Re:[Full-Disclosure] (AUSCERT AA-2004.02) AUSCERT Advisory - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices (fwd)

Interesting isn't it .. since it came up I've been wondering how hard it would be for one of these; http://www.wifiseeker.com/ .. to be "upgraded" to work as a sort of wireless flash-bang (for the life of the battery) .. throw it in a garden and walk off ... .. give our grounds keepers IT Secu

[Full-Disclosure] RKDetect - behaviour based rootkit detection utility

http://www.security.nnov.ru/search/document.asp?docid=6198 Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. Tool very simply. It enumerates services on remote computer through WMI (user level) and Services Control Manag

RE: [Full-Disclosure] leaking

> And gotta love the flavors of the BSD OS that does it for them! ms will deny that saying that hotmail runs on windows ! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___

[Full-Disclosure] (AUSCERT AA-2004.02) AUSCERT Advisory - Denial of Service Vulnerability in IEEE 802.11 Wireless Devices (fwd)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === AA-2004.02 AUSCERT Advisory Denial of Service Vulnerability in IEEE 802.11 Wireless Devices 13 May 2004 Last Revised

RE: [Full-Disclosure] RE: Full-Disclosure MS Exchange message lost-so lets post how

I agree with Randal's point of view. Dunno abt others... Although we have been discussing this exploit posting issue since long time... the latest one was cyber punk's, h .. 4 C.P : h1ya, u rem. WFD ;) sh0utS t0 U agAin. ;) Regards, S. Imran Ali -Original Message- From: [EMAIL PROT

RE: [Full-Disclosure] leaking

>The original poster said "track" not "collect" email addressesNo no, he said: "The beatch [sic] is probably collecting our addresses for spam".>I don't think in this case you could (unless you were either matching IPs, or>there is other information in the request that certain MUAs give out)

Re: [Full-Disclosure] leaking

On Wed, 12 May 2004, Marek Isalski wrote: > Each visitor is given a different email address. It's made up of their > IP address, the Unix time and a partial hash value, encrypted with a > private Serpent-256 key. Yep, and that way you can see who sold it to whom. -- Dave __

Re: [Full-Disclosure] leaking

On Wed, 12 May 2004, Nancy Kramer wrote: > What do you use that does that? It's in my headers - Pine. -- Dave ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] FW: Unique Logo demonstrates Personality of Your Business

Received: from gateway.ameriben.com (10.1.1.5 [10.1.1.5]) by mail.iecgroup.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id KYZSR3QH; Wed, 12 May 2004 18:30:06 -0600 Received: by gateway.ameriben.com (Postfix, from userid 12347) id 233963FF74; Wed, 12

[Full-Disclosure] RE: Full-Disclosure MS Exchange message lost-so lets post how

I am using the following only as an example that has been slightly discussed here. The gentleman rightly posts and gives us the information that is very helpful to be aware of. But then posts the "exploit" example because, in his own words, <|>I think some people know how to use this "FEATURE" ..

RE: [Full-Disclosure] leaking

On Wed, 12 May 2004, Alerta Redsegura wrote: > Are you going to tell me you didn't see this ad in your MUA? > Then, it doesn´t render HTML! You have no idea what you're talking about. -- Dave ___ Full-Disclosure - We believe in it. Charter: http://lis

Re: [Full-Disclosure] leaking

On Wed, 12 May 2004, KUIJPERS Jimmy wrote: > Why a "cryptographically-secure way of generating new email" ?? Because otherwise your nice new email address could be the victim of a dictionary attack, and you will not have proved anything either way. -- Dave __

[Full-Disclosure] EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow

Symantec Multiple Firewall NBNS Response Processing Stack Overflow Release Date: May 12, 2004 Date Reported: April 19, 2004 Severity: High (Remote Kernel Code Execution) Vendor: Symantec Systems Affected: Symantec Norton Internet Security 2002 Symantec Norton Internet Security 2003 Symantec No

[Full-Disclosure] EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow

Symantec Multiple Firewall Remote DNS KERNEL Overflow Release Date: May 12, 2004 Date Reported: April 19, 2004 Severity: High (Remote Kernel Access) Vendor: Symantec Systems Affected: Symantec Norton Internet Security 2002 Symantec Norton Internet Security 2003 Symantec Norton Internet Securit

Re: [Full-Disclosure] leaking?

