On Sun, 19 Dec 2004 23:30:18 -
raza [EMAIL PROTECTED] wrote:
Zero tollerence. What will these doofuses think of next? I bet
they start up a cult of personality around the nation's leader,
including a new salute borrowed from the Romans.
Godwin.
While I gotta agree that experience is what
counts, what (if any) specialist certs should a
tertiary student, with a special interest in
security, use to underpin their prac?
P.S. If I'm too ignorant to warrant a civil
answer, like being told to go to the movies, my
apologies in advance so no
Hello, joe!
Autoconfig script may enumerate hosts which don't require a proxy.
Usually there are a very few intranet servers in corporate network.
You should have prefixed there are very few... with one of two things
1. Relative to the internet...
2. In my experience...
I said usually. What's a
On Fri, Nov 19, 2004 at 11:50:33AM -0500, [EMAIL PROTECTED] wrote:
Linux integration: Tools register themselves as optional add-ons to add new
or extended functionality. If the tool isn't there, all that happens is the
menu items *for that added function* end up greyed out or don't show up,
On Sun, Nov 21, 2004 at 07:55:35PM +0100, Pavel Kankovsky wrote:
Mathematically, this is a very remote possibility, as factoring primes
is probably an NP problem, and P is probably not NP. Neither of these
has been proven, however.
According to my vague recollection of what I heard
Thanks guys, and thanks for the welcome Benjamin.
I figured CISSP would be what to aim for.
Unfortunately Cisco cert is covered by the
networking major at my college while I'm doing
web-design/admin. I guess that means I'm in for
plenty of reading beyond the course and plenty of
prac pentesting
devis wrote:
Please run some unix or at least read about the unix permission system,
and lets pray god this sheds some light in your mono cultured brains.
Here are the relevant points:
1) Despite recent ameliorations of MS ( multi user finally, permissions
... ) and some effort at making the
On Fri, Nov 19, 2004 at 11:44:14AM -0500, [EMAIL PROTECTED] wrote:
For example an email message maybe decrypted withing 48 hours of its
delivery otherwise it become usless or cant be decrypted with the
orignal key
So now it's 3 weeks later, and I can't read the email...
So I set the
Paul wrote:
While I gotta agree that experience is what counts, what (if
any) specialist certs should a tertiary student, with a
special interest in security, use to underpin their prac?
P.S. If I'm too ignorant to warrant a civil answer, like
being told to go to the movies, my apologies
Last time i tested some broadband products,
i stopped @ the T-Sinus 111 a wireless broadband router, labeled by
german Telekom.
This device has an integrated DSL Modem and the security bug is that
you can use the router as a modem every time.
Create on your machine a dialupconnection using the
I would agree with these statements as well. I'm carrying 2 GIACs(GCIA
and GCIH) as well as CISSP. I feel that the CISSP is a very broad
general overview of the concepts of security; however, there are far too
many unqualified people attending boot camps and passing the
examination. The
Very True, not to talk about all the apps that won't run correctly in
Windows because of non-admin rights. Should we all have to give
premissions to special reg keys just to have a app run as a non-admin? I
mean come on...you give us a so called security feature (Run As) and
then it is only
is that windowed applications do not get polled for refresh, so for
example using an explorer instance in a runas will not update the file
listing until you press F5 I have witnessed bad things come of this
Are we able to run Explorer.exe using runas utility...
Vord,
Let's extend your logic a bit...
Given your diatribe, one can easily
make the following assertion and assume your full support:
{It is clear that the internet...being
composed of largely uncontrollable, independent nodes...may easily be subverted
for uses that are counter to the greater
AUTHOR
Komrade
[EMAIL PROTECTED]
http://unsecure.altervista.org
DATE
22/11/2004
PRODUCT
WodFtpDLX is an ActiveX component that supports encrypted and
non-encrypted FTP access to the servers for transferring files.
It can be used in various programs, scripts, web applications to connect
to FTP
AUTHOR
Komrade
[EMAIL PROTECTED]
http://unsecure.altervista.org
DATE
22/11/2004
PRODUCTS
CoffeCup Direct FTP - FTP client for Windows.
