This is another argument in favor of Valdis FAQ/Been-There Web site.
No, there is no standard naming convention for this crap between different
competing AV vendors, and no there is not likely to be one since it would
detract from the vendors' ability to market their products. The topic
already has
On Mon, 09 Feb 2004 20:23:07 GMT, first last <[EMAIL PROTECTED]> said:
> This is OLD news. Where have you been? It's been used for as long as
> LoadLibrary has existed by programs monitoring other programs. There are
> dozens of other ways of reading data from another program before and after
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm of the opinion that reinterpreting these particular ancient RFCs
is really of no practical use and that this thread probably deserves
to die a quiet death.
The fact of the matter is, regardless of what the RFCs have to say
about the subject, Microso
Another to add to Paul's list (Adaware and Spybot S&D), although only in
early release is this one:
http://www.kephyr.com/spywarescanner/index.html?source=appvisit
Bazooka has a very small db of 'signatures', but I've found it detects
registry traces and directories that the others miss at times.
"Riad S. Wahby" <[EMAIL PROTECTED]> wrote:
> According to most reports on the matter, DoomJuice delivers the source
> of Mydoom.A to infected computers. I'm running an informal seminar on
> malware and this could be an invaluable teaching aid. ...
In what way would it be "an invaluable teaching
A good page is
http://www.cnhonker.com/index.php?module=exploits&type=8
In this page are source code for exploits.
"Yo nací para atrapar dragones en sus guaridas y para recoger flores. Yo
nací para pasar las mañanas contando historias divertidas, para soñar a la
deriva como si fuera yo un ar
At 04:52 PM 2/9/2004 -0800, Jeremiah Cornelius wrote:
Look!
One of Ashcroft's trolls!
They'll have this list shutdown before the end of '05!
Wonder if he means the operating system or the movie?
;-)
m5x
___
Full-Disclosure - We believe in it.
Char
http://google.com
Search for Solaris+Exploit.
-- larry
On Mon, 9 Feb 2004, j c wrote:
> Len!
>
> Could you send me infomartion about exploits of Solaris for exploit testing,
> I want to know how work a exploit and how use it.
>
>
>
> Thanks
>
> _
On Tuesday 10 February 2004 00:19, j c wrote:
> Len!
>
> Could you send me infomartion about exploits of Solaris for exploit
> testing, I want to know how work a exploit and how use it.
>
> Thanks
This web-page should answer all of your questions; It is even running on
Solaris.
http://www.m
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Shawn K. Hall (RA/Security)
> Sent: Monday, February 09, 2004 5:35 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Full-Disclosure] Apparently the practice was prevalent
>
> No, it doesn't. It defines th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
"share" - smb server
"slovakia" - smb client
[EMAIL PROTECTED]:~$ smbmount --version
Usage: mount.smbfs ser
According to most reports on the matter, DoomJuice delivers the source
of Mydoom.A to infected computers. I'm running an informal seminar on
malware and this could be an invaluable teaching aid. Thus, if anyone
has the source, I'd greatly appreciate if you'd mail it to me off-list
or point me tow
On Feb 9, 2004, at 2:59 PM, Nick FitzGerald wrote:
Yes -- Deadhat (more correctly known as Vesser) was found late Friday
or early Saturday (depending on your TZ) but this new one, DoomJuice,
(incorrectly originally classified as a Mydoom variant and thus called
Mydoom.C by some) has only been isola
==
Topic: eggdrop share.mod problem
Issue date: 07/02/2004
Severity: remote exploit
Affected versions: 1.6.x <= 1.6.15, others?
==
Eggdrop is a bot written in C. It is highly configurable
and can be easily expandeded with TCL scripts. It is widely used in
>- Original Message -
>From: "j c" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Monday, February 09, 2004 3:19 PM
>Subject: [Full-Disclosure] Solaris
>
>Len!
>
>Could you send me infomartion about exploits of Solaris for exploit testing,
>I want to know how work a exploit and how
Len!
Could you send me infomartion about exploits of Solaris for exploit testing,
I want to know how work a exploit and how use it.
Thanks
_
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.microsoft
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|>Spybot Search and Destroy is much better.
|
| I find that you should run both spybot S&D *AND* adaware together
for the
| best possible adware/malware/spyware protection. they both catch stuff
| that the other does not. between the two though, you get
On Tue, 10 Feb 2004, Brad Griffin wrote:
> Fuel companies love diluting petrol with Ethanol nowadays because they
> can save/make a buck, but would you call that 'going forward' when you
> discover your engine life has been drastically reduced?
last I checked, ethanol wasn't bad for your engine.
> > rfc2396 describes URI's, rfc1945 and rfc2616 describe
> > the HTTP **protocol**. They're far from the same thing.
