On Wed, February 23, 2005 1:08 pm, KF (lists) said:
Recently I have noticed that after shutting down my machine or rebooting
my X-windows will briefly flash an image of whatever I was doing when I
rebooted the machine or logged out.
As an example if I was browsing porn at night in mozilla
On Mon, January 10, 2005 10:53 pm, GuidoZ said:
Hiding behind an anonymous Yahoo email address is pretty weak too. If you
*really* need to express yourself so badly, at least reveal your identity.
Anonymous?
Received: from [61.131.63.62] by web61208.mail.yahoo.com via HTTP;
Mon, 10 Jan
[EMAIL PROTECTED] wrote:
Interesting tool to downsize rights when logged on as Administrator
(Link may wrap)
http://msdn.microsoft.com/security/securecode/columns/default.aspx?p
ull=/library/en-us/dncode/html/secure11152004.asp
My favourite part is the sample directory used by Microsoft:
On Fri, November 19, 2004 9:40 am, Danny said:
2) A considerable amount of script kiddies originate and grow through
IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated
through IRC?
5) The anonymity of the whole thing helps to
On Mon, November 15, 2004 11:25 am, joe said:
Everytime a Firefox exploit comes out..there is already a fix...
is that magic? No..it is good coding...
Having a quick fix out is due to low complexity of issue and assisted by a
lack of dependencies so you have reduced time for patching and
On Fri, November 12, 2004 9:44 am, n3td3v said:
I'm just wondering why the multi billion, mutli nation corporation of
Microsoft hasn't released a patch yet.
Isn't it obvious? They make no money by patching IE for Win2K. But they do
make money if you go out and buy WinXP and apply SP2. So they
On Wed, November 10, 2004 4:10 pm, Stuart Fox \(DSL AK\) said:
Why not just work with the mozilla team and apply the changes
to the source tree? It's not like he's adding features and
the team didn't want them because they would add to bloat.
[...]
Because it doesn't look like he's actually
On Wed, November 10, 2004 10:58 am, dk said:
Aside from all the (TM) issues with Mozilla I was wondering if anyone
has scrutinized these builds from Moox?
http://www.moox.ws/tech/mozilla/
I wonder why somebody would branch just to do performance improvements?
Why not just work with the
On Thursday, October 14, 2004 3:13 PM, Deigo Dude wrote:
ftp://ftp.hq.nasa.gov/pub/nickname/
The list contains the full name, email, phone, fax, position,
building, room, and employer. When will they learn.
OMG OMG OMG!! I just opened up the phone book and it lists the names,
addresses,
On Sat, October 16, 2004 5:25 pm, Tim said:
The reason for my post was to point out that Mr. Hensing doesn't appear
to be a reliable source of information on the topic of passwords and
hash security.
I think that much became apparent when Mr. Hensing took sarcastic shots at
Linux security
On Tue, October 12, 2004 4:27 pm, d31337 said:
I should have been more specific to eliminate confusion for those who
consider IE part of the OS.
Like, for example, Microsoft.
-Eric
--
arctic bears - email and dns services
http://www.arcticbears.com
On Wed, October 6, 2004 8:18 pm, Bankim J. Tejani said:
1) How can you prove what the setting was before? It's one thing for
you to know what it was, but another to prove it in a court of law.
Otherwise it's your word versus theirs.
This is easy because the (perhaps soon to be) illegal action
On Thu, August 12, 2004 6:12 pm, Nick Eoannidis said:
ok, i dont know what you guys have done when installing xpsp2
but their is nothing wrong with it!
i have gone through rc1 and rc2 - sure rc2 wasnt stable but its a beta its
not supposed to be!
i have installed xpsp2 on all my machines -
On Wed, August 11, 2004 1:00 am, Hugo Vazquez Carapez said:
The main website of the FEDORA linux distro (www.fedora.org) was
compromised and defaced yesterday by Infohacking (www.infohacking.com).
Uh, yeah. Missed the target by about 500 miles. gg script kiddies. :roll:
-Eric
On Tue, August 10, 2004 11:00 am, Fetch, Brandon said:
Just visited a well known site (Wired.com) and had a nice little piece of
code cause the page that I was reading to go blank - DNS error page.
