-Original Message-
From: Eric Schultze [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 13, 2004 12:25 PM
To: Patch Management Mailing List
Subject: New Microsoft Security Bulletins and patches released
7 new bulletins, at least one of which is Critical
approximately 22 individual patche
Depends on how Microsoft fixed IE. If they
did the same thing as the ADODB patch from last week and just focused on the Shell.Application
variant instead of the code IE problem, then it won’t stop this WSH
variant by L33tPrincess. Which I must say is a sweet name. =)
-Original Me
esn't know. The multiple patches for the same problem with different MS
numbers, it is a sad thing.
-Original Message-
From: Ferruh Mavituna [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 14, 2004 1:15 PM
To: 'Todd Towles'; 'L33tPrincess'; [EMAIL PROTECTED];
[EMAIL
Come on guys, someone that is on the list has a virus. And it grabs the List
address out of the address book and used yours to spoof the sender. It
happens, a lot.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug White
Sent: Wednesday, July 14, 2004 12
WipeDrive3 is a DOD approved (HIPAA, etc) product that I use and it calls
DOD-level wiping 3 passes with 3 overwrites each. Most of the time I use 1
pass for less important information.
http://www.whitecanyon.com/wipedrive.php
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PR
I agree, you should yell about that in private.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kliarsky, Adam
D.
Sent: Tuesday, July 20, 2004 10:06 AM
To: Jos Osborne; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] IE
When did Full-Disclosure change to
So if I post it on Slashdot, and they get the /. Effect. Is the money mine?
lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Clint Bodungen
Sent: Tuesday, July 20, 2004 12:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Hacking Challenge?
Lo
I would call that a Directory Traversal Vulnerability, if it allows a user
to read files that he doesn't have permission to read.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of nicolas vigier
Sent: Wednesday, July 21, 2004 3:00 AM
To: Alexander
Cc: [EMAIL
-Original Message-
From: nicolas vigier [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 9:16 AM
To: Todd Towles
Cc: 'Alexander'; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net
On Wed, 21 Jul 2004, Todd Towles wrote:
> I woul
Sounds like they should have configured that page a bit different...made it
run under a little less access...or said I say..it is a mis-configuration.
=)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Duplito
Sent: Wednesday, July 21, 2004 6:37 PM
To:
set to /sbin/nologin out of the
box. Maybe they should have chosen a better host OS?
G
On or about 2004.07.22 07:49:53 +, Todd Towles
([EMAIL PROTECTED]) said:
> Sounds like they should have configured that page a bit different...made
it
> run under a little less access...or said I say.
north of Los Angeles, a
new wildfire ignited roughly 50 miles to the west, spreading across nearly 800 acres.Video
attached.
Either this is a new Trojan that changes it body and subject
based on the current AP news or someone used a very lame trick against me. =)
Todd Towles
[EMAIL PROTECTED
Message-
From: Curt Purdy
[mailto:[EMAIL PROTECTED]
Sent: Sunday, July 25, 2004 2:07
PM
To: 'Todd Towles'; 'Mailing List -
Full-Disclosure'
Subject: RE: [ok]
[Full-Disclosure] Possible Virus/Trojan
Todd Towles wrote:
> I received
an e-mail today that looked
EMAIL PROTECTED]
Sent: Sunday, July 25, 2004 6:06 PM
To: Curt Purdy
Cc: 'Mailing List - Full-Disclosure'; 'Todd Towles'
Subject: Re: [ok] [Full-Disclosure] Possible Virus/Trojan
On 25 Jul 2004, at 12:06, Curt Purdy wrote:
> Todd Towles wrote:
>> I received an e-mail
uly 25, 2004 6:06 PM
To: Curt Purdy
Cc: 'Mailing List - Full-Disclosure'; 'Todd Towles'
Subject: Re: [ok] [Full-Disclosure] Possible Virus/Trojan
On 25 Jul 2004, at 12:06, Curt Purdy wrote:
> Todd Towles wrote:
>> I received an e-mail today that looked very much like
om: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, July 26, 2004 3:19 PM
To: Curt Purdy
Cc: 'Todd Towles'; 'Mailing List - Full-Disclosure'
Subject: Re: [ok] [Full-Disclosure] Possible Virus/Trojan
On Sun, 25 Jul 2004 14:06:55 CDT, Curt Purdy <[EMAIL PROTECTED]&g
: Edward Ray
[mailto:[EMAIL PROTECTED]
Sent: Monday, July
26, 2004 1:53 PM
To: 'Todd Towles'; 'Curt Purdy';
'Mailing List - Full-Disclosure'
Subject: RE: [ok]
[Full-Disclosure] Possible Virus/Trojan
Got something similar to
that a few days ago on another mai
Hey guys,
I was able to finally get the file out of Outlook via add-on. The add-on
moves file types from Level 1 to Level 2. Anyways, it wasn't detected as a
virus and it is only 35 KBs in size. Kinda small.
