Re: [Full-disclosure] Tempest today

> Another missed cue for someone to speak about are LAVD (Laser Aided > Vibration Detectors) which most will NOT find on Google if they searched > that EXACT term. The folks at Information Unlimited (the ones that advertise in the back of all the Popular Electronics, etc magazines) have been sell

Re: [Full-disclosure] New Laptop Polices

Well, how about this : build a PXE type CD/DVD with all your business applications (you could automate a nightly build to keep antivirus, patches, etc current). Do "folder redirection" or similar to mount all user-specific bits from a USB thumb drive (itself an encrypted volume). Then your "trave

Re: [Full-disclosure] New Laptop Polices

> OK, so you pull the hard drive - where do you *put* it? Remember, if it's > packaged to be removable, it's going to look a lot like an MP3 player or some > other thing-with-a-battery, and you end up having to check it. Being as the original email came from an exec at Universal Music, I think th

Re: [Full-disclosure] anoNet: Cooperative Chaos

http://www.anonet.org Forbidden You don't have permission to access /index.html on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.36 Server at www.anonet.org Port 80

Re: [Full-disclosure] New member asking question...

I have been reading the posts over the past few weeks, and am wondering how the heck you guy discover these vulnerabilities. Granted, I am still very new to the IS world, but I cannot begin to understand how you discover weaknesses. After reading these posts, the explanation always makes since,

Re: [Full-disclosure] RFID Attack theory

So most of the research has been done here already.. Which brings me to the work done by www.rfidvirus.org They have some really good ideas about attacking the middleware using SQL injections, SSL includes, and buffer overflows on the reader to middle ware interface. S

Re: [Full-disclosure] FBI Says Data on VA Laptop Not Accessed

The FBI, in a statement from its Baltimore field office, said a preliminary review of the equipment by its computer forensic teams "has determined that the data base remains intact and has not been accessed since it was stolen." More tests were planned, however. Didn't the original "wanted" noti

Re: [Full-disclosure] UnAnonymizer

The 'trick' is to obtain this information regardless of proxy settings and in the case of SOCKS4, be able to identify your real DNS servers. This is accomplished using a custom DNS service along with a Java applet that abuses the DatagramSocket/GetByName APIs to bypass any configured proxy. The

Re: [Full-disclosure] tcpdump logfile viewer

/file As someone already pointed out, if you want a nice GUI to look at them (and do advanced protocol decodes) use Ethereal (or tethereal for text output). Note that the display expressions in [t|e]thereal are different than the BPF expressions used to capture. Cheers, Michael Holstein CISSP

Re: [Full-disclosure] Sniffing on 1GBps

ke netgraph (again, *bsd). When doing gigabit (or faster) capture at wire-speed, a lot of other factors like PCI bandwidth, disk bandwidth, interrupts, etc. come into play. Good luck. Michael Holstein CISSP GCIA Cleveland State University crazy frog crazy frog wrote: Hi List, I m just wo

Re: [Full-disclosure] notepad oddatiy

Confirmed on xpsp2, fully patched. ~Mike. John Bond wrote: could some one tell me why/how this happens. 1. Open up Notepad 2. Type in this sentence exactly (without quotes): "this app can break" 3. Save the file to your hard drive. 4. Close N

Re: [Full-disclosure] SSL VPNs and security

Are you referring to telling end-users to click "Accept this certificate permanently" box on the certificate warning pop-up? Or is there a software package out there that can do this without the warning pop-up? In Windoze, if you have a .cer file, and did the use fields correctly when you issu

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

Your interpretation of the Internet is a bit distorted. We're not talking about authenticated websites here (perhaps I should have made that more clear), nor are we talking about using TOR, etc. for malicious purposes. For the purpose of this (largely theoretical) argument, I meant "publicl

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

But remember your rights stop when the rights of others start. So, if a give admin wants people who use Tor to be blocked from his particular site, it is his right. I might not agree with it, but I'll defend his right to do so. After all, it is his site. If he was to do that (and makes a clear sta