CoffeeCup Free FTP - free FTP client for Windows.
AFFECTED VERSION
Versions verified to be vulnerable:
CoffeeCup Direct FTP 6.2.0.62 (latest version)
CoffeeCup
Regarding the Voting Fiasco...
Even *if* they are correct (which is at least debateable) the 130,000 vote
discrepancy they argue for won't overcome Bush's lead of 380,000, so this
is, at best, an academic exercise.
It's a sad day when knowing what the vote WAS is considered an academic
--On Monday, November 22, 2004 02:26:35 AM +0100 Ake Nordin
[EMAIL PROTECTED] wrote:
This (the preamble especially) is what _should_ eliminate
the motion sensors from the list. I'm out on this one (too
lazy to do the math), but is the 802.11b air interface that
resilient (does it really require
Well this is one area I have dealt with too many times. For anyone who has
spent anytime on the MS cert new groups you all know what im talking about.
People who are already employed in IT with out any certs are the firsts ones
to say how worthless they are and how everyone who has them just
The recount in Ohio will cost the state $1.5 million.
Each year, we throw a BILLION AND A HALF dollars down the toilet
harassing GOOD AMERICANS at the airport for no good reason, except to
make incompetent fools Feel Safer.
I think a few million to KNOW if the Vote is Fair is worth it.
--
Mike
Simon Lorentsen wrote:
Hi guys / gals,
Had a conversation tonight, and have been reading the IRC threads and
wondered if anyone could answer the following.
In the following scenario; you are a business, is IRC logs of
conversations and lists of hosts be help up in a court of law if a
client
Good morning friends..
Ok.. I agree about security certifications.
But about networking certifications.. What you think about?
I think is necessary one hard knowledgment in network to do security
certifications.
Jose Ribeiro Junior, CCIE #13841
Systems Engineer
MICROCITY
I try to be considerate and leave our industry open to all, but
bootcampers I have metsheeesh, you may as well just had over the
keys to the castle. In many cases, they think they know what they are
doing and weaken the security overall of the network. i deal with this
daily with my
Monday, November 22, 2004
Thoroughly enjoying the usage of the various electronic greeting cards
going way back when to the days of Blue Mountain, today when the need has
arisen to make usage, horror has been replaced enjoyment by noticing an
ever increasing dwindling of the free cards. To
It's always the assumptive idiots who get it wrong.
*big sigh*
FYI Poof (says it all really) I *did not* get the
quote from bash.org, nor do I use IRC/IM. I was sent
it by a friend in an email quite a while ago...
Therefore your sigh and your question were not needed
muppet.
--- Poof [EMAIL
Vord from the in-famous script kiddie channel #hackphreak!! omg, thats
the biggest no credibility lamer channel ever.
Its channels like #hackphreak which give IRC a bad name, the exact
reason this thread started probably!!
Vord, go back to #hackphreak kiddo.
Scott Renna wrote:
I would agree with these statements as well. I'm carrying 2 GIACs(GCIA
and GCIH) as well as CISSP. I feel that the CISSP is a very broad
general overview of the concepts of security; however, there are far too
many unqualified people attending boot camps and passing the
This is a good point -- you could find a list on securityfocus
(www.securityfocus.com) called Forensics. That might be a better
place to ask this question.
I appreciate any help you can give.
While there are some exceptionally knowledgeble IT folks on this list,
this probably isn't the best
bart
the point was obviously wasted on you. firstly, that it would be
appropriate to consider doing away with all of them [forms of
communication] .. is by no means a logical conclusion to draw from my
premise[s], nor did i ever express or imply such nonsense. however, i
did state rather
--On Monday, November 22, 2004 07:56:14 PM +0530 Sandeep Singh Rawat
[EMAIL PROTECTED] wrote:
Are we able to run Explorer.exe using runas utility...
Of course. You can run any binary using runas. You may have to use
absolute paths, but that's a minor inconvenience.
