If it makes anyone feel any better, I did get a message from Trend
anti-virus, "Action: Clean Failed (Moved)"
Of course that was on or about the time the Command Prompt appeared on
my screen...
Dave Bujaucius
-Original Message-
From: Premek Marek [mailto:[EMAIL PROTECTED]]
Sent: Wednes
On Tue, Mar 05, 2002 at 04:11:14PM -0800, Jon Erickson CCG wrote:
> In addition... Running VPN over unWEPed wireless still leaves every
> other network connection that is on the same segment as the wireless
> access point vulnerable. ARP poisoning attacks over wireless can
> provide some unexpe
Nothing happened here eitherafter I adjusted my security level to high in
IE...security vs. usability.once again..
Seal it in concrete and through it off the dock.then it'll be secure.
-Original Message-
From: Premek Marek [mailto:[EMAIL PROTECTED]]
Sent: Wedne
Didn't saw anything happening except an error message and a window ask me if
i wanted to debug... Visual C saying that problably.
I have iptables on the linux box but wasn't it supposed to go trought it?
Or maybe it just doens't work.
Windows 2k
IE
No patches, no SPs ... nothing!
- Origina
nothing happened to me either!
-Original Message-
From: Premek Marek [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 06, 2002 11:15 AM
To: leon
Cc: [EMAIL PROTECTED]
Subject: Re: scary site
> http://www.liquidwd.freeserve.co.uk/
> Try it with a windows machine and IE with all patches
Allchine has also admitted the test where they proved that it was not possible was
rigged. There is a story on it on slashdot.org. I believe it ran yesterday.
-Kit
>>-Original Message-
>>From: Chris Payne [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, March 07, 2002 6:55 AM
>>To: Nina V
What does the site do? I'm a tad leery of browsing to that URL without
knowing what's about to happen, and I assume from the thread that something
does indeed happen.
Thanks.
Jon Bonner
-Original Message-
From: leon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 11:30 AM
To:
If possible, turn of scripting (assuming your using IE)...that will prevent
it from running. Also it generates all kinds of alerts on my AV software
- Original Message -
From: "leon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 05, 2002 12:30 PM
Subject: scary sit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi everyone,
I have gotten a lot of on list and off list mail about the link I
sent out.
I would like to clarify a few things. First it only appears to work
with XP, IE 6 and all patches installed. Other versions of win and
IE do not appear vulner
Port 12345 is Netbus. Definitely want to block that. Not sure what Ivan
meant by, don't block ports. I think that's exactly what you should do.
That's one of the main functions of a firewall.
-Original Message-
From: Ivan Hernandez [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 0
Gotta agree here (beside the BSD comment), active retaliation is simply a
poor idea because the false positive problem. We have seen some amusing
self inflicted customer DOS attacks due to this issue. Additionally, some
vendor RST "retaliation" relies on the fact that the monitoring interface
ca
I don't understand your logic with this response, What would separating them have to
do with this kind of hole? Lets face it, software, no matter who makes it, will have
holes. Its part of life. I don't want to get into a religious war here, but please
explain how taking IE away from MS wou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The problem with turning of scripting is that it "breaks" most of
ie's functionality. I have gotten a lot of offlist and cc'ed to the
list mail about this. I am sorry for not being more specific
earlier; it worked for me running win xp, ie 6 and all
very true
retaliation is illegal
dp
- Original Message -
From: "Mike Gilles" <[EMAIL PROTECTED]>
To: "'McCammon, Keith'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, March 06, 2002 1:49 AM
Subject: RE: IDS that retaliates.
| Just as
didn't the coroners toolkit from wietse venema and consorts do something
like that?
There's other interesting reading there, too.
http://www.porcupine.org/forensics/tct.html
-M
- Original Message -
From: "John Daniele" <[EMAIL PROTECTED]>
To: "Mike Donovan" <[EMAIL PROTECTED]>
Cc: <[EMAIL
Workstation has no need for net access except one web site. Want to restrict
workstation to only have access to one website. David
it is ismple java script that loads cmd.exe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Do both! Layered security approach is always the best.
Mark
- -Original Message-
From: Ivan Hernandez [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 06, 2002 12:49 PM
To: [EMAIL PROTECTED]
Cc: ASBB11; [EMAIL PROTECTED]
Subject: Re: p
Disable Active Scripting and this web page no longer works.
Much thanks to my associate Kevin Ladd for assisting me on this one.
