On Mon, 14 Mar 2005 20:21:35 +0300, phased said:
no they didnt, shit paper, nothing new, absolute crap just publicity bollocks
(I haven't actually read the paper in question yet, but still..)
Notice that often, a nothing new paper can still be important just due to
readability by an audience
On Thu, 17 Mar 2005 00:44:06 +0530, Rudra Kamal Sinha Roy said:
k-otik is owned inside out :)
k-otik.com. 86400 IN SOAns30617.ovh.net.
webmaster.k-otik.com. 2005030701 21600 3600 604800 86400
Of course, if *I* were an Evil Security Researcher, I'd fix things so
that if
On Thu, 17 Mar 2005 11:28:55 MST, Dave King said:
Also, this is not just like tripwire. If the kernel is compromised
and reporting false data to tripwire then tripwire can run along merrily
thinking every thing's great. This is why booting to a trusted kernel
is important for the
On Sat, 19 Mar 2005 23:02:36 GMT, Jason Coombs said:
reverse hashing
By reverse hashing you mean defeating the protection by forward hashing all
possible SSNs, presumably.
No, that's me writing in a hurry and failing to make clear that if you're
using an invertible function, you'll have
On Sat, 19 Mar 2005 18:18:46 EST, Atom Smasher said:
some companies have a legitimate need to ask that question. they should be
subject to more stringent checks than our recent bad guys. FTMP, however,
that question is of very little use... if you want to know the SSN of
john smith, born
On Sat, 19 Mar 2005 19:27:22 EST, Atom Smasher said:
the way i see it, some people bought personal info from choicepoint. if
that info contained hashed SSNs it would be just as valuable to a
LEGITIMATE user for verification purposes.
Explain why. Remember that I'm sitting down at the bank
On Mon, 21 Mar 2005 01:07:03 +0100, Thierry Zoller said:
I am sorry, what part of Windows build didn't you understand ?
I obviously refered to binary not source code, the latest
source code is available on openwall, yes, the latest windows binary
on openwall is outdated from 1998.
Sorru
On Fri, 01 Apr 2005 16:48:09 EST, Paul Kurczaba said:
Wait... Its not? :)
Damn, you figured it out. It's actually in 4 basements - one each for AOL, MSN/
Hotmail, Yahoo, and Google.
Figuring out which basement(s) eBay, Amazon, and CNN are in is left as an
exercise
for the reader.
On Thu, 07 Apr 2005 11:23:31 CDT, Adam Jones said:
If your read the full message that you were replying to you would see
that he addressed this issue in his reply. Vested interest and the
parties responsible for funding research have no consequence if:
1) The methods employed are fully
On Thu, 07 Apr 2005 14:52:55 PDT, Mike Owen said:
As reported over the last few months, MD5 is very broken. MD5
collisions are very easy to generate, with some reports of as little
as a few hours needed on reasonable hardware to generate a collision.
There's now a known attack for generating
On Fri, 08 Apr 2005 13:45:51 EDT, Jason said:
I get the point just fine. Injecting files C and D results in a
situation that cannot be resolved without downloading both files.
Song A = mp3 format file with valid license to BSA
Song B = mp3 format file without valid license to BSA
Song C =
On Tue, 12 Apr 2005 12:06:59 +0545, Bipin Gautam said:
every to verify its types) On the other hand we have had products like
stack guard, lib safe, grsecurity.net, se-linux
BUT i was woundering, to what extent adding these extra security
measures are effective against the real attacks
On Tue, 12 Apr 2005 17:00:46 EDT, [EMAIL PROTECTED] said:
Also, they do not patch they find the root of the problem which adds more
time.
This explains why we *never* *ever* see stuff 2 days after Patch Tuesday where
people are reporting this slight variant still works because Microsoft
On Tue, 12 Apr 2005 21:20:03 -, Eduardo Tongson said:
Stuff like for example circumventing noexec flags on mounted filesystems
still is trivial even with the latest and development versions of the
linux kernel
like for example is always a bad way to discuss things, because it's
unclear
On Tue, 12 Apr 2005 22:21:43 -, Eduardo Tongson said:
% sudo mount -o remount,noexec /tmp
% wget http://pornadmin.net/~tongson/linux/helloworld.bin -O /tmp/helloworld.
bin
% /lib/ld-linux.so.2 /tmp/helloworld.bin
Hello world!
