Its not that ISS doesn't feel like its a problem, its just when you
let an attacker get to the point where they could run a local attack
its game over. ISS's goal is to stop the attacker from getting close
enogh to execute a local attack.
On Wed, 13 Oct 2004 10:30:27 -0400, KF_lists [EMAIL
Yeah, it certainly is a security risk in several ways.
Decoding and inspecting HTTPS traffic at the perimeter
before it reaches the server becomes an absolute
necessity if RPC over HTTPS is implemented. Same with
RPC over HTTP.
--
S.G.Masood
--- ASB [EMAIL PROTECTED] wrote:
You need
---
Fedora Legacy Update Advisory
Synopsis: Updated lha resolves security vulnerabilities
Advisory ID: FLSA:1833
Issue date:2004-10-13
Product: Red Hat Linux
Keywords:
---
Fedora Legacy Update Advisory
Synopsis: Updated mod_ssl package fixes Apache security
vulnerabilities
Advisory ID: FLSA:1888
Issue date:2004-10-13
Product:
Yeah, it certainly is a security risk in several ways.
Decoding and inspecting HTTPS traffic at the perimeter
before it reaches the server becomes an absolute
necessity if RPC over HTTPS is implemented. Same with
RPC over HTTP.
--
S.G.Masood
--- ASB [EMAIL PROTECTED] wrote:
You need
On Wed, 13 Oct 2004 15:33:13 -0700 (PDT), S G Masood [EMAIL PROTECTED] wrote:
Yeah, it certainly is a security risk in several ways.
Decoding and inspecting HTTPS traffic at the perimeter
before it reaches the server becomes an absolute
necessity if RPC over HTTPS is implemented. Same with
The doc (http://support.microsoft.com/?id=833401) lists the salient points:
1. Verify that your server computer and your client computer meet the
requirements to use RPC over HTTP.
2. Consider important items and recommendations that are described in
this article.
3. Configure Exchange to use
I recall Todd from bindview talking about this in one of his
advisories...that it was possible in IIS, but had to be explicitly switched
on. And also in one of the blackhat (rm) archive methinks.
http://www.securityfocus.com/archive/1/329668
-Original Message-
From: [EMAIL PROTECTED]
Nessus takes too much time as what happens is that all the plugins get
passed from
nessusd to the nessus client, and then back to the nessusd. This happens
even if you
want to run a few (and not all) plugins. Nessus does not have a way to
choose only
a few plugins in the nessusd itself while it is
On Wed, 13 Oct 2004 15:21:38 -0500 (CDT), Ron DuFresne
[EMAIL PROTECTED] wrote:
October 11, Associated Press - U.S. funds chat-room surveillance study.
The
U.S. government is funding a yearlong study on chat room surveillance
under
an anti-terrorism program. A Rensselaer Polytechnic
Who says that the attacker has to try to get local access? I am sure you
have several potential attackers sitting around you right now (if you
are reading this in an office building)? How is ISS going to stop
someone from sitting down and logging into a machine they are supposed
to have local
I\\\'ll come with you *smiles*
we come gay you and me...
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---
Fedora Legacy Update Advisory
Synopsis: Updated httpd packages fix a mod_proxy security
vulnerability
Advisory ID: FLSA:1737
Issue date:2004-10-13
Product:
Do I need to tell you that I didn't post the original
message? Stop spamming the list please. There's no
point in going on.
--
Cheers,
S.G.Masood
--- Marc Deslauriers [EMAIL PROTECTED]
wrote:
I\\\'ll come with you *smiles*
we come gay you and me...
On Wed October 13 2004 11:38, Feher Tamas wrote:
Ill Will wrote:
oops...
http://www.illmob.org/0day/ghostradmin.zip
Trojandropper.Win32.RDM.a
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Barry Fitzgerald wrote:
Daniel H. Renner wrote:
Daniel,
Could you please point out where you read this data? I would like to
see this one...
I seem to remember that this was one of the caveats with regard to
MSBlast and RPC/DCOM vulnerabilities last year.
In certain
You really should give the Authors credit they
disserve and not just plagiarise their work.
http://en.thinkexist.com/quotation/do_not_meddle_in_the_affairs_of_wizards-for_they/152166.html
As for the post you replied to. I think its pretty
valid to be posting it here. (Opinions are like
a**holes,
On Tue October 12 2004 13:44, Cassidy Macfarlane wrote:
Ive seen this on the lists, cause You've posted it about five times.
Unless you have new information or links regarding this issue, please
refrain from repeat postings - we get enough noise on this list as it
is.