On Wed, 12 May 2004 22:24:18 +0530, "Aditya, ALD [Aditya Lalit Deshmukh]" <[EMAIL PROTECTED]> said: > this is not included by them intentionally but by rediff.com a stupid free > email site that does nothing but shove advertisements here and there. both the > server are blocked on my lan. and al

[Full-Disclosure] EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service

Symantec Multiple Firewall DNS Response Denial-of-Service Release Date: May 12, 2004 Date Reported: April 19, 2004 Severity: High (Remote Denial of Service) Vendor: Symantec Systems Affected: Symantec Norton Internet Security 2002 Symantec Norton Internet Security 2003 Symantec Norton Internet

[Full-Disclosure] EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption

Symantec Multiple Firewall NBNS Response Remote Heap Corruption Release Date: May 12, 2004 Date Reported: April 19, 2004 Severity: High (Remote Kernel Code Execution) Vendor: Symantec Systems Affected: Symantec Norton Internet Security 2002 Symantec Norton Internet Security 2003 Symantec Norto

Re: [Full-Disclosure] My Signature

and this has what to do with anything of importance or to the relevance of this mailing list? On Wed, 2004-05-12 at 09:56, Nico Golde wrote: > Hi, > some of the people told me that my signature isn't correct. > for some people here it looks like this or simelarly: > > Nico Golde | [EMAIL PROTECTE

Re: [Full-Disclosure] leaking

On Wed, 12 May 2004 09:41:04 PDT, "Gary E. Miller" said: > last week. Hundreds of emails to invalid email accounts for every valid > one. Their poor server could not stand up to the load. And remember guys - "their poor server" is a huge affair, even months ago it was bouncing *billions* of spa

Re: [Full-Disclosure] leaking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Valids! On Wed, 12 May 2004 [EMAIL PROTECTED] wrote: > For all the grief I give Microsoft, I *do* have to admit that there's only > a few network-engineering feats of a similar size and scale And gotta love the flavors of the BSD OS that does

Re: [Full-Disclosure] removing sasser

Hi Alerta! > 2. Look for avserve.exe or avserve2.exe in the %Windir% directory > 3. Delete "avserve.exe" [...] in > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run thx, thats the info I was looking for Yours, Marcel ___ Full-Disclosur

Re: [Full-Disclosure] Wireless ISPs

On the other side of things, I've recently encountered internet vendors who're reassuring customers that they use HTTPS for online ordering. But when I've ordered something from them they've e-mailed me asking for proof of ownership of the card - they either want a fax, or for me to e-mail a s

Re: [Full-Disclosure] leaking

On Wed, May 12, 2004 at 12:46:52PM -0500, Alerta Redsegura wrote: > Now, I repeat the question: You mean ask your question differently, ;) > How can the web-based email service in this particular case, gather email > addresses from the members of this list via this banner? The original poster sa

RE: [Full-Disclosure] Wireless ISPs

All the latest key managing algorithms, the TKIP, CKIP+CMIC, WPA - they all offer a huge improvement over static WEP keys. But not all client devices support their features. Most of the wireless bridge devices that customers are willing to buy support either no encryption or a static WEP key. Try t

RE: [Full-Disclosure] Calcuating Loss

-Original Message- From: Michael Gargiullo [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 12, 2004 10:53 AM To: Schmidt, Michael R. Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Calcuating Loss On Wed, 2004-05-12 at 11:56, Schmidt, Michael R. wrote: > Well one of the biggest issues

RE: [Full-Disclosure] Calcuating Loss

On Wed, 2004-05-12 at 11:56, Schmidt, Michael R. wrote: > Well one of the biggest issues that allows people to remain anonymous is DHCP. I Disagree. That's traceable, ask the RIAA or MPAA. > If everyone on the internet was required to get a static IP address, or to log which > IP they were usin

RE: [Full-Disclosure] Wireless ISPs

Just to throw my .02 in here wasn't there a FCC ruling (for those of you in the US) that stated that you as a private citizen have the right to receive "any" broadcast radio signal. If this is the case then you would in essence have the right to listen in on any un-encrypted radio traffic.

