-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here is an interesting idea. If the database vulnerability and the patch has been
available for over 6 months, wouldn't this be proof of Lack of Due Care by the
companies which were impacted? Sounds like a potential class action suite against
No, the Morris worm did not necessarily down entire countries, but if you
look at the percentage of the internet (DARPA/ARPA Net) that it downed, I
would still say that this worm does not even come close.
Nick J.
Ethics Design
[EMAIL PROTECTED]
- Original Message -
From: madsaxon [EMAIL
Hello while doing a scan for format strings vulns on util-linux package it came back with the following results.
./login.c:398 FUNC fprintf./login.c:425 FUNC fprintf./login.c:597 FUNC fprintf./login.c:614 FUNC fprintf./login.c:775 FUNC printf./login.c:796 FUNC fprintf./login.c:800 FUNC
Microsoft SQL
Server 2000 are considered vulnerable.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml.
Affected Products
=
To determine if a product is vulnerable, review the list below. If the software
versions or configuration
On søndag, jan 26, 2003, at 06:52 Europe/Copenhagen, Schmehl, Paul L
wrote:
Cyberterrorism Getting a bit hyped up, aren't we? It's just
another stupid worm.
No, I dont think so
Why do you consider it terrorism only when people are hurt directly?
In Denmark where I live and many other
One of the things we are overlooking here is that the problem with banking
sites is not that transactions are going over the Internet through vpn
connections that are not going to be compromised. When was the last time you
heard of a credit card being stolen over an ssl connection (or an http
I find this ATM outage curious. A couple of jobs ago, BofA was a customer
of mine using our ATM monitoring software. At that time, 6 years ago to be
sure, ATMs were on leased lines or satellite connections to the banks
central processing systems.
In the ensuing time, have banks began using
On Sunday 26 January 2003 09:13, you wrote:
Hello while doing a scan for format strings vulns on util-linux package it
came back with the following results.
[...]
There is also a few other on other programs but i thought these 2 would be
most important since passwd is suid and login could be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At Sonntag, 26. Januar 2003 16:47 Blue Boar wrote:
But my point is that for it to be cyber-terrorism, the worm author had to
intend to change people's behavior through fear.
Not neccessarily. Just leading the actual technical, social,
If the ms-sql bug had never been disclosed, and was slipped quietly to
Microsoft, this never would have happened, and the same responsible
administrators would have upgraded their software.
*cough* bulls$#t *cough*...
even if this bug was not disclosed to the public there is the same
-BEGIN PGP SIGNED MESSAGE-
Further claifications, agreements, and disagreements in line.
I think it's an important stat because *if* XSS becomes widely
exploited, then it could pose a significant threat.
My last email explains why I don't think this will happen.
And of course you have
Pardon my delurk, but this is very strange worm behavior. We are seeing
100 SQL Worms per second from a single IP address on Telstra. This is
about 10k times the level of activity we are seeing from any other
address.
Anyone here either know anyone at Telstra who can shut this off, or
perhaps
Pardon my delurk, but this is very strange worm behavior. We are seeing
100 SQL Worms per second from a single IP address on Telstra. This is
about 10k times the level of activity we are seeing from any other
address.
That is certainly odd.
Anyone here either know anyone at Telstra who
Hogwash.
When your box gets destroyed mysteriously and you call your vendor to ask
why, you're going to be happy with the answer you don't need to know, and
we're not going to tell you because it's a secret ??
Ridiculous drivel. But thanks for sharing.
-Original Message-
From: [EMAIL
Hi,
[...]
The ms-sql vulnerability has been known to the public for six months.
[...]
If the ms-sql bug had never been disclosed, and was slipped quietly to
Microsoft, this never would have happened, and the same responsible
administrators would have upgraded their software.
No comment.
Wait, it just occurred to me that you're missing a critical technical point
in your knowledge of this debate. It's worth a couple paragraphs to help you
understand.
When a vendor releases compiled code (or source code, and which one is
easier to analyze is at times debatable) everyone has a
I hear alot of arguments put out by the naive in favor of fulldisclosure
of vulnerability information. But the fact is, fulldisclosure policies hurt
everyone, and this time, they have wreaked havoc across the entire internet.
The ms-sql vulnerability has been known to the public for six months.
On Sat, 25 Jan 2003, Schmehl, Paul L wrote:
Cyberterrorism Getting a bit hyped up, aren't we? It's just
another stupid worm.
And blaming admins for not patching there boxes is bull. You ever been
to a university? I defy you to even know where all the vulnerable boxes
are, much less
There is also a few other on other programs but i thought these 2 would
be most important since passwd is suid and login could be exploited
remotly. I am not very experianced in format strings any help/commets
would be great. Would these be able to get exploited?
i'm not sure what utility you
On Sun, Jan 26, 2003 at 04:48:30PM -0500, Mike Tancsa wrote:
At 01:50 PM 26/01/2003 -0500, Karl A. Krueger wrote:
Pardon my delurk, but this is very strange worm behavior. We are seeing
100 SQL Worms per second from a single IP address on Telstra. This is
Perhaps a series of servers behind
On Sun, 26 Jan 2003 13:50:40 -0500, Karl A. Krueger wrote:
Pardon my delurk, but this is very strange worm behavior. We are seeing
100 SQL Worms per second from a single IP address on Telstra. This is
about 10k times the level of activity we are seeing from any other
address.
Anyone here
An interesting note by Blaze appeared in RISKS today. He talks about the
reaction of locksmiths to the NY Times story and the publication of his
research.
http://catless.ncl.ac.uk/Risks/22.51.html%3E#subj1
Excerpt:
The existence of this method, and the reaction of the locksmithing
profession
On Sun, 26 Jan 2003, Schmehl, Paul L wrote:
This simply shows your ignorance of the issues, Ron. Port 1434 was not
a normal port for SQL server *until* MSDE came out. We obviously
blocked 1433 long ago, as did almost every edu in the universe. But
1434 was a recent innovation to make SQL
-Original Message-
From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 26, 2003 11:01 PM
To: Schmehl, Paul L
Cc: Full-Disclosure; [EMAIL PROTECTED]; Matt Smith; Richard M. Smith;
[EMAIL PROTECTED]; Jay D. Dyson; Bugtraq
Subject: RE: [Full-Disclosure] RE: MS SQL WORM IS
24 matches
Mail list logo
