-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 20 Sep 2004, bb wrote:
If he has fulfilled all the obligation of his sentence, whats wrong with him
being allowed to seek gainful employment that plays to his skills?
He hasn't even been sentenced yet, or in fact tried... However, from the
Mr. Thomas,
Oh, do shut up! Three words: Robert Morris Junior!
-- Greg
On or about 2004.09.20 11:21:23 +, Feher Tamas ([EMAIL PROTECTED]) said:
Hello,
The german IT security company Securepoint has hired Sven
Jaschan, who wrote and spread the Sasser Internet worm,
which caused
Using slashdot memes to criticize farking analogies? Your objection to using
analogies may be credible if you can explain your point without slashdotting
fark analogies.
Date: Monday, September 20, 2004 4:44 PM
To: full-disclosure [EMAIL PROTECTED]
From: Stryc9 _ [EMAIL PROTECTED]
Subject:
All the guys from @stake, securityfocus, fatelabs
What do you know about their past?
Look at all the famous hacker sites 10 years ago. They are all security
consultants now.
If your 15 year old son steals $50 out of your purse, do you shoot him?
Ok. It's not much. Do you shoot him if it
On Mon, 2004-09-20 at 15:43 -0400, Barry Fitzgerald wrote:
ktabic wrote:
Well, I vaguely recall laws that state that a convicted criminal isn't
allowed to profit from his crime, even after he has served his sentence.
This does, however, sound like he is profiting from his crime.
Think:
the best legal hackers (not me) came from 'the scene' and are still
active there...
the smartest legal hackers team up with 'crackers' and learn the trics
from them fast
(the shit is that the trics change every day :-)
on the other hand, I would not hire a burglar to put new locks on my
doors;
On Mon, 2004-09-20 at 14:57 -0400, [EMAIL PROTECTED] wrote:
Think of this not so much as criminal vs. noncriminal but in warfare
terms. Security defenders have to design fortifications to keep out
attackers.
If it is warfare, it isn't warfare in the sense you are putting forward.
There are no
Dear Peter,
You mean all the would-be blackhats-turned-sellouts? Yea, sure,
SecurityFocus spawned such elitists as BlueBoar(you know we love you),
Aleph1(we love you too sweetums), etc, etc. Who can forget our pals
from f8Labs, gotta love that 'Loki' guy! In all seriousness though(I
know it's
On Mon, 20 Sep 2004, Vincent Archer wrote:
He has also demonstrated his absolute lack of ethical restraint, [...]
This makes him a perfect employee for any modern business because he won't
make trouble when his employer lies to its customers and sells crappy
products and services to them. :P
On Mon, 20 Sep 2004 14:57:13 -0400, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Think of this not so much as criminal vs. noncriminal but in warfare
terms. Security defenders have to design fortifications to keep out
attackers.
If I am trying to build field fortifications and my forces have
Note, this isn't addressed to the admin's or virus
helpdesk folks, but to the whitehats trying to sell
another product or service and try to pretend that
they did it out of the good of the community.
===
Did everyone just sober up from defcon
On Mon, 2004-09-20 at 09:38 -0400, stilist wrote:
What you're forgetting is the fact that the kid probably has more
skills than most of the people in the industry. He may be a criminal,
but he's a darn good person to have working on your side.
Really?
What about his abilites is so impressive?
cry cry, moan moan!!
z
you made me waste about 1 mintue of my life reading this little rant, is the
real problem that your not getting enough attention?? do you need some
loving in your life??
come on guys group hug syke needs some attention!!!
YAY FOR SYKE!!!
YAY!!!
that enough for you
On Mon, 2004-09-20 at 09:38 -0400, stilist wrote:
I'm just intrested in knowing what makes him so special to most of the
people in the industry.
He appears on tv
___
Full-Disclosure - We believe in it.
Charter:
On Mon, 2004-09-20 at 11:11 -0700, Harlan Carvey wrote:
Todd...what on earth makes you think they did not?
This is not new behavior...at all.
Exactly. If you don't really believe that the movie
Catch me if you can was based on a true story, check
out this site:
I'm just intrested in knowing what makes him so special to most of the
people in the industry.
His CV contains real experience. The HR manager isn't sure what it all means.
He appears on tv
The shareholders on the other hand love the guy, we know who he is,
and we (think we) know he's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 551-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 21st, 2004
On Tue, 2004-09-21 at 05:08 -0700, Harlan Carvey wrote:
The other is a virus writer who used a flaw developed by someone else,
and propagated by a meathod that has been used countless times before,
and really introduced nothing new.
So lets say someone did not turn him in and he never got
Dear ktabic,
Piss off and die plz. Tnx!
Bye.
