-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: wv
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: OpenOffice.org
Howdy,
Highly doubtful. It's easy enough to test though - just use the tool
to poke another machine under your control, and use tcpdump or ethereal
to capture all the traffic (don't forget '-s 1500' or similar for tcpdump
to get the *whole* packet).
Sidenote - '-s 0' always adjusts capture
uuups - forgot to cc the list on this one. sorry.
-Forwarded Message-
From: Stefan Janecek [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Re: Automated SSH login attempts?
Date: Fri, 30 Jul 2004 11:45:51 +0200
On Thu, 2004-07-29 at 21:35, [EMAIL PROTECTED] wrote:
On Thu, 2004-07-29 at 19:52, [EMAIL PROTECTED] wrote:
Stefan Janecek wrote:
This does not seem to be a stupid brute force attack, as there is only
one login attempt per user. Could it be that the tool tries to exploit
some vulnerability in the sshd, and just tries to look harmless by
Ali Campbell [EMAIL PROTECTED] wrote:
Do I take it that these things are just trying to log in using some
guessed password(s) ? Out of interest, do we have any idea what these
opportunistic passwords might be ?
As far as I have heared this is an 0day exploit which does nothing but
trying to
[VSA0402 - openftpd - void.at security notice]
Overview
We have discovered a format string vulnerability in openftpd
(http://www.openftpd.org:9673/openftpd). OpenFTPD is a free,
open source FTP server implementation for the UNIX platform.
FTP4ALL is not vulnerable (it doesnt use that
Gregh [EMAIL PROTECTED] wrote:
It was used by me to list various entries in registry which, when lumped
together like that, show off CWS quite easily. Once they are there, removing
them and the progs started by some of them is easy.
This is not the case for all variants of CWS. The newer, sneakier
--== OPEN3S-2004-10-05-eng-oracle-so-libraries ==--
Title:Local Vulnerability in Oracle Products. RDBMS, IAs, etc
All Versions. (10g not tested)
Date: 10-05-2004
Platform: Tested in Linux, Solaris HP-UX but can be exported to others.
Now, if anybody could jump through the hoop and send me the thing or make it
publicly available... all these things are musings, 'it looks as if...' and 'it
seems like...' are not exactly results of an analysis.
Just tracing tcpdump's output is definitely insufficient.
If the tool just sends
I get at least a couple of probes every day. Almost all are refused
because I have a very restrictive /etc/hosts.allow list.
On Fri, 30 Jul 2004 12:14:30 +0200, Stefan Janecek
[EMAIL PROTECTED] wrote:
uuups - forgot to cc the list on this one. sorry.
-Forwarded Message-
From: Stefan
Being from Montreal where CHX-I is developed, I had the chance to use it for
a while on a few servers and workstations, so far I have been impressed by
the product. I do know that it is being used by some government
organization in the states as well as quite a few universities. There are
some
Jan is right - looking at the code might be the only way to know what is
really happening.
We all await your disassembled, debugged and traced code analysis, Jan. =)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jan Muenther
Sent: Friday, July 30, 2004
On Fri, 30 Jul 2004, Andrew Clover wrote:
This is not the case for all variants of CWS. The newer, sneakier
variants can rebuild themselves if they detect a program like HijackThis
removing their registry entries.
Not really new, in the scheme of things. Over 30 years ago, some bored
Regarding removal of newer versions of Cool Web Search.
See this web page.
http://www.pchell.com/support/onlythebest.shtml
I have encountered the problem described on the page and successfully removed the
Hijack using Hijackthis
and AboutBuster.
Spybot and AdAware did not detect the BHO
Greetings list,
Accidentially sent only to Stefan, so redoing it.
On Thu, Jul 29, 2004 at 06:38:15PM +0200, Stefan Janecek wrote:
Hmmm - I have also been getting those login attemps, but thought them to
be harmless. Maybe they are not *that* harmless, though... Today I
managed to get my hands
- Original Message -
From: Andrew Clover [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 30, 2004 9:44 PM
Subject: Re: [Full-Disclosure] Cool Web Search
Gregh [EMAIL PROTECTED] wrote:
It was used by me to list various entries in registry which, when lumped
together
On Thu, 29 Jul 2004, Stefan Janecek wrote:
The compromised machine was running an old debian woody installation
which had not been upgraded for at least one year, the sshd version
string says 'OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10'
But that was not the default debian woody sshd ?
