Chris Cozad wrote:
> Has anyone experienced any of the supposed problems with the Dell 1600
> and 1650 servers? Apparantly a percentage of these servers shipped early
> last year have a fault on the motherboard, whereby the video chip
> actually burns up in a huge cloud of smoke.
>
> We are getti
also sprach Tobias Weisserth <[EMAIL PROTECTED]> [2004.03.15.2352 +0100]:
> I'd chose Debian over OpenBSD on workstations anytime because of
> usability.
What I failed to mention is that Debian != Linux. I myself run
Debian NetBSD on a couple of machines. That's the NetBSD kernel with
Debian manag
--- Erwin Paternotte <[EMAIL PROTECTED]> > >
> Ok, so that one is silently fixed by Symantec. What
> about the other
> vulnerability you reported recently? I mean the one
> that will crash NAV
> by using special ASCII characters
> (http://www.securityfocus.com/bid/9811). That is
> something you
Hi
Is there any mailing list I can subscribe to as a very basic user of linux??
Celeste
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of bipin gautam
Sent: 15 March 2004 03:09 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Re: Norton AntiVirus 2
[Note: *I HAVEN'T TESTED BOTH NAV exploits in older
version's OF NAV* ]
I reported the "NAV auto protect bypass" exploit
[http://www.securityfocus.com/bid/9814] to symantec
more than a year ago. They replied me; "they are
testing the issue..." then i got NO responce from
s
Folks,
Has anyone
experienced any of the supposed problems with the Dell 1600 and 1650 servers?
Apparantly a percentage of these servers shipped early last year have a fault on
the motherboard, whereby the video chip actually burns up in a huge cloud of
smoke.
We are getting
conflicting
===[Bug Proofing Microsoft.com with Internet Explorer ]===
Disclaimer: All information contained here based on the author's wild imagination
and all real coincidences are accidental.
Provided for educational purposes only.
Also, be aware that Microsoft site mos
Hi Martin,
Am Mo, den 15.03.2004 schrieb martin f krafft um 22:50:
> also sprach Tobias Weisserth <[EMAIL PROTECTED]> [2004.03.15.2208 +0100]:
> > Which means that he has to a little bit more work because he can't
> > *rely* on the distributor to supply patches in time. It's a trade-off.
>
> Sure
Background: Windows Explorer for Windows XP will automatically parse
.WMF files for validity when browsing the directory that contains them.
No need to click on anything at all.
Bug: GDI32!SetMetaFileBitsEx (which does the parsing) does not check
for records of zero length, resulting in an inf
Public forum ...
I smell a law suit even if it wasn't directed to anyone.
Not that I'm offended but there are girls.. >Ahumm< Women on this list.
Adam
On Monday 15 March 2004 03:03 pm, Bugtraq Security Systems wrote:
> Dear Starla,
>
> At Bugtraq Security Systems we pride ourselfs in having
also sprach Tobias Weisserth <[EMAIL PROTECTED]> [2004.03.15.2208 +0100]:
> Which means that he has to a little bit more work because he can't
> *rely* on the distributor to supply patches in time. It's a trade-off.
Sure, it's a trade-off. But with the administrative tools provided
by Debian, as w
Hi,
Am Mo, den 15.03.2004 schrieb martin f krafft um 22:16:
> ...
> > This is fixed in the 2.6 kernel.
>
> Wow, I didn't know this. Thanks for letting us know!
So Harry may add kernel 2.6.whatever to his list of "must have" items
;-)
This will result in an increase of speed for these machines t
Hi Alexander,
Am Mo, den 15.03.2004 schrieb Alexander Bartolich um 20:27:
> Tobias Weisserth wrote:
> > /tmp should always be mounted noexec. Add /home as well with noexec.
> > [...] This may be a trade-off, but the result is more security.
>
> On typical Linux distributions noexec is pointless.
