't
> register. Does anyone have any info on this?
What kind of info are you looking for? How to resolve
this issue, by cleaning your machines? Or are you
looking for info on the site?
=
------
Harlan Carvey, CISSP
"Windows Forensics and Incident R
the AV
vendors need a lawyer...based on what?
How about doing a better job of troubleshooting the
issue? How long have malware authors been changing
the names of files? However, long it's been, those
admining the machines don't seem to be catching on...
=
-----
s, you still have issues of...is the
"victim" capable of determining/demonstrating when a
crime has occurred?
=
----------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/wi
thinking about it,
you should also do in the online world.
=
--
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
"Meddle not in the affairs of dragons, for
you a
rception...a perception that needs to
change. Only after that perception changes will we
see better, more secure software, etc.
=
------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yah
BHOs...
Sorry, wish I could help more, but I'd need more info...
=
--
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
"Meddle not in the affairs of dragons, fo
un...that thing you did the other
night was funnier than "America's Funniest Home
Videos" and "COPs" put together.
> Thank you very much indeed for your help.. and sorry
> for my really bad english.
It isn't your English that's the problem, dude...it'
ices you're targetting.
=
--------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
ht
w they
> can obtain hostnames asnd create a huge database for
> potencial host victims?
Besides the usual scanning techniques, throw Googling
and searches via Netcraft for httpd's into the mix.
=
--------
Harlan
> Consultant / ISH Tecnologia
>
>
>
> Phone: +55-27-3334-8900
>
> Mobile: +55-27-8111-0884
>
> Email: [EMAIL PROTECTED]
>
> PGP Fingerprint:
>6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43
> 95F5
>
>
>
=
---
> Some of them can (almost) hide from everything
> because of the way they integrate.
Not everything...check out my book.
> Even hashes
> won't work for program execution detection very
> well.
I'm not entirely clear on how a hash of a file
pertains to detecting the execution of a program...c
Ryan,
> I've been finding a few compromised Windows systems
> on our campus that
> have a random port open with a banner of "220
> StnyFtpd 0wns j0". All the
> systems seem to be doing SYN scans on port 445 and
> LSASS buffer overflow
> attempts. Anyone know what worm/bot is doing this?
> I
> Windows is likely the most susceptible to such an
> attack due to the
> limited amount of people that fully understand the
> kernel and "flow
> chart" of processes. (Or those that don't put 2 and
> 2 together, like myself.)
I realize that this is purely speculation on your
part, but I'd be care
> The thing that has me worried about this (at least
> enough to justify the
> posts) is that this seems to be an avenue for growth
> in kits.
That's exactly what it is.
On a slightly tangential note, while many people I
know of in the security community bash Microsoft, I've
more often been
> It depends on which kit they based it on. My guess
> is these guys weren't
> good enough to do the coding themselves so they
> stole someone else's code.
That, or they're learning (rootkit coding training via
Blackhat), or they're simply purchasing it (there are
folks who do custom rootkit codi
> Nothing new about rootkits. They aren't big news
> because they are old news.
> Although depressing this is defiantly possible.
Old news, yes...but to some, not everyone. Taking
users (home, corporate, academic, etc.) out of it,
sysadmins and LEOs are still way behind when it comes
to understa
> I removed it, but it seems that something else is
> amiss,
> I still see lots of traffic from explorer.exe on the
> 1472 port.
Have you captured any of this traffic?
> The traffic is indeed coming from a system I have
> control of,
> I still have no dumps though. I can see nothing
> worrying
Giuseppe,
> from a home computer I'm seeing lots of traffic
> generated from
> explorer on port 1472 towards the microsoft-ds port,
> typically
> on IP addresses starting with 35.xx.xx.xx
This isn't clear...is it coming from a system you have
control of? I'm going to assume that this is the
case
The myopic and narrow-minded view of respondants in
this forum never ceases to amaze me. More often than
not, it's clear that the person responding is more
interested in disproving statements made by others,
rather than attempting to understand those statements.
So, ktabic, you want to know "how
> The trend of Anti_Virus companies buying out
> security services companies has seriously caught my
> atttention[sic].
Why does this seem to have suddenly caught your
attention? This has been going on for a while.
> Will Symantec keep LophtCrack listed as a
> virus/trojan?
