Re: [Full-Disclosure] Possible DNS compromise/poisoning?

ndows solution. Regards, Ben pgpYMkxtWM9t6.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] OpenSSH is a good choice?

is a useful part of a layered security approach, if only to inhibit worms. -- Ben Hawkes pie.sf.net (fiver) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Network Sniffing

pcap (tcpdump) output natively snort -- for all your IDS needs dsniff -- for monitoring traffic and capturing passwords when necessary tcpdump -- I use this most often. Great for quick, down-n-dirty sniffs. --Ben Crehan, Joe (EM, ITS, Contractor) wrote: Gentleman, I have been having all kinds of q

Re: [Full-Disclosure] Network Sniffing

, etc) ethereal -- good protocol analysis, reads pcap (tcpdump) output natively snort -- for all your IDS needs dsniff -- for monitoring traffic and capturing passwords when necessary tcpdump -- I use this most often. Great for quick, down-n-dirty sniffs. - --Ben Crehan, Joe (EM, ITS, Contractor)

RE: [Full-Disclosure] Blackbox: Elections fraud in 2004

See also. http://www.commondreams.org/headlines04/1106-30.htm > -Original Message- > From: J.A. Terranson [mailto:[EMAIL PROTECTED] > Sent: Monday, 8 November 2004 9:09 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [Full-Disclosure] Blackbox: Elections f

[Full-Disclosure] Patch Integration Engine (PIE) alpha release

nternet services have no HUP reexcution at all. I hope to get some of these ideas in to a FAQ in the recent future, but for the moment it would be great to get some feedback on the list on whether PIE might have a use beyond research experimentation. -- Ben Hawkes (fiver)

[Full-Disclosure] Re: iDEFENSE - New Tricks [web censorship!]

graceful behaviour and closed-shop, secret-club so-called 'alliance'.. taking full-disclosure information, turning it into a 'product' for their fee-paying members, then violating the principles of full-disclosure on their 'discoveries' for finacial gain. cheap.) r

Re[2]: [Full-Disclosure] iDEFENSE - New Tricks [web censorship!]

ience, not hacking or security. They would be lucky to read bugtraq. > On Wed, 11 Aug 2004, Ben Ryan wrote: > : [Len and others: > : Some info on iDEFENSE and their attempts to censor sites they believe are > : 'dangerous'.. considering their hatred for the principles of

[Full-Disclosure] iDEFENSE - New Tricks [web censorship!]

[Len and others: Some info on iDEFENSE and their attempts to censor sites they believe are 'dangerous'.. considering their hatred for the principles of speech and full disclosure in security, if this snowballs way out of control, could FULL-DISCLOSURE be next??] Remember them? Didn't they try sel

Re: [Full-Disclosure] Fortinet Firewalls

audience, that is, except pretty vacant who has a rather more difinitive answer :-) I think you might have hit on something there PV hl wrote: --On Monday, August 02, 2004 04:56:42 PM +0100 Ben <[EMAIL PROTECTED]> wrote: Anyone had any experience with these - they claim to be able to

[Full-Disclosure] Fortinet Firewalls

Anyone had any experience with these - they claim to be able to offer content filtering and there by detect malicious content embedded into HTML, as well as the usual deliver systems. Sounds interesting my only concern is how you would stay on top of each new threat... Many thanks

Re: [Full-Disclosure] one new trojan

On Saturday July 24 2004 20:55, Willem Koenings wrote: > hi, > > > NAV does recognise it as Trojan.ByteVerify. > > do you talk about those java components or about web.exe? > those java components are indeed recognized, as byteverify > vulnerability is old enough and in this context java is > used

RE: [Full-Disclosure] How big is the danger of IE?

h as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). " I hope this helps. Best Regards, Skander Ben Mansour -Original

RE: [Full-Disclosure] How big is the danger of IE?

atures such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). " I hope this helps. Best Regards, Skander Ben Mansour

Re: [Full-Disclosure] software burning cpu or mobo ?

Georgi, my understanding is that some CPUs have thermal shutdown safeguards. I have been told by friends that AMD CPUs seem to be over clocking "friendly" in that sense. I have no personal experience over clocking my CPU. However, I once fixed a friend's PC, it was locking up because it was ov

Re: [Full-Disclosure] PIX vs CheckPoint

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You must have some static's in place then, which is a static 'NAT' translation. Cyril Guibourg wrote: | "Otero, Hernan (EDS)" <[EMAIL PROTECTED]> writes: | | |>I think you do, because at least a nat 0 it´s needed to get traffic passing |>through

Re: [Full-Disclosure] MS Anti Virus?

