If you are going to try and bash Microsoft for doing something, maybe
you should at least look at some of the documents surrounding the
reasons for doing it, and then be accurate:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#XSLTsection127121120120
and a documented a
On Tue, 17 Aug 2004 10:44:10 +1000, Gregh <[EMAIL PROTECTED]> wrote:
>
> - Original Message -
> From: "DWreck" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 17, 2004 7:04 AM
> Subject: [Full-Disclosure] lame bitching about products
>
> > Security professionals do N
Various people are complaining about the length of this discussion and
the fact that it does not belong here, I can't disagree. There are of
course already plenty of places to discuss this, I will also be
populating discussions on my new forum:
http://ra66i.co.uk/forums/viewtopic.php?t=1&sid=a6ac5
First of all, almost all Windows users demand backward compatibility.
While MS's software is not open source, MSDN indexes a huge number of
libraries and most all of these would have to be wrapped up to work
under a newly written OS if backward compatibility is to be
maintained. Programmers of 3rd
Of course the power ranges you quote are also illegal, not to mention
extremely dangerous.
On Thu, 19 Aug 2004 10:21:49 -0500, Michael Williamson
<[EMAIL PROTECTED]> wrote:
> Using 802.11 for anything remotely critical is outright STUPID.
>
> FCC regulations are such that these part 15 devices (8
Surely though, if a user chose to open file and printer sharing over
the network for any parent directory, it is possible that a remote
user can very easily do damage to ZAP, at the very least shutting it
down, at worst reconfiguring it.
There is absolutely no good reason I can envisage why you wo
> >>Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely,
> Isn't it supposed to store logs ? My english knowledge is probably too poor.
The folder name would suggest that. I raised an eyebrow when I saw that too.
> >>EVERYONE: Full
This means that anyone / anything wh
Here I found that I can have BITS and Automatic Updates in "manual",
Windows Update works fine here. It may be a good idea to refresh the
MMC console page, as you will probably find that at time the service
had shut down if and when BITS was stopped prematurely (i.e. when it
was in use).
There rea
SUMMARY:
IMHO even using packet writing this is not a good solution for log
handling, but maybe ok for log archiving on a remote log server (which
we would hope not to be compromised until after logs were written, at
worst).
DOWN TO IT:
The principle of using WORM media for storing logs is an in
I might also suggest that it is likely (although not guaranteed, maybe
ask the manufacturer) that the application will put a full lock on the
RS232 comms, and as such, a virus could only transfer data to the OS /
program if the lock was removed (program was closed).
As for viral infections via thi
If you want to check to see if the system has the MS tcp/ip stack
running on the port, boot the machine and look in the network
connections folder. You will see an "incoming connections" connection
listed. If this is present (i doubt it, but anything is possible) then
turn on IPSec for the connecti
On Wed, 1 Sep 2004 21:33:55 +0400, 3APA3A <[EMAIL PROTECTED]> wrote:
> really poor. I can break my own ass by falling into the pit, and I will
> never have another one. In informational world (like in any business)
> all I risk is not more than money.
Of course no one was ever hurt as a result
Once again this discussion is drifting very far away from the FACTS,
let alone relevance:
1. On a BBS you connect through a modem; a modem (typically) uses an
AT command set, and you would require another modem to connect to.
Data transfer happens as a subset of this command set. These protocols
a
google came back with a forum to do with sdbot; however, the file was
listed as "Morphine".
I saw a copy of one of the recent worms which had generated a very
large number of exe's which all had previously uncaptured names.
If it's not being picked up by your virus scanner, send it to their
team,
On Thu, 2 Sep 2004 13:13:29 +0400, 3APA3A <[EMAIL PROTECTED]> wrote:
> You may be really good specialist in IT security familiar with every
> law, article and recommendation, but to make any real example for
> informational security problems you MUST understand difference between
> cra
On Wed, 01 Sep 2004 17:06:45 -0400, Barry Fitzgerald
<[EMAIL PROTECTED]> wrote:
> You're right with this scenario, of course, but I don't think that they
> meant that there was no room for physical protection in information
> security.
My point was intended to make people realise that where your s
This is my last post on this conversation. As I am now finding it hard
to be reasonable in my responses.
On Thu, 2 Sep 2004 17:41:39 +0400, 3APA3A <[EMAIL PROTECTED]> wrote:
> Security policy is never our of date because it's reviewed on regular
> basis. It's your information about availabl
On Thu, 02 Sep 2004 10:02:12 -0400, Barry Fitzgerald
<[EMAIL PROTECTED]> wrote:
> I... tend to agree. It's a difficult question because analogies are
> useful if the person reading the paper has no point to base their
> opinion off of. However, I see two problems with this:
>
> 1) Perhaps a pape
On Thu, 2 Sep 2004 12:53:20 -0700 (PDT), Security List
<[EMAIL PROTECTED]> wrote:
> Mr. Tucker wrote:
>
> >Maybe, but you have to educate people somehow, and
> you don't have time
> >to explain everything.
