.27" which resolves to "outgoing.securityfocus.com".
>Doing a DNS lookup for "outgoing.securityfocus.com" returns the IP
>addresses "205.206.231.27, 205.206.231.26". Has anyone else rece
95 matches
Mail list logo