El lunes 16 de febrero a las 00:28, Jei escribió:
>Apparently, the automated error message indicates that all e-mails sent
>via Sonera's e-mail servers are also directed to [EMAIL PROTECTED]
>address, for reasons unknown.
The fact that one ISP is doing that and has been caught doesn't
mea
PIX 505/506/515
FOS: 6.2
I configured DHCP Server on inside*LAN* network and DHCP Client on
Outside *WAN* network,
DHCP server pool (192.168.100.100-192.168.100.110)<
Observation:: for some time my wan network went dead and on Rebooting PIX
it took IP address of Private Network.<<192.168.
On Mon, 16 Feb 2004 13:02:44 +1300, Nick FitzGerald <[EMAIL PROTECTED]> said:
> [EMAIL PROTECTED] wrote:
>
> > And if MailMan wasn't configured to strip RFC822 headers, we'd also have a
nice
> > hint as to exactly which patchlevel of the offending MUA/MTA the site was r
unning,
> > so we could a
I would like to remind the list of this thread;
http://www.netsys.com/full-disclosure/2003/03/msg00148.html
Are we going to have to make arrangements with that militia
group in Wisconsin this time?
;-)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
[EMAIL PROTECTED] wrote:
> On Sat, 14 Feb 2004 16:42:39 GMT, Lee <[EMAIL PROTECTED]> said:
> > again its 1/100 of standardd MS code for a OS, lets get a grip please... and
> > I think I see the company who let the source get loose come out and say
>
> Most earlier estimates of the Win2K source w
On Sun, 2004-02-15 at 22:23, Thomas Kerbl wrote:
> I could verify your results on a Windows 2000 Pro SP3 (en), targeting
> port 445.
>
> Result: http://members.kremstalnet.at/kerbl/exploit/lsass.gif
> (won't be up there forever)
>
> greetings,
> Thomas Kerbl
>
Ah heck. "No JOY" on a unix box.
[EMAIL PROTECTED] wrote:
> And if MailMan wasn't configured to strip RFC822 headers, we'd also have a nice
> hint as to exactly which patchlevel of the offending MUA/MTA the site was running,
> so we could arm ourselves with suitable exploits.
And you don't think you'd get that information by sen
And here I was looking at www.scotts.com looking for ways to keep my
front yard greener this Spring and summer. and someone reminds that the
backyard needs help as well. :-)
On Sun, 2004-02-15 at 22:23, morning_wood wrote:
> > please enlighten us on your versions numbers / patch levels wood.
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christophe Devine wrote:
| Stephen wrote:
|
|
|>http://www.k-otik.com/exploits/02.14.MS04-007-dos.c.php
|
|
| Apparently an early version of the exploit got somewhat leaked without
| my prior knowledge. So, here is an updated version that should also w
> please enlighten us on your versions numbers / patch levels wood.
> -KF
>
>
> morning_wood wrote:
> > Dunno but your message crashes OE on (pre)view.
> > no warning, no nothin... OE just *bink* closes
> > NICE JOB [EMAIL PROTECTED]
> >
Symtoms were reported using the following:
Windows XP P
Bayesian filters wont know about it until you tell them about it. :-)
Jeff
|-+-->
| | Noldata TAC|
| | <[EMAIL PROTECTED]> |
| | Sent by: |
| |
--- Erik van Straten
<[EMAIL PROTECTED]> wrote:
> Hi Nicola,
>
> It's not a zip file, not an applet, but a plain EXE
> file. Seems
> compressed somehow, no time to figure it out now.
> Dunno why Mozilla
> runs this (I don't like it).
>
> If something showed up in your status bar, you
> should def
Hi,
Just wanted to reply on this
my Mailscanner reported this:
Our content checker found
virus: TrojanSpy.Agent.D
in an email to you from:
stating this from the message Nicola send.
I think that could give some more info.
Anyways. My AV scanner is ClamAV.
Cheers.
--
Kind regards,
Remko
Running mozilla 1.6. Nothing showed up here as your assuming.
On Sun, 2004-02-15 at 17:40, Erik van Straten wrote:
> Hi Nicola,
>
> It's not a zip file, not an applet, but a plain EXE file. Seems
> compressed somehow, no time to figure it out now. Dunno why Mozilla
> runs this (I don't like it).
On Sat, 14 Feb 2004 16:42:39 GMT, Lee <[EMAIL PROTECTED]> said:
> again its 1/100 of standardd MS code for a OS, lets get a grip please... and
> I think I see the company who let the source get loose come out and say
Most earlier estimates of the Win2K source were about 45M lines of code (I think
That file is called TrojanSpy.Win32.Agent.d according to kaspersky (go to
www.kaspersky.com and click online virus checker link or
http://www.kaspersky.com/remoteviruschk.html).