RE: [Full-Disclosure] leaking

In the specific case we are talking about here: 1. Somebody sends a message to the list from a web-based e-mail service. 2. All messages sent from this web-based e-mail service have a banner. 3. The banner is an "img" tag with an "a href" to click on it. 4. The banner is not shown via "script" tag

Re: [Full-Disclosure] leaking

On Wed, May 12, 2004 at 10:16:23AM -0500, Alerta Redsegura wrote: > I am really curious to know how you can collect e-mail addresses from a > plain image fed from a website shown on an e-mail. > > IP, yes. User-agent, yes. But e-mail addresses??? You don't _collect_ email addresses (they obviou

Re: [Full-Disclosure] Wireless ISPs

On Wed, 12 May 2004 10:13:35 PDT, "Schmidt, Michael R." said: > How hard would it be to have a few companies start a "secure" Internet? All > access is by licensed know individuals. No more hacking, no more slacking. If You know.. the Internet *did* start that way. When there were 4 IMPs and

[Full-Disclosure] NetBSD Security Advisory 2004-007: Systrace systrace_exit() local root

-BEGIN PGP SIGNED MESSAGE- NetBSD Security Advisory 2004-007 = Topic: Systrace systrace_exit() local root Version:NetBSD-current: source prior to Apr 16, 2004 netBSD 2.0 branch: sour

RE: [Full-Disclosure] what CMS to use for a CERT?

Title: RE: [Full-Disclosure] what CMS to use for a CERT? > -Original Message- > From: Koen [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 12, 2004 3:17 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] what CMS to use for a CERT? > > > Hi, > > I'm looking for a good conten

[Full-Disclosure] lha vuln from last week

List, Anyone been following that lha vuln from last week? I heard lha is in over 17 products (antivirus, archivers) but I dont see but one antivirus company come out and acknowledge it (only because a public test was run). I consider the vuln severe - but there has been little if no buzz about

RE: [Full-Disclosure] Calcuating Loss

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Frank! On Wed, 12 May 2004, Frank Knobbe wrote: > too much work? You mean I have to get out, buy an antenna (or Pringles > can), get gas, drive around the city, find an open WAP, find me a > parking lot, hook up my gear and hack away? I find it so

RE: [Full-Disclosure] Avoiding traceability (was: Calculating Loss)

On Wed, 2004-05-12 at 12:42, Gary E. Miller wrote: > If you convert your pringles can properly it should work from your bedroom > window as well. :-) lol yeah, I saw that one coming > Go ahead and use your home internet conenction if you must. Just be > carefull who you annoy enough to t

Re: [Full-Disclosure] leaking

They probably use this in order to track if the email was opened and maybe who opened it, at least IP or server etc.  This only works with some email clients. If the recipient is using an email client this works on it is a very reliable way to measure if the email was opened, the IP or server of

Re: [Full-Disclosure] Calcuating Loss

"Schmidt, Michael R." <[EMAIL PROTECTED]> writes: > Well one of the biggest issues that allows people to remain > anonymous is DHCP. If everyone on the internet was required to get > a static IP address, or to log which IP they were using - using a > secure technology then everyone could be track

RE: [Full-Disclosure] Calcuating Loss

On Wed, 2004-05-12 at 11:57, Gary E. Miller wrote: > Too much work. Just do a bit of wardriving until you find a WiFi net > you can jump on. Just be sure to forge your MAC just in case someone is > in turn sniffing you locally. Heya Gary, too much work? You mean I have to get out, buy an antenn

[Full-Disclosure] Sweex 802.11g router/accesspoint config disclosure / remote config

Maniac Security Advisory 2004-01 Configuration disclosure on Wireless Accesspoint/Router SUMMARY Critical elements of the accesspoint's configuration can be discovered by any client connected to the accesspoint. This includes the administration username and password. AFFECTED PRODUCTS Sweex Wir

