-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 540-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 18th, 2004
for smaller networks, I'd recommend your eyes ...
Would like to get a better picture of the company
network (other than diagrams given).
Thought I'd ask what are the most recommended tools in
discovering a network environment.
Thx for the help,
J.
__
it's a troll. don't feed it.
-d
Harlan Carvey wrote:
You're kidding, right? What's the purpose of posting
something like that, other than to invite speculation?
Since I doubt that senior management of neither
McAfee nor Foundstone actively monitors this list, one
would think that you could have
This list has become amost useless because of all the people massaging their
own egos. No-one wants to hear opinions about capitalism or criticism about
motivations behind software releases on this particular list. People around
the world use a variety of operating systems all of which have
To answer your question...YES I was kidding!
I did post it to invite speculation!
The Truth is, the mergers within the security space are getting interesting.
First Watchbot buys Sanctum.
Now McAfee finally bought Foundstone (Rumored since Feb.)
What's next? Symantec buys @Stake and ISS buys
Ehlo,
in fact I agree with Dave, if you have to migrate 2000 mail accounts, like I
have to, you'll be glad of this bug ... don't forget that to decrypt the
passes you need access to the machine .. so if you already in ...
cheers
Fremen
Dave Warren writes:
Adik wrote:
IpSwitch IMail Server
On Tue, 2004-08-17 at 13:35 -0400, joe wrote:
And as for backwards compatibility, OSS software
generally doesn't have to worry about backwards
compatibility, the source is advailble, so most
of the time it's possible to make it work. Oh,
and I find wine on linux offers better than
DISCLAIMER: I have been a Principal Consultant employed by Foundstone
for over 4 years.
I replied offline to Tom Ryan, but since you asked Tremaine, I feel I
should try to clear up some potential misconceptions.
Of course there exists the possibility of change and the creation of
some new
Title: RE: [Full-Disclosure] lame bitching about xpsp2
I believe those newsgroups you mentioned would not tolerate the type of postings we see here. However, there's one newsgroups where they'd fit right in, called C.O.L.A..
http://groups.google.com/groups?hl=en==UTF-8=comp.os.linux.advocacy
ok, i dont know what you guys have done when installing xpsp2
but their is nothing wrong with it!
I don't use XP, can't tell. But the opinion of one man isn't that impressive.
i have gone through rc1 and rc2 - sure rc2 wasnt stable but its a beta its
not supposed to be!
Release candidates
To answer your question...YES I was kidding!
I did post it to invite speculation!
But why? Speculation is a complete waste of time.
The Truth is, the mergers within the security space
are getting interesting.
First Watchbot buys Sanctum.
Now McAfee finally bought Foundstone (Rumored
+-[ Software ]-+
Less is a program similar to more, but which allows backward movement in
the file as well as forward movement. Also, less does not have to read
the entire input file before starting, so with large input files it
starts up faster than text editors like vi.
Less uses
It is interesting how far this has drifted off topic. First off let me try
to bring back, then further below give clarification on the previous post.
Most of the posts on SP2 seem to be, wahhh, someone else had a problem and
that isn't right or this doesn't work like *nix and that isn't right.
Release candidates are not beta's. That's why beta's are called beta's
and releasecandidates releasecandidates.
Eventhough, beta's should already have a certain reliability, since
beta means: ready for a scheduled releasetime. That is even more so
for releasecandidates because (yes:) they are
Official standpoint from M$ on beta/RC naming:
Beta releases do not necessarilly contain same functionality as the final
release RC DOES contain same functionality as final release (no more
functionality changes are planned)
So it's not a question of reliability but functionality ...
Just my
+-[ Description ]-+
Format string vulnerability.
+-[ Vulnerable Code ]-+
From less-382:
[filename.c] : 787
public char *
open_altfile(filename, pf, pfd)
char *filename;
int *pf;
void **pfd;
{
...
if ((lessopen =
SANS weekly newsbytes relating to this topic;;
--Microsoft Releases List of Products that Could Conflict with XP sp2
(16 August 2004)
Microsoft has issued a document that lists about 50 applications and
games that may have trouble with the recently released Windows XP
Service Pack 2. Among the
Various people are complaining about the length of this discussion and
the fact that it does not belong here, I can't disagree. There are of
course already plenty of places to discuss this, I will also be
populating discussions on my new forum:
M$ should just bite the bullet and re-write windows with
security in mind, give it a true process scheduler, multiuser
with windows as a client server processes. Build in 256 bit encryption and secure
communications between processes and external communication with no unencrypted
traffic.
joe wrote:
Since you cut out every piece that had anything to do remotely with this
list, I will respond very briefly and then fail to respond to any more list
posts on this from you unless you come back to the subject of security and
away from OSS vs proprietary code.