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

again, redirecting a tor user to a 403 requires you to sit and think up of a workaround. perhaps you aren't able to come up with one or you don't want to take the time/effort. this means i've effectively deterred you from using tor to get to the website. now if you care about the website more than

Re: [Full-disclosure] SSL VPNs and security

SSL certificates are free. You just have to have enough knowledge to distribute your own CA certificate. For a VPN appliance, this should not be a problem at all, since only your trusted users should be accessing it. Even if you aren't competent enough to figure out how to distribute your own CA

Re: [Full-disclosure] SSL VPNs and security

Set up a wildcard record, *.webvpn.example.org, pointing to the device. The device then maps all internal domain names or IP addresses to a unique hostname, such as: internalhost.webvpn.example.org, or 192-168-0-1.webvpn.example.org, etc. This has the side effect of making procurement of the SS

Re: [Full-disclosure] Strange Emails -- What are they?

What would really help is SPF, if you can manage it. That way you can reject mail that claims to come from your domain but does not come from your mail servers. But this is all a bit OT, not really full disclosure. Well, sort of. Too many domains do something like '~' or '?' instead of '-' li

Re: [Full-disclosure] Breaking LoJack for Laptops

; laptop at my disposal, I can't test directly, but having hacked the BIOS in many other cases to enable things like RAID on a non-raid motherboard, I suspect that the LoJack code is in one of the "vendor" areas on the bios, and is easily removed and the image re-checksummed. Thou

Re: [Full-disclosure] Strange Emails -- What are they?

When you try and send email to a non-existant address, the receiving server rejects during the smtp transaction so a return address is not needed since the sending bot gets this error message before the transaction is completed. Depends on the MTA and how it's configured. Some will silently acce

Re: [Full-disclosure] Strange Emails -- What are they?

Is this just another instance of spammers fishing for legit addresses? If so, then why the hell are they sending email from invalid addresses? I can dig into this a lot further if I need to, but I wanted to see if anyone else had any ideas about it first. Thanks in advance!!! Yes (just spam --

Re: [Full-disclosure] Tool Release - Tor Blocker

Recently our servers were hacked by a tor user and we were unable to prosecute due to not being able to trace the source as the user was using this malicious piece of software to keep his/her anonymity. TOR isn't malicious. Privacy is a precious thing these days. Don't blame TOR because you fa

Re: [Full-disclosure] Different google interface when using some Tor exit nodes

I'm aware of that, however, is there any particular reason why the exit nodes that I've been observing load that version? Are they owned by Google developers working on the new interface? Or are they just normal users? Perhaps they are corporate users who have a deal with Google? There doesn't

Re: [Full-disclosure] Different google interface when using some Tor exit nodes

This is due to IP based defaults. Google looks different from different countries. Walk around in the world with your laptop and you'll see what I mean. Just do : http://www.google.com/ncr the /ncr stands for "no country recognition". Then you get the default (english) interface. /mike. ___

Re: [Full-disclosure] Responsibility

My question then is - if you have done the utmost to lock down your customer but someone connects an infected machine and somehow it gets in, is the customer right in suing you? Doesn't matter. In the U.S. you can sue anybody for anything .. no matter how stupid or frivolous it might be. Jur

Re: [Full-disclosure] Five Ways to Screw Up SSL

I was referring to the CA that signs it. It was implied that freessl.com, who gives out trial certificates, is an unreliable CA. I do not understand why their certs would be any less valid than anothers. Not less valid, less trusted. SSL is a heirarchical "web of trust". As long as the website

Re: [Full-disclosure] Five Ways to Screw Up SSL

Why would it matter who signed it? As long as the data is encrypted as it travels over the internet, I am happy. Because encrypted is only half the battle. Trusting that $entity is really $entity is the other half. Most end-users aren't smart enough to verify that when they hit https://www.c

Re: [Full-disclosure] Breaking LoJack for Laptops

having hacked the BIOS in many other cases to enable things like RAID on a non-raid motherboard, I suspect that the LoJack code is in one of the "vendor" areas on the bios, and is easily removed and the image re-checksummed. Thoughts? Michael Holstein CISSP GCIA Cleveland State Universit

