Hi List,
I was just wondering is there any encrytpion alogortim which expires with time.
For example an email message maybe decrypted withing 48 hours of its
delivery otherwise it become usless or cant be decrypted with the
orignal key
Gautam
--
Gautam R. Singh
http://gautam.techwhack.com
--- Micheal Espinola Jr [EMAIL PROTECTED]
wrote:
Yep, something is awry with Firefox's cookie
management. it pisses me
off. I disconnect from a site (close the browser),
but the next time
I open FF, all my cookies are acting as if they are
still live.
The Maxthon add-on for IE does
Hello, Danny!
This makes sense now, thanks Raoul!
One more question: to make things more secure, do you have any tips on
what settings to change in the firefox.js file? It's contains a lot of
info. :)
Very usable references here:
http://thegoldenear.org/toolbox/windows/docs/mozilla-pre-config.html
interesting question
presumably there would have to be a time stamp as part of the sig which if
it was too old then the message would get discarded
you would have to hash the time as otherwise it would be open to spoofing
think kerberos has this facitlity but it tends to be **MUCH** tighter
Hello,
Looks like new Sober.I worm is set to cause a medium sized
epidemic, AV firms are starting to send out warnings to
their public mailing lists now.
It would be way cool if Mr. Zarkawi has beheaded all the
VXers for breaking the muslim holy day of Friday. I would be
dancing in the streets.
not that kerberos is of use for your application
however i did find this
http://www.theregister.co.uk/2003/10/22/microsoft_launches_selfdestructing_email_false/
slightly heavy handedly there is this
http://www.mailexpire.com/
there's this which claims to use openpgp but which is online
I agree - the default cookie manager leaves much to be desired. I've
found a very useful extension called CookieCuller that handles them
much better, allowing you to save or clear cookies with a single
click. Plus, you can view the information contained in the cookie
without having to do anything
Hello, Esmond!
Offline folders work as well as roaming profiles do : nice fast networks
and low overhead/beefy servers work well, odd things happen if you have
impatient users with laptops, wireless etc. Sometimes its simply easier
to have a scheduled task sync files to a local folder. This will
Micheal,
you can use the Web Developer Extension to delete domain cookies
whenever you want.
Paulo Pereira
quote who=Micheal Espinola Jr
Yep, something is awry with Firefox's cookie management. it pisses me
off. I disconnect from a site (close the browser), but the next time
I open FF,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Could you please define integrated? English isn't my primary
language...
Integrated is similar to saying is part of or united. For future
reference (and more info), Google can also be extremely handy in such
a case. Doing a Google search for:
:-D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
GuidoZ schrieb:
I agree - the default cookie manager leaves much to be desired. I've
found a very useful extension called CookieCuller that handles them
[...]
On Fri, 19 Nov 2004 00:10:33 -0500, Micheal Espinola Jr
[EMAIL PROTECTED] wrote:
Community Website: http://www.securityforest.comCommunity IRC channel: irc://irc.unixgods.net:/securityforest
Table of
contents= Summary The Open Source
Idea Tree's in the Forest
ExploitTree ToolTree
TutorialTree LinkTree GreenHouse
Thanks
[ SQL-injection in Invision Power Board 2.x ]
MaxPatrol Security Advisory 11.18.04
November 18, 2004
Release Date: November 18, 2004
Date Reported:November 12, 2004
Severity: High
Application: Invision Power Board v2.x
Affects
In my opinion, there are two defintions for integrated. For most
people, it means a works with b. For Microsoft, it means a can
not work without b. Firefox is definitelyl the former because I use
it both under Linux and under Windows, and I'm trying to get it to
work on my Zaurus.
On Fri, 19
Thanks, will do!
On Fri, 19 Nov 2004 10:43:06 +, GuidoZ [EMAIL PROTECTED] wrote:
I agree - the default cookie manager leaves much to be desired. I've
found a very useful extension called CookieCuller that handles them
much better, allowing you to save or clear cookies with a single
can you define medium sized epidemic?