Hey - you've had at
Internet Explorer supports a fantastic variety of styles
and behaviors amongst other 'unique capabilities'. A lovely
demonstration of that can be found here:
http://www.malware.com/wottapoop.html
--
http://www.malware.com
___
to mitigate the effects.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
Affected Products
=
Vulnerable Products
This vulnerability was introduced by a code change that was committed to the
12.0S, 12.2, and 12.3 based release trains
joe wrote:
If only a #define statement were copied they wouldn't
be obligated to disclose it's source.
I did not say that the only use was a #define, what I said was that would be
enough to get MS to document it if they didn't otherwise outright own the
rights. If you pick up a #define
I am really not interrested in a pissing match but THIS was also From
the site
Currently, all Dell N-Series Precision Workstation desktops are
available and supported with Red Hat Linux.
-KF
From the site:
Dell does not officially support running Linux on Dell desktops.
Try again -- this
M$ should just bite the bullet and re-write windows with
security in mind, give it a true process scheduler, multi-user
with windows as a client server processes. Build in 256 bit encryption and secure
communications between processes and external communication with no unencrypted
traffic.
Took me all of about 30 seconds...
http://linux.dell.com/desktops.shtml
Apparently that 30 seconds did not include reading the page you linked to.
From said page:
Dell does not officially support running Linux on Dell laptops.
However, there are many great community-supported resources
Tim wrote:
+-[ Description ]-+
Format string vulnerability.
+-[ Vulnerable Code ]-+
From less-382:
[filename.c] : 787
public char *
open_altfile(filename, pf, pfd)
char *filename;
int *pf;
void **pfd;
{
...
if ((lessopen = lgetenv(LESSOPEN)) ==
Courier-IMAP Remote Format String Vulnerability
iDEFENSE Security Advisory 08.18.04
www.idefense.com/application/poi/display?id=131type=vulnerabilities
August 18, 2004
I. BACKGROUND
Courier-IMAP is an IMAP/POP3 mail server popular on sites utilizing
Qmail/Exim/Postfix. More information is
Actually the website says: Dell does not officially support running
Linux on Dell laptops, Although, as there are relatively fewer gotchas
associated with Linux running on desktops as compared to laptops,
installing Linux should be a fairly straight-forward task.
If you quote, quote the whole
- Original Message -
From: Barry Fitzgerald [EMAIL PROTECTED]
Sent: Wednesday, August 18, 2004 11:56 AM
Subject: [OT] Re: [Full-Disclosure] lame bitching about xpsp2
OK - put your money where your mouth is. Pretend I'm a consumer. I have
2000 USD to spend and want a good PC with a
/me Pees again and goes away... enjoy the rest of the thread fellas..
the pissing match is in full effect.
-KF
Invicticide X wrote:
Apparently that 30 seconds did not include reading the page you
linked to.
Sure it did. I read it just fine... I believe you are the one that
missed the paragraph
Oops...you should have looked at the website you linked to just a
little more carefully:
_
Dell does not officially support running Linux on Dell desktops. Although,
as there are relatively fewer gotchas associated with Linux running on
desktops as compared to laptops, installing
On Wed, 18 Aug 2004 12:32:55 -0400, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Courier-IMAP Remote Format String Vulnerability
iDEFENSE Security Advisory 08.18.04
www.idefense.com/application/poi/display?id=131type=vulnerabilities
August 18, 2004
[snip]
The vulnerability specifically
When it is stated near the bottom that:
However, iDEFENSE has tested proof of concept exploit code that will cause
the latest version of Adobe Acrobat Reader (6.0.2) to crash.
Does this mean that the vulnerability isn't fixed at all, or are they just
saying that the remote code execution was
Our county has approved the purchase of these machines for the upcoming
election. I looked them up on the www and found that the Windows-based voting
machines use WEP to ensure the security of the wireless transmissions of the
machines to a central site.
Without even commenting on the security
KF_lists wrote:
OK - put your money where your mouth is. Pretend I'm a consumer. I
have 2000 USD to spend and want a good PC with a good warranty with
GNU/Linux on it. Find me a link to a major OEM that will ship me a
PC within those specs with decent hardware and a generally recognized
Functionlity issue is true, yet to add functionlity you must add more
lines of code. Beta programs are there to debug code therefore it is
understood to have less reliability.