I planned on breaking it apart..but I went to the bar last night.
I have sent it to a
But I really like good coffee. Is that so wrong? lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Willem Koenings
Sent: Monday, July 26, 2004 8:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [ok] [Full-Disclosure] Possible Virus/Trojan
hi,
0:17 AM
To: [EMAIL PROTECTED]
Subject: Re: [ok] [Full-Disclosure] Possible Virus/Trojan
On Tuesday 27 July 2004 14:28, Todd Towles might have typed:
> Hey guys,
>
> I was able to finally get the file out of Outlook via add-on. The add-on
> moves file types from Level 1 to Level 2. Anyways,
I don’t know but I know the Netsky
team has some work to do. I had the Netsky team and I am going to lose a RED
BULL - if Beagle keeps going like it does. lol
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of The Central Scroutinizer
Sent: Tue
Hey FD,
I have seen some information about the file I received on Friday. It is
malware for sure.
I was the only person in the company to receive it. It isn't detectable by
my up-to-date AV as of yet. Plus as we all saw this weekend it appeared to
grab news headlines.
Some of us found this har
It is about the same as grabbing SS number off of Google. Which is possible.
Sometime people don't have stand alone webserver and don't configure them
correctly.
But I see your point. The government will look down on P2P as a national
threat...but what will a law really do? We all know that the CA
The funny thing is I was the manager of an Italian family owned coffee shop
for 4 years. Then I worked for a local roaster for about a year and a half.
That coffee is real as far as I know..but it is in the range of 100 dollars
a pound. Jamaican Blue Mountain is one of the most expensive - around 5
Hey Juan, hopefully you don't have the test user on your ssh server anymore.
You just gave the IP address, port and username =)
-Todd
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Juan Carlos
Navea
Sent: Thursday, July 29, 2004 8:38 AM
To: [EMAIL PROTEC
The creator of CWShredder claims the newest versions of CWS are very
stealthy and I believe he as stopped updating the program. Therefore
CWShredder isn't the best for the newest. But as far as I understood things
(from other mailing list and forum post), HiJackThis wasn't removing them
100% either
Jan is right - looking at the code might be the only way to know what is
really happening.
We all await your disassembled, debugged and traced code analysis, Jan. =)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jan Muenther
Sent: Friday, July 30, 2004
There is a free piece of software somewhere that will grab all the BHOs
(Browser Helper Objects) out of the registry and display them all. Anyone
remember where this software can be found?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rmuge NineFive
Sen
Jack, the new variants are not so obvious to detect. They contain hidden
processes or rootkits. Sooner or later they will start to use ADS (alternate
data stream) points to hide.
Anyone can track down anything with a registry snapshot. Do a registry
snapshot and then install your "spyware" and th
Max,
How big are these networks that use default firewall rules? In a large
growing corporate network, we have to deal with stuff all the time. Users
want to do that...some other company or vendor needs a port open to do
something. They want you to just do it because all the other companies do
it.
I haven't done too much research into appliance-based devices but you would
guess that are set up for one purpose.
If I was going to build a Snort IDS box, it wouldn't have telnet open and it
wouldn't use HTTP (unless I was using ACID, then I would use SSL).