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise

sshd and port-redirection to access it. Of course, then you've got to pay attention to patches in OpenSSH, but that's got a better track record, and allows you to do RSA auth, etc. Cheers, Michael Holstein CISSP GCIA Cleveland State University _

Re: [Full-disclosure] bypassing Windows Domain Group Policy Objects

System Key: [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System] Value Name: DisableGPO Data Type: REG_DWORD (DWORD Value) Value Data: (0 = default, 1 = disable group policy) strike that .. production releases ignore this. Other possible solution, cripple gpupdate.exe (XP) or secedit

Re: [Full-disclosure] bypassing Windows Domain Group Policy Objects

group policy) Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] What is wrong with schools these days?

I don't see why you think Linux is any better at this. If you gave those same daughters a fully patched Windows XP box, turned on automatic updates, and gave them accounts that were only in the Users group (i.e. not administrators), their chance of getting infected would be zero, too. There's p

Re: [Full-disclosure] What is wrong with schools these days?

Does it include Windoze boxes possesed by malware? Such a box is not hacked in a strict sense but the difference is almost irrelevant (esp. when backdoors have become a standard feature of malware). With a Windoze box running a critical service, do you *really* that same box for your morning pr

Re: [Full-disclosure] What is wrong with schools these days?

You know, having made a few NTexploit lists in the past, I wanted to make the point the M$ was less secure. Unfortunately the facts were against me. You do realize that in this case the "facts" have more to do with how things are reported by the two companies. Case in point : a typical IIS s

Re: [Full-disclosure] What is wrong with schools these days?

Where do you think all these Bot-nets are coming from? They can't all be businesses. Some of the biggest bot-nets out there are made of schools. per-capita, you'll find more at Comcast, et.al. -- but you just happen to notice one from a school since we have loads of bandwidth and few restri

Re: [Full-disclosure] Who Do I Contact?

obody wants to get embarrased in the news. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -

Re: [Full-disclosure] Re: kiddie porn warning [was: Fwd: Re: montspace -- child porn (site still up)]

(a) When a provider of electronic communications services or remote computing services to the public ("provider") obtains knowledge of facts or circumstances concerning an apparent violation of Federal child pornography statutes designated by 42 U.S.C. 13032(b)(1), it shall, as soon as reas

[Full-disclosure] Re: kiddie porn warning [was: Fwd: Re: montspace -- child porn (site still up)]

Guys, please refrain from going to that site or downloading it. In some western countries just having CP on your PC means your life can be completely ruined without much further evidence or investigation before-hand. wget to STDOUT would be safe in such situations, no? You can't "see" an imag

Re: [Full-disclosure] [Fwd: Re: montspace -- child porn (site still up)]

And how long did it take that mole to pop back up? Tompa.com is already back on the air. Montspace.com is not back up yet, but that was just a sacrificial feeder domain. If you did not check it out before it went down, montspace pretended to be a child-porm site, but all the links there went to

Re: [Full-disclosure] [Fwd: Re: montspace -- child porn (site still up)]

Congratulations, you whacked a mole. LMAO .. only 44,998 more tickets and I can get a mondo plush doll for my girlfriend. Insert 50 cents to try again :) And how long did it take that mole to pop back up? Tompa.com is already back on the air. Montspace.com is not back up yet, but that was

[Full-disclosure] [Fwd: Re: montspace -- child porn (site still up)]

Wow .. that was fast :) Original Message Subject: Re: montspace -- child porn (site still up) Date: Mon, 17 Apr 2006 17:02:33 +0300 From: abuse/at/ipipe.net To: Michael Holstein CC: abuse/at/hqhost.net References: <44439CC8.1020308/at/csuohio.edu> Hello Michael, tom

Re: [Full-disclosure] MySpace or Montspace?

n the server's error log. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MySpace or Montspace?

All taken care of. I sent your list and the background information over to the FBI. With any luck these sites will be down quickly (if they aren't already). Makes my skin crawl just thinking about it... As of 0921 : wget -O - http://www.montspace.com --09:21:27-- http://www.montspace.com/

Re: [Full-disclosure] MySpace or Montspace?

