On Fri, 29 Oct 2004, Todd Towles wrote:
> I read a article about how the site got hacked into...recently. Did
> anyone else read this? If it was hacked then because this is a reaction
> security measure and not a "we want to keep all non-amercians from
> seeing our stuff".
Assuming this all to b
Eric Scher wrote:
Want to view www.georgewbush.com from outside the US? You can't: Access
denied. This "security" measure (!?) can easily be avoided using a proxy in
the US or any anonymous surfing website though.
So, what is it he doesn't want anyone from outside the US to read
See here:
- http://lists.netsys.com/mailman/listinfo/full-disclosure
Pay close attention to the bottom of the page. ;)
P.S. Sent to list as well to hopefully teach others before they make
the same mistake.
--
Peace. ~G
On Fri, 29 Oct 2004 16:00:35 -0400, ByPasS <[EMAIL PROTECTED]> wrote:
>
On Friday 29 October 2004 04:52, James Lay wrote:
Surprised or not he is not really from Korea..he is probably one of my fellow
"citizens" with a new "Toy". Almost 90% of Korea`s host are or have been
hacked into the really suck at securitythis is a fact [the 211.X.X.X
class is one of the m
Who Wrote Sobig?
As the one year anniversary of the Anti-Virus Reward Program bounty for
Sobig approaches, we felt this was an appropriate time to publicly
release the current state of our Sobig forensic investigation.
Appropriately, the authors of this document have chosen to release it
anonymousl
Who Wrote Sobig?
As the one year anniversary of the Anti-Virus Reward
Program bounty for
Sobig approaches, we felt this was an appropriate time
to publicly
release the current state of our Sobig forensic
investigation.
Appropriately, the authors of this document have
chosen to release it
anonymous
>> Want to view www.georgewbush.com from outside the US? You can't: Access
>> denied. This "security" measure (!?) can easily be avoided using a proxy in
>> the US or any anonymous surfing website though.
>>
>> So, what is it he doesn't want anyone from outside the US to read ?
I don't want to r
Slashdot.org
"A security hole in GMail has
been found (an XSS vulnerability) which allows access to user accounts without
authentication. What makes the exploit worse is the fact that changing passwords
doesn't help. The full details of the exploit haven't been disclosed. The
vulnerability w
Who Wrote Sobig?
As the one year anniversary of the Anti-Virus Reward
Program bounty for
Sobig approaches, we felt this was an appropriate time
to publicly
release the current state of our Sobig forensic
investigation.
Appropriately, the authors of this document have
chosen to release it
anonymous
Newsflash - this list is unmoderated. =) I've setup some nice filters
to automagically delete such automated replies. Email me off-list if
you want some tips on such a thing.
--
Peace. ~G
On Fri, 29 Oct 2004 18:11:19 +0300, Alex V. Lukyanenko
<[EMAIL PROTECTED]> wrote:
> Hello dirk,
>
> Friday,
Hey ya'll, you may remember me from my last paper on computer
security and sex. Since I apparently have nothing better to do than throw
thoughts into the void, I wrote a little whitepaper about how to become a
Successful, Legitimate Computer Security Consultant (SLCSC). Its my
observations on
Rui Pereira,B.Sc.(Hons),CIPS ISP,CISSP,CISA WaveFront Consulting Group--- Begin Message ---
Interesting. I am in Canada and can access the blocked site.
For the uninformed, Canada is not part of the US (yet). Maybe that is what Mr. Bush does not want the rest of the world to know?
Rui Pereira,B.
This was posted on the full-disclosure list sept 16 2004 by
Luiz Fernando.
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html
The nessus check for this vulnerability recommends upgrading to
Apache version 1.3.32:
http://cgi.nessus.org/plugins/dump.php3?id=14771
But in Apach
Hey guys,
I just finished my C Exploit for the 'STOR' Buffer Overflow
vulnerability in Code-Crafters Ability FTPd v2.34.
The EIP address only works on Win2k SP4, because I was unable to find an
universal address. If you feel in error, please report and I'm going to
update the exploit.
It contain
On Fri, Oct 29, 2004 at 06:11:19PM +0300, Alex V. Lukyanenko wrote:
> To the list moderator: Haven't we got anything to do with persons
> sending NDR's?
s/moderator/manager/ :)
We suspend the account using the 'nomail' option, but sometimes the
autoresponder beats us to it and responds again...
local buffer overflow in apache 1.3.31 not fixed in .33?
This was posted on the full-disclosure list sept 16 2004 by
Luiz Fernando.
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html
The nessus check for this vulnerability recommends upgrading to
Apache version 1.3.32:
http
Duncan Hill wrote:
On Friday 29 October 2004 11:47, Berend-Jan Wever might have typed:
Hi all,
Want to view www.georgewbush.com from outside the US? You can't: Access
denied. This "security" measure (!?) can easily be avoided using a proxy in
the US or any anonymous surfing website though.
