[H. Interesting concept, but unlikely. (Maybe if you were clearer about the definition of a node?) I can't recall anything that actually did this. Happy99 and PrettyPark did something similar, but really just creating a followup to the original (innocent) message. It's unlikely you'd find
Hmm, a quick search of ARIN (www.arin.net) and the APNIC (www.apnic.net)
reveals this IP is in CHINA. Unless PayPal is hosting servers in China, I would guess
it is a scam.
Also seems kinda suspect that the IP does not have a reverse lookup assigned to it if
it is valid.
For example one of
From: Paul [EMAIL PROTECTED]
Date sent: Thu, 18 Mar 2004 23:58:07 +1100 (EST)
Hi all, perhaps I'm way off-base but I've been under the impression that
malware can be added to clean transmissions as they pass through infected
nodes. Is this possible?
H.
From: Helmut Hauser [EMAIL PROTECTED]
Date sent: Thu, 18 Mar 2004 11:08:44 +0100
link to virus is ...
http://blah.blah.blah:81/100721.php
The php is a dead giveaway: this is probably Bagle.Q et al. (The message probably
had object tags around this, correct?)
How about Bagle2.x ?
Or Bagle3.11, Bagle'95, BagleMe, Bagle2000, BagleXP...
;
Jos
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You forgot Bagle'95 SR-1, Bagle'98 and Bagle'98SE!
:-D
Jos Osborne wrote:
|How about Bagle2.x ?
|
|
| Or Bagle3.11, Bagle'95, BagleMe, Bagle2000, BagleXP...
|
| ;
|
| Jos
- --
Paolo A. Gallenga
System Administrator
Atlantica Sistemi S.r.l.
[EMAIL
opinion
The only way to 100% secure a Windows client machine is to take it away from
the user and lock it in a cupboard.
Surely I'm not alone in thinking this?
In reality we calculate the risk/productivity ratio and then hand over the
machine (we do as we're told). Most people can't be
-Original Message-
From: Jason [mailto:[EMAIL PROTECTED]
Sent: Friday, 19 March 2004 01:08
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Re: Administrivia
Nick FitzGerald wrote:
[EMAIL PROTECTED] wrote:
And please guys, stop cc'ing me. I'm on the list and have
-Original Message-
From: Nick FitzGerald [mailto:[EMAIL PROTECTED]
Sent: Friday, 19 March 2004 02:31
To: [EMAIL PROTECTED]
Subject: Re: Administrivia (was: RE: [Full-Disclosure] Re: Microsoft
Security, baby steps ? )
madsaxon [EMAIL PROTECTED] wrote?
Also, when sending
[EMAIL PROTECTED] wrote:
http://218.62.43.30/verify.html
Signed up for paypal 2 weeks ago, and then this came in the mail as a link
in a paypal looking html email asking me to confirm by entering my credit
card/account info.
I've only purchased 1 thing since signing up; it was from ebay from a
If we eliminated most of the legal disclaimers from the mails we send we
would have plenty of time to read duplicated mail since we would no
longer have to pass the bar to know if we are even allowed to read mail.
Maybe we should have an unwritten rule here - rather than having a whole 8 line
On Fri, 2004-03-19 at 01:49, Todd Burroughs wrote:
Wasn't that something that MS tried to say, the hackers are reverse
engineering our patches? That was funny, but the sad thing is that a
lot of people will believe it.
I have no doubt that people reverse engineer their patches.
However,
[EMAIL PROTECTED] wrote:
-Original Message-
[...]
ftp://ftp.rfc-editor.org/in-notes/rfc1855.txt
Except I would add that the quoted RFC (which is informational, not
mandatory) does say that signatures should be kept short:
While only informational, some on this list should be forced to
Hallo Alerta,
* Alerta Redsegura [EMAIL PROTECTED] [2004-03-19 14:51]:
http://218.62.43.30/verify.html
If this is a scam, then maybe paypal has some employees
passing new account info outside the company.
-jamie-
Indeed, Paypal e-mail scams started in 2002 I think.
In regards to
Hallo Jim,
* Jim Burnes [EMAIL PROTECTED] [2004-03-19 14:51]:
Actually, what is really needed and primarily missing
from the security picture is:
a mail with a subject.
regards nico
--
Nico Golde| [EMAIL PROTECTED] | [EMAIL PROTECTED] | [EMAIL
PROTECTED]
Hallo Schmehl,
* Schmehl, Paul L [EMAIL PROTECTED] [2004-03-19 14:51]:
Updating any OS is a pain in the ass, but all of them have
flaws and need to be updated. I find that at least with the
UNIX-like ones, you can go on the Net and do your updates
faster than you get rooted.
