Paul Laudanski wrote:
On Sat, 25 Dec 2004, Raistlin wrote:
Juergen Schmidt wrote:
Hello,
the new santy version not only attacks phpBB.
How would these two worms react to classical hardening tips such as PHP
Safe mode and noexec /tmp ?
For this particular strain it would certainly help, but that
James Tucker wrote:
Frankly the ability to bypass any authentication procedure by a series
of button presses is plain bad software design, period.
If you don't believe me, go watch any hacker film and see how
Hollywood shows most hackers gaining entry to systems. Sure, sounds
stupid if its not a
morning_wood wrote:
.. molded cdroms..
( i assume you mean pressed cdroms like MsWindows or Doom3 that you buy)
do you even know how they are made?!?
.. you cant burn more data on a molded cdrom, as the
reflective layer is not only not burnable, but never was burnt to begin
with.
but thanks for
Todd Towles wrote:
Did the charter say something about political messages?..please take it
off the list guys if possible...
Actually, I thought that particular post was in the spirit of the list...
It seemed to me to address technologies and methodologies.
I didn't think that it dwelled on party
DanB UK wrote:
Hi,
NO-ONE outside AMERICA gives a bloody SHIT about the American election
crap! Keep it OFF LIST!
FUCK THE HELL OFF!
[snip]
But on the most I concur, this list is NOT about the American
election. I'm sure there are lists elsewhere for that.
Actually, I use thunderbird and have a
Berend-Jan Wever wrote:
Hi all,
Wanna do a quick test to see if the programmers that wrote your windows operating
system have any clue as to what there doing ? Run these commands from cmd.exe in the
system32 directory:
for %i in (*.exe) do start %i %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
for %i
Marc Ruef
Viruses and worms that spread as mail attachments are filling our
inboxes day for day. Most of this nastly little monsters are able to
generate random or faked from addresses.
I receive dozents of automaticly generated notification mails that
presume I sent a not allowed
Actually, I am really glad of this thread.
Its evidence that something between me and the list
is filtering out viruses.
My ISP *swears* that it isn't them.
I have seen evidence of this sort of thing elsewhere;
email attachments that vanish without a trace.
You'd expect maybe large attachments
[mailto:[EMAIL PROTECTED] On Behalf Of Tim
Sent: Monday, 1 March 2004 18:33
First of all, why would you do this? Secondly, it won't work
because the
port will simply tell you that it's already installed and suggest
you
uninstall the previous version first.
Well, it didn't used to.
[mailto:[EMAIL PROTECTED] On Behalf Of
martin f krafft
Some of them (debian comes to mind) even set up services
like mysql to run in *single*user*mode*;
not true.
I've seen it. I trust the evidence of my senses. It was an older debian
install though.
debian even brings up networking
which many would not hesitate to laugh at. However windows
server 2003 does not by default load unnecessary services.
So MS is doing what UNIX did from the start 20 years ago.
Sadly, this is in decline in the Linux world;
Most of the nice, friendly, easy to use package management
[mailto:[EMAIL PROTECTED] On Behalf Of
gabriel rosenkoetter
[snip]
Oh, give me a break. Some developer went, Oh, hey, I'm not bounds
checking there. Okay, fix that, and the changes filtered out into
the release of IE.
I'm curious. As a non-C programmer, is there ever a reason to
*not* do
I would like to remind the list of this thread;
http://www.netsys.com/full-disclosure/2003/03/msg00148.html
Are we going to have to make arrangements with that militia
group in Wisconsin this time?
;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
[snip]
On Fri, Feb 13, 2004 at 12:29:25AM -0500, James Patterson
Wicks ([EMAIL PROTECTED]) wrote:
The Button
[snip]
your eyes to glaze over. Let us examime one of these items. For the
sake of history (which so many seem to
From: Michal Zalewski [mailto:[EMAIL PROTECTED]
On Fri, 13 Feb 2004, Steve Wray wrote:
Actually, isn't that what DRM is all about?
No, not in the real world.
Sorry that was actually a bit of a facetious joke;
DRM (Digital Restrictions Management)could,effectively,
make DRM compliant
Has anyone tried to replicate this from Windows?
