I tried hard. I failed.
--
Cheers, Chris Howells -- [EMAIL PROTECTED], [EMAIL PROTECTED]
Web: http://www.chrishowells.co.uk, PGP ID: 0x33795A2C
KDE/Qt/C++/PHP Developer: http://www.kde.org
pgpTbQzZkifG0.pgp
Description: PGP signature
___
Full-Disclos
Da Plane, Da Plane.
http://www.microsoft.com/security/bulletins/200501_windows.mspx
Tuffer
"I could fly like an eagle but weasels don't get sucked into jet engines"
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-d
mmers have been taking advantage
of for years -- using up Lycos' bandwidth.
> Resign or be sacked.
Um, isn't this the message Lycos is trying to send spammers?
Chris
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
both home and office.
Black-only laser printers are down as low as $100. Color is still
$500+, just clearifying.
> Crean says Xerox pioneered this technology about 20 years
> ago, to assuage fears that their color copiers could easily
> be used to counterfeit
there is some great stuff developed on irc. have you ever used a
cvsbot? I just love those check-in privmsg notifications.
chris
==
'when all you have is a nail-gun, every problem looks like a messiah'
Danny wrote:
On Fri, 19 Nov 2004 17:10:13 -0500, Tim
<[EMAIL PROTECTED]> wrot
were to suddenly stop existing, Bulletin boards and Wiki would
become even more popular. Most of them allow the same level of
anonymity that IRC gives to people. Or some poor soul's blog would be
overrun with "comments". Unfortunately, all of the things you have
liste
> Be fair now...
>
> NOTHING is more fucked up than the US election.
Not even Microsoft?
-ouch-
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
Chris Umphress <http://daga.dyndns.org/>
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Thursday, October 14, 2004 3:13 PM, Deigo Dude wrote:
> ftp://ftp.hq.nasa.gov/pub/nickname/
> The list contains the full name, email, phone, fax, position,
> building, room, and employer. When will they learn.
It's also called FOIA: The Freedom of Information Act. _Anyone_can request
that inf
on with sudo when
> test.txt was non-existant).
arj does ask if you want to overwrite an existing file.
--- snip
[EMAIL PROTECTED]:/home$ ls -l /usr/local/bin/test.txt
/usr/bin/ls: /usr/local/bin/test.txt: No such file or directory
[EMAIL PROTECTED]:/home$ ./chris/t
to a directory that I don't have the
neccessary permissions for, it asks me to pick an alternate location
to extract to.
> /me wonders about which version of arj/unarj "doubles" is talking about
I don't see a problem, but it would be interesting to see
moving one "../" from the filename I gave it, it
worked exactly as I expected.
-- Chris
--
Chris Umphres <http://daga.dyndns.org/>
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Thanks for posting this man, I saw these at comp usa the other day and
wondered if they could be made to work under linux, just haven't gotten
around to searching fot the info yet. Now I don't have to :)
chris
http://stageofbattle.org
On Monday 11 October 2004 2:29 pm, KF wrote:
>
That was certainly a useful explanation. Isn't stuff on this list
supposed to be readable? Anyhow, if I'm reading what you've said
correctly, it's supposed to work that way. Most programs pass the
"../" (or "..\") to the OS to handle.
-- Chris
On Sun, 10 O
ous privs.
c) Grant the user select privilege (only) on mysql.db, mysql.host,
tables_priv, user_priv and every column of 'mysql.user' apart from
'password', and 'select' their privs out manually. This may be
dangerous, so be careful.
Hope that helps... :o)
-ch
t of the output from #2 should help to deal with this.
I hope this gives you some ideas.
--
Chris White <[EMAIL PROTECTED]>
Sound | Video | Security
ChrisWhite @ irc.freenode.net
signature.asc
Description: OpenPGP digital signature
er do not have an administrator
password and the local login administrator/blank has been known
about for some time. The reseting the password message is indeed
not from IBM but in Microsoft XP itself. I just went to change my
administrator password and indeed I got this warning.
--
Chris Norton
s the same way. There are ways to disable or change
the
Administrator name and password or to disable the account completely.
