note: the original mail was rejected 'cos it contained the phrase 'hard
core'... what retard setup the filters for this list?
First off, it bears remembering that I said 'computer programs' not
'artificial organisms'.
You clearly don't know very much about AI, or sentience. You clearly
were
Ji,
Steve Kudlak wrote:
I'll ask my friend what he does as the just don't do x or just get rid
of x never seems like a good idea. If you try to connect with telnet
rather than ssh to that box it just doesn't go through.
getting rid of telnetd is almost always a very good idea.
GTi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Wed, Sep 08, 2004 at 01:57:27PM +0200, Florian Weimer wrote:
* Gaurang Pandya:
http://www.theinquirer.net/?article=18288 Says, a teen
hacker he had managed to become the new owner of
eBay.de. can any one tell me what do they mean by
this..did he actually changed ip address at DNS or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday, 09.09.2004 at 08:13 +0200, [EMAIL PROTECTED] wrote:
Steve Kudlak wrote:
I'll ask my friend what he does as the just don't do x or just get
rid of x never seems like a good idea. If you try to connect with
telnet rather than ssh
Hi,
getting rid of telnetd is almost always a very good idea.
Don't install software that you don't strictly need
This is a gold rule for hardening OSes :)
--
___
Arnaud Jacques
Consultant Sécurité
Securiteinfo.com
___
having been/being a medical doctor for my sins (which must have been many
and varied) i thought i'd insert both feet in my mouth after putting on my
old pair of flameproof trousers and contribute to the debate
sorry for continuing the slide off-topic
i'm constantly amused to see people
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday, 09.09.2004 at 13:17 +0200, Kim B. Nielsen wrote:
A reasonable use for telnet is when the ssh deamon goes down, or isn't
started on bootup because of some configuration error...
Yes, I know it isn't secure, but sometimes it can be
Sir - let me quickly advise you on something.
*NEVER* Dick the DataTheft. Let the DataTheft Dick You.
If you do not understand this message, the topic of full-disclosure
is probably not for you.
I have personally already discovered most software vulnerabilities,
and just because I have not
Richard Johnson wrote:
Anyone who capitalizes their last name, twice, has serious ego
issues.
Anyone who can seriously write the above is clearly a prize moron.
But we already established that about you, didn't we?
Anyway, I'll give you a clue for free. Of course, I fully expect it
will
Anyone who capitalizes their last name, twice, has serious ego
issues.
Dick The DataTheft JohnSon
On Thu, Sep 09, 2004 at 10:42:45PM +1200, Nick FitzGerald wrote:
Bugtraq Security Systems wrote:
Nick,
You're a moron, and a fake moron at that. ...
Lessee -- fake means not.
So, in
I disagree, when running telnetd, people will use it and hence create a
security flaw. Moreover, you would use it yourself with the very
intention of becoming root and starting a secure daemon, which in my
opinion can do lot more harm than good.
Even on a (virtual) private network I would try
On Thu, 2004-09-09 at 09:23 +0100, Dave Ewart wrote:
getting rid of telnetd is almost always a very good idea.
Quite so, as I suggested.
Are there even any legitimate uses for running a telnet daemon any more?
(That is a genuine question - as far as I can see, SSH is always a
perfect
On Thu, 2004-09-09 at 14:28, ktabic wrote:
How about, as a service to enable as you are updating SSH remotely from
the other side of the country to fix the most recent problem security
problem and need a backup system to get into the server in the event
that something goes wrong?
ktabic
On Thu, 9 Sep 2004, Dave Ewart wrote:
Yes, I know it isn't secure, but sometimes it can be the last
resort...
No no, bad security. Physical access should be the last resort, not
Telnet.
Makes you wonder what we did in the days before Telnet :-)
-- Dave
Nick FitzGerald [EMAIL PROTECTED] 09/09/2004 13:00:28
Richard Johnson wrote:
Anyone who capitalizes their last name, twice, has serious ego
issues.
Anyone who can seriously write the above is clearly a prize moron.
Maybe he's been confused by the handles of so many Scary HaCkErS with ego
Everyone already knows you're a fucking faggot.
On Thu, Sep 09, 2004 at 02:23:31PM +0200, Berend-Jan Wever wrote:
What about capitalizing your alias twice ? ;P
SkyLined.
- Original Message -
From: Richard Johnson [EMAIL PROTECTED]
To: Nick FitzGerald [EMAIL PROTECTED]
Cc:
If you are going to leave telnet open, why would a attacker even mess
with SSH? I would have to agree with the other guys, having a person
there at the remote site (I am sure you have someone) fix the issue. Or
find another encrypted method.
