Adam wrote--
I think that Ikea at least dose product tests and sells a stable product
with
out security flaws.
I'll bet the odd Ikea bed has crashed while being worked on...
*grin*
___
Full-Disclosure - We believe in it.
Charter:
~~~
Application:Mcafee FreeScan(activex)
Vendors: http://us.mcafee.com/root/mfs/default.asp?cid=9914
Platforms:Windows
Bug: Buffer Overflow and Private Information Disclosure
Risk:
Hello,
I would have to look into the bandwidth amount on my Internet contract
but I might be able to host such a site via www.mydomain.com or any
www host entry that gets pointed to my web server. Right now I have a
PIII 667Mhz with 256 MB of RAM I could use (plus it hosts mail).
If we
~~~
Application:Symantec Virus Detection(Free ActiveX)
Vendors:
http://security.symantec.com/sscv6/vc_scan.asp?langid=ievenid=symplfid=23pkj=WJDORSJRFSKLUKUMXCCvc_scanstate=2
Platforms:Windows
Bug:
full-disclosureHey, everyone.
i m comming :D, it's a lame local root exploit for Solaris.
exploit Solaris vfs_getvfssw() Loadable Kernel Module Path vulns, which found
by Dave Aitel, you can find on this link. :P
http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf
Cheers,
Sam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is an announcement only email list for the x86 architecture.
Turbolinux Security Announcement 07/Apr/2004
The following
Hello,
fdic.pif.zip / www.fdic.com.fraud.security.pif.pif
Infected: TrojanDownloader.Win32.Small.hg
says Kaspersky AV
Sincerely: Tamas Feher.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
I think that Ikea at least dose product tests and sells a stable product
with
out security flaws.
I'll bet the odd Ikea bed has crashed while being worked on...
*grin*
That'd be a passion killer - The current session has crashed. Press
Headboard-Frame-Matress to quit.
;
Jos
Hello,
I wonder if the Magic Lantern trojan truly exists? I don't quite get
this Big Brother watches all Internet traffic realtime story.
1., The sheer volume of all traffic (IM, SMTP - including spam, P2P,
webmail, etc.) must be too much no matter what Crays you have.
(Imagine someone uses
That's with out mention of the buffer problems..
cheap mattress = END RUN
How crude of me
That'd be a passion killer - The current session has crashed. Press
Headboard-Frame-Matress to quit.
___
Full-Disclosure - We believe in it.
Charter:
Quoting Sean Crawford ([EMAIL PROTECTED]):
I'll bet the odd Ikea bed has crashed while being worked on...
yeah. both companies sell fix-it-yourself-over-priced low quality
products coincidence or recipe for success?
--
.signature: No such file or directory
Hi Rafel,
We have analysed the reported vulnerabilities in the Symantec, McAfee
and Panda controls installed by their online scanners.
It appears that your conclusions for Symantec and McAfee are incorrect.
Following your examples seems to only cause null-pointer dereferences
and can therefore
Hello all,
As for the Magic Lantern stuff, yes AFAIR it was like your typical
malware, was delivered eg via email and did pretty much the same stuff
that today's keystroke-logging remote-controllable malware does. Nothing
truly exciting, not even at the time, but for the fact that it was the
On Wednesday 07 April 2004 12:26, Feher Tamas wrote:
Hello,
I wonder if the Magic Lantern trojan truly exists? I don't quite get
this Big Brother watches all Internet traffic realtime story.
I say, where there is smoke there is fire...
1., The sheer volume of all traffic (IM, SMTP -
Dear list,
To continue with our Mostly Harmless Hacking series we present you with
cutting edge techniques to hack from even the lamest of on-line services.
Today. Enjoy.
With regards,
Team Bugtraq Security
___
GUIDE TO (mostly)
Hello,
What I find interesting is that SecurityFocus links the IE ms-its: and
mk:@MSITStore: vulnerability paper by Roozbeh Afrasiabi (
http://www.securityfocus.com/archive/1/358913 ) to the Microsoft Internet
Explorer Unspecified CHM File Processing Arbitrary Code Execution
Vulnerability
Hello,
[EMAIL PROTECTED] wrote:
Multiple Vulnerabilities in Monit
* UPDATE: Integer Overflow in POST Input Handler (Initially discovered by
S-Quadra)
S-Quadra discovered that a large HTTP POST would cause an xmalloc() call
within the WBA to fail. This issue was fixed in 4.2.1 as a denial of
YAP, works for ntfs too...
--
--- morning_wood [EMAIL PROTECTED] wrote:
Fat32 file output redirect overwrites self.
===
odd behavior... ?
1.) console application output redirected to itself
( file.ext file.ext )
Quoting Sean Crawford ([EMAIL PROTECTED]):
I'll bet the odd Ikea bed has crashed while being worked on...
yeah. both companies sell fix-it-yourself-over-priced low quality
products coincidence or recipe for success?