Woody has this
I am interested in finding information on SPI,
eitheralgorithms, and/or open source code,
Hope you can help,
TCS
Look into the iptables/netfilter docs, located here:
http://www.netfilter.org/documentation/index.html
Connection tracking is explained here
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
Regards
Marco Ellmann
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
Dave Horsfall [EMAIL PROTECTED] wrote:
Not really new, in the scheme of things. Over 30 years ago, some bored
prgrammer wrote something for one of the mainframes of the day (ICL?
IBM? Burroughs?) called Robin Hood and Friar Tuck.
Yeah, I was aware of this story; the Jargon File attributes it to
There is a free piece of software somewhere that will grab all the BHOs
(Browser Helper Objects) out of the registry and display them all. Anyone
remember where this software can be found?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rmuge NineFive
On Thursday 29 July 2004 22:57, Frank Knobbe allegedly wrote:
snip
Heya George,
perhaps the engineers are too busy fixing broken legal strategies and
are putting silly software issues on the back=burner.
(After all, why fix it if they file Chapter 11 by end of the year
anyway?)
Hola
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andrew Daviel
Sent: Thursday, July 29, 2004 4:01 PM
To: [EMAIL PROTECTED]
Subject: [Intrusions] Linux SSH scanning - test/guest
FYI
We got zapped by some hackers from, I think, Romania that have a priv
HijackThis: http://www.merijn.org/files/hijackthis.zip
BHODemon 2.0: http://www.definitivesolutions.com/bhodemon.htm
BHPCop (CleanMyPC Registry Cleaner):
http://www.registry-cleaner.net/bho-manager.htm
Dean
-Original Message-
From: Todd Towles [mailto:[EMAIL PROTECTED]
Sent: Friday,
On Fri, 30 Jul 2004 23:36:49 +1000, Gregh [EMAIL PROTECTED] said:
If you dont understand that then I can understand that you dont know how to
get rid of it but the truth is that this way DOES get rid of it. There are
at LEAST 5 variants of CWS. I have met them all and beat them all.
You are probably talking about BHODemon,
which can be found at http://www.definitivesolutions.com/bhodemon.htm .
Kyle
-Original Message-
From: Todd Towles [mailto:[EMAIL PROTECTED]
Sent: Friday, July 30, 2004 11:00 AM
To: 'Rmuge NineFive '; 'Disclosure Full'
Subject: RE: Re:
Could it be possible that there are different versions of this, one
making noise and one much rarer one with an exploit?
-Neal
Andrei Galca-Vasiliu wrote:
I've seen that too, on several machines, different range of ip's. I guess it`s
some sort of a mass bruteforce exploit (there were 50 or more
Frank Knobbe wrote:
(After all, why fix it if they file Chapter 11 by end of the year
anyway?)
We can only hope... maybe if we get lucky they'll be forced to file in
September. Or, perhaps, just fall off the end of the earth... Yeah,
that'd be a good thing.
-Barry
On Fri, 30 Jul 2004 09:59:54 -0500, Todd Towles
[EMAIL PROTECTED] wrote:
There is a free piece of software somewhere that will grab all the BHOs
(Browser Helper Objects) out of the registry and display them all. Anyone
remember where this software can be found?
It should be at
BHODemon works nicely - the home page is
http://www.definitivesolutions.com/bhodemon.htm. Due to recent coverage at
SANS and Slashdot, the following flurry of attention required the author to
get the program distributed via some mirror sites.
- Original Message -
From: Todd Towles
I don't know if you fully understand HiJackThis or maybe I was just
unclear.
HiJackThis wasn't used by me to get rid of CWS as, for example, running
Adaware gets rid of tracking cookies and some installed spyware progs. It
was used by me to list various entries in registry which, when lumped
http://www.definitivesolutions.com/bhodemon.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Todd Towles
Sent: Friday, July 30, 2004 9:00 AM
To: 'Rmuge NineFive '; 'Disclosure Full'
Subject: RE: Re: [Full-Disclosure] Cool Web Search
There is a free
Hi all,
A few colleagues and I started a discussion as to why one should or shouldn't buy an
appliance-based firewall, ids/ips or other security appliance instead of installing
software on a server.
We thought about patching, performance, and other reason for each option but I'd like
to hear
Yep, BHODeamon is the best. Especially the newest version has some major improvements.
Don't have the link but it's very googable and the site is something like
www.bhodeamon.com orso.
Cheers
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've compiled a handful of notes and relevant files at
http://dev.gentoo.org/~krispykringle/sshnotes.txt .