This
[SNIP]
but *I* prefer to be in the recipient list if I have joined in on the
discussion, it is clearly a discussion I am interested in or felt like
chiming in on. I have filters... they filter... they filter differently
if I am a named to or cc... discussions I am participating in
[SNIP]
Except I would add that the quoted RFC (which is informational, not
mandatory) does say that signatures should be kept short:
- If you include a signature keep it short. Rule of thumb
is no longer than 4 lines. Remember that many people pay for
NGSSoftware Insight Security Research Advisory
Name: Norton Internet Security Remote Command Execution
Systems Affected: XP (not confirmed on 2000); NIS NIS Pro 2004, not
confirmed on previous versions.
Severity: High
Vendor URL: http://www.symantec.com
Author: Mark Litchfield [ [EMAIL
NGSSoftware Insight Security Research Advisory
Name: Norton AntiSpam Remote Buffer Overrun
Systems Affected: XP (not confirmed on 2000)
Severity: High
Vendor URL: http://www.symantec.com
Author: Mark Litchfield [ [EMAIL PROTECTED] ]
Date Vendor Notified:4th March 2004
Date of Public Advisory:
--On Friday, March 19, 2004 10:15:06 AM + Random Letters
[EMAIL PROTECTED] wrote:
opinion
The only way to 100% secure a Windows client machine is to take it away
from the user and lock it in a cupboard.
[snipped a bunch in the middle.
If Windows was 100% secure, why bother at all with
On Fri, 2004-03-19 at 06:16, [EMAIL PROTECTED]
wrote:
Date: Fri, 19 Mar 2004 11:04:49 +0100
From: Paolo A. Gallenga [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Organization: Atlantica Sistemi S.r.l.
To: Jos Osborne [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] New
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Spiro Trikaliotis wrote:
Isn't that the reason why there is a Mail-Followup-To (MFT) header
(http://cr.yp.to/proto/replyto.html)? With this, the sender of a mail
can decide if he wants a copy of the mail or not.
If I want to get a copy of the
On 3/18/04 11:24 AM, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Message: 2
got a strange Mail 2day:
Subject: RE: Protected message
From: [EMAIL PROTECTED]
link to virus is ...
http://221.153.61.232:81/100721.php
Host is in Korea, abuse warning has been sent.
can anyone verify what
Google's a wonderful thing. A quick search on Social Security Number
Privacy Law brought up the SSN FAQ
(http://www.faqs.org/faqs/privacy/ssn-faq/) along with lots of other
good links. Here's an excerpt from the FAQ:
-
The Privacy Act of 1974
The Privacy Act of 1974 (Pub.
On Fri, 19 Mar 2004 09:46:43 +0100, Spiro Trikaliotis [EMAIL PROTECTED] said:
Isn't that the reason why there is a Mail-Followup-To (MFT) header
(http://cr.yp.to/proto/replyto.html)? With this, the sender of a mail
can decide if he wants a copy of the mail or not.
This would be a lot more
On Thu, Mar 18, 2004 at 11:48:45AM -0600, Earl Keyser ([EMAIL PROTECTED]) wrote:
I think you folks miss the point.
My VISA card doesn't have any bells and whistles to turn on or off -just
a PIN to remember. My car is serviced by my mechanic. I don't know
what's under the hood except where
I was typing too fast without brain engaged on my post. Bloodhound packed
is the NAV way of saying unknown virus, but as I just received other emails
from the list pointing out its origin is bagle/beagle, I will now go back to
lurking and being quiet.
Have a good weekend everyone.
DVS
--
The
NEVER open attachments
Isnt this what we have been taught? haven't we tried to pound this simple
rule into the heads of our users? Do we not practice what we preach? then
why do several users of this list only send messages and replies as
attachments?
I'm sure
[EMAIL PROTECTED] [EMAIL
Anyone had any experience working with any of these vendors?
Specifically, Counterpane, ISS, think oracle even started selling this
service...
Wondering if anyone can shed light on how effective/inneffective these
companies are in helping to secure corporate networks.
On Fri, 19 Mar 2004 14:27:53 EST, you said:
[EMAIL PROTECTED] [EMAIL PROTECTED], Nico Golde, Frank Knobbe,
et al have wonderful things to say and contribute great things to this list,
but i have never read anything they post because they post as attachments.
PGP signed messages are not
On Fri, Mar 19, 2004 at 02:27:53PM -0500, VB ([EMAIL PROTECTED]) wrote:
NEVER open attachments
[EMAIL PROTECTED] [EMAIL PROTECTED]
I think this has more to do with your poor choice of MUA.
Here is a header from a recent email from Valdis.Kletnieks:
Content-Type: multipart/signed;
[EMAIL PROTECTED] [EMAIL PROTECTED], Nico Golde, Frank
Knobbe, et al have wonderful things to say and contribute great
things to this list, but i have never read anything they post because
they post as attachments.
