Michael Krymson wrote:
I just wanted to let you know I know a tiny bit how the American system
works (I live here). Beyond reasonable doubt is typically a murder trial
thing.
That is incorrect. You, again, appear to misunderstand what beyond
reasonable doubt means.
Beyond reasonable doubt is
mcwidget wrote:
This has happened in the UK a few years back -
http://news.bbc.co.uk/1/hi/technology/4721723.stm. A guy was fined £500,
given a 12 months conditional discharge and had his laptop and wireless card
confiscated for repeatedly using someone's unsecured wireless with his
laptop
Here's a question, relating to the PUBLIC DOMAIN issue. I don't know
the answer, but it seems relevant.
When a http indexing bot (like those used by Google, for instance)
comes upon a hyperlink into a page that is http authenticated, does it
follow the link and try a blank password, or does it
Michael Krymson wrote:
Wow, this whole discussion with a troll has gone on far longer than it ever
should have.
So basically what you're saying is that we should all shut up and not
talk about an actual issue, and that trolls should be trolls and stay
away from discussion of actual issues?
Oh,
I wrote:
When a http indexing bot (like those used by Google, for instance)
comes upon a hyperlink into a page that is http authenticated, does it
follow the link and try a blank password, or does it not follow the
link? Is there some accepted standard for that?
If it is considered
Valdis Kletnieks wrote:
In the US, there have been a number of successful prosecutions in cases where
people used an unsecured wireless access point to launch attacks. You'd
probably need to show *all* of the following:
1) That it was unsecured.
2) That it was *intentionally* unsecured.
3)
Professor Micheal Chatner wrote:
I was wondering if anyone would like to start something like a
Full-Disclosure monthly group in cities all over the world. It could
be like 2600 meetings except with real security professionals because
personally I don't want to even talk to someone unless they
On Thu, 19 Jun 2008 13:00:49 +1000, rawket wrote:
/There is no denying that an OTR Conversation has been encrypted..
Its because the private keys change ultra-frequently, and the keys
are short lived that it provides the 'plausible deniability'
On Thu, Jun 19, 2008 at 2:28 AM, Tonnerre
On 12/6/06, aNub15 wrote:
2. Looking for a low footprint windows firewall that's only supposed to do
one thing. If someone hits port 110, block the I.P for a week? (should take
care of most portscanners (skiddies)). And no I'm not worried about blocking
real users on the box.
Has it occurred
The new law also makes it an offence to supply or make available any
software
like an operating system? like a compiler? like PoC code? like
manpages, help files, and other software documentation? like a web
browser that can be used to find such information?
or tools
like a computer? like
On 11/4/06, Joshua Gimer wrote:
If Microsoft is not planning on providing a fix for this until Vista, I can
see a worm coming from this.
It's highly unlikely that this would be useful to the spreading of a
worm. Worms infect computers over a network, relying either on
remotely exploitable
On 11/2/06, Roger A. Grimes wrote:
So, if you're statement is accurate that malware would need to be placed
in a directory identified by the PATH statement, we can relax because
that would require Administrator access to pull off. Admin access would
be needed to modify the PATH statement
On 8/15/06, Edward Pearson [EMAIL PROTECTED] wrote:
I'm glad somebody said it. I'm fed up of the whole if you don't like
them, don't read them crap.
Fuck you all. I'm going to Bugtraq.
Right--you don't like the list, so you don't read it. You are acting
in accordance with the mantra with
On 8/13/06, vodka hooch wrote:
no sir full dis for exploits no off topic security chats about botnets etc
From the list charter at http://lists.grok.org.uk/full-disclosure-charter.html:
Any information pertaining to vulnerabilities is acceptable, for
instance announcement and discussion
On 7/27/06, wac wrote:
Now, Linux is definitely not a natural migration pathway. That theory
of
adapting server oriented operating systems to the desktop, and believe
if
was going to be a succes has proven to be wrong.
Really? Windows 2000, Windows XP, and Mac OS X seem to work pretty
On 8/1/06, Micheal Espinola Jr wrote:
Windows NT Workstation was in fact identical to Server - except with
intentional limiters placed within the registry to prevent admins from
avoiding purchasing the full server product. However, you could
hack it and make it a Server.