Even on a internal network, I would be against using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday, 09.09.2004 at 10:47 -0400, Kenneth Ng wrote:
You really should not need this as the norm. I do this when I'm
working on the ssh daemons, but thats about the only time. What I do
is I enable it on a screwball port number, then use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday, 09.09.2004 at 13:28 +, ktabic wrote:
getting rid of telnetd is almost always a very good idea.
Quite so, as I suggested.
Are there even any legitimate uses for running a telnet daemon any
more? (That is a genuine
How about, as a service to enable as you are updating SSH remotely from
the other side of the country to fix the most recent problem security
problem and need a backup system to get into the server in the event
that something goes wrong?
Maybe it would work as well, to start a ssh daemon on a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How about setting up another sshd on higher port, statically linked and
with different config as a backup?
For extra better sleep use before every ssh backup. If you can't start
properly during bootup, a walk for physical access would do you good. ;)
Greetings!
getting rid of telnetd is almost always a very good idea.
Are there even any legitimate uses for running a telnet daemon any
[...] need a backup system to get into the server in
the event that something goes wrong?
Install an out-band management access, e.g. via
Richard Johnson writes:
*NEVER* Dick the DataTheft. Let the DataTheft Dick You.
I am sorry, but I usually don`t manage with this omosexual topics like you.
I have personally already discovered most software vulnerabilities,
and just because I have not published information on them, it does
My what a lovely tea party...
I had no idea that this is such professional list that I have joined.
I'm no old fart, but I feel like I'm in grade school all over again.
___
Full-Disclosure - We believe in it.
Charter:
So you'd leave telnet on just incase ssh broke?
Can we say unnecessary service?
Leaving an extra avenue of attack because you might break your SSH is a
bad bad bad bad idea. Next you'll be telling us you have a backup user
called test with password test and uid 0, just incase you forget
your root
While you are quite correct that AI and the marvel which is the human
body are incomparable, that does not mean that a computer may not
satisfy a dictionary definition of sentience [requirements for such
being very simple and basic indeed].
Best Regards, YY
-Original Message-
From:
You really should not need this as the norm. I do this when I'm
working on the ssh daemons, but thats about the only time. What I do
is I enable it on a screwball port number, then use tcp wrappers to
only allow access from my ip address and change the root password
before I begin. In that way
Removing all components which are not required is a wonderful idea.
Closing all ports which are not required is another.
These are essential components in hardening a computer, regardless of
the OS.
YY
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Generally, I run a seperate sshd on a different port while I'm
upgrading, then disable it. There is never a reason to run telnetd.
On Thu, 09 Sep 2004 13:28:51 +, ktabic [EMAIL PROTECTED] wrote:
On Thu, 2004-09-09 at 09:23 +0100, Dave Ewart wrote:
getting rid of telnetd is almost
[Full-Disclosure] Mailing List Charter
John Cartwright [EMAIL PROTECTED] and Len Rose [EMAIL PROTECTED]
Introduction Purpose
--
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.netsys.com.
The list was created on 9th July 2002 by
On 9 Sep 2004, at 06:28, ktabic wrote:
Are there even any legitimate uses for running a telnet daemon any
more?
(That is a genuine question - as far as I can see, SSH is always a
perfect replacement).
How about, as a service to enable as you are updating SSH remotely from
the other side of the
On Thu, 2004-09-09 at 09:41 -0400, Andrew Haninger wrote:
How about, as a service to enable as you are updating SSH remotely from
the other side of the country to fix the most recent problem security
problem and need a backup system to get into the server in the event
that something goes
Yep, call-back modem is a very good idea. But we are sliding OT. =)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Volker
Tanger
Sent: Thursday, September 09, 2004 9:18 AM
To: ktabic
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Re: Re: open
On 9 Sep 2004, at 03:34, Michael Simpson wrote:
The brain is thought to have 40 to 100 GB storage per cell (several
trillion cells)
Where are you getting 40 to 100 GB storage per cell? I'm no
neurological expert, but I doubt neurons have that much storage
capacity unless you consider DNA to be
If you need this on as the norm, please at least use TCP wrappers to
limit from where it can be accessed, and change any used passwords
immediately after reestablishing control.
I think the real insecurity in telnet comes not from buffer-overflows
and whatnot, but rather from people sniffing
!--
Alla Bezroutchko wrote:
Also interesting that they don't use
a {behavior:url(#default#AnchorClick);}
in this exploit which seems to be an essential part of http-
equiv's and
mikx's exploits.