Here's the offending code (parentheses instead of slashes to not cause AV
scanning issues) and
On Mon, August 9, 2004 12:03 pm, Jonathan Grotegut said:
(In regards to new_price.zip file attachment)
Anyone have any idea what this is, we had some clients just get pretty
hard with this email. I am unable to find anything on it, from my VERY
Limited knowledge it appears to be a virus
On Tue, July 27, 2004 9:48 pm, ALD, [ Aditya Lalit Deshmukh ] said:
i would like to know from all ie auditing folks if there is a simple way
to understand in which zone a scripts
(vbscript,jscript,hta) are executed.
depends from where they were loaded ! if loaded from a website then they
On Tue, July 20, 2004 8:30 am, nocturnal said:
A co-worker has a small penetration testing challenge for all. There is
even 1000SEK in it for the winner. Have fun and good luck!
http://hackertrap.ivan.nu
Seems to be offline. Was it already hacked?
-Eric
--
arctic bears - email and dns
On Tue, July 20, 2004 9:56 am, VX Dude said:
and wtf is an SEK and can I buy a cup of coffee with
that?
The prize is worth about USD135.
-Eric
--
arctic bears - email and dns services
http://www.arcticbears.com
___
Full-Disclosure - We believe in
On Tue, July 20, 2004 4:17 pm, [EMAIL PROTECTED] said:
This is a blatant lie from Matai and mi2g, nothing more.
Or maybe it's also a hoax?
-Eric
--
arctic bears - email and dns services
http://www.arcticbears.com
___
Full-Disclosure - We believe in
On Mon, July 19, 2004 4:46 am, nicolas vigier said:
The real solution is to use a browser with no known vulnerability (and
that's better if it didn't have a lot in the past), not to try to hide
what you are using.
That's not always possible. Sometimes, changing the browser is a project
that
On Mon, July 19, 2004 4:31 pm, Tim said:
IMHO, there are few companies that support their
software better than the average open source project does, provided your
admins get involved (as they should with any software).
I'm sure that any technical person will agree with you. But just try
On Sat, July 17, 2004 4:25 pm, {tonyFelice} said:
The question is: what type of info are you trying to conceal, as the
user-agent contains very little _sensitive_ info.
These days, simply the fact that you are using IE is something most people
probably don't want others to know. Also, things
On Mon, July 12, 2004 9:25 pm, Sapheriel said:
what baffles me is how easily this problem could be countered. a simple
check of bfsize versus filesize(-header and such) would suffice.
Most vulnerabilities can be countered with something very simple like a
size check, yet developers don't do it.
On Sat, July 10, 2004 7:00 pm, Nick FitzGerald said:
You need look no further back than the
kerfuffle a couple of months ago over the removal of IE's patently
incorrect support for user:pwd@ userid data in http URIs for an
example, but there are many other, earlier examples.
I'm a little
On Fri, July 9, 2004 7:43 am, [EMAIL PROTECTED] said:
There are lots of little .tmp files generated and accessible
remotely to be had, Adobe *.pdf's and a vast array of Microsoft
Office 2003 crud to name just two. Many others which have been
identified and discussed in the past as well.
I
the email to is invaluable, and
I knew that posting on FD would find somebody who could get the disclosure
into the right hands.
-Eric
On Wed, July 7, 2004 3:26 pm, Eric Paynter said:
I. SUMMARY
The Chapters/Indigo website (http://www.chapters.indigo.ca/) is vulnerable
to user name guessing
On Fri, July 9, 2004 5:40 pm, Nick FitzGerald said:
Somewhat oddly
(perhaps -- this is Windows after all...) simply trying to invoke them
from a shell commandline results in an Access is denied error (Win2K
SP4 -- YMMV) yet using a command of the form:
script_interpreter script_filename
On Wed, July 7, 2004 6:05 pm, Jelmer said:
Ancient news
It may be ancient, but it still works. And when it was originally
reported, phishing wasn't in vogue. Perhaps re-disclosing it will get it
some attention.
