99.9 percent of all issues that are being blamed on the ZA software and
it
seems as if people are just unwilling to even believe for a second that
maybe, just maybe it is their own ineptitude that has caused the
problem. I
have used ZA since the very beginning, and I have yet to have one of
these
Martin Peikert wrote:
for anyone who hasn't read that already: oisafety (members: @stake,
Oh shit, seems like I made myself a fool due to the delay of the mail
delivered to me. Craig Ozancin already announced that, already
commented... Sorry for the noise.
GTi
_
Have to agree , I personally use checkpoint
small Office, but for a windows software solution I have to say Sygate
is the best,
Good and clear rules and logs, and blocking
also never seen it lag any programs, plus more control over what comes
in and out.
Last question: Hardware and software fir
Now that we've all opened our mouths, lets get back up with the real 0day
tech. Were 2 / 3 on real tech for today
:P Lets battle on who post the hottest , mind blowing industry ripping 0sec
Full Disclosure is known for. Now that
the eyes of the world are on the core of real security lets be produc
In short the draft is shit.
Especially 2.3 - Timeline.
The IETF did not approve a previous version of this shit - my previous rants on
it are available at http://www.guninski.com/rfcsec.html
In a real world scenario, if ones suffers from fucked up beer, one sues the beer
maker and goes to the new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>is
>the result of a lengthy collaboration between leading security
>researchers and software vendors. We have worked hard to develop
Ah yes, yet another feeble attempt to generate income in a dwindling
internet economy. Boy, what a rag tag team o
Fuck Off FAG!!Chris Garrett <[EMAIL PROTECTED]> wrote:
I've had enough, and sending a single message to the offenders via personale-mail is far from sufficient, at this point. On various ocassions I have sentpersonal emails to those who are pushing off-topic discussions, amongst severalother somewh
i concur with the boo fucking hoo ;-) keep up the good work morningwoodw g <[EMAIL PROTECTED]> wrote:
boo fucking hoo.Earl Keyser <[EMAIL PROTECTED]> wrote:
Reply to: Wood - language6/5/03I, for one, am sick and tired of Wood's snotty attitude and foul mouth.Wood, if you want to be accepted and l
http://slackerbitch.free.fr/waste/ exelent
technical reference LINK here I suggest going http://exploitlabs.com
morewood
Guys,
if you´re in need of a real good professional firewall for Windows systems,
you should take a good look at Sygate Personal Fw Pro 5
http://smb.sygate.com/products/pspf/whatsnew_pspf.htm
Forget silly stuff like ZoneAlarm or BlackICE...
Best
+frank
Lars Duesing wrote on Donnerstag, 5. Juni
Hi JT,
> Does anyone have any experience using the Linksys WITH Zone Alarm,
> does it provide any features
> that either product on their own do not? Thanks for any info.
First of all, I don't own any linksys firewall, but others (ranging from
a Debian system up to GeNUA appliances...)
ZoneAla
Le jeu 05/06/2003 à 11:09, Lars Duesing a écrit :
> ZoneAlarm has in my eyes a very interesting feature. As it runs on the
> clients' system it can distinguish which (local) application is allowed
> to send data to the net. In days of gator et al a very nice feature.
This is to me the interest of
And while we're at it, let's all chip in and get you a life.
|-+-->
| | Doug Stewart |
| | <[EMAIL PROTECTED]|
| | m> |
| | Sent by:
Hello,
for anyone who hasn't read that already: oisafety (members: @stake,
BindView, Caldera International (The SCO Group), Foundstone, Guardent,
ISS, Microsoft, NAI, Oracle, SGI, and *Symantec*) wants to establish a
process of reporting vulnerabilities - see
http://www.oisafety.org/process.ht
Title: RE: [Full-Disclosure] Zone Alarm
What's worse is not only did I forget to switch to plain text - but out stupid mail server sticks some marketing junk on the end as well
Like anyone on this list would go to MIP anyway :-)
-Original Message-
From: Schmehl, Paul L [mailto:[
-[[Morning Wood Style "0-day/0-sec" extravaganza!!]]-
- shouts to wood for re-defining the term
"0day" who needs solar designer!
