Hi there,
I've been looking for some detailed info about the protocols used in
Lotus Notes and Domino, but I haven't found anything of interest. Anyone
knows about where to find good stuff about that subject and security
focused in that products?
Thank you in advance,
JC
Hi,
the only advise you will get on a SECURITY mailing list is:
DO NOT USE TELNET!
In future please do not use this list for software support.
bye pz
On Fri, 2004-03-26 at 03:44, Gan Chin Kiat wrote:
Hi,
Question 1:
---
I have a Banner with Power Server which is it will
I thought I would pass this blurb along, taken on
#grsecurity and the subject was security. Just to let everyone know I am
awaiting these exploits to be released to the respected parties in due time or
an apology for falsifying these claims.
Ed
[22:22] spender is exec-shield in
The point of the previous post was to point out that people shouldn't
believe anything posted until other people in the conversation agree that
it happened and/or make a statement about it.
-- http://www.angelfire.com/electronic/bodhidharma/mu.html
Just to let everyone know I am awaiting these
In future please do not use this list for
software support.
Dear list owners,
This is a public letter from me telling you what to do. You
must respond to me.
Create a mail filter to remove these harmful messages from
my inbox. It is intolerable to spread software support
questions on the
spiffomatic 64 wrote:
The letters are expressed using a hexadecimal type of system. Every
letter is shown by two characters the first character can be any ascii
character while the second is in a range from a-p. This works just
like hex in that ap+1=ba. Its not case sensitive so that also
/full-disclosure-charter.html
Information from NOD32
This message was checked by NOD32 Antivirus System for Linux Mail Server.
part000.txt - is OK
http://www.nod32.com
__ NOD32 1.694 (20040326) Information __
This message was checked by NOD32 antivirus system
in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Information from NOD32
This message was checked by NOD32 Antivirus System for Linux Mail Server.
part000.txt - is OK
http://www.nod32.com
__ NOD32 1.694 (20040326) Information
A small answer to all your questions inline. Other readers will be able
to get better answers.
Gan Chin Kiat wrote:
Hi,
Question 1:
---
I have a Banner with "Power Server" which is it will displayed after
opened
the telnet session. Meaning previously it will displayed SunOS 5.6,
now it
Dear
list,
i am seeing strange
traffic ... first something connects to 139 on windows workstation ... 2 packets
causes the svchost to crash.
and then i start
seeing traffic to port from the same ip.
what is this traffic
i am seeing ? any new kind of malware trying to open of port
SH From: Sebastian Herbst [EMAIL PROTECTED]
SH Date: Fri, 26 Mar 2004 11:44:26 +0100
SH the only advise you will get on a SECURITY mailing list is:
SH DO NOT USE TELNET!
I disagree.
From man telnetd on debian:
-z SSL-parameter
This option is only valid if telnetd has
Well, port is used for quite some trojans. See my small list bellow:
and there might be more out there. Port 139 is used for the NETBIOS
Session Service and I would recommend closing that one on your firewall,
it's also used for again quite some trojans. Check my small list bellow:
tcp
Dear list,
i am seeing strange traffic ... first something connects to
139 on windows workstation ... 2 packets causes the svchost to crash.
and then i start seeing traffic to port from the same ip.
Sounds like a lovesan variation or some RPC-exploit. Are you sure port 139
is used and
Aditya the machine is
fully patched and protected by firewall from outside world with a sniffer
logging all the data ie scr, dst ip and ports numbers ( this is how i know the
above info )
aditya,
Im just seeing the normal stuff and
nothing like you are describing, but do you the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
BLOGGER XSS VULNERABILITY
- --
Online URL : http://ferruh.mavituna.com/article/?470
Severity : Moderately Critical for Members (Permanent
Actually yes, I think it has.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Sage
Sent: Wednesday, March 24, 2004 9:53 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Microsoft Coding / National Security Risk
Take a team of really
Il ven, 2004-03-26 alle 16:32, Aditya, ALD [Aditya Lalit Deshmukh] ha
scritto:
Dear list,
i am seeing strange traffic ... first something connects to 139 on
windows workstation ... 2 packets causes the svchost to crash.
and then i start seeing traffic to port from the same ip.
from
Most likely there was testing and research to make sure no one was using the
function internally in a way that wasn't intended that could possibly break.
