On Mon, June 21, 2004 1:49 pm, joe said:
You realize of course this is silly? You start off with saying that the
majority needs to realize that they shouldn't be using MS because they are
bad and that they hold majority because they are criminals and do bad
things and that people should go buy
On Mon, June 21, 2004 8:09 pm, [EMAIL PROTECTED] said:
The corollary, of course, is that I.T will become more expensive because
people will have to bite the bullet and get people with more than one
skillset, or more people.
A common UI (e.g. POSIX or GNU) solves this... Diversity of systems,
The real reason for the registry is to make it difficult to copy an
application from one machine to another. In other words, it's a copy
proctection scheme. Remember in the days of Win 3.1, you could do that? It
all broke in Win95 with the registry.
now the key to transfering the application
Also, the magic file names, like CON and AUX should go away.
No way! Am I the only person who still uses copy con filename.txt to
create scripts and such at the command line? Please tell me I'm not?
CON and NULL should stay but COM, AUX and LPT should go away. i had a server in which
the
Arhont Ltd. - Information Security
Arhont Advisory by: Konstantin Gavrilenko (http://www.arhont.com)
Advisory: cleartext account password obtainable using SNMP
Class: design/configuration bug
Test platform: BT Voyager 2000 Wireless ADSL Router
Vendor
On Tuesday 22 June 2004 07:31, Aditya, ALD [ Aditya Lalit Deshmukh ] might
have typed:
CON and NULL should stay but COM, AUX and LPT should go away. i had a
server in which the script kiddes got into the ftp server and made a COM1
folder on ntfs. had been a pain in neck to rename that folder
Well, lets see, moving away from the Registry (single point of failure)
would be a good step.
this should be done the first thing, however the registry has backups and other ways
to recover from failures howevert the builtin failure machanisms are not sufficent
Separating the operating
- Original Message -
From: Darren Spruell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 21, 2004 7:44 PM
Subject: [Full-Disclosure] seeking a security/vuln disclosure list
I'm looking for a mailing list where security-related topics are
discussed, something filled with
On Mon, 21 Jun 2004 [EMAIL PROTECTED] wrote:
No way! Am I the only person who still uses copy con filename.txt to
create scripts and such at the command line? Please tell me I'm not?
I think the intent is that con as a special filename in every directory has
to go away - you'd still be
I for one, DO have experience in both Windows and Unix system administration, and
everyone of our internet facing machines is running Linux. Why? Because for me
they are easier to secure. I can turn off any services that I don't need, I have a
fully-functional firewall on every box, and
Guys..
(oh.. and girls...)
Remember the troll who posted something a long the lines of a SSL crypto
virus? Now on my rough fingercount, I think that the M$ threads have *long*
outdone that thread, in quantity, and in my opinion; quality.
The troll post, at least, was funny. The M$ threads
You are right, parameter passing or fuzzy input to a
software is good, but there is some problems:
- Some applications like IE have many and many ways
for input.
- Sequence of input may be very variant that reaching
to bug state want a very good chance. for tester.
- More important, For
thanks
i may have missed saying that
the better part of the packets going trough the network had local
destinations
like lots of netbios queries, smb and the like with the local machines eth
addr and ip addr.
From: Filipe Almeida [EMAIL PROTECTED]
To: sammy adedayo [EMAIL PROTECTED]
CC:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Infohacking Security Advisory 06.21.04
www.infohacking.com
Jun 21, 2004
I. BACKGROUND
We discovered a very dangerous denial of service vulnerability in all
solar devices. This issue can be exploited easily in several ways.
II. ANALYSIS
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi max!
Hehehe, not sure what funnier, Debian sta(b)le policy that make GOBBLES
confused about he patching, or fact that took two years after he initial
FULL DISCLOSURE of trivial pre-auth bug to find kindergarten post-auth
bug of many similarity.
In an attempt to be slightly on-topic; more so than the 0day disclosures that I just
read with the Delete key.
A couple of months ago my partner bought a new wallet in which to keep my credit
cards, debit cards and useful plastic -- presumably she was shamed at the scruffy
nature of the
I certainly didn't think I would need to apply data destruction to a worn-out
container (an interesting
thought exercise in itself -- I don't want to burn it and choke on fumes, and I don't
think the office
shredder will cope...).
