I'd agree but I'd need to add something to that...
Its also the responsibility of
'the person or orginization that connects to a hostile enviroment'
to make some decent effort to reduce the level of hostility
in that environment.
Hostility is neither the enemy of nor an effective counter or
In my opinion, this is just a sad attempt to
deflect responsibility away from Microsoft Corporation. Yeah, the kid is
quite foolish for making himself such an easy scapegoat...but I'm sure the
prosecutors will push for more punishmentthan he deserves since the
ORIGINAL virus writer(s) have
--On Friday, August 29, 2003 3:47 PM -0500 Jerry Heidtke
[EMAIL PROTECTED] wrote:
It looks like it took the FBI 6 days to find what took 10 minutes on
Google. Let's see, executable name is teekids.exe, here's a
script-kiddie that goes by teekid, he's got a web site called
t33kid.com, the whois
--On Friday, August 29, 2003 3:43 PM -0700 Anthony Saffer
[EMAIL PROTECTED] wrote:
Sorry for just jumping in here but I couldn't resist. Certainly, you have
to admit that there is a such thing as shared responsibility and
contributory negligence. Even the law recognizes these things. Sure, it's
Hi Gentlemen,
Following the article http://www.securityfocus.com/archive/119/333927, I
applied this principle on our IntraNet.
I used the oc192-dcom proof of concept code from securityfocus too.
I create a ms.bat script placed into the startup group (c:\documents and
setting\all
(notes below...)
- Original Message -
From: Richard M. Smith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; 'Michael Scheidell' [EMAIL PROTECTED]; 'Alan
Kloster' [EMAIL PROTECTED]; 'Geoff Shively' [EMAIL PROTECTED]; 'Drew
Copley' [EMAIL PROTECTED]
Sent: Friday, August 29, 2003 6:35 AM
The FBI followed the same steps that you outlined to locate Jeffrey
Parson according to his indictment papers. The FBI also got an IP
address for Jeffrey which traced back to his house from the hosting
service for t33kid.com.
Moral of the story: If you want to be a successful cybercriminal,
So you would blame ...
Nice set of ethics there.
you believed that admins were
at fault for worm infections.
...it is each admins responsiblity ... not the coder.
a crime victim is affected by the crime ...
Before we can make progress in a discussion of blame we have to get the
analogy
On Fri, 29 Aug 2003 12:22:19 PDT, morning_wood [EMAIL PROTECTED] said:
get educated, take some responsibility for you high paying job,
and quit trying to lay the blame elsewhere.
On Fri, 29 Aug 2003 13:04:19 PDT, morning_wood [EMAIL PROTECTED] said:
i think you mixed the top portion of my
On Friday, August 29, 2003 12:22 PM, morning_wood
[mailto:[EMAIL PROTECTED] wrote:
shouldnt these measures been in place already?
instead of rushing on a per-incident basis, you should be
implimenting these things anyway. IMHO is prudent to expend
some overkill during lockdown and
The problem is that governments and corporations own the media and this
story is not going to be represented in a fair way to John Q. Public. I
feel very sorry for the kid...he's only in high school and now he'll
probably have a criminal record
(federal).
Why feel sorry for him? While it's
That's the source to Nachia/Welchia.
-Original Message-
From: Shanphen Dawa [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2003 5:01 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] MsBlaster Source?
Can anyone, who is obviously better at coding then I, verify the rumours
that
So you would blame ...
Nice set of ethics there.
you believed that admins were
at fault for worm infections.
...it is each admins responsiblity ... not the coder.
a crime victim is affected by the crime ...
Before we can make progress in a discussion of blame we have to get the
analogy
On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said:
And has it occurred to you that *MAYBE* his high paying job would
be more productive if he wasn't spending most of his time having to deal with
people breaking in, either proactively or reactively??
that is his job
You're totally missing
Richard M. Smith [EMAIL PROTECTED] wrote:
As everyone knows, ActiveX controls and the OBJECT tag has been a big
source of security holes in Internet Explorer. ...
And serious exposures in other browsers too.
Remember, the folk writing most of these fancy plug-in doo-dad
thingamies are
So you would blame ...
Nice set of ethics there.
you believed that admins were
at fault for worm infections.
...it is each admins responsiblity ... not the coder.
a crime victim is affected by the crime ...
Before we can make progress in a discussion of blame we have to get the
analogy
I didn't say anything about throwing his ass in jail, did I?. Since
when did getting a warrant = incarceration? The evidence cited would be
enough to at least cause him to be talked to, don't you think, even in
an environment where there was some respect for civil rights and the
presumption of
if ( !MyStartService(szServiceTftpd) ){
does appear so. Seems like there is more code that's not here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jerry Heidtke
Sent: Friday, August 29, 2003 6:59 PM
To: Shanphen Dawa; [EMAIL PROTECTED]
Subject:
He'll more likely go to prison for 10-20.
That's if he's lucky. I'm certain he will be made an example of.
Poor dumb bastard. He wanted attention, now he's got it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard M.
