First Last wrote:
1). Establish Computer Emergency Response Team for our country.
This needs further definition. Are you looking at
anti-virus/hacker/anything response strictly? If so, I'd almost look
towards McAfee or Symantec for possible partnership with their already
extensive networks.
Excellent points Ron! Encouraging to see intellectual people on this
list. I was going to bring up the exact same things. Now on to good
'ole Nick...
(we're all still waiting anxiously to see a single sentence worth reading actually
come from your keyboard)
Since when do you speak for
Thanks for the support. =) Obviously I agree with your points.
I do believe, however, that this is a waste of time to send to the
list. I, personally, will reply directly to Nick (if even necessary)
from now on to save the soap opera from being dragged through the list
as well.
Yes, I ment to
I suggest kicking people of the list for even mentioning gmail again. I'll take my
chances on any of these guys finding a 0day and then not being able to release it
through full-disclosure.
Cheers,
SkyLined
- Original Message -
From: Sandeep Sengupta [EMAIL PROTECTED]
To: [EMAIL
agree!
Berend-Jan Wever wrote:
I suggest kicking people of the list for even mentioning gmail again. I'll take my
chances on any of these guys finding a 0day and then not being able to release it
through full-disclosure.
Cheers,
SkyLined
- Original Message -
From: Sandeep Sengupta
Hello,
The german IT security company Securepoint has hired Sven
Jaschan, who wrote and spread the Sasser Internet worm,
which caused widespread and costly damages to legions of
Windows computers.
He will work as a developer for security softwares such as
firewalls.
This is a scandal! Whether
Smells like a hoax or rather a 419-er scam.
1., writes from a hotmail account
(hotmail ~ community of horny neonazi bootlegger scamming
phisers)
2., the guy remains anonymous
3., doesn't even name the country
Don't let yourself be fooled!
___
Regardless of whether or not this is a hoax, it is still quite an
interesting point for discussion - granted, this list is probably not
the best place to post.
If I were posing this type of 'RFC' query, and I was involved in a
particular country's infrastructure, and said infrastructure was
A report issued by Symantec found that:
The average time period between the disclosure of a vulnerability and its
first exploit by hackers collapsed from several weeks in past reports to
less than six days in the first half of 2004.
'In some cases, we saw global exploits in less than two
Smells like a hoax or rather a 419-er scam.
what's your definition of a hoax/419er?
1., writes from a hotmail account
(hotmail ~ community of horny neonazi bootlegger scamming
phisers)
and freemail.hu users are paranoid communists who smoke weed?
generalizations suck...
2., the guy
202.70.64.15 = [ munal.ntc.net.np ]
inetnum: 202.70.64.0 - 202.70.95.255
netname: NTCINTERNET
descr:Nepal Telecommunications Corporation
descr:Cellular Mobile and New Services Department
descr:Pulchowk Kathmandu
country: NP
Granted, he could've forged
it seems like there is a jpg worm in the wild???
i've been getting strange auto messages in my MSN
messanger with the pic. link
#22914;#26524;#24744;#23490;#23518;#12289;#31354;#34395;...http://www.xf2s.com/msn/wode.jpg#32005;#34966;#35222;#35258;.#24433;#38899;#22899;#20778;
i may be wrong..
Does it not strike anyone that there is a disturbing trend in malicious hackers (yes,
yes, I know, they are not hackers if they are malicious, so call em whatever you want)
getting hired to security firms, mainly because the hacker gets media attention? It
is honestly like we are declaring to
thats... funny! but why does the link seem to be
popping up from several MSN messanger autometically!!!
Atlest out here in NEPAL. I was chating with my
friends and all seem to have the same symptoms )O;
bipin
--- Peter Kruse [EMAIL PROTECTED] wrote:
Hi Bipin,
Thanks for the heads up.
This is the story of our country Nepal, i can say this
through email header cauz we share the same proxy
server of our ISP!!! CAUGHT DUDE, sorry You
should have used a public proxy???
---
Anyways, have a look at
http://www.sans.org/resources/policies/
On Sep 20, 2004, at 11:21 AM, Feher Tamas wrote:
Hello,
The german IT security company Securepoint has hired Sven
Jaschan, who wrote and spread the Sasser Internet worm,
which caused widespread and costly damages to legions of
Windows computers.
what about legions of bad admins and bad coders,
On Mon, 2004-09-20 at 11:21, Feher Tamas wrote:
Hello,
The german IT security company Securepoint has hired Sven
Jaschan, who wrote and spread the Sasser Internet worm,
which caused widespread and costly damages to legions of
Windows computers.
