Hi! This is the ezmlm program. I'm managing the
security-basics@securityfocus.com mailing list.
I'm working for my owner, who can be reached
at [EMAIL PROTECTED]
To confirm that you would like
archive@mail-archive.com
added to the security-basics mailing list, please send
an empty reply
We have a server that has been hacked. The hackers have put a tool that
turns of the IPC$ share. We checked the registry nothing there. It seems to
be time based but nothing comes up on the scheduler.
When we reboot for a while everyone can connect to the server but in a
minutes the ipc$ share
Hello!
I am looking for a good and secure Windows based Proxy Server other than
ISA Server with features like QoS, firewall, DHCP support, Integrated
with AD etc.
Regards,
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen
We are looking for a tool that will erase all data beyond recovery from a
hard drive. We going to get rid of few computers and do not want data to get
into anyone's hand. Both freeware and commercial ware are ok. Would prefer a
solution which is bootable from a cd (OS independent).
(Would prefer
On Mon, 2003-06-30 at 10:52, Hyperion wrote:
Hello all :)
I have been taking a more detailed interest in my pc's security of late,
and security for computers in general, and I am learning at quite a fast
rate, although there is a great, great deal of information to learn out
Hello all,
My redhat 7.2 is getting hacked very frequently even i
got a firewall.appended bellow is the nmap output. What may be the loophole?
% nmap -sA 202.xxx.xxx.xxx
Initiating ACK Scan against isp.com ()
The ACK Scan took 275 seconds to scan 1542 ports.
Interesting ports
Checkpoint a good white paper on where put it. It is obviously for their
product but you can use the paper as a knowledge base.
-SKP
-Original Message-
From: Potter, Tim [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 1:50 PM
To: [EMAIL PROTECTED]
Subject: Simple Wireless
their firewalls.
2-) It is, for the most part, illegal to run security tests on a network
that is not yours.
Be careful what you write about... you don't want to end up saying
something silly like... IDS is useless.
On Fri, 2003-06-06 at 12:29, [EMAIL PROTECTED] wrote:
I remember once reading that X
http://www.bayarea.com/mld/siliconvalley/business/special_packages/security/
6151122.htm
SKP
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top
, and stops using the list for
serious business, maybe it has become time for us to get back to
business. Just my .005 worth.
Greg Kane
SAIC
Senior Systems Security Engineer
CTSF-IA
Fort Hood, TX
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Saturday, June
diagnostics use MBSA (
http://www.microsoft.com/technet/security/tools/Tools/MBSAhome.asp ),
which enables you to scan your system for *most* known flaws.
Hit windows update every Thursday afternoon, as that is when 99% of
the patches are released.
Regards,
Shawn K. Hall
http://ReliableAnswers.com
Do you mean something more than what comes built in? The EFS?
Jeff
-Original Message-
From: Martin Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 3:01 PM
To: [EMAIL PROTECTED]
Subject: Hard Drive Encrypting
Good Day,
I have a need to encrypt the
by this is that;
if Word is used to protect certain parts of a document than it should not be
possible to use Word to unprotect that document just by saving in a
different format. A PDF is a good example. Once you set security on the PDF
document all PDF readers honor that security they don't let you save
How do vigilante software rate among scanning products?
-SKP
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 12:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Scanner Software Question
Importance: High
Retina is great. Whenever you run it,
this page in word and all the protection is gone. No need to know the
password.
Microsoft evens documents this in their help file. Should this not be
considered a security violation from a user point of view
SKP
---
Evaluating
That makes absolutely no sense. Plus I am not looking for a philosophical
answer. I was looking statistics for marketing. Does anyone know of a good
reference site for firewall and other security statistics.
SKP
-Original Message-
From: Justin Pryzby [mailto:[EMAIL PROTECTED]
Sent
I remember once reading that X amount of firewall's are misconfigured. Does
anyone know where I can get this statistic from? We are making some new
marketing material and I would like to include this stat in it. A quotable
source would be great.
Thanks
SKP
I have been looking for the source of security training teaching material. I
was looking for teaching material in all fields of security including
forensics, basic security, CISSP readiness etc.
A point in the right direction will be very helpful.
SKP
---
The Hebrew University of Jerusalem maintain a very usable list of Microsoft
hotfixes and service packs.
http://secinfo.huji.ac.il/microsoft_patches.htm
If you want the information direct from the horses mouth, then go to the
Microsoft Security site.
