Feel free to skip this message if you already know how to
use the internet and you are disinterested in the
programming thread that is currently filling your mailbox.
Sorry for wasting your time.
Can we move this irrelevant programming thread somewhere
where it is on-topic? It may be
On Monday 27 October 2003 20:00, Mortis wrote:
I have minimum math skills, but I think I can do this one.
1 person * 1 minute * $60/hr/person = $6.
OMG, did I do that right?
Nope,
1 minute = 1/60 hours.
Assume the rate is $60/hour. Multiply how much of an hour your using (1/60th)
by the
Let's hope that noone uses -deprecation while compiling :)
This function was replaced a time ago
To who doesn't know, from the Java Docs
protected int classDepth(String name)
Deprecated. This type of security checking is not recommended. It is
recommended that the checkPermission call be used
Hello,
I can determine when a Windows box has been owned easily.
How do you determine if you have a KLM on your Linux box?
On both occasions, you need to shut down the computer and boot it
from an alternative source (like CD-ROM with MS-DOS), then load
drivers for the file system (NTFS, EXT2,
Actually most of VMS was written in a programming language called BLISS-32
which was designed to write an OS.
An unusual thing about BLISS was that it defined variables as the address
and one had to explicitly dereference the name to get the value of a
variable ( a little like the $ in front of
On Sun, 26 Oct 2003, Bruce Ediger wrote:
...
Well, no, but I don't believe your theory either. VMS usually gets
held up as an example of an OS without significant security problems.
Sorry to tell you, but DEC wrote VMS mainly in VAX-11 assembler.
The Alpha-CPU port of VMS involved writing a
On Mon, 27 Oct 2003, Bill Royds wrote:
Actually most of VMS was written in a programming language called BLISS-32
which was designed to write an OS.
...
The result of BLISS was VAX assembler code rather than raw machine code,
which is why the port to Alpha went the way it did. Bliss
Mortis,
is true , the owrd stupid comes but comes from you
you are wrong at all , do you read the link text to nessus ? Miscelaneous
Info about nasa.gov
and the whole report made by me ( not nessus ) ?
i think not
i think its too dificult for youabother thing you said, yo said cell , stay
in cell,
INetCop Security Advisory #2003-0x82-019
* Title: sh-httpd `wildcard character' vulnerability
0x01. Description
About:
sh-httpd is a shell script-based Web server that supports GET and
INetCop Security Advisory #2003-0x82-020
* Title: Musicqueue multiple local vulnerabilities
0x01. Description
Musicqueue is a CGI music jukebox using external tools to play the files.
-Original Message-
From: Mortis [mailto:[EMAIL PROTECTED]
Sent: Monday, October 27, 2003 1:01 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Off topic programming thread
Can we move this irrelevant programming thread somewhere
where it is on-topic? It may be interesting,
Hi!
On Mon, Oct 27, 2003 at 10:42:45PM +0800, dong-h0un U wrote:
[...]
bname() {
local IFS='/'
- set -- $1
+ set -- $1
eval rc=\$$#
[ $rc = ] eval rc=\$$(($# - 1))
echo $rc
Mhmm, doesn't that break things, as $# will always be 1 if you do
and you want to learn spanish before saying ole! ?
;-)
and you want to learn Deutsch before saying Da Kannst du nicht !
best regards,
PS: do you want to continue with chinese ? japanese ? portuguese ? caló ?
jajajajajaja
---
0x00-Lorenzo Hernandez Garcia-Hierro
At 09:36 AM 10/27/03 -0600, Schmehl, Paul L wrote:
Can we move this irrelevant programming thread somewhere
where it is on-topic? It may be interesting, but it belongs
on comp.programming or something. I might be willing to
join in, but it doesn't belong here on FD.
I have seen irrelevant
ROFL I love conspiracy's and the theroies that abound them
Thanks,
Ron DuFresne
On Fri, 24 Oct 2003 [EMAIL PROTECTED] wrote:
Hi C,
Hi, Mitch -- welcome to the Internet! Here's a tool you might find
helpful, it's called a 'Search Engine'! ;)
A quick google for a few bytes
It would seem that the bugtraq folks think that security issues cease to
exist on weekends, or even after normal business hours these days.
It's a shame really.
Once upon a time, pre-symantec it seems, it used to be a viable and
pertinent list. I'm debating unsubscribing, since it's down to
On Mon, 27 Oct 2003 17:43:18 +0100
Lorenzo Hernandez Garcia-Hierro [EMAIL PROTECTED] wrote:
and you want to learn spanish before saying ole! ?
