I would say that the latter is the more
likely, but the message came from a hotmail account. Doesn’t hotmail
check attachments? I didn’t look at the headers really so spoofing is
possible. I am getting a copy to a research company so I can get some more
answers maybe.
-Original Mes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've seen that too, on several machines, different range of ip's. I guess it`s
some sort of a mass bruteforce exploit (there were 50 or more attempts on my
box in just 20-30 s). Anyone who can enlighten us, it will be appreciated,
i've searched too
#
Application:Mozilla Firefox
Vendors:http://www.mozilla.com
Version: 0.9.1 / 0.9.2
Platforms: Windows
Bug: Certificate Spoofing (Phishing)
Risk: High
Exploitation: Remote with browser
Date: 2
I have noticed the same activity on 3 of my shell servers, all
originating from the 62.67.x.x range however my case I believe is
slightly different as the 3 shell services are running on the same IP
address yet are all listening on different ports.
___
There's a thread on DSLR about it, about 2 days old now:
http://www.dslreports.com/forum/remark,10854834~mode=flat~days=
--
Paul Mohr
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.
--On Thursday, July 22, 2004 10:47 AM -0400 Jay Libove <[EMAIL PROTECTED]>
wrote:
Here are some log entries from my system:
Jul 15 10:01:34 panther6 sshd[8267]: Illegal user test from 62.67.45.4
Jul 15 10:01:34 panther6 sshd[8267]: Failed password for illegal user
We've been seeing these as well,
On 22 Jul 2004, at 07:47, Jay Libove wrote:
[ Posted to full disclosure and vulnwatch; please edit reply
address(es)
as appropriate. Thanks. -Jay ]
My Linux system, and a Linux system run by a friend here in the same
city
but on a completely different netblock (different ISP), have both seen
ap
#
Service: Search Engines
Vendors:Google,Altavista ,Excite.com,Yahoo
Metacrawler, Dogpile, Downloads.com, MSN.com
Bug: Cross Site Scripting
Risk: Medium Or Low or High, depends
On 25 Jul 2004, at 12:06, Curt Purdy wrote:
Todd Towles wrote:
I received an e-mail today that looked very much like a virus. Here
is the message
Attachment - erupts.avi.exe
Subject - New Southern California wildfire erupts
Either this is a new Trojan that changes it body and subject based on
On Sun, 2004-07-25 at 13:57, Paul Schmehl wrote:
> For the last time, I have *already* done this. With both a snaplen of 1024
> and a snaplen of 4096. It *hasn't* produced anything useful unless someone
> thinks *this* is useful (I'm using tcpdump on FreeBSD 4.9 RELEASE.):
>
> tcpdump -c 100
--On Sunday, July 25, 2004 5:51 PM -0500 Frank Knobbe <[EMAIL PROTECTED]>
wrote:
could you please post some *payload* of these packets instead of just
the tcpdump one-liner? Perhaps that's why we confused about your tcpdump
output/usage.
That *is* the payload.
Paul Schmehl ([EMAIL PROTECTED])
Adju
If I may inquire, why would you care about such a
nobody? Are you insulted that a "real" hacker didn't
find your site worthy? It's just a website, why are
you whining? The more you guys whine, the more they
think what they do matters.
-redX
--- [EMAIL PROTECTED] wrote:
>
>
> Hello all,
>
>
Abilash Praveen wrote:
> whats this about?
> - Original Message -
> From: "g0bb13s" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, July 25, 2004 12:58 PM
> Subject: [Full-Disclosure] Cry For help
>
>
> > Good sirs and madames,
It's a 491 scam parody.
Curt Purdy CISSP, G
Jay,
Seeing these attempts on both work and home systems.
HTH,
Harry
Jay Libove wrote:
[ Posted to full disclosure and vulnwatch; please edit reply address(es)
as appropriate. Thanks. -Jay ]
My Linux system, and a Linux system run by a friend here in the same city
but on a completely different net
I've seen that too, on several machines, different range of ip's. I guess it`s
some sort of a mass bruteforce exploit (there were 50 or more attempts on my
box in just 20-30 s). Anyone who can enlighten us, it will be appreciated,
i've searched too and couldn't find anything related.