Smith
Sent: Friday, August 29,
--On Friday, August 29, 2003 1:14 PM -1000 Jason Coombs
[EMAIL PROTECTED] wrote:
Before we can make progress in a discussion of blame we have to get the
analogy right.
So, are you responsible for all five copies of this message? :-)
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security
Paul Schmehl [EMAIL PROTECTED] [2003:08:29:17:12:06-0500] scribed:
snip /
Yet, if the worm writer hadn't released the worm, the problem wouldn't even
exist, would it?
And, if guns had not been invented, nobody could be shot to death.
So, what is it that you are trying to say?
Who can put
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Goncalo Costa
Sent: Thursday, August 28, 2003 2:47 AM
To: Drew Copley
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] JAP back doored
snip
--On Friday, August 29, 2003 15:49:43 -0700 Chris DeVoney
[EMAIL PROTECTED] cast his pearls before swine and wrote:
In short, yeah, what you suggest is true but now let's talk about a part
of the real world that is examined infrequently.
Well stated, but an absolute waste of time on this list.
On Fri, 29 Aug 2003 15:47:22 CDT, Jerry Heidtke said:
It looks like it took the FBI 6 days to find what took 10 minutes on
Google. Let's see, executable name is teekids.exe, here's a
No, given that it only hit 7,000 systems, it probably took 5 days before they
got a copy of the binary and
Chris DeVoney [EMAIL PROTECTED] wrote:
On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:
Interesting -- the net cost of the worm is actually a net
$0.00. For every penny that a company chalks up as a cost to
the worm, some other company must be chalking up the cost as
a
--On Friday, August 29, 2003 7:13 PM -0400 [EMAIL PROTECTED] wrote:
You're totally missing the point.
And this surprises you?
If I'm doing security 30 hours a week, that's 30 hours a week I'm not
available for other things.
[skip the long litany of *other* things you could be doing]
In case
more fun:
why didn't you try:
http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E
i think one can pass almost any xss there
(citing
Well, sounds like to me, they have lost focus and are looking for a
quick scape goat to me. Again, probably driven by media pressures and
others to show half-ass results based on half-ass analysis.
-b
On Fri, 2003-08-29 at 17:33, Brent Colflesh wrote:
I'm sure that the FBI would never
more fun:
why didn't you try:
http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756VName=WORM_MSBLAST.%3Cscript%20type='text/javascript'%3Ealert('boo!')%3C/script%3E
i think one can pass almost any xss there
(citing
On Fri, 2003-08-29 at 18:35, Richard M. Smith wrote:
The FBI followed the same steps that you outlined to locate Jeffrey
Parson according to his indictment papers. The FBI also got an IP
address for Jeffrey which traced back to his house from the hosting
service for t33kid.com.
Moral of
http://news.findlaw.com/nytimes/docs/cyberlaw/usparson82803cmp.pdf
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Fri, 2003-08-29 at 19:13, [EMAIL PROTECTED] wrote:
On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said:
And has it occurred to you that *MAYBE* his high paying job would
be more productive if he wasn't spending most of his time having to deal with
people breaking in, either proactively
Home and business firewalls
Question to ponder:
OK, on my home LAN I have set up a windows
NT4.0 SP2 box with IIS and SQL Server 7.0. No hot fixes on the box at all. I
run a NESSUS scan and I get over 500 available exploits for this box.
My outside address is 216.144.100.100 (not
Gregory Steuck wrote:
Jeremiah == Jeremiah Cornelius [EMAIL PROTECTED] writes:
Jeremiah Administration for Windows networks is similar to
Jeremiah maintaining a 12-year old GM Truck. Brand new, W2K+3
Jeremiah already has 190K miles of wear.
Where did you get his gem? It is
Nice try binky.
Content analysis details: (5.60 hits, 5 required)
HOME_EMPLOYMENT(1.6 points) BODY: Information on how to work at
home (2)
HTML_FONT_FACE_ODD (0.1 points) BODY: HTML font face is not a
commonly used face
HTML_60_70 (0.5 points) BODY: Message is 60% to
I must say, you folk are over worked and I think that you harbor a
slight grudge because of it.
In case anybody thinks that XX is somehow bragging, forget it. The
many roles he is expected to fulfill are typical in a university
environment. There *is* no such thing as an intrusion detection
Teekid defacement of MNGFOA (Minnesota Government Finance Officers
Association)
http://www.google.ca/search?q=cache:LxFv6TNMbqIJ:www.mngfoa.org/start_page.
htm
Teekid trying to get some trojan cgi-notify to work ?
http://www.webmasterworld.com/forum10/978.htm
Teekid discussing irc-based trojan
In some mail from [EMAIL PROTECTED], sie said:
[...]
That's 30 hours I'm not spending helping do network performance tuning
[...]
You know, I read through that list and saw numerous things that you
shouldn't have to do, besides clean up from worms and viruses.
If you feel you are so short on
well... lets see, we could make it an untrusted link by
http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=55756;
VName=WORM_MSBLAST.script%20language=JavaScript%20src=http://www.astalavista
.com/backend/news.js%20type=text/javascript/script
and include some remote
I can say this is the same for some companies in corporate america, I
currently have to split my time working on security issues for the systems
I control (100 solaris, 200 linux) and self improvment projects like
implementing AFS. If there are currently no hair on fire events while the
rest of
Admin password is blank.