--
Chris Norton
UAT Student Software Engineering Network Defense
___
Full-Disclosure - We believe in it.
Charter: http://lists.n
ISERFS HAS THE SAME EXPLOIT
CHECK OUT MY POC!
[EMAIL PROTECTED] h4x0r $ echo "bipin sucks" >> hax
[EMAIL PROTECTED] h4x0r $ chmod -rwx hax
[EMAIL PROTECTED] h4x0r $ ls -alo hax
-- 1 chris 12 Aug 23 21:58 hax
[EMAIL PROTECTED] h4x0r $ cat hax
cat: hax: Permission denied
[EMAIL
ourceforge.net/project/showfiles.php?group_id=7130
release information:
http://gallery.sourceforge.net/article.php?sid=134
-Chris Kelly
Gallery Project Manager
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
g new versions of third-party code
when the upstream is patched).
Chris
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
For those interested a forum has been created at
http://isc.sans.org/xpsp2.php
The purpose of the forum is to share factual experiences with XP SP2 in an
effort to help others who may run into similar problems.
- Chris
-Original Message-
From: Gregory A. Gilliss [mailto:[EMAIL
That's hilarious! Are there a lot of null-pointer exceptions for
fully patched IE? (I'm fairly new to The List)
On Sun, 11 Jul 2004 09:28:34 +0200, Berend-Jan Wever
<[EMAIL PROTECTED]> wrote:
> I just wrote a small poem in JScript:
>
>
>
> MSIE = window.open; // for hackers to come in
>
RSnake wrote:
writeable, but the drives aren't removeable on CDs. That of course isn't true
if you have a USB drive, but I think part of the deal there is that you need to
install special drivers to even read USB CD drives.
...that's not true ;-)
Chris
--
Simplistix - Content M
le classes of security risk and you can
train your users in a single way no matter where they're working.
Chris
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Bypass
Severity: Low-Allows Users to bypass license restrictions
Exploitation: Editing .key file
Reported to Vendor: 20 April 04
Vulnerability Resolved: 16 June 04
Author: Chris Hurley, Assured Decisions LLC
e-mail: [EMAIL PROTECTED]
URL
Todd Burroughs [EMAIL PROTECTED] wrote:
> They are planning to get into a market that gaurds against the failures
> in their own product. I don't like this, as it seems that they are going
> to be in a position to intentionally make holes that their "anti-virus"
> software will fix. If we had a m
I hate to say this, but I don't think Microsoft software could be any
worse than Symantec...
Andre Ludwig [EMAIL PROTECTED] wrote:
> Think the mafia refers to this as a protection racket...
>
> man so much can be made of this its a techy comedy gold mine.
>
>
> "our software sucks so bad that t
http://www.washingtonpost.com/wp-dyn/articles/A43635-2004Jun15.html
Need to register, but it's no hassle.
I'd mirror to my server, but copyright blah blah blah.
Anyone have any more info?
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> james e
I've just been told that it was a DoS. No details.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Niek Baakman
> Sent: Tuesday, June 15, 2004 09:58
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Akamai
>
> Hi list,
>
> akamai disappear
When run remotely:
Line: 1
Char: 1
Error: Access is denied.
Code: 0
URL: http://62.131.86.111/security/idiots/repro/installer.htm
When run locally, software installation is blocked.
Using IE 6.0.2900.2096 SP2, WinXP SP2
I've gotta say that SP2 has some VERY nice protection builtin. On the dow
k in the installer.
/c
> -Original Message-
> From: Jelmer [mailto:[EMAIL PROTECTED]
> Sent: Sunday, June 06, 2004 22:17
> To: Chris Carlson
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Full-Disclosure] Internet explorer 6 execution
> of arbitrary code (An analysis of
When run remotely:
Line: 1
Char: 1
Error: Access is denied.
Code: 0
URL: http://62.131.86.111/security/idiots/repro/installer.htm
When run locally, software installation is blocked.
Using IE 6.0.2900.2096 SP2, WinXP SP2
I've gotta say that SP2 has some VERY nice protection builtin. On the dow
pecial" report if it is not empty as these
machines have a patch issue.
