At 10:39 AM 8/30/03 -1000, Jason Coombs wrote:
let's not jump to conclusions and revoke this person's civil,
constitutional, and human rights.
Hear, hear. Let's not give up on what little is left
of our once-beloved Constitution. Remember:
innocent until *proven* guilty in a court of law.
m5x
Entering is going into a house without breaking a lock. Breaking in, well,
that is when there is some lock, and it is broken. Insurance companies
really like this difference, if there is no signs of breaking and entering
(which b.t.w. is a legal term in the US also...), you don't get money.
--On Sunday, August 31, 2003 1:32 AM +0200 yossarian [EMAIL PROTECTED]
wrote:
Bit sad this has to be explained. Think some people in security need some
legal training.
Really? I prefer not to assume things, which is why I asked him for
clarification. Perhaps you assume laws are the same
We had a homeless guy sleeping in one of our buildings. He entered the
building during the hours which it was opened to the public, but remained
until the building was locked up for the weekend. When caught over the
weekend, he was charged with burglary. Furthermore, being on a property is
only
On Sat, Aug 30, 2003 at 10:39:53AM -1000, Jason Coombs wrote:
if he made the modifications and gave the modified worm to other people but
didn't cause it to infect anyone else's computers, then what crime is he
guilty of exactly? criminal misuse of a hex editor?
it could certainly be argued
On Fri, Aug 29, 2003 at 06:35:56PM -0400, Richard M. Smith wrote:
The FBI followed the same steps that you outlined to locate Jeffrey
Parson according to his indictment papers. The FBI also got an IP
address for Jeffrey which traced back to his house from the hosting
service for t33kid.com.
Jim Race wrote:
Nice try binky.
Content analysis details: (5.60 hits, 5 required)
-4.7 -- BODY: Bayesian classifier says spam probability is 10 to 20%
So in total my spamassassin gives me an 1.3, no spam.
Hm, -4.7 is a bit much for 10-20% spam, rescored to -2 :-)
Bye,
Manne
On Fri, 29 Aug 2003 21:50:38 EDT, Byron Copeland said:
You mean... Member of the Exchange server mop broom crew?
Umm... we only have on the order of 2,000 Exchange users.
I dare say supporting 70K users and 1M msgs/day on a single-image Exchange cluster
would probably involve a *lot* more clue
On Sun, Aug 31, 2003 at 10:28:32AM -0400, Richard M. Smith wrote:
first place. If three guys in Poland can find a buffer overflow in DCOM
without access to Windows source code, why can't Microsoft?
And what about the flaws MS probably found during the code audit and that
were never published?
Kaveh Mofidi [EMAIL PROTECTED] warped the ether with:
Secure Target Network (Security Advisory August 31, 2003)
Topic: Microsoft Outlook PST Exposure
Discovery Date: August 28, 2003
Link to Original Advisory: http://securetarget.net/advisory.htm
snip usual rubbish about Outlook PST files,
On Fri, 29 Aug 2003 22:33:06 CDT, Mike @ Suzzal.net [EMAIL PROTECTED] said:
I can surf the web from the box so it is fine.
Can you get to it? How?
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
You got IE or Outlook on that box?
(And no, you can't whine that's not fair,
Hi,
I just saw this interview with Bill Gates in today's New York Times:
Virus Aside, Gates Says Reliability Is Greater
http://www.nytimes.com/2003/08/31/technology/31SMIC.html
Boy, talking about blaming the victim:
[Gates] The fact that these attacks are coming out and that
At 10:28 AM 8/31/2003 -0400, Richard M. Smith wrote:
Patching security holes is a poor substitute for avoiding them in the
first place. If three guys in Poland can find a buffer overflow in DCOM
without access to Windows source code, why can't Microsoft?
Because Microsoft continues to build on
Hi!