Thanks
Cassidy
I
= Excel - Buffer Overflow In Microsoft Excel
=
= MS Bulletin posted:
= http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx
=
= Affected Software:
= Microsoft Office 2000 Service Pack 3 Software:
= -
= SetWindowLong Shatter Attacks
=
= MS Bulletin posted:
= http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx
=
= Affected Software:
= Microsoft Windows 98, 98SE, ME
= Microsoft Windows NT 4.0
=
A waste of money. They won't find anything.. people are too smart
to use chatrooms to discuss elite stuff.
Another reason to vote Bush out. :-)
Also seems like a lot of money for something I seem to remember was done
singlehandedly by Steve Gibson when he was trying to track DDoS IRC bots ...
TrendMicro sees it as a MS04-028 exploit
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Andrey Bayora
Sent: Thursday, October 14, 2004 2:46 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Bypass of Antivirus software
I didn't post that message. It must be a virus or something.
Marc.
On Thu, 2004-10-14 at 07:00, S G Masood wrote:
Do I need to tell you that I didn't post the original
message? Stop spamming the list please. There's no
point in going on.
--
Cheers,
S.G.Masood
--- Marc Deslauriers
---Description---
Win xp default zip manager can't handle long file
names properly...
---Bug Demonstration---
Create a new file with very long file name... in your
c: [ say:
1.
Symantec Enterprise 8.1:
Your attachment JPEG.zip contained viruses:
Backdoor.Roxe at location 1.jpg,
and Bloodhound.Exploit.13 at location 2.jpg.
-Original Message-
From: Todd Towles [mailto:[EMAIL PROTECTED]
Sent: 14 October 2004 14:10
To: Andrey Bayora; [EMAIL
technically no it shouldnt treat r_server.exe or admin.dll as virii ..
first off i modified r_server by changing its icon to a blank icon and
compressed it with upx , so no antivirus so pick up the exe , the dll
i could see as being detected because i didnt modify anything. the
package in total
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 563-3 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 14th, 2004
I am thinking about leaving this existence and
moving on to something else in life. We will be
moving the list to another network location
in a few months (or less) as well as disposing
of netsys.com, it's network blocks, and whatever
associated domains. Thanks for everyone's help
over the years.
Hi Ali,
Steve did no such thing (I also read that article.)
Steve wrote a 'spybot', to connect to the ddos net he found and invisibly
log all conversations.
He did NOT however have any software analysing these conversations.
What the .gov is thinking of doing now is meant for extremely large
Yep, sorry about that. Sophos isn't on VirusTotals list...anyone running
it?
-Original Message-
From: Cassidy Macfarlane [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 10:42 AM
To: Todd Towles; Andrey Bayora; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 566-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 14th, 2004
Welcome the wonderful wide world of web services. The gleeful
tunneling through https and http of non REST information. This has been
an issue for, how many years now?
Get yourself a SOAP/XML sniffer. I believe one of the XML firewall
suppliers gives this out for free.
jb
-Original
Found an article discussing a new verichip that would be implanted under patient's skin and used to store medical information. Each time the patient would visit the doctor, this information would get updated. This raises concerns about privacy as the chip could also be used to track the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Has anyone heard of LeechX its supposed to be a hacked up BitchX
client that ties into a few sniffers that were installed on various
efnet boxen.
A few years ago I had an individual named Basharteg read me a few
lines from various private chanels as well as some of my own personal
Already been done, and then some...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ron
DuFresne
Sent: Wednesday, October 13, 2004 2:22 PM
To: Full Disclosure
Subject: [Full-Disclosure] IRC spying to increase
October 11, Associated Press - U.S. funds
The chip only stores an ID number. This ID number could be used as a
patient ID number to access records in some remote, allegedly secure
database. The health care provider would need to already have access to
the remote database
The chip itself doesn't raise any more concerns in terms of
You can hack the ircd to allow an invisible join that allows certain
people to be in a channel, yet not visible. I first saw this back in
like 1997 or 98, so it's very possible. It just requires a special IRCD
and alittle c/c++ skill. Basically they just created a mode you could
assign yourself
Hello!
Since the government is increasing it spying on irc, I too have increased
my irc spying. Ive recently intercepted some communication between EEYE's
own Marc Maiffret aka the chameleon, and RLoxley of Team Hackphreak!
RLoxley hey
RLoxley waykee
chame|eon hey man!
chame|eon long time
Great... all the Mark of the Beast people will be popping up out of
the wood works.