(ie create a windows batch file which does the
same thing)? Or is the windows batch file language
too restricted to allow this sort of script?
Forgive my windows ignorance...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Oh crap.
For the pedantic;
ok ok, wireless networking is out too, ok?
I wrote:
[snip]
The ability of nasties to get from the clean room to machines
on your LAN or the internet should be limited to the capacitance
of thin air. No wires.
___
[mailto:[EMAIL PROTECTED] On Behalf Of
Paul Schmehl
--On Saturday, January 31, 2004 12:25 PM -0500
[EMAIL PROTECTED]
wrote:
On Sat, 31 Jan 2004 12:03:37 +1300, Steve Wray
[EMAIL PROTECTED] said:
What worries me is we haven't seen *either* an actual damaging virus
(imagine
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
first last
Given that its possible for a program to detect that its
being run under a debugger,
wouldn't it be possible for a virus to behave differently in
the debug environment?
Yes. But todays computer viruses
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
first last
[snip]
IIRC there are viruses that are encrypted and are almost impossible
to disassemble?
Would that be true?
Sobig.F was packed with tElock. It's a PE file protector. It
encrypts the program's code and
[mailto:[EMAIL PROTECTED] On Behalf Of
Henrik Persson
On Thu, 2004-01-29 at 16:06, Clairmont, Jan wrote:
The guy who wrote this virus and/or unleashed it should not
be too hard to track down. One, they are a Forth programmer, old
school.
I once met the Guy who invented Forth('83) and
Randal L. Schwartz
[snip]
PLEASE MAKE SURE that it doesn't send email responses.
I'm getting 500 mydoom an hour. I can filter those.
I'm getting 1500 AV-responses an hour. I can't filter those.
H surely these AV responses could be trained into spam filters?
--
Randal L. Schwartz -
[mailto:[EMAIL PROTECTED] On Behalf Of Gregh
- Original Message -
From: Bill Royds [EMAIL PROTECTED]
[snip]
What you describe is actually one of the reasons for some
of the flaws inMS software. It was built with the assumption that
the only
machines on the network that it would
[mailto:[EMAIL PROTECTED] On Behalf Of
Paul Schmehl
[snip]
We expect people to change the oil in their cars regularly.
Why don't we expect similar behavior in the computer world?
Would you blame OpenBSD if a user got hacked because he
hadn't bothered to patch?
The car analogy is a
from Steve Wray in August 2003
about bzip2
bombs and the possible DoS against antivirus-software:
http://lists.netsys.com/pipermail/full-disclosure/2003-August/
009255.html
We found that this is still an issue, especially we found
that one vendor
detects bzip2 bombs by pattern (2 GB
O on topic (WRT thread) but flame me all you want for
'list charter' violation...
The best suggestion I've heard yet is for people around
the world to send their local US or UK ambassadors a christmas
present consisting of an empty plastic bag labelled as;
Authentic scale model of Iraqi
Ok I mailed someone privately about this but as its being reported
by others, yup, I have been getting about 4 identical copies
of some posts.
Different message ID's; other headers are munged by fetchmail.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
[snip]
Yeah, that's exactly what I needed to know. I have about 5 email
accounts that I regulary check, but some SPAM came in this way and was
hard to determine which account it went to. By checking the received
header more carefully I was able to determine it. When the
hell are we going
I think that people are just misinterpreting Microsoft;
The most important security concern for them is, and always
has been, financial security.
When they say that security is their number one priority
*that* is what they mean.
-Original Message-
From: [EMAIL PROTECTED]
Yeah the patch doesn't even work; any 1337 HaQQoR could
easily just rip the square patch of gaffa tape right off
of the switch and then DoS my bOx easy as!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, 31 October
Warning, possibly off topic content.
(But doesn't security start with the first lines of code?
or even before?)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Bill Royds
Sent: Thursday, 30 October 2003 1:07 p.m.
Actually proveably correct is not that difficult if you use
Sure they could possibly find other ways to write insecure code,
but the issue is not whether its possible; of course its possible.
The issue is the relative difficulty of writing insecure code.