# uname -a
Linux turing-police.cc.vt.edu 2.6.12-rc2-mm3 #1
On Tue, 12 Apr 2005 17:21:20 EDT, [EMAIL PROTECTED] said:
I personally have only been effected once _severely_ after patch Tuesday.
You've been lucky, then.. ;)
But think about it, the testing scenarios that exist on planet earth can
not possibly be even accounted for let alone tested in
On Wed, 13 Apr 2005 10:22:42 BST, [EMAIL PROTECTED] said:
hey, it's not like i started to divert it ;-), it's just that you
said that The last really big trivial issue with bypassing
noexec on mounted filesystems was closed whereas it's simply not
true, better not spread this.
The
On Wed, 13 Apr 2005 14:38:26 EDT, Dave Aitel said:
Hahah. Well, we released an exploit for mqsvc a few minutes after the
advisories came out. . .
Damn, you downloaded the patch and reverse engineered an exploit in a few
minutes flat? Guess you proved Dave Aucsmith was 100% right, huh? ;)
On Wed, 13 Apr 2005 19:58:13 PDT, Steve Friedl said:
myself. What he said was that they *have not been* publicly exploited,
which is to say: there aren't any known public exploits in the wild.
Christopher's words match the titling on the slides:
Publicly Disclosed: No
Publicly
On Wed, 20 Apr 2005 17:35:56 PDT, Day Jay said:
Get your wrap-around text fixed you fucking fed!!
--- John McGuire [EMAIL PROTECTED] wrote:
Yep, must be a fed. The 'leet black hats would be posting from @fbi.gov,
and the not-so-leet ones would at least have the good taste to find a better
ISP
On Wed, 27 Apr 2005 12:18:56 CDT, Leif Ericksen said:
cards. I do not know if this is a Qlogics, fAStT or combo issue, BUT one
day you might be able to see your SAN the next day you reboot and you
loose the SAN!
OK. Now rephrase it as a computer security issue, so it's on-topic. We may
drift
On Fri, 29 Apr 2005 11:57:38 EDT, [EMAIL PROTECTED] said:
There should be some kind of category in the Darwin Awards for people
http://www.totalillusions.net/forum/index.php?showtopic=328st=0
Unfortunately, this guy hasn't managed to permanently remove himself from
the gene pool, so there's
On Fri, 29 Apr 2005 16:34:42 CDT, Paul Schmehl said:
--On Friday, April 29, 2005 03:11:16 PM -0400 [EMAIL PROTECTED] wrote:
Obligatory security reference: All too soon, we'll have to be securing
our systems against this guy's kids
eaaah.like that'll be a chore..
On Tue, 03 May 2005 08:52:40 +0200, Volker Tanger said:
OTOH I have seen machines (process/machine crontrol systems) that were
hardwired to 127.0.0.*/24 as ethernet addresses (eth0, not loopback)...
And now for some *real* crack-pipe networking:
Early releases of IBM's TCP/IP product for the
On Wed, 04 May 2005 12:39:14 +1000, cozadc/Cozad, Chris said:
Just out of curiosity
Why do all your messages come through as a text attachment?
The short version: Because you're using:
X-mailer: Internet Mail Service (5.5.2658.3)
The long version: Because they're PGP-signed as per
On Fri, 06 May 2005 00:43:39 +1200, Nick FitzGerald said:
netfirms.com via a triple redirection (Yahoo! to Google to Yahoo! to
netfirms) cleverly constructed with HTML form submission logic so that
the full URL is not actually present in one piece in the HTML code.
OOH. Devious and nasty.
On Mon, 09 May 2005 11:59:16 PDT, Day Jay said:
It was figured out long ago pal, the fact of the
matter is and that I pointed out numbskull is that he
should automate getting of the stack pointer like all
of the other one's do.
Except the code you were penis-extender-waving around as
an
On Tue, 10 May 2005 02:32:41 BST, James Tucker said:
Surely this kind of message is a really bad idea.
You know it, I know it, and the A/V vendors know it.
What is the possible true business value of such a filter?
