On Mon, Feb 20, 2012 at 6:04 PM, Jeffrey Walton wrote:
> From the folks at OWASP. Please take a moment to provide feedback if
> you have helpful comments.
i see your survey contained many reasons for using virtual patching,
none of which included: "Haste: virtual patches can be deployed
extremely
On Tue, Jul 6, 2010 at 7:36 PM, Tomas L. Byrnes wrote:
> ... the vector of source attack against most CI
> is from the "great unwashed"
character of attacks i have observed using the "great unwashed" vuln. vector:
- inconsequential (in a war context) DDoS outages of various specific
targets or pa
On Tue, Jul 6, 2010 at 7:36 PM, Tomas L. Byrnes wrote:
>
> I strongly disagree. Since the vector of source attack against most CI
> is from the "great unwashed" protecting the "great unwashed" from being
> turned into zombies, or at least, if they are zombies, from being
> controlled, is a ma
On Tue, Jul 6, 2010 at 3:58 PM, Tomas L. Byrnes wrote:
> ...
> So the solution is to take what is currently an NP-complete problem for
> individual nodes: string matching and behavioral analysis; and turn it
> into a bounded problem across all participating nodes
that method is only applicable to
On Tue, Jul 6, 2010 at 3:58 PM, Tomas L. Byrnes wrote:
> ...
> Nope, hundreds of millions of people protecting their own property, and
> sharing information with each other, and thereby a network effect of
> protecting their neighbors and the 'net at large.
fair enough. if this aggregation is imp
On Fri, Jul 2, 2010 at 10:30 PM, Tomas L. Byrnes wrote:
> ...
> What is needed is a cyberspace version of an armed citizenry.
what is needed is preparedness and rapid repair. the science and
technicalities of critical infrastructure protection are clear. you
won't survive with top down prescripti
On Tue, Aug 26, 2008 at 4:46 PM, Rob Thompson
<[EMAIL PROTECTED]> wrote:
> ...
> If those that I know in the Military are denied their Top Secret
> clearance because they admitted to smoking a joint when they were in
> High School...
wow, that's pretty asinine. i've heard of the < 1 year recent u
On Tue, Aug 26, 2008 at 3:56 PM, Rob Thompson
<[EMAIL PROTECTED]> wrote:
> ...
> Personally, I don't know why Obama is even allowed to run. He should
> not be able to obtain a Military Security clearance. He has publicly
> admitted to drug use. Which as far as I have read, immediately
> disquali
On Wed, Jul 30, 2008 at 8:21 PM, der Mouse <[EMAIL PROTECTED]> wrote:
>... I took a wild guess that
> they had simply opened UDP port 53, set up an IP-in-UDP tunnel on port
> 53, and bing! instant connectivity back home.
> ...
> Of course, this would have been fairly easy to defeat, if they had
>
On Tue, Jul 8, 2008 at 5:58 PM, David Boswell <[EMAIL PROTECTED]> wrote:
> This also bit me. ZoneAlarm components are installed as part of the
> Cisco VPN client.
i don't know if that is true or not, but whatever it is killed the
ability to route traffic on all our laptops (with the Cisco VPN cli
On Mon, Jun 2, 2008 at 5:16 PM, Drsolly <[EMAIL PROTECTED]> wrote:
> ...
> Telling people to "Practise safe Hex" was, I agree, pretty useless.
> Telling people to switch their operating system (or change their computing
> platform), and change all their application software, would have been even
>
On Wed, May 21, 2008 at 10:20 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> ... There are 30+ "databases"... and while the rhetoric
> machine says that "...information sharing is a priority..." and it
> probably would be a great idea to get this whole "listing" thing
> right, I wouldn't put a pray
On Wed, May 21, 2008 at 9:47 PM, Gary Warner <[EMAIL PROTECTED]> wrote:
> ... They have a machine called a "puffer" there, you walk
> into it, the doors close before and behind you, and you get hit by
> around thirty jets of air, while suction at the bottom of the "booth"
> sucks all your dust into
On Wed, May 21, 2008 at 2:03 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> ...
> Both the Port of Seattle and the federal Transportation Safety
> Administration reviewed the incident, including videotapes, and concluded
> their security system is sound.
dude, what's the point of security theater
On Thu, May 15, 2008 at 2:40 PM, Alex Eckelberry
<[EMAIL PROTECTED]> wrote:
> ... [ Ralph, his toys, and a pair of hookers ] ...
"Ralph's ambition is to one day become a politician."
this kid wins at life. partying hard on someone else's dollar with
vices a plenty... sounds like a candidate!