In C, to write secure code, one might have to re-implement a huge array
of data types and so forth.
And, contrary to one other post on the topic,
it shouldn't be to hard to perform a trial run;
If one made the worms code modular enough
that one could plug in a variety of victim finding code
stubs.
This way, one could plug in a fixed list of targets,
(which one owned oneself so that one could
What if people developing worms do small test runs
before the final release?
The ATT approach might not work if the developer
was testing it on a private network, but if they
used a small collection of zombies on the internet
to test it out and see how well it works,
conceivably it could be
.
To: Steve Wray
Subject: thank you
You are a piss head for hacking my site and informing my isp !!! Fuck
you nigger.
if your a man you should come here and tell me in my face
A man needs to make a living you know, Now you think my isp is going to
do something to stop me ?
FUCK YOU
Nice try. I have
Initially it looked like a security issue, especially
if you look at the site with its references to hacking
and investigation.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Sage
Sent: Wednesday, 15 October 2003 6:23 a.m.
To: [EMAIL
How long do you have to hold the mouse button down for?
I see no effect after about 30 seconds then I got bored...
Tried in outlook and wordpad. In fact the 'ambient' CPU useage
actually appeared to flatten out.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Ok... so this means what? That MS developers thought
that the rand(om) function should return repeated
identical sentences?
This would explain why theres no salt in windows password
encryption.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Rainer
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Michal Zalewski
On Sun, 28 Sep 2003, [EMAIL PROTECTED] wrote:
[snip]
You can't do it particularly easily just by configuring local built-in
firewall on each box. Or, you can, but you have no easy way
to maintain and audit
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Frank Knobbe
On Mon, 2003-09-29 at 17:24, Rodrigo Barbosa wrote:
[snip]
In both cases, Windows and Unix, the role of the admin is
important. But
take the admin out of picture for the moment and just compare Unix to
Windows
Its a mail client issue; doesn't happen if you click on
a link from Internet Explorer.
Interestingly enough, the people who have responded with
positives so far appear to be Outlook or Outlook express
users.
Your mail headers don't exactly give away your own mail client.
What would it be?
Ok I went there and no crash!
:)
Heres the html that I created to test the principal as
well.
My MSIE is 6.0.2800.1106.xpsp2.030422-1633
I only experience the crash when clicking in Outlook 2002.
[snip]
Its a mail client issue; doesn't happen if you click on
a link from Internet Explorer.
So why is it that visiting the page directly from MSIE
from html like this;
html
head
/head
body
a href=http://www.galad.com/extras/cg/cg.htm;crash/a
/body
/html
I get no crash?
But clicking through from outlook I do?
Ie; clicking from outlook = crash
clicking from IE = no crash
clicking from
I'd agree but I'd need to add something to that...
Its also the responsibility of
'the person or orginization that connects to a hostile enviroment'
to make some decent effort to reduce the level of hostility
in that environment.
Hostility is neither the enemy of nor an effective counter or
filtered it out!!!
So, for those that want to see what happens here it the
file. This time.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
William Warren
Sent: Friday, 29 August 2003 1:01 p.m.
To: William Warren
Cc: Steve Wray; [EMAIL PROTECTED
I'm just going to snip out all the previous stuff
because really this isn't strictly following on
from it, but is related.
*If* you are going to implement an AV system
on your servers to filter incoming mail for
viruses then you need to make sure that its
properly configured. Obviously.
And
Well best... but not impossible to do it at the
firewall; you can do string matching in iptables (Linux).
You might need a powerful computer and fast NICs
tho otherwise performance might be a bit bad!
;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Yeah so if it went moderated, it could
stand for 'Full Un-Disclosure'
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Nik Reiman
Sent: Saturday, 23 August 2003 4:12 a.m.
To: barry jaffe
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] [FD]
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Andre Ludwig
rant
I nominate this thread most useless thread EVAR!
With that being said, can you guys please move on, and repeat
after me. CERTS MEAN NOTHING!
Unless you are trying to get a job and the only thing the
Its invaluable to be able to get access to some of
these binaries, for development of IDS sigs and so forth,
to give just one example.