Jeremy Shelley
MCSE, MCT, MCIWA, CIWCI, CCNA, A+, Net+, I-Net+
-
T
My F-Secure AntiVirus blocks it on my Win XP machine, and correctly
identifies it as "virus"
"Exploit.CodebaseExec"
I run F-secure AV 5.31 build 8050 on Windows XP Pro
At 19:14 6-3-2002, you wrote:
> > http://www.liquidwd.freeserve.co.uk/
> > Try it with a windows machine and IE with all patch
On Wed, 2002-03-06 at 10:15, Mike Carney wrote:
> If you turn off active scripting in IE it stops it from happening. :(
actually, you don't need active scripting enabled. see here:
http://security.greymagic.com/adv/gm001-ie/
> The downside is that a huge portion of the sites I visit ne
> Saw the same thing on a Hungarian site. If you turn off active scripting
> in IE it stops it from happening. :( The downside is that a huge portion of
> the sites I visit need scripting enabled.
My dad tried it on Win XP with IE 6 and (AFAIK) all updates, and it worked
every time except when
Hi All, Leon, I just tried your great tip for a change and I clicked on
http://www.liquidwd.freeserve.co.uk/ with a fully patched W2K machine (with
PC-cillin installed) and got the following message (having it set to
Quarantaine in all instances, with a final delete if no succeed):
Begin snippet:
I think you are mistaken. Javascript can display directory contents to
the client browser, but not transmit that info back to the server.
Unless I am mistaken ;)
On Wed, 6 Mar 2002, ruler wrote:
>_There are also sites that will let you view all of your directory trees,
>_which a server could ea
With the security levels on my system adjusted to a custom level NOTHING
happened and on another test system, AVP caught it. All boils down to
using some common sense when making your security settings
Chris Chandler
MCSE, A+, Network +, MCP-I
-Original Message-
From: Nina V. Levitin [ma
Well, those usually just have a link to c: there. So it tells your
machine to tell you what the files are. The server never knows about it.
Of course, if they have access to that if they have access to cmd.exe
(which is far more scarrier).
As a note, it does work on XP+IE6.0 patched. XP+Opera 6 i
Hello every one,
I'm a newbie. I've been lurking on this list for quite a while, and
never post a message before.
If I asked a question to the list: "Where can I found the FAQs about
NFS?", then someone replied me "Go Google", I would not consider it a
rude answer. The fact that I have not menti
> There are also sites that will let you view all of your directory trees,
> which a server could easily see all of your files. Which do you think is
> more scary?
There was a post about this on one of the other Security Focus mailing lists
a few days ago... that is simply a small bit of HTML o
MicroSoft has already restated that separating IE/Explorer is
impossible. It would cripple the OS.
So be it!
- Chrs Payne
On Wed, 6 Mar 2002 10:16:46 -0800, Nina V. Levitin wrote:
>This is yet another reason to stick with Netscape. And yet another reason why
>separating out Windows and I
WRQ's AtGuard 3.22, a now discontinued (for 2+ years) personal firewall and ad/pop-up
filter, blocks the exploit. I imagine that Norton Internet Security and Norton
Personal Firewall should do the same, as these products are built on WRQ's code.
Of course, they're really only blocking the pop-
NOTE: All opinions are my own and in no way reflect the views of my
employer.
Actually, the capabilities you describe as coming in the next 4
or 5 years for IDS are here or coming in the next year for central
monitoring consoles. By implementing it in a sensor-neutral system
you can implement a s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6 Mar 2002 at 14:21, ruler wrote:
Date sent: Wed, 06 Mar 2002 14:21:12 -0500
From: ruler <[EMAIL PROTECTED]>
Subject:Re: scary site
To: [EMAIL PROTECTED]
> There are also sites th
>= Original Message From ruler <[EMAIL PROTECTED]> =
>There are also sites that will let you view all of your directory trees,
>which a server could easily see all of your files. Which do you think is
>more scary?
Which is more scary? One is REALLY scary, the other is not scary at all. Th
Out of curiosity, what is it about IE that makes it especially vulnerable in
this case? Just looking at the html it seems the page uses standard
JavaScript functions...why wouldn't this work for other browsers?
Anil V. Singh
-Original Message-
From: ruler [mailto:[EMAIL PROTECTED]]
Sent
Hello,
does anybody know if it is possible to use a NIDS on a Token-Ring? A far as
I can imagine it shouldn't be possible.