[[[Table of Contents]]] -
(1)Computercops Security Pro Toolkit - VULN
Computercops.biz
(2)Cyberarmy Surf Safe Env Checker -VULN
(3)Clo
I've had enough, and sending a single message to the offenders via personal
e-mail is far from sufficient, at this point. On various ocassions I have sent
personal emails to those who are pushing off-topic discussions, amongst several
other somewhat once-tolerable things, and I've only received arg
-
Red Hat Security Advisory
Synopsis: Updated KDE packages fix security issue
Advisory ID: RHSA-2003:192-01
Issue date:2003-06-05
Updated on:2003-06-05
Product: Red Hat L
"saving Full Disclosure'a ass from boredom"
What would do that for me is to cut out the endless egomaniacal
pissing matches and get back to infosec.
m5x
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.htm
> Which is not properly constructed and slightly inaccurate. Lets fill it in.
>
> 'A HW firewall can only block at the protocol level for an entire
> machine but can not reliably deny access for one program and allow
> access for another program when they are using like protocols from the
> sa
In some mail from =?iso-8859-1?Q?Mads_Tans=F8?=, sie said:
>
> Concerning point 1;
> It is not usual for irc servers to store clear passwords in the
> IRCD.config files. Hybrid uses hashed password made with mkpasswd,
> genesis uses rijndael, nnircd for a sample uses some kinda of hash
> (based on
In some mail from Michael Osten, sie said:
>
> > The reason why IRC servers "IRCD.config" files don't use encryption (see
> > file attachment for example) is because 49 times out of 50 they do not
> come
> > with a GUI program. Administrators main method of changing the
> > configuration is to ma
In some mail from [EMAIL PROTECTED], sie said:
>
>
> Unless i am missing something, the addition of a "hard-key" would not
> be any better than a stored password.
>
> If you authorize the machine, or a piece of hardware plugged into the
> machine does not make a difference.
>
> What keeps anoth
> I'd rather have an inexperienced user behind a PFW any day than expect
> them to understand and *properly* implement NAT *and* a firewall. I'd
> rather have them introduced to the concept of security in a way that
> they understand than to shove it down their throats with technology they
> don't
I don't quite understand here. A user generally has WAY more options/ways to
make a mistake interacting with Zone Alarm vs say, a Linksys firewall. Yes,
the user will not know how to flash it, and will not stay up to date with
any updates, but that's our job anyways. IMHO any auto update feature is
Inline.
Michael Osten wrote:
On Wed, 2003-06-04 at 21:15, Jason wrote:
Are you implying that
1) You know of a hardware only solution that can do per application
network blocking when dealing with like protocols.
No idea, but that is not what he said. I quote
"There is one big benefit, which
If you understand security, using Outlook/Exchange is not dangerous. If
it makes you feel better, I can respond from my RedHat box or my OpenBSD
box or my FreeBSD box. Frankly, I don't really give a rats a$$. I use
what's handy at the time. They're just tools, and I'm not religious
about them.
On Wed, 2003-06-04 at 21:15, Jason wrote:
> Are you implying that
>
> 1) You know of a hardware only solution that can do per application
> network blocking when dealing with like protocols.
No idea, but that is not what he said. I quote
"There is one big benefit, which no hardware router can
- Original Message -
From: "Jason" <[EMAIL PROTECTED]>
To: "Michael Osten" <[EMAIL PROTECTED]>
Cc: "Full-Disclosure" <[EMAIL PROTECTED]>
Sent: Wednesday, June 04, 2003 7:15 PM
Subject: Re: AW: [Full-Disclosure] Zone Alarm
>
> 1) You know of a hardware only solution that can do per appl
I always thought it was illogical to let packets reach the machine I'm
trying to protect. I'd rather pass through a dedicated machine. Are there
any advantages TO using a production machine as a firewall??
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Are you implying that
1) You know of a hardware only solution that can do per application
network blocking when dealing with like protocols.