Further, I also run quickly check the "Deleted" report to keep
an eye on what is coming through, but getting deleted.
It requires Python, keeps an extensive log and has reasonably
good excepti
SSL hijack attempt - can anyone shed some
light on the situation?
Chris
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
(www.netstumbler.org)
Blackthorn Systems (www.blackthornsystems.com)
Michigan Wireless (www.michiganwireless.org)
Good luck and have fun.
Chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAp9LROyWtx0MtxawRArlGAKCiACQXNpX2Bwna1bu7tKEPA+VhrgCgjGzf
0C9YTS5l6udYcNre/DkSqtw
MS patched the vulnerability
before it was exploited. What the fuck else do we want? Bill Gates to
personally fly out and patch our systems for us?
Sorry for the rant guys...
Chris Locke
http://stageofbattle.org
On Fri, 2004-05-14 at 10:27, Radule Soskic wrote:
> I can't post this to all the threa
the internet - the worms have seen to that.
Chris
[1] I say close because it may be legally useful to say the network was
restricted if you need to sue a spammer or something.
smime.p7s
Description: S/MIME cryptographic signature
Don't feed the trolls
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
http://www.sysinternals.com/ntw2k/source/regmon.shtml
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
sexec because my employer will not shell out the money
for a more sensible solution for software management such as SMS.
Again, if you don't like it, get over it.
- Chris
-Original Message-
From: Exibar [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 06, 2004 18:50
To: [EMAIL PROTEC
It looks like everyone is successfully beating the shit out of the wrong
bush(es) here. Let's just end this. The tool I want does not exist, so
I'll go make it.
Thanks to those who gave relevant responses.
- Chris
___
Full-Disclosure - We
27;t
need to log into a router to check its arp tables. I simply execute a
command on the remote system.
I need this for unix.
Any more questions?
- Chris
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 06, 2004 15:50
To: Chris Carlson
Cc: [EM
it doesn't exist. In that case, I'll go make
one. I'm just trying to save myself some time here.
-Original Message-
From: Michael Gargiullo [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 06, 2004 14:54
To: Harlan Carvey
Cc: Chris Carlson; [EMAIL PROTECTED]
Subject: Re: [F
I already
know of plenty. I just want something comparable to psexec that will
run on *nix.
- Chris
[1] http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Well, my opinion of this group just went down a few notches. As hard as it may be to believe, there are actually some people that want to use tools like this to safeguard their applications. Grow up.starwars <[EMAIL PROTECTED]> wrote:
Chris Sharp wrote:> I've been trying for some t
rmation on how I can configure the .bad file. Currently I'm getting false-positive results for the user ID's and Passwords being used. Any help is appreciated.
Thanks,
Chris S.
Do you Yahoo!?Win a $20,000 Career Makeover at Yahoo! HotJobs
"
tested it on 3 xp boxes without appropriate patch, all crashed.
|-+-->
| | "Chris Scott" |
| | <[EMAIL PROTECTED]>|
| | Sent by:
Tested against Windows XP Pro without the appropriate patch, it crashes the
service and initiates a shutdown timer.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 6:24 PM
Subject: [Full-Disclosure] LSASS ex
Heres my two cents :-/
Exploit code is better kept private.
Advisories should be public.
Why?
Because exploit code is not easy to write depending on the bug. And I
for one sure dont want some 'penetration tester' taking my code and
plugging it into his automated scanner and collecting the cash.
Consider also a hardware firewall that runs at Layer 2, this way you get the
filtering but you don't have to do any routing or NAT. These are the same as
"transparent" firewalls, as they do not have an IP address unless it is for
a management interface. I believe Netscreen currently has the ability
thing more about the bug or where it came from except
that it has evaded all attempts of these users to be removed. Ad-Aware, the Cleaner
and other similar tools all fail. If you have any information about this, or can
direct me to a binary copy of the bug, please let me know. Thanks.
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The new versions of NetStumbler and MiniStumbler have been released. They
are available for
download at http://www.stumbler.net
Thank you Marius for your hard work on NetStumbler and MiniStumbler.
