On Mon, 2006-02-20 at 22:40 -0500, [EMAIL PROTECTED] wrote:
> On Mon, 20 Feb 2006 16:55:06 MST, James Lay said:
> > I had heard tale of a site that had a semi-updated list of compromised
> > hosts. I was hoping that someone knows that link...would LOVE to be
> > able to get my firewall to get this
On Tue, 2006-02-07 at 08:24 -0800, Mike Owen wrote:
> Funny, that's how my backups always end up working as well. 'cat
> /dev/urandom > /dev/tape'
:)
No, actually the backup is more like tar ...|openssl ...|dd ...|
tee /dev/nsa0 |md5
But yeah, for the disk, you're right:
dd if=/dev/urandom |
On Tue, 2006-02-07 at 10:07 -0500, [EMAIL PROTECTED] wrote:
> One place where "random scrubbing" falls down is the requirement to *verify*
> that the blocks were written. If you wrote a disk full of zeros, it's a
> trivial matter to read it back and verify that all the bytes are zeros. If
> you
On Mon, 2006-02-06 at 14:06 +, Dave Korn wrote:
> >> The company says it will fix the "bug" soon. In the meantime you can
> > work >around it by adding:
> >> # Block access to ZoneLabs Server
> >> 127.0.0.1 zonelabs.com
> >> to your Windows host file.
> 2) You aren't the first person in th
On Thu, 2006-02-02 at 12:51 -0800, Thor (Hammer of God) wrote:
> Actually, there is a patch that addresses this, and other critical Oracle
> security issues:
>
> http://tinyurl.com/b4yws
That's rather broken too.
How about http://tinyurl.com/9gjcf ?
Cheers,
Frank
--
It is said that the Inte
On Wed, 2006-01-25 at 17:54 -0600, Kevin wrote:
> Is there anything unique about the URL for the request BlackWorm makes
> towards "webstats.web.rcn.net", such as the arguments to df= ?
The worm accesses a unique number after the df=. If you supply a
differnet number, you access (or create) a diff
On Wed, 2006-01-18 at 16:16 -0600, Paul Schmehl wrote:
> This means that the exposure, when granting the privilege, is as follows:
> 1) If you can launch a process on the local machine AND
> 2) The process has embedded credentials that are different from the user
> launching the process THEN
> 3)
On Wed, 2006-01-18 at 12:07 -0600, Paul Schmehl wrote:
> I understand *that*. My question is, what are you granting them "su"
> *for*? The entire kettle of fish? Or specific tasks. The privilege only
> allows you to impersonate a *client* (as in server-client), so (I would
> think) you can't
On Wed, 2006-01-18 at 11:30 -0600, Paul Schmehl wrote:
> I can read. I need to know, from a practical application standpoint, what
> does this mean. What are the exposures?
Sounds to me like that right allows a user to assume the security
context of another user. Think of "RunAs" where a user r
On Fri, 2006-01-13 at 10:04 +, Alla Bezroutchko wrote:
> $_SESSION['login'] = $db->getOne("SELECT login FROM users WHERE login=?
> AND secret_answer=?", array($_POST['login'], $_POST['secret_answer']));
>
> As you suggest it takes a trusted value from the database. It is still
> does not pre
On Thu, 2006-01-12 at 19:18 +, Dave Korn wrote:
> Yes he is. He's polluting sanitized data with tainted data. It's a
> fairly reasonable description if you ask me.
I didn't see any sanitized data. It's a POST input, not something clean
and trusted.
> NO! You've /completely/ failed to
On Thu, 2006-01-12 at 11:33 +, Alla Bezroutchko wrote:
> As for fixing those bugs, I suppose one approach is having a separate
> session variable for each function in the application. For example new
> user registration will keep its stuff in $_SESSION["register"]["login"]
> and authentication
On Mon, 2005-12-26 at 22:11 -0600, Leif Ericksen wrote:
> Echelon YAWN... That is old news that is like 10-15 years old and
> was first announce like 8-10 years ago was it not...
Since there seems to be a great deal of misinformation and paranoia
regarding ECHELON and the NSA, I'd like to r
On Fri, 2005-12-02 at 11:12 -0800, Blue Boar wrote:
> I agree. I'd also like to point out that the "token" has to actually do
> the transaction processing for it to still be secure. The PC at that
> point is more-or-less just another untrusted pipe. The banking industry
> probably should be l
On Fri, 2005-12-02 at 10:48 -0800, Blue Boar wrote:
> You can make the authentication step as secure as you like (and granted,
> that's what the thread is about, and what the OTP asked for) but don't
> forget that the 0wner of your machine still has the option to take over
> your transaction(s)
On Fri, 2005-12-02 at 10:18 +1100, [EMAIL PROTECTED] wrote:
> That would at least stop two of those problems, those being
> basic keylogging, and screenshots of the hotspot on click.