Intr-un mail
Todd Towles wrote:
> I received
an e-mail today that looked very much like a virus. Here is the message
>
> Attachment
– erupts.avi.exe
>
> Subject –
New Southern
California wildfire
erupts
.
>
> Either this
is a new Trojan that changes it body and subject based on the current AP new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.7 : Mozilla Multiple issues
Advisory number:SCOSA-2004.8
Issue date:
On Sun, 25 Jul 2004 [EMAIL PROTECTED] wrote:
> Hello all,
>
> I just had a site cracked by some script-kiddy going by RedX.
>
> the little squirt was just being pesky by cracking the passwd for a simple
> store admin and plastering "Hacked by redX" in the php forms not a real hack.
> and he uploa
On Saturday July 24 2004 20:55, Willem Koenings wrote:
> hi,
>
> > NAV does recognise it as Trojan.ByteVerify.
>
> do you talk about those java components or about web.exe?
> those java components are indeed recognized, as byteverify
> vulnerability is old enough and in this context java is
> used
Interesting discussion. There should be more DNS validation performed in the real
world. We know what we're putting into DNS with respect to the domains we control, but
the only time we find out about bad responses coming out at network endpoints is when
we see the bad data ourselves or end user
--On Saturday, July 24, 2004 10:16 AM -0500 Suzi and Harold VanPatten
<[EMAIL PROTECTED]> wrote:
It seems to me you could do this without setting up a dns server. Just
tcpdump the traffic or sniff or snoop the traffic. It you set it up with
a snaplength of 1500 you'll get enough of the packet to
It seems to me you
could do this without setting up a dns server. Just tcpdump the traffic or sniff
or snoop the traffic. It you set it up with a snaplength of 1500 you'll get
enough of the packet to see exactly what dns query is being
asked...something like
tcpdump -n -s 1500 udp and por
> (H -- does it also fail on
W2K3??)
>I had to specifically click on the "Program" tab, which evoked a null-
>pointer read attempt
It works on 2k3, same steps taken.
jp
-Original Message-
From: Nick FitzGerald [mailto:[EMAIL PROTECTED]
Sent: Wed 7/14/2004
It's [EMAIL PROTECTED]
-cdh
From: [EMAIL PROTECTED] on behalf of Steven Evans
Sent: Sat 7/24/2004 7:23 PM
To: Mailing List - Full-Disclosure
Subject: [SPAM] - [Full-Disclosure] Yahoo Security Dept email address - Email found in
subject
Hey guys
What is the
On 23.07.2004 17:11:10 +, Paul Schmehl wrote:
> --On Friday, July 23, 2004 09:50:44 PM +0200 [EMAIL PROTECTED] wrote:
> >
> >hm... you could also try reverse lookups for all existing ip-adresses in
> >the world :)
> >
> Well, no, because that wouldn't solve the problem.
>
> A host on our netwo
I don't understand the effect it has on Mozilla. It certainly crashed my IE
but for Mozilla, the URL window displayed a diamond shape with a red "X"
through it. Mozilla was unresponsive afterwards. I had to close the window
to recover. I am a W2K user at work.
ST
-Original Message-
From:
On Fri, Jul 23, 2004 at 12:32:28PM -0500, Paul Schmehl wrote:
> Can this be done?
>
> Conditions:
> 1) You know an IP address that is running a DNS server. (IOW, it responds
> to digs.)
> 2) You do not know the hostname or domain of the host.
> 3) The DNS server does not allow zone transfers.
>
Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
box. Maybe they should have chosen a better host OS?
G[D
---
What does this have to do with the host os?
oh wait CISSP, Computer Security ha ha my bad
___
Full-Disclosure - We b
On Fri, 23 Jul 2004, nicolas vigier wrote:
>
> Linux sc8-pr-web6 2.4.20-24.9bigmem #1 SMP Mon Dec 1 11:14:38 EST 2003 i686
Ok, they finally updated it a few hours after this message, when I had
sent them a second mail explaining how it could be easy to get root on
this web server for anyone havi
Vulnerability in Comcast Webmail Manager allows arbitrary java and activex code
execution
Systems: Comcast Webmail email system. www.comcast.net
Vulnerable: X-Mailer: AT&T Message Center Version 1 (Mar 22 2004)
Not Vulnerable: Unknown
Severity: Serious / Low (Fixed now)
Category: Arbitrary Execut
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
On Sat, Jul 24, 2004 at 12:58:42AM -0500, Paul Schmehl wrote:
> i think your isp should have this info
>
>> Umm..did you look at my address? We own a class B. We don't have an
>> ISP.