Why are you asking t
> > Does it not strike anyone that there is a
> disturbing trend in
> > malicious hackers (yes, yes, I know, they are not
> hackers if
> > they are malicious, so call em whatever you want)
> getting
> > hired to security firms,
Regardless of the reason for hiring these individuals,
this fact s
> Todd...what on earth makes you think they did not?
> This is not new behavior...at all.
Exactly. If you don't really believe that the movie
"Catch me if you can" was based on a true story, check
out this site:
http://www.abagnale.com/index2.asp
__
> Network security -> application security -> software
> security ->
>
> What do u guys think??
This sort of view is too granular...they are all part
of information security. The strongest network
security fails in the face of poor physical security.
__
> I received this file through email (Yahoo) nothing
> was detected from Yahoo
> or NAV 2003. According to my understanding this is
> some kind of worm or
> irc-bot. I found this file making connections on
> port 6667 6660 and opening
> major important ports on the infected PC.
>
> Any one has
> > I found an explorer.exe in my system32 folder
> which I believe take
> > precedence over the real explorer.exe located in
> c:\windows.
The fact that there's a copy of this Explorer.exe in
System32 may be an issue.
Was there an application running? Was there a
Registry entry related to thi
> When I first posted, I didnt have the EXE. When I
> did receive a copy of the file, I was told I cannot
> sent it outside of the network.
>
> Besides, Ive been on this list long enough to know
> that questions like mine are asked from time to
> time.
If that's really the case, you should h
> Recently discovered a trojan(? - possibly a virus)
> called msrtwd.exe.
> It's listed in the Registry as "Microsoft Update
> Loader"
>
> Does anyone know anything about this? Google
> doesnt offer much.
Where in the Registry did you find it? Which key(s)?
What about this makes you think it
> > You're right, but what does that have to do with
> an
> > RS-232 serial cable?
>
> What did you hook your modem to the computer with?
Phone cord with an RJ-ll connector. Even back when I
did own a 300baud modem, installed in an Epson QX-10,
it was phone cable...not RS-232.
__
> > The same reason there are so many Windows
> viruses... 90 something % of
> > the people online are using Windows, that's thats
> what the viruses are
> > after. Back in the day when serial connections
> were the only means of
> > communication possible, viruses weren't very
> possible
>
> Act
If you don't have access to the source machine, then
maybe take a look here...
http://www.pestpatrol.com/pestinfo/t/trojandownloader_win32_delf.asp
...or maybe here...
http://www.pestpatrol.com/pestinfo/w/worm_p2p_surnova.asp
without more info (rest of packet, openports output,
etc)...
--- Sumee
Hey, folks,
More on (no pun intended...well, maybe...) the
":Zone.Identifier" issue in XP SP 2. I originally saw
this here:
http://www.heise.de/security/artikel/print/50051
Other Google hits refer back to this article.
Interestingly enough, Microsoft doesn't mention
alternate data streams (ADSs
--- "Aditya , ALD [ Aditya Lalit Deshmukh ]"
<[EMAIL PROTECTED]> wrote:
> Blankdo you know that www.slimeware.com is a
> paranody site with no real coproation behind it, the
> fellow who wrote this program has a real good sence
> of humor
What?!? What's a "paranody"? And what's a "coproation"
> To answer your question...YES I was kidding!
> I did post it to invite speculation!
But why? Speculation is a complete waste of time.
> The Truth is, the mergers within the security space
> are getting interesting.
> First Watchbot buys Sanctum.
> Now McAfee finally bought Foundstone (Rumored
> Press releases are social engineering, plain and
> simple.
Agreed.
> There's a good chance the OP already read them and
> is looking for
> hints as to what the *REAL* story is.
Good chance? If so, perhaps the OP should have said
so. As to the *real* story, it isn't going to be
found here.
nmap
ping/tracert
SNMP enumeration
--- Jose Pena <[EMAIL PROTECTED]> wrote:
> Would like to get a better picture of the company
> network (other than diagrams given).
>
> Thought I'd ask what are the most recommended tools
> in
> discovering a network environment.
>
> Thx for the help,
> J.
>
You're kidding, right? What's the purpose of posting
something like that, other than to invite speculation?