All IPC$ shares are there.
I can surf the web from the box so it is fine.
security industry has a saying: crunchy on the outside, chewey on the
inside.
EASY to get inside your computer with your help.
Once done, you are 0wn8d.
you can hit a malishious web site and
opa,
pessoal eu acho que jah sei pq o chat nao ta interpretando comandos do php e
soh do html... eh pq o codigo do meu amigo eh tao precario que quando vc
digita uma frase... essa frase eh salva num txt:
http://www-lugal.no-ip.org/vargthon/testes/chat.txt
e depois esse arquivo eh mostrado
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Donald,
Interesting (child-like) thoughts, but in reality, this society we live
in has laws.
If a person leaves the door to their home unlocked one evening (consciously
or mistakenly) and someone chooses to go inside and ransacks the place.
Sure
[EMAIL PROTECTED] [2003:08:29:20:56:30-0400] scribed:
On Fri, 29 Aug 2003 15:47:22 CDT, Jerry Heidtke said:
It looks like it took the FBI 6 days to find what took 10 minutes on
Google. Let's see, executable name is teekids.exe, here's a
No, given that it only hit 7,000 systems, it
[EMAIL PROTECTED] [2003:08:29:20:56:30-0400] scribed:
On Fri, 29 Aug 2003 15:47:22 CDT, Jerry Heidtke said:
It looks like it took the FBI 6 days to find what took 10 minutes on
Google. Let's see, executable name is teekids.exe, here's a
No, given that it only hit 7,000 systems, it
--On Saturday, August 30, 2003 9:24 AM -0500 Michael D Schleif
[EMAIL PROTECTED] wrote:
OK, they nabbed a nickel-bagger; let's not get carried away!
This kid is small potatoes, compared to other vermin spreaders, and we
-- on this list, at least -- know that as fact.
It's one thing to make an
On August 29, 9:33 pm Mike @ Suzzal.net [EMAIL PROTECTED] wrote:
Can you get to it? How?
Possibly. Source routed packets.
Do you still need a firewall? Why?
Yes. To block source routed packets. There may be a registry setting to not
accept source routed packets on windows...I'm not sure.
Hi!
Interesting (child-like) thoughts, but in reality, this society we live
in has laws.
If a person leaves the door to their home unlocked one evening (consciously
or mistakenly) and someone chooses to go inside and ransacks the place.
Sure the homeowner probably should have locked the
Linux user: 58887 Red Hat - CreativNet.info
** AVISO LEGAL
***Este mensaje es solamente
para la persona a la que va dirigido. Puede contenerinformacin
confidencial o legalmente protegida. No hay
renuncia a la
--On Saturday, August 30, 2003 6:22 PM +0200 Peter Busser
[EMAIL PROTECTED] wrote:
I don't know about US, Canadian, German or Chinese law. But in Dutch law
there is a big difference between entering a house and stealing stuff and
breaking into a house and stealing exactly the same stuff.
Whenever someone makes the analogy about breaking into someone's
computer and breaking into someone's house, I always must suggest
otherwise.
Say I live across the street from you, and am out on my lawn talking to
you while you're on your lawn, yelling across the street. And let's say
that
Hi,
are there any paper about xss holes testing.
My company is developing a new php app and want to test it to make it a litle
more secure.
thx
--
Servicios de Seguridad Informatica
www.masev.cl
___
Full-Disclosure - We believe in it.
In some mail from Jeremiah Cornelius, sie said:
Darren Reed wrote:
I, for one, would not cry if the law made it impossible to sell or
provide GPL'd software to people because it could not be provieded
with a disclaimer.
Sooner or later the software industry needs to grow up and take
Richard M. Smith wrote:
http://news.findlaw.com/nytimes/docs/cyberlaw/usparson82803cmp.pdf
Great link.
Items of particular interest:
Page 9, lines 6-8: Since dl.t33kid.com is a copy of www.t33kid.com, it
also can be used to capture IP addresses of compromised computers.
Isn't that reaching a
| --On Saturday, August 30, 2003 6:22 PM +0200 Peter Busser
| [EMAIL PROTECTED] wrote:
|
| I don't know about US, Canadian, German or Chinese law. But
| in Dutch law
| there is a big difference between entering a house and
| stealing stuff and
| breaking into a house and stealing exactly the
Hi Paul,
The difference is Breaking and Entering vs Trespassing. They
carry different penalties, just like Grand Theft Auto is not the
same as Unauthorized Use of a vehicle. There are real differences
in terms in arrests and judgements.
Not that it really matters...
Subject: Re: [Full-Disclosure] Fw: Computers crashed just before blackout
To: Geoff Shively [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Date: Fri, 29 Aug 2003 18:25:05 -0400 (EDT)
(notes below...)
- Original Message -
From: Richard M. Smith [EMAIL PROTECTED]
57 matches
Mail list logo