The true business value is for the A/V vendor, who can blat out a
free spam to
On Tue, 10 May 2005 14:50:21 PDT, migalo digalo said:
have ,and nessus show me same 'Critical' vulnerabilities:
sendmail 8.8
(http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950)
Hint: First figure out why Nessus claimed it saw a Sendmail 8.8 - because
that's well and truly
On Wed, 11 May 2005 13:31:02 +1000, Julio Cesar Ody said:
127.0.0.1 - - [13/Apr/2005:10:34:00 +1000] \x1b[A 501 214 - -
Esc bracket A. Looks almost like somebody did a 'telnet localhost 80'
to do a manual GET for testing, and forgot that arrow keys don't work in
that environment... ;)
On Wed, 11 May 2005 11:30:46 PDT, Kurt Buff said:
If one [or more] of you on the list could be so kind to indicate a
[many] resource[s] that lame hamstung admins would be wise to follow
as guidlines to secure Windows systems.. it would be so much more
productive. espcially for those lazy
On Wed, 11 May 2005 18:47:33 BST, James Tucker said:
Remember, if the choice was clear, someone would have 'won' already.
Not if one of the contestants has been cheating, and convicted of it
in both the US and EU justice systems.
pgpabEYfEYKfu.pgp
Description: PGP signature
On Wed, 11 May 2005 11:23:10 EDT, =?ISO-8859-1?Q?Michael_Calca=F1o?= said:
It is really necessary to be that rude?
On 5/11/05, pretty vacant [EMAIL PROTECTED] wrote:
Is it really fucking necessary to email a global mailing list when you
can't get to you shitty website? Crawl back in your
On Fri, 13 May 2005 11:13:03 CDT, k k said:
(Yes, even the best of us hit 'send' too soon sometimes ;)
There is debate surrounding whether releasing benign worms such as Nachi or
Welcha, in general is ethical or not.
Oh? Who has lined up on the it's a good idea side of the room?
I suspect
On Fri, 13 May 2005 15:43:44 CDT, J.A. Terranson said:
On Fri, 13 May 2005, k k wrote:
There is debate surrounding whether releasing benign worms such as Nachi or
Welcha,
First off, lets get something straight: Neither of your two examples was
in any way benign. Both of these cost
On Sat, 14 May 2005 12:06:59 EDT, Byron L. Sonne said:
What makes you think a corporation wants to, or should, be ethical?
Because it's the right thing to do.
At least in the US, the upper management of a publicly held corporation is
required
to maximize the return to the stockholders, not
On Sat, 14 May 2005 10:50:18 PDT, Eric Paynter said:
On Sat, May 14, 2005 9:30 am, [EMAIL PROTECTED] said:
Even if you *do* manage to code the worm correctly, all it takes is for
*one* person visiting your site to have plugged their laptop into the net,
and you're at least potentially
On Sun, 15 May 2005 12:20:25 +1200, Nick FitzGerald said:
Stejerean, Cosmin wrote:
I think you are going a little overboard with this kind of response. The guy
Nope.
The guy is clearly a chopper.
A perfect proof of why benign worms are a Bad Idea. I've attached the Subject:
lines from
On Sun, 15 May 2005 01:39:23 EDT, Brian Anderson said:
[EMAIL PROTECTED] wrote:
On Sat, 14 May 2005 21:25:31 BST, James Tucker said:
There are no [X] (benign worms)
What like X = Aliens, conspiracies, deities?
Bring me an example of any one of those 4, and I'll believe in it.
The Boy
On Sun, 15 May 2005 21:54:53 EDT, TheGesus said:
Oh, who gives a flying fuck?
White hats should care, because it means the security of every machine
that *doesn't* buy into this will go *down*, because there's even less
reason for MS to actually *fix* things.
Black hats should care for exactly
On Sun, 15 May 2005 20:33:06 CDT, Stejerean, Cosmin said:
regular patching. There might be some cases when writing a quick worm to
patch rogue machines automatically might be better (especially to patch
laptops connected to a wireless hotspot, etc) but since it is risky it
Nope.. You don't
On Wed, 18 May 2005 08:25:32 PDT, Nora Barrera said:
Does anybody understand what is really tested during
an evaluation, or is it just bullshit?