>
> This is an excuse and the weak point. If you do not
> have time, and the audience does
Apologies, please explain the lack of differences, I'm not getting them.
Virtual:
"The door" - Port 80 - Closed after connection attempt. You come back,
it does the same, and then closes again. 404 Error not being
dissimilar to being told to get out.
Real:
Cops show up - As with the firewall, it
Hi all,
A recommendation for anyone in this situation, try using a copy of
BartPE (http://www.nu2.nu/pebuilder/) and McAffee to detect the files.
I have watched one of these variants actively attack a copy of Norton
Antivirus. Furthermore, the worm in question which I observed started
to hide
On Thu, 2 Sep 2004 17:29:10 -0500 (CDT), [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> > Apologies, please explain the lack of differences, I'm not getting them.
> Of course...
>
> > Virtual:
> > "The door" - Port 80 - Closed after connection attempt. You come back,
> > it does the same, and then
A very well stated argument.The only remaining point I would like to
hear your opinion on is whether said analogies may be useful (although
clearly never complete) in the education of people, in order to
provide an abstraction which they may understand more immediately
rather than to require furthe
too far, by pointing out how they may fall
down. Explain the "this scenario only" approach to the analogies.
Does this seem somewhat more reasonable?
On Thu, 02 Sep 2004 20:16:44 -0500, Frank Knobbe <[EMAIL PROTECTED]> wrote:
> On Thu, 2004-09-02 at 19:49, James Tucker wrote:
>
On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
<[EMAIL PROTECTED]> wrote:
> Über GuidoZ wrote:
>
> > ... If you want to email me a copy of it, I'll
> > rip it apart and see what can be seen.
>
> And world plus dog should entrust you with such material because???
... most viruses, trojans an
Yes, I realised that last night.
It is interesting, but I think in his attempt to disproove the
anology, he came up with a very comparable one.
The firewall at McDonalds.com seems to filter all data to all ports
other than port 80. You cant enter a McDonalds resteraunt through
anything but the d
On Fri, 3 Sep 2004 04:05:02 -0700 (PDT), Harlan Carvey
<[EMAIL PROTECTED]> wrote:
> James,
>
> I'm replying off-list for the simple fact that I can't
> believe the post you sent to FD. Your questions back
> to Nick are...well, what's the right word???...it's as
> if you're not even paying attenti
On Fri, 3 Sep 2004 15:22:15 +0200, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
> You wrote:
>
> > ..
> > Of course I could be missing something?
> > ..
>
> 400 != 404 ?
>
>
> /* Return code=1: generic error condition
> Return c
0700 (PDT), the entrepreneur
<[EMAIL PROTECTED]> wrote:
> it says everything.
>
>
> --- James Tucker <[EMAIL PROTECTED]> wrote:
>
> > why?
> >
> > On Fri, 3 Sep 2004 03:31:32 -0700 (PDT), the
> > entrepreneur
> > <[EMAIL PROTECTE
ot cover it (how can you miss the pun
> there ?), but the First Amendment will. hehe.
>
> Am I spared?
>
> -Regards
> The Entrepreneur
> --- James Tucker <[EMAIL PROTECTED]> wrote:
>
> > A short piece of food for thought for all you
> > hackers out there. This
>
Just a couple of comments which are important for people to know.
> > - RF keyboards don't exist. Nobody's *that* unconcerned about security.
What do you think TV broadcasts (plain), radio (plain), GSM (heavy
encryption scheme), bluetooth (reasonable encryption scheme), paknet
(no encryption, bu
The site quoted, did not contain any malicious code when I just checked it.
The common.js file quoted contains only the framebreak code:
-BEGIN-
// common.js
// Copyright 2001-2003 by Christopher Heng. All rights reserved.
// $Id: common.js 2.3 2003/04/29 11:49:36 chris Exp $
funct
> > 2) RF can be boosted (both ends effective) by adding GAIN to ONE END
> > ONLY. (Yes that means the coke can with a little wire out of one end
> > hanging out of the next door neighbors kids window is in fact a
> > wireless tapping antenna (joke, but this is not by any means
> > impossible))
>
yeah, how about we all submit a full cvs mirror of all our apps. hrm.
On Mon, 13 Sep 2004 13:28:49 -0400, Micheal Espinola Jr
<[EMAIL PROTECTED]> wrote:
> I disagree. Programmer's should know to submit their code to the
> various AV companies in order to avoid false-positives.
>
> On Mon, 13 Se
Um, I might suggest one thing, USE YOUR EXCLUSIONS! almost all of the
anti-virus programs support exclusions, although this is not a best
case solution, it should work.