Agreed. Even if you did have an ISP, I don't see any reason why they
would have this information.
> Not if
[ Posted to full disclosure and vulnwatch; please edit reply address(es)
as appropriate. Thanks. -Jay ]
My Linux system, and a Linux system run by a friend here in the same city
but on a completely different netblock (different ISP), have both seen
apparently automated attempts to log in to our s
Yeah I saw this on July 5 on SecuriTeam. Your stuff, isn't it?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phuong
Nguyen
Sent: Friday, July 23, 2004 1:18 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Crash IE with 11 bytes ;)
Hey,
I thought you g
This is sort of a rant. Companies believe there is a 'black box' that will
secure them. We all know this to be false. Besides all the buggy code,
unsafe operating practices and the like, one of the biggest issues is from
the attitude of the companies themselves. Recently, I experienced this firs
mi2g attacked a number of "so-called" security sites in a 20 July press
release. mi2g identified by name the following sites: SecurityFocus,
Insecure, Neohapsis, NetSys, e2kSecurity, Der Keiler, gossamer-threads, C4I,
VulnWatch, and Landfield.
Vmyths will slam mi2g in an upcoming column -- becaus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Hello all,
I just had a site cracked by some script-kiddy going by RedX.
the little squirt was just being pesky by cracking the passwd for a simple
store admin and plastering "Hacked by redX" in the php forms not a real hack.
and he uploaded a file with some stupid logo he made with MS paint wh
On Sun, 25 Jul 2004, Abilash Praveen M wrote:
> whats this about?
It's a really funny parody of a 419-scam (also known as the Nigerian
Scam). I'm sure you've seen the letters from "Miriam Abacha"?
See: http://www.secretservice.gov/alert419.shtml
Absolutely fucking hysterical!
--
Yours,
J.A
Dear list,
This is nonsense. As clearly stated on the defcon.org website, admission
to defcon costs 80 US dollars. This does not include bus fare.
However, as Bugtraq Security Systems is no longer a non-profit
organisation, and we have indeed fared quite well helping both the MPAA
and the RIAA hu
whats this about?
- Original Message -
From: "g0bb13s" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 25, 2004 12:58 PM
Subject: [Full-Disclosure] Cry For help
> Good sirs and madames,
>
> Please. Fifty dollar.
>
> My name is G0ibbles Bugtrack,16 years from the mall of
Apple OSX Panther Internet Connect - Local root Vulnerability.
==
Date: 25.07.2004
Author: B-r00t. 2004.
Email: B-r00t <[EMAIL PROTECTED]>
Vendor: Apple
Operating
System: OSX Panther (Possibly Pr
Hello,
> > dns query is being asked...something like
> > tcpdump -n -s 1500 udp and port 53 and host 1.2.3.4
> >
> I already did this, and I already posted it here. It didn't reveal
> anything that I wasn't already aware of - ns requests and ptr
> requests for
> that IP.
Update your tcpdump o
This might not be exactly what you want, but you can register with
verisign and download the root zone file that contains the com and net
TLD's. I think the org TLD is done by someone else. Anyway, there are
some weird restrictions, such as IP access lists and what not, but if
you get the zone fi
Good sirs and madames,
Please. Fifty dollar.
My name is G0ibbles Bugtrack,16 years from the mall of
some stupid
state
in
middle America.
My father,my younger Sister and I escaped from our
mall at the heat of
the great summer sales rush after loosing my mother
and two of my
senior
brothers in
On 24 Jul 2004, at 22:15, Yaakov Yehudi wrote:
(could not decrypt message)
Would help if we could read it...
PGP.sig
Description: This is a digitally signed message part
Hi,
When given following command from root directory of
any drive (c:\, d:\, etc.,)it throws below given
error.
Command:
c:\> write
aaa
47 matches
Mail list logo