Any suggestions?
regards,
Hagen Deike
In-Reply-To: <[EMAIL PROTECTED]>
All,
something to make you all feel better. I do this to all of
my servers, but had neglected to do to my own
workstationduhhh There are several .exe's
within the /winnt and /system32 directories that I
typically remove administrator and system a
Yes, IE6 on WinXP is vulnerable. I just finished testing it.
J.D. Meek
-Original Message-
From: Snow, Corey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 06, 2002 12:32 PM
To: 'leon'; [EMAIL PROTECTED]
Subject: RE: scary site
I'm going to have to retract my previous statement- I
Hay!
Try this:
app. Microsoft Internet Explorer -> Tools -> Internet Options ->
-> tab Security -> choose Internet zone -> Custom Level ->
-> Scripting -> set Active Scripting to 'disable'
After that, you shouldn't be afraid any longer.
If you set it up to 'prompt' it wil
Anyone have any links to (or copies of) Email Privacy Policies that I could take a
look at? Since we are preparing to implement our Border Scanning solutions, we are
starting to get gripes from some users complaining about privacy so I've begun to look
for examples of how other companies handl
Dear security-basic members
Since now, i have to be responsable of the log review on windows
machines, i am a complete newbie at this , can someone help me with your
experience
in this process?, Does somebody know about a tool or a "Best Practice
Guide" that let me know the most important points i
Ref: Ivan Hernandez <[EMAIL PROTECTED]>'s
message dated 6 Mar 2002, 15:49 hours.
>Don't block ports! close unknkow programs!
The DANGER with general statements is that many a time they are incorrect inasmuch as
the
all encompassing view does not take into account specific requirements
http://www.afina.es
On Wed, 2002-02-27 at 04:19, Manuel Peña wrote:
> Do you know someone that provide services of penetration of network?
>
> Thanks,
>
> Manuel Peña
> [EMAIL PROTECTED]
>
hi chad,
try :: http://rr.sans.org
or more specifically to your corporate interest
try :: http://rr.sans.org/audit/audit_list.php
they have a variety of papers regarding performing
audits within a corporate environment.
i`m sure you will find something of use for you there.
g`luck
rich
Sorry a typo. Address is www.osstmm.org.
Same as http://www.ideahamster.org/
Sorry for first error Wanted to reply to quickly
Max
-Original Message-
From:
Sent: jeudi 7 mars 2002 08:44
To: 'Chad'; '[EMAIL PROTECTED]'
Subject: RE: Security Auditing / Assesments
HI,
Try to start
Hi,
I made this search 2 month ago, whithout result.. It's not free. You can
buy a PDF copy at www.bspsl.com/17799.or at www.iso9000now.com .
Reagrds,
Max
-Original Message-
From: How ya Doin [mailto:[EMAIL PROTECTED]]
Sent: mercredi 6 mars 2002 00:00
To: [EMAIL PROTECTED]
Subject:
HI,
Try to start with the OSSTM : Open source Security Testing methodology :
www.osstm.org. A good place to start, and version 2 is really good.
Cheers.
Max
-Original Message-
From: Chad [mailto:[EMAIL PROTECTED]]
Sent: mardi 5 mars 2002 21:26
To: [EMAIL PROTECTED]
Subject: Security A
Hello Dennis,
TRy:
1. Languard S.E.L.M
2. Event Reader
Both can read NT event logs from hundreds of servers put it in a DB
and produce nice reports.
Idan Agmon
Tuesday, March 05, 2002, 10:41:13 PM, you wrote:
DD> You can purchase third part tools that can do this, or you can download a
DD>
scary, maybe
explained here:
http://security.greymagic.com/adv/gm001-ie/
advisory issued on Feb 25
igor'
- Original Message -
From: "leon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 05, 2002 9:30 AM
Subject: scary site
> -BEGIN PGP SIGNED MESSAGE-
> Ha
Start with the following two link:
http://www.itsecurity.com/asktecs/jan3702.htm
you can download the document from this location
and there are other good links
http://www.bt.com/bttj/vol19no3/kenning.pdf
this site has an overview of the security standard
"How ya Doin" <[EMAI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Did you check out http://www.iso17799software.com/ it might give you
what you are looking for.
Larry Lauer
2000 MCSE, CCNA, MCP, CNA
- - Original Message -
From: "How ya Doin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, Marc
Dave,
Here are some sites to check out. I prefer EventReporter.
http://ntsyslog.sourceforge.net/
http://www.eventreporter.com/en/
http://www.kiwisyslog.com/index.htm
http://www.winsyslog.com/en/
gs
"Dave Mee" <[EMAIL PROTECTED]> wrote:
Dennis,
Thanks for the reply. Could you possibly te
Password Assistant (part of NT Toolkit) from http://www.netikus.net claims
to be able to do what you need. I have not tested it myself.
