VX Dude wrote:
I have a sad feeling that I am alone about this. If I
am, then I really pity you guys.
Stinny FranCisco, CISSP
Internet Sniper
eDefense Inc.
I tend to agree with you. However, there are a couple of things to
consider:
1) Disclosure tends to refer to information. Now, m
You are not alone. Yes This is FD in my books too. Good one.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Actually, tjhat makes a fair amount of sense. You're not alone. =)
This is kind of the tangent I was going on when I seemed to start this
whole thing. I figured by having a copy, I could help the person
requesting info, as well as being aware of it myself.
*shrugs* To each their own I guess.
--
Personally I think this thread is starting to get off
topic. But I'd like to address a topic that got
brushed aside by this penis contest.
Viruses/Malware/Rogue Code on Full-Disclosure
I know this gets addressed every 2 months (you can
calibrate your NTP server by it). But it's an issue
that sh
Look man... first of all I happen to know Rich... second of all maybe
you didn't get the memo.
http://lists.netsys.com/pipermail/full-disclosure/2004-September/026254.html
nice try to you too mmmkay.
-KF
John Galt wrote:
Oh, give me a break: Richard Johnson/gobbles has been working
hand-
Oh, give me a break: Richard Johnson/gobbles has been working hand-in-hand
with idefense since day one. In fact, idefense advisories and gobbles
advisories on the same issue are almost always twinned. Nice try.
On Thu, 9 Sep 2004, KF_lists wrote:
Please tell me you are not so retarded that you
Thank you for the clarification. I'll shift my disrespect over to the
individual at Bugtraq.
--
Peace. ~G
On Thu, 9 Sep 2004 16:05:37 -0400, iDefense Labs <[EMAIL PROTECTED]> wrote:
> These recent postings and all past postings from [EMAIL PROTECTED] do
> not come from iDEFENSE or any of it's e
I noticed that, and was going to comment on it, but decided it wasn't
worth it. I'll pop back and do a some quick IP tracing, just for $hits
and giggles. =)
--
Peace. ~G
On Thu, 09 Sep 2004 15:51:17 -0400, KF_lists <[EMAIL PROTECTED]> wrote:
> Please tell me you are not so retarded that you thi
rsday, September 09, 2004 9:57 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] win2kup2date.exe ?
My what a lovely tea party...
I had no idea that this is such professional list that I have joined.
I'm no old fart, but I feel like I'm in grade school
Please tell me you are not so retarded that you think this is the *REAL*
Richard Johnson. If he was representing iDEFENSE why the heck would he
be using an @bugtraq.org email address?
-KF
Über GuidoZ wrote:
I
just lost a lot of respect for iDEFENSE... being the "Senior Security
Researcher", you
al Message -
> > From: "Richard Johnson" <[EMAIL PROTECTED]>
> > To: "Nick FitzGerald" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Thursday, September 09, 2004 14:30
> > Subject: Re: [Full-Disclosure] win2kup2d
My what a lovely tea party...
I had no idea that this is such professional list that I have joined.
I'm no old fart, but I feel like I'm in grade school all over again.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-discl
ED]>
> To: "Nick FitzGerald" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, September 09, 2004 14:30
> Subject: Re: [Full-Disclosure] win2kup2date.exe ?
>
>
> > Anyone who capitalizes their last name, twice, has serious ego
> > iss
>>> Nick FitzGerald <[EMAIL PROTECTED]> 09/09/2004 13:00:28 >>>
> Richard Johnson wrote:
>> Anyone who capitalizes their last name, twice, has serious ego
>> issues.
> Anyone who can seriously write the above is clearly a prize moron.
Maybe he's been confused by the handles of so many Scary HaCk
Anyone who capitalizes their last name, twice, has serious ego
issues.
Dick The DataTheft JohnSon
On Thu, Sep 09, 2004 at 10:42:45PM +1200, Nick FitzGerald wrote:
> Bugtraq Security Systems wrote:
>
> > Nick,
> > You're a moron, and a fake moron at that. ...
>
> Lessee -- "fake" means "not"
Richard Johnson wrote:
> Anyone who capitalizes their last name, twice, has serious ego
> issues.
Anyone who can seriously write the above is clearly a prize moron.
But we already established that about you, didn't we?
Anyway, I'll give you a clue for free. Of course, I fully expect it
will
Bugtraq Security Systems wrote:
> Nick,
> You're a moron, and a fake moron at that. ...
Lessee -- "fake" means "not".
So, in case it is not already obvious to you, your statement thus
reduces to an outright contradiction.
What a surprise.
NOT!
I wonder who is the real moron here then?
> ..
Agreed. I was the one who possibly started this with my innocent
comment of "send what you have to me and I'll see what I can figure
out". It was meant to be a helping hand and nothing more... sincerely.