You can pick your base OS or application
that could get you into legal
trouble) should be stored encrypted within the database. In addition to
this, security features built into the database should be used and default
accounts disabled. Oracle comes with up to thirty (30) default usernames
and passwords, some of them with dba privelages
about download managers- do they pose are
security risk? Any known to be trojaned? The one I use is GetRight, does
anyone know if this one has known security issues?
Any thoughts appreciated, thanks.
Leon
Go to sourceforge.net and search for Firewall floppy. You will get lots
of already stripped down versions. You can run these firewalls from a
floppy and also from a hard drive if you want to enable logging.
Leo
Justyn wrote:
I'm a home user rather new to firewalls. I have a spare pc I want to
Greetings,
I've read about a way to secure webservers, which must not be directly
exposed to the Internet, using a reverse proxy, e.g. MS ISA Server or
Squid on a UNIX box.
Now my question would be: Has anyone experience with that? Is it really
more secure (compared to firewalling and port
I've been following the thread on FTP servers in the DMZ with interest.
I'm curious as to how it applies to a server providing VPN access using
Win2k Server's Routing and Remote Access.
Given that the VPN is supposed to give access to the private network to
external clients (who can
that's going to be donated or thrown away?
Preferably something thorough?
Thank You
Steve Champion
Sr. Data Security Analyst
The Methodist Hospital.
[EMAIL PROTECTED]
It is generally not good to change the OS parameters. If its detectable,
let it be. Best thing to do is to unplug all the holes on regular basis
and configure your firewall to work at its optimum.
Leo
Ethan wrote:
There was just a thread about this on the honeypot mailling list
([EMAIL
IMHO SuSE is the best. As regards security, thats something you will
have to take care of yourself. All OSes are a bit insecure out of the
box. SuSE is easy to install and configure. They have a configuration
tool called YAST2 which is excellent. Its the most popular Linux distro
in Europe
:45 PM
To: [EMAIL PROTECTED]
Subject: ghostly mail ports
Hi, im new to security and this is my first post, so be gentle :)
I have a fairly good understanding of the tcp/ip model and i think i
understand what ports are for! but i cant understand that on my box, i have
the 2 default mail ports (25
and may be
used only by Grommie Corporation employees and only for work-related
purposes. The Grommie Corporation reserves the right to monitor use of this
network to ensure network security and to respond to specific allegations of
employee misuse. Use of this network shall constitute consent
In my opinion you can consider providing the option of secure /
encrypted access to the mail through the web.
regards
Leo
Link, Jennifer wrote:
We are looking at provided mail access via internet connection (home,
internet cafe, library etc.) and I'm trying to research what vulnerabilities
Are you Natting? If not you may have to open up the return UDP reply.
-Original Message-
From: Ahmed.Shazly [mailto:ahmed.shazly;hotpop.com]
Sent: October 16, 2002 8:15 PM
To: [EMAIL PROTECTED]
Subject: Can't Resolve from behind firewall
Hi everyone,
I Just got a PIX 501 for my
to
their clients and score brownie points with their large government
customer base who promote keeping the public in the dark.
I'm going to have to write angry emails to all the Foundstone employees
I know now...
Regards,
Greg van der Gaast
Ordina Public West
Security Services
-Oorspronkelijk
Have you read the TRO? Foundstone is stopping use of their algorithm. I
think they a right to do that. Netobjects is free to release a product
with their own algorithm.
-Sanjay
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 10, 2002 11:45
And I'd say to visit Windows Update weekly, if not
daily.
MS usually only posts updates on Thursday evenings - if updating
is a hassle for you - or checking every day is not an option,
I'd stick with Thursdays.
Regards,
Shawn K. Hall
http://ReliableAnswers.com/Virus/
NT breaks its passwords into two - encrypting each half separately.
Unfortunately, this makes it really easy to hack NT passwords, even if
you think you are using a good one.
-Original Message-
From: netsec novice [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 5:13 PM
HELP!!
If you have this file, PLEASE point me in the right direction
to download/retrieve it!!
Thank you!
Kenny Ansel, Sytex Group
Network Security Instructor
MCP+I, MCSE, CCNP
608-388-8801
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
I have found the way, and the way
BTW: just wanted to point out that my Corporation does have full and current
licenses for the number of devices we use NHM with :)
Sorry, no blackmail or today.
-P
-Original Message-
From: Security Newsletters-TM
Sent: September 19, 2002 2:12 PM
To: 'Guerra, Ralph'; Security
Sorry for the length but this is a real problem to me!