Your forgot the important one that makes it all work - products that you
It isn't nearly as difficult as you might think. A number of companies
already make sniffing logging tools capable of the volumes you mention. They
are used mainly in large financial traffic firms to ensure their data
traffic is recoverable and to monitor for abuse. They are able to store
On Wed, 7 Apr 2004, Sean Crawford wrote:
Adam wrote--
I think that Ikea at least dose product tests and sells a stable product
with
out security flaws.
I'll bet the odd Ikea bed has crashed while being worked on...
*grin*
most likely user error though
Thanks,
Ron DuFresne
Also if i recall correctly Symantec's ActiveX controls
are restricted to run only Symantec web sites, but
Symantec sites are full of holes like XSS so you can
exploit ActiveX holes anyways. For those interested in
auditing ActiveX controls, take a look at my
presentation at BlackHat:
On Wednesday 07 April 2004 14:12, Szilveszter Adam wrote:
Hello all,
snip other good stuff
BTW as for some of the myths that accompany these covert ops in
cyberspace: you would be really surprised to learn how sophisticated
criminals have already been caught simply by sending them HTML email
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| 2., The terrorsts are not stupid, they use strong encryption and there
| is proof that PGP repels NSA.
Hi Tamas,
Although I agree with some of your post, I have to take exception to
this point. What proof are you referring to? All conspiracy
On Mon, Apr 05, 2004 at 09:36:36PM -0400, Adam wrote:
SO WTF dose this mean to me or you should IKEA now be a target?
I think that Ikea at least dose product tests and sells a stable product with
out security flaws or adds **Warnings** about who should use there products
and the issues
I'll bet the odd Ikea bed has crashed while being worked on...
*grin*
most likely user error though
Too many concurrent entries?
Or excessive load?
Jos
___
Full-Disclosure - We believe in it.
Charter:
[ /. mode on ]
Mod +5 Insightful
[ /. mode off ]
Heh - this arrived as I was posting on /. about this...
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
| 2., The terrorsts are not stupid, they use strong encryption and there
| is proof that PGP repels NSA.
Please disclose this proof.
Regards,
Brent
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Dear Thomas Kristensen,
Exploitable overflow in Symantec and Trend Micro were reported in
June/July 2003 by Cesar Cerrudo and fixed by vendors. Nearly same
vulnerability was reported in RAV by Tri Huynh.
http://www.security.nnov.ru/search/news.asp?binid=2922
--Wednesday, April 7,
Hello,
James Cupps wrote:
The people who would be running these NSA filters don't know
who they are watching and they don't care. All they want
to find are the people trying to make Anthrax or build a bomb.
Then why didn't they find themselves without any kind of searching?
It is the USA and
is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml.
Affected Products
=
* The affected software releases for WLSE are 2.0, 2.0.2 and 2.5.
* The affected software releases for HSE are 1.7, 1.7.1, 1.7.2 and
1.7.3.
Details
I would even go so far as to say tht the good-guys (the NSA) has better
knowledge, technology, and resources than the bad guys (terrorists). The
good-guys have, basically, unlimited funds and the approval of the
government to use said funds, whether it's openly apporved or approved as a
$500
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Now... what about the following? I cannot read the Forrester report --
I am not a client, and I do not wish to spend $899 on it... so I
cannot discuss the metrics used, nor how Forrester determined what was
a vulnerability disclosure.
Given the fact
Hello,
The terrorsts are not stupid, they use strong encryption and
there is proof that PGP repels NSA.
What proof are you referring to?
The case of the italian comrades:
http://www.pcworld.com/news/article/0,aid,110841,00.asp
PGP Encryption Proves Powerful
by Philip Willan, IDG News
Yeah, I'd like to see this myself.
On Wed, 2004-04-07 at 10:52, Brent Colflesh wrote:
| 2., The terrorsts are not stupid, they use strong encryption and there
| is proof that PGP repels NSA.
Please disclose this proof.
Regards,
Brent
___
Hello,
The terrorsts are not stupid, they use strong encryption
and there is some proof that PGP repels USA.
Please disclose this proof.
http://www.pcworld.com/news/article/0,aid,110841,00.asp
PGP Encryption Proves Powerful
by Philip Willan, IDG News, 26 May 2003
If the police and FBI can't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am I the only one who reads directions suppled? (Never A prob with Ikea other
than my wife wanting to buy to much when we go)
and realize that you get what you pay for (except for Opperating Systems)
On Wednesday 07 April 2004 06:34 am, Sean
At 04:03 PM 4/7/2004 +0100, Jos Osborne wrote:
Too many concurrent entries?
Or excessive load?
Forking too many processes.
m5x
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Wednesday 07 April 2004 16:52, Brent Colflesh wrote:
| 2., The terrorsts are not stupid, they use strong encryption and there
| is proof that PGP repels NSA.
