> For lack of a better name -- after all, this is a technology
> that has hardly been investigated -- I refer to this as
> integrity management.
> Basically you turn known virus scanning on its head to have
> the on- access scanner only allow known good code to run,
> rather than trying to do
Title: Re: [Full-Disclosure] Terminal Server vulnerabilities
>> But I would point out something much more important :
there are many>> more local exploits than remote (on Windows just like
any other OS). Local exploits : about 1-2 a
month>> * POSIX - OS/2 subsystem exploitation>> * De
This is potentially the patch:
http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Florian Weimer
> Sent: Tuesday, 14 December 2004 9:54 a.m.
> To: James Lay
> Cc: Full-Disclosure (E-m
There's an outstanding security issue with WINS on Windows servers - TCP
port 42 is the WINS port.
Cheers
Stu
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of James Lay
> Sent: Tuesday, 14 December 2004 2:47 a.m.
> To: Full-Disclosure (E-mail)
>
> On Windows XP all releases, when you replace, or change the
> screensaver displayed on the login screen with a specially
> crafted version designed to execute programs, those programs
> are launched under the SYSTEM SID, IE: they are given
> automatically the highest access level avalible
Title: RE: [Full-Disclosure] IE is just as safe as FireFox
>Unfortunatly, ms group policy do not handle mac, solaris, linux, ...
>only ms toys can be configured using this. I also think it is somewhat
>new and will probably be old (why don't you use this miracle ms tool
>named: sorry, this
Title: Re: [Full-Disclosure] IE is just as safe as FireFox
> Can the Firefox settings be controlled
centrally?>Yes, and more flexible than IE versions zoo at user computers.
Download>a Firefox ZIP (not Firefox_Setup_1.0.exe but Firefox 1.0.zip),
unpack it>to R/O share on file server, edit
>
> I wonder why somebody would branch just to do performance
> improvements?
Because people want their browser to perform quickly?
> Why not just work with the mozilla team and apply the changes
> to the source tree? It's not like he's adding features and
> the team didn't want them because
>
> So the question is, is a pc / machine connected to another pc
> via serial cable only using specialised windows software to
> move data to the machine at all vulnerable to viruses? Can
> they transmit themselves across a serial cable?
>
It all really depends on how transport independe
Haven't seen that behaviour on any of the SP2 boxes I've
been involved with. You haven't got some application running in the
background that's "stealing" focus have you - maybe some AV software or
something like that that loads at startup?
From: [EMAIL PROTECTED]
[mailto:[EMAIL P
>
> hello,
>
> Please note the fact, i've just tested it with IE and firefox
> .9.3 on windows XP with intel VGA and the system reboots with
> a fetal error.
>
> There have been reports the exploit doesn't triggered via. a
> Opera Browser.
>
Doesn't work on Firefox 0.93 on Windows XP SP2 wi
The CLSID one doesn't work at all under XP SP2 Beta RC2. The CLSID is registered on my machine as an HTA. File extension is show regardless of whether you have
view file extensions turned on or off.
Cheers
Stu
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goo
>
>
> Paul,
>
> If I'm understanding you correctly you don't understand
> Linux/Redhat. Or your just being silly to make a point.
> sendmail, wftp , php, etc.. are not owned by Redhat. Each of
> these applications are owned buy someone else and Redhat is
> allowed to re-distribute them.
Ye
>
>
> Having all the configs as text files in /etc works fine for
> Unix-like systems. You can use any editor to look at the
> config - no need for some proprietary editor (regedit).
> Automating config changes is as easy as writing a simple
> shell script. Each config is named after its a
> >
> > [SNIP}
> >
> > >
> > > The second one, I concur completely, get the App stuff out of the
> > > Windows folders.
> > >
> >
> > Which includes IE.
>
> Actually, just doing that one *alone* (splitting it out so it
> isn't entwined into the OS) would probably do more than
> anything
>
> How about changing the ".exe" convention? Making a file
> executable by it's "extension" probably causes a lot of
> opportunities for problems, doesn't it?
>
> Also, the magic file names, like "CON" and "AUX" should go away.
>
No way! Am I the only person who still uses "copy con fil
> All the features required of mature operating systems were
> added as an afterthought and not designed in. Such things as
> memory management and file access control
They've been designed into the Windows NT based OS from the start.
> on a single user/single process/non-network OS. To main
>
> > 3. If it is a port-related threat, find out if such ports
> are in use,
> > and if not, make sure they are closed. (Of course there would
>
> Once the virus is on the LAN it can do whatever it wants.
>
Not quite. Anyone here using IPSEC filter group policies to block the ports
that Sa
>
> > > 2. If a patch cannot be installed, find workarounds
> >
> > That does not work with the workarounds customer need to facilitate
> > life (security <> easy of use, remember)
>
> In the particular case of Sasser, workarounds indicated in KB
> 835732 and/or making sure TCP 445 is closed to
For those servers that break when you apply MS04-011, there's a KB article
that describes what to do to work around it.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841382
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Chris Scott
> > > Question: Should admins be using security
> > scanners?
> >
> > Someone should be. Admins should be to confirm that their
> environment
> > is in the state that they believe it to be.
>
> I guess we'll have to agree to disagree. In my experience,
> the guy who set a system up shoul
I think you're oversimplifying things a little. Comments inline.
>
> But there's also another way to look at the original
> comment...security is a process. Running a vulnerability
> scanner isn't a process...it's a point-in-time check, a
> snapshot.
But running a security scanner could w
And some more things for you to think about
>
> Just some things to think about...
>
> > Top 15 Reasons Why Admins Use Security Scanners
>
> Question: Should admins be using security scanners?
Someone should be. Admins should be to confirm that their environment is in
the state that they bel
> also sprach Richard Hatch <[EMAIL PROTECTED]>
> [2004.03.24.1110 +0100]:
> > Take a team of really really good C/C++ coders with
> excellent security
> > vulnerability knowledge and have them go through the source
> code for
> > windows (starting with the core functionality and internet fa
> -Original Message-
> From: Gadi Evron [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 23 March 2004 4:27 p.m.
> To: Stuart Fox (DSL AK)
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] viruses being sent to this list
>
> -BEGIN PGP SIGNED MESSAGE
>
> | I vote to take you off this list. Talk about S/N ratios.
>
> Lucky for me than, that this is FD. Anybody can talk here and
> say whatever they like.
>
> This is what it states in the list charter.
>
> Just like any Microsoft sucks rant, or "die b*tch" flame, my
> emails are acceptabl
I assume that there's detailed analysis somewhere of the information that it
sends back? I'd be interested to see it.
Cheers
Stu
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Tobias Weisserth
> Sent: Tuesday, 23 March 2004 11:48 a.m.
> To: [
>
> Come on Microsoft. How about putting together a single file
> that contains all the "critical" security updates since the
> last service pack for a given OS?
How about every time they release a fix, they also release a rollup, so you
can either download the individual fix, or all the fixes
28 matches
Mail list logo
