On Tue, 25 Jan 2005 14:38:30 -0600, Curt Purdy <[EMAIL PROTECTED]> wrote:
> The problem with terminal server is not any vulnerablities that can be
> exploited, but the fact that administrator can be bruteforced (6 attempts
> followed by reconnect) and that it is screaming its existence on port 388
> Saying that no teenager can be reformed is like saying you
> can't change your mind about what to eat for dinner. I have
> over 13 convictions and have been in prison as well as spent
> more than my fair share of time in county jails.
> However, that has been 10 years now and I am integrated
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Nick Jacobsen
> Sent: Monday, September 20, 2004 10:11 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Full-Disclosure] Scandal: IT Security firm
> hires the author of Sasser worm
>
> Does it not str
> How will those investments help? Oh, I know they put in some
> money to Apple once, but that was because if Apple went,
> there was no question of M$ being a monopoly. OTOH I don't
> remember M$ investing in Linux. Nor do I remember M$
> investing in any other office suite. Sure, they invest
> Exploiting this issue requires the ability to overwrite
> existing files wich have a trusted or non-existant ZoneID.
> Right now there is no known way to achieve this in an attack
> mounted from the Internet.
Ok. So if I have the ability to do that, isn't it safe to say that I already
contro
>The problem with M$'s patches/updates/fixes/sp's is that they assume
they know better >than you what the settings should be, and without asking
they override any current >settings.
No it doesn't. It mirrored the ICF firewall settings I already had in place
on every machine I put it on
> Finally and once more. These are tools. There should be no
> sides here. This isn't a religion. It seems many IT people
> have given up deity religions but seem to need to believe in
> something in an insane fanatical way so they pick an OS. That
> is still a little on the kookoo side in m
ly put my
money on Symantec. I don't have anything against them particularly, but I
think they are very close to the edge, as this quote indicates.
- --
Jonathan Rickman
Key ID: 0DF501FF
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBP2CWVjTwrX0N9QH/AQFJKQgAr4yad0
dows
> is he violating my rights
No.
> and should all the lawyers be disbarred ?
No
> is this a security issue ?
No.
Weak troll if you ask me.
- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
iQ
the author to take note of such fundamental flaws in
his or her logic suggests that they have no business doing anything, much
less volunteering to correct the world's problems. Of course, this could be
a deliberate cover-up...but somehow I think it's just another security
cowboy tryi
-BEGIN PGP SIGNED MESSAGE-
I've seen several reports that suggest that SUS is pointed to
windowsupdate.com and is now broken due to the missing DNS entries. I don't
have it installed anywhere to play with it. Can anyone confirm?
- --
Jonathan Rickman
X Corps Sec
On Friday 15 August 2003 07:03, B3r3n wrote:
> msblast start now on far eastern countries. We have a site in Auckland
> and so I'll know soon if our DNS to localhost protection is valuable.
It is irrelevant now. MS has removed the DNS entries for windowsupdate.com.
--
Jonathan Rick
nd networks. How could they
not know?
- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBPzj1ZTTwrX0N9QH/AQEG3ggAuk5/AMwKGfHIc9ZOY0c0p19KT+9K9gXQ
KRSCA5+bK5XQCdzdA++gmHobbQayi90/IwK9BdmyFl9qRISGSUEBnZa/wjpNJt/3
Nf
his employer? It's pretty damn easy to
sit behind a curtain of anonymity and take cheap shots, but it also gives
you zero credibility.
>
> Think about it.
You first.
- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net
-BEGIN PGP SIGNATURE-
Versio
ion and good wholesome entertainment to boot. I subscribe
to both, and will probably continue to do so. But, if I had to drop
one...Bugtraq would be gone.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
___
Full-Disclosure - We believe in it
ases to exist. You
could argue the point until you're blue in the face, but it's tough to
prove either side.
- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net
-BEGIN PGP SIGNATURE-
Version: PGP 6.5.8
iQEVAwUBPj/M3zTwrX0N9QH/AQGh+wgA0l9viuLPEerfrAcQKci2kmrfai2sJP7W
7B
e binded daemon port only"
Are you saying that it's set up the way I described in the paragraph
above?
Once again, I'm not being critical...just trying to get through the
language barrier.
- --
Jonathan Rickman
X Corps Security
http://www.xcorp
't post it. Honestly, and I'm not
trying to insult you, this is probably something you should keep to
yourself. The odds of you making an ass out of yourself seem pretty good
at this point. Anything's possible, but what you're describing sounds far
fetched to me. But hey,
7;m an idealist,
but good software trumps a good firewall ruleset 8 days a week.
- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net
-BEGIN PGP SIGNATURE-
Version: PGP 6.5.8
iQEVAwUBPjtU7DTwrX0N9QH/AQFYsAf/VnEizkSvx9XefNQ8p2h2n8/9doyOtNGn
dHssyUZaouc4uGphN/Ap4m0wYuRsXJns
please accept my heartfelt thanks for contributing to the noise, further
reducing the ratio.
Everyone else,
If you decide to unsubscribe, do us all a big favor and just STFU and do
it. Don't talk about it.
- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net
-BEGIN PG
), because we'll
probably have to look elsewhere for information regarding Symantec
products...at the very least. Of course, I don't know that they are
actually taking this stance, but I can't say I'd blame them for taking it
if they did.
- --
Jonathan Rickman
X Corps Security
ht
marked Off Topic in the subject line. Just
hit delete if you don't want to read it.
> I don't want to believe that this list is starting to get spammed by
> off-topic poetry posts. It's already second one!
Second one in how long?
- --
Jonathan Rickman
X Corps Security
http://
22 matches
Mail list logo