I would expect anyone who understands the basics of the Internet to be
able to track down my tr
Bugtraq Security Systems wrote:
Nick,
You're a moron, and a fake moron at that. If you had the clue god gave the
average scriptkiddie, you'd kill yourself in shame at your own postings.
Cheers,
BUGTRAQ Security Systems
"If Nick FitzGerald had a brain cell for every bug we tracked, he'd be
smart and
Nick,
You're a moron, and a fake moron at that. If you had the clue god gave the
average scriptkiddie, you'd kill yourself in shame at your own postings.
Cheers,
BUGTRAQ Security Systems
"If Nick FitzGerald had a brain cell for every bug we tracked, he'd be
smart and not an arrogant no-nothing lik
_
Massive snips :
Nick, James T, et al wrote much that I've snipped...
>> I apologise that this message of mine was not as clear as it should
>> have been. Thank you for pointing it out to me.
>And you missed the point of what you perceived as my anger -- that's
>just one of my com
FitzGerald
Sent: Friday, September 03, 2004 17:16
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] win2kup2date.exe ?
James Tucker to Harlan Carvey to me to :
> > > > > ... If you want to email me a copy of it, I'll
> > > > > rip it apart and see what ca
James Tucker to Harlan Carvey to me to :
> > > > > ... If you want to email me a copy of it, I'll
> > > > > rip it apart and see what can be seen.
> > > >
> > > > And world plus dog should entrust you with such
> > > material because???
> > > ... most viruses, trojans and malware to not store
>
On Fri, 3 Sep 2004 04:05:02 -0700 (PDT), Harlan Carvey
<[EMAIL PROTECTED]> wrote:
> James,
>
> I'm replying off-list for the simple fact that I can't
> believe the post you sent to FD. Your questions back
> to Nick are...well, what's the right word???...it's as
> if you're not even paying attenti
Hey, the man asked for help, so I offered it. Simple as that... I'm a
helpful guy, it's what makes me tick. Dedicated my life to a
non-profit organization that helps the average consumer FOR FREE with
security consulting, technical support, and personal privacy. Not
because I'm trying to collect an
James Tucker said:
> There is always no need for aggressive statement of suspicion, which
> you are close to here. While I understand aggression due to anger, I
> am concerned that one should not get angry at someone offering them
> a service merely because one is suspicious of them. What if the of
Ahem, *blush*
> Be cautios with your words
Should be, as you probably guessed: "Be cautious with your words". Damn typos.
--
Peace. ~G
On Fri, 3 Sep 2004 01:58:24 -0400, Über GuidoZ <[EMAIL PROTECTED]> wrote:
> Hey, the man asked for help, so I offered it. Simple as that... I'm a
> helpful gu
On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
<[EMAIL PROTECTED]> wrote:
> Über GuidoZ wrote:
>
> > ... If you want to email me a copy of it, I'll
> > rip it apart and see what can be seen.
>
> And world plus dog should entrust you with such material because???
... most viruses, trojans an
Hi all,
A recommendation for anyone in this situation, try using a copy of
BartPE (http://www.nu2.nu/pebuilder/) and McAffee to detect the files.
I have watched one of these variants actively attack a copy of Norton
Antivirus. Furthermore, the worm in question which I observed started
to hide
Über GuidoZ wrote:
> ... If you want to email me a copy of it, I'll
> rip it apart and see what can be seen.
And world plus dog should entrust you with such material because???
> P.S. Send it to [...] - it's my "catch all" for
> virus/unknown files. Just be sure to ZIP it up or else the web hos
VirusTotal identified if as another Rbot/SDBot. Good questions Barry -
things one should also do or answer when questioning what something
is.
--
Peace. ~G
On Thu, 2 Sep 2004 13:35:00 -0400, James Patterson Wicks
<[EMAIL PROTECTED]> wrote:
> French site
> (http://www.commentcamarche.net/forum/a
I believe someone else mentioned this site on this list (not sure),
but have you tried running it through www.VirusTotal.com? A nice place
for a quick 2nd opinion. If you want to email me a copy of it, I'll
rip it apart and see what can be seen.
P.S. Send it to [EMAIL PROTECTED] - it's my "catch a
French site
(http://www.commentcamarche.net/forum/affich-975065-%5Balerte%5D-win2kup
2date-exe-new-virus) said that he had a shutdown after 60 seconds,
thought it was a Blaster variant.
Just passing on information.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] O
Do you still have a copy of the file? Have you sent it to the antivirus
companies for analysis?
Can you repeat the experiment with a patched box and replicate the results?
If so, that could be bad. It could just be a reworked exploit, though
-- or perhaps there's a bug in the buffer overflow b
34 matches
Mail list logo