2) The statement is incorrect.
3) The conversation should be turned into yet another worthless personal
attack thread that serves no meaningful purpose.
Unless i am missing something, the addition of a "hard-key" would not
be any better than a stored password.
If you authorize the machine, or a piece of hardware plugged into the
machine does not make a difference.
What keeps another process/user/root/admin from requesting the
password/authorizat
>-Original Message-
>From: Robert J. Liebsch [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, June 04, 2003 6:45 PM
>To: Michael Reilly; Schmehl, Paul L; Kurt Seifried
>Cc: Ben Tyson-Norrman; [EMAIL PROTECTED]
>Subject: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm
>
>
>I have on asbestos underwe
Atguard must have been bought by Norton, because McAfee bought Conseal's
Signal 9 firewall. (I bought it long before McAfee ate them up and
dropped it shortly after the merger.)
Signal 9 never was for the faint of heart or light on TCP/IP knowledge
though.
Paul Schmehl ([EMAIL PROTECTED])
Adjunc
SAN JOSE, California (AP) -- TiVo, the leading maker of digital television
recorders, is offering advertisers and broadcasters information on the
commercials and shows its users are watching.
TiVo executives said this week they will gather viewing information only
in aggregate, such as by ZIP code
On Wed, 2003-06-04 at 15:37, Michael Linke wrote:
> There is one big benefit, which no hardware router can bring you. Zone alarm
> and other Windows based Software Firewalls can block network access for
> programs. A HW firewall can only block a whole machine but can't denied
> access for one softw
Synopsis:
Solaris syslogd is vulnerable to a remote buffer overflow.
Versions:
Solaris 2.6 SPARC: Not vulnerable
Solaris 2.7 SPARC/x86: Untested
Solaris 8 SPARC: Vulnerable
Solaris 8 x86: Vulnerable
Solaris 9 SPARC: Not
got waste if ya want it? get yer ya's out.. kick out the jams motherf*ckers
are you... experienced?
wood
- Original Message -
From: "Gary E. Miller" <[EMAIL PROTECTED]>
To: "Scott M. Algatt" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, June 04, 2003 2:36 PM
Subject: Re: [F
real condensed version of my ideas...
Most real vulnerabilities and their discoveries occur the wild... obviously
some on machines not belonging to the creditor / discoverer. Often you
say... what do I do with this info? If I report it i may be arrested? If I
dont someone with evil intentions ma
Increased complexity is not a good thing. Think about it folks:
Solution A) PC with zonealarm, relatively easy to configure (it's what I
reccomend to most users).
Solution B) Hardware firewall with potential security flaws such as web
interface, firmware flaws, etc. Difficult for user to update,
> From: Sven Hoexter <[EMAIL PROTECTED]>
>
> On Wed, Jun 04, 2003 at 10:20:07AM -0700, morning_wood wrote:
> > Zone Alarmbuy a $40 hardware router. Software firewalls are not a
> > security solution IMHO.
>
> Well I would say it's very questionable if so called "hardware routers"
> running with so
>why would you make this information available at all?
Why not? I know "why make it available at all?" is the proper question
from a security standpoint. I'm just wondering what it opens you up to.
Suppose a vendor has a bug in their software that creates a read-only
community string with no a
Yo All!
On Wed, 4 Jun 2003, Scott M. Algatt wrote:
> Gripping read
>
> http://www.nullsoft.com/free/waste/download.html
Then read this for some more background:
http://www.siliconvalley.com/mld/siliconvalley/business/columnists/gmsv/6012114.htm
Scroll down to "Nullsoft founder tires of biting
Yep, and I can assure you that when the firmware update fails (and it
will) they will not have a clue what to do next. I've had this happen
to me, so I know that it occurs, and restoring the router to
functionality was not a task for the neophyte.
There *are* cases where "not so great" security i
you can configure BSD to default to deny in the kernel.
IPFILTER_DEFAULT_BLOCK #block all packets
I have had my software firewall up since 1998, with no probelms.