-Eric
--
arctic bears - affordable email and name services @yourdomain.com
On Thu, July 8, 2004 4:51 am, Sapheriel said:
well, i read about a hacker scenario once that utilizes IE vulnerabilities
by exploiting the interests of employees. basically, you lure an employee
to a website you prepared that exploits some bug in IE to install a trojan
on that pc, thus
On Thu, July 8, 2004 8:07 am, Sapheriel said:
i didn't know IE also displays e-mails and power point files.
It doesn't. But the IE rendering engine (read: dlls) are used by most MS
programs to render HTML, which can be embedded into almost any document
type. Pretty much any IE exploit will work
On Thu, July 8, 2004 11:09 am, Larry Seltzer said:
Outlook and Outlook Express use IE to display HTML mails, which make
some of the IE bugs exploitable (I don't know if it's the case for this
one).
In general this isn't true for any remotely recent copy of either program.
Both run HTML mail
On Thu, July 8, 2004 2:17 pm, joe said:
http://www.kb.cert.org/vuls/id/713878
The link above is the advisory that theregister is talking about. I know
it is unusual for theregister but they seemed to have missed a hefty part
of the whole advisory when reporting it.
Yes, we've all seen it.
On Thu, July 8, 2004 2:29 pm, joe said:
I'm trying to understand if your issue you are implying sarcastically in
your last statement is with pulling similar functionality out of single
programs and putting it into DLLs or that MS offers products to do many
different things or that you can
I. SUMMARY
The Chapters/Indigo website (http://www.chapters.indigo.ca/) is vulnerable
to user name guessing at the login screen and personal information leaks
(name and address) in the Wish List function.
II. BACKGROUND
Chapters/Indigo is the largest book vendor in Canada, having over C$800M
On Tue, July 6, 2004 9:38 am, Barry Fitzgerald said:
Frank Knobbe wrote:
Heh... I just noticed (by chance) that there is an option in |Control
Panel - Add/Remove Programs - Windows Components| to remove Internet
Explorer (which supposedly Adds or removes access to Internet Explorer
from the Start
On Thu, July 1, 2004 8:01 am, Denis Dimick said:
As oon as someone gets CoD running under Linux, I'll go back to a single
boot system.
RTCW and W:ET both run natively on Linux. So do all the UT2004 games...
something to think about ;)
-Eric
___
On Tue, June 29, 2004 7:23 am, [EMAIL PROTECTED] said:
Here's a quick and dirty demo injecting malware.com into
windowsupdate.microsoft.com :)
http://www.malware.com/targutted.html
Does nothing with Mozilla 1.6. What am I missing? ;-)
-Eric
--
arctic bears - affordable email and name
On Tue, June 29, 2004 11:59 am, James Patterson Wicks said:
CheckPoint's interface is very intuitive and easy to use.
Easy to use in a Microsoft kind of way. Last I heard, it does nice
things for you like always allow DNS traffic through, even if you have no
port 53 rule and a deny all policy.
On Tue, June 29, 2004 2:34 pm, John Kinsella said:
On Tue, Jun 29, 2004 at 01:46:30PM -0700, Eric Paynter wrote:
On Tue, June 29, 2004 11:59 am, James Patterson Wicks said:
CheckPoint's interface is very intuitive and easy to use.
Easy to use in a Microsoft kind of way. Last I heard, it does
On Tue, June 29, 2004 4:57 pm, Gary E. Miller said:
I agree, except for one small problem. Don't you still have to delete
ALL the filter rules, and reenter them ALL to change the order of the
rules?
I don't administer the PIX boxes, so I don't know the details of the
interface. My statements
On Fri, June 25, 2004 8:58 am, Nick FitzGerald said:
That's odd -- I had the file scanned with 22 different virus scanners
and only three (NAV, Panda and ClamAV) missed detecting it as AntiQFX
or something very similar...
ClamAV is now detecting it as well. They must have updated their sigs
On Fri, June 25, 2004 12:35 pm, Michael Schaefer said:
Are there any known security risks?
It's made by Microsoft. Isn't that a significant security risk?
-Eric
___
Full-Disclosure - We believe in it.