Any new features / functionality?
-KF
[EMAIL PROTECTED] wrote:
Hello,
Looks like new Sober.I worm is set to cause a medium sized
epidemic, AV firms are starting to send out warnings to
their public mailing lists now.
It would be way cool if Mr. Zarkawi has
Autoconfig script may enumerate hosts which don't require a proxy.
Usually there are a very few intranet servers in corporate network.
You should have prefixed there are very few... with one of two things
1. Relative to the internet...
2. In my experience...
I have been on several large
--On Thursday, November 18, 2004 09:32:27 AM -0600 Paul Schmehl
[EMAIL PROTECTED] wrote:
--On Wednesday, November 17, 2004 12:41:44 PM -0500 Lachniet, Mark
[EMAIL PROTECTED] wrote:
Could also be RF interference. One of my coworkers tracked down a
particularly interesting problem with motion
On Fri, 19 Nov 2004 13:57:31 +0100, Borja Marcos said:
Given that Firefox is integrated in Linux... ¿Will I be able to use
Linux wthout Firefox? Or, ¿is Firefox an operating system module? Being
Hint: Linux is over 10 years old, and FireFox just came out. What did Linux
do before FF
Georgi, you obviously aren't in touch with the real world if you don't
realize which OS and browser comprise a vast majority of the market. That
penetration often dictates for many IT professionals which OS they will be
working on if they actually choose to work in the field. When you specify
our
This message is primarily destined to all MS trolls, no matter their
levels, and i can see so many in this list that i am happy to target a
large audience.
Please run some unix or at least read about the unix permission system,
and lets pray god this sheds some light in your mono cultured
On Fri, Nov 19, 2004 at 10:51:43AM -0500, joe wrote:
Autoconfig script may enumerate hosts which don't require a proxy.
Usually there are a very few intranet servers in corporate network.
You should have prefixed there are very few... with one of two things
1. Relative to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Illegalaccess.org Advisory: Opera 7.54 Java vulnerabilities
Author: Marc Schönefeld, www.illegalaccess.org
Summary
Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious
applets to gain unacceptable privileges. This allows them to
ifconfig_xl0 wrote:
If you open two gmail accounts in two different firebird/fox browsers
the first account logged into after a refresh becomes the second
acccount. Or if you send an e-mail with the second account, it may
send as the first and refresh back as account1.
So if you login with
-- Corsaire Security Advisory --
Title: Netopia Timbuktu remote buffer overflow issue
Date: 20.07.04
Application: Timbuktu v7.0.3
Environment: Mac OS X (10.1, 10.2, 10.3)
Author: Stephen de Vries [EMAIL PROTECTED]
Audience: General release
Reference: c040720-001
-- Scope --
The aim of this
Yeah, I'd like for my country to accummulate all the available computer
security knowledge too...one heck of a competative advantage to have.
Registrant:
Alon Swartz
Har Sinai St
Raanana, NA 43307
Israel
Registered through: GoDaddy.com
Domain Name: SECURITYFOREST.COM
I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1.
There is such a thing as runas for Windows.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of devis
Sent: Friday, November 19, 2004 11:10 AM
Cc: [EMAIL PROTECTED]
Subject: Re: [in]
On Fri, 19 Nov 2004, Gautam R. Singh wrote:
I was just wondering is there any encrytpion alogortim which expires
with time. For example an email message maybe decrypted withing 48
hours of its delivery otherwise it become usless or cant be decrypted
with the orignal key
No.
If a certain
On Fri, 19 Nov 2004 13:09:19 +0530, Gautam R. Singh said:
I was just wondering is there any encrytpion alogortim which expires with tim
e.