On Wed, 4 Jun 2003, Joe Hummel wrote:
> I would agree with morning_wood - hardware routers are a much better way to
> go - when t
Title: RE: [Full-Disclosure] Zone Alarm
So, Once you PAY for ZoneAlarm, you don't have to worry about CPU and MEM hogs...
but my solution:
ZoneAlarm on the PC you are using. Get smart, you dont go to a port city have unprotected sex,
so when you jack in you should have something coverin
Le mer 04/06/2003 à 19:20, morning_wood a écrit :
> buy a $40 hardware router. Software firewalls are not a security
> solution IMHO.
They're part of whole security process. One have to be aware of such
tools limits and ways to circomvent them.
Btw, hardware router runs software... Do you mean de
Sorry, but it sucks.
They forgot to add:
Section 10.1
If the finder doesn't follow this, he will be
prosecuted and nobody in the security community will
like him.
Anyone with me?
Cesar.
--- Craig Ozancin <[EMAIL PROTECTED]> wrote:
> The Organization for Internet Safety is pleased to
> announc
There is one big benefit, which no hardware router can bring you. Zone alarm
and other Windows based Software Firewalls can block network access for
programs. A HW firewall can only block a whole machine but can't denied
access for one software and allow access for another software on the same
mach
I agree. Use a router or a Unix/Linux box as a firewall if possible.
If you want/need to run firewall SW on your PC then I'd put zone alarm about 3rd or
4th on the list of good ones to use. It has a number of problems with various
applications, causing those applications to mis-behave (sometim
I agree but with the proviso that its hard enough to tell
when one is being an idiot oneself, how is one to determine,
accurately, when someone else is being an idiot?
I recall a Dilbert cartoon where Catbert has a 'human stupidity
detector' "All I have to do is point it, like *this*"
(It doesn't
On Wed, Jun 04, 2003 at 10:20:07AM -0700, morning_wood wrote:
> Zone Alarmbuy a $40 hardware router. Software firewalls are not a security solution
> IMHO.
Well I would say it's very questionable if so called "hardware routers"
running with software aswell are much better. They probably have bugs
[EMAIL PROTECTED] said:
> Say I configure a router with a read-only SNMP community of "public" and
> make it Internet accessible. What vulnerabilities or information
> disclosure does that open up that would be better left closed? A switch?
>
> Thanks,
> Lee
>
Well, they'd probably get the fi
On Wed, 4 Jun 2003, Ben Tyson-Norrman wrote:
> I'm not sure I can ask this question without derision, but here goes...
>
> Zone Alarm, is it really as crap as everyone makes out or is the usual
> posturing by ill-informed...?
>
>From all the times i worked with it, it was generally crap.
I
On Wed, Jun 04, 2003 at 09:23:00PM +0200, Sven Hoexter said:
>
> As always a "firewall" is the whole construct with portfilters and
> users who know on wich "Install this cool Dialer button" they should
> klick and on which not. Ah and a system wich receives regular vendor
> patches is a part of t
Anything in the mib tree. It depends entirely on what information the
company provides in thier mibs. Standard host information can be found
in the mib-2 tree while vendor specific data which could be almost
anything will be in the private->enterprises->company tree.
Your best bet is to use a mib
Unfortunately the $40 'hardware' devices are not either.
Please reference the excellent work by Core
http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10
and the _much_ more expensive 'hardware' devices are just as prone
http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml
Gripping read
http://www.nullsoft.com/free/waste/download.html
Regards,
Scott M. Algatt
Behold the turtle. He makes progress only when he sticks his neck out.
On Wed, 4 Jun 2003, Jeffrey H. Johnson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Port 1337 is also the default por
you could get the product type, version information etc from certain
mibs. you could tell how busy the site is, and from that infer how big
a pipe you've got.
There's a lot more. I would snmp-walk the device and find out what it
tells you.
but I've got to ask, why would you make this informatio
The connect method can be used to turn a web server into an open proxy.
open proxies are the new open relays. If the connect method had
succeeded, I can guarantee that your web server would be getting used to
spam right now.