He will work as a developer for security
If he has fulfilled all the obligation of his sentence, whats wrong with him
being allowed to seek gainful employment that plays to his skills?
Second chance anyone? Being allowed to learn from his mistakes?
- Original Message -
From: Feher Tamas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
This is the story of our country Nepal, i can say this
through email header cauz we share the same proxy
server of our ISP!!! CAUGHT DUDE, sorry You
should have used a public proxy???
---
Anyways, have a look at
http://www.sans.org/resources/policies/
What you're forgetting is the fact that the kid probably has more
skills than most of the people in the industry. He may be a criminal,
but he's a darn good person to have working on your side.
___
Full-Disclosure - We believe in it.
Charter:
This is the story of our country Nepal, i can say this
through email header cauz we share the same proxy
server of our ISP!!! CAUGHT DUDE, sorry You
should have used a public proxy???
---
Anyways, have a look at
http://www.sans.org/resources/policies/
I'd say, if you're going to lose your ethics over this issue, and
you're based in the US, that you'd need to do it before all the
anti-terrorist laws get hot and heavy, or your plan won't work.
Personally, there are plenty of areas in life where this type of
unfair behavior exists. I try not to
Well, thank god the phone compaines didn't do this type of action back
in the day. Blueboxing anyone?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of bb
Sent: Monday, September 20, 2004 5:32 AM
To: Feher Tamas; [EMAIL PROTECTED]
Subject: Re:
Michael,
Windows XP home edition hides the administrator account and disables access
to it entirely even from a manual login unless you are in safe mode. This
seems to be the most likely explaination of this hidden admin account.
Regards,
Larry
- Original Message -
From: Michael
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-04:14.cvs.asc Security Advisory
The FreeBSD Project
Topic:
The trend of Anti_Virus companies buying out security services companies has seriously
caught my atttention.
Will Symantec keep LophtCrack listed as a virus/trojan?
Will the writer of BackOrifice 2000 (DilDog) now work for an Anti-Virus company?
Is this Aquisition the reason why so many people
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Nick Jacobsen
Sent: Monday, September 20, 2004 10:11 AM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Scandal: IT Security firm
hires the author of Sasser worm
Does it not strike
Todd...what on earth makes you think they did not?
This is not new behavior...at all.
Exactly. If you don't really believe that the movie
Catch me if you can was based on a true story, check
out this site:
http://www.abagnale.com/index2.asp
On Mon, 2004-09-20 at 12:18 +0200, adf--at--Code511.com wrote:
On Sep 20, 2004, at 11:21 AM, Feher Tamas wrote:
Hello,
The german IT security company Securepoint has hired Sven
Jaschan, who wrote and spread the Sasser Internet worm,
which caused widespread and costly damages to
Excellent point. And it is not just about hackers. There are companies out
there which will do
some violations, pay the fine, and then do business as usual, if they figure
that the profits
that they make justifies paying the fine.
It just means that our legal system is not good enough.
The
On Mon, Sep 20, 2004 at 09:38:49AM -0400, stilist wrote:
What you're forgetting is the fact that the kid probably has more
skills than most of the people in the industry. He may be a criminal,
but he's a darn good person to have working on your side.
Absolutely not.
He's demonstrated his
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 550-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 20th, 2004
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
please re-read the full text.
-Original Message-
From: Larry Mitchell [mailto:[EMAIL PROTECTED]
Sent: Monday, September 20, 2004 9:53 AM
To: [EMAIL PROTECTED]; Chris Norton; Michael Scheidell;
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL
it revolves around the issue of who know's what
the arsonist who burns down the city after torching his house doesn't get
a job with the fire department as anyone can start a fire
young man with ability to code a novel worm (as opposed to script kiddies
pullin trigger on sploit) is deemed to be
Does it not strike anyone that there is a
disturbing trend in
malicious hackers (yes, yes, I know, they are not
hackers if
they are malicious, so call em whatever you want)
getting
hired to security firms,
Regardless of the reason for hiring these individuals,
this fact should be
Todd...what on earth makes you think they did not? This is not new
behavior...at all. The practice has been going on for years, long before
PCs/Internet. Face it, people who can break security are valuable to
those trying to create it.