Chris
-BEGIN PGP SIGNATURE-
Version: GnuPG
y. In particular, they shall not be liable
for any loss or damage whatsoever, arising from or in connection with the
usage of information contained within this notice.
© 2004 Crown Copyright
Revision History
April 20, 2004: Initial release (1.0)
--
Chris McCulloh
Secure Systems Archit
been spent
enabling the strong end-to-end encryption already included in most
common services.
Chris
smime.p7s
Description: S/MIME cryptographic signature
.
Chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAfStwOyWtx0MtxawRAqOCAJ9W/sOzRFniJ+mA+KFYcxIzk42TYACfYfqb
+aSyKKcFN9I2k3i4a7GQrnw=
=3YlQ
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nico Golde wrote:
>Hallo chris,
>
>i don't understand your problem.
>i tried:
>[EMAIL PROTECTED]:~] $ ls -al test
>-rw-r--r--1 nico users 6 2004-04-08 11:46 test
>[EMAIL PROTECTED]:~] $ test>test
&
chris writes:
> This also works with the 2.4.24 Linux kernel (Slackware 9.1):
It's the shell, not the kernel. When you say "./foo > ./foo", the shell
interprets "> ./foo" FIRST and does something like open("foo", O_TRUNC |
O_CREAT).
Take a look at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This also works with the 2.4.24 Linux kernel (Slackware 9.1):
[EMAIL PROTECTED]:~$ more testfile.txt
Let's try this in Linux
[EMAIL PROTECTED]:~$ ls -al testfile.txt
- -rw-r--r-- 1 chrisusers 24 Apr 7 12:43 testfile.txt
[
On Friday, March 26, 2004 1:22 PM, Mortis wrote:
>
> My message was only intended as a morning chuckle. I thought
> perhaps even Gadi would laugh at it (something is the
> sincerest form of something or other). I'm sorry I have such
> a rotten sense of humor. This list gets to ya once in a
.
They stressed that the hard-drives went as well, so
make sure backups were pretty frequent.
I don't know, mabey if the techs were actually from
Dell, they would be a bit more responsive...lol
Chris
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROT
conflicting reports out of Dell, depending who we talk to. The support
technicians have all said they have seen 3 or 4 of these failures each over the
past 6 months or so, but our account manager kind of glosses over the
problem.
Any feedback would
be appreciated.
thanks,
Chris
Cozad
IT
resolution (search for
antisniff if you want a tool which does this) - other than that,
there's really no way to find a sniffer. Your best bet is to use strong
encryption so it no longer matters if someone is sniffing traffic.
Chris
smime.p7s
Description: S/MIME cryptographic signature
On Wednesday, March 10, 2004 9:44 AM, Steven Alexander wrote:
> http://www.msnbc.msn.com/id/4460349/
>
> "The drugs and the crime fit neatly together; addicts strung
> out on meth can stay awake and focused for days at a time,
> making them expert hackers and mailbox thieves. And ID theft
> is
Gyrniff wrote:
>
> As I recall the -L option (persistent listener) only works on the windows
> port.
>
If you want it for Unix:
--- nc110/netcat.c 1996-03-20 16:38:04.0 -0800
+++ netcat.c2004-03-07 18:17:55.0 -0800
@@ -73,6 +73,7 @@
#include
#include
#include
(I think this paraphrases a collective thought) happens when the virus
writers start sending attachments using that "magic" extension and include a
social-engineered message in the e-mail to rename this thing to a .exe and
execute it.?
cdv
Chris DeVoney
Clinical R
ull-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
+--
| Chris Gundersen
| [EMAIL PROTECTED]
+--
***
"The credit belongs to the man who is
actually in the arena, whose face is
marred b
ecent spam filtering.
PGP/GPG support needs to be both well-integrated and painless to
install before they're going to have a chance of getting it; that
critical mass is important both for making commercial developers care
about it and removing the confusion disincentive for using it.