I've spent a lot of time reading this forum but only recently, due to
budget cuts, been forced into a security position. And now I'm having a
BIG problem! One of my networks (NOT Knightworld.net!) has a file server
that is occasionally
]
Subject: Too much security?
Not sure if this is the right forum but here goes...
I seem to have too much security when trying to set up a VPN between
two
offices.
The setup: Remote user running Windows XP (or 2000, or 98, etc.) setting
up
a VPN to connect to a remote office.
Corporate office
I've read differing opinions about the ease of use of Slackware - what
are your personal opinions? Is Slackware more secure 'out of the box'?
From what I gather Slackware is a little harder to learn than Redhat,
but a little more... configurable? Am I right? I have no problems with
the LAN. The mail server inside the LAN will
only talk to the mail server in the DMZ on port 25 only.
If people need access to mail from outside the office than they should
be restricted to a VPN solution only. Even for a web based solution.
Most web based solutions have too many security issues
Becky2 for
Win32 and Ximian Evolution for UNIX to suit most of my needs.
Of course, for the command line freaks, I must also mention 'mutt',
which can be compiled with Cyrus-SASL, too.
- Jonas
--
Security [EMAIL PROTECTED]
I wanted to download SamSpade from their website. Their
website is down since last several days. Does anyone have
any idea of any other place I can get it. Moreover please
recommend any similar tools. I want to trace someone using
proxy servers and would like to check the logs of proxy
Allowing any port (SSH included) go through the firewall\gateway to the
internal network is quite a back door , SSH is not immuned , and as we
seen not so long ago had a its share of security holes, I would suggenst ,
if you need remote control over a computer , stick a modem
Use product from fwbuilder.org nice gui to help you do Nat and port
forwarding.
Sanjay
-Original Message-
From: Giri Sandeep [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 12:08 PM
To: Muhammad Faisal Rauf Danka
Cc: snaqi; [EMAIL PROTECTED]
Subject: Re: IP AND NAT
Well,
For
--
Glenn Schoonover, MCSE Director of Security and Internal Systems
[EMAIL PROTECTED] http://www.inter.net
12120 Sunset Hills Road Inter.Net
Suite 410Office : (703) 456-3917
Reston
The desktops are cleared and protected now, but the file server space keeps getting
chewed up by copies of the worm. Also, having an uncontained worm on the file
servers is no good for my sleeping habits. How the heck can I get Nimda off my
fileserver?
Try something like ServerProtect from
I meant really in the background... I know that something's running if it's
in the system tray... ;)
Can they run beyond the reach of ctrl-alt-del and the taskbar? If so, is
there some way of detecting this (and any other programs) that may be
lurking?
Yes, its very well possible, but you
I'm reading more papers about how generate exploits, but where I can find
good information about buffer overflow, smashing the stack, etc.
I just recently found a good example, which is actually going into the
details;
http://www.radsoft.net/security/mudge.html
You will find some more
Try turning the MTU down to something like 1394 or similar.
This made a big difference on my home setup, running over a cable modem,
YMMV.
Actually, the current recommendation of an MTU which should work in
any case is a nice number: 1414
--
Security [EMAIL PROTECTED]
What programming language/s is/are used for
developing a software firewall like ZoneAlarm or NIDS
like Snort or Scanners like netcat, nmap etc.?
Thanks
on a open source UNIX or ignorant about ipf at all, please take a look
at:
http://www.obfuscation.org/ipf/ipf-howto.txt
or the HTML version:
http://www.obfuscation.org/ipf/ipf-howto.html
IMO, talking about security and Linux in one breath seems to be a common
issue on this list anyway. I suggest
Hi :
The textutils package resembles the GNU text file (actually, file contents)
processing utilities. Most of these programs have significant advantages
over their Unix counterparts, such as greater speed, additional options,
and fewer arbitrary limits. The programs that can be built with this
Have you check for viruses?
// Patric
-Original Message-
From: Netsult [mailto:[EMAIL PROTECTED]]
Sent: den 17 mars 2002 07:00
To: Dean Fox; [EMAIL PROTECTED]
Subject: RE: someone stole my mail account to spam others :-(
It sounds like your email server is open to relay since
With regards to the below, how do you restrict access to administrator
only?
John R
This is a fat32 format, there is no security tab.