RE: [Full-Disclosure] Wireless ISPs

It is one part not knowing and one part training. And there will always be the people who are just plain and simple too stupid to deal with reality, that's where we get drug addicts, drunks and people smoking that last cigarette as the take their last breath... These people are taught, they hav

[Full-Disclosure] Security Warning

Hi, Please tell me how i can make this type of securty warning. thanks. http://www.farukh.com/sw.jpg Best Regards from,, Farrukh Hussain. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Locking up Internet Explorer

Any link in the form of //something has the current protocol prepended to it. If you are on a HTTP site such as http://microsoft.com and click on a link to //msdn.microsoft.com you are in reality making a request for http://msdn.microsoft.com /. used to use these links all over the place, to sa

RE: [Full-Disclosure] Calcuating Loss

Do you know how many people have unconfigured and therefore wide open wireless access points in the same county as me? Well over 2000. The number of configured though not necessarily secure is over 5000. That is all less than 20 miles from home. And I didn't even bother to map out most of the side

Re: [Full-Disclosure] leaking

On Wednesday 12 May 2004 17:01, Alerta Redsegura wrote: > Are you going to tell me you didn't see this ad in your MUA? > Then, it doesn´t render HTML! In fact yes I will tell you that. My MUA renders HTML (if you tell it to render it globally or if you tell it exokicitly for a specific mail). but

Re: [Full-Disclosure] leaking

What do you use that does that? Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 06:49 AM 5/12/2004, Dave Horsfall wrote: On Wed, 12 May 2004, Felipe Angoitia wrote:

Re: [Full-Disclosure] Wireless ISPs

On Wed, 12 May 2004 22:24:18 +0530, "Aditya, ALD [Aditya Lalit Deshmukh]" <[EMAIL PROTECTED]> said: > if people knew just how to use them the world would have been a much safer place > already ! > inst it ironic that the people cannot use the free tools also. Not ironic, just sad. If they wer

[Full-Disclosure] what CMS to use for a CERT?

Hi, I'm looking for a good content management solution for starting a CERT. I don't mean the OS or webserver-stuff but the 'thingy' that sites like http://www.cert.org, http://www.us-cert.gov/ or http://www.securityfocus.com/ use for constructing their web-advisories, web-resource pages and

Re: [Full-Disclosure] Calcuating Loss

On Wed, May 12, 2004 at 08:56:25AM -0700, Schmidt, Michael R. wrote: > Well one of the biggest issues that allows people to remain anonymous > is DHCP. No. Even Dialup (modem/ISDN), Cable or DSL users who get a new IP address on every reconnect or every $X hours can be traced back easily by their

[Full-Disclosure] My Signature

Hi, some of the people told me that my signature isn't correct. for some people here it looks like this or simelarly: Nico Golde | [EMAIL PROTECTED] | [EMAIL PROTECTED] | [EMAIL PROTECTED] net http://www.ngolde.de | GnuPG Key: http://www.ngolde.de/gpg/nico_golde.= gpg Fingerprint | FF46 E565 5CC1

Re: [Full-Disclosure] Wireless ISPs

--- Mister Coffee <[EMAIL PROTECTED]> wrote: > Dan, as a couple of people (myself included) have > pointed out, you're dealing with two separate issues > here. Three, actually. > > First: Secure transactions through a web interface > Second: Cleartext replies to said transactions > including s

RE: [Full-Disclosure] leaking?

> Hi abhilash verma and the rest... > Why do you include this in your mails? tracking full-disclosure readers which use > html > rendering muas? > > http://clients.rediff.com/signature/track_sig.asp";> SRC="http://ads.rediff.com/RealMedia/ads/adstream_nx.cgi/www.rediffmail.com/[EMAIL > PROTECTE

RE: [Full-Disclosure] leaking

Unfortunately in a controlled environment it's not always possible to avoid MUA's. Novell's announcement is good news in any event. However, if you do use outlook HTML mail can be disabled via a registry key. Create HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options\Mail\ReadAs Pl