Since I doubt that senior management of neither
McAfee nor Foundstone actively monitors this list, one
would think that you could have saved yourself some
time if you'd simply read the pres
Barry,
> I think the whole AV naming issue is, though
> problematic, the least of
> our problems. I think you hit the nail on the head
> here, Harlan.
One other thing I'd like to throw into the mix. This
whole discussion is being viewed, it seems to me from
the wrong perspective. The attitude
> > As
> > I explained in other of my posts in this and the
> related "AV Naming
> > Convention" thread, in general by far the largest
> "cost" of naming
> > disagreement is borne by the users in the early
> hours of large-scale
> > outbreaks.
Forget the whole naming thing...it's been bandied
> i agree that this is "crap update".
Ok.
> don't use windoze for anything serious, but a person
> familiar with windoze
> said sp2 breaks so much warez it is unusable.
Just how useful is a phrase like "breaks so much warez
it is unusable"?
So far, I've seen multiple posts to various lists
wh
Tom,
I don't think the OP means "don't talk about SP2 with
regards to security here". I think what he's rather
clearly referring to is if you install SP2 without
thinking, and then something bad happens (ie,
cardreader stops working) b/c you installed SP2 on a
production system, don't bring *that
Darren,
> Windows XP SP2 has got to be up there with Windows
> NT 4.0 service pack 2
> in terms of crap updates, possibly even worse.
> Maybe M$ are trying to
> push everyone away from Windows ?
Wow! MS goes about doing what the security folks have
been harping on for years...providing a modic
All I can say about this, Greg, is...well...duh!
> > Just FYI, my company is experiencing a high volume
> > of calls from customers
> > claiming that they have installed Windows SP2.
> > Customers claim that SP2 is
> > "breaking" previously working network behavior.
> > Initial testing indicates
snort
--- Carsten Ruckelshausen <[EMAIL PROTECTED]> wrote:
> Hi,
>
> i'm looking for a Intrusion Detection System (host
> and/or net) for Windows.
> It should be Free or Shareware and perhaps it could
> work in a Windows/Linux
> network.
>
> Any idea ?
>
>
> Bis denn dann,
>
> Carsten
> --
Thanks for the reply.
> True, but as I said: "Some web-sites and mailing
> lists
> already provide this functionality, but we have
> found them
> way too slow to publish new updates as well as being
> incomplete."
Right, I caught that, too.
> We focus on exploits only, and aim to increase
> awar
What will this new service provide that isn't already
available?
--- [EMAIL PROTECTED] wrote:
> exploitwatch.org is a mailinglist aiming to keep
> security proffesionals updated
> with information on new software exploits.
>
> When new exploits make a public occurance, the risk
> if being targe
Raymond,
> It merely is the trade-off of total
> freedom of speech, which this list tries to
> maintain.
I agree with you on that. One would hope that people
would realize that with free speech (and other
freedoms) comes responsibility...or at the very least,
observe some modicum of courtesy. H
Jan,
Thanks for the response...
> http://www.rense.com/general52/fgult.htm
I read the site, and it linked to a CNN story:
http://www.cnn.com/2002/ALLPOLITICS/12/29/mandatory.military/
Notice that the date on the CNN piece is 30 Dec '02.
> A link to the article about the passed but yet
> unsig
Jan,
> If any issue is more important than electronic
> voting I don't
> know what it is. Congress has approved starting in
> the Spring
> of 2005, the draft, all the way up to 49 years of
> age for special skills.
I'm not clear as to what one issue has to do with the
other. Those in Congress
> > It's not difficult to figure out how things work
> on
> > Windows systems. Once you find that out, it's
> pretty
> > simple. I will defer to Marcus Ranum's title of
> > "artificial ignorance" to describe how the Perl
> > scripts work...by identifying those things that
> are
> > known to be '
-aditya
> > Sure...Perl scripts. As a security admin in an
> FTE
> > position, I had scripts that checked all systems
> > within the domain for entries in the ubiquitous
> 'Run'
> > key, as well as for BHOs. Easy stuff, pretty
> trivial, actually.
>
> but then you would have to keep on updating
> Does anyone out there know of any tools available to
> probe network workstations for the presence of
> adware/spyware?
Sure...Perl scripts. As a security admin in an FTE
position, I had scripts that checked all systems
within the domain for entries in the ubiquitous 'Run'
key, as well as for
Ron,
> It's estimated
> that at least 75% of vpn's in place for this kind of
> use are nothing more then that.