;-)
and you want to learn Deutsch before saying Da Kannst du nicht !
best regards,
PS: do you want to continue with chinese ? japanese ? portuguese
---Texonet
Security Advisory
20030908---Advisory
ID : TEXONET-20030908
Authors : Joel Soderberg and
Christer ObergIssue date : Monday, September 8,
I don't see where this turned into a personal attack vector. Sure not
every *nix user knows what they are doing, I never said they did. All
I'm saying is that in my experience, most people who run *nix know what
the hell they are doing. I'll have you know I patch systems immediately
(after
David M wrote:
Once upon a time, pre-symantec it seems, it used to be a viable and
pertinent list. I'm debating unsubscribing, since it's down
to maybe a dozen
posts a week at this point and just doesn't seem worth the
effort to read
posts that are 3, even 4, days old.
I'm still subscribed
Hi,
actually imho the problem is not whether the vulnerable function is
deprecated when the system has crashed. The problem is whether Sun employs
some people who can implement missing null pointer checks in the JDK.
Deprecation is no security feature at all, good and aware coding in contrast
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment security update #2
Number: 20031001-01-U
Date : October 27, 2003
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment security update #4
Number: 20031003-01-U
Date : October 27, 2003
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment security update #3
Number: 20031002-01-U
Date : October 26, 2003
Although this is a serious bug, the method SecurityManager.classDepth()
has been deprecated for a while, you should not be using it.
Seems to be a bug on native code (since it's deprecated it may not have
been updated lately).
Marc Schoenefeld wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash:
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment security update #2
Number: 20031001-01-U
Date : October 27, 2003
At 02:55 PM 10/27/03 -0600, Curt Purdy wrote:
I'm still subscribed to several securityfocus lists, but have not submitted
for some time as I kept getting returned rejects even though they were
on-topic valid points.
I changed email addresses about ten months ago. I unsubscribed
from the dozen or
On Mon, 27 Oct 2003, Curt Purdy wrote:
I'm still subscribed to several securityfocus lists, but have not
submitted for some time as I kept getting returned rejects even though
they were on-topic valid points. A real shame but not unusual for big-$
corporate America to get their grubby little
In some mail from Bassett, Mark, sie said:
I don't see where this turned into a personal attack vector. Sure not
every *nix user knows what they are doing, I never said they did. All
I'm saying is that in my experience, most people who run *nix know what
the hell they are doing. I'll have
An alternate way of viewing the security of an application or
operating system is to evaluate the nature of the discovered
vulnerabilities. Are they blatantly obvious, ancient bugs that could
have been found in basic auditing or testing? Or are they new classes
of bugs, and/or more subtle? Do
Be kind, I am a new subscriber and, yes I work with software from the
evil empire, Microsoft. We have significant internet traffic and
conncectivity. We are entrenched behind a firewall that so far, thank
G-d, has kept the barbarians at bay. However we are getting extensive
requests for the use of
It's Symantec. SF anything is not worth it anymore. Just more of
the same big corp bowing to MS and the other non-full-disclosure companies.
They say one thing and do another. They boast that they haven't changed
anything, but it sure FEELS like they haveto many!
-Original
Hi
The deprecations is a way of saying you are in your own for now on. For
sure it's not a substitution for any security feature, but the problem is
always the programmer, us or the JDK developers :)
- Thiago
At 18:57 27/10/2003, you wrote:
Hi,
actually imho the problem is not whether the
So I'm sure this passed over your inboxes in some form
or another
http://www.securiteam.com/unixfocus/6L00L008KE.html
Just a standard directory traversal attack in an open
source, fixed rapidly like any good open source
project. Except that nobody really looked too hard at
the software, try
A vulnerability on the list today is a perfect example of why
C is inherently an insecure programming language and why "thinking in C" is a
directo route to insecure code.
in
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 27, 2003 3:12 PM
Hi,
either they (Sun) remove the deprecated functions completely or they
introduce permissions which explicitly allow to call deprecated stuff.
An adversary does not care whether the function he uses to interfere
correct operation is deprecated. Deprecation is not a security feature,
Hi
The deprecations is a way of saying you are in your own for now on. For
sure it's not a substitution for any security feature, but the problem is
always the programmer, us or the JDK developers :)
- Thiago
At 18:57 27/10/2003, you wrote:
Hi,
actually imho the problem is not whether the
Sure they could possibly find other ways to write insecure code,
but the issue is not whether its possible; of course its possible.
The issue is the relative difficulty of writing insecure code.
In C, to write secure code, one might have to re-implement a huge array
of data types and so forth.
On Mon, 2003-10-27 at 19:15, Stefan Larsson wrote:
Why is this bullshit even onlist? Give it a rest, please.
Amen. Some of us have our own kids to deal with as well.
___
Full-Disclosure - We believe in it.
Charter:
Basically what I see here is 'the programming language is responsible
to keep the programmer from writing insecure code' versus 'the programmer
is responsible for keeping the code from acting insecurely'. Or, to put
it in more mundane contexts, 'responsibility lies outside of my control'
versus 'I
40 matches
Mail list logo