> No I would not I would use an ids with properly tuned sigs for the terminal
> server abd then connect the terminal server via a proxy like vnc running
> something over freebsd or linux. I would never allow a windows terminal
> server to be directly be connected to the net...
Spot the two obviou
> There are ways to find out the usernames that are admin they begin with 500_
> ( do a Google search if you want )
>
> Any script kiddy worth his salt will tell u this... So this one is off
> because renaming admin account will only be security thru obscurity witch is
> not good for the internet.
> Can anyone suggest a free/opensource/shareware app that can do this, as
> I'm doing some testing on our new corporate website before it goes live.
Plenty of stuff available for that - if you want a native win32 app, try
Odysseus:
www.wastelands.gen.nz/odysseus/index.php
If you don't mind Java
> Network security -> application security -> software security ->
>
> What do u guys think??
job security?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
> How about using Gaim :) gaim.sf.net
>
> It uses RSA encryption through gaim-encryption plugin and it is free.
> Can be used on most of the IM networks today.
Yeah. It's also bug-ridden as hell.
___
Full-Disclosure - We believe in it.
Charter: http://
Hey,
just a simple question, but have you talked to Wind River or whoever does
vxWorks these days...? If it's a generic problem with the OS, you'll have issues
tracking down all vulnerable devices anyway, at least if not only this par-
ticular controller is affected. Did you, uh, check that?
Ch
> google came back with a forum to do with sdbot; however, the file was
> listed as "Morphine".
Morphine is not a virus or malware in itself, it's a tool for PE binary en-
cryption, self-decrypting on execution. It actually places the whole
source image into the .data section of a newly produced
> i got a question here:
> i am the administrator of the interland VPS running apache whose
> version # is 1.3.22.
> how can i know if it has backport or not?
You can very easily test whether it's susceptible to the chunked encoding issue
or not. If it's not, chances are it's been backported.
> Is there a possibility to bind /bin/bash on a socket with legacy unix
> commands?
That'd be the inetd backdoor which already the mighty T-Rex used (though I
believe the T-Rex used the korn shell).
___
Full-Disclosure - We believe in it.
Charter: ht
Hey there,
> Oh, I am not unhappy with AV companies at all. They do their job and most do
> it very well and very fast. But there are programs that aren't detectable by
> any AV programs. I have one sitting on my desktop; I received it in the
> e-mail weeks ago. I send it in as a sample and heard
Hi,
> I wouldn't be in my position, if I ran everything that was sent me. Home
> users need to be educated, but that is a whole different issue.
>
Well, I didn't mean to be offensive (no really, for a change).
I meant the 'you' rather figuratively. It's not only home users that need to
be educa
> I'm gonna to ask some stupid question for the security guru :)
> How can we change the values og a cookies
> I'have used a pxxy (SPIKE proxy) to do that but I haven't find an
> elegant way to do this :(
I use ELZA:
http://www.stoev.org/elza/
__
Hi,
> This guy has been sending out viruses unknown to him his machine has been infected...
No, he hasn't. This is some worm forging mail senders, which is not the
slightest problem at all given the functionings of SMTP. In fact, most modern
self-spreading mail worms even come with an own SMTP e
Hi there,
> Agreed. The thing *is* publicly available, just do 'wget
> frauder.us/linux/ssh.tgz'. What kept me from disassembling the thing so
> far is not availability, but lacking knowledge about the ssh protocol on
> my side ;-)
Hm, actually, there's fairly little of that required to see what
Hey Valdis,
> It's more likely that there's one version, making noise and very rarely finding
> a box with stupid passwords. It's possible there's another rare version that
> tries several stupid passwords and a few old SSH vulnerabilities. Is there
> *any* reliable evidence (even a single box)
Now, if anybody could jump through the hoop and send me the thing or make it
publicly available... all these things are musings, 'it looks as if...' and 'it
seems like...' are not exactly results of an analysis.
Just tracing tcpdump's output is definitely insufficient.
If the tool just sends no
Howdy,
> Highly doubtful. It's easy enough to test though - just use the tool
> to poke another machine under your control, and use tcpdump or ethereal
> to capture all the traffic (don't forget '-s 1500' or similar for tcpdump
> to get the *whole* packet).
Sidenote - '-s 0' always adjusts captu
> do you have any idea how i created these compressed
> archive??? i didn't modified the header info!!!
> i created it using dd if=/dev/zero ..
Yeah right. I believe the first time I saw this reported was like 1998.
Why don't you check mailing list archives before making such a big fu
> Do they draft 21 year-olds in Germany?
Yes, they do. You can get drawn in until you're 27, but there are plenty
ways out of it as well.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Hey,
> I guess its unicode ninjitsu time.
Check out FX' cool venetian shellcode stuff under
http://www.phenoelit.de/fr/tools.html
Cheers, j.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
> I can promise you that there is NO connection between Jay and CM.
> They're on completely opposite ends of the clue spectrum, CM
> representing one of the very few extant examples of an almost total
> clue vacuum.
