On Thu, Sep 25, 2003 at 12:08:57PM +0200, Michal Zalewski wrote:
On Thu, 25 Sep 2003, Florian Weimer wrote:
Especially as some of the flaws (the replay attacks) are actually
documented in the manual.
And correct me if I am wrong, but it appears to me that replay attacks are
not that
Hi.
Raj Mathur wrote:
Uh, has anyone bothered asking DMA the reason for the delay? You may
not get any reasonable explanation, but at least give the man a chance
to defend himself before condemning him.
From my point of view this was no attempt to condemn anyone, but was
meant as getting a
Kristian Hermansen wrote:
Dido.. Everytime I send a post I get about 20 bounce backs.
20? How? At least twice that much... even more if there is vacancy time
in many countries.. summer and the like. They did kick a lot of those
out of office-subscribers a few weeks ago, but it did help only
On Wed, Sep 24, 2003 at 12:48:01PM -0400, [EMAIL PROTECTED] wrote:
On Wed, 24 Sep 2003 11:12:12 EDT, Richard M. Smith [EMAIL PROTECTED] said:
For most Windows users, I bet that the only time DCOM ever gets used, if
at all, is to run worms like MSBlaster and Welchia.
Isn't DCOM needed
On Thu, Sep 25, 2003 at 11:34:40AM -0500, Schmehl, Paul L wrote:
backdoor passwords in case of emergency, and all BIOSes can be easily
reset to default passwordless configuration.
Without knowing the password you couldn't put the password back
correctly so it would be obvious that the BIOS had
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-03:14.arpSecurity Advisory
The FreeBSD Project
Topic:
I have already contacted the vendor, but be careful about your f-prot
updates today. It looks like they put an old def file from May 26th on
their ftp site. The UNIX update script will happily fetch and install this.
avscan2# nslookup -type=ns f-prot.com
Server: resolver1.sentex.ca
Address:
Dave Ahmad picked up on my post and responded privately. He doesn't
have any objections to my forwarding his messages to FD, hence
forwarding without prejudice.
-- Raju
--
Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF
I found that SAM file could be replaced just like PWL files
in Win9x. I posted the following to Bugtraq, but in spite of
posting twice it never appeared in the list... (possibly moderated)
Folks, go ahead and change the boot options in your BIOS ASAP.
I guess this fallacy will never go away.
The increase in volume appears to coincide with
flashky's (xfocus.org) 9/20 post The Analysis of RPC
Long Filename Heap Overflow AND a Way to Write
Universal Heap Overflow of Windows. Coincidence?
-Original Message-
From: Williams Jon
[mailto:[EMAIL PROTECTED]
Sent: Thursday,
I'm thinking that there *has* to be a variant of Nachi/Welchia in the
wild. We have machines that were patched for MS03-026 (verified by
scanning with multiple scanners) but not patched for MS03-039 (ditto)
and they have been infected by something that triggers my Nachi rule in
snort. This
Thanks ^^
Would you know any good DBSBLs?
I've been looking for some good ones... But since Osiru died... I can't find
a good one *cry*
Also, would it be too much for the mod of this list to just cause new
subscribers to be moderated until their first VALID post?
Just an idea =/
-
On Thursday 25 September 2003 12:27 pm, Schmehl, Paul L wrote:
The From or Return-Path address specified by the MAIL FROM:
transaction in the SMTP session is the real email address of the
infected user, or at least is what they entered on the fake
MAPI dialog
that Swen uses to get that
On Thu, 25 Sep 2003, Gerhard den Hollander wrote:
They are running mailman ... mailman can be horrendously slow (esp with a
large volume (traffic * number_of_subscribers) .
3 hour delays with mailman mailinglists is pretty common.
Who they?
Hi! This is the ezmlm program. I'm managing the
If you were as annoyed as i was with
your mailboxes being bombarded I looked up native email filtering for microsoft
environments. The link is a basic script to get u started. This
works on the Microsoft SMTP service on NT4,2000, and 2003
http://software.high-pow-er.com/EvenSink.zip
f-prot fixed it as of 20:00 GMT and confirmed to me via email that the root
of the problem was found and corrected!
---Mike
At 03:03 PM 25/09/2003, Mike Tancsa wrote:
I have already contacted the vendor, but be careful about your f-prot
updates today. It looks like they put an old def
My advice to anyone who gets bounce backs from posting to bugtraq is
to save and forward all bounces to the admin contact for the list.
I usually get a thank you, they'll be promptly unsubscribed in
response.
Darren
___
Full-Disclosure - We believe in
On Thu, 25 Sep 2003 12:04:14 -0500, Brian Eckman wrote:
It is unknown how the audio.exe file got onto the computer hard drive
in the first place.
It is almost guaranteed to have been via the MS03-032 IE object tag
vulnerability. The trojan you found is a variant of the Autoproxy
trojan,
Am getting a Distributed (several diverse net blocks) and fair quantity
(100 packets per min. per IP) of port 6881 hits...
Any idea what this is (other than possibly BT - Snark - per google)...
No I have not run / analysis with a sniffer... Currently hitting the
FW...