[EMAIL PROTECTED] wrote on 09/20/2004 09:38:07 AM:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hahahahehehohoho good cathc froggy
DilDog dildog Wrote teh first version of that beloved piece of softwaer
known as Back Orifice 2000
Platform: Windows 2000 Severity: A local usar can elev8 privileges too
SYSTEM. Author: DilDog [EMAIL PROTECTED]
The trend of Anti_Virus companies buying out
security services companies has seriously caught my
atttention[sic].
Why does this seem to have suddenly caught your
attention? This has been going on for a while.
Will Symantec keep LophtCrack listed as a
virus/trojan?
Why are you asking this
Tell me how many of the previous virii writers have gotten a job from writing a virus?
Kids who are dumb enough to believe that you can get a job from writing a virus are
too dumb to write one that is going to do much damage in the first place.
Now tell me how many programmers who have written
[EMAIL PROTECTED] wrote:
Face it, people who can break security are valuable to
those trying to create it.
I would agree with you if this guy had discovered the LSASS
vulnerability himself. But if I remember correctly, it was discovered by
those clever people at eeye. Now I don't consider
Think of this not so much as criminal vs. noncriminal but in warfare
terms. Security defenders have to design fortifications to keep out
attackers.
If I am trying to build field fortifications and my forces have captured
one of the enemy's designers of attacks, I might very reasonably want to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Interesting. It would appear to not be a JPEG worm, but rather to be
the regular old CHM exploits. The interesting thing about it is that
it simply calls a link that was posted to FD last week.
The JPG is simply HTML, which loads http://www.xf*s.com/msn/1.jpg into
the main page, with
On Sep 20, 2004, at 11:35 AM, Fred Newtz wrote:
The penalties have to be such that one is deterred from committing
a crime.
Well...
This has never worked before, just look at NYC and the drug laws
there. Shoot, how come the death penalty does not deter people from
committing murder?
No
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--On Monday, September 20, 2004 01:35:46 PM -0500 Fred Newtz
[EMAIL PROTECTED] wrote:
This has never worked before, just look at NYC and the drug laws there.
Shoot, how come the death penalty does not deter people from committing
murder?
If it was a deterrent, it would be called the death
ktabic wrote:
Well, I vaguely recall laws that state that a convicted criminal isn't
allowed to profit from his crime, even after he has served his sentence.
This does, however, sound like he is profiting from his crime.
Think: would he have been given this job if he hadn't had his named
plastered
On Mon, Sep 20, 2004 at 05:03:59PM +0200, Vincent Archer wrote:
Which of those are more important to you? Trust or technical skills?
speaking of trust, long time ago pink floyd asked in a song
http://www.pink-floyd-lyrics.com/html/mother-wall-lyrics.html
Mother should I trust the government?
guess they shouldnt have publicized it. ( who cares )
@stake / Symantec - business is business, Symantec is aquiring not only
tools and expertise,
but possibly more importantly a broader, richer client base. ( again, who
cares )
I do however find this interesting... the below suggests that a
Very, very seriously, get a consultant at least for the design portion
of the project.
Remotly performed work may allow you to get around various forreign
employment issues. Politics with this sort of issue is always a
problem, but there really is no substitute for an expert.
Good luck.
i wouldnt exactly call fc a 'coder'
he slaps together delphi code from other sources
and if GFI aquired him it'd create less business
knowing that he also creates backdoors within his
backdoors using masterpasswords i.e. the trojan
'infector' had the masterpass ITS_ME_FC
here's some examples of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Mon, 20 Sep 2004 14:44:41 -0700, Stryc9 _ [EMAIL PROTECTED] wrote:
What is with the current state of debate in the Information Technology
sector? Why does every post seem to follow the very illogical and
seemingly uneducated format of:
1.) point
2.) bad, stupid analogy
3.) ???
4.) I am
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 17 Sep 2004, nobody wrote:
IF you people really do think billy's *that* retarded, you'd better
improve your sense of humor... One can't be that retarded in the IT
field... :P
Two words: antionline.com
- --
The Internet must be a medium for it
Actually, the idea of hiring people such as author of Sasser worm is to get
their
brilliance minus the negative effects of them being unreliable. How will the
company
which hires such guys ensures that for instance he does not take away
company's
IP secrets, hack into company's network or hack
56 matches
Mail list logo