The key to all this exploits is drag'n'drop access to a local
directory.
Since WinXP SP2
Richard Johnson wrote:
I have personally already discovered most software vulnerabilities,
and just because I have not published information on them, it does
mean that I have not already discovered and successfully exploited
the bugs in question.
snip
Finally, I suggest that you apply you
So the solution to not run a backup telnet server for updating SSH is to
run a second, known insecure version of sshd on a different port,
presuming of course, that you are allowed to run said sshd on said high
port in the first place.
Sorry, that was stupid of me. First build the new sshd and
!--
The premise behind this Drag'n'Drop exploit is two-fold, one is
the ability to open a window with local content and the other is
the fact that dropping an IMG element will pass its DYNSRC
attribute instead of its SRC attribute
--
This is amusing. Though you're not the first to conjur
Hello,
thanks for your support. It has turned out that it is either a
Powerpoint bug or a buggy Powerpoint template (if soemthing like a
buggy template is at all possible, apart from C++-code) or a
combination thereof.
cheers,
andreas
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Andrew!
On Thu, 9 Sep 2004, Andrew Haninger wrote:
Maybe it would work as well, to start a ssh daemon on a high port,
login on that high port, update the current sshd, start it up on port
22, logout of the high port, login on port 22, and kill
Dave Ewart wrote:
Quite so, as I suggested.
Are there even any legitimate uses for running a telnet daemon any more?
(That is a genuine question - as far as I can see, SSH is always a
perfect replacement).
Sure - a situation where a system needs a low-bandwidth/low CPU-use
shell-based
On Wed, 08 Sep 2004 02:01:10 EDT, Byron L. Sonne said:
I'm just waiting for all the cheesy AI fanboys to start yelling at me
now, but then again, they'd probably be the same kind of clowns that
think passing the Turing Test would mean possessing intelligence(2).
Shit man, there's been
I cannot believe the way you are fighting like Jr High school kids. I
just lost a lot of respect for iDEFENSE... being the Senior Security
Researcher, you would think you might be a bit smarter then to make
such lewd comments on ANY list, let alone one you send most (if not
all) of your material
Please tell me you are not so retarded that you think this is the *REAL*
Richard Johnson. If he was representing iDEFENSE why the heck would he
be using an @bugtraq.org email address?
-KF
Über GuidoZ wrote:
I
just lost a lot of respect for iDEFENSE... being the Senior Security
Researcher, you
I believe it was done through email. DENIC received the request to
change the DNS, then emailed Tucows to see if it was ok to make the
changes. By default, the answer is yes. So, since no one responded
saying Hell no! Don't do that, the changes were made.
Personally, I can't comprehend how the
Oh.. It seemed my little post stirred something up :)
Well, if you use a service, it's not unnecesary. The service only
becomes unnecesary, if you have it on, and don't use it :)
And no, I don't have a backup user called test. I'm not Joe Clueless :)
I merely suggested, that keeping another
To accept this invitation and register for your account, visit
http://gmail.google.com/gmail/a-f464716b82-b42ed264e9-c5a7c41343
On Thu, 9 Sep 2004 15:57:49 -0500, Riad S. Wahby [EMAIL PROTECTED] wrote:
Alt J [EMAIL PROTECTED] wrote:
I have a few gmail invites.
I'm interested, if one's
I have a few gmail invites.
Please reply off list if you're interested.
Alt
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Thu, 09 Sep 2004 16:37:28 -, ktabic said:
So the solution to not run a backup telnet server for updating SSH is to
run a second, known insecure version of sshd on a different port,
presuming of course, that you are allowed to run said sshd on said high
port in the first place.
It's
These recent postings and all past postings from [EMAIL PROTECTED] do
not come from iDEFENSE or any of it's employees.
Michael Sutton
Director, iDEFENSE Labs
___
Full-Disclosure - We believe in it.
Charter:
Actually, this is a great (and useful) list, you just have to be able to ignore it
when people go off on certain tangents.
Don't throw the baby out with the bathwater!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Micheal
Espinola Jr
Sent: Thursday,
Alt J [EMAIL PROTECTED] wrote:
I have a few gmail invites.
I'm interested, if one's still available.
Thanks!
--
Riad S. Wahby
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Restarting the SSH daemon won't kill processes, but overlaying the
openssl libraries with a new version will, or has, in my case. Saved
me from having to fly to the other coast.