Paul
Schmehl, Paul L [EMAIL PROTECTED] to Joe Stewart:
The From or Return-Path address specified by the MAIL FROM:
transaction in the SMTP session is the real email address of the
infected user, or at least is what they entered on the fake
MAPI dialog
that Swen uses to get that
Paul Johnson wrote:
Am getting a Distributed (several diverse net blocks) and fair quantity
(100 packets per min. per IP) of port 6881 hits...
Any idea what this is (other than possibly BT - Snark - per google)...
No I have not run / analysis with a sniffer... Currently hitting the
FW...
TCP, I
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Curt Purdy
Sent: Friday, 26 September 2003 2:57 a.m.
To: 'Jordan Wiens'; 'GARCIA Lionel'
Cc: 'Full-Disclosure (E-mail)'
Subject: Re: [Full-Disclosure] What about astalavista.net
They are two
-BEGIN PGP SIGNED MESSAGE-
From: Schmehl, Paul L (pauls_at_utdallas.edu)
Date: Sep 25 2003
One more in the idiot bin
The fact that the best you can do is call me an idiot for having the
temerity to raise deadly serious issues says a lot more about you than
it does me. It might be okay
Would you know any good DBSBLs?
Be _very_ careful with some of these. I know one imparticular, Osirus
Relays (relays.osirusoft.com) makes it just about impossible to get off
their list once you're on meaning you risk blackholing legitimate
traffic. To get off this list, they require you email
-Original Message-
From: Nick FitzGerald [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 25, 2003 5:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Swen Really Sucks
Swen has code to locate the Default Mail Account under the Internet
Account Manager registry key
We have seen a number of infections of Nachi/Welchia on patched systems. Was
told that the MS03-026 patch was only 60% effective, so you still had a 1 in 3
chance of being infected. Apparently the MS03-039 patch fixes the entire
vulnerability and not just some of it. We re-enforced the rule for
Sure enough, this works under most of the browsers I've tried, and at
least shows the pittfalls of not cutting your session cookies short, or at
least periodically killing, at least, login cookies. Damn, even Microsoft
does a better job of it. Dotster and others don't seem to have this
problem
windows 2000 professional all patches
kaboom:
not only was wmplayer overwritten..with text..
but IE 6 DIED .. then launched a command window
command prompt labelled 'C:\PROGRA~1\WINDOW~1\wmplayer.exe'
followed quickly by ...
--dialog box--
16-bit MS-DOS Subsystem
Don't worry, nobody's going to have that referer, except for the
partners Verisign sells advertising to. ;)
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Schmehl, Paul L [EMAIL PROTECTED] replied to me:
Swen has code to locate the Default Mail Account under the Internet
Account Manager registry key then to extract the SMTP Email Address
value appropriately. This is then stored in a variable in the virus
that is later used for the
To the skilled but flawed fake at http://www.phrack.nl/phrack62/ and
your mail Mr. Rueubens.
Do any of you have anything to say about that? When you say look for
yourself surely you don't mean to claim that Average Joe Admin has
the
requisite skillset and detailed knowledge necessary to spot
At 04:18 PM 9/25/03 -0400, Matsu Kandagawa wrote:
All the while wishing I could spit in your face.
For the life of me, I cannot fathom why people devote so
much time and mental effort to assassinating each others'
character publicly in this forum. Let's just get this
out of the way once and for
Nah... nothing happened, for example, to Foundstone after this scandal:
http://www.fortune.com/fortune/technology/articles/0,15114,457276,00.htm
Two - if Geer was fired as a result of the report (and only Chris or
someone equally high up at @stake knows the truth - I invite them to
comment),
myServer 0.4.3 Directory Traversal Vulnerability
.oO Overview Oo.
myServer version 0.4.3 shows files and directories that reside outside the
normal web root directory.
Discovered on 2003, August, 23th
Vendor: Myserver (http://myserverweb.sourceforge.net/forum/portal.php)
MyServer is a free,
This was released yesterday just incase nobody noticed.
http://www.ccianet.org/papers/cyberinsecurity.pdf
Among the authors are Bruce Schnier, Dan Geer, and Charles Pfleeger.
Interesting read.
___
Full-Disclosure - We believe in it.
Charter:
They are going to need to update Dan Geers title in the report...
Microsoft critic loses job over report
http://www.msnbc.com/news/971914.asp?0si=-
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
Oddly his leaving the company was effective on the 23rd, but the article
wasn't released to the general public until the 24th (at least that's
how it's dated). I wonder if he may have resigned.
On Thu, 2003-09-25 at 21:45, Richard M. Smith wrote:
Yep, confirmed by Internet Explorer/Google:
Yep, confirmed by Internet Explorer/Google:
Daniel E. Geer, Jr., Sc.D. Chief Technology Officer.
http://www.atstake.com/company_info/dgeer.html
Object not found!
The requested URL was not found on this server. The link on the
referring page seems to be wrong or outdated. Please inform the
At 10:08 PM 9/25/2003 -0400, Jonathan A. Zdziarski wrote:
Oddly his leaving the company was effective on the 23rd, but the article
wasn't released to the general public until the 24th (at least that's
how it's dated). I wonder if he may have resigned.
Nah - I hear @stake is trying to make the
39 matches
Mail list logo