Here is the description from the web site
It is a tedious task to update passwords on multiple machines. For example,
it can take you hours if you want to upda
Mark Crosbie wrote:
>What good does retaliation really get you though (apart from a whole
>load of legal headache)? Wouldn't "recovery" be a better goal to aim
>for?
We've often gotten requests for "firewall reconfiguration" or other types
of "reaction" - what's interesting to me is that all thes
Can't this be rejected via an application proxy fw. You can tell it to
block things like cmd.exe.
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> http://www.liquidwd.freeserve.co.uk/
>
>
> Try it with a windows machine and IE with all patches.
>
> Be afraid be very afraid.
>
> FYI
The document also known as BS7799 is not available free on the web.
Excerpts, reviews, and commentaries are available at various sites on the
web. We ended up having to pay for a copy from our national Standards
Association. The PDF file we got was permanently watermarked with our
company informa
This only works when being logged in as, at least, local Admin on 2k (and I guess all
of NT) ?
regards,
Milan
>>> "leon" <[EMAIL PROTECTED]> 05.03.02 18:30:21 >>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.liquidwd.freeserve.co.uk/
Try it with a windows machine and IE with all
Some of the Back Orifice detectors were the first to do this
that I know of. Since many people scanning for BO were actually
infected with it, it became a fun game for some people.
If the true attacker would want to take this a step further, they
would spoof the address of another ,or several
On Wed, 2002-03-06 at 06:22, Carr, Aaron [CNTUS] wrote:
> You may wish to clarify your meaning of "retaliate". When I think
As a HIDS we tend to think of "retaliation" (which is such an aggresive
term) more in terms of "recovery". So if someone deletes the password
file we can copy a recovery ve
Windows 98 SE + IE 5.01 SP2 + Outlook XP...
Nothing happened...
Mário Câmara
[EMAIL PROTECTED]
[EMAIL PROTECTED]
ICQ: 331 335
-Original Message-
From: leon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 05, 2002 2:30 PM
To: [EMAIL PROTECTED]
Subject: scary site
-BEGIN PGP
>= Original Message From John Daniele <[EMAIL PROTECTED]> =
>Could you point me towards SOFTWARE (not STM equipment) that would be able
>to recover data that had been OVERWRITTEN from a sector of a drive?
>i.e. dd if=/dev/zero of=/dev/dsk/c0t0*
>Read each physical sector of the drive and ex
I have Road Runner (I know...ick..hack...barf) and I see a lot of DNS
connections going to local broadcast addresses (68.39.224.255 using your
example). Could this be it?
HTH
Jeremy Shelley
MCSE, MCT, MCIWA, CIWCI, CCNA, A+, Net+, I-Net+
-
Do not allow activex controls!
(Embedded image moved to file: pic21548.pcx)
To:[EMAIL PROTECTED]
cc:
Date: 03/05/2002 11:30 AM
From: [EMAIL PROTECTED]
Subject:scary site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.liquidwd.freeserve.co.uk/
Try it with a windows mach
Question: a few weeks ago I installed Norton Anti-Virus 2002 on one of my
clients computers...I configured it with NAV Auto-Protect Enabled and Live
Update continually updating the virus definitions. when performing the
initial scan, 4 viruses were found and the files were quarantined. I later
Keith McCammon has already mentioned that retaliate almost always means,
"Active Response". There are a number of good technical, legal, &
business reasons for not choosing to actively respond in an enterprise
environment.
In fact, I don't know of anyone outside of a lab environment who has
turne
Ok, before you put any more words into my mouth, lets go over the basics:
(in very simplistic terms for better understanding of the core concepts)
What happens when a file is deleted depends on the filesystem upon which
it resides. Windows/DOS simply marks the file for deletion simply by
'hidin
I have a problem with this statement. Please clarify. IPSec VPNs, for
example, are not vulnerable to MITM attacks. Are you talking PPTP VPNs?
That's a blanket statement that is not necessarily true, so if you could be
more specific, that would help.
Brownfox
-Original Message-
From:
What is the consensus in regards to anonymously posting to security mailing
lists and USENET when discussing specific network configurations? Is it
considered the prudent thing to do? Is credibility affected? It doesn't
seem wise to me to discuss a specific vulnerability which points back to yo
67 matches
Mail list logo