-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 4, 2009 at 9:13 PM, Tomas L. Byrnes wrote:
> The best weapon against a terrorist attack that Amtrak have is their
> totally unpredictable schedule.
>
...or the occasional derailment or collision - a semi-frequent occurrence
here in Calif
The best weapon against a terrorist attack that Amtrak have is their
totally unpredictable schedule.
>-Original Message-
>From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
>On Behalf Of Paul Ferguson
>Sent: Sunday, January 04, 2009 12:51 PM
>To: funsec
>Subject: [fun
> To use the real-life example, an unpatched Windows [...] Even if I
> do not connect the machine to any network, the moment I open any
> document that the machine itself did not create, I expose it to all
> sorts of macros, scripts and embedded content which can hose or
> exploit my applications.
In the extreme case, the machine on which you typed the response cannot
be completely trusted due to at least the following:
1) Who installed your most recent BIOS update and what's in the microcode?
2) What sneaky/broken stuff was in your most recent OS/application
install/update?
3) What applic
On Sun, Jan 4, 2009 at 5:27 AM, Rich Kulawiec wrote:
>
> You can *hope* it's executing the instructions you want it to,
> but "hope" is a poor security strategy.
>
> There is only one fix for this: wipe and reinstall.
>
Yes! I can't agree more. Once you run a Snort on a college resnet and work
w
On Sun, 4 Jan 2009, Paul Ferguson wrote:
> People in positions of authority in this country have clearly lost their
> freekin' minds.
"Lost their freekin' minds" or "Created a polarizing issue, then used the
resulting semantical fog to punish enemies and reward cronies"? Your choice.
--
--NSA--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Carlos Miller:
[snip]
Armed with his Canon 5D and his new Lensbaby lens, photographer Duane
Kerzic set out to win Amtrak's annual photo contest this week, hoping to
win $1,000 in travel vouchers and have his photo published in Amtrak's
annual calenda
http://www.timesonline.co.uk/tol/news/politics/article5439604.ece
--
been great, thanks
Big R a.k.a System
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailin
>
>
> --
>
> Message: 3
> Date: Sat, 3 Jan 2009 22:38:01 -0500
> From: "The Security Community"
> Subject: Re: [funsec] Yelling at your hard drive (video)
> To: funsec@linuxbox.org
> Message-ID:
>
> Content-Type: text/plain; charset=UTF-8
>
> Yet another reason
On Sat, Jan 03, 2009 at 04:27:03PM -0700, Ben Li wrote:
> It would be great to have that as a problem, since that means the AV app
> is running on the infected machine. If I can get my resolver on to the
> infected machine, I can also get an AV app on to the machine.
None of which matters.
A c
I'm missing something in regards to DNSSEC and how it helps here.
If you "own" the machine, you can replace the DNS server info used by that
machine. Note you can also replace the public keys, etc that go along
with these root zones or any subdomain. Yes, a little more complex,
but not all that
> Third, I'm not sure what you are describing is really a
> problem that needs a solution. In other words, it sounds to
> me like you are looking for a solution to a problem which
> doesn't really need fixing (?)...
Oh, I think it needs fixing. But even before considering how to fix it, in
so f
Rick Wesson ha scritto:
> Ben,
>
> If you carry your own resolver libs with you AV application you might be able
> to
> mitigate this -- or at least detect when the HOSTS file has one of your
> entries
> in it.
>
>
Modifications to the HOSTS file can be detected/prevented by WinPatrol.
(www.w
13 matches
Mail list logo