Definitely - look at the sender domain and you know what pranksters are
behind thi
Hey,
> > already joking about the "PHPNuke vulnerability of the day" (with a slight a
> > reference to the "HP-UX bug of the week", if anybody remembers that...).
>
> Whatever happened to those guys, anyhow? :)
I've been really wondering, as well! I think I dimly remember something with
a prett
Hello,
> Please tell me "what version of PHPnuke is secure ?" i am asking this question
> because someone hacked my friend phpnuke 6.5 through SQL injection. And another
> question is " Can i use phpnuke 6.5 themes with the new/old version of PHPnuke ? "
At the risk of getting flamed mas
> What tool are they talking about in this article? anyone know?
Maybe Halvar's binary differ?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Vladis,
> We don't see dedicated and targeted attacks at 4 million cablemodem users
> designed to drop off trojans, ddos zombies, and similar.
Sure. I wasn't claiming that worms don't get deployed, neither that they do
not pose a huge problem. My point was rather that the fact something might
no
I don't want to take this discussion too far, but I really wonder why
everybody focuses on worms - as if the threat a dedicated and targeted
attack poses was any lower...
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-dis
> I have been getting the below mail from numerous email sources all day, can
> anyone else confirm this mail is flying around?
Yes.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
> need to know about ports,ip,computer to computer
> connection and netwoking and security
Yes, you do.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
> >It actually un-UPX-ed just fine for me. What version have you been trying?
>
> MyDoom.B as posted by someone else on this list. UPX -d doesn't work so you
> have to do it manually which shouldn't be a problem.
Oh, that clarifies it - I've just been looking at a copy of .A as it came to
me ama
> It's still UPX packed, but it won't unpack with "UPX -d" because the author
> used a simple UPX scrambler. Either undo what he did or unpack it manually
> and you'll see all the code.
It actually un-UPX-ed just fine for me. What version have you been trying?
It disassembled nicely after that.
> the possibility? There is plenty of unanalyzed code and looking at the
> dissassembled code there are fingerprints of a tsr and forth in my opinion,
Plenty, eh? After de-UPX-ization, this thing is about 56k.
TSR in Windows?
And where do you see the Forth traces?
Looks a heck of a lot more li
> why r u guys still entertaining this clown? he created this juari acct
> yest just to screw w/ ppl:
It really calms me to see that someone finally says something to this pretty
obvious lark. Someone had an outburst of gobbles-style humour here and you
folks gleefully swallowed the bait.
I, for
> > at the risk of sounding like a Win32 advocate...
>
> No, you don't. :-)
Phew. :)
> > 0), but hey, it sure is a step forward. They've been lambasted badly and
> > earned it, but they're making progress for sure.
>
> Anything else would be pretty pathetic if you take into consideration
> their
Hallo Tobias,
at the risk of sounding like a Win32 advocate...
> I agree. But Windows isn't delivered in such a minimum state by default.
> Instead all doors are open. When MS ships Windows shouldn't it deliver
> it with all doors closed instead of all doors open? I'd rather have an
> "opt-in" fo
Howdy,
> > It can actually drive me mad to see how many Linux users entirely trust in
> > their assumption that they're more secure by default simply because they
> > don't run a Windows system.
>
> A Linux user running a default installation of a modern Linux distribution
> *IS* more secure by d
I couldn't help but comment on this (quickly, because these discussions tend
to turn into a point- and endless ping-pong match).
It can actually drive me mad to see how many Linux users entirely trust in
their assumption that they're more secure by default simply because they
don't run a Windows
Howdy,
I basically have *no* time at the moment, so I just had a very very quick
look at these things.
> The biggest file you can find on this machine in this directory is a
> gzipped file which probably contains a rootkit of some sort. The SuSE
> list is still trying to figure out what the res
Howdy,
I can't resist - have to make a few comments on this one, despite us moving
massively off topic.
> > 1. How did they know which switch to connect to? Wouldn't this require
> > some knowledge of network topology.
Not necessarily. You'd be amazed by how many (even large) companies have a
> Lack of features != security
lol @ mutt having a lack of features - what do you miss there that a mail
client should have?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
> I think this is also the first sighting of the @ vulnerability in the wild. Or am I
> mistaken? It seems the tool available from Xforce does nothing to stop this.
> (http://xforce.iss.net/xforce/alerts/id/159).
You kidding? This is totally common.
__
> I went to http://64.21.80.2/~gotier/verified_by_visa.htm, this guy is
> using a php script to get card numbers and pins, I think that someone is
> going to have a merry christmas :)
Heh, true. Did you write the connecting ISP (nac.net) an abuse email? The
box is running quite a bunch of services
> > of the time. Although policy could dictate that when a wireless
> > card is given out, the MAC address in added to the AP, however if
> > you have multiple APs in different areas of building, being
> > administered by different IT depts then this could soon become be
> > a problem.
You shoul
42 matches
Mail list logo