Seek help. echo "www.montspace.com" |mail -s "suspected child porn" [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Recall: Oracle read-only user can insert/update/delete data

In my experience, it doesn't even work in an Exchange environment. The user gets a message that the message should be recalled, but the original is still there, even if it hasn't been read yet. I've heard people say that at one time it would auto-delete the message if it hadn't been read, but I've

Re: [Full-disclosure] info on ip spoofing please

My question is How can you sniff packets on a link that your machine is NOT on ie NOT on the same subnet?? It's not the subnet that's important .. it's the broadcast network (usually a VLAN). ARP spoofing is the standard way of doing this, but ARP isn't (usually) forwarded across a router. Y

Re: [Full-disclosure] Root password change

Trivial to defeat. Just boot in to single user mode with these kernel options: single init=/bin/bash Again .. only due to initial misconfiguration. Nobody should allow alternate switches to be passed to the kernel at boot .. either by password-protecting the bootloader, or via firmwar

Re: [Full-disclosure] Root password change

Isn't it easier to boot into single user mode and reset the password? It doesn't require you to load the live CD which is one less step. depends on if they setup 'console' as insecure or not in /etc/ttys. ~Mike. ___ Full-Disclosure - We believe in it

Re: [Full-disclosure] Root password change

noppix) .. mount the / partition of your hard drive (eg: mnt -t ext2 /dev/hda1 /mnt) then do "chroot /mnt" and execute "passwd root" from in there. Then exit the chroot, umount /mnt, and reboot. Viola' Cheers, Michael Holstein CISSP GCIA Cleveland State University Mockbee, To

Re: [Full-disclosure] Re: Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment

The original poster mentioned NetBEUI. If the legacy NetBEUI protocol is really installed on the system, certain Microsoft sharing attempts would be expected to bypass IP (and therefore all IP VPNs) entirely. Right? NetBEUI is a L2 protocol .. not routable. It would depend on the VPN type tho

Re: [Full-disclosure] Hello everyone

Not that I'd want to cross the line and test what you say I just read a great article where a 13 year old bombed GRC.COM a few years back but due to his age and that he hadn't commited more than $US 5,000 of damage the FBI said they really didn't have the resources to bother with him. http://gr

Re: [Full-disclosure] Hello everyone

After just a few hours of scanning (I have to start somewhere} I have located quite a few routers that have their manufacturers password still set not to mention loads of Windows machines that have port 139 open AND have write access to the whole of the C: Drive in some instances. There goes '

Re: [Full-disclosure] Re: guidelines for good password policy andmaintenance / user centric identity with single passwords (or asmall number at most over time)

ubstituion" tests in conjunction with a wordlist -- thus, 'l33t1fy1ng' your passwords is a pretty poor defense. Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.gr

Re: [Full-Disclosure] USB risks - working autorun example (fwd from pen-test)

I need to figure out how to autorun a file on a USB flash pen drive. If you can re-partition the drive, set one of them up as CDFS and setup an ISO9660 filesystem. Windows will 'think' it's a CD-rom drive and do whatever autorun.inf suggests. This what they do with those "freebie" flash driv

Re: [Full-disclosure] -ADVISORY- % =Thu Mar 16 13:23:37 EST 2006= % Buffer Overflow in Microsoft Access

> Well, by default, Tor doesn't allow port 25 out of exit nodes. In this case however, not only has the operator opened up port 25 out, effectively making it an open relay, but he's actively sniffing and publishing exit node traffic - apparently under the misguided belief that it makes him appea

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

First off, I think 3 days spent on this topic is sufficient -- epically since you fail to grasp some of the more basic concepts which underly the OSI model. Encoding a username and password combination using base64 is not secure, but, I understand why it is encoded in base64. Having said that,

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

I want a technology to protect the data, not a user who can be social engineered into doing something wrong. The technology already mentioned *will* protect the data. SSL works, and works well. As for trying to make it idiot proof .. remember Darwin's law .. nature will always strive to prov