Chris
smime.p7s
Description: S/MIME cryptographic signature
On Feb 27, 2004, at 9:24, Chris Adams wrote:
Multiple issues with Mac OS X AFP client
Vendor Response:
None
After some discussion with someone on Apple's product security team it
turns out that I was responsible for the lack of response - my original
notice went to Apple corporate sec
Multiple issues with Mac OS X AFP client
Background
The standard Apple Filing Protocol[1] (AFP) does not use
encryption to protect transfered data. Login credentials may be sent
in cleartext or protected with one of several different hashed
exchanges or Kerberos[2]. There does not appear
h and an exploit was discovered to be in
existence before we actually got around to releasing the patch."
Ahh, the spin cycle.
-chris
--
Chris McCulloh
Secure Systems Architect
Sinetimore, LLC
e: [EMAIL PROTECTED]
t: 212.504.0288
f: 212.656.1469
w: http://www.sinetimore.com
a: 40 B
aders are stripped by the MTA on delivery to recipients
(except perhaps the recipient who was listed in the BCC field, but I'm not
sure and will most likely vary between MTA).
I'm sure the SMTP RFC would probably help out on this.
Cheers,
Chris.
Full doesn't necessarily mean immediate.
<...ducks for cover...>
-chris.
On Wed, 18 Feb 2004, Replugge[ROD] wrote:
> Isn't this the "full disclosure" mailing list?
>
> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED
Unfortunately, considering the date on the story is "Friday, 27 October,
2000, 16:23 GMT 17:23 UK" I would have to say no, it doesn't count as
confirmation.
Please do remember to check story dates before posting them.
-chris
On Thu, 12 Feb 2004 15:55:17 "Gregory A. Gillis
Well, thats one way to drum up some free articles for your rag.
lol
Chris Cozad
Invocare Australia Pty Ltd
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of roberta
bragg
Sent: Thursday, 12 February 2004 1:21 PM
To: 'Cael Abal'; [EMAIL PROTECTED]
On Wednesday, February 11, 2004 1:34 PM, Michael De La Cruz wrote:
> I was doing a forensic examination on Microsoft's Virtual PC
> 2004 software, and came across some Microsoft pictures I
> hadn't seen on an installed version of Windows 98 before. I
> know this isn't much of an exploit/vulner
No dude they are very real. There was a post on /. a couple of weeks ago
about them.
Chris Locke
http://stageofbattle.org
On Tue, 2004-02-10 at 15:48, Georgi Guninski wrote:
> http://www.microsoft.com/education/?ID=SecurityPosters
> there are posters like "Hackers Ahead"
> Hey Chris.
Hey Cesar.
>
> First of all, your advisories are a bit wrong:
> ...Systems Affected: Oracle 9 prior to 9.2.0.3
>
> Actually Systems affected are Oracle 9 prior to
> 9.2.0.4 (Patchset 3).
>
> The date in Metalink site of the Patch that fixes
> these vu
time_zone. We've historically found a lot
of issues in Oracle, so if you want to eliminate the stuff that's already
fixed from your list of 60+ issues it's a good place to look; the fine
detail isn't always available in the Oracle alerts.
-chris.
On Thu, 5 Feb 2004, Cesa
hey what do ya know it works :-/
(slack 9.1)
[EMAIL PROTECTED]:/HDB/mycode/ex$ ./ex_bof
Please enter the values as requested . . .
Enter the vulnerable program path: /usr/bin/gnuchess
Enter the vulnerable program name: gnuchess
Enter any arguments the program requires: -s
Enter an offset: 0
Enter
built in.
Cheers,
Chris.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
#x27;s any
digital copier/printer/scanner that has persistent internal storage or is
network connected.
And for that matter, we're also setting up bridging firewalls on some of the
units that contain an actual PC inside to manage the scanning functions,
such as the Canon ImageRunner series.
cdv
-Original Message-
From: Chris Brown
Sent: 21 January 2004 18:57
To: Lee
Subject: RE: [Full-Disclosure] DOS all platforms
POC has been sent to CERT but they have yet to release it. I am not trying
to be clever but how does your Firewall connect to the Internet if not
through a router
Has anyone been following the thread on NTCanuck ref a DOS vulnerability
they have discovered using UDP? I have no further info than what is in this
thread:
http://ntcanuck.com/net/board/index.php?showtopic=175
But if all that they say is true.We could be busy!!
