RE: [ok] [Full-Disclosure] Possible Virus/Trojan

I would say that the latter is the more likely, but the message came from a hotmail account. Doesn’t hotmail check attachments? I didn’t look at the headers really so spoofing is possible. I am getting a copy to a research company so I can get some more answers maybe.   -Original Mes

Re: [Full-Disclosure] Automated SSH login attempts?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've seen that too, on several machines, different range of ip's. I guess it`s some sort of a mass bruteforce exploit (there were 50 or more attempts on my box in just 20-30 s). Anyone who can enlighten us, it will be appreciated, i've searched too

[Full-Disclosure] Mozilla Firefox Certificate Spoofing

# Application:Mozilla Firefox Vendors:http://www.mozilla.com Version: 0.9.1 / 0.9.2 Platforms: Windows Bug: Certificate Spoofing (Phishing) Risk: High Exploitation: Remote with browser Date: 2

Re: [Full-Disclosure] Automated SSH login attempts?

I have noticed the same activity on 3 of my shell servers, all originating from the 62.67.x.x range however my case I believe is slightly different as the 3 shell services are running on the same IP address yet are all listening on different ports. ___

Re: [Full-Disclosure] Automated SSH login attempts?

There's a thread on DSLR about it, about 2 days old now: http://www.dslreports.com/forum/remark,10854834~mode=flat~days= -- Paul Mohr [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.

Re: [Full-Disclosure] Automated SSH login attempts?

--On Thursday, July 22, 2004 10:47 AM -0400 Jay Libove <[EMAIL PROTECTED]> wrote: Here are some log entries from my system: Jul 15 10:01:34 panther6 sshd[8267]: Illegal user test from 62.67.45.4 Jul 15 10:01:34 panther6 sshd[8267]: Failed password for illegal user We've been seeing these as well,

Re: [Full-Disclosure] Automated SSH login attempts?

On 22 Jul 2004, at 07:47, Jay Libove wrote: [ Posted to full disclosure and vulnwatch; please edit reply address(es) as appropriate. Thanks. -Jay ] My Linux system, and a Linux system run by a friend here in the same city but on a completely different netblock (different ISP), have both seen ap

[Full-Disclosure] Cross Site Scripting (XSS) on Google, Altavista ,Excite.com,Yahoo etc

# Service: Search Engines Vendors:Google,Altavista ,Excite.com,Yahoo Metacrawler, Dogpile, Downloads.com, MSN.com Bug: Cross Site Scripting Risk: Medium Or Low or High, depends

Re: [ok] [Full-Disclosure] Possible Virus/Trojan

On 25 Jul 2004, at 12:06, Curt Purdy wrote: Todd Towles wrote: I received an e-mail today that looked very much like a virus. Here is the message Attachment - erupts.avi.exe Subject - New Southern California wildfire erupts Either this is a new Trojan that changes it body and subject based on

Re: FW: [Full-Disclosure] Question for DNS pros

On Sun, 2004-07-25 at 13:57, Paul Schmehl wrote: > For the last time, I have *already* done this. With both a snaplen of 1024 > and a snaplen of 4096. It *hasn't* produced anything useful unless someone > thinks *this* is useful (I'm using tcpdump on FreeBSD 4.9 RELEASE.): > > tcpdump -c 100

Re: FW: [Full-Disclosure] Question for DNS pros

--On Sunday, July 25, 2004 5:51 PM -0500 Frank Knobbe <[EMAIL PROTECTED]> wrote: could you please post some *payload* of these packets instead of just the tcpdump one-liner? Perhaps that's why we confused about your tcpdump output/usage. That *is* the payload. Paul Schmehl ([EMAIL PROTECTED]) Adju

Re: [Full-Disclosure] (no subject)

If I may inquire, why would you care about such a nobody? Are you insulted that a "real" hacker didn't find your site worthy? It's just a website, why are you whining? The more you guys whine, the more they think what they do matters. -redX --- [EMAIL PROTECTED] wrote: > > > Hello all, > >

RE: [ok] Re: [Full-Disclosure] Cry For help

Abilash Praveen wrote: > whats this about? > - Original Message - > From: "g0bb13s" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, July 25, 2004 12:58 PM > Subject: [Full-Disclosure] Cry For help > > > > Good sirs and madames, It's a 491 scam parody. Curt Purdy CISSP, G

Re: [Full-Disclosure] Automated SSH login attempts?

Jay, Seeing these attempts on both work and home systems. HTH, Harry Jay Libove wrote: [ Posted to full disclosure and vulnwatch; please edit reply address(es) as appropriate. Thanks. -Jay ] My Linux system, and a Linux system run by a friend here in the same city but on a completely different net

Re: [Full-Disclosure] Automated SSH login attempts?