I'd like to take a closer look at this...when you say
"estimated", by whom? What's your source? I'm not
disagreeing, as I agree with your post...I'm just
looking to dig a little deeper
> Attached is a proof-of-concept as made available by
> [EMAIL PROTECTED]
> for using autorun with USB.
I haven't been able to get it to work on Win2K or XP,
and the OP doesn't seem to have specified the
manufacturer and model of the device used.
> This should work. As it was already released,
I agree, the use of USB-connected devices is nothing
new. They make a very unobtrusive delivery system, as
well as a great way to load vast amounts of data into
an extremely small space to get information out of an
organization.
But you know something, that's not really the point.
Yes, this is a
--- Evil Wrangler <[EMAIL PROTECTED]> wrote:
> I want to say how flattered I am to have generated
> so much discussion
> from my little 2600 article. I welcome all
> corrections and additions.
>
> Information should be free!
Okay, how about this request then...can you provide
enough details (ie,
Oscar,
> This issue has been discused in pentest list. Take
> a look at:
I don't think the issue is that it's been discussed,
more that it hasn't been really resolved/addressed.
Take a look at the post you linked to, specifically:
"I think turning off auto-run is a REALLY good idea."
Accor
> I have been interested in a potential exploit that
> may or may not be an
> issue, I read lately that a potential malicious file
> could enter a system
> via a USB Memory stick with a structured autorun.pif
> , and this file would
> operate even if the screen lock is activated .
This is an i
> I think it is very useful to scan a windows machine
> from viruses while having that machine booted to
> linux. This pretty much ensures that you will find
> all the virii on that system.
Not necessarily. You'll have to update the virus
signatures on your CD distribution prior to scanning,
an
>Yesterday i was visitng web sites. so i felt
> my computer slow. and that time i shutdown my
> computer and go somewhere. now today i restarted my
> computer and when i open internet explorer i got Web
> Page. Which i didn't SET. and now i am not able to
> write www.anydomain.com . when i
Mark,
> The idea here is to learn something from it.
> Reformatting the system is
> a good idea, but before that takes place it'd be
> nice to learn what the
> thing actually is and how it works.
"Once you understand the nature of a thing, you know
what it's capable of." - Blade
> This thing r
Bill,
>From your post, you don't seem to have a great deal of
detailed information to share about this issue...
> The virus works on port 443.
Wouldn't it then be, by definition, a worm?
> It seems to accept inbound connections on that
> port as well and, presumably, awaits for commands
> fro
Josh,
I tried to download the archive, and McAfee alerted me
to "W32/Sdbot.worm.gen.g".
From:
http://www.sophos.com/virusinfo/analyses/w32sdbotcf.html
"W32/SdBot-CF spreads to other computers on the local
network protected by weak passwords."
> I found this worm/ trojan on a laptop. Ran FPort
Josh,
> I would like to know the attack vectors. I'm
> guessing LSASS.
If you don't know what the worm is, what would lead
you to guess that the infection vector is LSASS? Is
there some other piece of information that you're not sharing?
___
Full-Disc
Gadi,
For the sake of the list, would you be willing to
share the answer you received?
--- Gadi Evron <[EMAIL PROTECTED]>
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Dowling, Gabrielle wrote:
>
> | A certain mass maier that infected a netware
> environment? And you
> have a b
> >> Perhaps. What is the real risk of destroying
> >> configuration files, if backups are being made?
> They restore from backup, someone erases them again,
> they restore, someone erases again, they restore...
Right, I understand that. However, as a consultant,
I've seen places where increme
Steven,
One bit of advice...to quote Morpheus, "welcome to the
desert of the real."
> 1. Would an exploit like this be said to be severe?
Perhaps. What is the real risk of destroying
configuration files, if backups are being made?
> 2. Is the vendor right in their approach to this
> issue?
m5x,
As with most public forums, you've missed the point...
--- madsaxon <[EMAIL PROTECTED]> wrote:
> At 10:45 AM 5/25/2004 -0700, Harlan Carvey wrote:
>
> >Valdis,
> >
> >I sincerely hope that you do not presume to speak
> for
> >everyone...
>
&
Valdis,
I sincerely hope that you do not presume to speak for
everyone...
