Agreed, talk about dry news day...
Most people dont even know what that padlock is anyway.
Daniel
> This thread is simply ludicrous.
>
>
> JAT> This is Social Engineering, and a damn fine example!
>
> JAT> This is in fact a pretty good fake-out: I'm sorry I didn't think of
> it
> JAT> myself.
>
>
This one reported to Mcafee a short time ago, this day. They don't see it as
a bug, however.
Enter a valid name into your FRIENDS list. Say "John" ([EMAIL PROTECTED])
is the entry. Now put an entry in ACCEPTING email from any email address
where the received line has a certain phrase in it. Eg, y
This thread is simply ludicrous.
JAT> This is Social Engineering, and a damn fine example!
JAT> This is in fact a pretty good fake-out: I'm sorry I didn't think of it
JAT> myself.
JAT> The obvious use here is in phishing expeditions: people *expect* that
JAT> little lock to be somewhere on the
Yes, but it shares the fax line. I checked.
-Eddie
On Thu, 15 Jul 2004 10:44:20 -0700, Schmidt, Michael R. wrote:
>Is there a Fire/Burglar Alarm system wired to the phone?
>
>Michael R. Schmidt
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eddie
>Se
This is Social Engineering, and a damn fine example!
This is in fact a pretty good fake-out: I'm sorry I didn't think of it
myself.
The obvious use here is in phishing expeditions: people *expect* that
little lock to be somewhere on the screen, but how many of them would
think "oh. it's in the
On Fri, Jul 16, 2004 at 12:10:33PM +1200, Nick FitzGerald wrote:
> Seth Alan Woolley to me:
>
> > > The correct solution to all such problems is simply to reject the
> > > content as malformed. And guess what will happen when you do that?
> > > Several really crappy web design products will di
Please forgive me for my tone, but this is just plain puerile, ridiculous and
profoundly FUD mongering! It's a favicon for the gods sakes!
Granted there will be a minority of people who may be misled by a fake padlock in some
convoluted phishing scam. However, can someone explain exactly what
Seth Alan Woolley to me:
> > The correct solution to all such problems is simply to reject the
> > content as malformed. And guess what will happen when you do that?
> > Several really crappy web design products will disappear because the
> > folk using them will drop them because no-one can
I am a newbie, but a few thoughts occur to me:
First is that my emailer doesn't handle this well at all. More Below:
[signature deleted]
[EMAIL PROTECTED] wrote on 07/15/2004 04:36:29 PM:
<...snip...>
> let's note that you are the only MCSE here.
How do you know> I *could* be an MCSE.
Sorry for the gory SGML details to follow...
On Thu, Jul 15, 2004 at 09:13:12PM +0200, Pavel Kankovsky wrote:
> On Wed, 14 Jul 2004, Seth Alan Woolley wrote:
>
> > If the topic of exploiting browsers to gain unauthorized access to
> > websites with buggy input validation is back in vogue, here's
FYI:
Opera 7 generic: Works;
IE 6.0.2800.1106 sp1;Q837009;Q832894;Q831167;Q823353
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
"...justice is a duty towards those whom you love and those whom you do
not. And people's rights will not be harmed if the opponent speaks out
about them."
FYI:
Opera 7 generic: Works;
IE 6.0.2800.1106 sp1;Q837009;Q832894;Q831167;Q823353: Does not work
--
Yours,
J.A. Terranson
[EMAIL PROTECTED]
"...justice is a duty towards those whom you love and those whom you do
not. And people's rights will not be harmed if the opponent speaks out
abo
On Thu, 15 Jul 2004, Martin Wasson wrote:
> From: Martin Wasson <[EMAIL PROTECTED]>
^^
What's stopping you from using your, um, more common address?
> >>This is not, *technically* SNMP, as it is not using it's assigned ports.
> >>This is a variant,
Linked below is a Hardening stack TCP/IP tool for Windows. It is designed
for all versions of Windows XP, and all version of Windows 2000. The tool
supplies a simple GUI for Hardening Stack Tcp/ip os Windows againg many Dos
attack.The program is:http://www.securitywireless.info/download/hardt
Does anyone on the
list know if a phishing scam victim who is willing to come forward and be
interviewed on a national news show this weekend?
The person can be
"annonymized" if necessary.
