-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: Sendmail DNS Map Vulnerability
Number : 20030803-01-P
Date : August 25, 2003
Reference: CVE CAN-2003-0688
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Goncalo Costa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 10:17 AM
To: Drew Copley
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] JAP back doored
On Mon, 25 Aug 2003 10:25:51
As for the US government, this is utterly unimportant. I was playing
around even to begin to mess with that. Yes, I am unaware of the US
actively trojanizing applications by forcing the developers to do this. So
are you. This is illegal.
Legality has /never/ stopped th U.S. or any other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Jeremiah Cornelius [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 4:52 PM
To: Drew Copley; 'Goncalo Costa'
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] JAP back doored
As for the US
On Wed, 27 Aug 2003 19:19:05 -0300, Fabio Gomes de Souza [EMAIL PROTECTED] said:
This is an entire crap. Everyone knows that a contract cannot override
the law. If the law tells that the manufacturer of a product should be
liable for its product's failures, then the manufacturer will be,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Updated Sendmail packages fix vulnerability.
Advisory ID: RHSA-2003:265-01
Issue date:2003-08-28
Don't be a smart ass.
Well, good morning to you too !
Your arguments have nothing to do with the argument at hand which is quite
simple: Governments should have no right to force developers to trojanize
their applications and keep silent about it.
Governments have a lot of powers they
Hi all.
[EMAIL PROTECTED] wrote:
Recently I received some mails in english language. The writer (who
pretends being [EMAIL PROTECTED], but the header says Sender:
[EMAIL PROTECTED]) generously sends a patch along with his mail which
should be applied in order to fix a security bug... ha ha.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Hi all
Kaspersky also recognized the binary as I.-Worm.Dumaru.a
Michael Renzmann wrote:
Hi all.
[EMAIL PROTECTED] wrote:
Recently I received some mails in english language. The writer (who
pretends being [EMAIL PROTECTED], but the header says Sender:
[EMAIL PROTECTED]) generously sends a
When I get one of these false alarm messages about Sobig, I am complaing
to both the company who sent the message and the vendor who supplies the
buggy software. If an anti-virus software package knows that a
particular email virus uses forged return addresses, it shouldn't ever
send out a
At 10:05 AM 8/28/03 -0300, Fabio Gomes de Souza wrote:
Anti-virus products are causing more harm than the Sobig Worm.
The problem is that many e-mail virus scanners send a You are infected
reply to the address contained in the From header. Since the messages
are spoofed, the inoccent,
Any sort of automated response based on perceived
sender IP address is not only brain-dead, but irresponsible.
In the case of Sobig, it's the return email address which is false. The
bogus warning messages are being sent to these forged email addresses.
The originating IP address in
Hello,
Does anyone have an email address for a live human being who works in
the BTOPENWORLD.COM security department? I've been trying for days now
to get the company to disconnect a customer from the Internet who is
infected with Sobig.F. In the last 12 hours the situation has gotten
out of
Quoting William Warren ([EMAIL PROTECTED]):
this is the very reason i block all executables at my firewall...plus it
reduces the load on my workstations from having to scan all that
garbage..G
firewall? the best place to block IMHO will be on mail gateways
( you can bounce it with a nice
Title: RE: [Full-Disclosure] AV feature does more DDoS than Sobig
If you don't like the feature, turn it off. That is why we have the options tab. Obviously we can not control what others do with the AV but you could minimize what extra traffic you may be creating with these messages. I
* Richard M. Smith [EMAIL PROTECTED] [03-08-28 17:17]:
Does anyone have an email address for a live human being who works in
the BTOPENWORLD.COM security department?
Why not simply call them? +44 1223 840711
regards, ak
pgp0.pgp
Description: PGP signature
Anti-virus companies seem to spend more money on marketing/visibility
than on actually protecting their customers. This marketing stupidity is
done by adding USELESS features, which spreads false information and
delivers false sense of security:
- You're infected reply (false positive)
-
At 06:02 PM 8/28/2003 +0200, Andreas Krennmair wrote:
Why not simply call them? +44 1223 840711
Actually, their tech number might be better: +44 845 600 7020
--
B.K. DeLong
[EMAIL PROTECTED]
+1.617.797.2472
http://ocw.mit.edu Work.
http://www.brain-stream.com
Hi all.
Michael Renzmann wrote:
As there were many people asking me to send them the binary, I decided
to put the file and a copy of the mail on my webserver. To be found at
http://www.otaku42.de/download/dumaru/index.html
Due to a server crash the files were not available for some hours. The
On Thu, Aug 28, 2003 at 10:05:20AM -0300, Fabio Gomes de Souza [EMAIL PROTECTED]
wrote:
The problem is that many e-mail virus scanners send a You are infected
reply to the address contained in the From header. Since the messages
are spoofed, the inoccent, uninfected user A is flooded by
Yes, Richard... Default ON is a marketing oriented decision.
I use the Amavisd on my mail gateway and it has this option:
#
# Section IV - Notifications, quarantine
#
# Treat envelope sender address as unreliable
# and don't send sender notification if name(s)
# of detected virus(es) match the
Does anyone have an email address for a live human being who works in
the BTOPENWORLD.COM security department?
