RE: [Full-Disclosure] Re: Windows Registry Analzyer
No, it would be completely useless. In case you didn't realise, the registry is not an ASCII text file, it's megabytes of unintelligible binary gibberish. Since Windows 2000 regedit exports registry in an Unicode LE text file. Not ASCII but quite intelligible text ;) Yes but win2k / winxp regedit can export both ASCII as well as UNICODE - aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows Registry Analzyer
Anyone know of any free tools to analyze what changes have been made to a Windows 2000/XP registry? Regmon - www.sysinternals.com best and free Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows Registry Analzyer
You can, of course, use regmon (sysinternals.com) to monitor the registry 'live' while changes are being made, however it sounds like you want a product that would analyse the reg, then re-analyse after installation, and report on changes. I don't know if a free tool like this exist but norton cleanup and other tools like this do this job very nicely - aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Bios programming...
Title: Message does this not look like a big brother watching scheme ? and with what areu trying to do how can u monitor if I access all the things from my own proxy over encrypted tunnels using my own custom protocol encapsulated over tcp/ip. u cannot detect it but from your post it look like u want to hook your girl friend's or bosses computer. better watch where u are asking question :) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt MarooneySent: Friday, March 04, 2005 12:15 AMTo: full-disclosure@lists.netsys.comSubject: [Full-Disclosure] Bios programming... I am trying to write a program to help people who are addicted to internet pornography. This application would be tied into an online service where someone could sign up for monitoring, and download a thin client app. The application would run in the background of the person's computer, and upload the person's internet activity to the website. The service would then email this activity report to designated recipients. I have most of the knowledge to create this service, but I need to know how to do a couple things: 1. I would like the program to be "un-installable". I've heard of a couple of hardware security tracking services that can load a very small setup package in the CMOS and if a computer is stolen, and the hard drive is replaced, the app reloads itself and the next time the computer is on the internet, it sends out a beacon. Does anyone have any insight about how to do something like this? I want the CMOS program to run on boot, and check to see if the monitoring software is still installed. If it is not, the boot process reloads it. 2. obviously, the program does not need to be very large, so I want it to run in the background and not be visible to the computer's user.This is easy, I know, but I want the process to be completely invisible. (even to super-geeks) 3. I would like to figure out a way to monitor traffic for multiple protocols (HTTP, FTP, File Sharing, Chat, etc.). I'm wondering if there is a way to figure out "bad" requests on a packet level. I really appreciate any help with these questions! Thank you all, -- Matt ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Bios programming...
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Marooney Sent: Friday, March 04, 2005 01:35 AM I want this software to help people who want help, to keep them honest, and unaware that their system is monitoring activity. I still don't see any reason why u should be doing all this. And I would certainly not want anyone to know what I am watching much less random persons on the net... Most of the other services out there are very in-your-face or they only monitor one type of traffic. The BIOS requirement was to keep the users using the system. If they take the machine in to BestBuy to get it serviced, and the tech wipes or replaces the hard drive, the poor guy doesn't remember to reload the monitoring software. U already get a lot of monitoring software like that - and they can also be very stealty like actmon just make it a part of the installaion cdrom so now when someone wipes the hdd and the user does a install it gets reinstalled I'm open to other suggestions, I just want to make it next to impossible to delete (without the admin password, of course), and invisble to operate. tell me how me people are going to use a guest accont on their own computer and then be able to use the computer normally ? -aditya ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Bios programming...