_
On Tue, May 6, 2008 at 6:36 PM, David Kennedy CISSP
<[EMAIL PROTECTED]> wrote:
> ...
> MBSS is urging cities to lock up their manholes to prevent terrorism
this is hilarious. lock up the man holes and turn a blind eye to the
open spans of fiber carrying pipe along bridges and overpasses!
nothin
On Fri, Apr 18, 2008 at 6:34 AM, Larry Seltzer <[EMAIL PROTECTED]> wrote:
> ...
> Help me out here, should I be "shocked" or "horrified" when I write it up?
"aghast" and "flabbergasted", these charming verbs are used to infrequently...
___
Fun and Misc s
On Mon, Mar 24, 2008 at 11:41 AM, <[EMAIL PROTECTED]> wrote:
> ...
> "Turned out to be a cat with cancer that had undergone a radiological
> treatment three days earlier," Giuliano said.
people who have undergone a radioisotope / dye scan during a procedure
have also been stopped for this reas
On Wed, Mar 19, 2008 at 11:38 AM, Dr. Neal Krawetz <[EMAIL PROTECTED]> wrote:
> ...
> This does not mean that Mike Kogut authored the document. For example,
> someone else could have authored it and then Mike converted it to PDF.
true. minor technical editing may have been the only role involv
On Sat, Mar 15, 2008 at 4:25 PM, Richard M. Smith
<[EMAIL PROTECTED]> wrote:
> ...
> http://wikileaks.org/wiki/FBI_-_Electronic_Surveillance_Needs_for_Carrier-Grade_Voice_over_Packet_Service
>
> According to the document properties for the file, "Mike Kogut" is the
> author of the document (See t
On Wed, Feb 27, 2008 at 10:19 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> ...
> This is still my favorite:
>
> http://www.youtube.com/watch?v=-1UJA94Hwgs
we all know the future of robotics lies in:
http://www.youtube.com/watch?v=6qOuVfcoRmw
(a long way to go to that basic pleasure model...
On Jan 30, 2008 2:18 PM, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
> ...
> I guess it would be a bad idea to block traffic based on the ttl and
> expiry of records with less than x seconds then..
particularly sites using DynDNS+BigIP (or equivalent) for redundancy,
load distribution, or fail over
On Jan 4, 2008 1:24 PM, <[EMAIL PROTECTED]> wrote:
> ...
> I was whining about the Javascript sandbox being basically busticated...
the trick is to use a bigger sandbox. virtual machines for browser
appliances with distinct sessions and address space is good thing;
just heavy weight at the momen
On Dec 21, 2007, Larry Seltzer wrote:
> Even so, there would be so much less testing to do, wouldn't there?
the beauty of a network based approach is the transparency and low
maintenance; but you don't get the visibility of on-host detection...
(SSL, large compressed payloads, etc) [0]
(and yes,
On Dec 19, 2007 8:51 PM, scott <[EMAIL PROTECTED]> wrote:
> ...
> Someone wrote me offline that "Have you never heard of DSS?"My reply
> to this person is :"That was a form of deception(or reception) at one
> time,that was secure.When it was released to the public,it either
> became more secure,or
On Dec 19, 2007 10:02 AM, John C. A. Bambenek, CISSP
<[EMAIL PROTECTED]> wrote:
> ... it *is* impossible to make wireless truly available
> over RF. I imagine it is theoretically possible to protect against MITM and
> that kind of stuff, but for it to be available, especially in a combat
> environ
On 9/11/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> ...
> Hmm, it looks like ToR is not so secure after all as a bunch of governmental
> users just found out.
the exit node sniffing isn't a problem with Tor but user carelessness
/ ineptitude. web2.0 and wireless are just as guilty. [0]
as
On 9/6/07, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> ...
> Well, we're screwed now.
i hope not. what does the justice department have to do with the FCC?
this is bullshit back scratching for the warrantless spying the
telcos did for our favorite uncle...
On 9/5/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
>...
> so most comcast machines send hash fragments over the web? or is it
> just port 443 traffic to legitimate sites? I tried googling but found
> only theory. If anyone has a good link I would appreciate it. It seems
> impossible to me that th
On 9/5/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
> ... What ever happened to looking at the C&C for
> incoming connections and ngrepping out the IP's ?
the C&C for storm and other advanced botnets has moved into
distributed hash tables and dns fast flux reached via multiple hops
(where each ho
On 9/5/07, Bruce Ediger <[EMAIL PROTECTED]> wrote:
> ...