No description from Kaspersky but I had a _very_ quick look at the unpacked
code, so it may do more:
- sends content
http://www.ghcif.de/downloads/win_exploit/MS04-007.c
:-) wrote:
Has anyone actually found the expliot code for MS04-007? I had been
searching all morning and came empty handed...
Do you Yahoo!?
Yahoo! Finance: Get your re
Microsoft Windows ASN.1 Remote DoS Exploit (MS04-007)
http://www.k-otik.com/exploits/02.14.MS04-007-dos.c.php
...
--- [EMAIL PROTECTED],
[EMAIL PROTECTED], ":-)"
<[EMAIL PROTECTED]> wrote:
> Has anyone actually found the expliot code for
> MS04-007? I had been searching all morning and came
>
Hi Nicola,
It's not a zip file, not an applet, but a plain EXE file. Seems
compressed somehow, no time to figure it out now. Dunno why Mozilla
runs this (I don't like it).
If something showed up in your status bar, you should definitely assume
your box was compromised.
Take care out there,
Erik
http://linuxfromscratch.org/~devine/MS04-007-dos.c
--Joshua Levitsky, MCSE,
CISSPSystem EngineerTime Inc. Information Technology[5957 F27C 9C71
E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
- Original Message -
From:
:-)
To: [EMAIL PROTECTED]
Sent: Sunday, February 15, 2004 2:
On Sat, 14 Feb 2004, Nomen Nescio <[EMAIL PROTECTED]> wrote:
> ,
> | [EMAIL PROTECTED]:~> grep gnu files.txt | head
> | 19282 07-26-00 01:41 win2k/private/genx/ie/inc/gnumakefile
> [...]
> `
>
> WTF?
Evidence is growing that the leak was from Mainsoft, to whom Microsoft
gave the
- Original Message -
From: "Exibar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, February 15, 2004 12:39 PM
Subject: [Full-Disclosure] Microsoft source code "leak"
> Microsoft can't pay to have this kind of QA done in house (who could?),
so
> why not release a piece of sou
Related news (in Finnish):
http://sektori.com/uutiset/5402
http://groups.google.fi/groups?hl=fi&lr=&ie=UTF-8&selm=opr3beiolnsfrjjd%40news.kolumbus.fi
...
Here's a translated summary of the story so far:
Sonera (http://www.sonera.fi/) - Finland's biggest ISP's customers
have recently started re
It was posted here yesterday.
:)
On Sun, 2004-02-15 at 14:52, :-) wrote:
> Has anyone actually found the expliot code for MS04-007? I had been
> searching all morning and came empty handed...
>
>
> __
> Do you Yahoo!?
> Yahoo!
please enlighten us on your versions numbers / patch levels wood.
-KF
morning_wood wrote:
IE6 is not vulnerable, so I guess I'll get back to work. My Warhol
worm will have to wait a bit...
Dunno but your message crashes OE on (pre)view.
no warning, no nothin... OE just *bink* closes
NICE JOB [EM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|> .. Rggghhhttt. Way to go, using a signed integer for an
|> offset. Now all we have to do is create a BMP with bfOffBits > 2^31,
|
| I would caution everyone against assuming that this code has not
| been altered since it left the confines o
Has anyone actually found the expliot code for MS04-007? I had been searching all morning and came empty handed...
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
I have got a theory.
Recently, when Mr. Bush has realized that there is no
WMD in Iraq, He appointed a special commission to look
into intelligence failures. It sounded like "It was
not my fault"...
Microsoft officialy says "Evil hackers has stolen the
source code, our customers are not safe
hi jedi
On Sun, 2004-02-15 at 18:45, Jedi/Sector One wrote:
> This is equivalent to http://64.29.173.91/
ok, and the html of the index page is as following:
SERVER ERROR 550
now, the "SERVER ERROR 550" is clearly a fake - the java applet below
just starts fine. strangely, the 'javautil.zip
Yes, it is flying around.
Seems like bayesiam spam filters dont know of it yet.
On Sun, 2004-02-15 at 11:45, Lee wrote:
> I have been getting the below mail from numerous email sources all day, can
> anyone else confirm this mail is flying around?
>
> Regards
>
>
>
> > IE6 is not vulnerable, so I guess I'll get back to work. My Warhol
> > worm will have to wait a bit...