-Peter
On Wed, 2003-06-04 at 09:31, Mark wrote:
> The exert from my lo
I will take Muhammad's idea of a CGI scanning fingerprint.. it seems most
logical.
wood
- Original Message -
From: "Mark" <[EMAIL PROTECTED]>
To: "Lan Guy" <[EMAIL PROTECTED]>
Cc: "Scott M. Algatt" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, June 04, 2003 9:31 AM
Subject: R
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED] [mailto:full-disclosure-
> [EMAIL PROTECTED] Im Auftrag von Mark
> Gesendet: Mittwoch, 4. Juni 2003 18:31
> An: Lan Guy
> Cc: Scott M. Algatt; [EMAIL PROTECTED]
>
>
>
> The exert from my log files which had the same (but cant say it
Microsoft Internet Explorer FTP Classic View Cross-Domain Scripting
I. Synopsis
Affected Software:
* Microsoft Internet Explorer 5.01
* Microsoft Internet Explorer 5.5
* Microsoft Internet Explorer 6.0
* Prior versions may be vulnerable; they are un-supported and were not
tested.
Risk: Moder
Say I configure a router with a read-only SNMP community of "public" and
make it Internet accessible. What vulnerabilities or information
disclosure does that open up that would be better left closed? A switch?
Thanks,
Lee
___
Full-Disclosure - We
I would agree with morning_wood - hardware routers are a much better way to
go - when the device fails, you fail closed, as opposed to a software
solution, where if it fails, you fail open (read - open=vulnerable). In
addition, I've found that even the technically savvy get perplexed by some
of th
Title: Zone Alarm
buy a $40 hardware router. Software firewalls are
not a security solution IMHO.
morning_wood
- Original Message -
From:
Ben
Tyson-Norrman
To: [EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 8:53
AM
Subject: [Full-Disclosure] Zone
Alarm
> Many programs need a private key for encryption. Possession of this key is usually
> part if not all of the decision for authentication.
>
> The only relatively safe way of maintaining this key on disk is to encrypt it and
> require a decryption password from the user when starting the proc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Port 1337 is also the default port of the new P2P file
sharing system, WASTE, which was released by Nullsoft.
Expect to be seeing a lot of future activity on
this port.
- --
Jeffrey H. Johnson
[EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Vers
> Of course, none of this applies to IRCX. I just wanted to point out the
situation I have seen where theory and practice don't always agree.
> --
> David
Exactly ( need to watch my literal expression )
___
Full-Disclosure - We believe in it.
Charter: h
I'm not sure why you'd expect derision for that question. I'd be more
likely to give it to you for using HTML email. :-)
Zone Alarm is fine for a home user on the Internet. It's certainly
better than putting an unprotected Windows box out there. I'd
personally prefer a DSL router or a *nix box
On Tue, Jun 03, 2003 at 09:35:28PM +0300, ? ? said:
>
> There are a lot of reasons to store the passwords encrypted... And not
> that much reasons to store them unencrypted - in fact, there is only one
> good reason that i can think of, and it's the need to retrieve lost
> passwords, but t
AdSubtract Proxy ACL Bypass Vulnerability
URL
http://www.lurhq.com/advisory20030604.html
Release Date
June 4, 2003
Author
Joe Stewart
About AdSubtract
AdSubtract is one of the leading products in the banner-ad blocking
software market. It is frequently bundled with modems from several
leading
> there is no excuse for a plaintext passsword in an .ini
> file period
There is one instance where this becomes questionable, and that it during automatic
bootstrapping of daemons/services. I did not say desirable, just questionable ;)
Many programs need a private key for encryption. Posses
- Original Message -
From: "Muhammad Faisal Rauf Danka" <[EMAIL PROTECTED]>
To: "Scott M. Algatt" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, June 04, 2003 8:28 AM
Subject: Re: [Full-Disclosure] Odd logs
> Quick search reveals that it has been found on various web statistic
Title: Zone Alarm
I'm not sure I can ask this question without derision, but here goes...