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

This cuts both ways - if you have a large infrastructure, you don't use a web based GUI either, because visiting 1,000+ pages to reconfigure 1,000+ switches really sucks. At that point, you want a scriptable CLI so you can do something like Amen! .. as someone that's had to administer Checkpoin

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

As suspected... so I am correct; and it is a security threat. I can compromise a network, arp poison it, MiTM, access the firewall, distributed metastasis, presto... owned... If you're at a point where you have access to the broadcast medium shared by the firewall -- why would you even need

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

which brings up a question... what are the odds that someone could forcefully redirect traffic to their proxy after having compromised a network? Could this be done with arp poisoning? I haven't toyed with that in a while so I can't say yes or no... If it's Ethernet, and you're on the same broad

Re: [Full-disclosure] my first question

i'm search a BNCexploit.. is possible to connect all server?it's a question.. BNC is a "bouncer" used for IRC servers. See : http://www.gotbnc.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

I think that we've lost focus of my original question. My question refined is, does anyone else agree with me that using HTTP BASIC AUTH for important applications is a security risk/vulnerability (regardless of SSL)? Or, is everyone here telling me that they "feel safe" if the connections are SSL

Re: [Full-disclosure] Re: strange domain name in phishing email

The reason that most webservers will reject it if the Host: header has a numeric IP address is that the webserver already knows the IP address; the only point of a host header is so it knows which of multiple dns names was resolved to that IP address and hence which of the multiple vhosts it s

Re: [Full-disclosure] Internet Explorer 0day

I sell an Internet Explorer 0day. Command execution - Internet zone. Are you interested? Make an offer. Bugs in IE are a dime a dozen .. so howabout $0.0083 for it :) Seriously though .. check with various vendors .. most offer a "paid disclosure" program if you give them exclusive rights

Re: [Full-disclosure] strange domain name in phishing email

er is accomplished by doing \\(decimalIP) in a link within HTML. IE used to treat that as "trusted sites" and would automatically submit credentials if requested by the remote side. Cheers, Michael Holstein CISSP GCIA Cleveland State University --snip-- #!/usr/bin/perl # Perl script to

Re: [Full-disclosure] strange domain name in phishing email

IIRC, Microsoft changed that as one of the security updates to IE. For a time, it was a popular phishing trick. I also remember there was a way to do that (or something similar) to bypass the security zones in IE and make it think it was a trusted site, but can't find that reference at hand. T

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

y -- so you're ALREADY used to clicking "ok" on the warning. Therein lies the danger I suppose. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok

Re: [Full-disclosure] War Dialing, Spoofed(?) Phone Number [area code 786], and calls across the US

Caller-ID spoofing is trivial if you've got a digital (eg: T-1) line where you can send your own call signaling. It's also made much easier by several (mis)configured VoIP services -- if you have access to the SIP gateway of one, and run something like Asterisk, you can send any number you want

Re: [Full-disclosure] Promiscious Device Detection

You can't search for promisc devices, as they don't advertise them- selves in any way. Chkrootkit[1], though, will check the local machine for a promisc interface, as well as other signs of possible badness. Not entirely true .. you can use things like antisniff to spoof ARP packets and see wha

Re: [Full-disclosure] Promiscious Device Detection

I am looking for linux utility that checks if a specified machine's network device is in promiscious mode or not. packetstormsecurity.org/sniffers/antisniff/ Not free though. ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.o

Re: [Full-disclosure] Arin.net XSS

Here's a link that will probably work under both browsers http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script%3E (Firefox 1.5.0.1 on Linux) No match found for alert('666'). # ARIN WHOIS database, last updated 2006-03-02 19:10 # Enter ? for additional hints on searching ARI

Re: [Full-disclosure] Re: Fedex Kinkos Smart Card Authentication Bypass

According to Fedex Kinko's: "Our analysis shows that the information in the article is inaccurate and not based on the way the actual technology and security function. Security is a priority to FedEx Kinko's, and we are confident in the security of our network in preventing such illegal activity."