--- [EMAIL PROTECTED] wrote:
> On Tue, 25 May 2004 11:28:19 EDT, Brian Toovey
> <[EMAIL PROTECTED]> said:
>
> > if whitehats dont audit the code, who will? I
> find your response more
> > ignorant.
>
> Whitehats won't
I have to apologize, as I didn't see the original post
in my inbox...could someone forward it to me?
> > Now one can't trust somewhat 50% of all Microsoft
> Computers.
>
> you trusted that many before? :)
>
> Honestly though, it isn't a total writeoff.
>
> Your data may well have been compromis
Thierry,
> SvGs> I'm stupid, yes,
> And you will be fined if you report it to the
> police. whoops.
You're saying that it's against the law to be stupid
in Germany? Just tell all those people to come to the
US and run for Congress... ;-) See, we reward
stupidity w/ promotions!
___
Micah,
> I wonder if people forget the liability that any
> organization inherits if
> they do NOT maintain a above standard protection
> scheme for their network/hosts.
What kind of liability are you talking about? Social?
I'm not aware of any legal liability that's been
tested here in the US
Rodrigo,
Please go back and re-read my post...particularly:
"And yeah, I know about the dial-up and VPN issues,
but
there are designs that protect against infections
there, was well.
Perhaps after all these years of publishing "best
practices", maybe the victims would
stop...well...being victim
Serge,
I agree with you, as well...but I think at some point,
we (and by "we", I mean the CxOs responsible to the
Boards of companies for the operation and function of
those entities...) really need to start heading "best
practices". The Principle of Least Privilege wasn't
something that just spa
Come on, Larry...
The first thing in the MS bulletin about Sasser is
"enable a firewall"...block the port. Slammer was the
same way.
And yeah, I know about the dial-up and VPN issues, but
there are designs that protect against infections
there, was well.
Perhaps after all these years of publish
Earl,
I agree...to a point.
Sasser violates poorly designed/implemented network
infrastructures.
> Let's be clear. Sasser violates networks and causes
> grief. It is
> wrong. Put him in jail.
___
Full-Disclosure - We believe in it.
Charter: http:
's pathetic, but it's the way that many companies
> operate.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Behalf Of Harlan
> Carvey
> Sent: Tuesday, May 11, 2004 08:38
> To: Full-Disclosure
> Cc: Clint Bodungen
> Subje
> So let's say (hypothetically) someone hacks a
> company's network. Let's say
> the hack is internal (as opposed to external). The
> company detects the
> hack (let's say) and runs down to the suspected
> cubicle and ...does what?
> Well, if they're smart they have an in-house team
> (or outs
Clint...
Two words..."testing process". What happened to that?
Don't tell me you're installing patches directly to
production systems...
--- Clint Bodungen <[EMAIL PROTECTED]> wrote:
> How about when Micro$oft releases a bundled patch
> (cough cough MS04-011) to
> fix several bugs and security
Michael,
To quote Morpheus..."welcome to the desert of the
real."
Perhaps more appropriately...to quote Neo..."There is
no spoon."
How does the industry "calcuate" [sic] loss? Yes,
that's a very interesting question. Removing a script
mapping from IIS at install time as part of a
configuration
any of the r* services...rlogin, rexec, rshell?
http://csrc.nist.gov/publications/nistpubs/800-7/node129.html
--- Chris Carlson <[EMAIL PROTECTED]> wrote:
> This has probably come up before, but does anyone
> know of a *nix utility
> similar to psexec[1] to execute commands on remote
> windows sy
Chris,
Just out of curiosity, what did the author say when
you contacted him about this issue?
--- Chris Sharp <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I've been trying for some time now to use Brutus
> (BrutusA2.exe) to help with an internal review of
> the security of the user passwords for
I am one of the people who received a copy of the file
via my Yahoo inbox. I had Yahoo scan the file before
downloading it, and it identified the malware. I've
sent this information to Stacey, and might suggest
that perhaps the anti-virus software used needs to be
updated.
>> Stacey Katz <[EMAI
Jon,
Interesting info...did you happen to read it?
The posts seem to indicate that someone else found
this process running, but was not able to locate an
executable image (the actual binary file). However,
in the case of the OP (original poster), there should
an executable image file available.
Stacey,
It would seem that if you have a copy of the file, you
would be the one to be able to provide information
about it.