--
If BT is compliant with RFC2142, the following addresses should be active:
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
The RIPE lookup on that IP reflects the
[SNIP]
Of course, these warning messages are also a form of spam since many of
them contain ads for the anti-virus software package that finds the
infected message.
form of SPAM perhaps, another viri form perhaps also, at least a by
product of the original virus/trojan. Perhaps
Let's face it with this whole argument. The laws could be written to
protect mom pop's, or limit liability there to SW cost, exepmt GPL'ed SW,
and only target for real bucks the big vendors. But,, as has been seen,
M$ alone can stand up to and get through the courts pretty much unscathed,
even
Hi Richard,
This brings to light an issue I have been wondering
about for a while. I have no specific insight into
this, however, I feel that perhaps this may be an
interesting topic to some.
If my machine gets comprimised because I fail to
properly patch it, and then it becomes infected and
At the time of writing Sophos has received just one report of
this worm from the wild.
More information about W32/Blaster-E can be found at
http://www.sophos.com/virusinfo/analyses/w32blastere.html
___
Full-Disclosure - We believe in it.
Charter:
Many users on corporate networks cannot choose the setting of the AV
installed. Which would be a good thing - not turning it off that is, but for
the crappy ads. Most admins doing remote update and install don't care
enough, and people get used to it. So this problem is probably here to stay,
till
Ron,
else, you become part of the perpetual
'SPAM/viri-by-product problem, wasting
and consuming bandwidth
Actually, it's important to get these false AV warning messages shut
off. One company that I contacted told me that they have already sent
out hundreds of thousands of false
Richard is having the same problem I am having with Comcast I have sent
numerous emails to [EMAIL PROTECTED] and even spoken to Security at
Comcast on phone to remove a client on there network for over a week and
they still have not done so.
What would there liability be for not responding to the
On Thu, 28 Aug 2003, Richard M. Smith wrote:
Ron,
else, you become part of the perpetual
'SPAM/viri-by-product problem, wasting
and consuming bandwidth
Actually, it's important to get these false AV warning messages shut
off. One company that I contacted told me that they
After I posted my original email message, I found this How to complain
to BT Web page with all sorts of useful email addresses:
http://www.consumerdeals.co.uk/btocomplain.html
Richard
-Original Message-
From: security curmudgeon [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003
As it was written on Aug 28, thus LaRose, Dallas spake unto 'Richard M:
Dallas: Date: Thu, 28 Aug 2003 12:19:36 -0500
Dallas: From: LaRose, Dallas [EMAIL PROTECTED]
Dallas: To: 'Richard M. Smith' [EMAIL PROTECTED]
Dallas: Cc: [EMAIL PROTECTED]
Dallas: Subject: RE: [Full-Disclosure] Need
clip sophos alert
The target for the Distributed Denial-of-Service attack has been changed to
kimble.org
/clip
Does anyone have the original IP of kimble.org? It's been changed in DNS to
localhost.
I'm seeing a DDOS attack with dest 63.208.192.192 tcp/80
-Original Message-
From: B$H
I'm just going to snip out all the previous stuff
because really this isn't strictly following on
from it, but is related.
*If* you are going to implement an AV system
on your servers to filter incoming mail for
viruses then you need to make sure that its
properly configured. Obviously.
And
From: Birl [EMAIL PROTECTED]
As compliant as they can be with the RFC, numerous emails Ive sent to
both [EMAIL PROTECTED] and [EMAIL PROTECTED] have gone
unanswered.
And considering that they are outside of the US, I dont bother pursuing it
since our government cant do much about it.
Out
- Original Message -
From: LaRose, Dallas [EMAIL PROTECTED]
Does anyone have the original IP of kimble.org? It's been changed in DNS
to
localhost.
I'm seeing a DDOS attack with dest 63.208.192.192 tcp/80
kimble.org: 127.0.0.1
www.kimble.org: 69.57.154.2
Mike
Hello,
Anti-virus products are causing more harm than the Sobig Worm.
Some of my customers are having the following problem:
B = Customer of my customer (infected)
C,D,E = Some random company (victims of Sobig)
A = My customer (victim of AV marketing)
The Sobig worm infected B.
In its
I apologize for the html post..
Fabio Gomes de Souza wrote:
Hello,
Anti-virus products are causing more harm than the Sobig Worm.
Some of my customers are having the following problem:
B = Customer of my customer (infected)
C,D,E = Some random company (victims of Sobig)
A = My customer
I agree that there is a problem with these replies nowadays, but I do not see the
loop? How does A restart the cycle? All I see is that A potentially receives massive
amounts of these virus messages (which of course can be a problem). Am I missing
something?
Rainer
-Original Message-
this is the very reason i block all executables at my firewall...plus it
reduces the load on my workstations from having to scan all that
garbage..G
Fabio Gomes de Souza wrote:
Hello,
Anti-virus products are causing more harm than the Sobig Worm.
Some of my customers are having the following
http://theregister.co.uk/content/6/32533.html
Net anonymity service un-backdoored
Higher court hits pause button
The Java Anonymous Proxy (JAP) service, a collaborative effort of Dresden
University of Technology, Free University Berlin and the Independent Centre
for Privacy Protection
Well best... but not impossible to do it at the
firewall; you can do string matching in iptables (Linux).
You might need a powerful computer and fast NICs
tho otherwise performance might be a bit bad!
;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
43 matches
Mail list logo