Hi Martin,
Am Mo, den 15.03.2004 schrieb martin f krafft um 21:15:
> also sprach harry <[EMAIL PROTECTED]> [2004.03.15.1237 +0100]:
> > - /var and /tmp mounted nosuid and noexec
>
> as others have probably written, this won't do much. first, noexec
> can be easily overriden:
>
> /lib/ld-linux.
also sprach [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2004.03.15.2108 +0100]:
> > On typical Linux distributions noexec is pointless.
> > It does not prevent the execution of dynamically linked ELF images.
> >
> > $ readelf -l /bin/bash | grep interpreter
> > [Requesting program interpreter: /l
Over the weekend there were a bunch of posts to FD talking about a "Book of
unreleased exploits". As the lead author for the book in question, The
Shellcoder's Handbook, I want to get a post out to FD to clarify what
Shellcoder's is all about, and dispel some of the misinformation floating
around a
On Mon, 15 Mar 2004 20:27:48 +0100, Alexander Bartolich said:
> On typical Linux distributions noexec is pointless.
> It does not prevent the execution of dynamically linked ELF images.
>
> $ readelf -l /bin/bash | grep interpreter
> [Requesting program interpreter: /lib/ld-linux.so.2]
>
>
also sprach harry <[EMAIL PROTECTED]> [2004.03.15.1237 +0100]:
> - /var and /tmp mounted nosuid and noexec
as others have probably written, this won't do much. first, noexec
can be easily overriden:
/lib/ld-linux.so.2 /tmp/trojan
and second, nosuid on /var will make a couple of programs in Deb
On Mon, 15 Mar 2004 08:35:28 PST, Troy <[EMAIL PROTECTED]> said:
> I've sent comments regarding this to Microsoft via the "comments" link
> at the bottom of the security bulletin. I don't know if it will do any
> good, though. I did get a generic-sounding "we're looking into this"
> email back, s
Tobias Weisserth wrote:
> /tmp should always be mounted noexec. Add /home as well with noexec.
> [...] This may be a trade-off, but the result is more security.
On typical Linux distributions noexec is pointless.
It does not prevent the execution of dynamically linked ELF images.
$ readelf -l /bi
Hi there,
Am Mo, den 15.03.2004 schrieb harry um 12:37:
> hi all,
>
> i have a little question. i'm asked to set up a base system, which has
> to be secure. we want a system from which we can easily install a
> compromised system. so i had a few ideas to make it as secure and yet as
> usable a
On Fri, 12 Mar 2004 08:55:39 -0800, Walter Wart <[EMAIL PROTECTED]> wrote:
> Nick, your points are well taken. Everyone of them makes sense. And you
> will never get disagreement from me (or most people here) for a spot of
> Microsoft abuse. But you might want to address your comments to
> Microso
Dear Starla,
At Bugtraq Security Systems we pride ourselfs in having a keen eye for
young and upcoming talent. Specifically, core members of our Research and
Development team have expressed continously growing feelings of affection
towards your person. Or, as one of our researchers put it: "hehehe
On Mon, 15 Mar 2004 09:13:54 -0500, "Edge, Ronald D" <[EMAIL PROTECTED]> wrote:
> >although this could be amusing...
> >http://www.microsoft.com/security/protect/cd/order.asp
>
> I particularly like the second link, which states on ordering a security
> CD:
>
> "Please allow 2-4 weeks for delive
On Mon, 15 Mar 2004, Jochem Kossen wrote:
> On Mon, Mar 15, 2004 at 12:37:13PM +0100, harry wrote:
> > hi all,
> >
> > i have a little question. i'm asked to set up a base system, which has
> > to be secure. we want a system from which we can easily install a
> > compromised system. so i had a few
On Mar 15, 2004, at 2:24 PM, Jochem Kossen wrote:
how about a compiler? normally, all soft on it is compiled by hand,
but
it is also "necessary" for a local exploit.
