http://news.bbc.co.uk/2/hi/uk_news/3772077.stm
http://www.cnn.com/2004/WORLD/europe/06/03/britain.flight/index.html
Massive air disruption across UK
Thousands of air passengers are facing delays after an air
traffic control computer failure caused flights to be
suspended across the UK.
National
Denial of Service Vulnerability in
Linksys BEFSR41 - Router vuln was identified and
tested on.
Linksys BEFSR41 v3
Linksys BEFSRU31
Linksys BEFSR11
Linksys BEFSX41
Linksys BEFSR81 v2/v3
Linksys BEFW11S4 v3
Linksys BEFW11S4 v4
Available from www.linksys.com
October 19, 2003 (Revised November 10,
Hi all
Does any one know a vulnarability in Watch guard?
Rgds
Sudharsha
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
http://www.theregister.co.uk/2004/06/03/text_punk/
Secret Police slap cuffs on Punk SMSer
by Lucy Sherriff, TheRegister, 3 June 2004
A tech worker was arrested yesterday after a text message he sent
was intercepted and traced back to his phone.
In a scene reminiscent of Neo's first escape from
SUMMARY
---
Tripwire(tm) is a Security, Intrusion Detection, Damage Assessment
and Recovery, Forensics software.
A vulnerability in the product allows a user on the local machine
under certain circumstances to execute arbitrary code with the
rights of the user running the program (typically
180
Solutions Exploits and Toolbars Hacking Patched Users
By Rafel Ivgi, The-Insider
Table Of Contents:
*
1. Class Name
2. Infecting Files
3. Related Registery Entries
4. Cleaner
5. Solution
6. Visit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
_,--,_
__,-'| ___ /' |
/' `\,--,/' `\ /' |
( ) ( )'
\_ _/' `\_ _/
On Thursday 03 June 2004 05:03, KF (lists) wrote:
Someone that has had some success communicating things security wise to
Borland may wish to contact them about this.
[EMAIL PROTECTED] bin]# rpm -ivh /root/InterBaseSS_LI-V7.1.0-1.i386.rpm
[EMAIL PROTECTED] bin]$ pwd
/opt/interbase/bin
Le jeu 03/06/2004 à 11:18, sudharsha a écrit :
Does any one know a vulnarability in Watch guard?
http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
It applied to watchguard boxes, but is patched, and firewalls should now
be shipped with non vulnerable firmwares.
--
GreyMagic Security Advisory GM#006-MC
=
GreyMagic Software, 03 Jun 2004.
Available in HTML format at
http://www.greymagic.com/security/advisories/gm006-mc/.
Topic: Simple Yahoo! Mail Cross-Site Scripting.
Discovery date: 16 May 2004.
Affected applications:
Hi,
First of all, thanks to everyone who provided me with worms as a
response to my last email.
So far I have analyzed the executables (or scripts) of worms, where
my aim was to determine the familiy of an unknown worm. (different
versions of the same worm form a family) This worked quite well,
When I was into finding XSS, I found holes in just about every web-based
email provider with relative ease... The only one that I found was pretty
hardened was hotmail (Probably because everyone is trying to find holes all
the time).
I bet this is still just the tip of the iceberg for yahoo, keep
Hi all,
A few days ago I started seeing outbound TCP connection on port 53,
aimed at the .com NS servers. These were blocked by the firewall. I
realize that this does not violate any RFC, but it's still unusual.
The outbound traffic is not generated by the local bind installation,
which was
On Thu, Jun 03, 2004 at 05:35:22PM +0300, Shachar Shemesh wrote:
The outbound traffic is not generated by the local bind installation,
which was asked to bind to port 53 for outbound traffic. Also,
/etc/resolv.conf lists 127.0.0.1 as the nameserver, so as far as I
understand such traffic
Also, /etc/resolv.conf lists 127.0.0.1 as the nameserver, so
as far as I understand such traffic should not be initiated
by user programs.
It sounds like named is running on your computer. Depending on your
OS, netstat -anp might show you which application initiated the requests.
On Wed, 2 Jun 2004, Paul Herman wrote:
VERSIONS AFFECTED
-
Tripwire commercial versions = 2.4
[...]