If I wanted to make a DHCP server - I
Then we await your very simple tool to remove this bad spyware. If you can
do it with Hijack This...then maybe you should talk to the author and start
work on a new program.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gregh
Sent: Friday, July 30, 2004
Grab a copy of any Linux Live-CD and boot it up. Most have AirSnort, Kismet,
Nmap, Ethereal, Ettercap included. You must find the right wireless card to
work with them however.
www.knoppix.com
www.knoppix-std.org/tools.html
www.moser-informatik.ch/
BTW, has WEPCrack ever been ported to Win32?
Fedora Core 2 from Red Hat is free and includes SELinux. Anyone been using
the test release of FC3?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Timo Sirainen
Sent: Saturday, July 31, 2004 4:16 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [Fu
Randall, we have discussed CWShredder. The author stopped supporting his
program and did have a list of ever variant on this website and the methods
it used. Very tricky.
He also points out it will not stop the newest version because of the
advanced survival techniques being employed. They are sta
y out of the spyware game?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aditya, ALD
[Aditya Lalit Deshmukh]
Sent: Sunday, August 01, 2004 2:41 AM
To: Todd Towles; 'JacK'; [EMAIL PROTECTED]
Subject: RE: Re: [Full-Disclosure] Cool Web Search
&g
I have seen this type of e-mail on my yahoo account at home. I just guessed
it was a corrupt e-mail put out by some e-mail virus circling the internet.
It wouldn't by the first time or the last.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Denis McMaho
If you are not sure what is on the computer and not 100% sure you are able
to get everything off, then you really don't have an option. Clean install
would be the safest bet. I am not sure how many computers we are talking
about and if they are production. Clean install may not be a option, but it
w every vendor has its own.
>
> Thoughts,
> Jan Clairmont
> Firewall Administrator/Consultant
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Todd Towles
> Sent: Tuesday, August 03, 2004 9:53 AM
> To: 'Denis McMahon&#
I think he is just mad because he can't drink yet.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Mkrtchian
Sent: Tuesday, August 03, 2004 5:35 PM
To: Day Jay
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Defcon spelled half backwards is Fed
Let some rich company get you beer? Why not..it doesn't make Microsoft more
secure...so what is the harm? lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Maynor
Sent: Tuesday, August 03, 2004 6:15 PM
To: Day Jay
Cc: [EMAIL PROTECTED]
Subject: Re:
He does have a speech writer. But he is from Texas (as am I) and we do have
a way of talking down here that is different than most places. =)
Some are worse than others of course. I mess up all the time when I talk -
my mind goes faster than my mouth. But that seems to be common among
computer peo
Preventing ARP poisoning is a very good
security measure, but I am not sure how they made it do it in this case.
If you don’t know what ARP poisoning
is and why it is dangerous, then google it.
An AP is basically a normal router but for
wireless. ARP poisoning allows for sniffing
Got a copy of it last night.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, August 06, 2004 7:04 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] SP is here (soon) !
XP SP2 Final is up on MSDN Downloads for the MSDN Subscribers.
I would guess you are doing this for
security purposes. If you are going to test things to stay secure, then test
what would be used against you (most likely).
What is KNOPPIX®?
KNOPPIX
is a bootable CD with a collection of GNU/Linux software,
automatic hardware detection, and support
.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles
Sent: Monday, August 09, 2004 8:53
AM
To: 'Simmons, Thomas';
[EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] WEP
utilities
I would guess you are
doing this for security purposes.
-Original Message-
From: Eric Schultze [mailto:[EMAIL PROTECTED]
Sent: Monday, August 09, 2004 12:21 PM
To: Patch Management Mailing List
Subject: Windows XP SP2 is now available for download
Windows XP SP2 is now generally available for download from Microsoft.
The Service Pack is av
I am seeing a lot of them too. Just had a call from my e-mail people. I have
one that is new_price.zip (5KB)
There appears to be some people on FD that are infected and we are getting a
lot on my end.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonath
It appears to be what TrendMico calls Beagle.AC - IDE released at 2:30pm
Maybe it is dropping a older Trojan.
-Original Message-
From: Paul Szabo [mailto:[EMAIL PROTECTED]
Sent: Monday, August 09, 2004 3:06 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] (no su
Well, that is what I meant. People that have people from FD are infected.
Sorry typed that up fast when I was working on something else.