Ahh freak out... the sky is falling. =]
-KF
insecure wrote:
The chip only stores an ID number. This ID number could be used as a
patient ID number to access records in some remote, allegedly secure
On Thu, 14 Oct 2004, Len Rose wrote:
I am thinking about leaving this existence
Low on antidepressants Len?
and
moving on to something else in life. We will be
moving the list to another network location
in a few months (or less) as well as disposing
of netsys.com, it's network blocks,
Few thoughts:
1) Often it is only a few vulnerability checks consuming the majority of
the overall time to complete a scan of a single device. I wrote a script
which parses nessusd.messages to help me find which vulnerability checks
were taking all the time - below is a snippet of the output:
On 13 Oct 2004, at 17:30, [EMAIL PROTECTED] wrote:
You really should give the Authors credit they
disserve and not just plagiarise their work.
snip
As for the post you replied to. I think its pretty
valid to be posting it here. (Opinions are like
On Thu, 14 Oct 2004 20:25:25 GMT, rap1st [EMAIL PROTECTED] wrote:
Hello!
Since the government is increasing it spying on irc, I too have increased
my irc spying. Ive recently intercepted some communication between EEYE's
own Marc Maiffret aka the chameleon, and RLoxley of Team Hackphreak!
On Thu, 14 Oct 2004 14:04:03 -0700, Alex Schultz [EMAIL PROTECTED] wrote:
You can hack the ircd to allow an invisible join that allows certain
people to be in a channel, yet not visible. I first saw this back in
like 1997 or 98, so it's very possible. It just requires a special IRCD
and
ftp://ftp.hq.nasa.gov/pub/nickname/
The list contains the full name, email, phone, fax, position, building,
room, and employer. When will they learn.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Noam Rathaus wrote:
snip
Clam doesn't think its a virus/Trojan/whatever
Which is significant why?
Clam has the highest false negative rate of all scanners apart from a
couple of obviously toy projects, so its non-detection of something
can hardly be seen as evidence of something's
On Thu, 14 Oct 2004 08:10:38 -0400, Marc Deslauriers
[EMAIL PROTECTED] wrote:
I didn't post that message. It must be a virus or something.
Funny you mention that, my server has been stopping about 100 viruses
coming from a videotron.ca address in the last 5 days.
Steph
--
Step by step,
Outline:
==
It has recently come to my attention that it is possible to circumvent
functions inside of Microsoft Outlook 2003 and some other MUA's by
using href tags containing cid:;. By default such MUAs no longer
download web referenced images and objects, however images referenced
by cid:;
Oh my Gawd! I think I've fallen in love! You will be hearing from me soon!
--__--__--
Message: 4
Date: Wed, 13 Oct 2004 10:28:40 -0700 (MST)
From: Jay Jacobson [EMAIL PROTECTED]
To: Mr. Rufus Faloofus [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Nessus experience
SNIP
---
Fedora Legacy Update Advisory
Synopsis: Updated samba resolves security vulnerabilities
Advisory ID: FLSA:2102
Issue date:2004-10-14
Product: Red Hat Linux
Keywords:
There are some internet relay chat daemons that allow this, but doing a
simple ping to the channel shows them, like unreal and ultimate, or a simple
whois if you know the opers will show them in the channel when they are +I
that you are part of.
It dosent require much skills or programing as a
- Original Message -
From: Tate Hansen [EMAIL PROTECTED]
checks_read_timeout: maximum number of seconds to wait for a probe
response: wait doing a recv()
plugins_timeout: the maximum number of seconds of lifetime for a
vulnerability check
If you set checks_read_timeout to 1
Excuse me for being a complete moron!!
Call me daisy, please...
On Fri, October 15, 2004 1:06, FRLinux said:
On Thu, 14 Oct 2004 08:10:38 -0400, Marc Deslauriers
[EMAIL PROTECTED] wrote:
I didn\\\'t post that message. It must be a virus or something.
Funny you mention that, my server has
Yeah the ping can be by passed, but they would need console access to the
irc daemon, which in the case of running an irc network, I don't see that
happening, unless they block ping requests, but then again, they would be
just a normal user, so they wouldn't be able to get invisible in the first
We have a Windows application (TCL script really) that wants to find the
IP address of the PC it runs on; it effectively does
cmd /c ipconfig ip.txt
then reads the file. This works fine everywhere, except... I have a user
with WinXP set to Chinese language. For this user, the file stops after
What the .gov is thinking of doing now is meant for extremely large
networks
like EfNet.
I don't think Steve van singlehandedly monitor the whole of EfNet.
I agree that SG couldn't possibly monitor the whole of efnet, but he
*did* have some automatic analysis going on:
(from grc.com)
They
58 matches
Mail list logo