Charter:
On Thu, June 24, 2004 11:22 am, VX Dude said:
Good point, personally I wouldn't think that making a
small wrapper would take that long, but then again I
havent done it, and I havent done it under stress and
a time crunch. I code for fun and not profit which is
pretty stress free.
Isn't the
On Mon, June 21, 2004 1:49 pm, joe said:
You realize of course this is silly? You start off with saying that the
majority needs to realize that they shouldn't be using MS because they are
bad and that they hold majority because they are criminals and do bad
things and that people should go buy
On Mon, June 21, 2004 8:09 pm, [EMAIL PROTECTED] said:
The corollary, of course, is that I.T will become more expensive because
people will have to bite the bullet and get people with more than one
skillset, or more people.
A common UI (e.g. POSIX or GNU) solves this... Diversity of systems,
On Mon, June 21, 2004 8:43 am, joe said:
Last time I heard, IE was the most popular browser with something like
70%+ of the browsing done with IE. As for browsing OSes I think I recall
hearing that XP was over 50% of the machines and that Windows machines as
a whole accounts for over 90%.
All
On Mon, June 21, 2004 12:07 pm, joe said:
For the first one, what do you propose as an answer? Obviously going to a
bunch of separate text files you have to configure gets away from that
single point of failure of a single registry but adds all sorts of
management issues and having to chase
On Mon, June 21, 2004 6:14 pm, Stuart Fox (DSL AK) said:
You've got some valid points but there is one thing that you've overlooked
- auditing.
[...]
Having said that, I've never actually met anyone who uses the registry
auditing, but I'm sure they're out there.
I actually knew a group who
On Mon, June 21, 2004 3:55 pm, joe said:
I have written several registry editor type apps for customers, it is
simply another API. For me writing a text editor is the same as writing a
registry editor, in fact, the classes I put together treat them both very
similarly from code use
On Fri, June 18, 2004 1:34 am, Aditya, ALD [ Aditya Lalit Deshmukh ] said:
how does then one deal with other compression formats
like ace, rar, lha, arj etc etc ?
Why not exactly the same as zip?
-Eric
--
arctic bears - affordable email and name services @yourdomain.com
On Fri, June 18, 2004 8:05 am, Robert Guess said:
After reading the M$ AV thread I have to give my $2 (inflation)...
Yes, Microsoft is improving... but I like to explain it as follows:
If a criminal goes from committing murder to robbing 7-11's does it
mean that they are a good person? After
On Fri, June 18, 2004 2:05 pm, [EMAIL PROTECTED] said:
Proposed expansion of copyright law could regulate new technologies out of
existance.
They're trying to make it legally risky to introduce technologies that
could be used for copyright infringement, said Jessica Litman, a
professor at
On Thu, June 17, 2004 2:45 am, Chris Cappuccio said:
The fact that Microsoft has the monopoly reflects social and economic
values, not technical ones.
I'm not sure if values is the right word. They got there by signing an
exclusive deal with IBM back when IBM made the only serious business
On Thu, June 17, 2004 8:51 am, DAN MORRILL said:
Does it really matter who is in the anti-virus market? If Microsoft goes
that way, and they have the best knowledge of what they created...
(puts on tinfoil hat)
From a paranoid point of view, best knowledge of what they created is a
little
The sad part about this entire topic is the futility of attempting to copy
protect in the first place. So they install some software and Mac and
Win... then some Linux kiddie rips the CD and puts it on P2P and it's out
now for the whole world. All it takes is one person to break it and it's
all
On Mon, June 14, 2004 3:30 pm, Curt Purdy said:
You think infosec.volubis.com was dissing us?
[...]
Quote:
has been posted onto a dull disclosure mailing list.
f and d are right next to each other on a querty keyboard. Perhaps it was
just a typo. :-?
-Eric
--
arctic bears - affordable email
On Sun, Jun 13, 2004 at 03:30:17AM -0700, bipin gautam wrote:
I wounder how many Antivirus/Trojan/Spyware scanners
will choak to death while having a manual scan of the
file:
http://www.geocities.com/visitbipin/SERVER_dwn.zip
I was woundering, what would be the results if such
file gets
58 matches
Mail list logo