Please advise -
Erik
Laykin
President
OnlineSecurity
[EMAIL PROTECTED]
El jueves 15 de julio a las 16:41, Vincent Archer escribió:
> they wait for moderation. Since you usually do a group reply to include
> the list in addition to the original poster, the original poster can
That's what everybody does, but I think it's not the best way to
reply. Any decent e-
hi,
a friend pointed the post about the hhh out to me. i've subscribed to
the list just to post this, and will be unsubscribing afterwards, so if
you need to reach me please do it via email.
maybe you've got the wrong impression of the hacker halfway house, but
we're not a hostel or the like to
Nick FitzGerald wrote:
> > I'd say that's because you changed the filetype; pif files simply
> > contain information on how to handle a DOS executable; they aren't a
> > program themselves. All you did was make it get confused and kill
> > itself.
>
> Yeah, but how long is it now since we've been t
I would humbly suggest asking them about their "time clock machine". A lot of places
will have one computer that doesn't always look like a computer which the registers
talk to. Oftentimes this is written off by employees as a cash register rather then a
computer.
Timecard systems also can h
>>This is not, *technically* SNMP, as it is not using it's assigned ports.
>>This is a variant, and interestingly, that port is assigned to
>>
>> empire-empuma 1691/tcpempire-empuma
>> empire-empuma 1691/udpempire-empuma
>>
>>Unless Sysedge is the decendant o
Do you have your own PBX? There is usually a modem into the phone system for
dial in access for maintenance Just a thought.
Tom
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Schmidt,
Michael R.
Sent: July 15, 2004 11:44 AM
To: 'Eddie'; [EMAIL PROTEC
On Wed, 14 Jul 2004, Seth Alan Woolley wrote:
> If the topic of exploiting browsers to gain unauthorized access to
> websites with buggy input validation is back in vogue, here's a strange
> situation for you that _only_ works in mozilla-based browsers:
>
> http://bugzilla.mozilla.org/show_bug.cg
On Thu, Jul 15, 2004 at 11:08:48PM +1000, Dave Horsfall wrote:
> On Thu, 15 Jul 2004, Darren Reed wrote:
>
> > Have you ever actually used format on Solaris to format a SCSI disk ?
> > It's somewhat similar, I believe, to "scsictl /dev/sd0a format" on NetBSD.
>
> Etc.
>
> Odd... I began seeing
Hello,
This is off topic, but has anyone stayed there? Ive never been to NY and I my friend
suggested we stay there and save the money. Suggestions?
Thanks,
Doug
http://www.hackerhalfwayhouse.org/
___
Full-Disclosure - We believe in it.
Charter: http
Nice find :)
The problem does not rely on similarly named methods, rather it relies
on the trust access checks that IE performs on function calls in
disparate windows.
When you try to alert each of the assign methods in your example their
core toString methods are called which return a static st
Dan Sichel
Network Engineer
Ponderosa Telephone
[EMAIL PROTECTED] (559) 868-6367
>
> The correct solution to all such problems is simply to reject the
> content as malformed. And guess what will happen when you do that?
> Several really crappy web design products will disappear because th
Is there a Fire/Burglar Alarm system wired to the phone?
Michael R. Schmidt
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eddie
Sent: Wednesday, July 14, 2004 9:56 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Mystery phone lines, something is hidin
Folks;
We are in the process of re-evaluating our IDS.
Part of the evaluation will be to entertain bringing
in other solutions (we currently run Demarc Puresecure
and open source snort).
We really like the SourceFire technology and my
question about them has nothing to do with that.
My question is
We are presently witnessing a seemingly large number of addresses in
the 66.* network address range receiving tfp GET requests from
216.154.203.169. The requests are all similar to the following:
07/15-08:33:58.586343 216.154.203.169:41820 -> 66.xx.xx.xx:69
UDP TTL:237 TOS:0x0 ID:29801 IpLen:20 D
On Fri, Jul 16, 2004 at 03:03:54AM +1200, Nick FitzGerald wrote:
> Barry Fitzgerald wrote:
>
> > I think that the best solution might be to display a dialogue box before
> > it tries to fix the tags stating that the page contains potentially
> > unsafe incomplete tags and asking whether the brow
On 14 Jul 2004 at 10:05, Maarten wrote:
> > dd if=/dev/zero of=/dev/hd? ; dd if=/dev/urandom of=/dev/hd?