I've seen that too, on several machines, different range of ip's. I guess it`s some sort of a mass bruteforce exploit (there were 50 or more attempts on my box in just 20-30 s). Anyone who can enlighten us, it will be appreciated, i've searched too and couldn't find anything related. Intr-un mail

RE: [ok] [Full-Disclosure] Possible Virus/Trojan

Todd Towles  wrote: > I received an e-mail today that looked very much like a virus. Here is the message  > > Attachment – erupts.avi.exe > > Subject – New Southern California wildfire erupts  . > > Either this is a new Trojan that changes it body and subject based on the current  AP  new

[Full-Disclosure] OpenServer 5.0.7 : Mozilla Multiple issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SCO Security Advisory Subject:OpenServer 5.0.7 : Mozilla Multiple issues Advisory number:SCOSA-2004.8 Issue date:

Re: [Full-Disclosure] (no subject)

On Sun, 25 Jul 2004 [EMAIL PROTECTED] wrote: > Hello all, > > I just had a site cracked by some script-kiddy going by RedX. > > the little squirt was just being pesky by cracking the passwd for a simple > store admin and plastering "Hacked by redX" in the php forms not a real hack. > and he uploa

Re: [Full-Disclosure] one new trojan

On Saturday July 24 2004 20:55, Willem Koenings wrote: > hi, > > > NAV does recognise it as Trojan.ByteVerify. > > do you talk about those java components or about web.exe? > those java components are indeed recognized, as byteverify > vulnerability is old enough and in this context java is > used

Re: [Full-Disclosure] Question for DNS pros

Interesting discussion. There should be more DNS validation performed in the real world. We know what we're putting into DNS with respect to the domains we control, but the only time we find out about bad responses coming out at network endpoints is when we see the bad data ourselves or end user

Re: FW: [Full-Disclosure] Question for DNS pros

--On Saturday, July 24, 2004 10:16 AM -0500 Suzi and Harold VanPatten <[EMAIL PROTECTED]> wrote: It seems to me you could do this without setting up a dns server. Just tcpdump the traffic or sniff or snoop the traffic. It you set it up with a snaplength of 1500 you'll get enough of the packet to

FW: [Full-Disclosure] Question for DNS pros

It seems to me you could do this without setting up a dns server. Just tcpdump the traffic or sniff or snoop the traffic. It you set it up with a snaplength of 1500 you'll get enough of the packet to see  exactly what dns query is being asked...something like   tcpdump -n -s 1500 udp and por

RE: [Full-Disclosure] RE: Unchecked buffer in mstask.dll

> (H -- does it also fail on W2K3??) >I had to specifically click on the "Program" tab, which evoked a null- >pointer read attempt It works on 2k3, same steps taken. jp -Original Message- From: Nick FitzGerald [mailto:[EMAIL PROTECTED] Sent: Wed 7/14/2004

RE: [SPAM] - [Full-Disclosure] Yahoo Security Dept email address - Email found in subject

It's [EMAIL PROTECTED] -cdh From: [EMAIL PROTECTED] on behalf of Steven Evans Sent: Sat 7/24/2004 7:23 PM To: Mailing List - Full-Disclosure Subject: [SPAM] - [Full-Disclosure] Yahoo Security Dept email address - Email found in subject Hey guys What is the

Re: [Full-Disclosure] Question for DNS pros

On 23.07.2004 17:11:10 +, Paul Schmehl wrote: > --On Friday, July 23, 2004 09:50:44 PM +0200 [EMAIL PROTECTED] wrote: > > > >hm... you could also try reverse lookups for all existing ip-adresses in > >the world :) > > > Well, no, because that wouldn't solve the problem. > > A host on our netwo

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

I don't understand the effect it has on Mozilla. It certainly crashed my IE but for Mozilla, the URL window displayed a diamond shape with a red "X" through it. Mozilla was unresponsive afterwards. I had to close the window to recover. I am a W2K user at work. ST -Original Message- From:

Re: [Full-Disclosure] Question for DNS pros

On Fri, Jul 23, 2004 at 12:32:28PM -0500, Paul Schmehl wrote: > Can this be done? > > Conditions: > 1) You know an IP address that is running a DNS server. (IOW, it responds > to digs.) > 2) You do not know the hostname or domain of the host. > 3) The DNS server does not allow zone transfers. >

Re: [Full-Disclosure] Vulnerability in sourceforge.net

Really...FreeBSD comes with user nobody set to /sbin/nologin out of the box. Maybe they should have chosen a better host OS? G --- What does this have to do with the host os? oh wait CISSP, Computer Security ha ha my bad ___ Full-Disclosure - We b

Re: [Full-Disclosure] Vulnerability in sourceforge.net

On Fri, 23 Jul 2004, nicolas vigier wrote: > > Linux sc8-pr-web6 2.4.20-24.9bigmem #1 SMP Mon Dec 1 11:14:38 EST 2003 i686 Ok, they finally updated it a few hours after this message, when I had sent them a second mail explaining how it could be easy to get root on this web server for anyone havi

[Full-Disclosure] Comcast(tm) Email Manager allows arbitrary java and activex code execution

