Actually this time it could (dreaming) be better, remember they bought
an AV company some months back.
Nasir Ghaznavi
On Sun, 20 Jun 2004 20:19:41 -0600, Michael Gale
[EMAIL PROTECTED] wrote:
Open minded ???
It is kind of like the country song:
... if you break my heart shame on you,
Today I got an interesting spam message. It was variation on the US
Bank scam that went around last month, only this time it is an Ebay
scam. They claim Ebay need to verify your identity and send you to a
site requests not only the normal ebay information but a bunch more
including driver
Open minded ???
It is kind of like the country song:
... if you break my heart shame on you, if you break my heart a second
time shame on me..
Microsoft has been says for years that they are improving security ...
but yet you still get screwed on monthly bases with worms and DOS
attacks that
Does anyone have a security contact at LSI Logic's ?
Best regards,
-Frank.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
hi all,
i know this is not really a security thing, so if someone could tell me
where the correct place to ask is... i would really appreciate it...
but for the question now (this could be interesting for a lot of people
i think):
we have some 100+ servers here, and we would like to make an
i am replying to the whole m$ thread, nothing personal.
m$ are so bad, so it is really difficult for them to get any worse, but this
does not mean they are really getting better.
they crossed the badness point of no return() long time ago.
georgi
___
Marco Schönfelder wrote:
Hello Harry,
why don´t you take a small look at the freewaretool
http://masterbootrecord.de/deutsch/advancedremoteinfo.php
Don´t know if it work´s for you.
looks like a nice tool, but i only want unix/linux tools (altough we
have several windows servers).
so i'm not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list!@ hehehehe ;PPpPp
It appear Max Vozeler who wrap he packages for he debian friends did
travel back in time with he timemachine of many speed. Friend GOBBLES
not buy into whole space/time discussion ;PPp But anyways here
is friend
What would you suggest Microsoft do to improve ?
Georgi Guninski wrote:
i am replying to the whole m$ thread, nothing personal.
m$ are so bad, so it is really difficult for them to get any worse, but this
does not mean they are really getting better.
they crossed the badness point of no return()
as a tool in the implimentation, have a look at rsync. It's still
supported and updated. Only has troubles with files of multi gig size,
and works under/through ssh.
But, you are going to find there is not single tool to do all you seek.
You are going to end up crafting a number of tools
I'm looking for a mailing list where security-related topics are
discussed, something filled with information on vulnerability threats
and discussion of those threats and their defenses.
Somebody said full-disclosure was such a list, but all I see is a lot of
rambling, unrelated bullshit.
Hi Darren,
Some of the lists which you can look at are :
1) http://www.securityfocus.com/
2) http://www.securiteam.com/
3) http://secunia.com/
4) http://www.idefense.com/
Also another good website to check for latest threats
are:
http://www.mynetwatchman.com/default.asp
But in all these
Hi Harry,
No, this isn't really the place for this - you want comp.*.sysadmin or
similar.
Having said that, you're going to be disappointed in what snmp will
provide unless you want to start writing MIBs (you don't). So you will
be doing some sort of client/server model maybe with *NIX tools
redeisgn their products..the basic windows design is flawed and
needs reworking for one thing..:)
Michael Schaefer wrote:
What would you suggest Microsoft do to improve ?
Georgi Guninski wrote:
i am replying to the whole m$ thread, nothing personal.
m$ are so bad, so it is really difficult for
Sorry - picked the wrong mail-adress for subscription out of the validation mail...
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
A boneheaded mistake. What can I say, it's been a long week.
...
But I think I have a good understanding of the concepts behind
designing and implementing secure software and avoiding the
programming errors that lead to easy exploits.
Heh. And might I say those with benefit of hindsight
The overall answer here is if you already have the opinion that MS sucks and
can do nothing right, it doesn't matter what they will do because it isn't
and won't ever be right for you. This is fine for you but a warning that
this kind of an attitude is the silly hide your head in the sand attitude
Well, lets see, moving away from the Registry (single point of failure)
would be a good step.