Of course I am completely guessing. It could have been so that MS could take
their time and hack into all of the open source groups using
2004-03-26T15:32:09 Aditya, ALD [Aditya Lalit Deshmukh]:
how about sending the attchment like this ?
If you'd used the right eicar.com, rather than the busted one I
posted first (sorry about that quoting, copied it from the wrong
place) then that'd probably have set of a generous crop of A/V
I would hope the US government isn't using Windows in the way normal home
users are. And in fact having personally spoken with several folks from the
US Government and the US Military (US Army specifically which was
interesting...) in charge of this stuff this week at a conference I can
actually
On Fri, 26 Mar 2004 10:44:12 +0800, Gan Chin Kiat [EMAIL PROTECTED] said:
I have a Banner with Power Server which is it will displayed after opened
the telnet session. Meaning previously it will displayed SunOS 5.6, now it
will displayed Power Server. So how would i get the part of the
Hello list,
We're running IPCop v1.4.0a10 on a DHCP ADSL connection. Snort is the
IDS software installed.
I took a look-see at my firewall log for yesterday and saw four
instances of what appears to be reversed incoming RPC traffic on the Red
(WAN/eth2) side.
I had this sort of a scenario
On Fri, 26 Mar 2004 10:25:14 EST, Boris Veytsman [EMAIL PROTECTED] said:
From man telnetd on debian:
The original poster was clearly on a Solaris box, (SunOS 5.6 actually - rather
backlevel). So any whizz-bang Debian features won't be found on it.
pgp0.pgp
Description: PGP signature
On Fri, 26 Mar 2004 13:06:43 EST, joe [EMAIL PROTECTED] said:
Ever heard of Trustworthy Computing?
? Done a lot of good, hasn't it?
Actually yes, I think it has.
Except for the part where outside parties have found more numerous and
deadly exploits since it was announce than before.
Kind
{}
{ [waraxe-2004-SA#012]
}
{}
{
{}
{ [waraxe-2004-SA#013]
}
{}
{
I don't think you guys understand that MORTIS's request is a farse...
See the viruses being sent to this list thread a few days back...
I found MORTIS's comment freakin' hilarious!
KUIJPERS Jimmy wrote:
I totally agree with you, and I find your message very polite where Mortis's message
seems
At 01:23 PM 3/26/2004 -0500, joe wrote:
I would hope the US government isn't using Windows in the way normal home
users are. And in fact having personally spoken with several folks from the
US Government and the US Military (US Army specifically which was
interesting...) in charge of this stuff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Daniel!
On Fri, 26 Mar 2004, Daniel H. Renner wrote:
I took a look-see at my firewall log for yesterday and saw four
instances of what appears to be reversed incoming RPC traffic on the Red
(WAN/eth2) side.
Probably a stealth scan. NMAP has
/me pulls hair out.
It is true that security is partly a function of the measures taken by
the people responsible for securing a machine or network. However, an
insecure operating system will remain insecure even if managed by smart,
responsible security-conscious people.
The security track
On Fri, 26 Mar 2004 14:15:25 EST, Boris Veytsman [EMAIL PROTECTED] said:
The source is available, and is readily compilable on Solaris.
Note that the definition of readily compilable depends on your point of view.
Estimate the original poster's likely experience level, and decide whether it's
I promise to send $25 to John and Len to help run the list
if no one else responds to this thread. Please?
Oh, forget it. John/Len: send me an address. That's
hopeless.
My message was only intended as a morning chuckle. I
thought perhaps even Gadi would laugh at it (something is
the
More details are definitely needed, but let me ask a very basic question...is
it safe to assume that you're running some sort of AV software? You're not
infected with a Blaster varient, right?