Please disclose this proof.
There can be, of course, no such proof.
Had there been, we would've seen people massively upping their
Although it is interesting to read, I wouldn't call an article in PCWORLD
conclusive proof that PGP hasn't been compromised by the NSA.
It is a good article though :-)
Ex
- Original Message -
From: Feher Tamas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
An articel in the german computer magazine c`t points to Autonomy
(www.autonomy.com), a software company with a text analyzer as one main
product. It is expected to understand the content of texts, not just grep`ing
words. :)
Caraciola
-
On Wednesday 07 April 2004 17:39, Exibar wrote:
Now of course, if they are monitoring ALL internet traffic, we've all
been flagged because we've used NSA and terrorists in the same e-mail.
Good thing we didn't mention anything about m-16's or poison gas bombs, or
anything like that too!
Alexander MacLennan wrote:
A certificate is intended to give you the skills to operate a
particular
product or suite of products. The certificate may or may not
teach you
the fundamentals behind the product.
Actually that only applies to vendor certs like MCSE. Both CISSP and GIAC
certs are
On Wed, 07 Apr 2004 09:59:03 EDT, [EMAIL PROTECTED] said:
The real question though is why should we care.
In the sense that we as individuals still have some privacy the statements
about huge volumes still applies.
The only reason that we should care is because people are involved, and
On Wed, 07 Apr 2004 11:34:34 CDT, hggdh [EMAIL PROTECTED] said:
Anyways... the report seems to indicate that Microsoft is the fastest
on solving security issues.
Comments?
That's only because they smack down anybody who doesn't follow their style of
disclosure. I'll bet if you recompute
Now... what about the following? I cannot read the Forrester report --
I am not a client, and I do not wish to spend $899 on it... so I
cannot discuss the metrics used, nor how Forrester determined what was
a vulnerability disclosure.
Given the fact that a lot of the MS security fixes were
On Wednesday 07 April 2004 18:15, Feher Tamas wrote:
The terrorsts are not stupid, they use strong encryption
and there is some proof that PGP repels USA.
Please disclose this proof.
http://www.pcworld.com/news/article/0,aid,110841,00.asp
Okay look, I'm not saying they can crack it, and
: Affected Packages: Corrected Packages:
OpenPKG CURRENT = sharutils-4.2.1-20011201 = sharutils-4.2.1-20040407
OpenPKG 2.0 = sharutils-4.2.1-2.0.0= sharutils-4.2.1-2.0.1
OpenPKG 1.3 = sharutils-4.2.1-1.3.0= sharutils-4.2.1-1.3.1
Dependent Packages: none
The Ghetto Hackers would like to point out that team registration is now
open for Root Fu @ Defcon 12 CTF. Interested parties should point there
browsers to http://ghettohackers.net/rootfu.
dd
___
Full-Disclosure - We believe in it.
Charter:
[EMAIL PROTECTED] wrote:
Curt, you didn't define the case scenario for the first thing you do
on a windows box.
One would hate to reboot a box and lose any valuable evidence
of an intruder
or otherwise incriminating material.
snip
Of course id3nt, my bad, and it appearently caused a good
At 02:22 PM 4/7/2004 -0400, [EMAIL PROTECTED] wrote:
And quite frankly, I'd rather worry about living in a world where there's
still
a few terrorists on the loose than 5 years from now, not being able to get on
a plane because the first paragraph of my reply has flagged me as an enemy
of the
The Metasploit Framework is an advanced open-source platform for
developing, testing, and using exploit code. After nearly six months of
development, version 2.0 is being released to the public.
This release includes 18 exploits and 27 payloads; many of these exploits
are either the only ones
And on a related note;
http://www.cnn.com/2004/TECH/ptech/04/06/detecting.plagiarism.ap/index.html
New software detects plagiarized passages
Thanks,
Ron DuFresne
~~
Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and
On Wed, 07 Apr 2004 20:51:31 +0200, Maarten [EMAIL PROTECTED] said:
Them having crypto technology that is 'uncrackable' is good.
You having cracked that without them being aware is priceless.
(see also: WWII, Enigma)
And in fact, the Allies intentionally allowed a large number of ships
Whether it is cracked or not is moot. Magic Lantern was a keystroke logger.
Presumably even if you are a pgp fanatic you will type the password in
somewhere and if the agent feeds back to a central database at that point
then pgp is useless to you. In addition to that, the keys (private key
On Wed, 2004-04-07 at 11:56, Feher Tamas wrote:
Hello,
The terrorsts are not stupid, they use strong encryption and
there is proof that PGP repels NSA.
What proof are you referring to?