(Hate to spam the rest of the list but just deal with this retards inane comments any longer).ktabic [EMAIL PROTECTED] wrote:
On Tue, 2004-09-21 at 05:08 -0700, Harlan Carvey wrote: It's pretty clear, then, how this particular example compares to the
- Forwarded message from Ulf Härnhammar [EMAIL PROTECTED]
-
Date: Thu, 16 Sep 2004 12:24:39 +0200
From: Ulf Härnhammar [EMAIL PROTECTED]
Reply To: Ulf Härnhammar [EMAIL PROTECTED]
Subject: A correction to UNIRAS ALERT - 34/04
To: [EMAIL PROTECTED]
Hello,
I think this
uhm... are we getting a little bit too excited?
jamie fisher wrote:
Dear ktabic,
Piss off and die plz. Tnx!
Bye.
(Hate to spam the rest of the list but just deal with this retards inane
comments any longer).
___
Full-Disclosure - We believe in it.
Larry Seltzer wrote:
If you don't really believe that the movie Catch me if you can was
based on a true story, check out this site:
http://www.abagnale.com/index2.asp
I don't want to put words in anyone's mouth, but I hope we're not
comparing a genius like Abagnale to vandal like Jaschan,
Nick Jacobsen wrote:
Does it not strike anyone that there is a disturbing trend in malicious hackers (yes, yes, I
know, they are not hackers if they are malicious, so call em whatever you want) getting hired to
security firms, mainly because the hacker gets media attention? It is honestly like
He wrote a worm. Big freaking deal.
Yeah, very big freaking deal. He loosed an attack he had good reason to
believe would do damage to innumerable people all over the world. He
belongs in jail and for a long time, if only to send a message that such
behavior is wrong.
And anyone who trusts
ktabic wrote:
- Have you ever exceeded 20 mph above the speed limit? If so,
does that make you incapable of driving a big rig truck? If so, I think
we should probably be very wary of our use of the roads. It's much more
difficult to get a commercial license if you've been caught
ktabic wrote:
No, no need to spell it out any clearer. You made my point.
Mr. Abagnale is an expert in and on the finacial institusions and fraud,
who (in return for a reduced sentence) provided that immense knowledge
to the industry and has even worked towards getting the industry to
adopt
###
Luigi Auriemma
Application: PopMessenger
http://www.leadmind.com
Versions: = 1.60 (before 20 Sep 2004)
Platforms:Windows
Bug: crash
Risk: medium
Larry Seltzer wrote:
He wrote a worm. Big freaking deal.
Yeah, very big freaking deal. He loosed an attack he had good reason to
believe would do damage to innumerable people all over the world. He
belongs in jail and for a long time, if only to send a message that such
behavior is
I am a Security Engineer with beginner UNIX knowledge. I need to support
secure process to process communications on Solaris 2.5.1 servers and want a
COTS product or some easy solution. Can anyone point me in the right
direction? I am stuck with 2.5.1 at least until year end. Clients are
mostly
Saying that no teenager can be reformed is like saying you
can't change your mind about what to eat for dinner. I have
over 13 convictions and have been in prison as well as spent
more than my fair share of time in county jails.
However, that has been 10 years now and I am integrated
Feher Tamas [EMAIL PROTECTED] writes:
The german IT security company Securepoint has hired Sven
Jaschan, who wrote and spread the Sasser Internet worm,
which caused widespread and costly damages to legions of
Windows computers.
I don't know about the names of the company and the alleged
Title: OpenBSD radius authentication vulnerability
Summary:Authentication can be bypassed when radius-authentication is
used on OpenBSD.
Impact: Unauthorized access to the system
Software: OpenBSD 3.2 and OpenBSD 3.5 confirmed vulnerable.
Workarounds:
On Tue, 21 Sep 2004 11:40:43 -0400, Stephen Taylor
[EMAIL PROTECTED] wrote:
I am a Security Engineer with beginner UNIX knowledge. I need to support
secure process to process communications on Solaris 2.5.1 servers and want a
COTS product or some easy solution. Can anyone point me in the right
Hi guys,
from a home computer I'm seeing lots of traffic generated from
explorer on port 1472 towards the microsoft-ds port, typically
on IP addresses starting with 35.xx.xx.xx
It looks like a worm but I could not find any references around
and Trend Micro detects nothing.
Also there is some
Barry, are you related to Nick by any chance?
~pingywon MCSE
http://www.pingywon.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Fitzgerald
Sent: Tuesday, September 21, 2004 14:09
To: Larry Seltzer
Cc: [EMAIL PROTECTED]
Subject: Re:
pingywon MCSE wrote:
Barry, are you related to Nick by any chance?
Not to my knowledge.