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
--- Aditya, ALD [Aditya Lalit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joshua Brindle wrote:
|
| So I ask grsecurity fans, why would you run the software of someone
| no better than the people trying to crack your machine? This is
| not responsible behaviour and shows a clear disregard for security
| and safety of
Hey,
The below patch fixes the sql injection vulnerability
reported by Janek Vind waraxe, in privmsg.php.
--
--- privmsg.php 2004-03-18 19:51:32.0 +
+++ privmsg.1.php 2004-03-26 19:51:07.0
+
@@ -212,7 +212,17 @@
break;
case
On Monday 22 March 2004 5:25 pm, Paul Schmehl wrote:
--On Monday, March 22, 2004 11:12:01 AM -0600 Max Valdez
[EMAIL PROTECTED] wrote:
Oh, I see, I was thinking about linux
How many windows users crypto-sign their mails ??
I think the work need to be a little intelligent to get
Come on !!
That job is easy, the problem is that the revocation would happend really
fast, so the key would be valid anymore.
But thinking again, yor're all right, who cares if the key have been revoqued
or not !!
I was not thinking about the whole thing !! sorry
Max
--
Linux garaged
Dave Aitel wrote:
Joshua Brindle wrote:
|
| So I ask grsecurity fans, why would you run the software of someone
| no better than the people trying to crack your machine? This is
| not responsible behaviour and shows a clear disregard for security
| and safety of others.
|
Whatever. It shows a
On Fri, 26 Mar 2004 10:24:56 CST, Max Valdez [EMAIL PROTECTED] said:
That job is easy, the problem is that the revocation would happend really
fast, so the key would be valid anymore.
Actually, the problem is that the revocation *won't* happen soon (if at all).
First the user has to
I decided to test this for myself...
Spender sent me the alleged exploit for exec-shield... and it bypasses the protections
offered by exec-shield completely without the need for brute forcing.
Enough said, everything spender has done since years has been completely credible, and
as i've been
On Friday, March 26, 2004 1:22 PM, Mortis wrote:
My message was only intended as a morning chuckle. I thought
perhaps even Gadi would laugh at it (something is the
sincerest form of something or other). I'm sorry I have such
a rotten sense of humor. This list gets to ya once in a
On Fri, 26 Mar 2004 23:10:02 +0100, Henk Stubbe [EMAIL PROTECTED] said:
Spender sent me the alleged exploit for exec-shield... and it bypasses the
protections offered by exec-shield completely without the need for brute
forcing.
Does it actually bypass a protection that exec-shield claims to
Hello all,
I got this e-mail late this afternoon and I'm trying to figure out if
this was an attempt at infection or otherwise. I recieved this file
using Thunderbird .5 on Linux, so it wouldn't have any effect on me.
Just seeing what you all thought and what type of virus it might be.
We
I have posted this issue to a couple entities like bugtraq and
CERT with no response. I mentioned this issue to an organization today
which was considering using Nessus as a vulnerability scanner to assess their
network security issues and this was in violation with their security policy so
I have posted this issue to a couple entities like NTbugtraq
and CERT with no response. Please read
below...
Software Vendor: Tenable Security (www.tenablesecurity.com)Software
Package: Newt Versions Affected: 1.4 and earlier (and possibly
1.5)Synopsis: Username and password for various
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Proof-of-concept code has been publicly released that exploits multiple
previous vulnerabilities in various Cisco products. The following
list of vulnerabilities taken verbatim from the exploit code are
affected. Included after each is a URL which
Software Vendor: NessusWX (nessuswx.nessus.org)Software
Package: NessusWX Versions Affected: 1.4.4 and possibly earlier
versionsSynopsis: Username and password for various accounts stored in
unencrypted plain text
Issue Date: Feb 22, 2004
Vendor Response: Vendor notified December 4,
2003
On Thu, 25 Mar 2004 11:46:12 -, Andrew Aris [EMAIL PROTECTED] wrote:
This has been something I've wondered about for a while, its a good idea for
e-mails to carry some kind of passed tag from AV systems only if it
actually means something. Which as just a plain text, easily duplicatable
48 matches
Mail list logo