Re: [Full-disclosure] Question about Mac OS X 10.4 Security

X, something your average art student knows even less about than Windows, and an operating system that's a lot more fun to tamper with once you're in. My $0.0184 (6% Ohio taxes withheld) Cheers, Michael Holstein CISSP GCIA Cleveland State University _

Re: [Full-disclosure] Automated Vulnerability Scanners

you don't need. Cheers, Michael Holstein CISSP GCIA Cleveland State University CREATE TABLE ipmain ( idmain int(10) unsigned NOT NULL auto_increment, mainip int(10) unsigned NOT NULL default '0', lastnmap datetime NOT NULL default '-00-00 00:00:00', lastnes

Re: [Full-disclosure] Automated Vulnerability Scanners

ast .. can process an entire test from a /16 and input the results into MySQL in about 5 minutes. Cheers, Michael Holstein CISSP GCIA Cleveland State University --snip-- #!/usr/local/bin/perl use Net::SMTP; use Date::Manip; our $TZ = 'US/Eastern'; use DBI(); #DATABASE PARAME

Re: [Full-disclosure] Re: Full-Disclosure Digest, Vol 12, Issue 39

OK guys - who can be the first to figure out the *outside* number for the help desk, and call them to report a borken e-mail user that needs to be shut down? :) http://www.bbl-inc.com/BBLInc/overview-regional.cfm?code=SYR ___ Full-Disclosure - We belie

Re: [Full-disclosure] Re: User Enumeration Flaw

That's called directory harvesting and it's hardly new. Most MTAs implement tarpitting of some sort, to limit VRFY or RCPT commands from a perticular IP to a certian threshold, before they start slowing them down. There are also ways to silently drop (or accept with routing to /dev/null) a ses

Re: [Full-disclosure] Cisco Certifications

Are there any specific items of hardware I should look out for? I checked ebay for "CCNA" in the hardware section and found one or two, but they seem a tad over priced. Stay away from anyone on eBay that puts the Cisco cert initials in the auction title .. they are always overpriced. Startin

Re: [Full-disclosure] Your neighbor's security is critical to your security

The elder shared that if the area around her house is clean then there will be less dirt that can find it's way into her house. I'll be happy to help my neighbor secure the dirt in their house. $200/hr as 1099. ___ Full-Disclosure - We believe in it.

Re: [Full-disclosure] iDefense Labs Quarterly Hacking Challenge

Yeah, if Grandma next door gets hit with a $1,000,000 judgment. https://reporting.bsa.org/usa/rewardsconditions.aspx That's only 5%. The lawyers at the BSA probably take 40%. /mike. Jerome Athias wrote: $50,000 for reporting BSA that your neighbor uses an illegal version of Window$ ! https:/

Re: [Full-disclosure] blocking Google Desktop

The first rule would get flowbits:noalert; flowbits:set,google.user.agent; And the second rule would get flowbits:isset,google.user.agent; Is that global (if #1, then always #2), or is it "per-IP" ? I verified I can block the SSL session setup using the snort sig I posted the other day .. but

Re: [Full-disclosure] blocking Google Desktop

I am using Google desktop version 4. By default search across computers is not enabled. Can someone explain me why all the noise if I just don't use the feature. True, it's not enabled by default, but Google is pitching this as an easy way to access your work documents from home (or vise-versa

Re: [Full-disclosure] blocking Google Desktop

sen't let you do an "alert" action after an activate -- because it's designed to just dump the next (n) packets. If there was a good way to chain the two rules together -- to say "after seeing 1, do REACT on #2" you could reliably kill any SSL/TLS sessions from som

Re: [Full-disclosure] blocking Google Desktop

Looks like a great target for Pharming attacks. Thanks for all your data sent to me over an SSL connection. =) Yeah .. Google is notorious for trying to send everything into the same domain -- trying to make our lives difficult. Right now, I'm trying snort with REACT actions based on their SS

Re: [Full-disclosure] blocking Google Desktop

ir desktop product. FWIW, we're sending out notices that this is NOT to be installed on any University-owned PC, violators get their machine re-imaged. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe

Re: [Full-disclosure] blocking Google Desktop

Sorry, but explain? You mean something beyond the index of your personal data then? Did they add something beyond that? Yes, version 4 adds the ability to "access your documents from anywhere" -- meaning they're sent to Google's Servers. EFF's article about it : http://www.eff.org/news/arch

[Full-disclosure] blocking Google Desktop

nt it from reporting (even if already installed) ? Regards, Michael Holstein Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] What can a Remote Vulnerability Scanner do in Future?

nt of some type. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerability/Penetration Testing Tools

Again... cheaper than core impact... but not free... Get your employer to reimburse the purchase of a bunch of O'Riley books from Amazon and learn Perl/Python yourself. It's amazing how fast the brain absorbs information when you're sufficiently motivated. Nessus is easily scriptable, and wi

Re: [Full-disclosure] Secure Delete for Windows

iscussion about 'how sdelete works' they reference the same problem regarding journeled filesystems). If the emminently wise gent from GroundZero wishes to comment on how his perticular product addresses these issues, then that might be fodder for the list (versus the ongoing flames). Reg

Re: [Full-disclosure] [Fwd: Trusted partnerfor fund safekeeping and investment]

Here is a good link on a way one person had fun with these Nigerian scam emails .. for those looking for something to do while 'gcc' does its thing ... http://www.craigslist.org/about/best/lax/119838685.html Just make them run in circles back and forth to Western Union. Cheers

Re: [Full-disclosure] Re: what we REALLY learned from WMF

The solution to folks pimping their websites through lists is to obfuscate the URL when doing a "reply" .. eg: http://blogs.shamelesslyplugged.com/index.php/archives/182 Or better yet, don't include the URL at all when replying, only use the relevent bits of the original message. /mike. __

Re: [Full-disclosure] Unofficial Microsoft patches help hackers, not security

This trend does nothing to prove netdev's post however. The situtation that MW shows here, happens all the time. How many people are infected with SDBot, but then apply the correct Microsoft patch to fix the hole. They are still infectedthe patch being applied after the fact has no real effect

Re: [Full-disclosure] Undeletable user account.

Probably because it was created under the context of LocalSystem. (DomainAdmin < LocalSystem). Start ADUC under LocalSystem context and try again. /mike. James Bower wrote: Hi all, one of my servers has recently been compromised. No suprise but the hacker created himself a user account. The

Re: [Full-disclosure] complaints about the governemnt spying!

Now with air travel how hard is it for an East German or say a Palestinian to travel on the Israeli Airlines (what is its name again) How about even a US citizen of E German decent or has a VISA stamp from a country that Israel considers hostile. Personally I would only know from what I have seen

Re: [Full-disclosure] complaints about the governemnt spying!

How does showing ID to an official make anyone safer? It doesn't. Any kid with Photoshop and some time can download templates for any state driver license on the Internet and print one that would easily fool the bean counters at the airport. /mike

Re: [Full-disclosure] complaints about the governemnt spying!

The security directives are secret because you don't show your hand to the enemy (except if you work for the New York Times.) Uh huh .. so the newspaper informing the public about an illegal government program (after holding the article for a year at the government's request) is "helping the e

Re: [Full-disclosure] Is this a Virus?

When I reboot my computer I have 2 GB space. After about 4 hours of plain web browsing, I get a low space message. The space left is 1 MB. Something keeps on filling up my hard drive when my machine is on. How do I figure out what? Anyone heard of this Um .. this is a bit O/T for full-disclosur

Re: [Full-disclosure] test this

Mix in a generous helping of 'type sniffing' by MS so that you can name WMF files .gif or .jpg or some other random suffix and you have one hell of a problem that can only really be completely fixed by MS releasing a patch to kill execution of embedded executable code in WMF files. Has anyone

Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.

just checking loop possibilities. Good idea .. try using a return address in the DFI domain that's got 'homo' in it and send it to DOI with 'fuck'. Based on the bounce reports (and what they include) that ought to have those two idoits bouncing the same message back for days. /mike ___

<    1   2   3   >