Don't forget that the
On 7/17/06, Vidar Løkken wrote:
On Sun, 16 Jul 2006, Jhou Shalnevarkno wrote:
I've come to the realisation that plain text can be entered to change
the root password in Slackware Linux. It doesn't check for the
original password.. Surely this isn't right, perhaps its my bit of
confusion but
On 7/22/06, wac wrote:
I would use ReactOS in that case ;) --- www.reactos.com
The alpha 0.3.0 rc1 is already there waiting for the download yep an alpha
but then that is what win98 always was, a badly designed alpha putted on the
market with rush to produce money at the expense of
On 7/12/06, Dude VanWinkle wrote:
and for the record, win9x doesnt have the option for security. no
ACL's, file system doesnt support them, doesnt that make the idea of
securing it moot?
Win9x OSes (including Windows ME) are not true multi-user operating
systems. They do not implement
On 7/6/06, Dave No, not that one Korn wrote:
You appear to have come in part way through this thread and missed the
first post that started it, which had Rob Levin's SSN, birthdate and
personal data.
You have a good point. I feel like a fool now, and with good reason. I
thank you for the
On 7/6/06, Edward Pearson wrote:
Yes, shame on you.
If Rob took you to court, you'd be in big fucking trouble.
Wow, feel the hate.
evilrabbi pointed it out, but maybe you didn't catch it...court
records are public...
Benjamin Krueger spoke of, SSN, birthdate, and other personal data,
but
On 6/24/06, Troy Solo wrote:
As much as I have valued your opinion in the past, Valdis, you certainy
lose some credibility backing n3td3v.
The world would be a better place if people evaluated claims on the
basis of what they said, rather than on the basis of who said them.
Or do you think
On 6/22/06, Randal T. Rioux wrote:
The words best solution should NEVER be used in the same sentence as
sender verification, unless not separates them. It is obnoxious and
places the burden of your lack of effort or knowledge onto the sender.
I second this. In addition to being obnoxious,
On 6/9/06, John Sprocket [EMAIL PROTECTED] wrote:
The problem, in the first place, is that people are hacking the
websites of others. Saying, let's block tor so that it will be
slightly harder for some hackers to be quite so anonymous while
eroding the privacy of thousands of legitimate
On 6/9/06, ßµªSKãR †|wãri wrote:
Hi all
Here is a request to please do not merge Debian Mailing List's Mails with
Full Disclosure
Why? If they pertain to security vulnerabilities, they surely belong
on Full Disclosure.
Any information pertaining to vulnerabilities is acceptable, for
On 6/8/06, John Sprocket wrote:
but like all tools it's a double-edged sword and is easy to abuse.
saying do not bother. you're fighting against privacy, find a better
way is not solving the problem but obviously avoiding it in the
first place. again the original problem is of identifying a tor
On 6/6/06, John Sprocket wrote:
hehe. look at it metaphorically (like guest inside establishment)
you're head of security at a casino you monitor a specific area full of
people/users.
you have your normal people you can see and possibly identify if you so
care. there's a
group of people that
Agreed. The whole point of Full-Disclosure is to be unmoderated, and
it would contribute nothing to the security community if it were
moderated, because good moderates lists, like Bugtraq, already exist.
Those who want an unmoderated list instead of Full Disclosure are free
to leave. Even better,
And only by resisting moderation can we ensure that full disclosure
remains possible on the Full-Disclosure list.
-Eliah
On 5/19/06, J.A. Terranson [EMAIL PROTECTED] wrote:
bugtraq != reasonably full disclosure either.
On Fri, 19 May 2006, Micheal Espinola Jr wrote:
Date: Fri, 19 May 2006
Right, so the machinery is already in place to partially moderate the
list in **special circumstances**. It is interesting that flaming and
rudeness are not given as examples of such circumstances, since flame
wars are very common on lists in general and on Full Disclosure in
particular, and
On 5/11/06, ArsenKirillov wrote:
Hi!
Looking for something like Free AV software for Win32 OS's. If u r using
something
good - pls let me know!
On 5/11/06, Ivan wrote:
Arsen,
Grisoft AVG has a free edition for home use
http://free.grisoft.com/doc/1
cheers
Ivan
I have used AVG and also
You dumb fucking cunt.
