Take a look at the date of that report. That it's from almost TWO
YEARS ago! The spammer/anti-spammer arms race began a long time ago,
and will only get worse.
I've seen numerous harvesters with randomized User-Agent strings
crawling a mail archive of mine, even though all output is filtered
throu
lan-tagging-101.html
http://infiltrated.net/cisco/vla-tagging.pdf
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x0D99C05C
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0D99C05C
sil @ infiltrated . net http://www.infiltrated.net
"How a man plays the game s
email address or identity. The procedure does NOT
affect the anonymity of the user at any stage
http://www.hushmail.com/help-faqs2#logipaddressesofpeopleloggingin
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99
CA22 0619 DB63
some steg program, re-PGP it then send using multiple proxies.
Of course now I would not waste my time with such nonsense, but I do
agree on the "one security model does not fit all" bandwagonese(bushism).
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x
than anyone, a defendant would get pounded with other crappy
technicalities.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99
CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
sil @ po
Anthony Zboralski wrote:
>
> On 19 Jan 2005, at 14:55, InfoSec News wrote:
>
>>
>> of digital forensics.
>
>
> Source: http://hert.org/story.php/58
>
> After reading the review of Dan Farmer and Wietse's
Forensic Discovery, you should hear about
> The Grugq who got fired from @stake after writi
381/73.
4463392 Jul., 1984 Fischer et al. 360/30.
4777529 Oct., 1988 Schultz et al. 381/73.
4834701 May., 1989 Masaki 600/28.
4877027 Oct., 1989 Brunkan 128/420.
Primary Examiner: Eisenzopf; Reinhard J.
Assistant Examiner: Faile; Andrew
///
More information on this can be Go
their customers not to
commit the evil act of modifying the dates on their computers.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99
CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
> However, when browsing the web, I found an article
> which said that "it requires an expert to lockdown
> php" (Sorry, but I can't quite recall the URL).
>
> While I am not a novice, I am defintely not an
> expert either - expecially on security issues.
>
> So, I'd like to ask the members of th
x27;ve read of enough others
to wonder whether noexec /tmp really buys you much, other than tripping
up virus and trojan-horse writers that haven't considered that case
and planned for it (e.g. `pwd`/.hi instead of /tmp/hi).
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other
On Thu, 21 Oct 2004 10:29:52 -0400
> But, it's your vote, you can vote for anyone that you wish, I'll defend
> that right to the end, even if Kerry wants to take it away
>
> My vote will be PROUDLY cast for Bush, just like it was 4 years ago.
The problem is that neither you nor I nor a
fo on this?
Thanks,
--
Mark :-)
----
Mark J. Miller, Windows Server Administrator
Saginaw Valley State University USA
7400 Bay Rd, University Center, Mi 48710
Wickes 265, 989-964-7102
[EMAIL PROTECTED], www.svsu.edu/its
- The man who fights for
nder no circumstances
does eEye disclose any information to third parties until the manufacturer
releases an advisory or patch."
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html
tion against ActiveX, to
remove
that product from the market, that would certainly solve A LOT of
troubles!
That was my 2c.
Simon
On Wed, 6 Oct 2004 23:18:12 -0400, Bankim J. Tejani wrote
While good in principle, this legislation is hopelessly
unenforceable and is almost certainly just election y
While good in principle, this legislation is hopelessly unenforceable
and is almost certainly just election year politics. Somebody knows
this and is probably the 1 vote against it. Think about it:
Say that this was a law and someone does what you say and changes your
homepage or something si
see if anyone
> else has seen it?
> Welcome to our web site www.shadowcrew.com/phpBB2/index.php
Google and google-groups for
Which turns up this hit at the urban legends reference pages.
http://www.snopes.com/inboxer/hoaxes/joejobs/shadowcrew.asp
--
Alan J. Wylie
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
it odd?
| "I knew I would be found not guilty. It was ridiculous because there
| was not one dirty mag or dirty video in the house I was living in
| with my dad, mum and wife."
--
Alan J. Wylie http://www.wylie.me.uk/
"Perfection [in de
I have a few gmail invites.
Please reply off list if you're interested.