Separating the operating system from programs would be great, I don't
like the fact that everything and it's brother thinks it can or should
dump files into the system directory.
What else is flawed?
Anything specific?
Obviously this isn't going to happen in the short term and even long term
your statement doesn't say the specific issue you feel is in the basic
windows design that you think is wrong? Is it virtualization of memory?
Support of GUI interfaces? What?
At the very least what is
On Mon, Jun 21, 2004 at 11:05:14AM -0400, William Warren wrote:
redeisgn their products..the basic windows design is flawed and
needs reworking for one thing..:)
This is a 100% ignition topic, but... the basic Windows design
is one of the better things about Windows. Some of the features
the
How about making it so I can secure things on my machine from family
members without having to setup a server to use Active Directory just to do
that. How about not having to pay for Exchange Server just easily use and
out of office reply. Since Outlook and Outlook Express are the default
On Mon, June 21, 2004 8:43 am, joe said:
Last time I heard, IE was the most popular browser with something like
70%+ of the browsing done with IE. As for browsing OSes I think I recall
hearing that XP was over 50% of the machines and that Windows machines as
a whole accounts for over 90%.
All
On Mon, Jun 21, 2004 at 01:52:10PM -0400, Dave D. Cawley wrote:
How about making it so I can secure things on my machine from family
members without having to setup a server to use Active Directory just to do
that. How about not having to pay for Exchange Server just easily use and
out
A little help would be appreciated on this.
A few problems occurred during a wireless pentest I am presently undertaking. First a foundation,
1) The pentest was a zero knowledge kind, no information was given, in fact we were forbidden to ask for help from any of the staffs
These I found during
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| Guardian Digital Security Advisory June 21, 2004 |
| http://www.guardiandigital.comESA-20040621-005
There are several ways to search for vulnerabilities in applications.
If you have the sourcecode, you can do a code review. There are many
tools (like flawfinder etc.) wich will support you in finding static
vulnerabilities like
buffer-overflows du to incorrect usage of commands like strcpy and
-Original Message-
From: Jelmer [mailto:[EMAIL PROTECTED]
Sent: Friday, June 11, 2004 3:22 PM
To: 'Thor Larholm'; Drew Copley;
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: COELACANTH: Phreak Phishing Expedition]
Almost correct, though not quite, I
Hi,
First, you should get the mac address of the gateway. This is easy,
just look at the destination mac of the outgoing packets or the source
mac of incoming packets.
Then add a static arp entry of an ip of your subnet with that mac
address and use it as the gateway.
Traceroute or record route
On Mon, 21 Jun 2004, Michael Schaefer wrote:
Well, lets see, moving away from the Registry (single point of failure)
would be a good step.
Separating the operating system from programs would be great, I don't
like the fact that everything and it's brother thinks it can or should
dump files
Ah see now I agree with both of these. Good points.
For the first one, what do you propose as an answer? Obviously going to a
bunch of separate text files you have to configure gets away from that
single point of failure of a single registry but adds all sorts of
management issues and having to
You don't need AD to have different user accounts... You have local accounts
and you can permission the files and folders as you want based on those user
accounts. No AD required. Type NET USER at the command prompt, that will
show you all of the separate users that are already created on your
On Sat, 19 Jun 2004 06:57:05 EDT, Larry Seltzer [EMAIL PROTECTED] said:
Yes, you are thinking of Swen, but it doesn't do what you suggest. It asks you for
SMTP
and POP3 server and login info, but it uses them to access your POP3 server.
Of course, they could ask you for your SMTP
I suggest they change the double click to a tripple click, and while we
are at it how about making the default desktop walpaper something other
than light blue.