John R
Hello Pavel
I refer to the mail from 'leon' which refers to the following link[1]
which describes how you can sniff in a switched environment.
Actually, the techniques described in there are not The Right Way[tm] to
sniff out your switched environment, if you have access to your switch
Did you say your boss was a moron about security... ;-)?
First, be careful. Unfortunately it could be construed as illegal
activity without a get out of jail note from your boss, your boss's
boss or someone of authority in your company.
Another possible approach might be to set up a snort box
While we're talking about snort, I have two questions. Is it better to give snort
it's own machine, seeing that it will be in charge of about 15 machines, and I am
looking at either Demarc or ACID. Any comments anyone?
Thanks
On Mon, 11 Mar 2002 13:18:39 -0500
Mike Carney [EMAIL PROTECTED]
Why would this be? REgular users can execute cmd.exe?
-Original Message-
From: Milan Goellner [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 06, 2002 11:34 PM
To: [EMAIL PROTECTED]
Subject: Antw: scary site
This only works when being logged in as, at least, local Admin on
be a better goal to aim
for?
Mark.
--
Mark CrosbieIDS/9000 Product Architect
http://www.hp.com/security/products/ids
Hewlett-Packard MS 47 LA[EMAIL PROTECTED]
19447 Pruneridge Avenue (408) 447-2308
Cupertino, CA 95014 (408) 447-6766 FAX
I am running Citrix nfuse on a IIS 5 server and attempted to install the
urlscan.exe from M$. I have very limited knowledge on web servers and
everytime I install the urlscan it kills the ability of clients to download
the citrix web client (ica32t.exe) file. Like I said I have very limited
I am using ZoneAlarm version 26362 Now
yesterday I updated my MSN messenger from 45 to
version 46 After that whenever I connect through my
ISP, I get the following message upon connection:
The firewall has blocked routed traffic from 4000
(UDP Port 1028) to 4000 (UDP Port 1900)
Is
I have found the following information from arin.net
about 4.0.0.0. This is regarding my earlier post on
problem with zonealarm
GENUITY (NET-GNTY-4-0)
3 Van de Graaff Dr.
Burlington, MA 01803
US
Netname: GNTY-4-0
Netblock: 4.0.0.0 - 4.255.255.255
Maintainer:
Assign reservations IP to the MAC address's through your DHCP client on
what ever OS you are running.. Donot assign any IP's to any not hardcoded
address's.
It is alot of work to do manualy but if you build a script it should not
be that hard.
If you are using Windows NT/2000/.NET
be install a sniffer or something like that on the router. In
other words, can i execute any executable file on the router?
Thanks in advance
kartik
--
Chief Security Engineer | Daniel Fairchild [EMAIL PROTECTED]
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
--
Chief Security Engineer | Daniel Fairchild [EMAIL PROTECTED]
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
I am new in security but experienced in software
development. I am thinking of developing a software
firewall for desktops. I want it to work like ZoneAlarm.
Do you think C and C++ will be the best languages to
develop this software as well as the techniques of
socket programming
:47 +0100
DocValde [EMAIL PROTECTED] wrote:
Hallo Enphourell Security,
am Samstag, 26. Januar 2002 um 10:27:50 schrieben Sie:
ES Which OS do you guys think would make the best firewall, OpenBSD or Linux?
What a question! My first thought was The one you're most familiar
with!. But well
Which OS do you guys think would make the best firewall, OpenBSD or Linux?
I was contacted by a company stating my sql server was probing their
network. the log files are as follows
log record count for source ip
10.10.10.2 10.10.10.2: 255 (this is the ip address of my sql server)
log record count for destination ip
log record count for destination nets
172.21.0.0 :
--
--
Enphourell Security
[EMAIL PROTECTED]
www.enphourell.com
---
Content of this electronic message is intended only for the persons and/or entity
to which
products for the
Unix-based OSes.
Thanks,
Rich Richenberg
Technical Security Manager
Peregrine Systems, Inc.
3611 Valley Centre Drive
San Diego, California 92130
(858) 350-5792
fax (858) 481- 1751
www.peregrine.com
This message is intended for the addressee(s) only and contains
, Intranet and Internet.
Im unsure if anyone has developed this kind of document before, but if
anyone has anything that they feel may help, please pass it on. Can anyone
help?
Thanks
_
CSIRT.WS (Computer Security Incident Response Team
_
CSIRT.WS (Computer Security Incident Response Team - World Site)
75 matches
Mail list logo