Alt
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
To accept this invitation and register for your account, visit
http://gmail.google.com/gmail/a-f464716b82-b42ed264e9-c5a7c41343
On Thu, 9 Sep 2004 15:57:49 -0500, Riad S. Wahby <[EMAIL PROTECTED]> wrote:
> Alt J <[EMAIL PROTECTED]> wrote:
> > I have a few gmail invites.
&g
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Really? What a narrow view of security you have.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gaurang Pandya
Sent: Sunday, August 15, 2004 8:49 AM
To: Gabriel Alexadros; Full Disclosure
Subject: Re: [Full-Disclosure] Slipstreamed Windows XP CD Using SP
_price.zip, 08_price.zip, and likely
others. The text reads 'price' or 'new price'.
According to handler Tom Liston, the virus installs itself as
C:\WINDOWS\System32\WINdirect.exe and runs from
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w
The Electoral College votes the President into office, and they are not tied
to the popular vote.
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, August 06, 2004 12:31 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sub
time.
-Andrew-
--
_______
| -Andrew J. Caines- Unix Systems Engineer [EMAIL PROTECTED] |
| "They that can give up essential liberty to obtain a little temporary |
| safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
___
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
We have assigned CAN-2004-0492 to this issue.
The flaw affects Apache httpd 1.3.26 to 1.3.31 inclusive that have
mod_proxy enabled and configured. Apache httpd 2.0 is unaffected.
The security issue is a buffer overflow which can be triggered by getting
mod_proxy to connect to a remote server whi
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
rching for:
bagle perl netcat "full disclosure" site:lists.netsys.com
for example.
Cheers,
J. Theriault
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
ing for Symantec's virus watch
group.
The suspected culprit is the Kibuv.b worm, which hit the Internet
over the weekend and exploits a vulnerability in Windows' Universal
Plug and Play (UPnP) service within Windows 98, Me, and XP. The UPnP
vulnera
upload the file to AVERT WebImmune
https://www.webimmune.net/default.asp for a full analysis.
Kaspersky labs's free online virus scan at
http://www.kaspersky.com/scanforvirus.html works much the same way but
does not require registration.
Hope this helps,
J. Theria
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Zonet ZSR1104WE
Router does not report inbound connections with their WAN ip
address. All inbound connections are posted as the routers LAN address.
This issue is a simple one. The ZSR1104WE router with the
listed firmware / hardware will not report an inbound TCP/IP connections W
Are you saying that the military has standardized best practices that
mandate the immediate installation of vendor OS patches? If they do, I
highly doubt that such policies are widely adhered to.
The fact is, quickly released security patches can and often do break
applications, particularly when
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
vulnerabilities in LCDproc
Date: Mon, 26 Apr 2004 22:19:53 -0700
User-Agent: KMail/1.6.1
Cc: [EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED]
MIME-Version: 1.0
X-KMail-Identity: 422776557
Content-Type: multipart/signed;
protocol="application/pgp-signature";
micalg=p
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
ion possible combinations.
Watson said he can guess the proper number with as few as four
attempts, which can be accomplished within seconds."
Hmmm... Four attempts... And the story makes it sound like a
cross-platform attack, not a bug in a particular OS's ISN generation.
FUD
w long before the current monoculture threat to the net is
addressed as effectively.
> We've probably got people on this list who weren't even potty trained
> by that date
..and still aren't.
-Andrew-
--
_
Andrew J. Caines- Unix Systems Engineer [EMAIL PROTECTED] |
| "They that can give up essential liberty to obtain a little temporary |
| safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
___
Full-Disclosure - We believ
s like the 0 character implies a modification in the IP field..
It`s not a bug of the "ping" command, because it "works" on telnet,
ftp...
d.
---
Sacha J. Bernstein
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charte
ed. It also was unable to tell from public data how
long the vendors had known about an issue themselves in advance of the
first public date.
Anyway, that's why we all joined together and wrote
http://www.redhat.com/advice/speaks_daysofrisk.html
Mark
--
Mark J Cox ...
theirs.
Anything less demonstrates a possible ability to print (though even that
can't be verified).
-Andrew-
--
___
| -Andrew J. Caines- Unix Systems Engineer [EMAIL PROTECTED] |
| "They that can give up essential lib
ince it already has MIME-specific
handling for digest, I can't imagine it being too hard.
-Andrew-
--
_______
| -Andrew J. Caines- Unix Systems Engineer [EMAIL PROTECTED] |
| "They that can give up essential liberty
you can talk or coerce into this,
it could work, but if you still want to be able to send an email to
[EMAIL PROTECTED], it's going to be going in clear text.