If anybody has any more information or can derive more information from
these files than I have so far, please let me know.
- --
Dan
wgte frauder.us/linux/ssh.tgz
http://frauder.us serves up putty.exe ( v 0.54 ) on connect
as frauder, no extension. Proally not your average admin
tool setup...
m.wood
___
Full-Disclosure - We believe in it.
Charter:
Message: 30
From: Gregh [EMAIL PROTECTED]
Sorry but totally and utterly incorrect. You just do NOT understand what I
have typed. I said that I used HiJackThis to list the entries in a group
then ticked them manually and then removed them. Along with that, it
allowed
you to identify the exe files
Todd Towles wrote:
There is a free piece of software somewhere that will grab all the BHOs
(Browser Helper Objects) out of the registry and display them all. Anyone
remember where this software can be found?
hijackthis shows the bho's
http://www.spywareinfo.com/%7Emerijn/index.html
and some utils
Perfect timing for System Admin Day, a new IE patch
http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--On Friday, July 30, 2004 02:55:04 PM -0300 Bernardo Santos Wernesback
[EMAIL PROTECTED] wrote:
A few colleagues and I started a discussion as to why one should or
shouldn't buy an appliance-based firewall, ids/ips or other security
appliance instead of installing software on a server.
We
On Fri, 30 Jul 2004 09:59:54 CDT, Todd Towles [EMAIL PROTECTED] said:
There is a free piece of software somewhere that will grab all the BHOs
(Browser Helper Objects) out of the registry and display them all. Anyone
remember where this software can be found?
I've always suspected that Browser
On Fri, 30 Jul 2004 09:39:55 EDT, Neal O'Creat said:
Could it be possible that there are different versions of this, one
making noise and one much rarer one with an exploit?
It's more likely that there's one version, making noise and very rarely finding
a box with stupid passwords. It's
Gregh [EMAIL PROTECTED] wrote:
the truth is that this way DOES get rid of it. There are
at LEAST 5 variants of CWS.
Oh, there are *many* more than that.
I have met them all and beat them all.
Obviously you have not met the CWS/About variant. This cannot be removed
with only HijackThis and the
Because you dont know that much about security ??? ( a theoretical you !!)
If you know what you need, and what can you do, you do it by yourself, and
only rely on your capacities.
If you need protection, or at least some kind of monitoring activity, but dont
know much about network security,
The program is called BHODemon. It is available from Definitive Solutions here:
http://www.definitivesolutions.com/bhodemon.htm
On Fri, 30 Jul 2004 09:59:54 -0500, Todd Towles
[EMAIL PROTECTED] wrote:
There is a free piece of software somewhere that will grab all the BHOs
(Browser Helper
Jack, the new variants are not so obvious to detect. They contain hidden
processes or rootkits. Sooner or later they will start to use ADS (alternate
data stream) points to hide.
Anyone can track down anything with a registry snapshot. Do a registry
snapshot and then install your spyware and
On Fri, 2004-07-30 at 13:51, Jan Muenther wrote:
Now, if anybody could jump through the hoop and send me the thing or make it
publicly available... all these things are musings, 'it looks as if...' and 'it
seems like...' are not exactly results of an analysis.
Agreed. The thing *is* publicly
Friends,
Trying to start a good free security site
Any recommendations on site hosting services / Portal framewroks / site
builders...
I have the concept in mind but no time to build the site or resources to
host it myself...
Any help appreciated!!
Thanks
-h
On 30 Jul 2004, at 04:51, Jan Muenther wrote:
Now, if anybody could jump through the hoop and send me the thing or
make it
publicly available... all these things are musings, 'it looks as
if...' and 'it
seems like...' are not exactly results of an analysis.
Someone had posted a link to the
. We pay for point and click, why shouldn't we get it? ;)
ROFL!!! you do, you get it and then pay, and pay and pay again, each and
every new win sploit that is released. And then pay again to have them
MSCE's stare blankly at the root cause
Thanks,
Ron DuFresne
Max,
How big are these networks that use default firewall rules? In a large
growing corporate network, we have to deal with stuff all the time. Users
want to do that...some other company or vendor needs a port open to do
something. They want you to just do it because all the other companies do
- Original Message -
From: Andrew Clover [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 31, 2004 4:26 AM
Subject: Re: [Full-Disclosure] Cool Web Search
Gregh [EMAIL PROTECTED] wrote:
the truth is that this way DOES get rid of it. There are
at LEAST 5 variants of
Does anyone know of a good WEP Cracking Utility that will run on Windows
XP.