On Thu, 9 Sep 2004 08:48:21 -0700, Andrew Farmer [EMAIL PROTECTED] wrote:
On 9 Sep 2004, at 06:28, ktabic wrote:
On Thu, Sep 09, 2004 at 08:45:44AM -0700, Andrew Farmer ([EMAIL PROTECTED]) wrote:
On 9 Sep 2004, at 03:34, Michael Simpson wrote:
The brain is thought to have 40 to 100 GB storage per cell (several
trillion cells)
Where are you getting 40 to 100 GB storage per cell? I'm no
neurological
On Thu, 9 Sep 2004 14:24:03 -0400
Über GuidoZ [EMAIL PROTECTED] wrote:
I believe it was done through email. DENIC received the request to
change the DNS, then emailed Tucows to see if it was ok to make the
changes. By default, the answer is yes. So, since no one responded
AFAIK, the tucows
Yo Andrew!
... Right.
Then you update OpenSSL and it crashes all the ssh processes at the same
time. Been, there, done that.
Thanks a lot.
After your suggestion that it couldn't be done, I tried it. While it
took thinking, I could have done it had I not killall'ed my sshd's
without changing
I noticed that, and was going to comment on it, but decided it wasn't
worth it. I'll pop back and do a some quick IP tracing, just for $hits
and giggles. =)
--
Peace. ~G
On Thu, 09 Sep 2004 15:51:17 -0400, KF_lists [EMAIL PROTECTED] wrote:
Please tell me you are not so retarded that you think
F-Secure Internet Gatekeeper Content Scanning Server Denial of Service
Vulnerability
iDEFENSE Security Advisory 09.09.04
www.idefense.com/application/poi/display?id=137type=vulnerabilities
September 9, 2004
I. BACKGROUND
F-Secure Internet Gatekeeper is an antivirus and content filtering
Am Do, den 09.09.2004 schrieb ber GuidoZ um 20:24:
I believe it was done through email. DENIC received the request to
change the DNS, then emailed Tucows to see if it was ok to make the
changes. By default, the answer is yes. So, since no one responded
saying Hell no! Don't do that, the
Thank you for the clarification. I'll shift my disrespect over to the
individual at Bugtraq.
--
Peace. ~G
On Thu, 9 Sep 2004 16:05:37 -0400, iDefense Labs [EMAIL PROTECTED] wrote:
These recent postings and all past postings from [EMAIL PROTECTED] do
not come from iDEFENSE or any of it's
###
Luigi Auriemma
Application: Halo: Combat Evolved
http://www.bungie.net/Games/HaloPC/
Versions: = 1.4
Platforms:Windows and MacOS
Bug: off-by-one (Denial of
* Rainer Duffner:
Personally, I can't comprehend how the default for something like that
would be Yes,
Because, if the ISP is bankrupt, the YES will never come.
And that's a problem because of ...?
DENIC (the registry) claims to have a direct contractual relationship
with all domain
* Über GuidoZ:
I believe it was done through email. DENIC received the request to
change the DNS, then emailed Tucows to see if it was ok to make the
changes. By default, the answer is yes. So, since no one responded
saying Hell no! Don't do that, the changes were made.
Personally, I can't
* Marcin Owsiany:
The delegation was changed because Ebay's registrar for the .DE zone,
TUCOWS, didn't object when asked by DENIC whether the change was
alright.
The asking was actually two programs talking, right?
Yes, DENIC sends two or three mail messages over a period of five
days.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Barry == Barry Fitzgerald [EMAIL PROTECTED] writes:
Barry Dave Ewart wrote:
Quite so, as I suggested.
Are there even any legitimate uses for running a telnet daemon
any more? (That is a genuine question - as far as I can see,
: 09/10/2004 03:38:33
BitDefender 7.0/20040909found [Backdoor.SDBot.Gen]
NOD32v2 1.867/20040909 found [prob. unknown NewHeur_PE]
Norman 5.70.10/20040909found [W32/Backdoor]
Panda 7.02.00/20040909found [W32/Gaobot.gen.worm]
Sybari
I got some if you don't hear back...just let me know.
--- -Original Message-
--- From: [EMAIL PROTECTED]
--- [mailto:[EMAIL PROTECTED] Behalf Of Riad S.
--- Wahby
--- Sent: Friday, 10 September 2004 6:58 AM
--- To: Alt J
--- Cc: [EMAIL PROTECTED]
--- Subject: [Full-Disclosure] Re: OT:
Hi,
URGENT MATTER
Does anyone knows about an vulnerability that can be
exploit in the 3COM Core Builder 9000?
I am talking about something similar to the TCP packet
attack that was discover a few months ago for the
Cisco Routers.
The equipment stops responding and processing packets
and torn
70 matches
Mail list logo