-KF
How about changing the .exe convention? Making a file executable by
it's extension probably causes a lot of opportunities for
On Sat, 19 Jun 2004 21:41:35 PDT, Mr. John [EMAIL PROTECTED] said:
Suppose that I am technical chair of a software group
and we have a software that security consideration
is important for us. How can I test our software to
ensure that no security vulnerabilities (like buffer
overflow
GNU Radius SNMP Invalid OID Denial of Service Vulnerability
iDEFENSE Security Advisory 06.21.04
www.idefense.com/application/poi/display?id=110type=vulnerabilities
June 21, 2004
I. BACKGROUND
Radius is a server for remote user authentication and accounting. More
information about Radius is
On Mon, June 21, 2004 12:07 pm, joe said:
For the first one, what do you propose as an answer? Obviously going to a
bunch of separate text files you have to configure gets away from that
single point of failure of a single registry but adds all sorts of
management issues and having to chase
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment 2.4 security update #21
Number: 20040602-01-U
Date : June 21, 2004
Fixed
On Mon, 21 Jun 2004 09:52:09 EDT, Michael Schaefer said:
What would you suggest Microsoft do to improve ?
They will improve if and only if actually improving (as opposed to making
noises about improving) makes financial sense.
pgpf9HZlZSrfm.pgp
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
How about changing the .exe convention? Making a file
executable by it's extension probably causes a lot of
opportunities for problems, doesn't it?
Also, the magic file names, like CON and AUX should go away.
No way! Am I the only person who still uses copy con filename.txt to
You realize of course this is silly? You start off with saying that the
majority needs to realize that they shouldn't be using MS because they are
bad and that they hold majority because they are criminals and do bad things
and that people should go buy something that isn't MS. Then you go on
Vendor: CRYPTOcard Corp.
Product: Search functionality on www.cryptocard.com
Tested on: Win XP SP1 IE 6.0
Discovery: Author
Risk: Medium severity
Title: Trivial XSS in www.cryptocard.com Search function
..
Background Information
--
[SNIP}
The second one, I concur completely, get the App stuff out of the Windows
folders.
Which includes IE.
Thanks,
Ron DuFresne
~~
Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get
Vendor: Energis
Product: www.energis-squared.net
Tested on: Win XP SP1 IE 6.0
Discovery: Author
Risk: Medium severity
Title: Trivial SQL Injection in Energis Search function
..
Background Information
--
Energis is a UK based provider
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment 3 Security Update #3
Number: 20040603-01-U
Date : June 21, 2004
Fixed in
Oh absolutely. I've said it before, they aren't coding for the common good
of the people. They are a business, to think they would make changes for any
other reason than financial gain is silly. However, without changes and
improvement, they won't continue to grow and sell so they need to make
Absolutely, I posted that same message in a MS specific listserv today. My
comments were along the lines of treat it like a purchased app and set up a
new team to rebuild the app from the ground up, all new code. That way all
of the hidden nuggets waiting to bite people are gone and you can say
I am not sure I agree with the first thing. Actually I think it helps in
that it is easier for people to know something is executable veruss having
to look at additional attributes to see if something is executable.
I would argue against many of the other associations that exist however such
as
On Mon, 21 Jun 2004 16:06:43 CDT, Ron DuFresne said:
[SNIP}
The second one, I concur completely, get the App stuff out of the Windows
folders.
Which includes IE.
Actually, just doing that one *alone* (splitting it out so it isn't entwined into
the OS) would probably do more
On Tue, 22 Jun 2004 09:04:37 +1200, Stuart Fox (DSL AK) [EMAIL PROTECTED] said:
No way! Am I the only person who still uses copy con filename.txt to
create scripts and such at the command line? Please tell me I'm not?
I think the intent is that con as a special filename in every directory
On Mon, 21 Jun 2004 18:33:02 EDT, joe [EMAIL PROTECTED] said:
Oh absolutely. I've said it before, they aren't coding for the common good
of the people. They are a business, to think they would make changes for any
other reason than financial gain is silly. However, without changes and
I am not so much in agreement here.
