The updates are scheduled to come out today.
>From Microsoft:
http://www.microsoft.com/technet/security/bulletin/advance.mspx
Microsoft Security Bulletin Advance Notification
On January 11, 2005, the Microsoft Security Response Center is
planning to release:
*
It's just 8:55 on the West Coast. Let Bill get a cup of coffee and
check his email first! :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vincent
Archer
Sent: Tuesday, January 11, 2005 11:11 AM
To: Mike Diack
Cc: full-disclosure@lists.netsys.com
Subj
How about Read The List Charter Day.
- For 24 hours, do not create a bogus Yahoo
email account and send out questions or statements not related to network
security or the full disclosure of security issues.
- For 24 hours, do not burden serious
security professionals with your personal
Thank you for the thorough examination and excellent review. Your
timely information will provide more than enough data for senior
management to sign off on a limited deployment of the beta. Since my
company has such a liberal surfing policy, deploying this tool to the
problem users (the "why do
We knew that Microsoft was going to put
out an anti-spyware product after they bought Giant in December, but I did not
figure they could re-brand Giant’s software in under a month. Their
first shot at anti-spyware came out today – Microsoft AntiSpyware (Beta).
I installed it on a test m
This is what one of our developers came up with:
"I could only find one bypass that uses the DHTML Edit Control ActiveX
control (clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A) installed with the
IE.
An example of this is http://www.malware.com/flopup.html
This still showed a popup even when I said
GetPass! from Boson
(http://www.boson.com/promo/utilities/getpass/getpass_utility.htm) will
give you certain passwords if you have the printed configuration, but
not the enable secret. Your other option, if you have physical access
to the router, is to perform a password recovery
(http://www.cisco
To say that Firefox does not allow adware/spyware is not entirely true.
Saying that Firefox does not allow adware/spyware via ActiveX JavaVM or
VBScript is correct. There are other means of infecting a user's
system, but why should a programmer waste his/her time writing creative
code to bypass se
Our users are reporting that they cannot get to Hotmail, Yahoo Mail,
GMail or any other public mail portal. Anyone else having this problem?
This e-mail is the property of Oxygen Media, LLC. It is intended only for the
person or entity to which it is addressed and may contain information that i
One of our users went to a vacation web site and decided to download a
"new" video viewer to look at the beach. She immediately started
getting pop-up ads. The user knew that this download caused the issue,
but she did not tell the help desk about it for two weeks.
The user has a Windows XP Pr
French site
(http://www.commentcamarche.net/forum/affich-975065-%5Balerte%5D-win2kup
2date-exe-new-virus) said that he had a shutdown after 60 seconds,
thought it was a Blaster variant.
Just passing on information.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] O
receive. You can cut cost even further with
in-office training, but there comes a point where you just have to
concede that the costs and headache are not worth it.
-Original Message-
From: Barry Fitzgerald [mailto:[EMAIL PROTECTED]
Sent: Friday, August 13, 2004 3:18 PM
To: James Pa
James Patterson Wicks; Full-disclosure
Subject: Re: [Full-Disclosure] lame bitching about xpsp2
Did i said that business world should return to command line ? I wasn't
under that impression.
Do the interface of OpenOffice and MS Office looks THAT different to you
? Hell no. These secretaries
-- "In all fairness, "I am good with windows" means "I know where to
-- click", nothing more and shows how the typical M$ user is scared as
hell
-- of having ever one day to learn Unix, go through RFCs ( what for ? M$
-- don't even read em themselves ), and use the command line. ( Not DOS,
a
-
That is odd. When dealing with a Pix firewall, no traffic can go out an interface
without some sort of translation statement.
Even the default configuration has this:
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
There must be either a static or dynamic translation statement in your configuration.
Three letters . . .
PDM
The Pix Device Manager is painful to work with. CheckPoint's interface is very
intuitive and easy to use.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darkslaker
Sent: Tuesday, June 29, 2004 2:24 PM
To: [EMAIL PROTECTED]
S
The Chase home page has been like this for over a year. I was a bit
worried after the change, so I just bypassed it. If you feel more
secure logging in on an SSL page, just do the following:
1. From the Chase home page, click on the lock icon next to the words
"Access My Accounts"
2. On the p
This e-mail is the property of Oxygen Media, LLC. It is intended only for the person
or entity to which it is addressed and may contain information that is privileged,
confidential, or otherwise protected from disclosure. Distribution or copying of this
e-mail or the information contained her
This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the informati
We use HFNetChk Pro. It really make patch management easy when you have
many servers.
http://www.shavlik.com/pHFNetChkPro.aspx
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Federated
Information Security
Sent: Monday, March 29, 2004 11:07 AM
To: [EMA
All the good coders are busy looking at the Windows source code. Why
write a small exploit when you can crack the whole nut ;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stephen
Sent: Sunday, February 15, 2004 6:44 PM
To: [EMAIL PROTECTED]
Subject:
dmins
On Fri, Feb 13, 2004 at 12:29:25AM -0500, James Patterson Wicks
([EMAIL PROTECTED]) wrote:
> "The Button"
Impressive. Upperscase letters to start off each word. Quotes to set
it apart from the rest of the sentence it appears in.