Dunno but your message crashes OE on (pre)view.
no warning, no nothin... OE just *bink* closes
NICE JOB [EMAIL PROTECTED]
guess those sources are good for something huh
( , ubber
Btw this does nothing to the IE on Win2k Version: 5.00.3700.1040,
Update Versions: SP4;Q824145:Q832894
-KF
KF wrote:
Man ... those voices in my head... they keep screaming "DMCA"!
-KF
[EMAIL PROTECTED] wrote:
I downloaded the Microsoft source code. Easy enough. It's a lot
bigger than Linux, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| It has come to my attention that you are being under the police
| investigation.
| Is that true? Have you really commited such crimes?
|
| Please read the following article located at:
|
| http://federalpolice.com:[EMAIL PROTECTED]
MS04-004 just can't
>From the source of that page:
APPLET ARCHIVE="javautil.zip" CODE="BlackBox.class" WIDTH=1 HEIGHT=1
BlackBox.class is detected immediately by my virusscanner as ClassLoader/E, more
info:
http://www.viruslibrary.com/virusinfo/Trojan.Java.ClassLoader.htm
The javautil.zip appears to be an exe file
At 10:08 PM 2/14/2004 -0800, [EMAIL PROTECTED] wrote:
.. Rggghhhttt. Way to go, using a signed integer for an
offset. Now all we have to do is create a BMP with bfOffBits > 2^31,
I would caution everyone against assuming that this code has not
been altered since it left the confines of R
They are both phishing type lines to obscured URL.
The first is standard one (that no longer works with patched IE) so the
phisher has used the second which uses octal codes for the IP address to
disguise it.
Here is a Sam Spade decode of the second address
02/15/04 13:22:57 dns http://0100.035.025
Anyone ever think that perhaps Microsoft "leaked" this section of code on
purpose? Right now there are 1,000's of hacker types and curious types
pouring over that code looking for flaws. Sounds like there was already a
flaw found using a signed integer as an offset, I've also heard that there
is
I confirm...
Another SPAMmer simply...
At 17:45 15/02/2004, Lee wrote:
I have been getting the below mail from numerous email sources all day, can
anyone else confirm this mail is flying around?
Regards
>From : [EM
Man ... those voices in my head... they keep screaming "DMCA"!
-KF
[EMAIL PROTECTED] wrote:
I downloaded the Microsoft source code. Easy enough. It's a lot
bigger than Linux, but there were a lot of people mirroring it and so
it didn't take long.
Anyway, I took a look, and decided that Microsoft
> I have been getting the below mail from numerous email sources all day, can
> anyone else confirm this mail is flying around?
Yes.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Sun, Feb 15, 2004 at 04:45:54PM -, Lee wrote:
> I have been getting the below mail from numerous email sources all day, can
> anyone else confirm this mail is flying around?
Got it on several addresses, too.
> http://federalpolice.com:[EMAIL PROTECTED]
Yet another stupid :@ link.
the server that link resides, is wide open and has a warez stro on port 8000
and RAadmin, with ftp open amongst other things, reported the thing, thanks
for reply
Regards
- Original Message -
From: <[EMAIL PROTECTED]>
To: "Lee" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, Fe
I have been getting the below mail from numerous email sources all day, can
anyone else confirm this mail is flying around?
Regards
>From : [EMAIL PROTECTED]
It has come to my attention that you are being under
Product : mnoGoSearch
Date: 02/15/2004
Author : Frank Denis <[EMAIL PROTECTED]>
[ Product description ]
From the web site :
mnoGoSearch (formerly known as UdmSearch) is a full-featured web search
engine software for intranet and int
Never dive into the shallow water.
cikasole
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
I downloaded the Microsoft source code. Easy enough. It's a lot
bigger than Linux, but there were a lot of people mirroring it and so
it didn't take long.
Anyway, I took a look, and decided that Microsoft is GAYER THAN AIDS.
For example, in win2k/private/inet/mshtml/src/site/download/imgbmp.cxx:
Can someone upload to a site/email me the source for this worm please.
Thanks
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messen
This exploit works against unpatched PC with Windows XP service pack1.
Ganbold
At 10:53 PM 14.02.2004, you wrote:
Stephen wrote:
> http://www.k-otik.com/exploits/02.14.MS04-007-dos.c.php
Apparently an early version of the exploit got somewhat leaked without
my prior knowledge. So, here is an up
--- Christophe Devine <[EMAIL PROTECTED]> wrote:
> Stephen wrote:
>
> >
>
http://www.k-otik.com/exploits/02.14.MS04-007-dos.c.php
>
SANS institute issued an alert "MS04-007 Exploit
released" :
A DOS exploit has been made available using the ASN.1
bug (MS04-007). This exploit uses port 445, 139
49 matches
Mail list logo