So, w
Hello dirk,
Friday, October 29, 2004, 5:18:59 PM, you wrote:
d> Sehr geehrte Damen und Herren,
d> ich werde bis zum 08. November nicht im Hause sein. Bitte wenden Sie sich
d> in dieser Zeit an Hern Jendyk (+49 (0) 202 697 437 oder
d> [EMAIL PROTECTED]
d> Mit freundlichen GrьЯen,
d> Dirk Kraatz
d
On Fri, 29 Oct 2004 14:34:21 BST, Andrew Poodle said:
> I'm seeing lots of ssh login attempts with user=root from two or three
> IP addresses, after I blocked access at the firewall based on host.
> Can anyone point me at some good resources where I can bone up and learn
> more about counter-measu
If it is for security, it's a rather poor security measure, as it was
still browseable by IP address afaik..
a
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles
Sent: 29 October 2004 15:30
To: Berend-Jan Wever; [EMAIL PROTECTED]
Subject: RE: [F
Good troll.
7/10 at the very least.
On Thu, 28 Oct 2004 15:08:21 +0200, Valentin Höbel <[EMAIL PROTECTED]> wrote:
> > Hi folks,
> >
> > I'm at a boarding school in germany and we have a kind of internet
> > terminal there with win2003 running on the computers. My question is:
> > Is there a way o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
On Thu, 28 Oct 2004, Anders Langworthy wrote:
> > Somehow, I get the feeling that the original poster's site will discover
> > KVM switches around 2008 or so. ;)
>
> That's exactly my point. I don't necessarily approve of this list being
> used to help clueless script kiddies r00t systems, but th
: Affected Packages:Corrected Packages:
OpenPKG CURRENT <= apache-1.3.32-20041028 >= apache-1.3.33-20041029
OpenPKG 2.2 <= apache-1.3.31-2.2.0>= apache-1.3.31-2.2.1
OpenPKG 2.1 <= apache-1.3.31-2.1.5>= apache-1.3.31-2.1.6
OpenPKG 2.0 <
On Fri, 29 Oct 2004, Daniel Bachfeld wrote:
[...]
> This is the biggest divergence i've seen the last months. Is there any
> reason, why the vendors could not agree on one name? [...]
Money.
-- Dave
___
Full-Disclosure - We believe in it.
Charter: h
We have had this talk on FD before...just search for AV Naming in the
archivesfun stuff.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Hugo van der Kooij
> Sent: Friday, October 29, 2004 7:54 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [SPAM
I read a article about how the site got hacked into...recently. Did
anyone else read this? If it was hacked then because this is a reaction
security measure and not a "we want to keep all non-amercians from
seeing our stuff". I would guess it is a security measure has it is easy
to see mirrors of i
===
Ubuntu Security Notice USN-12-1October 29, 2004
ppp Denial of Service
http://www.securityfocus.com/archive/1/379450
===
A security issue affects the following Ubuntu rele
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Sehr geehrte Damen und Herren,
ich werde bis zum 08. November nicht im Hause sein. Bitte wenden Sie sich
in dieser Zeit an Hern Jendyk (+49 (0) 202 697 437 oder
[EMAIL PROTECTED]
Mit freundlichen Grüßen,
Dirk Kraatz
Dear Madam or Sir,
I will be out of the office until November 08st. For this peri
Hi,
It appears that the signature is
C6C22C mov dl, 2C
0003 37 aaa
0004 60 pushad
0005 C1EFD4 shr edi, D4
0008 C4922264C66Ales edx, dword ptr [edx+6AC66422]
000E E10D
On Friday 29 October 2004 11:47, Berend-Jan Wever might have typed:
> Hi all,
>
> Want to view www.georgewbush.com from outside the US? You can't: Access
> denied. This "security" measure (!?) can easily be avoided using a proxy in
> the US or any anonymous surfing website though.
>
> So, what is i
Hi!
I've five mails show up in my box just today all of them
have attachments with ".cpl" after the attachment name, i.e. "Price.cpl",
"Joke.cpl" (below)
http://www.f-secure.com/v-descs/bagle_at.shtml
Bye,
Raymond.
___
Full-Disclosure - We believe in it.
On Fri, 29 Oct 2004, Daniel Bachfeld wrote:
> So far we have Bagle AQ, AT, AU, AY and BB for the same worm
> More proposals?
>
> This is the biggest divergence i've seen the last months. Is there any
> reason, why the vendors could not agree on one name? We already have
> CVE-entries and Bugtraq-I
Hi!
Am Fr, den 29.10.2004 schrieb Daniel Bachfeld um 14:14:
> So far we have Bagle AQ, AT, AU, AY and BB for the same worm
> More proposals?
Yes, Bagle.BC from Panda Antivirus.
Regards,
Eduard
___
Full-Disclosure - We believe in it.
