ALD Does anyone have more information about
ALD http://www.hispasec.com/; who
ALD runs virustotal. I don't feel comfortable sending binary to some
ALD company that I have no information about.
hey if the binary is infected and does not contain any hardcoded sencitive info what
do u
I'd be happy to take a look at it. =) Send it to: [EMAIL PROTECTED]
Just be sure to zip it up, otherwise the web host will deny it. Beyond
that, there are no checks. Make sure to put virus test from FD in
the subject so I don't dismiss it. ;)
Beyond that, you can submit it to a number of AV
Ahem, *blush*
Be cautios with your words
Should be, as you probably guessed: Be cautious with your words. Damn typos.
--
Peace. ~G
On Fri, 3 Sep 2004 01:58:24 -0400, Über GuidoZ [EMAIL PROTECTED] wrote:
Hey, the man asked for help, so I offered it. Simple as that... I'm a
helpful guy,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Georgi Guninski wrote:
| for the sake of the argument, let's assume there are as low as 10^6
bugs in m$
| warez. to take over the world (and in particular any target thereof) a kid
| needs as low as 10^2 or even 10 or even 1 exploits.
| any real world
James Tucker said:
There is always no need for aggressive statement of suspicion, which
you are close to here. While I understand aggression due to anger, I
am concerned that one should not get angry at someone offering them
a service merely because one is suspicious of them. What if the offer
I understadn where you're coming from if speaking about protocol.
However, in most cases there will be many more ways to exploit
something over TCP/IP then over a raw RS232 connection. The serial
port will need to have something listening on it, that is also
exploitable. Compare this to the amount
Easy sparky. Maybe it isn't his choice that he cannot release the EXE.
It's entirely possible, in fact, quite likely, that some higher up
who knows dick about IT and viruses got scared and said This cannot
be shared with anyone! If it doesm you'll lose your job. Just because
they are worried about
Awesome list of info there Nick. Thanks for putting it all into one place. =)
--
Peace. ~G
On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
[EMAIL PROTECTED] wrote:
bashis wrote:
Thx for the tip with VirusTotal guys! =)
Here is the result.
snip
OK -- having delayed it this far,
Hey, the man asked for help, so I offered it. Simple as that... I'm a
helpful guy, it's what makes me tick. Dedicated my life to a
non-profit organization that helps the average consumer FOR FREE with
security consulting, technical support, and personal privacy. Not
because I'm trying to collect
Personally, I feel it's a VERY valid point. If the only way to fix
something, for example, is by training and education, it's entirely
possible the time (and resources) necessary to do such a thing isn't
there.
[EMAIL PROTECTED] said:
If you do not have time, and the audience does not care
For to test with stick and snot you just throw alerts at the IDS, after
that, you should check the logs of the IDS to see what has been recorded
and what
dropped.
You also can throw (with stick and snot) and try to exploit the IDS from
another machine in the same time.
Have also a look at
On Thu, Sep 02, 2004 at 05:37:20PM -0500, Frank Knobbe ([EMAIL PROTECTED]) wrote:
To really illustrate the point, let me make a more colorful example.
People-packets in the real world can be stopped by a moat around the
castle. The people-packet runs towards the castle and falls into the
moat.
On Thu, Sep 02, 2004 at 11:15:04PM +0100, James Tucker ([EMAIL PROTECTED]) wrote:
Apologies, please explain the lack of differences, I'm not getting them.
Virtual:
The door - Port 80 - Closed after connection attempt. You come back,
it does the same, and then closes again. 404 Error not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Fri, Sep 03, 2004 at 10:43:50AM +0530, Aditya Deshmukh wrote:
hey if the binary is infected and does not contain any hardcoded
sencitive info what do u care about the owners of the website ?
Unless for (a purely theretical) example the website would use your
submission to infect others
A couple of days I posted an advisory about flaws in a new
security functions of Service Pack 2 (for details, see:
http://www.heise.de/security/artikel/50051). Now I would
like to share some additional information which has been
found out in conjunction with Sven Ritter, a German
developer.
1)
On Thu, Sep 02, 2004 at 04:01:16PM -0400, Über GuidoZ wrote:
It's kind of interesting to see the results, as it shows you what AV
programs seem to detect things better then others.
I think this is actually misleading.
You know nearly nothing from scanning just a single (or 10, 50,...)
I've gotten alot of suggestions to test the
signatures, i've got some to test the load but they
were $$$, anything out there for free ?
With a software and not an appliance how does one test
the load to know when the IDS can no longer verify
packets and they are being dropped ? Is
The following was written shortly after my
placement...
\/\The Conscience of a Hacker -
Redux /\/
(c)CopyRight SuppaDuppaSecurity
Solutions.
*where do u wanna pee today*
by
On Fri, 3 Sep 2004 02:04:08 -0600, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
[...]
No, CEOs et al do not have an hour to spend reading full-disclosure
everyday. But in today's world it is imperative that they have someone
on staff who does. And they listen to that person. Equipped with
Yes, I realised that last night.
It is interesting, but I think in his attempt to disproove the
anology, he came up with a very comparable one.