Yes, granted, they are .txt attachments but that is no excuse as it's
just
Borland Interbase admin.ib Administrative Access Vulnerability
iDEFENSE Security Advisory 03.19.04
www.idefense.com/application/poi/display?id=80type=vulnerabilities
March 19, 2004
I. BACKGROUND
Borland Interbase is a small, high performance commercial database for
Linux, Solaris, and Windows
VB wrote:
[they] have wonderful things to say and contribute great things to
this list, but i have never read anything they post because they post
as attachments.
There's a strong possibility that your MUA is misinterpreting their
multipart/signed messages. For example, my User-Agent displays
nos those txt attachments get killed at my firewall..
VB wrote:
NEVER open attachments
Isnt this what we have been taught? haven't we tried to pound this simple
rule into the heads of our users? Do we not practice what we preach? then
why do several users of this list only send messages and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think you're MUA is interpreting signed mail as simply a blank email
with a text attachment (the PGP signed message). Many people on this
list PGP sign their messages, so if your MUA is mis-interpreting these
messages as text attachments, you need
I would like to second that motion. I never open attachments, especially on
newsgroups etc as they are a prime target.
-Original Message-
From: VB [mailto:[EMAIL PROTECTED]
Sent: Friday, March 19, 2004 11:28 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure] NEVER
no, i was referring to the fact that the body of their e-mails were blank
and their text comes as a separate attachment. then i was informed that it
is actually my mail client that is not handling the pgp properly and this
does not happen to people using non MS clients. so.Never Mind.
thanks
2004-03-19T19:27:53 VB:
NEVER open attachments
NEVER use a Mail User Agent (MUA) like Microsoft Outlook Express
6.00.2800.1158 (from your X-Mailer: header).
Folks like those you listed post digitally signed messages,
conforming to standards. They are doing things exactly right.
Your MUA is
Actually what he is describing is what I refer to as credibility.
The CISSP after my name is a measure of my credibility. It tells otherwise
clueless people, people without first hand experience and knowledge,
something about me. Perhaps it tells them that I exhibit some measurable
degree of
[EMAIL PROTECTED] wrote:
If anything, you should *encourage* the use of PGP or S/MIME to sign mail,
Absolutely.
because even if my machine gets whacked by a virus and starts spewing correctly
signed mail, you will *know* it's my machine doing it and not some
address-scraping virus on a machine in
I have to say that I have no idea what you are talking about, I never
see any email as attachments. Could it be your email client or server
(you're using Outlook Express apparently, so that could be it)?
Kenton
On Fri, 2004-03-19 at 12:27, VB wrote:
NEVER open attachments
Isnt this what we
Check out LURHQ. Good MSP about to move to national presence.
http://www.lurhq.com
Up and coming. Good source of education and whitepapers.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of DeBerry, Casey
Sent: Friday, March 19, 2004 11:52 AM
To:
On Fri, Mar 19, 2004 at 12:43:59PM -0800, Staves, Steve ([EMAIL PROTECTED]) wrote:
I would like to second that motion. I never open attachments, especially on
newsgroups etc as they are a prime target.
Hey Steve!!! Wake up!!!
The issue the OP describes is a result of a broken MUA.
MUA ==
Thanks for the info. i did open your attachment.
Now dont hurt yourself falling off your high horse. I did not write Outlook
Express, perhaps your bitterness would be better off directed to those that
did.
vb
- Original Message -
From: Bennett Todd [EMAIL PROTECTED]
To: VB [EMAIL
2004-03-19T20:42:10 VB:
Thanks for the info. i did open your attachment.
Good for you!
Now dont hurt yourself falling off your high horse.
Not to worry.
I did not write Outlook Express, perhaps your bitterness would be
better off directed to those that did.
You do, however, choose to use
--On Friday, March 19, 2004 02:27:53 PM -0500 VB [EMAIL PROTECTED] wrote:
NEVER open attachments
So, why do these folks post attachments? Why is this even permitted? I
would love to hear what these people have to say, but i cannot break my
own rule to find out.
Fine. I'll answer for them. It's
On Friday 19 March 2004 13:21, [EMAIL PROTECTED] wrote:
Hey Steve!!! Wake up!!!
The issue the OP describes is a result of a broken MUA.
MUA == Outlook Mirco'we don't heed no stinkin RFCs'soft
Ahem, I'm no MS fan but they're not the only guilty ones. A default Eudora
install does the same
On Fri, Mar 19, 2004 at 03:42:10PM -0500, VB ([EMAIL PROTECTED]) wrote:
Thanks for the info. i did open your attachment.