Charter: http://
Hi all,
Want to view www.georgewbush.com from outside the US? You can't: Access denied. This
"security" measure (!?) can easily be avoided using a proxy in the US or any anonymous
surfing website though.
So, what is it he doesn't want anyone from outside the US to read ?
Cheers,
SkyLined
So far we have Bagle AQ, AT, AU, AY and BB for the same worm
More proposals?
This is the biggest divergence i've seen the last months. Is there any
reason, why the vendors could not agree on one name? We already have
CVE-entries and Bugtraq-IDs for vulnerabilities.
Why not build up a similar data
Hullo the list..
I have a box at home, running fedora core 1, behind a router, which I
use for serving some dev webpages, and some other miscelaneous stuff..
I'm seeing lots of ssh login attempts with user=root from two or three
IP addresses, after I blocked access at the firewall based on host.
http://news.netcraft.com/
On the other hand, all my friends abroad seems to enjoy a "mirror",
readily available to anybody in the world:
http://www.georgewbush.org/
so they do not seem to care much if the .com one is missing ;) ... and
neither do I, to tell you the truth ...
Stef
On Fri, 29 Oc
===
Ubuntu Security Notice USN-11-1October 28, 2004
libgd2 vulnerabilities
CAN-2004-0990
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warth
Can I point you to this article about it yesterday :)
http://www.theregister.co.uk/2004/10/27/bush_blocking_non-americans/
a
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Berend-Jan
Wever
Sent: 29 October 2004 11:47
To: [EMAIL PROTECTED]
Subject: [Ful
Sehr geehrte Damen und Herren,
ich werde bis zum 08. November nicht im Hause sein. Bitte wenden Sie sich
in dieser Zeit an Hern Jendyk (+49 (0) 202 697 437 oder
[EMAIL PROTECTED]
Mit freundlichen Grüßen,
Dirk Kraatz
Dear Madam or Sir,
I will be out of the office until November 08st. For this peri
Hello ,
>> I've five mails show up in my box just today all of them
>> have attachments with ".cpl" after the attachment name, i.e. "Price.cpl",
>> "Joke.cpl" (below)
RD> http://www.f-secure.com/v-descs/bagle_at.shtml
RD> Bye,
RD> Raymond.
http://www.sophos.com/virusinfo/analyses/w32bagleau.ht
Bagle.bb for nai http://vil.mcafeesecurity.com/vil/content/v_129509.htm
and Bagle.at for TM
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AT
dab
heisec
- Original Message -
From: "Daniel Bachfeld" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, Oc
Hello altmann,
Friday, October 29, 2004, 12:34:48 PM, you wrote:
a> Hi,
a> I've five mails show up in my box just today all of them
a> have attachments with ".cpl" after the attachment name, i.e. "Price.cpl",
a> "Joke.cpl" (below)
It's the latest Bagle variant.
--
Best regards,
Mihai
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 577-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 29th, 2004
> Hi,
> It appears that the signature is
>
> C6C22C mov dl, 2C
> 0003 37 aaa
> 0004 60 pushad
> 0005 C1EFD4 shr edi, D4
> 0008 C4922264C66Ales edx, dword ptr [edx+6AC66422]
> 000E E1
Bagle.AQ Virus
McAfee Dat File 4402 will be available soon
AntiVir is up to date now.
Virus Info:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129509
http://secunia.com/virus_information/13036/
German:
http://www.antivir.de/de/vireninfos/virenlexikon/index.html?show=1&tx_ide
It's a new Bagle-Version: Bagle.ay
it starts spreading a few hours ago.
Daniel Bachfeld
heise Security
.
- Original Message -
From: "altmann" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 29, 2004 11:34 AM
Subject: [Full-Disclosure] Joke.cpl ???
> Hi,
>
> I've five m
if u have physicall access to the box
grab the sam using linux nt password utility which spawns shells on tty3
and 4
and allows you to mount ntfs partitions
so take the sam then remove syskey (bkhive, bkreg, pwdump2)
then l0pht it with lc5
this is on the proviso you have PHYSICAL access to the b
Everybody confess your sins and pray! The new Beagle.AT
e-mail worm spreads like crazy. It went from nothing to
worldwide #1 in 3-1/2 hours.
Most AV firms have already released updated signatures for
detection, but textual virus explanation (description
webpage) is still not there.
Regards: Tamas
Hi,
I've five mails show up in my box just today all of them
have attachments with ".cpl" after the attachment name, i.e. "Price.cpl",
"Joke.cpl" (below)
//
:))
Price.cpl
Description: Binary data
> Ok Mr. Limpy..lol
Just for the record, I fixed that problem I was having with my Linux
install! Of course, I've gone and broken it again, but that's besides
the point. Now you should be referring to me as Mr. No Limbs (it's
completely dead). lol
> Great point about the "career" job. Even if the
56 matches
Mail list logo