[0] I suppose you could, but then you need to make the keys easily
available, and if you do t
enSSL group had been working with the
Codenomicon test suite since the start of February, but we wanted to make
sure that we'd found all the issues and concluded our testing before we
started the notification process.
Regards,
Mark
--
Mark J Cox ...
WPZAQGayAP/TpKP7CKrRR65w5+zr2/Nlw+Cz6UbY0Rd
G1Po5mgZjaP4V63d2TD11IvvZLbjeIeGQj7GxKupcYCn2CxI83xjhwM71vsS6rvQ
pQZAhM5IVvb4HERbGI0hryO10rd1V+fCTzxfB0pBsG1VtEL2jTULyuWgwsA/z0/j
Ez3jSlsbRRA=
=wvAZ
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in i
MS is not alone. More and more web sites don't work without scripting
and/or cookies. I guess cookies are a lesser evil. I'm constantly faced
with the decision whether or not a particular content means enough to me
that I'll turn on the script. In fact, I now run two browsers, Mozilla with
scri
word, Blackadder. Crevice is a
dirty word, but security isn't!" - General Sir Anthony
Cecil Hogmanay Melchett, "Blackadder Goes Forth"
[1] http://www.schneier.com/
[2] http://www.cert.org/
[3] http://www.sans.org/
[4] http://cve.mitre.org/
[5] http://www.ciac.org/
-
I wonder if you could jury-rig a prox sensor with Bluetooth, given BTs
30-foot range. I.e. if it loses connection with your phone, your phone
alerts you.
Best Regards,
Jason
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 28, 2004 1:27 AM
To: [EMAI
On Wed, 25 Feb 2004, Kim Oppalfens wrote:
> Date: Wed, 25 Feb 2004 10:04:15 +0100
> From: Kim Oppalfens <[EMAIL PROTECTED]>
> To: Patrick J Okui <[EMAIL PROTECTED]>, Keith Rinaldo <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], William Bradd <[EMAIL PROTECTED]
On Mon, 23 Feb 2004, Keith Rinaldo wrote:
> Date: Mon, 23 Feb 2004 11:32:19 -0800
> From: Keith Rinaldo <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: William Bradd <[EMAIL PROTECTED]>
> Subject: RE: [Full-Disclosure] Double copies
>
> WB> I am getting double copies of every posting. Is anyone
On Thu, 19 Feb 2004, Brian <[EMAIL PROTECTED]> wrote:
> Protection:
> Vendors should put all Pepsi 20 OZ bottles in a vending machine,
Or fill the bottles just a *bit* more full. :-)
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.ac
entify what these are yet?
W32/Netsky.b (you can see "jokes" on the list):
http://vil.nai.com/vil/content/v_101034.htm
Anybody have a copy of the full mail message ... I haven't seen any here
yet, though it's been upgrade to "Medium" by NAI, Sophos, etc.
--
Brent J
.
See also breaking-and-entering, "Analogies are for the weak of mind"
http://www.mail-archive.com/[EMAIL PROTECTED]/msg13315.html
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
_
t, to whom Microsoft
gave the source in order to work on Unix ports. GNU makefiles would make
sense in that context.
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the wa
mpetitors if he sold information
> 9. break his password, if you have no access to your data
> 10. prepare for the future
>
-
Paul J. Morris
Biodiversity Information Manager, The Academy of Natural Sciences
1900 Ben Franklin Parkway, Philadelphia PA, 19103, USA
[EMAIL PROT
OSes...
I even feel sorry for their customers for this lack of service.
Actually, IIRC, I think that dawdling this long might even be illegal
under German law, something I'll have to look up later...
J. Theriault
[EMAIL PROTECTED]
___
Full-Disclosu
On Tuesday 10 February 2004 00:19, j c wrote:
> Len!
>
> Could you send me infomartion about exploits of Solaris for exploit
> testing, I want to know how work a exploit and how use it.
>
> Thanks
This web-page should answer all of your questions; It is even running
Len!
Could you send me infomartion about exploits of Solaris for exploit testing,
I want to know how work a exploit and how use it.