Vulnerability in Comcast Webmail Manager allows arbitrary java and activex code execution Systems: Comcast Webmail email system. www.comcast.net Vulnerable: X-Mailer: AT&T Message Center Version 1 (Mar 22 2004) Not Vulnerable: Unknown Severity: Serious / Low (Fixed now) Category: Arbitrary Execut

[Full-Disclosure] [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

Re: [Full-Disclosure] Question for DNS pros

On Sat, Jul 24, 2004 at 12:58:42AM -0500, Paul Schmehl wrote: > i think your isp should have this info > >> Umm..did you look at my address? We own a class B. We don't have an >> ISP. Agreed. Even if you did have an ISP, I don't see any reason why they would have this information. > Not if

[Full-Disclosure] Automated SSH login attempts?

[ Posted to full disclosure and vulnwatch; please edit reply address(es) as appropriate. Thanks. -Jay ] My Linux system, and a Linux system run by a friend here in the same city but on a completely different netblock (different ISP), have both seen apparently automated attempts to log in to our s

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

Yeah I saw this on July 5 on SecuriTeam. Your stuff, isn't it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phuong Nguyen Sent: Friday, July 23, 2004 1:18 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Crash IE with 11 bytes ;) Hey, I thought you g

[Full-Disclosure] Security is not a technology, but instead attitude

This is sort of a rant. Companies believe there is a 'black box' that will secure them. We all know this to be false. Besides all the buggy code, unsafe operating practices and the like, one of the biggest issues is from the attitude of the companies themselves. Recently, I experienced this firs

[Full-Disclosure] mi2g attacks "so-called" security sites

mi2g attacked a number of "so-called" security sites in a 20 July press release. mi2g identified by name the following sites: SecurityFocus, Insecure, Neohapsis, NetSys, e2kSecurity, Der Keiler, gossamer-threads, C4I, VulnWatch, and Landfield. Vmyths will slam mi2g in an upcoming column -- becaus

[Full-Disclosure] [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

[Full-Disclosure] (no subject)

Hello all, I just had a site cracked by some script-kiddy going by RedX. the little squirt was just being pesky by cracking the passwd for a simple store admin and plastering "Hacked by redX" in the php forms not a real hack. and he uploaded a file with some stupid logo he made with MS paint wh

Re: [Full-Disclosure] Cry For help

On Sun, 25 Jul 2004, Abilash Praveen M wrote: > whats this about? It's a really funny parody of a 419-scam (also known as the Nigerian Scam). I'm sure you've seen the letters from "Miriam Abacha"? See: http://www.secretservice.gov/alert419.shtml Absolutely fucking hysterical! -- Yours, J.A

Re: [Full-Disclosure] Cry For help

Dear list, This is nonsense. As clearly stated on the defcon.org website, admission to defcon costs 80 US dollars. This does not include bus fare. However, as Bugtraq Security Systems is no longer a non-profit organisation, and we have indeed fared quite well helping both the MPAA and the RIAA hu

Re: [Full-Disclosure] Cry For help

whats this about? - Original Message - From: "g0bb13s" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, July 25, 2004 12:58 PM Subject: [Full-Disclosure] Cry For help > Good sirs and madames, > > Please. Fifty dollar. > > My name is G0ibbles Bugtrack,16 years from the mall of

[Full-Disclosure] OSX Panther Internet Connect Vulnerability.

Apple OSX Panther Internet Connect - Local root Vulnerability. == Date: 25.07.2004 Author: B-r00t. 2004. Email: B-r00t <[EMAIL PROTECTED]> Vendor: Apple Operating System: OSX Panther (Possibly Pr

Re: FW: [Full-Disclosure] Question for DNS pros

Hello, > > dns query is being asked...something like > > tcpdump -n -s 1500 udp and port 53 and host 1.2.3.4 > > > I already did this, and I already posted it here. It didn't reveal > anything that I wasn't already aware of - ns requests and ptr > requests for > that IP. Update your tcpdump o

Re: [Full-Disclosure] Question for DNS pros

This might not be exactly what you want, but you can register with verisign and download the root zone file that contains the com and net TLD's. I think the org TLD is done by someone else. Anyway, there are some weird restrictions, such as IP access lists and what not, but if you get the zone fi

[Full-Disclosure] Cry For help

Good sirs and madames, Please. Fifty dollar. My name is G0ibbles Bugtrack,16 years from the mall of some stupid state in middle America. My father,my younger Sister and I escaped from our mall at the heat of the great summer sales rush after loosing my mother and two of my senior brothers in

Re: [Full-Disclosure] "Fud, lies and libel" against (type any name here, I'll use mi2g)

On 24 Jul 2004, at 22:15, Yaakov Yehudi wrote: (could not decrypt message) Would help if we could read it... PGP.sig Description: This is a digitally signed message part

[Full-Disclosure] an observation.

Hi, When given following command from root directory of any drive (c:\, d:\, etc.,)it throws below given error. Command: c:\> write aaa