For example an email message maybe decrypted withing 48 hours of its
delivery otherwise it become usless or cant be decrypted with the
orignal key
So
--On Friday, November 19, 2004 12:12:10 AM + Jason Coombs
[EMAIL PROTECTED] wrote:
http://www.computerworld.com/governmenttopics/government/policy/story/0,1
0801,97614,00.html?nas=PM-97614
I wouldn't trust anything coming out of Bezerkley without confirmation from
competent researchers
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of script kiddies originate and grow through IRC?
3) A wee
On Thu, 18 Nov 2004, rexolab wrote:
VulnDiscovery:2003/05/21
Release Date :2004/11/17
Surely you're joking, Mr. Gangstuck. You can't seriously be telling us
you sat on this for no less than 18 months, without telling anybody about
it.
Actually, I somewhat doubt you even discovered this
-- Corsaire Security Advisory --
Title: Danware NetOp Host multiple information disclosure issues
Date: 19.06.04
Application: Danware NetOp prior to 7.65 build 2004278
Environment: Windows NT/2000/2003/XP/98
Author: Martin O'Neal [EMAIL PROTECTED]
Audience: General release
Reference: c040619-001
On Fri, 19 Nov 2004 11:22:31 -0500, KF_lists [EMAIL PROTECTED] wrote:
can you define medium sized epidemic?
Any new features / functionality?
Not too much, except for the fact that it also arrives with the
following attachment extenstions: .doc, .txt, and .word
Which are not typically blocked
Windows doesn't tell you about the Admin account and makes the default
user a Admin. That isn't best method as you know.
RunAs is great..but that is only good once you create a normal user -
and then delete your new default user. Or you log in in Administrator
and take away the full control of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
while looking at the changelog for 2.4.28, I've found, that a bug I
independently came over some days ago has been fixed in that release:
David S. Miller:
o [AF_UNIX]: Serialize dgram read using semaphore just like stream
That fixes missing
dear j0e,
all i wanted to say is that there are minorities in the real world, who don't
load a browser or even graphics and they don't need anyone to let them.
i believe these minorities in real world can do more things than the
windoze lusers (whose main purpose is to be free shell providers),
That's because the Internet is free and no one can control what survives on
it. What survives isn't what is *ethical* but what is *useful*. And IRC is
very useful for some people, so it's here to stay.
The problem is not IRC; the problem is the misuse some people make of it. We
cannot make
It arrives at .doc, .txt and .word?
Where are you seeing that?
It can't be very dangerous as a TEXT file. As far as I know it uses the
normal double extensions tricks. Any good email filter should pick
this up and you should be fine. Anyone that just clicks on random
attachments in their
Pavel Kankovsky wrote:
If a certain deterministic computation (e.g. decryption) can be made in
time T, then it can be made in any time T' T.
This is true for breaking a cipher by brute force, but it doesn't
account for (stop looking at me) somehow incorporating a timestamp into
the encryption
How does it infect somebody if it's using a .txt file?
Ron Bowes
Information Protection Centre
Government Of Manitoba
204-945-1594
-Original Message-
From: Danny [mailto:[EMAIL PROTECTED]
Sent: Friday, November 19, 2004 11:07 AM
To: KF_lists
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Microsoft integration: You remove the application that plays
MPEG movies from a system that has never needed to play MPEG
movies, and never will need to - and your system won't boot anymore.
Example - Anyone with XP, do a search for mplayer2.exe? What is this
you ask? It is media player 6.4
It shouldn't take a wireless expert to tell you that...he should try it.
I pick up all types of weird stuff all the time in Kismet..and it looks
like something..but I know it isn't..the SSID is A^B^C^B^D^S^G, or in
other words, trash.
-Original Message-
From: [EMAIL PROTECTED]
Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies)
Join #n3ws at EFnet, that's legit and not to speak with your buddies, yep ,
you will fall asleep less stupid tonight ...
class101
___
Even better idea: Get sunset internet1
/me just solved problems 1-5
On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a
On Thu, 18 Nov 2004 10:46:50 GMT, Joel Merrick said:
Maybe it'll get leaked on the net and we'll find out they use a hard
coded DES key that I could crack with my casio watch ;)
No, ROT13 is way leet strong crypto as long as nobody knows it, as
Skylarov found out... ;)
pgpG2hTqU9Pd6.pgp
Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
And? There are a hell of a lot of normal users on IRC too who don't
Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
It is not IRC that is the problem, it is the people on IRC that cause
problems.