Thomas Simmons
Network\Server Support
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
I have found that if you do an end process tree on everything running
that you don't want. Then run through the ADD Remove to remove
everything that you see is not wanted. Follow up with Spybot SD and
then use HijackThis to remove unwanted Reg problems. Often during the
process of removing apps
I will take up arms to write a cleaner for it. I despise programs like this
Since we are talking about 30 variations does anyone know where a person can get
archived versions of all of these?
I've got a machine and the tools and know how to build the tool. I just need to be
infected - wow,
I haven't done too much research into appliance-based devices but you would
guess that are set up for one purpose.
If I was going to build a Snort IDS box, it wouldn't have telnet open and it
wouldn't use HTTP (unless I was using ACID, then I would use SSL).
If I wanted to make a DHCP server -
On Fri, 30 Jul 2004 14:55:04 -0300, Bernardo Santos Wernesback [EMAIL PROTECTED]
said:
A few colleagues and I started a discussion as to why one should or shouldn't
buy an appliance-based firewall, ids/ips or other security appliance instead of
installing software on a server.
Does
Then we await your very simple tool to remove this bad spyware. If you can
do it with Hijack This...then maybe you should talk to the author and start
work on a new program.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gregh
Sent: Friday, July 30, 2004
Grab a copy of any Linux Live-CD and boot it up. Most have AirSnort, Kismet,
Nmap, Ethereal, Ettercap included. You must find the right wireless card to
work with them however.
www.knoppix.com
www.knoppix-std.org/tools.html
www.moser-informatik.ch/
BTW, has WEPCrack ever been ported to Win32?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer
overflow that could be exploited to gain
Gregh wrote:
Absolute and utter rot! I understand YOU may not be able to do it but it CAN
be done. It is simple logic if you want to look at it another way - whatever
can be DONE can be UNdone.
Did you really mean whatever can be done can be UNdone?
How about a format C:? (I haven't seen
Look into the iptables/netfilter docs, located here:
http://www.netfilter.org/documentation/index.html
Connection tracking is explained here
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
Thanks I looked at netfilter a somewhile ago but found nothing on SPI.
Cheers,
Aaron
Hi,
Any recommendations on site hosting services / Portal framewroks / site
builders...
I've heard PHPNuke is pretty solid.
Simon
--
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD ADC6 18A0 CC8D 5706 A4B4
___
Full-Disclosure - We believe in it.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check
for symlink or pipe
Advisory number:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple
Vulnerabilities
Advisory number:
On Fri, Jul 30, 2004 at 05:35:46PM -0400, Raj Varada wrote:
Did you really mean whatever can be done can be UNdone?
How about a format C:? (I haven't seen unformat in a very long time.)
Data can be read off a hard drive until it's been written over like
what...8 times IIRC? So, in theory, one
No unformat? Pfft... you obviously haven't read this article
http://www.computer.org/security/garfinkel.pdf
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Raj Varada
Sent: Friday, July 30, 2004 2:36 PM
To: Gregh
Cc: Disclosure Full
Subject: Re:
On 30 Jul 2004, at 18:01, John Kinsella wrote:
On Fri, Jul 30, 2004 at 05:35:46PM -0400, Raj Varada wrote:
Did you really mean whatever can be done can be UNdone?
How about a format C:? (I haven't seen unformat in a very long
time.)
Data can be read off a hard drive until it's been written over
Has any one dealt with a similar thing called searchweb2.com?
This installed itself into two folders: C:\Program Files\htm acid soap,
and C:\Documents and Settings\All Users\Application Data\spam wipe that
audio and then integrated itself into Internet Explorer as a Search Bar,
that you can't
[SNIP]
An often overlooked issue is that the right choice for a clued and technically
competent site is quite often a poor choice for a site that's not able to
get its clue together. And there's a lot more of the latter than the former.
Which is also a reason some opt for another
On Fri, 30 Jul 2004, Aaron Gray wrote:
Look into the iptables/netfilter docs, located here:
http://www.netfilter.org/documentation/index.html
Connection tracking is explained here
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
Thanks I looked at netfilter a
Anyone have pointers to a free (open source) tool or methodology to
crack MS Office encrypted files? Both brute-force and smarter methods
are fine, smarter preferred, of course :)
I believe that Office encrypts files using RC4, is that correct?
Thanks,
-- Raju
--
Raj Mathur
74 matches
Mail list logo