Ask the vendor for a copy of the evaluation report.
http://csrc.nist.gov/cc/
The *important* part you want to find is the 'Protection Profile'
On Wed, 18 May 2005 09:14:56 EDT, Frank Laszlo said:
You never really want to utilize 100% of your bandwidth, you should
always have some extra bandwidth just in case. Sure, there are costs
involved, but as a business, surely one could make the decision on
whether or not to push it as an
On Fri, 20 May 2005 20:08:46 +0530, Gaurav Kumar said:
wait.. fedric solution is not gonna work...beacuse the client is a
thick application and only allows ip address of the web server to be
entered, there is no option i can change ssl port 443 also.
in short,
the client send HTTPS
On Fri, 20 May 2005 10:24:47 CDT, [EMAIL PROTECTED] said:
(coming from different streets, etc) for your fiber or copper. Also you
probably want to consider SONET so that you have diverse routing as well.
SONET won't save you unless you *know* that you have *real* diversity (yes,
it's
On Sat, 21 May 2005 06:36:29 PDT, Nora Barrera said:
What's the use of security functions if they can be circumvented?
Rule #1 of security: It's never perfect.
Rule #2 of security: It's stupid to spend more effort on security than you
need to.
Rule #3 of security: Good security features raise
On Wed, 25 May 2005 07:14:12 CDT, milw0rm Inc. said:
lol are you guys joking? They wouldn't allow an xss bug on their
website on purpose come on now.
You're not devious enough. Remember that the *best* place to put a
honeypot is right out there in plain sight where it's likely to attract
On Wed, 25 May 2005 12:58:37 EDT, Dan Margolis said:
Right, but why is XSS interesting? Why would they *want* a suspected
script kiddie list? Honeypots are good for learning about what sorts of
attacks are in the wild, *not* for learning who the attackers are.
So watching the console logs on
On Mon, 30 May 2005 11:51:20 +0800, note said:
I find my windows xp ,all open port 123 udp, sometimes have a user process
open it. but a system process all open udp port 123. what it's use ?
Does anybody know what time it is? -- Peter Honeyman.
pgp7v8MZlVsE5.pgp
Description: PGP signature
On Fri, 10 Jun 2005 12:47:11 +1200, Nick FitzGerald said:
2. It's reel commin for mailin lists to _archive_ all messages posted
thru 'em.
The problem is that quite often, ancient history isn't archived on the
mailing lists, because the history predates the start of the list's archive
by a
On Mon, 13 Jun 2005 22:49:28 +0400, alex said:
Try to use freeware service (owned by Cisco System and Positive
technologies) - www.freescan.ru. This service can help found many unknown
bug in custom Web application.
I shall test all these programs, tomorrow I send my results.
For
On Mon, 13 Jun 2005 21:42:09 CDT, Ron DuFresne said:
Ron DuFresne
still believes in larts
http://ars.userfriendly.org/cartoons/?id=20030210mode=classic
Unfortunately, there's one at every site:
http://ars.userfriendly.org/cartoons/?id=20030211mode=classic
pgpM0Gu8lP6wa.pgp
Description:
On Thu, 16 Jun 2005 10:37:55 +0200, metesi said:
If you have, or you think you could get within few weeks, a
undisclosed/unpublished vulnerability (that have to stay private) just
contact us.
Even if the 0-day *is* used for ethical pen-tests, you can't guarantee
that the use of said exploit
On Mon, 20 Jun 2005 09:34:36 PDT, n3td3v said:
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 10): 554 Service
unavailable; Client host [zproxy.gmail.com] blocked
using dsn.rfc-ignorant.org; Not supporting null
originator (DSN)
Complain to GMail - it's saying that a
On Mon, 20 Jun 2005 13:20:56 EDT, Graham Reed said:
That may be what the error message from the blacklist claims to say, but
that's not what the evidence provided on the blacklist's website says:
On Wed, 22 Jun 2005 08:29:35 PDT, Larry Blumenthal said:
Please check this press release issued by intense
school after the lawsuit was launched by microsoft:
http://www.forrelease.com/D20040922/cgtu022a.P2.09222004180832.14048.html
It states: We are advised by a representative for
On Thu, 30 Jun 2005 04:00:40 +0930, [EMAIL PROTECTED] said:
I will respond to your email when I return.
