:
: how is that a good quote?
:
: all he does (lately) is state the blindingly obvious.
:
: If you think that it is blindly obvious -- good for you.
:
: I would argue that it is NOT blindly obvious to 99.9% of the consumer
: population (see all evidence on successes of phishing, et al.)
:
:
On top of the off topic banter, why are these brazilian bikinis
exactly? They are all taken from the Wicked Weasel web page, which is an
Australian company.
At least show some accuracy when you go that far off topic, jeez! =)
On Sat, 2 Jun 2007, Robert Kim Wireless Internet Advisor wrote:
:
i have an archive of all the phone records (114 megs), but one better:
http://www.dcphonelist.com/
On Tue, 10 Jul 2007, Dude VanWinkle wrote:
: On 7/10/07, Andy Sutton [EMAIL PROTECTED] wrote:
: On Tue, 2007-07-10 at 00:39 -0400, Dude VanWinkle wrote:
: her site: didnt come up for me
: A recent Government Accountability Office report noted the difficulty
: of linking data theft to identity theft, but the U.S. Secret Service is
: having no such problems.
:
: Nice one, too. :-)
:
: http://www.informationweek.com/security/showArticle.jhtml?articleID=201001100
Citing one
On Thu, 23 Aug 2007, Paul Ferguson wrote:
: I wouldn't normally post something like this, but I believe in full
: disclosure and getting the word out to affected consumers.
:
: http://fergdawg.blogspot.com/2007/08/trend-micro-customers-patch-now.html
I have Trend Micro PC-cillin Internet
: I've been traveling a lot this summer and I have noticed that the TSA is
: inspecting my checked bags about 50% of the time. I know because they
: leave a nice calling card in my bags each time they open them up. I'm
: not sure what they are so interested in, but it might be related to the
: I guess this fits the MO for this ML,
:
: I was just on the ANA website, playing with their mileage program that
: can't cope with my name being spelled 4 different ways depending on the
: phase of the moon. Heaven help someone with a complicated name!
:
: In the forms section:
:
: For
: Nice publicity stunt, though.
:
: It's 100% a publicity stunt - for over a decade, nobody's been deploying
: IPv6 because there's been no killer app for it. So the decision was
: made to create some compelling IPv6-only content to motivate people
Except it isn't IPv6-only content.
yep, part of the 'Chasers'. The trojan stunt was from their excellent
show, The Chaser's War on Everything.
On Thu, 6 Sep 2007, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote:
: Are these the same guys who did the Trojan Horse stunt?
:
:
ftp://ftp.usr.com/ftpdir.txt
physical drive path disclosure and indication at one point they may have
had other problems with people creating directories.
either way, this email is quite amusing and quite sad..
On Thu, 20 Sep 2007, peter evans wrote:
:
: I had the curious reason
: Via ZDNet UK.
: More:
: http://news.zdnet.co.uk/security/0,100189,39289635,00.htm
:
: [snip]
:
: Denial-of-service attacks are growing faster than bandwidth is being added
: to the internet, according to VeriSign, the company that administers the
: .com domain.
:
: Criminal groups
: I wonder why it took so long for someone to take a close look at Adobe
: Reader and PDF files for security flaws
Uh.. it didn't?
Published Adobe / PDF vulnerabilities go back to at least May 8, 1997.
Hit http://osvdb.org/ and title search for adobe.
On Thu, 31 Jan 2008, Paul Ferguson wrote:
: The '600 patent, as I understand it, is unique in that it qualifies the
: AV mitigation as being done by a gateway device (a la what we now call
: an appliance, a la proxy server) and not by a software solution (AV)
: atop another application (an
On Thu, 31 Jan 2008, Paul Ferguson wrote:
: It bears repeating that this is not about prior art in AV scanning, but
: rather, doing so on a gateway device (e.g. appliance) which Trend Micro
: was the first to do -- hence the patent.
Likewise, bears repeating:
If prior art had anti-virus
: I didn't find anything right off, but I certainly
: remember BBS' in the early 1990's (well before '95) doing virus scanning
: of uploaded files. One might argue that such activity would be prior-art
: to using FTP to upload files and scanning.
:
: Interesting point. Manual operation,
: The third device would filter out silly Internet arguments.
:
: To ensure the uniqueness of the device, I would probably add a fourth
: pass that would provide user education to the person who sent the
: e-mail. This education would come in the form of a clue-by-four, a
: meeting with the
: Just briefly. During the beta, I found a buffer overflow error in the
: Silverlight ActiveX control which Microsoft fixed.
Doesn't appear in CVE or OSVDB. Could you post the details now that it
has been patched?
___
Fun and Misc security
On Mon, 24 Mar 2008, Richard M. Smith wrote:
: This is a sad story. I suspect that the DA's office can probably can
: come up with the right charges to get back some of this guy's stuff.