Typo. That should be '4.2' and not '2.4'.
-Paul.
___
Full-Disclosure - We believe in it.
Charter:
Recently, I subscribed to Xbox live. After playing on some of
the games online, I thought that this is a perfect place for
covert communication.
There rooms aren't monitored. You can open up private rooms
and communicate with invited friends.
Who knows... :-)
Shachar,
UDP port 53 is normally used for general dns traffic, however anytime
there is more then 576 bytes of data being transferred the DNS protocol
migrates up to TCP. Common reasons for this is for zone transfers or
overall large server replies. Most likely your bind server or a user
and/or
Thursday, June 03, 2004
The following represents an interesting technical examination
when the so-called Anti-Virus protector becomes the
Virus Vector. Naturally this is the result of relying on
the plug and play or module of one Internet Explorer browser
and operating system from a
KHAMSIN Security News
KSN Reference: 2004-06-03 0001 TIP
---
Title
-
The Netgear WG602 Accesspoint contains an undocumented
administrative account.
Date
2004-06-03
Description
---
I found this worm/ trojan on a laptop. Ran FPort and found the .exe.
Doesn't look like it propagates to other machines but rather communicates
with a compromised
web companies server using IRC. The compromised server has removed the IRC
service. Only sends RST packets back.
I put it on my site.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 513-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 3rd, 2004
On Thu, 3 Jun 2004, Shachar Shemesh wrote:
Hi all,
A few days ago I started seeing outbound TCP connection on port 53,
aimed at the .com NS servers. These were blocked by the firewall. I
realize that this does not violate any RFC, but it's still unusual.
TCP is used for DNS when the size
- EXPL-A-2004-002 exploitlabs.com Advisory 028 -
- Surgemail -
OVERVIEW
SurgeMail is a next generation Mail Server -
Combining
Perrymon, Josh L. wrote:
I found this worm/ trojan on a laptop. Ran FPort and found the .exe.
Doesn't look like it propagates to other machines but rather communicates
with a compromised
web companies server using IRC. The compromised server has removed the IRC
service. Only sends RST packets
I read the link below and noticed that this worm must be a variant because
the .exe is not the same and I don't notice and means of network scanning of
propagation.
JP
-Original Message-
From: Harlan Carvey [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 03, 2004 2:25 PM
To: [EMAIL
I was guessing about LSASS because that was the only patch not on the box
that was infected.
The user also had a pass with a couple #'s in it so I didn't think it would
be found in a password list.
After watching it in a while I *Never saw it try to propagate to another
machine. That's what was
Hello,
http://www.packetfocus.com/analysis/wkssvrs.zip
Kaspersky AV says: Backdoor.RBot.gen malware
Virus description:
http://uk.trendmicro-
europe.com/enterprise/security_info/ve_detail.php?
id=59366VName=BKDR_RBOT.A
Try the above URL with RBOT_n (n = B,C,D,E, etc.) ending for more
variants.
On Jun 3, 2004, at 1:54 PM, Perrymon, Josh L. wrote:
I found this worm/ trojan on a laptop. Ran FPort and found the .exe.
Doesn't look like it propagates to other machines but rather
communicates
with a compromised
web companies server using IRC. The compromised server has removed the
IRC
Josh,
I would like to know the attack vectors. I'm
guessing LSASS.
If you don't know what the worm is, what would lead
you to guess that the infection vector is LSASS? Is
there some other piece of information that you're not sharing?
___
On Thursday, 2004-06-03 at 19:35:22 +0200, Tom Knienieder wrote:
Possibly vulnerable (not verified)
WG602 with other Firmware Versions
WG602v2
The WG602v2 uses different firmware.
Download the WG602 Version 1.5.67 firmware from Netgear
Perrymon, Josh L. wrote:
I found this worm/ trojan on a laptop. Ran FPort and found the .exe.
Doesn't look like it propagates to other machines but rather communicates
with a compromised
web companies server using IRC. The compromised server has removed the IRC
service. Only sends RST
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: krb5
Advisory ID:
33 matches
Mail list logo