On Wed, 26 Nov 2003, Brett Hutley wrote:
Folks, does anyone know why predictable process IDs are considered harmful?
I can see that there could be the possibility of a compromise if your
cryptographic PRNGs are seeded using a process ID.
Does anyone know of any other types of attacks?
Among
Hi,
I think you can find more references on Phoneboy's web site.
Don't remember each list's name, but try
www.phoneboy.com and search for mailing lists.
HTH
Regards,
Max
-Original Message-
From: William Brady [mailto:[EMAIL PROTECTED]
Sent: mercredi 26 novembre 2003 13:46
To:
On Tuesday 25 November 2003 5:17 pm, Steven Harrison wrote:
Just for fun, I pointed my web browser at
http://finance.red-host.com/events.php and all I got back was:
exec:http://wendy35.phpwebhosting.com/netm.exe
I retrieved that file, and running it 'strings' does imply that it
will contact
IPSO is BSDi based. That is far away now from BSD. BSDi is a closed
licence. There are a lot of modifications, and they are black boxed.
Checkpoint runs (for performance reasons) in real kernel space at BSDi
for instance.
So you might talk about IPSO security, but it might be only reflections
of
Ummm, IPSO is BSD-based, is it not? Hardly a black box...
Sandro Littke wrote:
On Wed, 2003-11-26 at 10:35, Frederic Charpentier wrote:
hi, does anyone know a mailing list (or web site) about Nokia IPSO
security ?
Fred
___
Full-Disclosure - We
https://support.nokia.com is a good resource, you need to register first.
It also has link to forums such as
http://www.isc.org/services/public/lists/firewalls.html
http://www.phoneboy.com/ also has FAQ mailing lists for Nokia and Checkpoint queries.
Rgds
Paddy
-Original Message-
If you come across something relatively new then, whether you
are looking on an independent database or AV vendor's site,
if they havent got it updated then it's the same prob regardless.
I suspect the trend site search doesnt accept phrases with
quotes, which seems a bit useless.
What black box?
It's hardened freebsd based on intel hardware. Essentially they are PC's
in rack mountable boxes.
Many services are started on default install which can be used for DoS
(try port scanning one). If you have access to the nokia support site
(easy to get) you can download other
This is not the way you do it!!
-- -Original Message-
-- From: [EMAIL PROTECTED] [mailto:full-disclosure-
-- [EMAIL PROTECTED] On Behalf Of 4cray
-- Sent: Tuesday, November 25, 2003 5:08 PM
-- To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
-- [EMAIL PROTECTED]; [EMAIL PROTECTED]
-- Subject:
http://www.carrel.org/dhcp-vuln.html
--
Aaron Mathews :: Network Administrator
[EMAIL PROTECTED], http://www.vistastaff.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Tue, 25 Nov 2003 16:03:54 -0800 Jonathan A. Zdziarski [EMAIL PROTECTED]
wrote:
Odd, I thought you had to 'rm -rf /' or 'format c:' to unsubscribe.
I probably speak for a lot of people here when I say I wish you would.
Concerned about your privacy? Follow this link to get
FREE encrypted
As subject:
Its FreeBSD derived (from the work of Ipsilon networks). Mentioned in
there sales/training notes a number of times for the NSA certification.
Thats why when telnet/SSH on FreeBSD has issues IPSO did to.
See www.phoneboy.com and have a look for GNUkia on google. At one stage
you
Product: My_eGallery
Versions affected: all 3.1.1.g
Website: http://lottasophie.sourceforge.net/index.php
1. Introduction
---
My_eGallery is a very nice PostNuke module, which allows users to create and
manipulate their own galleries on the web, plus offers various additional
Actually it's IPSO 3.7 build 31
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Seamus
Hartmann
Sent: Wednesday, November 26, 2003 1:58 PM
To: 'William Brady'; 'Sandro Littke'
Cc: 'Frederic Charpentier'; '[EMAIL PROTECTED]'
Subject: RE: [Full-Disclosure]
Hi!
And a mandatory system profile in /etc , which aliases ln as 'ln -s' might
help. One for each valid shell.
Security by minimal obstruction. That doesn't protect against people who call
/bin/ln or /usr/bin/ln directly.
If you do not allow access to your home directory by others, then
Vendor: http://www.bitfolge.de
Bug Found: November 24 2003
Date Reported: November 25, 2003
Severity: High
Systems Affected: Any running PHP
1. About Snif
-
From website :
Snif is a simple and nice index file.
Server
On Mon, Nov 24, 2003 at 05:36:29PM +0100, Jakob Lell wrote:
Hello,
on Linux it is possible for any user to create a hard link to a file belonging
to another user. This hard link continues to exist even if the original file
is removed by the owner. However, as the link still belongs to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday 24 November 2003 10:17, Steven Leikeim wrote:
SNIP
There is a simpler solution. Place user files on a separate filesystem
from system files. This includes putting all temporary files on separate
filesystems of their own. (Both /tmp and
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI ProPack v2.3 security update
Number: 20031103-01-U
Date : November 26, 2003
Reference : Red Hat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| Guardian Digital Security Advisory November 26, 2003 |
| http://www.guardiandigital.comESA-20031126-031
There is a simpler solution. Place user files on a separate filesystem
from system files. This includes putting all temporary files on separate
filesystems of their own. (Both /tmp and /var/tmp.) Since hard links
cannot cross filesystems the problem disappears. Mounting user
filesystems
On Wed, 26 Nov 2003, Jeremiah Cornelius wrote:
And a mandatory system profile in /etc , which aliases ln as 'ln -s'
might help. One for each valid shell.
You must be kidding, surely?
--
- bash$ :(){ :|:};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did
*gobble* *gobble*.
-KF
Secure Network Operations, Inc. http://www.secnetops.com/research
Strategic Reconnaissance Team [EMAIL PROTECTED]
Team Lead Contact [EMAIL PROTECTED]
Our Mission:
Jeremiah Cornelius ([EMAIL PROTECTED]) wrote on 2003-11-26 at 14:18:
And a mandatory system profile in /etc , which aliases ln as 'ln -s' might
help. One for each valid shell.
How would such an approach avoid people calling symlink(2) or
unalias/whatever ?
Seems as good as security through
24 matches
Mail list logo