If, of course, the e-mail is still there when Jack returns. ;)
pgpECqIUIShOS.pgp
Description: PGP signature
___
Full-Disclosure - We believe in
On Wed, 29 Jun 2005 10:00:29 -1000, Jason Coombs said:
[EMAIL PROTECTED] wrote:
On Thu, 30 Jun 2005 04:00:40 +0930, [EMAIL PROTECTED] said:
I will respond to your email when I return.
If, of course, the e-mail is still there when Jack returns. ;)
Does this form a binding contract?
At
On Fri, 01 Jul 2005 15:26:06 +0530, Gaurav Kumar said:
if it would have been so simpler, i wouldnt have asked it here,
the application design doesnt allow us to use the conventioal
loadlibray method. we need to export functions also and at the same
time protect from misuse.
Give them a DLL
On Fri, 01 Jul 2005 15:14:06 EDT, Michael Holstein said:
Give them a DLL that just tosses an RPC call to a secured server that you
manage.
Rght. Secure something by putting it on a Windows machine with RPC
exposed to the Internet.
Who said anything about Windows? The concept of a
On Fri, 01 Jul 2005 14:37:18 EDT, Tim said:
Give them a DLL that just tosses an RPC call to a secured server that you
manage.
And how would your server differentiate between a good RPC call and a
bad one?
Well - you *do* have some idea of what sort of abuse you're trying to stop,
right?
On Fri, 22 Jul 2005 00:03:44 EDT, Paul Kurczaba said:
What if I have dual citizenship?
Doesn't matter, unless one of your citizenships is Danish *company*.
Of course, companies rarely download software - their employees do. This is
gonna take an expert lawyer to untangle, I suspect. ;)
On Tue, 26 Jul 2005 08:27:33 CDT, milw0rm Inc. said:
lol,
anyone notice whats wrong with the url?
Is there something odd *other* than the fact that the Squid software
lives elsewhere, as already pointed out by multiple posters? ;)
pgp88cdhIvX3K.pgp
Description: PGP signature
On Thu, 28 Jul 2005 09:49:46 +0200, Christoph Gruber said:
Am Mittwoch, 27. Juli 2005 20:15 schrieb DAN MORRILL:
I could see CERT doing this, but not 3com.
CERT is too close to US-Goverment
CERT is more hobbled by their traditional wait till *all* vendors have
patches ready stance than by
On Fri, 29 Jul 2005 08:29:35 -1000, Jason Coombs said:
Precisely. And Lynn pointed out that Cisco routers use general purpose
CPUs -- therefore Cisco's own engineers chose purposefully to build a
vulnerable device.
All von Neumann architecture processors are equally vulnerable in theory.
On Fri, 29 Jul 2005 23:17:48 +0200, Jochen Kaiser said:
maybe I am wrong, but with high end switchrouter I thought that routing
protocols are handled by IOS by the cpu - after calculated, the topology
is programmed in e.g. TCAM memory.
That's the *point* - the CPU is what's vulnerable here.
On Fri, 29 Jul 2005 18:57:15 CDT, J.A. Terranson said:
This has nothing to do with the choice of a general purpose CPU, it is a
result of a specific architecture within the CPU chosen. There is a real
difference here.
Actually, although I've flamed Jason quite a bit, he *is* right in that
On Fri, 29 Jul 2005 13:11:57 CDT, Russell Smoak said:
All,
These recipients received an email from Austin Mckinley as Cisco Systems.
This messasge was sent in complete error and includes intellectual
property of ISS and Cisco Systems. Please delete and do not distrbute
the information
On Fri, 29 Jul 2005 16:28:31 -1000, Jason Coombs said:
We're not talking about proving/disproving the result of computation
here, we're talking about a simple logical step inserted prior to
transmission of operating instructions and data to a turing machine.
It does not invoke the Turing
On Fri, 29 Jul 2005 23:54:31 PDT, [EMAIL PROTECTED] said:
using microsoft search technologies a mirror was located
http://www.securitylab.ru/_Exploits/2005/07/lynn-cisco.pdf
Somehow, I don't think a cease-and-desist court order from a US
court is going to bother these guys much. ;)
On Mon, 01 Aug 2005 13:37:34 -1000, Jason Coombs said:
Technica Forensis wrote:
CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves
the
right to retrieve and read any message created, sent and received.