Thanks
_
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.microsoft
kazza-jj wrote:
need to know about ports,ip,computer to computer
connection and netwoking and security
I think www.maginetworks.com/answer might answer your questions.
-J. Theriault
[EMAIL PROTECTED]
--
~From RFC 1925;
~ (3) With sufficient thrust, pigs fly just fine. However, this is
On Feb 4, 2004, at 2:14 PM, Gary E. Miller wrote:
If I hear one more time that the internet was invented in the '90s,
or Al Gore invented it in the '80s, or MIT invented it in the '70s
I am gonna scream! We were hacking the net in the '60s!
Of course the Internet has been around for in one way or
On Tue, 27 Jan 2004, Randal L. Schwartz wrote:
> PLEASE MAKE SURE that it doesn't send email responses.
Strong hint taken :-D
>
> I'm getting 500 mydoom an hour. I can filter those.
> I'm getting 1500 AV-responses an hour. I can't filter those.
>
> AV response email is PART OF THE PROBLEM now,
On Tue, 27 Jan 2004, Ferris, Robin <[EMAIL PROTECTED]> wrote:
> Does any one know what the size of the attachment is when is comes in as
> a zip file?
So far the ZIP ones I've seen (thousands) are all between 22640 and 22798
bytes inclusive.
--
Brent J. Nordquist <[EMA
Hi all,
(.*flames.*>/dev/null)
1. I'm trying to decide on an AV solution for a campus wide n/w.
I'm basically looking for something that'll respond as quick as
possible to new viruses. I'm currently evaluating NAV, and Fprot.
Any other suggestions/recomendations?
2. Fprot have an AV 4 linux/bsd
On Sat, 24 Jan 2004, Jonathan A. Zdziarski wrote:
> Date: Sat, 24 Jan 2004 11:56:17 -0500
> From: Jonathan A. Zdziarski <[EMAIL PROTECTED]>
> To: Tamas Feher <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Re: DOS all platforms
>
>
> > >>Causing Physical damage to equi
lls like phrack
hmmm, it even tastes like phrack (sorta)
but it's not phrack!!!
- ph1zzle a.k.a. J. Tole
Original Message
-
>> Date: Mon, 19 Jan 2004 16:52:20 -0800 (PST)
>> From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>>
>> Reply-To: &q
%73/p63/ )and I
realize it's possible the guy sent that off honestly
beleiving it was a real phrack issue. if thats the
case he doesn't deserve that demeaner.
OTH if that isn't the case I stick by everything I
said and he can go [EMAIL PROTECTED] himself.
- ph1zzle
believe that. I guess I am just the only
one with the empathy to tell the masses, everyone else
is just laughing at you.
http://www.phrack.org !!!
ph1zzle a.k.a. J. Tole
__
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotj
Hi Mary,
What's the subject of the Citibank email you just received? I'd like to
block it on our SMTP gateways.
Thanks,
Ray
From: "Mary Landesman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: Re: [Full-Disclosure] 3 new MS patches next week... but none fix
0x01!
D
ue a new
number when your current license expires (every 4 years) so it will be
2006 before everyone has their numbers changed.
Eric
--
Eric J. Christeson <[EMAIL PROTECTED]>
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
from the secret question on the american paypal,
which american licenses don't use the same method, I
think.
Anyways, have fun.
J. Tole a.k.a. ph1zzle
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http:/
be trying to get banking info from me?
C.
Ask me about our web and e-mail hosting solutions
****
Michael J. McCafferty
Principal, Security Engineer
M5 Computer Securit
these answers before I
bother getting a USB WiFi unit.) What protocols are used for upload
and download? If they are not well known (FTP, HTTP, HTTPS, etc.) or
are proprietary, anyone know how easy passive eavesdropping or active
insertion or modification attacks may be?
Thanks.
--
Crist J. Clark
uests may have arrived since the last backup) comes
to mind.
-Paul
-
Paul J. Morris
Biodiversity Information Manager, The Academy of Natural Sciences
1900 Ben Franklin Parkway, Philadelphia PA, 19103, USA
[EMAIL PROTECTED] 1-215-299-1161 AA3SD PGP public key available
pgp0.pgp
Description: PGP signature
What an absurd question. If you get drunk and drive your car over a
pedestrian, does it get you out of manslaughter? Or DUI? :P
If you get drunk and rape a girl does that clear you of any wrongdoing?