I think everyone missed Nick's point. Since reversers work for the competition, don't you think they would find and use the M$ undocumented API? M$ would not be dumb enough to try it, since their competition in this market is comprised of reverse engineers, who would simply "counter-innovate" b

Re: [Full-Disclosure] Akamai

Don't think so?.ask Google or Yahoo. - --Ben james edwards wrote: |>I've just been told that it was a DoS. No details. | | | Unlikely, Akamai is an overlay network & the root content node is not | reachable. | Akamai can in real time spread web traffic through out their globa

[Full-Disclosure] agobot source code

Anyone have this available for me to download? I tried googling, and kazaa to no avail. Thanks. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] User bypass privs for Mysql??

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Esler, Joel - Contractor wrote: | I did not have the grant priv, I had select, insert on mysql db. (I did | log in as a different user --i.e. not root) Using MysqlCC I changed the | Grant field from N to Y, and then could grand myself all privs to eve

Re: [Full-Disclosure] User bypass privs for Mysql??

another user? Also, you say you edited your 'Grant' from N to Y and then you instantly had all privs? Or did you edit you Grant from N to Y and then go grant yourself all privs? More information please. - --Ben Esler, Joel - Contractor wrote: | Not having any grant permissions. I went

[Full-Disclosure] New LSASS-based worm finally here (Sasser)

t; http://isc.sans.org/diary.php?date=2004-04-30 .-~-.____ Ben Ryan Forrest Computing and Consulting 97 Ryalls Lane, Strathfieldsaye VICTORIA, AUSTRALIA 3551 Cellphone: +61-(0)417-502061 Land: +61-(0)3-54393481 Fax: +61-(0)3-54393482 Email: ben(at)bssc.edu.au Email: b

[Full-Disclosure] RE: Risk between discovery and patch (was: The new Microsoft math)

something like RPC then people start focusing on it - after MS03-026 and 039 we have seen a rash of new RPC problems in a similar vein that were left unpatched for months. It is far from impossible that Bad People could have found and exploited them independantly within t

Re: [Full-Disclosure] People who ask support questions on FD

I don't think you guys understand that MORTIS's request is a farse... See the "viruses being sent to this list" thread a few days back... I found MORTIS's comment freakin' hilarious! KUIJPERS Jimmy wrote: I totally agree with you, and I find your message very polite where Mortis's message seem

Re: [Full-Disclosure] SMTP Encryption (S/MIME) for Outlook question

Brandon, we use Mozilla, and it's S/MIME features. You can get free personal certs from thawte.com. Also, we use postfix for our mailserver, and have enabled TLS, where available (from client to server, and sometimes from server to server) the SMTP traffic is encrypted. The remote server must

Re: [Full-Disclosure] Possible Comprimised IIS 5 on Win2k help

Some useful info for beginners is here: No Stone Unturned: Part One http://www.securityfocus.com/infocus/1550 It basically presents some ideas for incident response, and provides descriptions and links for many useful tools. I would suggest reading through that set of articles to get an idea of h

Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"

Schmehl, Paul L wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Burroughs Sent: Thursday, March 18, 2004 2:17 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps" Updating any OS is

Re: [Full-Disclosure] NEVER open attachments

need to either change MUA's or deal with it. - --Ben VB wrote: | NEVER open attachments | | | Isnt this what we have been taught? haven't we tried to pound this simple | rule into the heads of our users? Do we not practice what we preach? then | why do several users of this list only se

Re: [Full-Disclosure] a question about e-mails

o maybe 'broken' is an unfair description. 'Poorly configured' may be a better choice of words. - --Ben Nico Golde wrote: | Hallo Ben, | | * Ben Nelson <[EMAIL PROTECTED]> [2004-02-27 22:28]: | |>Hash: SHA1 |> |>Sounds like a broken MTA to me. | | | why? | rega

[Full-Disclosure] OpenPGP (GnuPG) vs. S/MIME

port seems to be included into a lot of common MUA's. Is this because of licensing issues with commercial PGP? Or is including S/MIME support just easier, so developers include it out of convenience. Thoughts? - --Ben -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linu