The crucial word ---^^^
Kohl's reserves
On Sun, 12 Mar 2006 23:10:09 +0100, [EMAIL PROTECTED] said:
INSERT INTO `fdmail` VALUES (2077, '[EMAIL PROTECTED]',
'[EMAIL PROTECTED]');
And people wonder why I PGP sign everything.
pgpvn9aP7FtPs.pgp
Description: PGP signature
___
On Mon, 13 Mar 2006 14:49:45 EST, Tim said:
The issue brought up has to do with authentication, not encryption.
Authentication has to be good, or else encryption is 100% worthless.
Actually, encryption can do some good, even in the absence of authentication.
Even if the remote end is totally
On Tue, 14 Mar 2006 13:38:31 EST, Soderland, Craig said:
I offer you a flaming bag of poo.
Trying to use social engineering to extract his real snail-mail address? :)
pgpkjKNpVuSOG.pgp
Description: PGP signature
___
Full-Disclosure - We believe in
On Wed, 15 Mar 2006 10:14:23 EST, Simon Smith said:
I think that we've lost focus of my original question. My question
refined is, does anyone else agree with me that using HTTP BASIC AUTH
for important applications is a security risk/vulnerability (regardless
of SSL)? Or, is everyone here
On Wed, 15 Mar 2006 13:41:02 EST, Simon Smith said:
gboyce wrote:
Ok, so what's your alternative?
My alternative is to manage critical systems without using a web based
GUI. Since there aren't that many truly critical systems (in my network)
I can do that without a problem.
This cuts both
On Wed, 15 Mar 2006 21:02:17 PST, [EMAIL PROTECTED] said:
So break into house steal print out then reset password? Go take
school kid.
Well... that's basically what the FBI did to Scarfo. Although it was
quite a bit more complicated black-bag job than system_outage is talking about.
On Wed, 15 Mar 2006 15:14:47 EST, Brian Eaton said:
tim-security at sentinelchicken.org wrote:
How trustworthy are the CA certificates included in the average browser?
There are a couple of dozen CA certificates shipped with my browser.
Some of the vendors associated with these CA
On Thu, 16 Mar 2006 06:21:14 PST, n3td3v group said:
The issue of printouts isn't a problem for home users as the other poster
mentioned, The threat comes more in small business and large corporations.
Actually, the issue of printouts *is* a problem for home users - dumpster diving
is a major
-ADVISORY- % -Thu Mar 16 13:41:58 EST 2006- % Off-by-one in ISC INN
8D~~
1. BACKGROUND
8D~~
This product has no identified background information on the issue in question.
8D~~
2. DESCRIPTION
8D~~
It is possible to make ISC INN crash by the use of malformed
On Thu, 16 Mar 2006 18:34:49 GMT, [EMAIL PROTECTED] said:
Received: from gmail.com (85-31-186-26.blue.kundencontroller.de [85.31.186.26])
by lists.grok.org.uk (Postfix) with SMTP id DAFAF27B0
for full-disclosure@lists.grok.org.uk; Thu, 16 Mar 2006 18:34:49
+ (GMT)
Looks
On Thu, 16 Mar 2006 18:55:43 GMT, Dave Korn said:
It sure is. Please replace the word octal with the word octet
whereever you may have seen it in this thread. An awful lot of people round
here don't know the difference.
Bonus points if you've been around long enough to have used one of
On Thu, 16 Mar 2006 16:48:40 EST, Brian Eaton said:
I started digging around on Geotrust's web site looking for their
policy on issuing certificates and stumbled across a FAQ on
high-assurance SSL certificates. This sounds like a step in the right
direction.
Yes, that's a partial solution,
On Thu, 16 Mar 2006 21:32:11 +0100, Stefan Triller said:
What about closing this list for email adresses which aren't subscribed to it?
This would minimize the spam.
Actually, it wouldn't, because the From: addresses are, for the most part,
forged to show people who are actual subscribers -
On Thu, 16 Mar 2006 22:43:04 +0100, Christian \Khark\ Lauf said:
I know the owner. And it's definetly not an open proxy.
If you have read http://unixgu.ru/?go=tor you would have known, that
he's running a Tor Node on this machine.
And the *visible difference* between a Tor node and an open
On Fri, 17 Mar 2006 14:23:50 +1300, Nick FitzGerald said:
Given your abject lack of grip on any of the foregoing, informed
members of this list are wondering if a less technically inclined list
might not be better siuited to your abilities...