-Original Message-
From: Ron DuFresne [mailto:[EMAIL PROTECTED]
Sent: Monday, August 09, 2004 3:40 PM
To: Todd Towles
Cc: 'Jonathan Grotegut&#x
I have to agree with Todd, the naming convention is now right useless for
the normal population and make keeping up with viruses on a corporate level
that much harder. AV companies are always trying to beat the other company
and this leads to very little information sharing between the companies
ference after
the fact is probably the best one can hope for.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Todd Towles
Sent: Tuesday, August 10, 2004 10:16 AM
To: 'Todd Burroughs'; 'Frank Knobbe'
Cc: [EMAIL PROTECTED]
Subject: RE: [Full-D
How would a name stop an AV company from protecting its customers? A name is
only a name. AV companies should do their job and stop viruses. But do we
really care what they are called in the first couple of hours, no? I am
trying to encourage sharing of some information between AV companies to
bett
DNA matching for real diseases is at least more accurate than string
matching for computer viruses. Sig-based AV scanning will always be behind
on variants. If I can take a virus, change a line in it and infect 100
people without an AV product even winking, they things can be changed.
But maybe I
Did anyone see that article about how one the latest MyDooms wasn't a MyDoom
at all, but they wanted to keep the name to avoid confusion. =)
Can't find the article, plus it is lunch time.
Listen all AV companines name MyDoom, MyDoom, how hard would it be to get
the variant name to be somewhat equ
So if I change my name the police can't find me? ;)
AV companies should be able to work with any form of ID. Use their local
until an agreement as been made.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Loch
Sent: Tuesday, August 10, 2004 11:09
ers and we direct
where the time and money is spent indirectly.
-Original Message-
From: Jan Muenther [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 10, 2004 1:14 PM
To: Todd Towles
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [Full-Disclosure]
n't exist.
-Original Message-
From: Jan Muenther [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 10, 2004 2:23 PM
To: Todd Towles
Cc: Mailing List - Full-Disclosure
Subject: Re: [Full-Disclosure] AV Naming Convention
Hi,
> I wouldn't be in my position, if I ran everything
The whitehouse website was also compromised. Look www.whitehouse.com
=)
Wasn't fedora.org home to a page of useful fedora information? I am not at
home and don't have all my links.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Burling,
Matthewx
Sent:
ist - Full-Disclosure'
Subject: RE: [Full-Disclosure] AV Naming Convention
Todd Towles wrote:
> Nowhere did I state that AV researchers were doing a crappy job and
> everything needs to change. I stated a shift is needed. A shift toward
more
> sharing of information between AV companies
I believe SP2 is a step in the right direction for MS. Do they have a
long way to go? Sure, but they are making headway.
As far as user problems, SP2 will break stuff - that was known. Partly
due to bad progamming on the app side. Since MS was holding the hand of
older apps, companies were lazy ab
The people that should be blamed are the app makers. The beta has been
out for a long time and I am sure that companines were fully aware of
this update, the changes it makes, and how it will affect their
products.
If a company failed to make their program work with the OS that is on
over 90% of
The Pentgon uses a solution that scan everything with multi-engines. We
looked into getting it, but it is pretty costly.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Random
Letters
Sent: Friday, August 13, 2004 3:56 AM
To: [EMAIL PROTECTED]
Subject: [F
need.
-Original Message-
From: Barry Fitzgerald [mailto:[EMAIL PROTECTED]
Sent: Friday, August 13, 2004 12:02 PM
To: Todd Towles
Cc: Harlan Carvey; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] (no subject)
Todd Towles wrote:
>How is naming a virus with @mm or a W32 in the front
How is naming a virus with @mm or a W32 in the front slow the process
down? Naming has nothing to do with AV venders making money IMO. If it
does, McAfee should change its name to Norton before tries to buy it
out. =)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
sad to say, normal people are not..and will not understand. To quote
a movie, they are the cattle and we are the cowboys of the new digital
wild west.
-Original Message-
From: devis [mailto:[EMAIL PROTECTED]
Sent: Friday, August 13, 2004 1:02 PM
To: Todd Towles; Full-disclosure
Subject: R
You are only getting nimda probes because the general public is stupid
as a whole and doesn't know anything about security. Most people that
have spyware installed on their computer doesn't even know it is there
or what it is..or how to replace it.