Re: [Full-Disclosure] a question about e-mails

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sounds like a broken MTA to me. Nico Golde wrote: | Hallo Chris, | | * Chris Smith <[EMAIL PROTECTED]> [2004-02-26 13:50]: | |>>I have a question for it experts. I want to learn if there is any way of |>>understanding/finding the e-mail addresses at BC

Re: [Full-Disclosure] Sample of Mydoom A & B

iverse" issue in the Hitch- hiker's Guide... Sounds a bit elitist to me.this is "FULL DISCLOSURE" is it not? What about the researcher (or random curious student) who does not have a relationship with any 'hackers' or anti-virus vendors whom they could ask for viru

Re: [Full-Disclosure] MyDoom bios infection

could interact with your network card, it would require the correct driver routines for your particular card. Does the virus come with network card drivers for a variety of cards? No? Then BIOS code won't open a TCP port. Regards, Frank It would need a TCP stack too, would it not?

Re: [Full-Disclosure] Security conferences

www.sans.org n30 wrote: Guys, Anybody aware of calender / list of security related conferences worldwide?? Any links / pointers helpful Thanks in advance -N ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-chart

Re: [Full-Disclosure] Is the FBI using email Web bugs?

rtainly can't hurt and is good security policy in general. --Ben ~ -Original Message- From: [EMAIL PROTECTED] [mailto:full-disclosure- [EMAIL PROTECTED] On Behalf Of Ben Nelson Sent: Wednesday, January 07, 2004 7:34 PM To: Gregh Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] I

Re: [Full-Disclosure] Is the FBI using email Web bugs?

t access from OE *EXCEPT* those that are needed? (probably 25, 110, 143) --Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Wireless Security

ot; solution is to do all the fancy wireless stuff, but imagine your WLAN is the Internet and make users VPN in from it. Cheers, ben snip--- We touched on this briefly a little while ago, when we were talking about 802.1x, so you might want to go and read the recent archives. If you like,

Re: [Full-Disclosure] Re: Remote root exploit for mod_gzip (with debug_mode)

I s'pose it's only a 'root' exploit if you're running your webserver as root. --Ben martin f krafft wrote: also sprach Alexander Antipov <[EMAIL PROTECTED]> [2003.11.20.2028 +0100]: / uid=99(nobody) gid=99(nobody) groups=99(nobo

Re: [Full-Disclosure] syslog consolidation

I've had pretty good luck with syslog-ng . Easy to configure and pattern matching for log separation works great in my situation. --Ben Ivan Coric wrote: Hi List, I am looking into consolidation tools for syslog and syslog daemon replacement and would like to hear from the list on

Re: [Full-Disclosure] Proxies

of the security architecture. If you can't enforce the policy, there's no incentive to follow it. $.02 --Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Proxies

you should be good to go. --Ben Earl Keyser wrote: Help needed, please. We use all cisco networking gear. Currently using a cisco cache engine with SmartFilter to "manage" the surfing for our staff/students. As usual, the little devils figured a way to get around it. They went to Go

Re: [Full-Disclosure] Proxies

you should be good to go. --Ben Earl Keyser wrote: Help needed, please. We use all cisco networking gear. Currently using a cisco cache engine with SmartFilter to "manage" the surfing for our staff/students. As usual, the little devils figured a way to get around it. They went to Go

Re: [Full-Disclosure] 27347

http://www.iss.net/security_center/advice/Exploits/Ports/27374/default.htm Joe Blow wrote: Anyone ever find out what this was? Do you Yahoo!? Exclusive Video Premiere - Britney Spears

Re: [Full-Disclosure] Microsoft plans tighter security measures in Windows XP SP2

yossarian wrote: Most of it appears to be tighten the defaults. Usefull, yes, but not very new.. New or not, it is one of the major gripes I always hear from Sys Admins in reference to MS software. No doubt, it should have happened a long time ago, butas they saybetter late than never.