> [mailto:[EMAIL PROTECTED] On Behalf
Only the senior administrator and the CTO have the root password to the
Unix systems. The senior admin does not "own" and servers, but is the
manager for all of the other admins. Could he get mad and make changes
to the interpreter, but the server "owner" would notice this and check
the changes a
We are working on something called "The Button", which is nothing but
small script that activates a series of scripts that change all root,
local and domain administrator passwords on our Unix and Windows servers
when run. We also have to set up a script that will change the local
administrator pa
The SCO site is down: http://timesofindia.indiatimes.com/articleshow/468682.cms
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Zangl - Mobil
Sent: Sunday, February 01, 2004 9:44 AM
To: [EMAIL PROTECTED]
Subject: Re:[Full-Disclosure] sco.com -> sl
ke this to
protect their enterprise.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Miguel
Mendez
Sent: Sunday, January 18, 2004 9:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Anti-MS drivel
James Patterson Wicks wrote:
> Microsoft ha
-Original Message-
From: Curt Purdy [mailto:[EMAIL PROTECTED]
Sent: Sunday, January 18, 2004 10:34 AM
To: James Patterson Wicks; [EMAIL PROTECTED]
Subject: RE: [inbox] RE: [Full-Disclosure] Anti-MS drivel
Wicks wrote:
> Microsoft has competition. Apple, Sun, Red Hat . . .
>
>
Microsoft has competition. Apple, Sun, Red Hat . . .
Problem is Apple is full of idiots who feature style over substance.
The system has to look better than it performs. They want people to pay
a premium to make it seem that their products are for the elite only.
The OS is more stable than Micro
When you say properly configured firewall, does that include IDS? Does
that mean that the firewall blocks all connection attempts from the
outside but allows established traffic originating on the network
interior? So if a system receives a Trojan from a web site, it can
communicate with the outs
: Friday, January 16, 2004 7:03 AM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day,
help the cause
On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote:
> Your NAT router works at Layer 3. You still need a personal firewall or
> proxy syste
ch the
people authorized to operate within your environment.
Makes you wonder why we even bother sometimes. Oh well, time to go look
at some new Brittney Spears photos ;)
-Original Message-
From: Richard M. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 15, 2004 10:22 PM
A router that protects you from "Future security holes in the Windows
networking software", huh? I would love a router like that! The thing
is, Cisco, Symantec, Network Associates and Trend Micro have joined
forces to try to do what you say your router is doing already. Tell me,
what is this rou
And we all know that there are no flaws in Linux security, right?
Security group warns of hole in Linux kernel -
http://www.infoworld.com/article/04/01/05/HNlinuxhole_1.html
Flaws raise red flag on Linux security -
And you wonder why some species eat their young.
Let's just hope that now that his "final project" is finished that he will be too busy
to waste our reading time. Hopefully someone in Homeland Security will read all of
his posts and set him straight on the limits of free speech (oh yes little b
According to the SUS server, there are 21 "updates" to previously
released patches. From a fully-patched Windows XP desktop, Windows
Update and SUS returned 11 critical updates. From a fully-patched
Windows 2000 server, there were 10 critical updates returned. I know
that the number of patches m
Sounds like someone did not read the XBox Live! EULA. What happens is the X-Box
displays a message that you cannot play on Live! until you go to the download center.
If you agree to go to the download center, I would think that you would expect a
download. All you have to do is not agree and
systems, we'll give it a shot.
-Original Message-
From: cseagle [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 2:57 AM
To: James Patterson Wicks
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Backdoor.Sdbot.N Question
It sounds like the agobot3 ircbot/backdoor
-----
From: James Patterson Wicks
Sent: Monday, September 08, 2003 4:18 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Backdoor.Sdbot.N Question
Anyone know how Backdoor.Sdbot.N spreads? This morning we had several users pop up
with this trojan (or a new variant). These users generate
Anyone know how Backdoor.Sdbot.N spreads? This morning we had several users pop up
with this trojan (or a new variant). These users generated a ton of traffic until
their machines were unplugged from the network. There systems have all the markers
for the Backdoor.Sdbot.N trojan (registry ent
Patterson Wicks
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] "MS Blast" Win2000 Patch Download
On Thu, 14 Aug 2003 13:15:19 EDT, James Patterson Wicks <[EMAIL PROTECTED]> said:
> If the environment is so bad that you cannot even do that, then you should
> be s
YES
-Original Message-
From: Darren Bennett [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 2:12 PM
To: James Patterson Wicks
Cc: Full Disclosure
Subject: RE: [Full-Disclosure] "MS Blast" Win2000 Patch Download
"Piss poor application written by a programmer
This are the exact words from the article in question:
"If you have a stand-alone computer or connect to the Internet with a dial-up
connection, a software firewall is the right choice. In fact, Windows XP includes
Internet Connection Firewall. A hardware firewall is more complex to configure, b
I manage a national enterprise and we block port 135 on all external firewall
interfaces. There is scant reason why this port needs to be open from external IP's.
If an application requires open access to port 135 over the Internet, it's a piss poor
application written by a programmer who shou
I have to agree. I subscribed after hearing about this list on CNN.COM, but while
most of the post are helpful and informative, the number messages used to
insult/degrade/embarrass other posters is overwhelming. I hope that the list
moderators take some sort of action to cut down on the nasty
44 matches
Mail list logo