that merely visiting a malicious web page won't be enough to
expose onself to arbitrary code execution, or uninstall QuickTime and use
some third-party player that has partial QuickTime support, like VLC
(http://www.videolan.org/vlc/) or MPlayer (http://www.mplayerhq.hu/).
--
Dan Harkless
http
companies, spies, and gangsters have hacked CALEA for fun and
profit, as have the Russians and probably others, too.
The full column is at:
http://www.pbs.org/cringely/pulpit/pulpit20030710.html
--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/
XP boxes is), there are
other ways an attacker could gain control of your machine. Particularly if
you're running only ZoneAlarm rather than ZoneAlarm Plus or Pro, since it
doesn't notice DLLs getting changed.
--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/
from untrusted sources, which
includes DNS.
Since this was publically disclosed before a patch was available, I'm sure a
lot of people would be interested in knowing whether attempts to exploit
this are detectable in the syslog in sendmail's default configuration.
--
Dan Harkless
/installing plugins automatically, or, to exploit
this would you need to entice a user to manually place your .api file in
their plug_ins directory (or run an installer program that would do so, in
which case you could run arbitrary code anyway in the installer)?
--
Dan Harkless
[EMAIL PROTECTED]
http
desired just in case a true attacker
_is_ out there, but obfuscation will certainly protect against that 99.x% of
the population that _could_ download your tax return if they wanted to, but
won't (or won't figure out how to get the obfuscated info out of it if they
do).
--
Dan Harkless
[EMAIL
Nick FitzGerald [EMAIL PROTECTED] writes:
Dan Harkless [EMAIL PROTECTED] wrote:
Just to clarify, this is only true when using Windows Explorer.
Are you sure? My understanding when this last came up a year ago was that
email programs (at least the Outlook variants) also obeyed
veyou.txt.vbs" email worm).
Personally I don't feel safe on a new Windows box until I turn off "Hide file
extensions for known file types" and then use regedit.exe to find all
instances of "NeverShowExt" and rename them to "disabled_NeverShowExt".
-------
).
They should have just said something like "The password at issue here is
distinct from the user's network logon password."
------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECT
st:" header, so multiple distinct servers can be
on a single IP. If you restrict based on IP, you'll block access to both
http://www.juicysex.com/ and http://www.bible-history.org/, should they both
be on the same box.
-------
:04PM -0800, Dan Harkless wrote:
What versions of Apache are susceptible to that "very long path" directory
listing disclosure bug? All previous versions, or...?
Yes, unfortunately. This bug probably was already in 1.2.x.
Martin
- --
[EMAIL PROTECTED] | Fujitsu Siemens
F
to the source. If they're already this liberal
with the source they ought to just open it to the world. Some bad guys
clearly already have access, so you might as well give access to _all_ the
good guys.
--
Dan Harkless
n the code.
------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
?
--
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
key to be
generated for each connection if your machine isn't blazing fast, but a side
effect is that this attack is prevented.
--
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do
years ago.
Thus the setuid man solution.
Now, one could certainly argue that with today's processor and disk speeds,
caching nroff results is no longer a significant savings.
------
Dan Harkless | To prevent SPAM con
rosoft/QuickTime-4.1.2/Sample.mov", but again, no crash.
----------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
nspecified (but
presumably different) security problem in cu and uustat.
------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention this private email
SpeedGate Communications, Inc. | address
. Below is the response.
--- Forwarded Message
Message-ID: [EMAIL PROTECTED]
Date: Wed, 17 Jan 2001 14:40:49 -0800
From: Stephanie Thomas [EMAIL PROTECTED]
Organization: SSH Communications Security Inc.
To: Dan Harkless [EMAIL PROTECTED]
Subject: Re: Bug in SSH1 secure-RPC support can expose
Dan Harkless [EMAIL PROTECTED] writes:
Rainer Weikusat [EMAIL PROTECTED] writes:
Dan Harkless [EMAIL PROTECTED] writes:
Using this grammar applied to the data we send to an arbitrary host
piped to the ident/auth port will reveal the process owner running
on a given port, even
Rainer Weikusat [EMAIL PROTECTED] writes:
Dan Harkless [EMAIL PROTECTED] writes:
Using this grammar applied to the data we send to an arbitrary host piped
to the ident/auth port will reveal the process owner running on a given
port, even though we initiated the connection.
Uh
ties apply to equally to GNU Emacs and XEmacs.
------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
hshow-charset-iso-8859-1 line does not work with quotes around %s.
A detailed description of the changes between 1.0.3 and 1.0.4 is available
from:
http://www.mhost.com/cgi-bin/cvsweb/nmh/ChangeLog?r1=1.40r2=1.71
For more information on nmh, please visit:
http://www.mhost.com/nmh/
Thanks
(at least those using latter-day versions
with MIME capability) are also strongly encouraged to upgrade to nmh 1.0.3.
--
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention
24 matches
Mail list logo