> That's what a manager can understand, the 3 Great Traditions of Sarbanes
> Oxley: Rum, Requirements and The Lash.
i concur that Sarb-Ox is truly dark comedy at its finest!
oh the tales to tell...
best regards,
___
On 8/16/07, Blue Boar <[EMAIL PROTECTED]> wrote:
> coderman wrote:
> > ... [sha1 has been broken down to 2^69 or less
>
> For non-chosen birthday collisions. Not quite there yet, but on its way.
> Unless it has gotten worse since I last heard?
that's correct.
On 8/15/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Wed, 15 Aug 2007 08:29:05 EDT, Marc Evans said:
> > That said, I am not finding much in the area of public implementations
openssl 0.9.9 (devel) supports the ECC cipher suites.
> Well, the MD5 hash is well into "stick a fork in it, it
On 8/15/07, Imri Goldberg <[EMAIL PROTECTED]> wrote:
> This excuse obviously fails in an environment that uses interpreted
> languages (such as Python, or Perl).
aha, a clue to the continued success of c/c++!
___
Fun and Misc security discussion for OT p
On 8/12/07, Rob, grandpa of Ryan, Trevor, Devon & Hannah
<[EMAIL PROTECTED]> commanded:
> ...
> He's found us out.
>
> Now we'll have to kill him.
oh how i've longed for this day; say goodnight to n3td3v!
;)
___
Fun and Misc security discussion for OT p
http://youtube.com/watch?v=nCvmkxO5hoQ
apparently the "to catch a blackhat" segment will be delayed indefinitely...
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open
On 7/18/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote:
...
MAC address requests?? Did they mean IP address requests?
they meant ARP.
(also, google just implemented icons for gmail accounts? i'm hovering
over this link and a dune brain in a vat pops up, "Dude" ! ..now that
was a double take plu
On 7/13/07, Paul Ferguson <[EMAIL PROTECTED]> wrote:
Jihadi Squirrel:...
Militant squirrel:...
i'm pretty sure the dog eating squirrels were involved:
http://news.bbc.co.uk/2/hi/europe/4489792.stm
ever since the pine cone famine of '05 these mercenary rodents have
been causing trouble across t
On 7/13/07, Gadi Evron <[EMAIL PROTECTED]> wrote:
... anyone remember
back when the best effort would be deleting logs? :)
heh, "just wipe the logs" is like "just get the equipment"[0] these days... *g*
0. http://www.timesonline.co.uk/tol/news/world/europe/article655361.ece
"""
Officers from
On 7/13/07, Rob, grandpa of Ryan, Trevor, Devon & Hannah
<[EMAIL PROTECTED]> wrote:
...
> This is antiforensics. It is more than technology. It is an approach to
> criminal hacking that can be summed up like this: Make it hard for them to
> find you and impossible for them to prove they found you
On 5/15/07, Lawson, Joseph <[EMAIL PROTECTED]> wrote:
...
I could have sworn this list used to discuss security and funny stuff
instead of being 80 post flame wars.
consider the time wasted on this thread, and it becomes dark comedy indeed.
lol
[ re: godwin's law http://xkcd.com/c261.html and
On 5/13/07, Peter Evans <[EMAIL PROTECTED]> wrote:
...
Personally, I like the Malaysian Government's version:
The Malaysian Government has stated that it will not ask Google to censor
sensitive areas in the country because it would, de facto, pinpoint which
locations it deemed sensitive
On 2/15/07, Rob, grandpa of Ryan, Trevor, Devon & Hannah
<[EMAIL PROTECTED]> wrote:
...
Forget factoring primes of huge numbers: red herring. (Generally, everything
you
know about quantum computing is wrong.
while this is true to some degree, dwave is overly anxious to dismiss
any cryptanalyt
and private here!
LOL!
finally, some humor on this list again...
*g*
signed: coderman, who reads $infosec-list digests via narus tap, just
like the $TLA's and nosey nanog opers.
___
Fun and Misc security discussion for OT posts.
https://linuxbo
On 11/21/06, Gadi Evron <[EMAIL PROTECTED]> wrote:
On Tue, 21 Nov 2006, Krpata, Tyler wrote:
> ...
> How many?
Discussed with me alone over the past few months? More than dozens.
only a few dozen? clearly you need to be drinking more cough syrup! [0]
---
really though, the premise of this r
On 10/29/06, Peter Evans <[EMAIL PROTECTED]> wrote:
...
That's easy.
Run a squid proxy, in transparent mode if you can so people can't
avoid it.
pipe log through program = instant porn rss feed!
add some wavelet decomposition pattern matching for culling non-pr0
46 matches
Mail list logo
