Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scanners

Joe User wrote: Now what are the top 15 security scanners that admin's use? Top 75 Security Tools (included are scanners) http://www.insecure.org/tools.html But I digress... you can get them all on a bootable Linux-based CD http://www.networksecuritytoolkit.org/nst/index.html Sweet : ) Rick Up

Re: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011

Exibar wrote: You might have a point there with your box Curt ;-) But, Windows has a nice little utility that will patch you system for you and pop up a nice little box near the clock that says system patched too... Windows Update works quite well actually. Now if it was only turned full on by

Re: [Full-Disclosure] PHPNuke

Alerta Redsegura wrote: >>Please tell me "what version of PHPnuke is secure ?" > > > Is there *any* secure version of PHPnuke? Nope and PostNuke is not much better... http://www.xaraya.com/ is the end result of people getting tired of PHP-Nuke and PostNuke

Re: [Full-Disclosure] BugTraq Speed

Rainer Gerhards wrote: >I wonder if someone else is sharing this experience? Yes. I quit reading bugtraq because I have a better chance of reading it on MSNBC first in most cases ___ Full-Disclosure - We believe in it. Charter: http://lists.netsy

Re: [Full-Disclosure] RE: BAD NEWS: Microsoft Security Bulletin M S03-032

Bergeron, Jared wrote: >In our testing we found that Virusscan 7 caught this, however Virusscan 4.5x with the latest DAT did not. In our testing we discovered that McAffee caught it, but the user was prompted to respond with some action. By the time one had read the warning text, the .exe ha

Re: [Full-Disclosure] Internet Explorer 6 DoS Bug

[EMAIL PROTECTED] wrote: >Hi, >I found a bug in IE6 ón Windows XP with all Service Packs and Patches installed: Freezes IE 6.0.2800.1106 on Win2k SP3 with only 26 Critical Updates needing to be installed and 10 Windows 200 things at windowsupdate.com ___

Re: [Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon UDP Port 1026

Roy S. Rapoport wrote: >You're a little behind the curve -- blocking outbound port 25 is >becoming more and more standard, especially with some of the larger ISPs >(e.g. earthlink) as a spam-blocking measure. I think you meant so say: "as a futile attempt at a spam-blocking measure". __

Re: [Dshield] Re: [Full-Disclosure] Windows Messenger Popup Spamon UDP Port 1026

Johannes Ullrich wrote: >Well, blocking port 1026 is probably not such a great idea. But >why would a non-windows user suffer if port 135-139 & 445 is blocked? For example smoothwall firewalls (Linux) require https on 445 but that is not the point. The point is I don't want my ISP to start block

waste of time (was Re: [Full-Disclosure] Administrivia: Poll)

Len Rose wrote: >I've created a poll to address this "Morning Wood" issue. >Quite a few people have been contacting us in regards to >his behavior on the list and needless to say no small >number of people have left the list because of recent activity. His behaviour is not an issue, unless we choo

Re: [Full-Disclosure] [sean@donelan.com: Symantec detected Slammer worm "hours" before]

- Original Message - From: "Len Rose" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 13, 2003 9:48 AM Subject: [Full-Disclosure] [[EMAIL PROTECTED]: Symantec detected Slammer worm "hours" before] > Wow, Symantec is making an amazing claim. They were able to detect >

Re: [Full-Disclosure] Epic Games threatens to sue security researchers

- Original Message - From: "Georgi Guninski" <[EMAIL PROTECTED]> To: "Thor Larholm" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, February 11, 2003 1:54 PM Subject: Re: [Full-Disclosure] Epic Games threatens to sue security researchers > I am not aware of such industry standar

Re: [Full-Disclosure] AOL refuses to help AIM users

- Original Message - From: "ATD" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, February 03, 2003 6:20 PM Subject: [Full-Disclosure] AOL refuses to help AIM users AOL does not care about AOL's paying customers. What makes you think t

Re: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release

- Original Message - From: "Richard M. Smith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 29, 2003 1:24 PM Subject: RE: [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release > >>> One problem with anyone making private exploits is t

Re: [Full-Disclosure] BlueBoar - 'Evil' Vendors Strike Back

> This seems to be equivalent to saying the policemen are the cause of > evil in our society. If everyone was a law-abiding citizen, they > would be out of business, so they actually encourage crime. 3 words: "war on drugs" ___ Full-Disclosure - We bel

[Full-Disclosure] OT Reporting possible abuse without actual proof?

gdoing. As of right now, I haven't reported it anywhere but here. Any thoughts? I mean If I am wrong, I don't want to publish lible about, or spread slander about anyone. Rick Updegrove ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] UN support for "security by obscurity"

> - Original Message - > From: "Brian Hatch" <[EMAIL PROTECTED]> > To: "Richard M. Smith" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, December 06, 2002 5:10 PM > Subject: Re: [Full-Disclosure] UN support for "security by obscurity" > > > In the computer world we say relyin

[Full-Disclosure] Re: XSS in Postnuke Rogue release (0.72)

- Original Message - From: "Muhammad Faisal Rauf Danka" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 10:49 PM Subject: XSS in Postnuke Rogue release (0.72) > On postnuke’s own website this issue is handled very > e