The firewall at McDonalds.com seems to filter all data to all ports
other than port 80. You cant enter a McDonalds resteraunt through
anything but the
On Fri, 3 Sep 2004 04:05:02 -0700 (PDT), Harlan Carvey
[EMAIL PROTECTED] wrote:
James,
I'm replying off-list for the simple fact that I can't
believe the post you sent to FD. Your questions back
to Nick are...well, what's the right word???...it's as
if you're not even paying attention.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Stormwalker wrote:
Hi,
It wasn't the general, massive military build up, but the specific
program known as Star Wars under Ronald Raygun. The Soviets believed
that the nonsense was true and tried to fund the research to catch up
until they hit the wall. Unlike real military weapons, a fake weapon
On Fri, 3 Sep 2004 15:22:15 +0200, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
You wrote:
..
Of course I could be missing something?
..
400 != 404 ?
/* Return code=1: generic error condition
Return code=2: all other
On Sep 3, Über GuidoZ ([EMAIL PROTECTED]) typed:
UGZ: Easy sparky. Maybe it isn't his choice that he cannot release the EXE.
UGZ: It's entirely possible, in fact, quite likely, that some higher up
UGZ: who knows dick about IT and viruses got scared and said This cannot
UGZ: be shared with
Michel Messerschmidt wrote:
On Fri, Sep 03, 2004 at 10:43:50AM +0530, Aditya Deshmukh wrote:
hey if the binary is infected and does not contain any hardcoded
sencitive info what do u care about the owners of the website ?
Unless for (a purely theretical) example the website would use
Unless for (a purely theretical) example the website would use your
submission to infect others
Right, that is what I'm concern about. I do not know the intension of virustotal.com, and their policy on binaries they received. The parent site (http://www.hispasec.com/) does not offer more
A short piece of food for thought for all you hackers out there. This
is not an attack on your livelihood this is merely a point for your
consideration.
It (the manifesto) does not explain why this information is relevant
for me to read. or maybe I am unable to understand the part that does,
if
James,
A nice manifesto indeed. But it no way does it
correlates to the one which I have written (or
probably modified). Maybe the sarcasm is not
noticeable, maybe you missed it, maybe because we are
different people altogether.
Well, I am here because I am anti-authoritative, a
negated
Jabber.
On Thu, 2 Sep 2004 10:00:18 -0400
Murtland, Jerry [EMAIL PROTECTED] wrote:
I am looking for white papers on enterprise Instant Messenger security
concerns. It doesn't have to be, but anything on MSN IM would be
helpful too. Does anyone have any good resources to share?
Jerry J.
Take a look at http://www.akonix.com for securing IM communication and
I recommend this paper
www.giac.org/practical/GSEC/Frank_Reiss_GSEC.pdf
Regards
-Mensagem original-
De: Ido Rosen [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 2 de setembro de 2004 23:17
Para: Murtland,
Yep, very true. Especially if some of them happen to be of the fairer
sex, and happen to be missing a few buttons. (the buttons, is there
an analogy to this in the 'Virtual World' ?)
;-)
MN Vasquez wrote:
Hrm. I think if enough people wearing only shirts and shoes ran into
mcdonald's,
You know Vgrep (http://www.virusbtn.com/resources/vgrep/index.xml) ?
No, I didn't. Thanks. =) You do bring up very valid points about the
virus Db and such. Something many people may not be thinking of.
Antivirus isn't my forte, although I do try to keep informed as it's
part of my job.
James Tucker to Harlan Carvey to me to :
... If you want to email me a copy of it, I'll
rip it apart and see what can be seen.
And world plus dog should entrust you with such
material because???
... most viruses, trojans and malware to not store
copies of stolen
I can't point you towards any white papers unfortunately, however I
CAN point you towards an application that I have found most useful for
securing IM conversations.
http://www.secway.fr/products/simplite_msn/home.php
The free version is for personal use and trial. Their pro version
(only around
When I first posted, I didnt have the EXE. When I
did receive a copy of the file, I was told I cannot
sent it outside of the network.
Besides, Ive been on this list long enough to know
that questions like mine are asked from time to
time.
If that's really the case, you should have
If you don't want to use something like www.virustotal.com to scan
suspected malware, then use the activex web based scanners of
several vendors. It's a bit more time consuming, but then you
don't end up sending anyone your sample.
Here's a list (a few actually do require you to upload the
Here's my list of vendor submission addresses, many of which
initially came from Nick Fitzgerald.
[EMAIL PROTECTED]
avsubmit.symantec.com
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
..
of intent, my manifesto, and it needs no
end user license agreement or copyright. It is not unreasonable, it
is
not a declaration of war, it is a statement accompanying a point for
discussion, nothing more.
What do you think?
I think you
On Fri, 03 Sep 2004 06:00:27 +0200, Scenobro [EMAIL PROTECTED] wrote:
I found an explorer.exe in my system32 folder which I believe take
precedence over the real explorer.exe located in c:\windows.
