To those who went to http://www.miscmag.com/csw05-fd.php URL and got a
404, it's now online...
Sorry for inconvenience...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me
For those who may be interested...
(Details in French Below)
Win a trip to attend CanSecWest/core05.
Get published in MISC Magazine.
Contest Details:
You just have to write an original article (3500-4000 words) for
publication in MISC Magazine on any topic related to computer
sec
Le samedi 04 décembre 2004 à 03:09 -0500, question question a écrit :
> Lets say I have a Linksys (or whichever brand you like) wireless
> router with a wireless host using 128 bit WEP encryption, and a wired
> host connected to the same device. Obviously it is possible for the
> wired box to do v
Le lundi 29 novembre 2004 à 14:23 +0100, Vincent Archer a écrit :
> If you looked carefully at the background, you could see "defaced by
> realhack" written as a shadow, partially covered by some parts of the
> hacked text.
Not forgetting this :
http://www.newsforge.com/blob.pl?id=5c8a047f9da401e
Le lundi 29 novembre 2004 à 12:03 -0500, Jason Coombs a écrit :
> Think not?
> Then how do you explain the dramatic increase in the market value of SCOX?
Speaking of market value, just read the fact. SCOX auction value is
growing since thursday and had its peak today just before 12 (GMT+1),
before
Le lundi 29 novembre 2004 à 14:58 +0200, Rossen Naydenov a écrit :
> I just noticed the banner on www.sco.com
> If you don't saw it( because it is removed) this is what they say:
> We own all your code
> pay us all your money
> Or is it some commercial trick?
The "Hacked by " the girl in backgroun
Le samedi 06 novembre 2004 à 21:35 +0100, NetExpress a écrit :
> Because of this, If I have a gateway, with IP IPA, and set a
> desktop/server on the lan with the same ip IPA, when it start it will
> be the new gateway for the all network.
For this to work, you must assume gateway ARP entry (MAC/I
Le vendredi 03 septembre 2004 à 05:27 -0400, digitalchaos a écrit :
> Why are there virus being transmitted through this newsgroup??
Because some worm are gathering email address within addressbook, emails
or HTML contents, thoses can contain Full Disclosure email address.
--
http://www.netexit
Le vendredi 22 octobre 2004 à 13:46 -0400, Mike Tancsa a écrit :
> This is only as strong as your passphrase. Using something like GPG has
> other advantages since the private key can be kept in a separate location
> from the encrypted file.
GnuPG can be used for symetrical ciphering only. Exce
Le lun 18/10/2004 à 17:12, james edwards a écrit :
> > I don't see the reason why it would cause a problem, as firewall is able
> > to spot ICMP related to server's IP connections as well...
> New connections to the server must be implecitally allowed, as there
> is no established state to refer to
Le lun 18/10/2004 à 00:35, James Edwards a écrit :
> That is great till you want to run a server behind that firewall.
I don't see the reason why it would cause a problem, as firewall is able
to spot ICMP related to server's IP connections as well...
> The bigger picture, to me, is you gain littl
Le dim 17/10/2004 à 22:21, James Edwards a écrit :
> So, blocking ***all*** ICMP ***types*** is bad but you can block some
> ***types*** without getting into trouble. Till you understand that all
> the types do in relation to networking I would leave the alone.
Nowadays, using a decent stateful fi
Le mar 12/10/2004 à 13:48, evilninja a écrit :
> > arj != unarj! debian is stubido dist nd it pakage ''arj'' as ''unarj''!
> um, actually i had to install a package called "unarj", obviously it's
> from the same source package. i wonder why this is the case at all. when i
> have "gzip", i don't _in
Le ven 08/10/2004 à 20:09, Harry Hoffman a écrit :
> Umm, should the "Paladin of Security" have weak locks? ;-)
His Holy Cyber-Blade of Justice should prevent them all through its 100
feet radius area of evil protection...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA622
Le jeu 24/06/2004 à 16:14, Michael Young a écrit :
> The worm clearly exploits the LSASS overflow and is not spreading through
> the FTP dameon left by Sasser.