RE: [Full-Disclosure] Wireless ISPs

> I do a great deal of wardriving in order to map out my coverage area. In > doing this, I happen to get a lot of data captured. And a pretty good > portion of the WEP-protected networks happen to get cracked by wepattack > in under a minute. I don't even go back to see if I can snoop more of the

RE: [Full-Disclosure] iDEFENSE: Security Whitepaper on Trusted Computing Platforms

> > speel? what do you want? Most people spell "speel" "spell" :) > regards nico could we have these sort of mails offlist ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) _

RE: [Full-Disclosure] Registry Watcher

> Pro (the pay-for version) has a TSR called AdWatch, that will alert to TSR used to in DOS and they were good challange to program and when the TSRs worked it was time to celebrate. in windows we only have processes which can be invisible minimized or normal state! > entry is changed or crea

Re: [Full-Disclosure] leaking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Jimmy! On Wed, 12 May 2004, KUIJPERS Jimmy wrote: > I see no reason whatsoever why I should generate the e-mail address in a > cryptographic manner... .whatever that may mean (since when > do we create an email address via a "cryptographically-se

Re: [Full-Disclosure] Calcuating Loss

On Wed, 12 May 2004 08:56:25 PDT, "Schmidt, Michael R." said: > What we need is something that you have to log into (securely) or your DHCP is > revoked immediately. And of course static IPs are well, static and since they > are routed, routes can be logged and therefore trackable. All fine and

RE: [Full-Disclosure] Calcuating Loss

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Frank! On Wed, 12 May 2004, Frank Knobbe wrote: > "Your" ISP can track you from IP to MAC or dial-in port to your > credentials. But if you jump through 20 open proxies, the person/site > that you are attacking will have a hard time finding you (a

RE: [Full-Disclosure] Locking up Internet Explorer

> > \\test\test > > It's just guessing you tried the wrong direction slashies. no these slashes are alright this is the unc naming scheme where u can specify \\server\share\directory\filename regardless of the of the server is running netware or windows that is why it is called universal namin

Re: [Full-Disclosure] Wireless ISPs

On Tue, May 11, 2004 at 10:27:09PM -0700, D B wrote: > erm > > merchant = https order from and there to a secure mail > serverand from there to the ISPs insecure ...oops > there goes all that SSL > Dan, as a couple of people (myself included) have pointed out, you're dealing with two separate is

RE: [Full-Disclosure] Calcuating Loss

Well one of the biggest issues that allows people to remain anonymous is DHCP. If everyone on the internet was required to get a static IP address, or to log which IP they were using - using a secure technology then everyone could be tracked, sure a few "super" hackers could still manage to esc

[Full-Disclosure] Microsoft SP2 code demos for developers

Microsoft provides Windows XP Service Pack 2 Code Demos for developers to prepare for SP2 changes: http://www.microsoft.com/downloads/details.aspx?FamilyID=f87cf701-4e68-4e9e-ade5-59d4d40d8e23&DisplayLang=en Helmut Hauser ___ Full-Disclosure - We belie

RE: [Full-Disclosure] leaking

I am really curious to know how you can collect e-mail addresses from a plain image fed from a website shown on an e-mail.       IP, yes.  User-agent, yes.  But e-mail addresses???       The beatch is probably collecting our addresses for spam. Definition:  beatch = a bi**h lying on a bea

RE: [Full-Disclosure] leaking

>Given the recent Novell announcement regarding the GPL'ing of >Evolution Connector, there's little to no excuse for using the >remaining one. When my distro gets out evolution packages with the the connector included I'll give it a chance but until so I must use vmware+w2k+outlook to access our c

Re: [Full-Disclosure] Wireless ISPs

[SNIP} > > Apparently the users don't care, so why should we? > to CYA. And if you provide the means and the info to users on how to use something that is 'safer' and they then do not follow the advice and end up in a deep hole with a shovel tunneling deeper, you are protected if and

RE: [Full-Disclosure] Calcuating Loss

On Wed, 2004-05-12 at 10:56, Schmidt, Michael R. wrote: > Well one of the biggest issues that allows people to remain anonymous > is DHCP. If everyone on the internet was required to get a static IP > address, or to log which IP they were using - using a secure > technology then everyone could be