Both stages are for debugging code but during beta they are adding fresh
code that hasn't been looked over for bugs.
Clairmont, Jan M wrote:
M$ should just bite the bullet and re-write windows with
security in mind, give it a true process scheduler, multi-user
with windows as a client server processes.
snip
It ain't gonna happen. There is so much legacy code, dating all the way
back to NT 3.5 in 2K XP that
OK - put your money where your mouth is. Pretend I'm a consumer. I
have 2000 USD to spend and want a good PC with a good warranty with
GNU/Linux on it. Find me a link to a major OEM that will ship me a PC
within those specs with decent hardware and a generally recognized name
(Dell,
Since you cut out every piece that had anything to do remotely with this
list, I will respond very briefly and then fail to respond to any more list
posts on this from you unless you come back to the subject of security and
away from OSS vs proprietary code.
I know what is from what source based
I think you meant your first line to be
All OS vendors should bite the bullet and re-write their code with security
in mind.
Not sure why you singled MS out for that statement. Especially considering
the rest of the post.
joe
-Original Message-
From: [EMAIL PROTECTED]
Imsure glad Microsoft spent more on security
and xp service pack 2 then themissle defense system. This works on
me using XP Pro SP2, malware[1].exe is inmy startup folder!!! It
would be trivial and easy to trick users to drag something.I totally feel
unsecure with Microsoft and SP2 yet
Apparently that 30 seconds did not include reading the page you
linked to.
Sure it did. I read it just fine... I believe you are the one that
missed the paragraph stating:
Currently, all Dell N-Series Precision Workstation desktops are
available and supported with Red Hat Linux.
You are
M$ should just bite the bullet and re-write windows with
security in mind, give it a true process scheduler, multi-user
with windows as a client server processes. Build in 256 bit encryption and secure
communications between processes and external communication with no unencrypted
traffic.
Apparently that 30 seconds did not include reading the page you
linked to.
Sure it did. I read it just fine... I believe you are the one that
missed the paragraph stating:
Currently, all Dell N-Series Precision Workstation desktops are
available and supported with Red Hat Linux.
You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: spamassassin
Advisory
On Wed, 2004-08-18 at 11:38, joe wrote:
I think you meant your first line to be
All OS vendors should bite the bullet and re-write their code with security
in mind.
Not sure why you singled MS out for that statement. Especially considering
the rest of the post.
Probably to bait you, and
Pads Stack Overflow Advisory
---[ Vulnerable Application ]---
Pads - Passive Asset Detection System
(from the README ^)
http://passive.sourceforge.net/
Vulnerable to a stack overflow.
---[ Vulnerable Code ]---
From pads.c
code snip
..
char report_file[255] = assets.csv;
.
case 'w':
I tested this with 6.0.1: No overflows as far as I can see, but then again I didn't
test it on the mentioned webservers: I wrote a small webserver myself that returned
a valid HTTP reply with a pdf file for ANY request (reply copy-pasted from an apache
server).
No matter what I tried, I didn't
This really isntreally aflaw , but I
noticed that if you have skype logged in on two boxesusing the same
account, thefirst account does not get disconnected and the instant
messaging goes to both boxes, so if you were able to get the password to some
ones skype account you can get one side
Immunity, Inc. is proud to present Nicolas Waisman's libdisassemble,
released today under the LGPL.
Download this library from:
http://www.immunitysec.com/resources-freesoftware.shtml
Readme:
Immunity libdisassemble v1.0
~~
http://www.immunitysec.com
Aug 18, 2004
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: qt3
Advisory ID:
On Wed, 2004-08-18 at 19:49, VeNoMouS wrote:
This really isnt really a flaw , but I noticed that if you have skype
logged in on two boxes using the same account, the first account does
not get disconnected and the instant messaging goes to both boxes, so
if you were able to get the password to
only the text, it does call both logins so you could steal a call , but you
can not listen to a convo
- Original Message -
From: 404 [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 19, 2004 1:57 PM
Subject: Re: [Full-Disclosure] Skype
On Wed, 2004-08-18 at 19:49,
Loaded fine in Opera 7.53 on XP-SP1, NVIDA RIVA TNT2 64, MS Drivers
On Mon, 16 Aug 2004 09:30:47 +1000, Casey Ellis [EMAIL PROTECTED] wrote:
Moderator: I am not subscribed, but this is probably useful info...
I've tested the link on a WinXP SP2 box (P3 500mhz w/ 256MB) and she
froze pretty
55 matches
Mail list logo