It's a 92K file that seems to be a visual basic program. Among the
strings contained in it
I found an explorer.exe in my system32 folder
which I believe take
precedence over the real explorer.exe located in
c:\windows.
The fact that there's a copy of this Explorer.exe in
System32 may be an issue.
Was there an application running? Was there a
Registry entry related to this
Touché !
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Oh dear me!
i thought something strange there can any one else see whats happening?
ok fools how long do you think it can last ? stop engineering this list , all
concerned remove yourself from this list immediatly to maintain list integrety!
confused : ignore this message
worried : be more so as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hi Scenobro,
I've had success sending the file to McAfefe's AVERT WebImmune
(http://www.webimmunite.net). You can register as a new user and submit
through the web interface, or you can simply e-mail the file to
[EMAIL PROTECTED] I'd recommend registering as they will provide
you with the scan
[EMAIL PROTECTED]
Add trojan to zip file and send away. Nothing accepted over 1mb.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John LaCour
Sent: Friday, September 03, 2004 1:32 PM
To: Scenobro; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure]
I'm also rather suspicious of your promotion of Virus Total. Hispasec,
as far as I can tell (Spanish being something I have to have translated
via online services), has no antivirus or similar product of its own,
Obviously, we don't develop any antivirus product. We don't either
distribute
On Fri, Sep 03, 2004 at 08:06:49AM -0500, Frank Knobbe ([EMAIL PROTECTED]) wrote:
On Fri, 2004-09-03 at 03:04, [EMAIL PROTECTED] wrote:
Feel free to play through the same scenario with a wall where dead
people-packets get purposefully deployed in front of the wall until the
last
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
who are you friggen Dr Evil?
On Friday 13 August 2004 07:04 pm, KF_lists wrote:
Insert subject here ^
-KF
___
Full-Disclosure - We believe in it.
Charter:
Hi,
Finger Google v1.0 is a very simple tools, but as many of my friends
ask me to post it, so I've done it.
This tool searchs recursively in google for mail account and gives
you them in user list format.
This is somekind usefull when pen-testing and you want to get
account names
I'm Rick James bitch!
-KF
Adam wrote:
who are you friggen Dr Evil?
On Friday 13 August 2004 07:04 pm, KF_lists wrote:
Insert subject here ^
-KF
___
Full-Disclosure - We believe in it.
Charter:
Harlan Carvey wrote:
The fact that there's a copy of this Explorer.exe in
System32 may be an issue.
Was there an application running? Was there a
Registry entry related to this file? If so, which
one? How about another autostart location?
What do you mean by I believe take precedence over
the
Actually this sounds like someone stole Litchfield's research - but what do I
know. Just seems like too much coincidence since his last talk dealt with
procedure based vulns.
On Thursday 02 September 2004 08:32 am, Mark Shirley wrote:
Now that's what i've been waiting for :)
On Wed, 01 Sep
Hi,
Actually this sounds like someone stole Litchfield's research -
but what do I
know. Just seems like too much coincidence since his last talk dealt with
procedure based vulns.
No, these are separate issues.
This is a coordinated update that fixes multiple vulnerabilities in Oracle.
Details
Hi,
I have heard that it is possible to restore a NTFS
partition even though it has been formatted and
software re-installed?
Apparently this is because of a flaw/design in NTFS.
Does anyone know about this?
Cheers,
Craig
Find local movie times and trailers on Yahoo! Movies.
Most of the vulns are almost one year old. We don't
steal anything.
BTW: finding vulns in Oracle products is like fishing
in a pool full of fishes. Not big deal.
Cesar.
--- xbud [EMAIL PROTECTED] wrote:
Actually this sounds like someone stole Litchfield's
research - but what do I
know.
It is possible to restore data after a format regardless of the filesystem.
This is not an NTFS issue, nor a Windows issue for that matter.
-ASB
On Sat, 4 Sep 2004 07:38:13 +1000 (EST), Craig Bumpstead
[EMAIL PROTECTED] wrote:
Hi,
I have heard that it is possible to restore a NTFS
Lollery.
On Fri, 3 Sep 2004 08:33:10 -0700 (PDT), the entrepreneur
[EMAIL PROTECTED] wrote:
James,
A nice manifesto indeed. But it no way does it
correlates to the one which I have written (or
probably modified). Maybe the sarcasm is not
noticeable, maybe you missed it, maybe because we
sleuthkit and autopsy are your friend...
http://www.sleuthkit.org/autopsy/
-KF
ASB wrote:
It is possible to restore data after a format regardless of the filesystem.
This is not an NTFS issue, nor a Windows issue for that matter.
-ASB
On Sat, 4 Sep 2004 07:38:13 +1000 (EST), Craig Bumpstead
[EMAIL
*** rfdslabs security advisory ***
Title: QNX PPPoEd local root vulnerabilities [RLSA_01-2004]
Versions: QNX RTP 6.1 (possibly others)
Vendor: http://www.qnx.com
Date: 02 Sep 2004
Author: Julio Cesar Fort julio at rfdslabs com br
1. Introduction
PPPoEd daemon is used to provide a PPPoE
61 matches
Mail list logo