Re: [Full-Disclosure] leaking

On Wed, 12 May 2004 15:38:47 +0200, Felipe Angoitia <[EMAIL PROTECTED]> said: > >Sounds like a good reason to *not* use certain MUAs to me. Your choice, > >after all. > Not really, my entreprise choice in this concrete case. > And which MUA to use is not the matter now I think. All the major MU

Re: [Full-Disclosure] Wireless ISPs

[SNIP] > > > all I am after is raising the level of knowledge > needed to access the data beyond that of an 8 year old > with windows on a laptop running netstumbler and a > wifi card > > do u not agree this would be prudent ? > Wireless products, as is most often the case with new techn

Re: [Full-Disclosure] leaking

Why a "cryptographically-secure way of generating new email" ?? I will just use a clean installation of an e-mail client and configure it with a freshly created e-mail account. (not a free one, but from my ISP so I know it won't be targeted by spam senders already). Then in that e-mail account I

RE: [Full-Disclosure] leaking

Are you going to tell me you didn't see this ad in your MUA?Then, it doesn´t render HTML!Since the ignomious "web bug" is only a simple plain vainilla ad contained in all messages sent from Rediffmail, a web based mail service.     Iñigo KochRed Segura        -Mensaje original-De: [

Re: [Full-Disclosure] leaking

>>> Dave Horsfall <[EMAIL PROTECTED]> 12/05/2004 13:13:07 >>> > Unless you have a cryptographically-secure way of generating new email > addresses, you will not have proved anything. One of the interesting things I did when tweaking something on a website was to include a piece of code which does

Re: [Full-Disclosure] Victory day - Sasser surrenders

Thankx On Tue, 11 May 2004 15:34:19 +0100 Rob Clark <[EMAIL PROTECTED]> wrote: > > 193.x.x.x isnt internal,,, is it? > > > > > > --On Monday, May 10, 2004 12:16 PM +0200 fd <[EMAIL PROTECTED]> wrote: > > > > > I'd remove something from the mailer: > > > Received: from [192.168.195.2] ([193.7

RE: [Full-Disclosure] leaking

>Sounds like a good reason to *not* use certain MUAs to me. Your choice, >after all. Not really, my entreprise choice in this concrete case. And which MUA to use is not the matter now I think. bye ___ Full-Disclosure - We believe in it. Charter: http:

Re: [Full-Disclosure] CHANNEL FREQ'S

On 12 May 2004 at 7:27, Tyler, Grayling wrote: > Geqqam69200, > > I've seen a few people refer to the lower 6 channels of wireless > as operating in the Ham freq. spectrum. I am a bit confused > where this is coming from as 802.11b operates in the ISM > (Industrial Scientific and Medical) band.

[Full-Disclosure] [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

[Full-Disclosure] leaking?

Hi abhilash verma and the rest... Why do you include this in your mails? tracking full-disclosure readers which use html rendering muas?   http://clients.rediff.com/signature/track_sig.asp"> SRC=""http://ads.rediff.com/RealMedia/ads/adstream_nx.cgi/www.rediffmail.com/[EMAIL PROTECTED]">http

Re: [Full-Disclosure] CHANNEL FREQ'S

Tyler, Grayling wrote: Geqqam69200, I've seen a few people refer to the lower 6 channels of wireless as operating in the Ham freq. spectrum. I am a bit confused where this is coming from as 802.11b operates in the ISM (Industrial Scientific and Medical) band. This band (~2.4 GHz) is used by 8

Re: [Full-Disclosure] leaking

On Wed, 12 May 2004, KUIJPERS Jimmy wrote: > I will open the e-mail with a mail client with a new e-mail address > (when I get home tonight) and see how much spam I will receive. I will > give a report when I receive some significant spam or if I have not > received any spam for days and days. Un

[Full-Disclosure] CHANNEL FREQ'S

Title: CHANNEL FREQ'S Geqqam69200, I've seen a few people refer to the lower 6 channels of wireless as operating in the Ham freq. spectrum.  I am a bit confused where this is coming from as 802.11b operates in the ISM (Industrial Scientific and Medical) band.  This band (~2.4 GHz) is used by

