-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Kenton Smith
Sent: Thursday, March 11, 2004 11:50 AM
To: [EMAIL PROTECTED]
Cc: Full Disclosure; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Caching a sniffer
I skimmed through some of the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Kenton Smith
Sent: Thursday, March 11, 2004 11:50 AM
To: [EMAIL PROTECTED]
Cc: Full Disclosure; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Caching a sniffer
I skimmed through some of the
Are these guys nuts? I'm not sure if this is a good
idea or not.
Oddly enough, this *has* been discussed...at length.
That doesn't mean that it's not worth discussing
more...
It's a bad idea for a few reasons. First, you don't know where the attacker
is. Just because packets are
NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED
found this interesting...
\win2k\private\inet\mshtml\build\scripts\tools\x86
iexpress.exe
signcode.exe
makecert.exe ( DigSig.dll )
( in fast food voice ) and who would you like your package to
be certified from today sir?
Do us all a favor kids, tell your email admins to configure the MTA to not
send a reject notice UNTIL the source as been verified via reverse lookup. I
am getting 3-4 times the reject notices than I am getting the damn virus
which means I will start dumping rejects to /dev/null so that I don't see
How do I get BS 7799 / ISO 17799 certified? Googling gave me
some results on the standard but none on how to be a
certified auditor.
Also, how does CISA compare with BS7799/ISO 17799?
*You* don't get ISO 17799 certified. Your *organization* does (or may).
Checkout
So, then I have to ask here; do you or anyone
else know of a security incident that compromised the
perimiter guarded by one of these blackboxen?
Yes, I did. Through the transparent HTTP application proxy in version 4.1,
as I stated in an earlier email but...
And I'd direct
folks to the
Basically, version 4.1 failed to do actually do HTTP syntax checking
making
the HTTP proxy a generic proxy in function. So all the HTTP protocol
violation style attacks weren't blocked at all. Proved it using tools
off
packetstorm. Told SCC about it and proved it to them as
well. Then
[Observation stolen from nanog.]
Windows Update uses ActiveX Controls and active scripting
to display
content correctly and to determine which updates apply to
your computer.
---snip---
What the hell are you people thinking?!
Try configuring the trusted zone in IE, set your
The reason behind it is because they just call me, and I can
sit something on
their borders to go thru the internal network and clean all
the machines
remotly. Then block port 135 137 and its done. The only
time they lost was
the time it took me to get there +10 minutes.
Answer:
3Com makes a dial-up router and Nexland makes a dial-up router/NAT box. You
can still probably find Ascend, now lucent, dial-up routers on eBay. Ok,
these are techinhcally not firewalls, but suffice for most home users.
I used a 3Com router with an included v.90 router for several year before
with a lock, the primary purpose of it is
security -- it has no other purpose.
Everyone gets this wrong.
Including you. :)
The purpose of a lock is not security. The purpose is to
force unauthorized people to use an alternative entry point
such as a window or an axe.
Nope. The
Along these lines, if the C programming language had a proper
string data type from day one, buffer overflows would be much
less common today.
Not to get into a religious argument over this, but if programmers did
proper data scrubbing and bounds checking regardless of the language,
i vote morning wood stays, i see
nothing what so ever wrong with his post. full disclosure is
meaningless with out a cultural background and without
understanding the legal system of whatever country they
happen to be in.
No sport, read the charter; specifically Acceptable Content. I
Morning Wood is not even
a good example of a list troll, since he sticks his neck out
to offer on-topic info from time to time.
I think the message is clear that people are annoyed at the off-topic
speech. morning_wood just happens to be a recent exmaple.
The name of the list is
15 matches
Mail list logo