Zone Alarm, is it really as crap as everyone makes out or is the usual posturing by ill-informed...?
Many thanks all
Visit our web site @ www.twowaytv.com
This e-mail and its attachments are in
The Organization for Internet Safety is pleased to announce the
beginning of the public comment period for the Draft Security
Vulnerability Reporting and Responding Process. This draft process is
the result of a lengthy collaboration between leading security
researchers and software vendors. We
The exert from my log files which had the same (but cant say it caused me
any concern)
dhpp.csudh.edu - - [01/Jun/2003:21:27:08 +0100] "CONNECT 1.3.3.7:1337 HTTP/1.0" 405
303 "-" "-"
Mark
www.vulndev.org/~mark/
If you know yourself, knowing the enem
On Mon, Jun 02, 2003 at 03:36:52PM -0500, Brent J. Nordquist said:
>
> LOL, oops. Someone pointed out to me a while back that RFC 2606 reserves
> "example.com" "example.org" and "example.net" for this kind of purpose.
Even barring such considerations as DNS poisoning, wags at ICANN setting
up S
On Sun, Jun 01, 2003 at 09:05:38PM -0500, Michael Osten said:
>
> you think are crap? Yes, the question was rhetorical. You have two
> options, stop whining, or unsubscribe.
Nonsense. Trying to convince people not to act like idiots is a valid
option. Perhaps futile, but valid.
--
Shawn M
Just an observation, but 1337 is script-kiddie for "leet" = elite. I
suspect someone's yanking your chain.
I hope this information is helpful,
Dave Killion
Senior Security Engineer
NetScreen Security Group, NetScreen Technologies, Inc.
-Original Message-
From: Scott M. Algatt [mailto:
In Scott's defense, I don't think that a special someone is pulling his
chain, 'cause I'm also seeing quite a lot of HTTP CONNECT's to that same
address and port from all over the world.
So (although I know that it's 'leet') ... I am also curious about what they
are trying to achieve with this req
Was this a server exposed to the internet?
Was that all that it had in the log? it usually records a response code like
200, 302, 404 or 500
DR
- Original Message -
From: "Scott M. Algatt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 04, 2003 4:56 PM
Subject: [Full-Dis
OMFG r u completely naive??? Obviously the guy that made the request is
LEET (ie. 1337 = elite). lol...
Kris Hermansen
- Original Message -
From: "Scott M. Algatt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 04, 2003 9:56 AM
Subject: [Full-Disclosure] Odd logs
>
yeah sorry it was a 404 so no harm done. Actually running URL-Scan on the
machine so that didn't let it near anything. I was just curious if this
was something of importance
Regards,
Scott M. Algatt
Behold the turtle. He makes progress only when he sticks his neck out.
On Wed, 4 Jun 2003, La
On Wed, 2003-06-04 at 15:56, Scott M. Algatt wrote:
> I wasn't sure if I could get any help on this one. I saw an odd entry in
> one of my web server log files:
>
> GET ~1.3.3.7:1337
>
> The server is an IIS 5.0 server. The only thing that I locate concerning
> that port is that it was for Dire
Good deal. I figured it was something stupid. Forgot about the
"haxorian" lingo of "leet". Thanks for the responses!
Regards,
Scott M. Algatt
Behold the turtle. He makes progress only when he sticks his neck out.
On Wed, 4 Jun 2003, Dave Killion wrote:
> Just an observation, but 1337 is sc
Quick search reveals that it has been found on various web statistics as well. That
concludes to the probability that it is a signature of some web/cgi scanning utility.
Backdoor.OptixPro.11.b Trojan also by default uses the same port.
Regards
Muhammad Faisal Rauf Danka
--- "Scott M.
I wasn't sure if I could get any help on this one. I saw an odd entry in
one of my web server log files:
GET ~1.3.3.7:1337
The server is an IIS 5.0 server. The only thing that I locate concerning
that port is that it was for DirectTV Catalog?
Any help would be appreciated.
Regards,
Scott M.
88 matches
Mail list logo