Now dont hurt yourself falling off your high horse. I did not write Outlook
Express, perhaps your bitterness would be better off directed to those that
did.
from a private
On Fri, Mar 19, 2004 at 02:05:55PM -0800, David Hane ([EMAIL PROTECTED]) wrote:
On Friday 19 March 2004 13:21, [EMAIL PROTECTED] wrote:
Hey Steve!!! Wake up!!!
The issue the OP describes is a result of a broken MUA.
MUA == Outlook Mirco'we don't heed no stinkin RFCs'soft
Ahem, I'm no MS
There does appear to be some places these code names have
been unofficially listed, i.e.
http://gomo.no-ip.com/other/Microsoft%20Codenames.htm
On Fri, 19 Mar 2004 [EMAIL PROTECTED] wrote:
On Fri, Mar 19, 2004 at 03:42:10PM -0500, VB ([EMAIL PROTECTED]) wrote:
Thanks for the info. i did open
###
Luigi Auriemma
Application: Terminator 3: War of the Machines
http://www.t3war.com
Versions: 1.0
Platforms:Windows
Bug: broadcast client's buffer-overflow
Risk:
http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
Gadi Evron.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Dan's proposal is intrinsically flawed. It incorrectly assumes that the
sender can reasonably anticipate the recipient's needs in replying to
the message, and that such needs can reasonably be lumped into either
reply or followup. It doesn't solve the real problem, which is that
responders need to
On Fri, 2004-03-19 at 14:43, Staves, Steve wrote:
I would like to second that motion. I never open attachments, especially on
newsgroups etc as they are a prime target.
No problem, that's yours (and VB's) choice. Just don't open anything we
post. I don't have a problem with that. I'm not quite
On Fri, Mar 19, 2004 at 12:49:33PM -0800, Blue Boar wrote:
[EMAIL PROTECTED] wrote:
If anything, you should *encourage* the use of PGP or S/MIME to sign mail,
Absolutely.
because even if my machine gets whacked by a virus and starts spewing
correctly
signed mail, you will *know* it's my machine
On Fri, 2004-03-19 at 14:09, Jeremiah Cornelius wrote:
They SIGN their messages, and
some clients insist on representing inline S/MIME and OpenPGP messages as
attachments.
BTW: I prefer to have Evolution (my email program of choice) sign
messages inline like PGP in Outlook used to do, but I
On Fri, Mar 19, 2004 at 19:55:01 -0500,
Cael Abal [EMAIL PROTECTED] wrote:
Bruno, did you read the objections raised in that link I provided? I
know how Mail-Followup-To works. I also understand there are unresolved
problems with it.
My argument was that it was better than not using it.
Hello,
I would like list members to suggest what anti virus software I should
get. My Norton subscription is expiring soon and I think there may be
something better. Need to protect a Windows ME system and a Windows 2000
system
Thanks,
Nancy Kramer
On Fri, Mar 19, 2004 at 08:13:13PM -0600, Frank Knobbe wrote:
BTW: I prefer to have Evolution (my email program of choice) sign
messages inline like PGP in Outlook used to do, but I can't convince
neither Evolution nor GPG to do so. If anyone knows of a clean hack to
trick Evolution to sign an
On Fri, Mar 19, 2004 at 08:13:13PM -0600, Frank Knobbe ([EMAIL PROTECTED]) wrote:
BTW: I prefer to have Evolution (my email program of choice) sign
messages inline like PGP in Outlook used to do, but I can't convince
neither Evolution nor GPG to do so. If anyone knows of a clean hack to
trick
On Fri, Mar 19, 2004 at 09:53:36PM -0700, [EMAIL PROTECTED] wrote:
Early versions of Evolution use to support inline signing. But in
their efforts to emulate M$ this went away. Eventually they got so
good at pretending be M$ that I had to switch to another email client
so that I could get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am with everyone else when they claim you need to find a decent MUA.
But regardless, I think you need to learn about a little friend of mine
called SYSTRACE! I don't run anything I deem insecure without it (im
clients, mail clients, firefox, any and
While Service Pack 2 for XP may only be in beta, I have been running it for some time on a test machine and haven't yet broken anything.
one step at a time...
Find local movie times and trailers on Yahoo! Movies.
http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
Actually, this is just release candidate 1, and we already know there will be a release
candidate 2.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
[EMAIL PROTECTED]
This is RC1 - i.e. not ready for prime time
Gadi Evron wrote:
http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
Gadi Evron.
--
James GarrisonAthens Group, Inc.
mailto:[EMAIL PROTECTED]5608 Parkcrest Dr
This is a technical preview... not recommended for production use.
On Sat, 20 Mar 2004, Gadi Evron wrote:
http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
Gadi Evron.
Stephen Hauskins
Academic Computing Group
Division of Physical and Biological Sciences
Where
68 matches
Mail list logo