If you don't install a compiler, make sure users can't upload
precompiled compilers :)
Or upload precompiled exploits for that mat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
harry wrote:
| hi all,
|
| i have a little question. i'm asked to set up a base system, which has
| to be secure. we want a system from which we can easily install a
| compromised system. so i had a few ideas to make it as secure and yet as
| usable as
Hallo harry,
* harry <[EMAIL PROTECTED]> [2004-03-15 15:14]:
> - use debian testing (stable is too old, unstable is ... well... you
> know ;))
yes, unstable works well :)
with testing your system isn't secure.
> - maybe allow ssh (no root logins)?
you can use ssh. a remote root shell have to b
Hello,
I would recommend Adamantix (http://www.adamantix.org) aka Trusted
Debian (http://www.trusteddebian.org) , which features RSBAC and PaX.
Adamantix aims to be a distribution that is hard to crack, but not hard
to use. In other words, highly-secure (its target is Common Criteria
LSPP AEL 5 or
On Fri, Mar 12, 2004 at 01:57:54PM +1300, Nick FitzGerald wrote:
>half-witted morons
this is a compliment for them.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Mon, Mar 15, 2004 at 12:37:13PM +0100, harry ([EMAIL PROTECTED]) wrote:
> [...]
Hardened Gentoo and Hardened LinuxFromScratch are both in development
phase. The aim is to harden a base system. What you do with it from
there is up to you.
--
Chief Gadgeteer
Elegant Innovations
>Message: 11
>From: "morning_wood" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Date: Sat, 13 Mar 2004 22:26:40 -0800
>Subject: [Full-Disclosure] Microsoft Security, baby steps ?
>Gimme a break..
>http://go.microsoft.com/?LinkID=422101
>although this could be amusing...
>http://www.microsoft.com
Hello,
On Monday 15 March 2004 19:37, harry wrote:
> hi all,
> i have a little question. i'm asked to set up a base system, which has
> to be secure. we want a system from which we can easily install a
> compromised system. so i had a few ideas to make it as secure and yet as
> usable as possi
On Mon, Mar 15, 2004 at 12:37:13PM +0100, harry wrote:
> hi all,
>
> i have a little question. i'm asked to set up a base system, which has
> to be secure. we want a system from which we can easily install a
> compromised system. so i had a few ideas to make it as secure and yet as
> usable as
> >
> Hi,
> Your statement is a bit unclear to me. The systems
> you performed the
> tests on, were those fully patched versions of NAV
> 2002? So, does this
> vulnerability still work on fully patched systems or
> did Symantec patch
> it? Do you know if they ever released an advisory
> about i
> >
> Hi,
> Your statement is a bit unclear to me. The systems
> you performed the
> tests on, were those fully patched versions of NAV
> 2002? So, does this
> vulnerability still work on fully patched systems or
> did Symantec patch
> it? Do you know if they ever released an advisory
> about i
hi all,
i have a little question. i'm asked to set up a base system, which has
to be secure. we want a system from which we can easily install a
compromised system. so i had a few ideas to make it as secure and yet as
usable as possible:
- use debian testing (stable is too old, unstable is ...
Apologies to those that get the Netcraft newsletter already, but apparently
hosting.com has publicised a security breach as it is mandated by a new
Californian law -
http://news.netcraft.com/archives/2004/03/15/hostingcom_cites_security_breac
h_information_act_in_disclosing_successful_attack.html
Nick,
As much as I agree with you that this is someting of a blunder by
Microsoft's web design people and that it does give out an impression of a
bad attitude towards security rather than being a huge risk per-se (not
saying that there is no risk involved). In fact I agree with more or less
all t
Hey,
> > already joking about the "PHPNuke vulnerability of the day" (with a slight a
> > reference to the "HP-UX bug of the week", if anybody remembers that...).
>
> Whatever happened to those guys, anyhow? :)
I've been really wondering, as well! I think I dimly remember something with
a prett
40 matches
Mail list logo