Chris Brown
Senior
may.
I get the oingo list of directories.
Kind Regards,
Chris Rose
() ASCII ribbon campaign - against html mail
/\
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ny problem. If you don't use
Windows, you don't need anti-virus software.
I would still use AV software, but I am paranoid :) If you don't have AV
software how do you know you get 70 viruses form cracked Windows machines
daily?
Regards,
--Chris
smime.p7s
Description: S/MIME cryptographic signature
improvement over having nothing between Annie and the Internet.
--Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik van
Straten
Sent: Thursday, January 15, 2004 7:55 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] UTTER HORSESHIT: [was Ja
>> Is there a way for apache only browse files *.html or *.php not all files
>> type in the browser adress?
Also look at the mod_security module (www.modsecurity.org) - I think you can easily
use the security filter to stop just about anything you want.
this? I'm thinking maybe the default whois server
that the whois program queries has been compromised? I'm not sure what the
default whois server is.
-Chris
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
e system cannot find the file specified.
Just my two cents; carry on.
- Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason
Sent: Monday, December 22, 2003 22:24
To: Schmehl, Paul L
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Removing ShKit Ro
objdump on the ifconfig binary and im pretty sure theres a few
sockets calls in there that dont belong. So im sure it was rooted.
Chris
www.cr-secure.net
Alexander Schreiber wrote:
On Sun, Dec 21, 2003 at 07:28:55PM -0500, Chris wrote:
Can anyone reccomend some links or useful information for
On Saturday 20 December 2003 13:21, gazpa wrote:
> But where are that weapons???
> It's the size of the weapons so little, that are in a tobaco box into an
> Iraki pocket
> But you said that USA have that weapons what is the diference???
> USA is the only country in the world that have
Can anyone reccomend some links or useful information for removing the
"ShKit Rootkit". CHKROOTKIT detected this thing on a RedHat 8.0 server
owned by a client of mine.
"Searching for ShKit rootkit default files and dirs... Possible ShKit
rootkit installed" <== chkrootkit output
I have only re
>
> of course, CERT, like many federal sites realted to net sec
> issues, NIPC, local infrgard chapters, the new homeland sec
> dept, all will know after all the sources below have first
> fed on the info and rumors for a week or too prior. So, if
> CERT truely sucks, it sucks slowly...
CER
Hey Frederic
Maybe you should take a look at the IDS focus forum
http://seclists.org/lists/focus-ids/2003/Dec/index.html as there is a
thread on there extolling the virtues of Symantec's Manhunt, I use it
(amongst others) and it certainly does what it says on the tin, but can be
sensitive to devic
On Thursday, December 11, 2003 1:18 PM, [EMAIL PROTECTED] wrote:
> On Thu, 11 Dec 2003 12:51:11 PST, "Barrett, Rob"
> <[EMAIL PROTECTED]> said:
>
> > Question: Do you think finding a mentor in the field is a
> good way to
> > go? I am primarily focusing on securing M$ OS's and their
> > comm
http://www.citibank.com";
onClick="location.href=unescape('http://[EMAIL PROTECTED]
om'); return false;">Citibank will show http://www.citibank.com in the
status and location bar but direct them to wells fargo.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
At last the answer...
http://www.lurhq.com/sinit.html
Appears that the increase in DNS traffic is down to the Sinit P2P trojan.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
r bad
behaviors) as mitigating circumstances when entering the sentence...
cdv
Chris DeVoney
Clinical Research Center Bioinformatics
University of Washington
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul Farrow
Sent: Friday, December 05, 2003 8:40
On Friday 05 December 2003 18:11, Aaron Peterson wrote:
> would an innovative mailing list administrator please create
> [EMAIL PROTECTED] and force some of these bozos
> over there?
>
> Aaron
What, like you?
Seriously, how old are you? 10?
--
I believe the technical term is "Oop
1 - 100 of 183 matches
Mail list logo