Bill, Rory,
Looks like a typical spammer dictionary attack to me. I'm not sure
why Bill is getting a lot of these messages (perhaps Bill has a large
number of aliases, or the spammers are trying to avoid blacklists
or some other detection schemes).
On Sat, 28 Feb 2004 15:23:47 -0500 Bill Royds wr
Hi Nicola,
It's not a zip file, not an applet, but a plain EXE file. Seems
compressed somehow, no time to figure it out now. Dunno why Mozilla
runs this (I don't like it).
If something showed up in your status bar, you should definitely assume
your box was compromised.
Take care out there,
Erik
List,
On 10 Feb 2004 12:01:26 - Bartosz Kwitkowski wrote:
> To: BugTraq
> Subject: Re: HelpCtr - allow open any page or run
> Date: Feb 10 2004 12:01PM
> Author: Bartosz Kwitkowski
> Message-ID: <[EMAIL PROTECTED]>
> In-Reply-To: <20040207214926 28580 qmail www securityfocus com>
>
> It was
List,
I couldn't reproduce this on patched XP. Anyone?
If so, we'll need YA workaround :(
Erik
On 7 Feb 2004 21:49:26 - "Bartosz Kwitkowski" wrote:
> To: BugTraq
> Subject: HelpCtr - allow open any page or run
> Date: Feb 7 2004 9:49PM
> Author: Bartosz Kwitkowski
> Message-ID: <[EMAIL PROT
List,
I've observed a rapid increase in 3127/tcp scans from seemingly
random IP's. They're sequentially scanning our IP's, bottom-up.
These seem to match Kasperky's Doomjuice (published ~ 3 hours ago):
http://www.viruslist.com/eng/alert.html?id=930701
Details, incl. address generation algorithm:
Warning: if you dunno what L1-A means you may wanna press Del now
On Wed, 4 Feb 2004 14:47:55 -0500 "Exibar" wrote:
> Well, I wrote an infinate loop in Fortran (accidentally, really!),
> well guess what I did, I caused the first DoS.
Yeah, thanks to someone like you I'm in this silly business. A
On Wed, 28 Jan 2004 23:08:57 +0100 Thomas Zangl wrote:
> Am Wed, 28 Jan 2004 21:27:33 +0100, schrieb "Remko Lodder":
> >i want the ability host these stuff myself on my home ADSL
> >line.
> And this is the point. Most ISP (here in Austria) doesn't allow its end
> users to have public servers open.
On Wed, 28 Jan 2004 17:19:08 +0100 Thomas Zangl wrote:
>Erik van Straten wrote:
>>If major sites like Google, MSN etc. would query rapid DSL and dialup
>>blacklists, they could visually inform the visitor that their PC is
>>listed (+ inform them what to do, direct them to o
would invest
in those, INDEED we may be able to stop most of the viral and spam
lunacy.
Copyright (c) 2004 Erik van Straten
Delft University of Technology
The Netherlands
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full
The world could be a better place if more ISP's would query Spamcop or
cbl.abuseat.org (which includes the Spamhaus.org XBL). Also ISP's
could block egress 25/tcp for dialups/dsl's that are not supposed to
run their own MTA. SPF and RMX may help (but do have nuisances - we
may have to accept).
MyD
Hi April, list,
List: sorry for responding to this OT subject. Just want to prevent
someone from inventing stuff that breaks good things. Though I admit
the basic idea seems fine (as usual, the world isn't that simple).
On Tue, 27 Jan 2004 11:06:34 -0800 April Johnson wrote:
> How hard would it b
On Sun, 25 Jan 2004 12:49:48 + Patrick J Okui wrote:
> On Sat, 24 Jan 2004, Jonathan A. Zdziarski wrote:
> > I heard of a bet going between a student and IBM many many years ago to
> > write a virus to cause physical damage. Apparently the student was able
> > to use harmonic resonance and the
Thor,
On Tue, 20 Jan 2004 16:21:11 -0800 Thor Larholm wrote:
> These are not IE vulnerabilities.
Last night I was gazing at the bugraq post thinking wtf - is this
worth spending my time, and where do I start?
I personally consider you one of the experts on this matter; your
input is much appreci
On Mon, 19 Jan 2004 16:20:58 -0500 KF wrote:
> I am currious to know what you folks think the differences are between
> obtaining local SYSTEM on a win32 box and obtaining root on a Unix machine.
They are equivalent.
However, there are very many more ways to become SYSTEM on an average
W32 box,
Bill,
On Fri, 16 Jan 2004 23:29:12 -0500 Bill Royds wrote, among other thing:
> So we have to live with the Microsoft problem.
My situation is similar to yours, and I agree mostly with what you
wrote, except the sentence above.
We are users of their sofware, we are *paying* customers and we dem
In [4], On Fri, 16 Jan 2004 09:33:29 -0600 Paul Schmehl wrote:
> The previous poster complains that PFWs fool people into thinking
> that they are more secure. Several other posters have cited the
> fact that most *nixes now come with "the firewall enabled", which
> obviously means they think that
On Thu, 15 Jan 2004 22:38:49 -0600 Paul Schmehl wrote:
> --On Friday, January 16, 2004 4:14 AM +0100 Erik van Straten
> <[EMAIL PROTECTED]> wrote:
[snip]
> > Nope. It translates to not needing simple PFW's -for ingress traffic-
> > if there are no listening ports. Fl
Admin accounts unattractive for day
to day use (just for SW installs/updates) and improve security. Then
we'll talk firewalls, because they DO serve a purpose. Also I'd
appreciate it if people would read what's being written, and not get
upset that quickly. This is FD.
Cheers,
Erik van Straten
Sysadmin
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]>:
> We hereby reject this utter horseshit unreservedly.
Agreed - when it's intended to "protect" aunt Annie's Xmas present.
It just makes NO SENSE to have PC's listening on lots of ports, by
default on any interface, and then add a PFW to prevent anyone fro
On Thu, 1 Jan 2004 22:41:35 - "[EMAIL PROTECTED]" wrote:
[snip]
> Fully self-contained harmless *.exe:
>
> http://www.malware.com/exe-cute-html.zip
[snip]
This doesn't look like self-executing HTML - anyway.
[Disabling Mshta.exe]
Microsoft is _WRONG_ to have HTA interpreted by default, an
On Fri, 19 Dec 2003 14:35:43 + petard wrote:
[snip]
> Summary: Not only is there a stupid, possibly exploitable, buffer
> overflow here, but the place I'm seeing it is in a section of the code
> whose main purpose appears to be submitting information about what you
> browse back to the code's a
Hi all,
On Wed, 10 Dec 2003 13:01:42 -0500 Valdis Kletnieks wrote:
> Most reasonable software will put in an outline-box or "\NNN", or
> other similar indication a glyph is not displayable in the charset
> in use, and then *continue trying* to render the rest of the
> string.
I disagree that soft
22 matches
Mail list logo