"Judge, bro, you got to understand. I was wasted as f***"
1. crime is bad
2. intoxication just
On Nov 30, 2003, at 6:40 PM, Jonathan A. Zdziarski wrote:
I'm interested in coding a one-time pad authentication system; similar
to SecurID or other types of token authentication only with software
tokens. The administrator would generate the one-time pads for each
user and distribute them using
Vendor: http://www.bitfolge.de
Bug Found: November 24 2003
Date Reported: November 25, 2003
Severity: High
Systems Affected: Any running PHP
1. About Snif
-
>From website :
Snif is a simple and nice index file.
Server gene
>on Linux it is possible for any user to create a hard link to a file belonging
>to another user.
Only if they can write to some directory on the same partition.
>Furthermore, users can even create links to a setuid binary.
Only if it's on the same partition. This is just one of a huge number o
quot;Google" to "search".
Let me give you a hint, searching for "dell printer boot"
and going to the FIRST site listed brings you to a nice
Dell forum where many people have been discussing
this issue.
If you would like a small course on how to "search the web",
ple
James Patterson Wicks wrote:
According to the SUS server, there are 21 "updates" to previously
released patches. From a fully-patched Windows XP desktop, Windows
Update and SUS returned 11 critical updates.
First box I tried only had one. An update to MS03-043:
V2.1 November 13, 2003: Bulletin u
On Tue, 18 Nov 2003, David Maynor <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 18, 2003 at 11:03:06AM -0600, Brent J. Nordquist wrote:
>
> > http://www.schneier.com/crypto-gram-9812.html#contests
>
> I think that may be a bad example as that talks about crypto challenges
>
On Tue, 18 Nov 2003, Kruse, Steve <[EMAIL PROTECTED]> wrote:
> Repeated "hacker challenges" by Secure Computing against the Sidewinder
> have proven it hasn't been compromised.
"Proven" is much too strong a word. See:
http://www.schneier.com/crypto
ur case, Dave Null won't help you, but at least he won't take up any
of your time trying to do so.
-Andrew-
--
___
| -Andrew J. Caines- Unix Systems Engineer [EMAIL PROTECTED] |
| "They that can give
one occasion you advised your management of the threat,
provided solutions, worked with management to fix them problem then
resigned after the systems were compromised because you felt your
professional expertise was not being valued or used.
-Andrew-
--
_
e they have billions in the bank... and they couldn't hire
people as clever as the people outside their organization finding these
vulns. without the source, if they really wanted to? Come on.
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bet
tted, this has to be a
software solution under WinME.
Clearly there are 'social' factors in training such a user - I'm looking
for opinions regarding the software end of things, not 'whack her in the
head every time she clicks OK without reading' su
anks, Mark
--
Mark J Cox / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [4 November 2003]
Denial of Service in ASN.1 parsing
==
Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to
address various ASN.1 issues. The issues were found using a test
suite from NI
ger argument: "in the real
world, decisions about taking critical systems down are based on a number
of factors"... and with that, I agree 100%. This list's main value to me
is adding more data to be weighed in making those decisions.
--
Brent J. Nordquist <[EMAIL PROTECTED
"Because the guy was doing something with computers,
all rational thought got turned off"
-Larry Lessig, Stanford Cyber-law expert
Despite computers being ubiquitous in this day and age,
there is still a stigma, IMHO, of being a computer
professional. In a courtroom, I fear that the more
aptit
the "September 2009,
> Cumulative Patch" update which resolves all known security
> vulnerabilities affecting MS Internet Explorer, MS Outlook and MS
This one killed me - ROFLMAO.
I've gotten about 250 swens, every single one sent to an email address
that appears solely on the
i agree with your assessment, basically, but:
you say these 'uber-hackers' don't believe in full-
disclosure, but you say they use it to learn? or,
without full-disclosure (or any disclosure at all)
they would learn anyway? care to posit some theories
as to
bipin gautam wrote:
--- [Effected] ---
All versions of "OPERA, MOZILLA and INTERNET EXPLORER"
available up to this, relese DATE!
Doesn't do squick with Moz 1.5b (non-RC) on WinXP
http://www.ysgnet.com/hn
---[I want a JOB/scholarship... anyone??? - hUNT3R]---
I have some weeds in the backyard that
1 - 100 of 160 matches
Mail list logo