You have to remember, you can't necessarily expect to
find much if you're searching based on filename alone,
as that's probably the most easily altered thing about
a file.
> While I think you have a point I also think Ethan
> has one too. It is important
> to remember that users are generally clueless and/or
> unconcerned with
> security. Of course I'm grossly generalizing but I
> think you get my point.
Yes, I can agree with that...I do get the point. But
who a
Ethan,
> I just wanted to point out that this is probably the
> no.1 security fallacy I hear among my endlusers.
Having done vulnerability assessments for a long time,
one of the biggest issues I run up against is admins
who refer to users as "lusers". Funny joke, yeah, but
a lack of discretion
Moderation also cuts down on useless noise, as well...
--- Sebastian Krahmer <[EMAIL PROTECTED]> wrote:
> On Fri, 30 Apr 2004, Kurt Seifried wrote:
>
> > Just a note to all I run a moderated subset of
> this and several other lists,
> > which averages 20 messages a day or so.
> >
> >
> http://li
> > Question: Should admins be using security
> scanners?
>
> Someone should be. Admins should be to confirm that
> their environment is in
> the state that they believe it to be.
I guess we'll have to agree to disagree. In my
experience, the guy who set a system up shouldn't be
the one to in
And you know something, Chris...that's fine. Really.
I just left a position in the private sector w/ a
company that was audited over a dozen times a year by
various customers. Even their external auditors (ie,
*not* customers) were clueless when it comes to IT or
security. One audit did includ
Just some things to think about...
> Top 15 Reasons Why Admins Use Security Scanners
Question: Should admins be using security scanners?
> This list has been compiled by emailing various
> Security/Admin lists...
> Anyone care to offer their input - add to the list?
>
> -Am I sure that I have f
Well, then the hole you get stuck in with that
particular situation is systems going unpatched, b/c
there is no exploit for the vulnerability.
A company I used to work for was that way. Regardless
of what security strongly recommended, patches weren't
being installed in a timely manner...largely
>
>
> ----Original Message Follows
> From: Harlan Carvey <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> CC: [EMAIL PROTECTED]
> Subject: RE: [Full-Disclosure] Security Sites
> Date: Fri, 23 Apr 2004 10:32:43 -0700 (PDT)
>
>
> > > I have been lookin
> > I have been looking around and haven't found a
> very good security forum
> > and
> > I was wondering if anyone has some ideas. Im new
> to the security field and
> > am looking at learning as much as possible. Also
> maybe even some more
> > mailing lists. I appreciate everyone that posts
> h
Somehow I get the feeling that this would be a much
better world if the "touch morning_wood" command were
executed more often...
Geez, this has really gotten into the gutter...
--- morning_wood <[EMAIL PROTECTED]> wrote:
> >executing this at the dos promt would create a
> zero byte m.wood file
>
> I'm not an authority on training as the only
> training I've had is SANS, but
> I can vouch for the quality it.
Any particular instructors? I find it hard to believe
that someone who is an instructor at SANS would
endorse tools like inzider. But I do know other
instructors that are pretty d
Robert,
First, let me say that I completely understand your
need and concern, from a sales perspective.
> What we're doing is porting customers from
> consultancy by one person to a
> new, larger business owned by that person as a
> growth move. We're
> "inheriting" three small (~150 seat) co
> Without the experience behind the cert, any and all
> certs aren't even worth the paper they're printed
on.
This is true, and I couldn't agree more. However, the
thing about certs is that they have to be measureable
and repeatable...which, when one becomes popular, very
quickly leads to boot
Ben,
> Some useful info for beginners is here:
> No Stone Unturned: Part One
> http://www.securityfocus.com/infocus/1550
Thanks for the reference, from the author... ;-)
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-di
> Are these guys nuts? I'm not sure if this is a good
> idea or not.
Oddly enough, this *has* been discussed...at length.
That doesn't mean that it's not worth discussing
more...
Check this stuff out:
http://www.hammerofgod.com/strikeback.txt
Check out the "Strikeback" and "Right to defend"
> ok i was not speculating, this proecess is a win32
> service. these types of images cannot be stopped by
> a admin from the process manager, they have to be
> stopped from the serives mmc under the
> admininstative tools in contol panel.
>
> since this is exactly what the first post described
1 - 100 of 102 matches
Mail list logo