Paul Schmehl ([EMAIL
I would say to start with lower level certs. I started my career with
the CCNA/CCDA because I did not have enough experience yet to move on to
CISSP. One option you have is the SSCP but that requires 2 years
experience. And I didn't think you were questioning my knowledge at
all, so no
You know, i noticed that recently. I used to be at Symantec and several
analysts had attended GIAC training and never completed the paper. It
always bothered me because it's such an incredible waste of money. As
soon as the paper length for GCIA was dropped to 25 pages, there was a
Mailinglist [EMAIL PROTECTED] wrote:
i stopped @ the T-Sinus 111 a wireless broadband router, labeled by
german Telekom.
This device has an integrated DSL Modem and the security bug is that
you can use the router as a modem every time.
Create on your machine a dialupconnection using the
Good day Scott,
I totally agree with you that the GIAC's certs are definitively very
challenging. I have done a few myself and can only agree.
There are only a few points that bother me with the SANS GIAC certification
process. The first one is that the paper that must be written is done at
Mister Coffee wrote:
Simon Lorentsen wrote:
Hi guys / gals,
Had a conversation tonight, and have been reading the IRC threads and
wondered if anyone could answer the following.
In the following scenario; you are a business, is IRC logs of
conversations and lists of hosts be help up in a court
And we watch the meme's collide.
Dynamically adjusting their data architecture to counter the opposing
meme.
Meanwhile the core data remains uncompromised on both sides. Round and
round we go. Nothing is learned by any involved?
It is informative but is it a mind Virus?
Is it destructive?
On Mon, 22 Nov 2004 11:51:43 CST, Anders Langworthy said:
The CISSP, otoh, supposedly requires 4 years of professional full-time
security work (3 years with a college degree, or 2 years with a BS
Masters in Info Security). Going to a boot camp wouldn't take care of
this requirement.
One of the big problems is the marketing behind some of the certification
and the way people interpret what they are.
A certification like the CISSP is NOT an in depth certification. Let's face
it, you need to have 3 years experience plus a degree in one or more of the
10 domains of expertise
--vord
#hackphreak/undernet
sucka
Go back to the channel you came from.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Most recruiters don't even know what GIAC is. The ones that do are the
ones I talk to.
Clement Dupuis wrote:
One of the big problems is the marketing behind some of the certification
and the way people interpret what they are.
A certification like the CISSP is NOT an in depth certification.
On Sat, 20 Nov 2004 19:16:44 CST, Paul Schmehl said:
Just because someone or some institution has a credible name does not mean
that you accept what they say without even bothering to think about it.
Their study just invigorates the conspiracy theorist element of society
without
At 12:43 PM 11/22/2004, you wrote:
Are we able to run Explorer.exe using runas utility...
Of course. You can run any binary using runas. You may have to use
absolute paths, but that's a minor inconvenience.
Just to clear that up, depending which script/utility you are using to
initiate the
At 02:02 PM 11/22/2004, you wrote:
snipthis is not really the case if you know where to look. Also quite
clearly, the $$$ signs blinded those creating the operation because with
30 seconds of time [and that would be Rolex time !], 10-14 variables and
once constant can be changed to allow access,
--On Monday, November 22, 2004 02:52:57 PM -0500 [EMAIL PROTECTED]
wrote:
Just remember - if there *was* a conspiracy, this is exactly what the
people who were covering it up would say...
Hand me that tinfoil, will ya? :)
I don't believe in conspiracies. They require large numbers of people to
Paul Schmehl wrote:
I disagree. Until the research is credible and vetted, investigating
is premature. Many people don't seem to understand, investigating
supposed discrepancies in the vote costs millions of dollars. The
recount in Ohio will cost the state $1.5 million. That's money that
[SNIP]
A few letters behind your name will not get you those HIGH paying jobs that
unscrupulous people often promise. Experience and a proven track record in
the field will.
Though experience and still a lack of those letters might eliminate one as
a cadidate for those and even
Agreed!
It seems we all have different takes but are on the same side of the fence
on this issue. By no means does a cert make the man. But at one point (at
least in the MS world) that was the case ...all you needed to say was MCSE
and cha ching.
