Hello,
I would add my question.
I'm installing WP and MySQL for it. I installed accounts and MySQL hashed
passwords. So, it's secure.
However WP config file uses clear text password to communicate with MySQL.
Config file more likely will stay as 755 on my Linux
and being a bit off the list topic. However, we
sometimes should discuss things leading to insecurity.
Mikhail Utin, CISSP, PhD
--
Message: 1
Date: Thu, 16 Jan 2014 12:00:18 +0100
From: ?micier Januszkiewicz ga...@tut.by
To: gold
Hello,
I'm on your side. You are right in both how you are handling the case and you
conclusion. They failed in a few business aspects, thus responsible for
outcome. After all, legal side of our work is not less important than IT and
InfoSec technologies we use.
Good luck
Mikhail Utin, CISSP
Answers:
1. Whether you are right and there is a bug, lrt the vendor (M$) know; that is
ethical. They will decide if to consider your finding as a bug. Your following
steps depend on their opinion on the finding.
2. If you keep it for yourself - no problems. If you disclose on Internet
before
Message: 2
Date: Mon, 14 Jan 2013 11:02:26 -0500
From: Jeffrey Walton noloa...@gmail.com
Subject: Re: [Full-disclosure] petition to remove Aaron Swartz
prosecutor
To: richa...@fastmail.fm
Cc: full-disclosure@lists.grok.org.uk
Message-ID:
, will be glad to support and devout some time.
Regards
Mikhail
From: Christian Sciberras [mailto:uuf6...@gmail.com]
Sent: Monday, January 14, 2013 4:17 PM
To: Valdis Kletnieks
Cc: Mikhail A. Utin; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] how to sell and get a fair price
Valdis
List,
Here is the link to Information Security Magazine issue with Market for
vulnerability information grows - Cashing on Zero-day exploits for your
information.
I once shared my idea that ZDI is not right way to go. It should be a market
place (web portal) for selling vulnerabilities based
It looks like an initial research before writing a business plan and looking
for venture capital investment.
I'll think about reserving some funds for :-)
Mikhail Utin, CISSP
--
Message: 10
Date: Thu, 1 Nov 2012 00:37:13 +0530
From: Memory Vandal memvan...@gmail.com
.
Mikhail utin, CISSP
-Original Message-
Today's Topics:
1. Microsoft Windows Help program (WinHlp32.exe) memory
corruption (kaveh ghaemmaghami)
2. Microsoft Paint 5.1 memory corruption (kaveh ghaemmaghami)
**
Hello list!
I want to warn
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
full-disclosure-requ...@lists.grok.org.uk
Sent: Thursday, July 12, 2012 4:40 AM
To: full-disclosure@lists.grok.org.uk
Subject: Full-Disclosure Digest, Vol
Mikhail utin, CISSP, PhD
-Original Message-
From: paul.sz...@sydney.edu.au [mailto:paul.sz...@sydney.edu.au]
Sent: Tuesday, July 10, 2012 6:41 PM
To: full-disclosure@lists.grok.org.uk; Mikhail A. Utin
Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 89, Issue 11: ] How
much time
flavor you prefer. The most of it is free
time contribution. Somebody pays for that, but we use.
It is nice to be paid for something, but consider the alternative. Otherwise
our communications will die and we do not have an OS for a fun or profit.
Mikhail Utin
-Original Message-
From: full
Whoever from so named leoimpact.com:
WHOIS brings fake mailing address of PO in the US, and the phone does not
belong to leorat either.
Just shut up and stop sending fake messages. You are nothing and not having a
name rats. Not a legal entity.
Mikhail
-Original Message-
From:
My 10 cents:
I'm glad that such discussions happen on this list. I would not consider that
as out of topic, because Information Security, and security in general,
did/do include significant political component, and we cannot avoid or ignore
it. Plus, and it is important as well, it gives as a
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
full-disclosure-requ...@lists.grok.org.uk
Sent: Saturday, June 02, 2012 7:00 AM
To: full-disclosure@lists.grok.org.uk
Subject: Full-Disclosure Digest, Vol
Hello,
My two cents to lessons learned:
- If FBI is hacked, CIA will LOL
- if CIA is hacked, FBI will LOL
- if DoD is hacked both FBI and CIA will LOL
But if Stratfor is hacked, all three guys get very serious, guess why?
If you do serious hacking, do not brag and do not do stupid hacks.
Mikhail
as You are right, and You are
right as well.
Anybody's going to the Source? Any experience with? It may bring us to the
common ground and would be very helpful in future real life cases.
Mikhail Utin, CISSP
From: full-disclosure-boun...@lists.grok.org.uk
is not enabled, thus was not accepting new connections.
Mikhail A. Utin, CISSP
Information Security Analyst
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
full-disclosure-requ...@lists.grok.org.uk
Sent
of such discussions. This list is a part of our life though.
Suggestion: assign one day of a week to release steam and talk whatever we
want to. Purists can just ignore discussions on that day.
And as usually: you are right, and you are right too.
Cheers and be patient.
Mikhail A. Utin, CISSP
-Original
.
Mikhail A. Utin, CISSP
Information Security Analyst
-Original Message-
From: ACROS Security Lists [mailto:li...@acros.si]
Sent: Thursday, September 15, 2011 3:54 PM
To: 'Thor (Hammer of God)'
Cc: bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure
See MS advisory for full list of affected products. It is NOT just 2007. It
includes 2010 products as well.
Mikhail A. Utin, CISSP
Information Security Analyst
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk
I see numerous announcements from ZDI pointing to June 14th updates. Is that
what big guys MS and Adobe missed in last week updates? If NO, then we need to
stop ZDI from polluting our list with last year news. Anyway, I see repetitive
announcements pretty often.
Thank you
Mikhail A. Utin
Mikhail A. Utin, CISSP
Information Security Analyst
Commonwealth Care Alliance
30 Winter St.
Boston, MA
TEL: (617) 426-0600 x.288
FAX: (617) 249-2114
http://www.commonwealthcare.org
mu...@commonwealthcare.org
-Original Message-
From: Ryan Sears [mailto:rdse...@mtu.edu]
Sent: Monday
basics, and our
experience as they are kiddies. Eventually they will grow ... may be.
List, thank you very much
Mikhail A. Utin, CISSP
Information Security Analyst
Commonwealth Care Alliance
30 Winter St.
Boston, MA
TEL: (617) 426-0600 x.288
FAX: (617) 249-2114
http://www.commonwealthcare.org
mu
Hello,
Opening looking OK email message in my MS OE I've very likely got new kind of
virus, which exploits MS Office flaw recently announced. Immediately after, my
OE started consuming huge memory when I switched between folders or messages.
I've not seen any process in Task Manager taking up
Folks,
We are looking an enterprise level AV-software to replace our current AVG
having in our eyes poor detection and removal capability. Reviews bring really
mixed results as nothin's perfect. Access to logs and relible management
control features are important as well. Any advising?
Thank
Their policy of publishing whatever they think is buzzing cannot be respected
by people who understand possible problems of innocent people involved. Leaking
of military secrets is stupid as it gets. If they get closed, it is what they
deserve.
Mikhail A. Utin, CISSP
-Original Message
27 matches
Mail list logo