Guns don't kill people all by by themselves; people kill
How exactly do you propose to accomplish this? IRC is an open protocol and
there are many open clients and open servers which can run on any port, and
run encrypted with SSL.
So do you intend to scan every computer on the Internet on port 6667, and
shut down every server found running, the
Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
?
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
email, http, aol users;)?
2) A considerable amount of script kiddies
Unfortunately IRC is not the problem. Removing IRC will cause the
systems that use it to leverage another control channel. The people that
abuse it will use another forum...
The problem is that systems exist that can be mass exploited and used to
coordinate attacks and that there are people
Oh, crap s/Get/Why not/
Sorry
On Fri, 19 Nov 2004 12:49:32 -0600, shrek [EMAIL PROTECTED] wrote:
Even better idea: Get sunset internet1
/me just solved problems 1-5
On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote:
Well, it sure does help the anti-virus
On Fri, 19 Nov 2004 12:17:09 -0800, Mister Coffee
[EMAIL PROTECTED] wrote:
Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck
On 19 Nov 2004, at 08:35, Xavier Beaudouin wrote:
Thanks. I thought that it had more meanings :-D
Given that Firefox is integrated in Linux...
It isn't.
...
Result : Firefox is not integrated in Linux, it is a third party
software as /bin/bash or whatever that is given as a giveaway on
On Fri, 19 Nov 2004 12:40:26 EST, Danny said:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of script kiddies originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies
Well, fellow F-D'ers, thanks to the vast array of intelligence and
experience found on this list, my rant about abolishing IRC has been
proven to be far from a solution.
Maybe I will throw my suggestion in as Feature Request for Internet2. :D
...D
___
Wow, I think you have a great point! To add to the list, Los Angeles
has quite a bit of crime, so I think that it should be removed from
the face of the planet. Of course, I think some fraud has been
occurring on eBay--remove them also. Oh, and some Catholic priests
have been in the news for
On Fri, 19 Nov 2004 13:12:31 EST, Crotty, Edward said:
I'm not a Win based guy (troll?) - Un*x here - and even I was offended by #1.
There is such a thing as runas for Windows.
Yes, but is *the main design* of the system run as a mortal, and use
the 'runas' for those things that need more?
Danny wrote:
Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
Many people use IRC; and still do. It's a legitimate medium I've used
since the 80's for it's intended purpose. Your abolish
Wow, NICE analogy Jeff!
While IRC is here to stay... The future seems more like servers that're only
hosted through big companies/etc as most datacenters are 'forbidding' use of
IRC(Ports 6660-6669, 7000) on their network.
Just a thought.
~
That's because the Internet is free and no one can
On Fri, 19 Nov 2004, Danny wrote:
What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?
Narrow minded or not, it's irrelevent. Sure, the world *might* be a
little teenie bit safer without IRC, but then, the same could be said
My mistake; I was referring to the discussion, collaboration, and
creation, not the spread.
You mentioned DDoS attacks below. I don't believe that use is a form of
discussion, collaboration, or creation.
Some say we should, but I am not one of those. My point was to get rid
of the most well
One alternative - silc. http://www.silcnet.org/
G
On or about 2004.11.19 12:40:26 +, Danny ([EMAIL PROTECTED]) said:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of
On Fri, 19 Nov 2004 14:47:36 -0600, Bowes, Ronald (EST)
[EMAIL PROTECTED] wrote:
How exactly do you propose to accomplish this? IRC is an open protocol and
there are many open clients and open servers which can run on any port, and
run encrypted with SSL.