Oups... My mistake... I messed with Korgo and Dabber...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA
Le jeu 24/06/2004 Ã 14:57, Michael Young a Ãcrit :
> Yesterday a large client of ours was taken down by what appears to be
> a Korgo variant, but I have been unable to locate any information on
> this worm. From what we have discovered, the main process is
> âVDisp.exeâ. It is spreading through u
Le jeu 03/06/2004 à 11:18, sudharsha a écrit :
> Does any one know a vulnarability in Watch guard?
http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
It applied to watchguard boxes, but is patched, and firewalls should now
be shipped with non vulnerable firmwares.
--
http://
Le sam 29/05/2004 à 22:47, Dave King a écrit :
> You might try nessus (http://www.nessus.org) and turn on all the
> dangerous plugins and turn safe checks off. It also has some detection
> evasion stuff. Good luck.
One can also try IDS testing stuff such as Snot or IDSWakeUp, that can
generate
Le jeu 13/05/2004 à 18:17, Aaron Gee-Clough a écrit :
> Duquette, John wrote:
> > Why not punish all the admins/users who failed to patch their systems in
> > time as well.
> Because they didn't break the law. It's really that simple.
In France, there's a law that says you have to furnish avai
Le jeu 29/04/2004 à 21:07, IHC team a écrit :
> We are pleased to teach you new things !
People would be far more pleased if you could teach us things using
plain text (or, at least, correctly formatted email), as recommanded by
list charter.
Thx anyway for the doc...
--
http://www.netexit.com/
Le jeu 29/04/2004 à 15:34, System Administrator a écrit :
> One of our external systems (W2k, fully patched all components -
> sp4, sql sp4, mdac sp3, post hotfixes, etc) is being hit by what
> appears to be a buffer overflow of IIS : 4096 bytes cycling in
> what appears to be an attempt to exec
Le ven 16/04/2004 à 15:14, Davide Del Vecchio a écrit :
> Anyone has a good explaination for this ?
> Windows XP Professional SP1
[...]
> C:\>ping 010.10.10.10
> Esecuzione di Ping 010.10.10.10 [8.10.10.10] con 32 byte di dati:
Leading 0 means octal notation for numbers.
> Obviously if you tr
Le sam 03/04/2004 à 18:32, morning_wood a écrit :
> > Is it possible to erase data on a hard disk drive
> >with a powerful magnet, but then be able to use the drive and the PC again?
> yes
Afaik, for degauss erase drive structure, you can't use it unless you
have a powerful low level format tool
Le mar 23/03/2004 à 23:15, Sam Sharpe a écrit :
> I figured I needed a new watch, so i might as well get one that was
> useful. I realise that this doesn't provide the security of a
> smartcard, however a USB flash key is a damn sight cheaper. (except
> when it's built into a watch)
Just to justif
Le dim 21/03/2004 à 02:41, Max Valdez a écrit :
> > Keylogger ?
> Intelligent enoght to know wish keystrokes are passphrase ??
Good point, if we consider the worm to be autonomous.
But a worm may be a wonderful information gathering tool for someone
that is able to extract strings that could be
Le dim 21/03/2004 à 02:04, Jim Richardson a écrit :
> >Keylogger ?
> Installed how?
With the worm...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature fil
Le dim 21/03/2004 à 00:33, Jim Richardson a écrit :
> I would be interested to see how it would accomplish that.
Keylogger ?
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy
Le sam 20/03/2004 à 21:15, Christian a écrit :
> someone has set up a 2nd Apache on :443 (!SSL), and created /citi to
> phish credit card numbers??
It seems so.
By the way, it seems quite reasonnable for a phisher to use a
compromised server to host its bait if he has one within reach.
--
http:
Le jeu 11/03/2004 à 21:38, VeNoMouS a écrit :
> any one know if theres a new exploit for apache 1.3.29 in the wild one
> of my mates boxes was breached this morning by ir4dex appears they
> gained axx via apache then got root via mmap()
Have you checked PHP and CGI stuff to see if there was a way
Le lun 01/03/2004 à 11:13, David Hajek a écrit :
> Its a minute job to take out hdd from any laptop even it is protected
> with GPS device. If we're talking about loss of information due to
> laptop thefts and we want to prevent it we have
> to assure that data on the disk are encrypted.