It's interesting how you reply with the greatest degree of visceral
hate toward those who, rather than criticizing you personally (until
now) or attacking you, think critically, disagree with what you have
to say, and make intelligent arguments. Has it ever occurred to
On 5/5/06, Valdis Kletnieks wrote:
On Fri, 05 May 2006 10:02:27 EDT, Exibar said:
ROFL, I mean no disrespect man, just couldn't resist. yah, I'm sure
if you think about it a bit you'll realize what my procedure is.
Were you about to suggest that you just Turn The Damned Thing Off?
Based on all of the feedback on this cess-pool called a mailing
list.
Did you expect that subscribers to the FULL DISCLOSURE mailing list
would support your plan to make money off of withholding disclosure?
I am now offering my vulnerabilities for sale only to those
that
Wait...what about
On 3/29/06, Andrew van der Stock wrote:
This is not quite true.
Java does not prevent integer overflows (it will not throw an
exception). So you still have to be careful about array indexes.
On 3/28/06, [EMAIL PROTECTED] replied:
No you dont.
Arrays are all bounds checked; ..., that
(as a client) a valid connect on my side. Having
that I believe it would still let me access the resource that you were
trying to deny me access to.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eliah
Kagan
Sent: Friday, January 20, 2006 5:53 PM
To: full
However I do wish it had the feature that Sygate PRO has, which will
blackhole a IP if it detects a ports scan coming to it. it then blocks all
activity from the offending IP for approximately 10 minutes.
Well, it's a feature if the probes are really coming from the computer
Sygate PRO thinks
Eliah Kagan,
EK Then Z comes along and sends a
EK bunch of SYN packets to X, spoofed to have the source IP of Y, waits
EK 10 minutes, and repeats ad infinitum.
Z sends spoofed packets coming from the DNS server of X even more
interesting..
--
http://secdev.zoller.lu
Thierry Zoller
Todd Towles wrote:
Well, I agree that something should be done, but it isn't equal to the
Sony issue IMHO. This was clearly an accident, just like viruses and
trojans that were found in MP3 players to Dell computers (for a very
short time). This is business, sometimes, products are defective.
Duncan Lindley wrote (off-list):
On the subject of embarrassing errors;
Sony purchased a root kit ala DRM software from first 4 internet.
---
Duncan Lindley
Systems Administrator
Virgin Blue Airlines Pty Ltd
07 3295 5010
0423 025 150
Yes, this is an embarrassing error on my part. It has
Paul Schmehl wrote:
Well, that's not what I said, but doesn't a company have a responsibility
to virus-check any software they ship *before* they ship it? It's not like
this is something so new that a normal check wouldn't have found it.
And isn't the *effect* on the end user the same?
Anonymous Squirrel wrote:
At the risk of this discussion running far afield, I think Jason and Paul
may be talking past each other. My understanding is that Jason has a point
-- corporations can't suffer the same punishment as individuals. They
aren't deprived of their freedom in prisons.
David Litchfield wrote:
Hey all,
I've just put up a paper on a curious flaw that appears when running a
database server on Windows XP with Simple File Sharing enabled. The flaw
essentially allows a remote attacker to gain access to the database,
sometimes with DBA privileges, without
David Litchfield wrote:
Hi Eliah,
David Litchfield wrote:
Hey all,
I've just put up a paper on a curious flaw that appears when running a
My intent is not to MS-bash here, but perhaps Microsoft is to blame
for not educating people about this issue. (If they had, your paper
would be
James Tucker wrote (off-list):
I think you mis-read the paper, this is NOT the fault of MS, who'se DBS is
NOT vulnerable due to PROPER authentication
design with the host OS.
Yeah, you're right. What am I saying...?
Forget everything I just said in this thread...
I apologize to everybody
James Tucker wrote:
Long day?
It will be.
-Eliah
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Bugtraq.
See also http://seclists.org/
And of course you can subscribe to Secunia's and eEye's bug lists, and others.
But as Fyodor says of Full-Disclosure: Fresh vulnerabilities
sometimes hit this list many hours before they pass through the
Bugtraq moderation queue.
-Eliah
On 11/13/05, Ed
47 matches
Mail list logo