>
> Agreed, but you see, RFC 2616 defines more than just the
> HTTP protocol.
No, it doesn't. It defines the protocol. It imports necessary values
from other specs and recommendati
[SNIP]
>
> I think the most important advice for the original poster is; Know your
> tools. You got this pop-up thing because you thought that by having
> Anti-virus and Firewall software that you were fully protected. However
> you didn't know what your were still open to. You need to le
Comments inline
> -Original Message-
> From: David Farinic [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 09, 2004 6:25 PM
> >> In Germany, and maybe in other parts of the world, some
> providers are
> >> attracting customers by announcing webpage packages where email
> >> address
On Mon, 9 Feb 2004, Schmehl, Paul L wrote:
> Spybot Search and Destroy is much better.
I find that you should run both spybot S&D *AND* adaware together for the
best possible adware/malware/spyware protection. they both catch stuff
that the other does not. between the two though, you get rid of
E
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Gregh
> Sent: Monday, February 09, 2004 2:20 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Virus infect on single user
>
> Maybe it SUCKS because what he actually had w
Okay, flame off.
Firewalls do one thing and one thing only...filter traffic. The traffic
still hits the network interfaces, the firewall still ought to do stateful
inspection. The main benefit is that the traffic stays off of the internal
network. It's a screen on your Windows to keep flys out. Ho
Nick FitzGerald <[EMAIL PROTECTED]> wrote:
> ...
> and, most importantly, you should note that the "userinfo" part is
> _outside_ the definition of "hostport", and thus outside the "host"
> part. Ergo, HTTP URLs are explicitly (and presumably deliberately)
> defined to _NOT_ support "userinfo"
Summary:
A LoadLibrary / LoadLibraryEx weakness makes SSL on Internet Explorer very
vulnerable to a DLL proxy attack. If exploited, unencrypted data can be
intercepted before Internet Explorer (IE) uses the SSL module to encrypt
the
data. Therefore, confidential information such as bank accounts
- Original Message -
From: Sean Crawford
To: [EMAIL PROTECTED]
Sent: Tuesday, February 10, 2004 1:20 AM
Subject: RE: [Full-Disclosure] Virus infect on single user
> A rather blunt first post but maybe it has to be said...?
A rather blunt request from me:
> Lay off the porn sites du
On Mon, 2004-02-09 at 11:09, Steffen Hetzel wrote:
> Hi,
>
> On Mon, 09 Feb 2004 13:18:49 +0200
> "Rompax We Burn Everything" <[EMAIL PROTECTED]> wrote:
>
> > I am a kind of newbiews on the virus matter but as everybody do, i
> > want to keep my pc as safe as i can. i have install Mcaffe and Zone
Topic
LoadLibrary / LoadLibraryEx Weakness
Release Date:
February 9, 2004
Date Reported:
Reported to Microsoft on December 9, 2003
Severity:
Medium (Interception of SSL traffic, RSA encryption, and others)
Systems Affected:
Windows 95, 98, ME;
Windows NT, 2000, XP, 2K3 (ACL limitations apply)
"Erik van Straten" <[EMAIL PROTECTED]> wrote:
> I've observed a rapid increase in 3127/tcp scans from seemingly
> random IP's. They're sequentially scanning our IP's, bottom-up.
As have many others:
http://www.dshield.org/port_report.php?port=3127
> These seem to match Kasperky's Doomjuice (
Dshield also lists an abnormal rise of scans on port 3127.
http://www.dshield.org/port_report.php?port=3127
Particularly within the last 36 hours.
http://www.dshield.org/port_report.php?port=3127&days=1
Regards
Thor Larholm
SegLegal -- Discussion of legal issues related to security research
List,
I've observed a rapid increase in 3127/tcp scans from seemingly
random IP's. They're sequentially scanning our IP's, bottom-up.
These seem to match Kasperky's Doomjuice (published ~ 3 hours ago):
http://www.viruslist.com/eng/alert.html?id=930701
Details, incl. address generation algorithm:
K-OTiK Security wrote:
it's not mydoom.c - his name is Vesser (W32.HLLW.Deadhat) :
This is not Vesser. This is a new outbreak.
I doubt it will be huge, for obvious reasons, but it spreads.
Check out http://www.lurhq.com/mydoom-c.html
Gadi Evron.