I guess you're not a VB programmer then, or you'd know that
Hallo QoDS,
* QoDS ec [EMAIL PROTECTED] [2004-06-22 13:22]:
for example consider the following invite link:
http://gmail.google.com/gmail/a-da020f8475-a200b150b3
if you change it to the following:
http://gmail.google.com/gmail/a-da020f8435-a200b150b3
Hallo QoDS,
* QoDS ec [EMAIL PROTECTED] [2004-06-22 13:22]:
[...]
for example consider the following invite link:
http://gmail.google.com/gmail/a-da020f8475-a200b150b3
if you change it to the following:
http://gmail.google.com/gmail/a-da020f8435-a200b150b3
This tripe does not belong here. Take it
elsewhere or discuss it amongst yourselves.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Message: 1
From: joe [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] M$ - so what should they do?
Date: Mon, 21 Jun 2004 12:29:00 -0400
Anything specific?
Obviously this isn't going to happen in the short term and
even long term your statement doesn't say the specific
Hey dude!
I am still battling that nasty virus, too! I have not gotten any feedbag
from people on the bloglog lately about it so I was hoping the tide had
turned! We are still offline at the bank and have had to take emergency
measures to keep everything afloat. That port 443 (aka w32.ssl.b (b
Nah. I don't advertise *nix because I don't want to work that space right
now and haven't for quite a while. I want it to settle down and penetrate
the market a little better, right now in the corporate world that space is a
bunch of infighting and political positioning if it is talked about at
Enter the mother ship of trawlers...
--
-- Hey dude!
--
-- I am still battling that nasty virus, too! I have not gotten
-- any feedbag
-- from people on the bloglog lately about it so I was hoping the tide had
-- turned! We are still offline at the bank and have had to take emergency
--
On Tue, 22 Jun 2004 02:37:22 EDT, Todd Burroughs said:
Maybe having magic names that don't start with '/dev' (i.e., some known
prefix) is a mistake, but I think that's a minor issue.
Actually, this sub-thread is entirely about the fact that magic names aren't a minor
issue - referencing
On Mon, 21 Jun 2004 21:52:36 MDT, Bruce Ediger [EMAIL PROTECTED] said:
And you have to open them by path /dev/null. Just opening null won't
hurt, unless the current directory happens to be /dev.
Small nit:
Actually, this may or may not be true. There is no *inherent* magic to
the /dev
On Sun, 20 Jun 2004 [EMAIL PROTECTED] wrote:
The first major problem is present in the OpenBSD patch in at [1],
where the failure of falloc() results in a continuation of the loop,
which can update the value of the error variable, resulting in either
fd 0 or fd 1 not being correctly reopened
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 22, 2004 11:08 AM
To: Edge, Ronald D
Subject: RE: [Full-Disclosure] RE: M$ - so what should they do?
Almost everything you said here is user interface, not core
Windows and why it needs a redesign. The remaining
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: dhcp
Advisory ID:
like duh... have you _not_ heard of edlin ???
On Tue, 22 Jun 2004 09:04:37 +1200, Stuart Fox (DSL AK)
[EMAIL PROTECTED] wrote:
How about changing the .exe convention? Making a file
executable by it's extension probably causes a lot of
opportunities for problems, doesn't it?
Oy, best laid plans of mice and men...
Tried to take this offlist but you can't hold back such a knowledgeable and
well experienced Windows person (465 machines... I had no idea... my pardon
to your exceptional skills) from trying to make a point to their peers...
ActiveX/OLE/COM is, again,
On Tue, 2004-06-22 at 15:42 -0400, joe wrote:
ActiveX/OLE/COM is, again, not core Windows. They are applications that run
on Windows. The default user interfaces on the system use these for
management of the system and they are heavily embedded in several user faced
applications such as IE so
ktabic wrote:
On Tue, 2004-06-22 at 15:42 -0400, joe wrote:
ActiveX/OLE/COM is, again, not core Windows. They are applications that run
on Windows. The default user interfaces on the system use these for
management of the system and they are heavily embedded in several user faced
applications
On Tue, 2004-06-22 at 14:42, joe wrote:
There are some very intelligent people on this list who have good
understanding of things that are really wrong with Windows and the *nixs.
Yeah, and most of them have migrated from Windows to a Unix-like OS
because of that. :) (Unless they already
Found a issue last night while testing php_exec_dir
patch
if you do the following
$blah=`ps aux`;
echo nl2br($blah);
php_exec_dir will block the call if you have set
the exec_dir parm in php or apache
anyway if you do this
$blah=`;ps aux`;
echo nl2br($blah);
it bypasses the exec
{}
{ [waraxe-2004-SA#033]
}
{}
{
37 matches
Mail list logo