I however admit being stumped - given how low
On Fri, 17 Mar 2006 08:44:10 +0100, Michal Zalewski said:
On Fri, 17 Mar 2006 [EMAIL PROTECTED] wrote:
If you puplish something without a license it is OPEN DOMAIN
That means people can use it, modify it, sell it...
That's nonsense. If I publish a book or a photo or a newspaper article
On Fri, 17 Mar 2006 11:33:30 EST, gboyce said:
The Redhat case is different. They are distributing software that they
are licensed to distribute in a for-pay manner (the GPL allows for the
sale of software as long as you don't restrict the rights granted by the
GPL).
In addition, if
On Fri, 17 Mar 2006 20:14:35 GMT, Dave Korn said:
Ah, well, that wasn't exactly obvious from the Received header that you
posted, now was it?! Heh, that was one vital piece of info without which
nobody could be sure they understood exactly what it was that you were
showing us. I
On Sat, 18 Mar 2006 02:31:37 +0100, poo said:
i also know how to convert a cow into bacon !!!
Obligatory full disclosure:
Cows go MOOO. Pigs go OINK. Bacon comes from the one that goes OINK.
Unless you have a really clever DNA sequencer hack to do the conversion,
in which case full
On Tue, 21 Mar 2006 19:12:56 GMT, n3td3v said:
But keep calling netdev an idiot, you'll go far in your career.
It's sad when somebody gets 2 out of 6 letters wrong in their own name.
pgp3EGoysF7r1.pgp
Description: PGP signature
___
Full-Disclosure -
On Tue, 21 Mar 2006 17:34:24 EST, Sol Invictus said:
Everyone on the Internet carries the responsibility to secure the
machines under their control. It's the same here. If people can't
control themselves, then one must take the necessary steps to protect
themselves.
Usenet is like a
On Thu, 23 Mar 2006 15:15:00 GMT, Dave Korn said:
difference? robots.txt is enforced (or ignored) by the client. If a server
returns a 403 or doesn't, depending on what UserAgent you specified, then
how could making the client ignore robots.txt somehow magically make the
server not
On Thu, 23 Mar 2006 03:59:20 CST, Gadi Evron said:
Oh, sorry for not mentioning earlier -
Operators that want to patch Sendmail, I'd suggest doing it soon. Now we
not only do we face risk to our mail servers, but rather trusting other
servers as well.
Been there, done that. All the same
On Fri, 24 Mar 2006 11:58:35 +0200, Q Beukes said:
i just dont want our clear text http traffic to be sniffed
which has been a know problem on our network a few times.
If the text is something that you give a flying fsck in a rolling
donut about the sniffability, it shouldn't be clear text
On Fri, 24 Mar 2006 09:52:30 CST, Jianqiang Xin said:
In our research, we need to generate some X traffic through network. The
current approach is let human actor sit manipulate a xterm window to type
keys, move mouse, resize window. Is there any tool that can automatically do
this? The ideal
On Sun, 26 Mar 2006 05:08:41 +0100, n3td3v said:
Part of our mind thought is to poorly represent our cause while bringing
over premier issues in which the majority of the security community support,
especially in relation to corporate interests.
Of course, if you poorly represent your cause,
On Sun, 26 Mar 2006 20:12:04 +0200, Anders B Jansson said:
128 bit entropy in a password requires a long randomized passphrase.
Do you really need a full 128 bits of entropy? Certainly 64 bits or
so isn't sufficient - but re-evaluate what you *really* need from the
password - 80, 96, or 112
On Mon, 27 Mar 2006 20:43:41 CST, s89df987 s9f87s987f said:
no work around is needed, there has been a solution all along..
one word.. firefox
It may be one word to you, but it can be a very expensive solution
for a company.
Somebody has to deploy firefox on the desktops (a pain in the butt
On Tue, 28 Mar 2006 00:18:24 CST, s89df987 s9f87s987f said:
Somebody has to make sure that *all* the bookmarks and configuration
settings
migrated correctly, and to help the users who have issues.
when firefox is first ran it will ask the user if they would like to import
bookmarks and
1 - 100 of 1415 matches
Mail list logo