-Barry
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Keylogger?
http://www.pestpatrol.com/pestinfo/k/klp32.asp
Regards,
Brent
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Giuseppe
Milicia
Sent: Tuesday, September 21, 2004 3:14 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Lots of traffic on port 1472
On Tue, 2004-09-21 at 19:29, Larry Seltzer wrote:
He wrote a worm. Big freaking deal.
Yeah, very big freaking deal. He loosed an attack he had good reason to
believe would do damage to innumerable people all over the world. He
belongs in jail and for a long time, if only to send a message
On Tue, 21 Sep 2004 11:40:43 EDT, Stephen Taylor said:
I am a Security Engineer with beginner UNIX knowledge. I need to support
secure process to process communications on Solaris 2.5.1 servers and want a
COTS product or some easy solution. Can anyone point me in the right
direction? I am
klp is a keylogger. you probably have some (oak?) variant of it. follow
this link to learn more about it/get rid of it...
http://www.pestpatrol.com/pestinfo/k/klp32.asp
regards,
~michael
-Original Message-
From: Giuseppe Milicia [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 21,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Fri, 17 Sep 2004 15:34:09 CDT, Michael Wilson, Contractor said:
IBM had decided that the average user (of their systems) cannot be trusted
with even knowing about their systems administrative access, much less the
password.
The funny/sad part is that, in general, IBM is right on this
Hi list,
I'm tryin' to study Heap Overflow
mentioned by MS04-028 in GDIPLUS.DLL
library.
After some test, I've found that the
position of dword able to
control EDX register (as Nick D. said) is
on the5th DWORD,
counting after the malformed "FFFE"
header.
A malformed JPEG header looks
Guys,
thanks a lot for the tips, indeed there was a KLP keylogger.
I removed it, but it seems that something else is amiss,
I still see lots of traffic from explorer.exe on the 1472 port.
from a home computer I'm seeing lots of traffic
generated from
explorer on port 1472 towards the
Dear ladies and gentlemen,
I am a proud user of the Pinnacle ShowCenter 1.51. When I was playing
around with the system, it seems I have found a denial of service attack
against the web interface.
First I did manually a HTTP GET request that selects a non-existent
skin:
Hello Ken,
Sorry for the delay in responding to your email, but I am currently very
busy.
I originally wanted to respond to your questions via an article (since that
would allow me to present my arguments in a better format), but since I
don't have time to do it now, I will (for now) just
I removed it, but it seems that something else is
amiss,
I still see lots of traffic from explorer.exe on the
1472 port.
Have you captured any of this traffic?
The traffic is indeed coming from a system I have
control of,
I still have no dumps though. I can see nothing
worrying apart
Hello Giuseppe, at first glance it sounds like a keylogger, though it
could be anything. Are you able to locate that file on your system? If
so, try getting the properties of it and see what information is
available under the Version tab. Also, you can try opening it up in
Notepad to see what you
Do you honestly expect any right thinking person to disagree? This
practice is literally no different than a local police force hiring
convicted felons on as officers because they have a deep understanding
of the criminal mind.
Bad analogy again. If the courts had hired him to secure their
cool, another proponent of hiring criminals for security, might as well
have reduced it to two words, Kevin Mitnick, at least then folks would
have gotten a chuckle out of your reply! gryn.
If we are going to just end up hiring these common criminals, why even try
them in court? We might as
I know this may sound silly, but the last time this happened to me; I
checked up and found my p2p client going overactive.
Harlan Carvey wrote:
I removed it, but it seems that something else is
amiss,
I still see lots of traffic from explorer.exe on the
1472 port.
Have you captured any of
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick
Jacobsen
Sent: Tuesday, September 21, 2004 12:11 AM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Scandal: IT Security firm hires the
author of Sasser worm
Does it not strike anyone that there
C'mon Larry, you and I know that your comments below were made purely
for flame value.
'He loosed an attack he had good reason to believe would do damage to
innumerable people...'
You're a journalist...no, you're an *editor*. Your statement above is
far too general to be of any substance.
ahh, yes, but trust is a major component of this business. would you
hire the person that sole all your valuables from your home to guard it
for you? would you really trust them if you were ignorant enough to do
so?
Thanks,
Ron DuFresne
On Wed, 22 Sep 2004, Brad Griffin wrote:
as someone who often works as an expert in trials involving computer
fraud and abuse, i've developed opinions in this area, and at the risk
of stating the obvious and making this discussion even more tedious,
i'll voice some of them now, with your indulgence.
i have seen people convicted who
Dear Italian Elf,
You wrote:
In this point we can control the value of EDX (it's overwritten by
0x43434343 dword inside JPEG header), but it's difficult escape
from the heap and take the full control on execution.
I also have difficulty escape from the heap. Maybe we can do lunch some
56 matches
Mail list logo