Is linux more suited for network security profes
That is the question we need to find out. But only by starting it will
we ever know. Agreed?
-Original Message-
From: Barry Fitzgerald [mailto:[EMAIL PROTECTED]
Sent: Friday, August 13, 2004 12:11 PM
To: Todd Towles
Cc: Mailing List - Full-Disclosure
Subject: Re: [Full-Disclosure] (no
004 1:18 PM
To: Full Disclosure
Subject: Re: [Full-Disclosure] Virus naming conventions, or lack of them
Todd Towles wrote:
>
> How is naming a virus with @mm or a W32 in the front slow the process
> down? Naming has nothing to do with AV venders making money IMO. If it
> does, McAfee
Functionlity issue is true, yet to add functionlity you must add more
lines of code. Beta programs are there to debug code therefore it is
understood to have less reliability.
Both stages are for debugging code but during beta they are adding fresh
code that hasn't been looked over for bugs. Duri
I personally think that Microsoft should turn the "hiding of file types"
off by default. We all turn it off and it doesn't help basic users learn
file types. They go by the icons and therefore the icon issue is a
better security threat.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[
Sounds like it about as easy to shutdown as Microsoft's SP2 firewall...
Overwrite a file, it fails integrity checks and the firewall will fail
closed. There is something to add to a dropper program.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Maarten
Yeah I remember first hearing about that in the Patch Management
circles. Does sounds like a good idea. Anyone that has been over patch
managemtn can tell you that patches break stuff. Now software will
automatically break software with software patches. =) Interesting.
-Original Message-
Whitehats are mostly losing. Network administrator that has no sense of
security are losing. Are all network open to something? Yep, but you can
reduce your risk if you try. No network is safe from hackers 100% and no
hacker is safe from the law 100%. We all take our chances - sometimes on
both sid
Sorry John,
I was confused between "Failing Closed" and "Failing Open". If integrity
checks fail, no traffic is passed. That is better than Microsoft's
simple reg disable hack.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John LaCour
Sent: Friday, Aug
Allan is right. I didn't notice people calling it a worm. It is suppose
to be a patch management product that will actually use the expolit hole
to patch the box. It is a controlled problem and should be used only on
computers control by the corporation that owns the software.
But is it still a go
I also turn off all updates. I had my Automatic updates and BITS set to manual and
Windows Update wouldn't work. I never disable it but I do stop the service and leave
it on manual. When you disable Automatic updates in the control panel the service
keeps running. Stupid, yep..I think so too.
H
: Sunday, August 22, 2004 8:20 AM
To: Todd Towles; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] The 'good worm' from HP
> Allan is right. I didn't notice people calling it a worm.
>From the article at InfoWorld...
We've been working with (cus
The AU shouldn't be a issue for anyone running SUS or SMS. It is a pain to turn it
back on if you have already turned it off (my case) via corporate wide reg hack. But
that is my issue and easily fixable.
AU running in automatic mode will not install updates on its own. As long as you turn
the
ve.
Aaron
- Original Message -----
From: "Todd Towles" <[EMAIL PROTECTED]>
To: "joe" <[EMAIL PROTECTED]>
Cc: "Mailing List - Full-Disclosure" <[EMAIL PROTECTED]>
Sent: Sunday, August 22, 2004 7:15 PM
Subject: RE: [Full-Disclosure] The 'good
Behalf Of Ron
DuFresne
Sent: Friday, August 20, 2004 3:10 PM
To: Matthew Farrenkopf
Cc: Todd Towles; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm
pro.
yet, if I read this properly it wasnpt simply and open e-mail
It is a never ending battle. Crackers and hash/encryption algorithms,
stealth and radar, viruses and anti-virus.
The war must be continued. If encyption was built into the underlying
subsystem of modern operating systems (without a huge hit on
performance), then the security of systems world wide
You are correct, I look into this deeper this morning and found the same
results. It doesn't matter if it is running or not. It can be running
and set to manual, WindowsUpdate will still fail.