Anyone who does not know why you should be required to submit every
program you ever make to AV companies needs to think about th
> According to the FBI fornsics agent I heard at a recent security
> conference this is a fairly common defense. The other is trying to
> claim that any gaps in the evidence chain are when a law enforcement
> type planted the porn there.
there are laws and processes which must be performed in ord
On Thu, 16 Sep 2004 18:52:49 -0400, James Patterson Wicks
<[EMAIL PROTECTED]> wrote:
> One of our users went to a vacation web site and decided to download a
> "new" video viewer to look at the beach. She immediately started
Administrator rights?
> getting pop-up ads. The user knew that this do
Very, very seriously, get a consultant at least for the design portion
of the project.
Remotly performed work may allow you to get around various forreign
employment issues. Politics with this sort of issue is always a
problem, but there really is no substitute for an expert.
Good luck.
> I'm just intrested in knowing what makes him so special to most of the
> people in the industry.
His CV contains real experience. The HR manager isn't sure what it all means.
> He appears on tv
The shareholders on the other hand love the guy, we know who he is,
and we (think we) know he'
Spam or not, truth or not, the whole situation with adware is getting
out of hand.
I suspect the quickest way of dealing with the registry entries is to
use Unicode keys (unreadable by any outer ring processes).
Worrying that they are getting into the kernel, although I would be
very interested t
> What seems to read clearly from your replies to this thread is that
> either;
>
> 1> the code was better done under the original OS, unix
The system was different, although it is likely that the
(designed/intended) functionality is identical. Some older Unixes are
no longer supported both by ha
Firstly I must apologise for adding more noise to this thread; but I
feel that this rant applies to more than just one person. I know there
are many who simply can't deal with posts like the one from "gregh", a
message in a human language form rather than a logical systems
breakdown. Some people th
Outline:
==
It has recently come to my attention that it is possible to circumvent
functions inside of Microsoft Outlook 2003 and some other MUA's by
using href tags containing "cid:";. By default such MUAs no longer
download web referenced images and objects, however images referenced
by "cid:
Although I do not use the accounts described (yahoo, aim, hotmail), I
have just today installed the dekstop search on a lab machine. It
takes no genius to see exactly what is going on here.
I have to ask, what on earth do you think those tick box options were
when you installed it?
Google Desktop
well, heres what gmail ads thought of your mail:
Need Exploits?
Immunity Canvas has over 100 for Solaris, Linux, and Win32
www.immunitysec.com
DSO Exploit Removal
Download and try for free. aff. Stop Your Privacy Invasion.
www.NoAdware.net
DSO Exploit Remover
Download and try for free. Block priva
Having not used shell code exploits of this type before I found the
paper quite interesting. Several principles and facts were confirmed
to me.
1. Due to the fact that the exploit vector must exist in the form of
an illegal jump, it is in fact the final jump in a sequence that is
important.
2. Pol
On Wed, 6 Oct 2004 08:07:38 -0500, Todd Towles
<[EMAIL PROTECTED]> wrote:
> Why make more computer laws...when the current computer laws can not be
> enforced correctl? We all know that the CAN-SPAM Act really cut the spam
> out of our e-mails *sigh*
There is clearly allot of computer related cri
I am sorry, maybe I just don't get it, but the two forms you are
talking about could not happen in the scenario described.
Besides this fact, user data space still has to be violated and this
still requires either privileges (which means you have access anyway)
or requires an exploit to elevate yo
1. XP would be more suitable to run as a user if the runas service and
windows installers were developed to add more complete and easy to use
privilege elevation techniques outside of active directory and the
default group policy that gets applied.
2. Due to the above, the power users group is more
Use "IEXPLORE.EXE [PATH]" to get a working copy of explorer using the
runas service.
eg.
runas /user:system\user "%PROGRAMFILES%\Intern~1\iexplore.exe [path]"
No bitching about the fact that its the IE exe we are loading, it
makes no difference, thats just a wrapper to load the libraries, you
can
I would feel very sorry for the small time ISP's being DoS'd off the
planet by some of the potential "attack backs" that could be generated
by such an idea. DoS wars are not a good way to fight spam. Judgement
of the receivers total bandwidth capability is difficult to impossble
to accurately judge
On Mon, 13 Dec 2004 15:40:32 -0500, James Patterson Wicks
<[EMAIL PROTECTED]> wrote:
> This is what one of our developers came up with:
>
> "I could only find one bypass that uses the DHTML Edit Control ActiveX
> control (clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A) installed with the
> IE.
>
> An
Why can't the MS be given an IP connection through a NAT with a
private IP class? (removing the specific attack vector described as
the range could be made much larger). Obviously this is less
preferential for financial transactions as one would desire to know
more about the endpoint, however it co
Whilst I have not seen any (although I haven't looked, sorry) I doubt
there are.