_
Hi,
On Mon, 09 Feb 2004 13:18:49 +0200
"Rompax We Burn Everything" <[EMAIL PROTECTED]> wrote:
> I am a kind of newbiews on the virus matter but as everybody do, i
> want to keep my pc as safe as i can. i have install Mcaffe and Zone
> alarm pro for firewalls and i used some utilies to clean my ma
> I noticed that the file was last modified a day that i ddin't open my pc. Is
there any change for that file to have >attributes than the real one?
not uncommon for date manipulation with trojans. Beast 2.05 uses activeX
startup routines and file date manipulation of the files ( files are dated
8
[SNIP]
>
> As Valdis said earlier, user:[EMAIL PROTECTED] is a DE FACTO standard. It
> goes against the RFC? Well, get over it. Such is life. It has not been
> the first time, and it will not be the last one. What defines a
> de facto standard is prevalence of use. Nobody can argue that t
Red-M Red-Alert Multiple Vulnerabilities
Product: RedAlert
Versions Affected: Tested with hardware version 2.7.5, software v3.1 build 24
Status:Fixed by vendor
Vendor URL:http://www.red-m.com
Advisory URL: http://genhex.org/releases/031003.txt
Author:
RE: the "signature" on this email.
... "additionally, GFI MailSecurity creates a huge spam attachment at
the bottom of every message". :)
-Darren
On Mon, 2004-02-09 at 00:24, David Farinic wrote:
> >martin f krafft <[EMAIL PROTECTED]> wrote:
>
> >> In Germany, and maybe in other parts of the w
Due to feedback and some continued research, I have updated my paper:
http://web.lemuria.org/security/WormPropagation.pdf
This revision fixes some typo and grammatical errors and adds a few new
graphs and tables as well as some more text content.
___
F
Uses the Mydoom backdoor to upload itself (over Mydoom ports).
Seeded over the weekend, it is out now and spreads fast.
Blocking: block Mydoom ports.
Gadi Evron.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure
On Mon, 9 Feb 2004 13:40:17 -
"Richard Hatch" <[EMAIL PROTECTED]> wrote:
[ some stuff deleted ]
> I am not a Microsoft fan, but given the huge number of email scams relying
> on this type of URL, something clearly had to be done to help protect users.
> Microsoft could have simply said "It's
Quoting Richard Hatch <[EMAIL PROTECTED]>:
> Was Microsoft 'wrong' to simply remove this support? Maybe.
> Were people wrong to register domain names with reserved characters? Maybe.
You're not getting it, are you?
You can't reserve a domain with reserved characters. You can expect RFC's to be
A
rather blunt first post but maybe it has to be said...?
Lay
off the porn sites dude.
> Rompax We Burn Everything
said.>
>Two days ago as i was searching
my pc folders i found out that there was a dialer executable file in my programe
files folder. I noticed that the fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
BRINSKTER MULTIPLE VULNERABILITIES
- --
Online URL : http://ferruh.mavituna.com/?435
1. Retrieving other users ASP Source Codes
Severity: High
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pentest Limited Security Advisory
Multiple vulnerabilities in Nokia phones.
Advisory Details
-
Title:Multiple vulnerabilities in Nokia phones.
Announcement date:9th February 2004
Advisory Reference: ptl-2004-01
P
[Full-Disclosure] Mailing List Charter
John Cartwright <[EMAIL PROTECTED]> and Len Rose <[EMAIL PROTECTED]>
Introduction & Purpose
--
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.netsys.com.
The list was created on 9th July 2002
I have read with (initial) interest (some of) the posts about Microsoft
removing the user:[EMAIL PROTECTED] format support for URLs.
OK, so some people have valid URLs of the [EMAIL PROTECTED] type.
As the saying goes, deviate from a standard (or RFC) at your own peril.
Was Microsoft 'wrong' to s
On Mon, Feb 09, 2004 at 12:59:19PM +0100, Guido van Rooij wrote:
> >
> >http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
[...]
>
> Following the same reasoning, the HTTP URLs are also "deliberately" defined
> to not support port numbers. I fail to believe that this was in
On Mon, Feb 09, 2004 at 10:42:18AM +1300, Nick FitzGerald wrote:
> Section 3.2.2:
>
>http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
>
> You then have to refer back to RFC 2396 -- coincidentally also section
> 3.2.2 of that RFC -- for the definitions of the component part
"Shawn K. Hall \(RA/Security\)" <[EMAIL PROTECTED]> wrote:
> > As I said -- it is interesting how little concern some
> > developers show for their clients larger security issues...
> > I hope Microsoft adds a check for the "ungoing" of this fix
> > to MBSA and like products.
>
> Read the article
I am a kind of newbiews on the virus matter but as everybody do, i want to keep my pc as safe as i can.i have install Mcaffe and Zone alarm pro for firewalls and i used some utilies to clean my machine from spyware and trojans.
Two days ago as i was searching my pc folders i found out that there w
>martin f krafft <[EMAIL PROTECTED]> wrote:
>> In Germany, and maybe in other parts of the world, some providers
>> are attracting customers by announcing webpage packages where email
>> address == web address. so, [EMAIL PROTECTED] is the email, and
>> [EMAIL PROTECTED] is the website, while [EM
52 matches
Mail list logo