Re: [Full-Disclosure] Wireless ISPs

Hi Brian and Dan, Sit down sometime inside a wireless ISPs area and run kismet. You can see someone connect to a service via SSL, then immediately after they purchase something they check the email. Guess what ? the Credit card # and address are in that email. Yeah... There is 2 problems : - one

Re: [Full-Disclosure] leaking

On Wed, 12 May 2004, Felipe Angoitia wrote: > Hi abhilash verma and the rest... Why do you include this in your > mails? tracking full-disclosure readers which use html rendering muas? Sounds like a good reason to *not* use certain MUAs to me. Your choice, after all. Hint: my MUA renders HTML.

Re: [Full-Disclosure] Wireless ISPs

Isn't it also the responsibility of the site where your ordering? To have any data submitted by e-mail to be delivered securely. For example by having the e-mail itself encrypted? [devil's advocate mode] Sure, one can also have the debate that wireless links should be encrypted but that's someth

Re: [Full-Disclosure] leaking

The beatch is probably collecting our addresses for spam. To proof the theory: I will open the e-mail with a mail client with a new e-mail address (when I get home tonight) and see how much spam I will receive. I will give a report when I receive some significant spam or if I have not received an

[Full-Disclosure] MS Exchange message lost

* MS Exchange duplicate message fault (message lost) * * MS Exchange (all versions affected) duplicate message fault * * I discovered this bug independently on 10, 2003 * * public post 05, 2004 * * Helmut Schmitz < [EMAIL PROTECTED] > * * (c) 2003/2004 Copyright by Helmut Schmitz - HackForce.NET

[Full-Disclosure] leaking

Title: leaking Hi abhilash verma and the rest... Why do you include this in your mails? tracking full-disclosure readers which use html rendering muas? http://clients.rediff.com/signature/track_sig.asp">http://clients.rediff.com/signature/track_sig.asp> SRC="">

Re: [Full-Disclosure] removing sasser

Microsoft recently (yesterday?) added Sasser removal tool to their Windows update. As usual, various antivirus vendors probably have similar one-purpose tool available for download. Ondra On Wed, May 12, 2004 at 01:22:08AM +0200, Marcel Krause wrote: > Hi folks! > > Is ther a way to remove Sasse

[Full-Disclosure] Mdaemon 7.0.1 IMAP overflow.

Let it be known that this bug is after authentication ("postauth") and therefore useless. In the current version of Mdaemon from ALTN there exists an easy to exploit, run-of-the-mill stack overflow. By authenticating and sending a large argument to the STATUS command in the IMAP component, a b

Re: [Full-Disclosure] Wireless ISPs

>Dan, >Your reasoning is quite skewed. Yes wireless ISP'ISP'sould have >encryption and most do. It is very poor accounting >and business >procedures to let evereveryouneyour network and use it >for free. >Unless >maybe you are thinking of a WAP WAPa coffee house. >However saying that wireless

[Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1638 - 32 msgs

Yes http://ftp.kaspersky.com/utils/clrav/clrav.zip - Doc - in reply to - Date: Wed, 12 May 2004 01:22:08 +0200 From: Marcel Krause <[EMAIL PROTECTED]> To: Full Disclosure <[EMAIL PROTECTED]> Subject: [Full-Disclosure] removing sasser Hi folks! Is ther a way to remove Sasser without dow

[Full-Disclosure] Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability

  Brad, Can you provide the details and the menu based exploit :) of the two vulnerabilities discovered by you last year.. It would be really helpful in doing the security assessments... Thnx, Abhilash On Tue, 11 May 2004 [EMAIL PROTECTED] wrote : >Send Full-Disclosure mailing list submission

[Full-Disclosure] Re: removing sasser

Yes http://ftp.kaspersky.com/utils/clrav/clrav.zip - Doc - in reply to - Date: Wed, 12 May 2004 01:22:08 +0200 From: Marcel Krause <[EMAIL PROTECTED]> To: Full Disclosure <[EMAIL PROTECTED]> Subject: [Full-Disclosure] removing sasser Hi folks! Is ther a way to remove Sasser without dow