With that not being the case anymore recruiters
I'm still not convinced that, more than a few feet from a device, the
interference would even be detectable.
Though two devices within 10 feet both setup in the same room of another
might well conflict with one another, and might be what the original
poster on device contention was
vord wrote:
and for the record, they would move to another resource is not a
coherent argument against his position [his question, rather]
concerning the elimination of a problem-child medium. perhaps the cost
to society via the spread piracy and virii [more importantly the
altter] isnt worth the
###
Luigi Auriemma
Application: Halo: Combat Evolved
http://www.microsoft.com/games/pc/halo.aspx
Versions: = 1.05
Platforms:Windows and MacOS
Bug: crash
Exploitation:
Sun Java Plugin Arbitrary Package Access Vulnerability
iDEFENSE Security Advisory 11.22.04
www.idefense.com/application/poi/display?id=158type=vulnerabilities
November 22, 2004
I. BACKGROUND
Java Plug-in technology, included as part of the Java 2 Runtime
Environment, Standard Edition (JRE),
* Georgi Guninski:
would prefer to keep my secrets encrypted with algorithm whose breaking
requires *provable* average runtime x^4242 or even x^42 instead of
*suspected runtime* 2^(x/4).
It depends on the constant factors you omitted, including those in the
lower-order terms. 8-)
AES can be
OVERVIEW
Sun Microsystem's Java Plugin connects the Java technology to web
browsers and allows the use of Java Applets. Java Plugin technology is
available for numerous platforms and supports major web browsers.
A vulnerability in Java Plugin allows an attacker to create an Applet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Cyrus IMAP Server multiple remote vulnerabilities
Release Date: 2004/11/22
Last Modified:
True goal is making as much money and influence as possible.
Please read my previous posts on this list regarding that matter.
This is why, Firefox being independant from this OS that carries 60
of its code base as being legacy code for older system hardware and
The Mozilla Suite (and Firefox)
[flame response] firstly, n3td3v is only mad because i happened to ban
him from #hackphreak ... which is incidentally the current home of
former/current members of [where to begin?] rhino9, w00w00 ... and
of course, people who're currently employed at CA/ISS/M$/FS/SIDC. the
list goes on. are we
-- Forwarded message --
From: SecurityWatch [EMAIL PROTECTED]
Date: Mon, 22 Nov 2004 17:07:13 -0500
Subject: Security Watch: Source Code Dealer Arrested
To: Crew-x Security [EMAIL PROTECTED]
November 22, 2004
Security Watch
http://mcpmag.com/security/
http://ENTmag.com
On Mon, 22 Nov 2004, bkfsec wrote:
Paul Schmehl wrote:
I disagree. Until the research is credible and vetted, investigating
is premature. Many people don't seem to understand, investigating
supposed discrepancies in the vote costs millions of dollars. The
recount in Ohio will cost
An internet zorro. Just what we need.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of n3td3v
Sent: Monday, November 22, 2004 9:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Why is IRC still around?
Vord from the in-famous script kiddie
good its my birthday , send me something good
On Mon, 22 Nov 2004 16:17:43 -0500, rp [EMAIL PROTECTED] wrote:
At 02:02 PM 11/22/2004, you wrote:
snipthis is not really the case if you know where to look. Also quite
clearly, the $$$ signs blinded those creating the operation because with
30
Good day Jericho,
Remember that we are talking about someone who is NOT an IT person, someone
who is NOT a security person. I see people who have lots of networking and
system administration under their belt that spent a fair amount of time
getting prepared.
If you can pass in the condition
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: libxpm4
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: XFree86
Advisory ID:
My thanks to all who replied both on off-list.
Your various points have been noted.
Regards
=
one step at a time...
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
___
Full-Disclosure - We believe in it.
On Thu, 4 Nov 2004, Stefan Esser wrote:
Nice try Ron,
while PHP indeed had lots of advisories in the past, your
list is FUD.
It's not *my* list, just happens to be the list I grabbed for context to
this thread. The list was compliled over the years on security focus, I
claim no ownership!
65 matches
Mail list logo