Re: [Full-Disclosure] Coding securely, was Linux (in)security

[EMAIL PROTECTED] wrote: > On Wed, 29 Oct 2003 12:08:20 GMT, Ben Laurie said: > > >>Duh. That's a complete misunderstanding of the halting problem - which >>is, in essence, that you can't write a program which can predict, in >>general, whether another prog

Re: [Full-Disclosure] IDS Evasion

Here's a good start: fragroute -- http://www.monkey.org/~dugsong/fragroute/ snot -- http://www.stolenshoes.net/sniph/index.html stick -- http://www.eurocompton.net/stick/projects8.html whisker and a few IDS evasion papers -- http://www.wiretrip.net/rfp/ --Ben simon wrote: -BEGIN PGP S

Re: [Full-Disclosure] Coding securely, was Linux (in)security

ting Problem. > > In other words, you can't prevent DoS-via-infinite-loop based on input. Duh. That's a complete misunderstanding of the halting problem - which is, in essence, that you can't write a program which can predict, in general, whether another program will halt. Its

Re: [Full-Disclosure] New Microsoft security bulletins today

them elsewhere. --Ben Jerry Heidtke wrote: Microsoft just issued 7 new security bulletins: 5 for various Windows version and 2 for Exchange. Six are rated "critical", one is "important". Just to refresh your memory, a critical vulnerability is one that can be exploited remotel

Re: [Full-Disclosure] New port 901 scans

I can confirm. I've been seeing an increase in TCP/901 scans for the last 4-5 days. --Ben On September 19, 8:52 am "J. Race" <[EMAIL PROTECTED]> wrote: > I'm seeing an increase in port 901 scans this morning starting a little > over 3 hours ago, all from ind

Re: [Full-Disclosure] sans.org

I have 3 geographically dispersed data centers and 2 of the 3 can look up those names successfully. The one that can not look them up can not look up www.giac.org either. On September 2, 1:29 pm "lepkie" <[EMAIL PROTECTED]> wrote: > maybe off topic > > can anyone resolve www.sans.org or www.inci

Re: [Full-Disclosure] Lets discuss, Firewalls...

wicked' screensaver ;) and your box gets infected with some worm. Do you really want your box to be able to advertise to the world that it's infectedand possibly infect other boxes? --Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Authorities eye MSBlaster suspect

that network (be it an infected windows box or one of my hundreds of unix boxes) was, at the very least, significantly slowed down. --Ben On August 29, 10:18 am "morning_wood" <[EMAIL PROTECTED]> wrote: > if the worm was active in anticipation of a patch that intoduced a new >

Re: [Full-Disclosure] Subject prefix changing! READ THIS! SURVEY!!

Option 1: scrap it --Ben On August 21, 11:43 am Chris Cappuccio <[EMAIL PROTECTED]> wrote: > Hey folks, > > ALL LIST MEMBERS ARE ENCOURAGED TO RESPOND AND MAKE A CHOICE AS TO HOW > THEY WANT THIS BASIC FUNCTION OF THE LIST TO CONTINUE OPERATING. > > The subject h

RE: [Full-Disclosure] SoBig.F strange problem

are some mail clients out there that are resending the message but removing the file attachment. I've also seen quite a few messages that have what appears to be a truncated version of the malicious attachment or a replacement all-together (which contains

Re: [Full-Disclosure] Vulnerability Disclosure Debate

Joel R. Helgeson wrote: > Managing security by applying patches is fundamentally flawed. The > programmers need to write secure code. The onus is on them, not us. If you don't like my software, don't run it. Don't presume to tell me what I should write for you. -- http://www.apache-ssl.org/ben

RE: [Full-Disclosure] DCOM RPC exploit failed

Title: RE: [Full-Disclosure] DCOM RPC exploit failed Kills visio stone dead - loads as a background process, but never appears. Or opens visio (once you kill the process, then has memory over-write problems This is after rebooting (twice) on Windows 2000 sp4 (server and workstation) So

[Full-Disclosure] modifying shadowchode exploit

I took a look at the output of the released Cisco exploit and added 2 lines to make it generate random payload. More could be done. Ben _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page

RE: [Full-Disclosure] Networking security problem?

i don't believe you are pedantic, but i have no idea if you're a headbanger. i think that windows is already archaic enough without turning their attempt at a multiuser operating system back into a single user one. - ben > -Original Message- > From: gregh [mailto:

RE: [Full-Disclosure] impending 0day

Title: RE: [Full-Disclosure] impending 0day Okay - I'll say it... "no *you* shut up" "make me" "I will, so" "you do my bruver will duff you up" "Well my bruver is bigger than your bruver, so he'll duff you up, and your bruver as well" "Well my dad will kick your bruver and you right into nex

RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm

Title: RE: [Full-Disclosure] [OFFTOPIC] Zone Alarm As I started this one - can I put a stop to it... What was it I read the other day, if you call someone a Nazi then officially that's the end of the thread... Okay I'm going to call me, [EMAIL PROTECTED], erstwhile postee in html, user of