I would hate to see a blanket ban, however if it were possible
to have attachments stored on a website and the email
attachment replaced with a link to the binary
Schmehl, Paul L wrote:
I just curious how you geniuses would solve this problem.
You have a
[great big snip]
What *kind* of Internet access? Any reason I can't put a
firewall or proxy
of some sort between it and the Internet? Maybe an IDS
running as a router?
Presumably it has
Besides, most cable modems are bridges.
It'd be hard to do NAT routing on something with
no IP address itself.
ADSL modems often have this sort of facility but
it has to be set up by someone competent; they don't
usually come enabled by default.
-Original Message-
From: [EMAIL
Interesting topic though, is it possible to
*destroy* computers remotely at all?
Destroy the hardware, that is.
In the case of a rack *full* of Dell servers,
I imagine that turning all the fans on full
power would generate enough thrust to push
the whole thing across the machine room floor...
:)
Maybe the moderated list should be called
Full Un-Disclosure or FUD.
Oh... wait
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
Sent: Thursday, 19 June 2003 2:01 a.m.
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Re: Administrivia:
How about getting some militia group in Wisconsin
or somewhere to look after it?
Just tell them that its material the federal government
doesn't want people to see and they'll post a round-the-clock
armed guard!
;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Watch out for cruise missiles and CIA wet boys...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Len Rose
Sent: Tuesday, 18 March 2003 9:19 a.m.
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Administrivia: Pressured to delete
archive entry
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Morgan Marquis-Boire
Sent: Thursday, 27 February 2003 1:44 p.m.
To: Steve Wray
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Cryptome Hacked!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Why would John
From the group charter:
Politics should be avoided at all costs.
So discussion about the discussion of politics is ok
but discussion of politics is not?
8-/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Kevin Spett
Sent: Thursday, 27 February
This form of attack has been implemented in New Zealand
polytechnics for years now, its nothing new!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of mung fu
Sent: Tuesday, 25 February 2003 8:48 p.m.
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure]
[snip]
Because it is an html file proper, Internet Explorer opens it. The
scripting inside is then parsed and fired. That scripting is pointing
back to the same executable file with our original codebase object
from the year 2000 and because it is a self-executing html file, it
executes !
It
On Monday, 24 February 2003, at 15:02:52 (-0600),
H D Moore wrote:
Eterm and rxvt both implement what they call the screen dump
[snip]
followed by the screen dump command.
$ echo -e \ec+ +\n\e]Code;/home/user/.rhosts\a
As you noted, this is no longer possible with the current
Hello to the list!
I have recently been experimenting with a diskless,
network booting bastion with root over NFS.
One advantage I have found is that Host-based IDS
can be run on the NFS server not the bastion.
This means that filesystem changes made by
an intruder can be spotted, and reversed,
ok so how about some sort of 'driving test'
for internet access?
Proposed Scenario;
ISPs will give you unfiltered internet access if you can
pass a basic test demonstrating your ability to stop your
machine from being used to mess up internet access for others.
(Ok so MS engineers would probably
But if things carry on the way they are, ISPs are going
to be required, by law, to restrict access to the internet.
Once upon a time, the internet community was a closed circle,
if someone on the internet released a worm or something
that closed the net down, it only affected that small
circle of
So demonstrate to your ISP that you are competent.
Whats wrong with that?
And if someone isn't competent and doesn't get an
open pipe internet connection and doesn't get their
IIS server infected with nimda W HOOO FANTASTIC!
-Original Message-
From: [EMAIL PROTECTED]
, 10 February 2003 2:48 p.m.
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] SQL Slammer - lessons learned (fwd)
Steve Wray wrote
So demonstrate to your ISP that you are competent.
Whats wrong with that?
There is a lot wrong wit that. Maybe not at first sight.
Why should I prove
One word. Ok two;
Driving Test.
Do you have a driving license?
Did you buy it from a shop or did you have to demonstrate
an acceptable level of competence?
Who administers it?
Holy Crap. You've got to be kidding. What an insane analogy.
Totally, to most of your comments.
But
67 matches
Mail list logo