What you can do though, as with any application, is distribute locked
registry keys and configuration files for it. Documentation to do with
using firefox with multiple profiles in mutliuser environments is also
avail
Have you considered using secured network protocols on dedicated
encryption hardware? or is that beyond the price point?
Any cipher algorithm would be theoretically implementable (providing
the length of data is suitable). If you are looking for _real_
performance though then ciphering may not be
To be fair to the often hated, this may be why they do this:
http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp
Contrary to RFC2616.
To quote some documentation of years ago:
"If you have a file of a well-known type (e.g. .pdf) and send it with
a freely invented MIME-
I don't have allot to say on this topic as a whole which I have not
said before, so some of this is just repetition; maybe it'll be heard
this time. DoSing browsers will almost always be possible, as with any
other application, so long as you can load it up to process enough
information.
If the de
Can this apply to the mobile or embedded VM's, and what level of DoS
occurs, is it a hard processor loop or a locked VM instance?
On Wed, 22 Dec 2004 12:42:04 +0100 (MEZ), Marc Schoenefeld
<[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Good day,
>
> after my bu
Frankly the ability to bypass any authentication procedure by a series
of button presses is plain bad software design, period.
If you don't believe me, go watch any "hacker film" and see how
Hollywood shows most hackers gaining entry to systems. Sure, sounds
stupid if its not a reality, and just p
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Sun, 26 Dec 2004 06:34:24 -0800 James Tucker
> <[EMAIL PROTECTED]> wrote:
> >The only charge appropriate for this case would be
> >what is informally known as a 'gag order' and will
> >
Very well I give up. Try to purchase one of those units (that is a
picture of a butchered Toshiba Satellite Pro). No one can actually
sell you one. They appeared first on Chinese sites about 6 years ago
and no company would actually supply the units.
The Police and security agencies do not use pas
The only charge appropriate for this case would be what is informally
known as a 'gag order' and will require that you disprove under a
court of law all statements made by Mr Jansson. In fact, you will have
to prove that Mr Jansson's comments are causing you loss of revenue or
damaging the overall
> > Assuming the attacker is competent, the only way to "clean" a deeply
> > compromised machine is to reformat the drive and start from scratch.
> > The truly paranoid will question whether just formatting the drive is
> > sufficient.
I would agree with this. W95.CIH was one such virus which form
Just throwing an idea out here
On many systems, with more advanced users but less memory, I set the
Help and Support service to 'manual' start. This prevents the service
from being loaded on boot (about 30mb of memory saved, IIRC).
Does this affect these exploits?
N.B. There is a side effect
Policy is policy.
If the policy is to be ignored, then so can your copyright signs, any
security notices you put on your e-mails to do with
anti-theft/anti-eavesdrop or whatever else posted anywhere else.
There is no better way to express this issue than, if it gets
overruled then it will make a
Um, log & grep?
On Tue, 28 Dec 2004 20:48:05 +0100, Przemyslaw Frasunek
<[EMAIL PROTECTED]> wrote:
> Hello,
>
> I'm experiencing recently strange crashes of named 8.3.7 (shipped with FreeBSD
> 4.9). It never happened before, but since last saturday, it occured five
> times.
> Named suddenly sto
Everyone else on gmail and with other good MTA filters getting these?
Thought it is interesting to note that so many (other people's)
addresses are being sent out in the probe...
- The following addresses had permanent fatal errors -
<[EMAIL PROTECTED]>
(reason: 550 Error: Message co
I agree wholeheartedly.
On Mon, 27 Dec 2004 10:05:55 -0500, Mary Landesman <[EMAIL PROTECTED]> wrote:
> While I feel great compassion for the deceased Marine's father, I do not
> believe that grief should override security, privacy, terms of service, and
> good judgement. Any email Justin Ellswor
On Thu, 13 Jan 2005 10:31:54 -0500, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> On Thu, 13 Jan 2005 13:04:21 +0100, vh said:
> > On Thu, 13 Jan 2005 03:15:52 -0500 [EMAIL PROTECTED] wrote:
> > > One has to wonder which tabloid will win the bidding war for the pics. ;)
> >
> > Why was Mitnick jai
I find it most amusing to read why they claim to be able to justify
making the service free:
"Free?
Yes, Ringo is a free service. The costs of running it are pretty low,
actually. We have no plans to charge our users for this service. We
plan to pay for the costs of operating the service by puttin
On Thu, 24 Feb 2005 23:26:36 -0500, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> I don't think this is at all easily solvable - when the X server starts up,
> the
> card is probably in console mode using the VGA emulation, which is pretty
> brain-dead and doesn't touch much of the card memory (w
[complete snip]
What amazes me most having read this whole thread, is not so much that
a server may have been hacked; this happens if you gain enough
attention from the wrong people and do not build your systems hard
enough (like people in a failing company).
I am amazed that a forensics box was
72 matches
Mail list logo