RE: [Full-Disclosure] Zone Alarm

ailto:[EMAIL PROTECTED]] Sent: 04 June 2003 18:52 To: Ben Tyson-Norrman; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Zone Alarm I'm not sure why you'd expect derision for that question.  I'd be more likely to give it to you for using HTML email. :-) Zone Alarm is fine fo

[Full-Disclosure] Zone Alarm

Title: Zone Alarm I'm not sure I can ask this question without derision, but here goes... Zone Alarm, is it really as crap as everyone makes out or is the usual posturing by ill-informed...? Many thanks all Visit our web site @ www.twowaytv.com This e-mail and its attachments are in

[Full-Disclosure] FW: Nmap compliance with new RFC 3514

Title: FW: Nmap compliance with new RFC 3514 Even Fyodor is getting in on the act, better than the snorkeling dog -Original Message- From: Fyodor [mailto:[EMAIL PROTECTED]] Sent: 01 April 2003 06:50 To: [EMAIL PROTECTED] Subject: Nmap compliance with new RFC 3514 Hey everyone,

Re: [Full-Disclosure] Administrivia: Pressured to delete archive entry

>>> We have come under some pressure to delete part of the >>> information from the message disclosing the Kerberos 4 >>> vulnerability recently posted. >> Pressured by whom? >> It might be a good idea to move the archives to a server in a country that has >> different laws concerning full disclo

[Full-Disclosure] [ADVISORY] Timing Attack on OpenSSL

I expect a release to follow shortly. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff OpenSSL v0.9.7a and 0.9.6i vulnerability -

Re: [Full-Disclosure] CERT, Full Disclosure, and Security By Obscurity

anted to do when I was, errm, in dispute with them over timing of the release of the OpenSSL holes last year. I believe I mentioned it at the time. That's one reason I won't pre-notify CERT (or, indeed, anyone else [other than the vendor]) anymore. Cheers, Ben. -- http://www

Re: [Full-Disclosure] Path Parsing Errata in Apache HTTP Server

te their version number to an Apache advisory. I believe I've already sent my rant about this particular kind of brain death, so I'll leave it as an exercise for the reader. The short version is: very interesting, but that adds no information to the status of Apache 2.0.40. Cheers, Be

Re: [Full-Disclosure] zen-parse@gmx.de is not zen-parse@gmx.net

Florian Weimer wrote: > Ben Laurie <[EMAIL PROTECTED]> writes: > > >>Umm. Nope. Guess there is a difference between iDefense and CERT after >>all, then. > > > Are you sure? > > | Information Sharing Product and Service Descriptions > |

Re: [Full-Disclosure] zen-parse@gmx.de is not zen-parse@gmx.net

developers call the > iDefense approach "reasonable disclosure". Is it reasonable to > disclose critical information on new security vulnerabilities to > potential but paying blackhats *on* *the* *same* *day* *the* *vendors* > *are* *notified*? Umm. Nope. Guess there is

Re: [Full-Disclosure] iDEFENSE Security Advisory 10.02.2002: Net-SNMPDoS Vulnerability

Orlando wrote: > Evidently Ben isn't well aware of all the facts. It's ok Ben you're a busy > guy, I still think iDefense no excuse. Did I disagree? Cheers, Ben. > > > On Thursday 03 October 2002 04:32 pm, Isaak Bloodlore wrote: > >>Quoting Ben La

Re: [Full-Disclosure] iDEFENSE Security Advisory 10.02.2002: Net-SNMPDoS Vulnerability

ever or do they rely > solely on the research they purchase from the shameless monkies selling their > advisories, but I'm sure we all know the answer. > ( no offense to the shameless monkies ) heh ;) This is different from, say, CERT, how? Cheers, Ben. -- http://www.apache-ssl

Re: [Full-Disclosure] Organization for Internet Safety (OIS) formallyannounced

lt to adhere to in certain situations, such as dealing with the open source community where there aren't protections to keep vulnerability information secret." Yeah, right! Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to wha

Re: [Full-Disclosure] The last word on the Linux Slapper worm

support. What I am complaining about is doing it in such a way that both the user and (particularly) the original author of the software cannot tell that it has been done. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is

Re: [Full-Disclosure] The last word on the Linux Slapper worm

I know they bump some other number that if you know what you are doing will indicate whether you are vulnerable. Obviously its impossible for that information to get into the advisory. In short, I don't see what you expect us to do about this, except to try to get vendors to behave sensibl