So do you intend to scan every
Paul Schmehl wrote on 11/19/2004 11:07:47 AM:
--On Friday, November 19, 2004 12:12:10 AM + Jason Coombs
[EMAIL PROTECTED] wrote:
http://www.computerworld.com/governmenttopics/government/policy/story/0,1
0801,97614,00.html?nas=PM-97614
I wouldn't trust anything coming out of
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Rot 13 may not be strong but rot12 is. I once posted a string that I
only rotated 12 chars to my blog and it took a month before anyone
figured it out that probably says more about the iq of the people
reading my blog than the security of rot13.
Adam
Where is it written in the
On Fri, November 19, 2004 9:40 am, Danny said:
2) A considerable amount of script kiddies originate and grow through
IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated
through IRC?
5) The anonymity of the whole thing helps to
On Fri, 19 Nov 2004 15:54:54 -0500, Tim
[EMAIL PROTECTED] wrote:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
Isn't email the primary spreading mechanism of viruses?
My mistake; I was referring to the discussion, collaboration, and
creation, not the spread.
Dear Joe,
So many out there use MS OS doesnt make it the best just as so many
people go to McDonalds doesnt mean they make the best food
--
(FROM LINKS TO LINKS WE ARE ALL LINKED)
cheers.
morris
___
Full-Disclosure - We believe in it.
On 10:50, Fri 19 Nov 04, Paul Schmehl wrote:
--On Thursday, November 18, 2004 09:32:27 AM -0600 Paul Schmehl
[EMAIL PROTECTED] wrote:
--On Wednesday, November 17, 2004 12:41:44 PM -0500 Lachniet, Mark
[EMAIL PROTECTED] wrote:
I find it hard to believe that this is possible. 2.4Ghz is the
I have never replied to anything on this list (I read it to keep up to date
on vulnerabilities, but im not really qualified to contribute anything) but
this particular message has peaked my interest.
1. Agreed, by using flaws in IE they then go on to subvert mirc into
spamming people.
2. They
On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
If you mean
If you DID manage to take away IRC, they'd find another way to manage their
bots. Perhaps they'd all migrate their DDoS nets to Battle.net. /jokes
Ron Bowes
Information Protection Centre
Government Of Manitoba
-Original Message-
From: Danny [mailto:[EMAIL PROTECTED]
Sent: Friday,
An excellent question.
On Fri, 19 Nov 2004 12:40:26 -0500, Danny [EMAIL PROTECTED] wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck
Andrew Farmer wrote:
In fact, I'm not so sure it's even a component of Nautilus. Is this a
recent change?
Nope - it depends on how you install Nautilus, though. I know that on a
number of RH systems I've had to configure lately, Mozilla is a
dependancy (not firefox) because Nautilus seems to
I wish it was possible, but it just wouldn't work. The hackers would
move onto the next best chat system, whatever that may be at the time.
For it ever to work, you would need to ban all chat communications and
peer 2 peer on the internet, and thats unlikely to happen, and would
be hard to
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
Isn't email the primary spreading mechanism of viruses? should we
sunset email?
2) A considerable amount of script kiddies originate and grow through IRC?
And if there were no IRC, they would use AIM, or MSN
On Fri, 2004-11-19 at 20:40, Jeremy Davis wrote:
Are you able to change root's name in nix? Why not if the answer is no?
(Things would break right? UID 0?) Knowing the account name is
two-thirds of the battle.
In windows it's fairly easy to change the admin name.
Not a professional here just
I 100% agree with you. I never said MS was the best or even that they should
always be used. In fact in many occasions I have pushed for alternative
answers for companies who were customers.
Being the best or even better doesn't mean you will become the most popular
either. Look at Apple. Look
Hi Gregory,
As to my knowledge, the internet is a
global network and all the information contained within is openly available. I
also don't see the "advantage" you have mentioned - are we at competition with
one another ?
Secondly, thanx for the complement on the
"idea".
As mentioned in
81 matches
Mail list logo