You say you can use any editor to look at the config and you don't need a
proprietary editor. What you mean is you can use any editor that uses the
file system API to open and display the config files. With the registry you
can you use any editor that uses the
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment 2.4 security update #22
Number: 20040605-01-U
Date : June 21, 2004
Fixed
[SNIP}
The second one, I concur completely, get the App stuff out of the
Windows folders.
Which includes IE.
Actually, just doing that one *alone* (splitting it out so it
isn't entwined into the OS) would probably do more than
anything else. But we're not
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : SGI Advanced Linux Environment 3 Security Update #4
Number: 20040604-01-U
Date : June 21, 2004
Fixed in
This guy is the king of trolls... His resume shows no experience with any flavor of
unix, yet he feels compelled to come into a security ML and try to convice people that
MS products are the most secure products around.
I for one, DO have experience in both Windows and Unix system
Having all the configs as text files in /etc works fine for
Unix-like systems. You can use any editor to look at the
config - no need for some proprietary editor (regedit).
Automating config changes is as easy as writing a simple
shell script. Each config is named after its
Wow Wow Wow, why do we start fighting between each other whenever M$
is discussed, umm food for thought?
btw this time it may not be a microsoft product as i mentioned before,
they are just repackaging a product of another company(forgot its
name) that it bought sometime back.
So calm down
I might have found a little glich in GMail's invitation system. I was
playing today with GMail and found that if you change the invite hyper
link to something different you will be logged out from your GMail
session.
for example consider the following invite link:
[EMAIL PROTECTED] wrote:
Actually, just doing that one *alone* (splitting it out so it isn't entwined into
the OS) would probably do more than anything else. But we're not likely to see
that happen, not since the Microsoft witnesses swore on a Bible that IE was an
integral part of the OS
On Mon, 21 Jun 2004 18:39:10 EDT, joe [EMAIL PROTECTED] said:
Absolutely, I posted that same message in a MS specific listserv today. My
comments were along the lines of treat it like a purchased app and set up a
new team to rebuild the app from the ground up, all new code. That way all
of
On Mon, 21 Jun 2004 18:42:44 EDT, joe [EMAIL PROTECTED] said:
I am not sure I agree with the first thing. Actually I think it helps in
that it is easier for people to know something is executable veruss having
to look at additional attributes to see if something is executable.
Which is why
On Mon, 21 Jun 2004 18:55:55 EDT, joe [EMAIL PROTECTED] said:
You say you can use any editor to look at the config and you don't need a
proprietary editor. What you mean is you can use any editor that uses the
file system API to open and display the config files. With the registry you
can
Valdis Kletnieks said:
It's not as simple as throw it out and start again - what's feasible
for a
student's semester project or a small company's small software package
isn't as
feasible when it's one of the largest sets of intertwined code ever
written
And that's the main point - the
On Mon, June 21, 2004 6:14 pm, Stuart Fox (DSL AK) said:
You've got some valid points but there is one thing that you've overlooked
- auditing.
[...]
Having said that, I've never actually met anyone who uses the registry
auditing, but I'm sure they're out there.
I actually knew a group who
On Mon, 21 Jun 2004, joe wrote:
I am not sure I agree with the first thing. Actually I think it helps in
that it is easier for people to know something is executable veruss having
to look at additional attributes to see if something is executable.
I think that making the name of a file
On Mon, June 21, 2004 3:55 pm, joe said:
I have written several registry editor type apps for customers, it is
simply another API. For me writing a text editor is the same as writing a
registry editor, in fact, the classes I put together treat them both very
similarly from code use
Hi GOBBLES,
On Mon, Jun 21, 2004 at 06:02:21AM -0700, [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list!@ hehehehe ;PPpPp
It appear Max Vozeler who wrap he packages for he debian friends did
travel back in time with he timemachine of many speed. Friend
68 matches
Mail list logo