Therefore you have to set the service to autotmaic for WindowsUpdate to
work. It is Microsoft's attempt t
Very sad it took a public release to put them into action. But then
again that is what FD is all about. Perfect example.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of bashis
Sent: Tuesday, August 24, 2004 2:59 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTE
From: Hank Hering Sent: Tuesday,
August 24, 2004 4:17 PMTo: Todd Towles; Vance Price; Paul Bazil; Hank
Hering; Bob Bloemen; Lee Cobb; Richard GraySubject: RE:
[Full-Disclosure] Electronic Jihad on August 26, 04 ??
Microsoft cannot be beat, and always wants to be
first...Are you sure
It is a warning from some companines' GFI mail scanner. Who knows, could
be a old virus with you as the spoofed sender. If it was new, GFI might
not have caught it..;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Nagro
Sent: Wednesday, August 25,
The kernel could be save. But with weak passwords, you are toast. Any
automated tool would test guest/guest.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard
Verwayen
Sent: Thursday, August 26, 2004 6:08 AM
To: 'FD'
Subject: RE: !SPAM! [Full-Discl
Subject: RE: !SPAM! [Full-Disclosure] Automated ssh scanning
On Thu, 2004-08-26 at 15:12, Todd Towles wrote:
> The kernel could be save. But with weak passwords, you are toast. Any
> automated tool would test guest/guest.
>
Hello Todd!
You are right about the passwords, but guest
Sorry, didn't see the other messages. So it get local access thru
guest/guest and then gained root with a local exploit. Any ideas what it
is?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles
Sent: Thursday, August 26, 2004 8:12 AM
To: Ri
I agree, so we are looking at a unknown local exploit for woody or we
are all missing something.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tig
Sent: Thursday, August 26, 2004 9:28 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Automated ssh
Hey Ron,
Guest isn't a admin so they let the tool get in. But the real questions
is, how does it get root access on a fully patched server? It appears to
use a local exploit to gain root access. This is a problem.
Sorry about the eariler e-mail, I haven't had my coffee today. Trying to
cut back
ld be nice to find it.
-Original Message-
From: Pascal Zoutendijk [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 26, 2004 12:15 PM
To: Todd Towles
Subject: Betr.: RE: [Full-Disclosure] Automated ssh scanning
Hi,
Maybe I missed a point, but everybody seems to be focussing now on
whether
the Kernel was left out of the patching.
-KF
Todd Towles wrote:
> Hey Ron,
>
> Guest isn't a admin so they let the tool get in. But the real
> questions is, how does it get root access on a fully patched server?
> It appears to use a local exploit to gain root access. This is
I get that and the "Thank for contacting Sign and Décor"...
Who votes to kick them til they get it fixed?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Über GuidoZ
Sent: Monday, August 30, 2004 3:12 PM
To: [EMAIL PROTECTED]
Subject: Fwd: [Full-Disclosu
I see one other post about it here..
http://www.dslreports.com/forum/remark,10987569~mode=flat
Sounds like malware to me. Did you send copies to any AV compines?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of S.A. Birl
Sent: Wednesday, September 01, 20
than simply the
FD: name that you can provide?
There were about 6 Registry enties in the HKLM section. I dont have the
compromised machine, so I cannot tell you the exact locations.
We ran TCPview on the compromised machine and watched it connect to an
IRC server.
On Sep 1, Todd Towles ([
If you are going to leave telnet open, why would a attacker even mess
with SSH? I would have to agree with the other guys, having a person
there at the remote site (I am sure you have someone) fix the issue. Or
find another encrypted method.
Even on a internal network, I would be against using i
Yep, call-back modem is a very good idea. But we are sliding OT. =)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Volker
Tanger
Sent: Thursday, September 09, 2004 9:18 AM
To: ktabic
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Re: Re: open telnet
Shoot me one if you have any.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, September 10, 2004 9:47 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] OT - 6 gmail invites
Anyone wants one, please contact off list.
___
L:ooks like the message is nothing, but there is something up with the computer of the
remote user that is for sure. Wipe it.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of XOR
Sent: Friday, September 10, 2004 1:19 PM
To: [EMAIL PROTECTED]
Subject: [Ful
1 - 100 of 231 matches
Mail list logo