On Sat, Aug 30, 2003 at 06:46:00PM -0500, Paul Schmehl wrote:
--On Sunday, August 31, 2003 1:32 AM +0200 yossarian [EMAIL PROTECTED]
wrote:
Bit sad this has to be explained. Think some people in security need some
legal training.
Really? I prefer not to assume things, which is why
-BEGIN PGP SIGNED MESSAGE-Hash:
SHA1
Secure Target Network (Security Advisory August 31,
2003) Topic: Microsoft Outlook PST ExposureDiscovery Date: August 28,
2003Link to Original Advisory: http://securetarget.net/advisory.htm
Affected applications and platforms: All
versions of
--On Sunday, August 31, 2003 12:31:03 -0300 [EMAIL PROTECTED] wrote:
And what about the flaws MS probably found during the code audit and that
were never published? I would like to see MS releasing patches/fixes for
flaws they found during these audits. Or did they find none?
The only thing we
Jason Coombs [EMAIL PROTECTED] [2003:08:30:10:39:53-1000] scribed:
[EMAIL PROTECTED] wrote:
OK, they nabbed a nickel-bagger
come on, the guy is a lot closer to a lovesick youth who couldn't resist
carving his initials in Windows when he saw the chance than he is to a drug
dealer.
snip /
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Issue : Cross site scripting in ezboard
Vendor status : developers were contacted
ezboard offers a free forum hosted at ... bla ... bla ...
improper input validation .. bla ... bla ... script or HTML
execution ... bla ... bla ( sorry but I don't
I also agree with you. The kid is guilty of
nothing more than "Unethical use of a hex editor". And here's my MAIN
FUCKING POINT SO LISTEN UP ALL OF YOU:
THE 7000COMPUTERS THAT HE SUPPOSEDLY INFECTED
WOULD HAVE BEEN INFECTED BY THE "ORIGINAL" WORM HAD THEY NOT BEEN
COMPROMISEDBY HIS
Richard M. Smith [EMAIL PROTECTED] quotes Mr. Gates:
And ducking questions by blaming the victim:
Q. The buffer overrun flaw that made the Blaster worm
possible was specifically targeted in your code reviews
last year. Do you understand why the flaw that led to
Blaster
Title: Message
That is completely
moronic to act as if he did not do anything but just hex edit the code and
changethe name for example on the .exe . He also like a moron had
the infected drones contact his website (which he is registered to) so that he
can see who has been infected to
we are into analogies now...
here's another one:
A scientist working for al-Qaida invents a new way of
making a relatively powerful explosive from supplies
that can be purchased from a grocery store in
Afghanistan. He wants to make it available for his
buddies currently working as software
At 12:19 PM 8/31/03 -0700, Steven Fruchter wrote:
That is
completely moronic to act as if he did not do anything but just hex edit
the code and change the name for example on the .exe . He also like
a moron had the infected drones contact his website (which he is
registered to) so that he can see
Hi!
Of course, it's convenient to ignore such problems and declare that
regularly applied patches pave the way to secure software. But
patching is a countermeasure that is merely in vogue right now. It's
just a question of time when this approach will break in a very
obvious manner (that
Title: Message
guess this will make worm writers a
little more scared and they will start to watch their steps a little more
carefully now and not have the damn drones contact their own website which is
registered to their name.
-SF
The thing is, this
kid shouldn't be taking the blame
OPENBSD 3.2 - \3.2\sys\kern\kern_kthread.c
Ohk, here is the function:
int
kthread_create(void (*func)(void *), void *arg,
struct proc **newpp, const char *fmt, ...) where the data is
{
struct proc *p2; - New proc struct
register_t rv[2];
int error;
Vulnerability: XSS in Webbased Virusencyclopedia
Found: 29 Aug 2003
Vendor:Trendmicro/Europe
Vendor notified: 30 Aug 2003
Vendor response: no
Public release:31 Aug 2003
We were surfing trendmicro's virusencyclopedia, misspelling the
msblaster URL. typing a
27 matches
Mail list logo