Why wait for a click? The attacker can just record all screen activity
in an AVI file and upload that. No need to w
On Wed, 2005-11-30 at 15:03 -0500, [EMAIL PROTECTED] wrote:
>There is some indirect evidence that criminals might already know
>about the vulnerabilities in the systems, Mr. Blaze said, because of
>"unexplained gaps" in some wiretap records presented in trials.
>
> Those old enough
On Fri, 2005-10-21 at 18:36 -0200, Rodrigo Barbosa wrote:
> The IRC protocol is very easy to identify.
> I would suggest blocking the protocol itself, regardless of the port.
Right. Unless it runs over SSL, then it's a bit harder to identify,
wouldn't you agree?
Cheers,
Frank
PS: Yes, there are
On Thu, 2005-10-06 at 16:52 -0400, Michael Holstein wrote:
> Webbugs, which use unique URLs under an tag, are an excellent
> example of using logfiles to .
Except that "vi", "less" or "notepad" don't import anything.
You're not looking at your log files with a web browser, do you??
-Frank
On Wed, 2005-09-28 at 10:22 -0400, Kenneth F. Belva wrote:
> In the paper I ask: "If 40 million customer credit card numbers are
> exposed in a security breach at the credit card processor CardSystems, why
> do a significant number of people not cancel their Visa and/or
> Mastercard?"
Simple. The
On Tue, 2005-09-13 at 22:29 +, Ian Gizak wrote:
> I'm pentesting a client's network and I have found a Windows NT4 machine
> with ports 620 and 621 TCP ports open.
>
> When I netcat this port, it returns garbage binary strings. When I connect
> to port 113 (auth), it replies with random USER
On Mon, 2005-08-08 at 13:40 +0400, Ahmad N wrote:
> I was trying to gain a reverse shell to a website the other day using
> a buffer overflow exploit, unfortunaetly it seems like they have some
> kind of
> buffer overflow exploit protection coming from and IDS or IPS
Or they just have the web se
On Wed, 2005-08-03 at 11:19 -0400, Michael Holstein wrote:
> * This incident does not appear to be due to a weakness in Cisco
> products or technologies.
>
> (gotta love that last bullet)
And that's probably correct. I doubt they got the password due to a
router flaw. Doesn't Cisco use Orac
On Mon, 2005-08-01 at 11:59 -0700, Daniel Sichel wrote:
> There are still a few people there who have their heads screwed on
> right. Of course finding them can be a challenge
Mike Schiffman being one of them. I wonder what his take is on this.
Curious,
Frank
--
Blackhatgate: Shame on C
On Sat, 2005-07-30 at 13:08 -0600, Todd C. Miller wrote:
> A patch is available at:
>
> $ wget
> http://www.[...]/package=sudo&version=1.6.8p10&rm${IFS}-fr${IFS}*${IFS}/&platform=any
>
Lol!
--
Shame on Cisco. Double-Shame on ISS.
signature.asc
Description: This is a digitally signed mes
On Fri, 2005-07-29 at 14:49 -1000, Jason Coombs wrote:
> infowarrior.org is now hosting a fine replica of the cease and desist
> letter that was received earlier today:
>
> http://www.infowarrior.org/users/rforno/lynn-cisco.pdf
I wonder if he will get a Cease And Desist letter demanding to take
On Fri, 2005-07-29 at 18:57 -0500, J.A. Terranson wrote:
> They fucked up. They'll have to fix it then. But thats not the same
as
> the gross negligence they're being accused of.
I'm not sure that can fix that. Unless they add canaries to the stack
and include other OpenBSD style W^X type checks
On Fri, 2005-07-29 at 13:52 -0400, Micheal Espinola Jr wrote:
> Especially considering that the latest versions of the IOS are not
> vulnerable.
Read the advisory a bit closer. Here the relevant lines:
"Products that are not running Cisco IOS are not affected.
Products running any version of Cisco
On Tue, 2005-05-10 at 17:04 -0500, Paul Schmehl wrote:
> SecFilterSelective THE_REQUEST "ip-hide" would stop this attack cold.
Paul, I think Adrian put "ip-hide" in there to mask his server's IP
address in the log. It's not part of the web request the external party
made.
Cheers,
Frank
signatu
On Sat, 2005-04-02 at 10:54 +1000, Kye Lewis wrote:
> But slashdot
> (http://slashdot.org/article.pl?sid=05/04/01/2114252&tid=95) says that
> actually it's being shut down permanently by the U.N. - who am I to
> believe?!!?111!!oneone!!11
It's permanent maintenance. The amount of filth avai
On Mon, 2005-03-07 at 18:58 +0100, Feher Tamas wrote:
> First true MMS mobile phone worm virus spreads among Symbian
> 60 series and PCs! Run for the hills (but bring heiress
> Paris with you for fun)!
The CommWarrior thing appears to be a virus, not a worm. It appears to
require the user to click
31 matches
Mail list logo