An interm
Le dim 29/02/2004 Ã 17:57, Martin MaÄok a Ãcrit :
> You are true that PGP is a stronger protection from this point of view
> but keep in mind that neither SSL nor PGP can protect us in the case
> of the compromised end point -- the server or developper's workstation
> in the case of SSL/TLS and the
Le sam 28/02/2004 Ã 23:33, Martin MaÄok a Ãcrit :
> Yes, that was my point. The main issue here is authentication and
> integrity -- you can achieve both with proper use of either SSL or
> PGP.
Good point. SSL can provide a proper identification for download site.
However, this is not sufficient a
Le sam 28/02/2004 Ã 10:31, Martin MaÄok a Ãcrit :
> > % apt-get update && apt-get upgrade
> > % apt-get install apache-ssl
> Will it transfer the data in a secure way? (SSL?)
What's the point securing publicly available data transfer with SSL ?
The only thing that is important regarding to securit
Le mer 25/02/2004 à 23:54, cdowns a écrit :
> I do the ssh bypass everyday at work ;) works absolutely perfect hehehe.
> ssh -C -L 8080:anon.proxyserver.com:3128 [EMAIL PROTECTED]
> export -p http_proxy=http://127.0.0.1:8080 ; lynx www.google.com
If you're stuck to an HTTP/HTTPS proxy, you can use
Le mer 14/01/2004 à 06:46, Jimi Thompson a écrit :
> Apparently the "backdoor" was a whopping 2 lines of code.
If I remember well, it was a 2 characters inversion...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly
Le mer 10/12/2003 à 09:51, VeNoMouS a écrit :
> and as for the why the %01 works, i can only assume as %01 is a non
> printable character IE stops it there, its the same as if u would use %02
> and so on, or are you that moronic you dont understand character sets?
I think I can only thank my moron
Le lun 01/12/2003 à 23:58, Florian Weimer a écrit :
> Does this mean that the vendor-sec concept has failed, or that there is
> a leak on that list? Or is this just an issue which is very specific to
> Linux and its maintainer situation?
This just means that vendors are using network and systems
Le dim 02/11/2003 à 14:17, William Warren a écrit :
> > I believe every worm listed below could have been prevented had everyone
> > patched their systems.
> the blaster worm preceded the patch so this argument is DOA
Wrong. Patch was available when Blaster went on.
Patch has been released mid-ju
Le sam 01/11/2003 à 00:50, Beaty, Bryan a écrit :
> I believe every worm listed below could have been prevented had everyone
> patched their systems.
I would say it is even worse than that. If CodeRed and Nimda rely on
vulnerabilities on open services (i.e. HTTP), Slammer and Blaster rely
on vuln
Le sam 27/09/2003 à 22:49, Jonathan A. Zdziarski a écrit :
> There were just s many features from 95 to 98 to ME.
> None of these constituted a new product.
Nor any security enhancement, by the way...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA24000
Le mar 23/09/2003 à 10:01, Philippe Bogaerts a écrit :
> I totally agree. An IDS for auditing firewall or other policies can be
> usefull, if properly configured.
Agree.
In conjunction with a conventional audit or open pentest, a well
configured IDS framework can point where security policy is br
Le mer 23/07/2003 à 19:43, [EMAIL PROTECTED] a écrit :
> So... has anyone been able to verify that the problem occurs when the TTL
> expires without the packet being addressed to the router? Or is it a
> requirement that the evil packet be addressed to the router?
I checked this and it appears pa
Le jeu 05/06/2003 à 11:09, Lars Duesing a écrit :
> ZoneAlarm has in my eyes a very interesting feature. As it runs on the
> clients' system it can distinguish which (local) application is allowed
> to send data to the net. In days of gator et al a very nice feature.
This is to me the interest of
Le mer 04/06/2003 à 19:20, morning_wood a écrit :
> buy a $40 hardware router. Software firewalls are not a security
> solution IMHO.
They're part of whole security process. One have to be aware of such
tools limits and ways to circomvent them.
Btw, hardware router runs software... Do you mean de
Le mar 01/04/2003 à 17:44, Ron DuFresne a écrit :
> From: Mikael Olsson <[EMAIL PROTECTED]>
> Subject: [fw-wiz] Clavister Proudly Announces RFC3514 Compliance
> Organization: Clavister AB
> Date: Tue, 01 Apr 2003 13:23:30 +0200
> To: fw-wiz <[EMAIL PROTECTED]>
>
>
> An innovative security initiat
45 matches
Mail list logo