>
> I agree. But be advised that using /dev/urandom is several orders of
> magnitude slower than either /dev/zero or /dev/full, so if you're not
> paranoid or the data isn't that sensitiv
Nick FitzGerald wrote:
Nope -- _VERY_ bad idea.
I'm not sure I'd call it a *very* bad idea... it's better than silently
finishing incomplete tags.
Idiot users want to blow both their feet off.
Asking them "do you want a chance to blow your feet off?" only slows
the inevitable slightly, never
Barry Fitzgerald wrote:
> I think that the best solution might be to display a dialogue box before
> it tries to fix the tags stating that the page contains potentially
> unsafe incomplete tags and asking whether the browser should repair them
> or not.
Nope -- _VERY_ bad idea.
Idiot users wa
Seth Alan Woolley wrote:
Is it just me or is that behavior idiotic? I've seen this bug in
_multiple_ scripts I've audited. For that reason, I feel much less safe
signing up for cookies on websites that I haven't audited myself for
this problem. Since it is a script tag, that could open many a ho
On Wed, 14 Jul 2004, Eddie wrote:
> Hello,
>
> I tried calling the numbers with my laptop and cell phone (with Caller ID turned
> off). Most of the lines won't connect with
> No Carrier, but one, I get the string " ** 01 Communications TermServ **" and a
> login prompt.
> Friday, I will be spe
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
The codeBase attribute has allowed command execution from the My
Computer zone without interruption since this misfeature was discovered
by Dildog. It was not automatically re-enabled with yesterdays patches
so there
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ Cc'd by intention ]
On Thu, 15 Jul 2004, Darren Reed wrote:
> Have you ever actually used format on Solaris to format a SCSI disk ?
> It's somewhat similar, I believe, to "scsictl /dev/sd0a format" on NetBSD.
Etc.
Odd... I began seeing replies to this *much* before I saw this original
post f
In MS04-022 the only workaround Microsoft lists is this: "Do not open or
save .job files that you receive from untrusted sources."
As you mentioned, this vulnerability can be triggered automatically
without user interaction and without opening or saving .job files by
navigating to an explorer fold
On Wed, Jul 14, 2004 at 09:55:39PM -0700, Eddie wrote:
>
> I tried calling the numbers with my laptop and cell phone (with Caller ID turned
> off). Most of the lines won't connect with
> No Carrier, but one, I get the string " ** 01 Communications TermServ **" and a
> login prompt.
Credit- o
In some mail from Gary E. Miller, sie said:
> On Wed, 14 Jul 2004, Darren Reed wrote:
>
> > Too bad the pc Unixes don't have a format command like Sun has had
> > for Solaris/SunOStells the hard drive to 'format' and then tests
> > with a number of test patterns.
>
> You can not really force
Programm: Board Power forum v2.04 PF
Autor: Ivan Zhdanov
CRITICAL: Low
Exploit:
http://target/cgi-bin/boardpower/icq.cgi?action=javascript:alert
('hello');
URL: http://www.thewebmasterforums.com
..
Maxpatrol - Professional Network Security Scanner (www.maxpatrol.com).
___
On Wed, Jul 14, 2004 at 09:55:39PM -0700, Eddie wrote:
> I tried calling the numbers with my laptop and cell phone (with Caller ID turned
> off). Most of the lines won't connect with
> No Carrier, but one, I get the string " ** 01 Communications TermServ **" and a
> login prompt.
>From the (p
Ah, a very good idea. One of the 2 locations I am dealing with right now, 1 does have
a phone system. But it's a simple 2 line hunt group setup with 3 extensions. I
only noticed 2 lines going into it, but it's worth checking out again.
The other location does not have any such system. It did at
Nope. They are not credit card, or security/fire system numbers. I figured out what
numbers those are connected to.
And it's not any point of sale numbers. The data is polled from a computer in the back
and that number is accounted for.
Thanks
Eddie
On Thu, 15 Jul 2004 01:30:44 -0400, Mike
smime.p7m
Description: S/MIME encrypted message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Darren!
On Thu, 15 Jul 2004, Darren Reed wrote:
> Have you ever actually used format on Solaris to format a SCSI disk ?
Yes, many times. The first time within a year or two of when they were
founded. Their HQ was less than a mile from my old of
47 matches
Mail list logo
