e about what applications you run,
not what the system under them is.
--
Vincent Archer
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
".
Took us two months of careful negotiation to explain in words of no more
than 5 letters that when we said backup in case of cut lines, we really
meant it.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des V
e number, which is also recorded.
> Besides that, there is an explicit statement [2] that forbids
> recording contents or data related to the visited web pages.
Yes, because that is considered wiretapping, which requires a judge
to determine if you have enough cause to warrant the breach of
trol on people's private keys and thus cannot enforce passphrases
on those keys. You can unknowingly lower your security by moving to a
key-based login, because some people who would type a password to log-in
will not bother securing their passphrases if they are forced to use a
private key.
--
le. Any
expansion breaks down the proved state by introducing external
unvalidated states, and you're back to square one.
Being able to validate the integrity of a system requires *at least* the
entire potential system, which is why systems in general cannot
self-prove: they require more th
cation from the
hosting component of the hosted one. Or the hammer approach of erasing
the state of the system after use, and rolling it back to a "proven"
safe and stable one.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47
dy repeated in this thread), the legal
methods are well defined as being of type "token". And tokens can't
include characters like <, (, or ". And that's where apache fails: it
lets you use additional methods, sure, but it also doesn't validate
anything - even though
or Apache.
Not with PHP. But I would agree with the original programmer that apache
is in fault here. Apache should have done the expected work, and
validated that the request was standards-compliant. It didn't, and that
opens up a huge chasm in which plenty of problems, vulnerabilities and
others, ma
the whole Windows OS
paradigm obsolete... that's where the Microsoft momentum can falter.
That, or major blunders. Microsoft has enough resources to survive most
of anything... but you can survive as the number 2 or 3, or #5 guy on
the market. Survival is not dominance.
--
Vincent ARCHER
[EMAI
ng available on solaris 10
years ago, I think).
> Anyone else running Solaris?
We do, and we confirm. The info is spreading like wildfire, and justifiably
so - I thought this bug category (-fuser) was squashed last with AIX over
10 years ago.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0
vestigate from
there.
That adds Google as an additional cut-out and delays any investigation.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France
k profile, and
default to it when unable to fetch the profile - I'm sure the sysadmins
added fancy tricks to destroy any local profile once you've logged out,
and the building of the account profile when you log in for "the first
time" is where the drop to admin happens.
--
Vin
L key used by the
server, you can use the ssldump utility ( http://www.rtfm.com/ssldump/ )
to decrypt a tcpdump capture of the SSL traffic.
Ettercap looks like it has the ssldump feature integrated, but, again, you
do need to have the SSL key of the server to decipher the session.
--
Vincent
he secret, and as
everyone knows, two persons can keep a secret only if one of them is dead).
And that's almost as dangerous to american interests as NSA being
unable to spy on them.
--
Vincent Archer Email: [EMAIL PRO
d the book 2 nights before the test to take the practice
> >exams. Scored a 92 on the exam and put the book away. We were given 6 hours
*
He scored 92 on the practice in the book. Then took the real exam.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 49 96
Fax : +33 (0)1 4
it a new attachment.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 49 96
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disc
t be removed from the non-GPL
version of Nessus. That's what Arnaud points out: there is very very few
parts of Nessus that were contributed by the outside community. Once those
parts are gone, "Nessus 3.0" can go on, even if it shares 95% of its code
with the GPL Nessus 2.2.5 initi
ften fails because it assumes that the client always speaks
directly to the server, without any alteration to content, connection and
timing, and sometimes this assumption fails. If that's the case, you're
out of luck.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax :
a half, and has been used to
post to about four of the security mailing lists I'm subscribed to.
So, be patient. You'll have your fill quickly.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23
of system:
"ubiquitous law enforcement"
(Vinge, being moderately libertarian, of course views that as The Ultimate
Evil)
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Attention !!! A compter du 29 mars, Deny All change d'adresse :
23 rue
r programs. Or to find out how the firewall work, so
you can control it or supplement it).
Reverse engineering and publishing your findings is not automatic. That's
where consumer protection laws start to interfere with IP, and that's
where lawyers start earning their fees.
At least, it&#
dding a host" & "Adding Gateways")
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com
___
Full-Disclosure - We believe in
neering on it.
You can lawfully reverse engineer software you legitimately own, but not
the one you don't.
--
Vincent ARCHER
[EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com
_
23 matches
Mail list logo