I'm banking on the probability that most people don't even know what a BIOS is. If your main security is through obscurity then just wait untill someone post a way to bypass this program and removal instrctions on the net. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: Re[2]: [Full-Disclosure] Things that make you go Hmmm
looks like stupid promotion of pivx is it? Yes and this is making pivx gain a lot of negative mind share Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Things that make you go Hmmm
Then again on the other hand, if they're not promoting themselves, they're still just that stupid since they're using the seclist to send email back and forth between each other. No, it seems that they are somehow using reply to all without seeing where the mail is going ;) Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] client - server
I mean: Looks like some thing else is being used over here - a simple ip check doesn't work with dynamic addresses... yes - cookies can be deleted Yes - computer name can be changed They cannot get your host name / domain name untill u or your isp have setup the rdns names or u are setting up some kind of domain names - mac address can be changed (even I wasn't able to, because I have a usb dsl modem and I cannot change its MAC working with regedit or using tools like smac ) U don't need to change all this because the website cannot see you mac address unless u are in the same network segment Anything else ? How the hell do they recognize me ? I think they do not recognise you but they have simply banned the whole class C / B where u live on the net - nothing to guess this way ... Matteo Giannone Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Google Search and Gmail Correlation
As you write, this is not a bug per se, the cookie mechanism is working as expected. It is also obvious that such an approach may raise privacy concerns. Mostly all the list would be using mozilla - just use the option to accept cookies for this session only and u are done... -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] GAIM exploit
By sending a file to another GAIM user, you can cause their GAIM client to crash and completely close GAIM down. U don't have to send a file to do that gaim does that on its own without any outside help over here ;) -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester
But cutting off 82% even before the DATA command is not too shabby. OTOH it is a sign on how bad mail has become if more than 80% are plain junk even without looking at the content. Amd it is going to get worse from here! Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester
Hashcash isn't even a tiny speed bump if you're a spammer and have 50,000 zombies - each one only takes a 5 second hiccup and continues spamming Hashcash and other systems that rely on some sort of check summing is going to cause problems and hence their adoption is always going to be under a cloud ! For me the best possible thing to do is to put up a openbsd server with postfix / clam av / spam assassin / amavaris combo 1. postfix will reject 90% of the spam during the initial handshake stage - by using a variety of dns / mx resolution tricks 2. clamav and spam assassin integrate into postfix so that you don't have to accept the spam the server can even issue a 550 in the middle of the data stage 3. using some known blacklists like spamhaus and rbl will cut down spam to 99.9 % With a combo of all this : no spam - we do not have to worry about our address being leaked. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Administrivia: Goodbye
I'm officially retiring from everything and no longer involved Len Rose Good Riddance. J.A. Terranson [EMAIL PROTECTED] Good Riddance. Will be when u get off this list not len. But sadly it's the opposite way around so we all will be missing u len -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] state of homograph attacks
The actual bug referenced by Gerald is that if you use about:config to set it, it *works* without having to restart, but at the next restart of the browser, the setting no longer works... Isnt there a way to make this survive browser restarts ? Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Network Security in India
ALD Subject: [Full-Disclosure] Network Security in India ALD I had a brief stint Primus Telecom in delhi ( www.primus-direct.com). ALD It has a flat network with absolutely no security. The routers as as ALD vulnerable to any known exploit and the same applies to a few web ALD servers they host. The basics such as patch management is never taken ALD care of. that is what you will find almost anywhere in the world. ALD This mail doesnot intend to harm any one but i want to know is this ALD the way major ISP around the globe function. ALD The company functions on illegal frequencies (Primus's major ALD customers ALD connect through RF links). I have the proofs to show that they do ALD function on frequencies not allocated to them and during ALD routine check ALD ups by the DoT ( Department of Telecommunications Govt. of ALD India) They ALD have to change the frequency for a while and do favors to the Govt. ALD Employees to keep the business going. this should be a *major* violation, please report this to through the correct channels instead of sprouting it over here... ALD Well this is not my concern but somehow this seems unhealthy. Is this ALD a practise worldwide. ALD During my interview with a company major i insisted on my security ALD conern but the company was least bothered. ALD Would someone tell me is this the way the whole industry functions. ALD Inspite of reminders to the company that any lamer has the potential ALD to run them out of business by bringing their whole network down ALD within a few min( which includes the ETBwmgr , the netcache box or ALD even the main router(7500 series with a backup)) has been ALD given a deaf ear. then if they go out of buiness they deserve it and if this is the case they will soon... ( i do not know if this is correct ) please use the correct channels to report this voilations Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] [VirusTotal] Scan result (fwd)
ALD Does anyone have more information about ALD http://www.hispasec.com/; who ALD runs virustotal. I don't feel comfortable sending binary to some ALD company that I have no information about. hey if the binary is infected and does not contain any hardcoded sencitive info what do u care about the owners of the website ? if the file does contain any senctive info then the programmer / software co deserves a swift kick on some where -aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html