The case of the italian comrades:
http://www.pcworld.com/news/article/0,aid,110841,00.asp
Perhaps
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This also works with the 2.4.24 Linux kernel (Slackware 9.1):
[EMAIL PROTECTED]:~$ more testfile.txt
Let's try this in Linux
[EMAIL PROTECTED]:~$ ls -al testfile.txt
- -rw-r--r--1 chrisusers 24 Apr 7 12:43 testfile.txt
[EMAIL
Security Advisory: The KAME IKE Daemon Racoon does not verify RSA
Signatures during Phase 1, allows man-in-the-middle attacks and
unauthorized connections
Author: Ralf Spenneberg [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Folks,
Any good links/pointers to ROSI (Return on security investment)?
Any research gng on??
Thanks in advance!!
-n
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
If the FBI, or NSA, or any other government agency could break PGP, do you
think they would let the world know? Remember that in World War II, the
British had cracked the German Enigma code. They could have done a lot more
to stop German attacks. But they didn't because it could have tipped off
__
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/
McAfee Freescan ActiveX Information Disclosure [Additional Details PoC]
-
To assume a gov't agency with the resources of the NSA is unable to read
PGP/GPG encrypted mail is sheer folly. All discussion to date is based
around the assumption that you are attempting to brute force an individual
message in the classical sense of brute force.
1: encrypted message
2:
hggdh said:
[snip]
Anyways... the report seems to indicate that Microsoft is the fastest
on solving security issues.
Comments?
--Comparing Windows and Linux Security
(30 March 2004)
Forrester Research has released a report titled Is Linux More Secure
Than Windows?
[snip]
That explains
-BEGIN PGP SIGNED MESSAGE-
SGI Security Advisory
Title : SGI Advanced Linux Environment security update #17
Number: 20040402-01-U
Date : April 7, 2004
Reference :
This also works with the 2.4.24 Linux kernel (Slackware 9.1):
You can also delete files by using the del command. I tested this with the
5.1 ntos kernel (Slackware XP):
C:\del testfile.exe
and it deleted the file. I can't believe my eyes.
I will be out of the office starting 2004.04.05 and will not return until
2004.04.12.
I will respond to your message when I return.
**
This e-mail and any attached files are confidential and/or covered by
legal, professional
chris writes:
This also works with the 2.4.24 Linux kernel (Slackware 9.1):
It's the shell, not the kernel. When you say ./foo ./foo, the shell
interprets ./foo FIRST and does something like open(foo, O_TRUNC |
O_CREAT).
Take a look at any Unix shell document and the open(2) man page --
A big issue here that has not been discussed is the time window between the
release of a patch/upgrade and the ability to safely apply it in a live
environment.
Among my customers, many sysadmins just cannot apply the latest patches as
soon as they are available because of possible dependencies
Other presumptions include;
- the cracker not having access to specialist hardware.
- faith that the cipher is not subject to attacks targetted at
the underlying algorithm(s)
Risk Management 102 subjects include;
Crypto only buys time (in an unknown but diminishing quantity)
n30 wrote:
Any good links/pointers to ROSI (Return on security investment)?
Here's what I've got:
ROSI
A classic argument is that there is similarly no clear return on life
insurance, but that doesn't stop most of us from buying it; still,
attempting to formulate operational-security ROI may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo All!
n30 wrote:
Any good links/pointers to ROSI (Return on security investment)?
How do you calculate the ROSI on a police force or army? Who knows how
many people would be dead without one.
How would you have calculated the ROSI of the US
[EMAIL PROTECTED]:~$ more testfile.txt
Let's try this in Linux
[EMAIL PROTECTED]:~$ ls -al testfile.txt
- -rw-r--r--1 chrisusers 24 Apr 7 12:43 testfile.txt
[EMAIL PROTECTED]:~$ testfile.txttestfile.txt
- -bash: ./testfile.txt: Permission denied
[EMAIL PROTECTED]:~$ more
Why should ordinary people trust the governments of the West?
Regards: Tamas Feher.
we shouldent and we dont but lets discuss this at some other place ... there is no
place for politics in computer security .
A good article is http://www.securityfocus.com/infocus/1715.
In this it is explained the ROI (return on investment) for Penetration
Testing.
Darkslaker
www.nimrod.com.mx
Yo nací para atrapar dragones en sus guaridas y para recoger flores. Yo
nací para pasar las mañanas contando historias
You can also delete files by using the del command. I tested this with the
5.1 ntos kernel (Slackware XP):
C:\del testfile.exe
if you were trying to be sarcastic in saying this is
normal, any dummy knows that then you failed
horrendously, sir.
where did the delete command came from
On Wed, 7 Apr 2004, morning_wood wrote:
where did the delete command came from
this has nothing to do with any system command
it was simply an odd behavior where by piping
output of a file into itself, causes a 0 byte or corrupted file
C:del.exe del.exe
in particular, executeable
77 matches
Mail list logo