: I'm also very interested to hear what Craig's List has to say about this
: situation. I guess they
: The bad guys are now doing what I was worried about which is to rattle
: the door a bunch of times to see which insecure ActiveX control will let
: them inside someone's computer. Many ActiveX controls also can't be
: automatically updated by vendors with security fixes. It's up to users
: A lot of vendors should be speaking up here. ;-) Secunia lists 335
: security advisories that contain the word ActiveX in them:
:
:http://secunia.com/search/?search=activex
OSVDB lists 474.
We had a discussion recently on creating a better tracking system for
ActiveX vulnerabilities,
http://attrition.org/postal/
i'd bet a dollar this is real.
On Thu, 19 Jun 2008, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote:
: A couple of years ago I reviewed l337 h4x0r h4ndb00k (Elite hacker
: handbook). (It wasn't great.)
:
: Today I received:
:
: Date sent:Thu, 19
: As one point of comparison, Craigslist apparently bans pet-for-sale ads.
: I was talking to a poodle breeder today and her puppy ads kept getting
: censored by Craigslist. She finally gave up using Craigslist.
Craigslist does not allow breeders to advertise and sell their animals.
They do
: : As one point of comparison, Craigslist apparently bans pet-for-sale ads.
: : I was talking to a poodle breeder today and her puppy ads kept getting
: : censored by Craigslist. She finally gave up using Craigslist.
:
: Craigslist does not allow breeders to advertise and sell their
15:05:25 + (UTC)
Jericho (Security Curmudgeon)
Atul Prakash replied to me when I mailed this to him, but did not choose
to clarify anything nor offer rebuttal to my article. Neither of the
students (Falk, Borders) replied at all. Instead of defending the paper,
Prakash was more interested
: I think it's a matter more of how users being used to that could be
: easily socially engineered on top of a website defacement, as opposed to
: any technological security risk. Assuming the site redirected to is, in
: fact, what it claims to be, then the user remains safe. The issue is: if
I didn't see the correction come across the list. Anyone who read this
article and didn't have alarms going off in their head should load up on
coffee or coke zero before reading the morning/evening news. =)
Corrections:
http://attrition.org/news/content/00-01-26.001.html
Internic 101
Fri Jan 26 19:29:44 MST 2000
[EMAIL PROTECTED]
Due to recent attacks against Microsoft, including Denial of Service
attacks against their DNS servers, the masses have been quick to point out
odd entries when doing 'whois'
I drove through downtown yesterday trying to get to lunch, big mistake.
The amount of police down there was incredible. As I pulled up to 16th
street (on Tremont), a small parade of anti-war protesters were marching
down Tremont (against traffic, it's 1-way) and turned on 16th. Two police
You cannot booby trap your own home because it unfairly jeopardizes
emergency response such as fire, ambulence or police (responding to ferg
about storeowner and prosecuted for such activity).
Putting barbed wire on a fence seems reasonable, and I suspect there is
something else at play
: I'm sure most people think that someone out there runs the Internet. I
: once wrote an April Fools press release about this.
I think there is a difference between runs the Internet and protects
the Internet, as quoted originally.
For parts of the Internet, I see it more analagous to
disclaimer: I am involved with the project.
: 2008/12/17 Alex Eckelberry al...@sunbelt-software.com:
:
: http://datalossdb.org/
:
: Been in my RSS feeds for a while. :-)
Not only has Ferg been reading, some of his posts to Funsec were about
related incidents that were passed on to the
: With TinyURL's Preview mode on:
:
: --clip--
: Preview of TinyURL.com/4beq
:
: This TinyURL redirects to:
: http://tinyurl.com/18r
:
: [Proceed to this site.]
: --clip--
Preview of TinyURL.com/18r
This TinyURL redirects to:
about:blank
Proceed to this site.
(you forgot to preview the
In responding to Ferg's post with two words, well below the 140 character
limit, you make his point better than he did.
On Sun, 15 Mar 2009, Gadi Evron wrote:
: I can't help but tell you -- I hate Twitter.
:
: It's just... useless. For me.
:
: I already have a blog, which allows me to
: In responding to Ferg's post with two words, well below the 140 character
: limit, you make his point better than he did.
:
: Indeed?
indeed.
: I find it increasingly ridiculous that whenever a new medium shows up,
new medium? we're talking about 'Twitter' here, yes? nothing new about
, but that doesn't match the context).
How about you read the entire From: header?
security curmudgeon, not english curmudgeon. but point taken. =)
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note
On Mon, 16 Mar 2009, Paul M. Moriarty wrote:
: Cringely? I agree.
:
: http://twitter.com/cringely
:
: He's what's referred to as a twitsnob. 1k followers but he only follows
: 11 ppl.
Now that would be a neat set of statistics: the # of twitter users, and
how many each follow vs have
of
security?
: Anton Chuvakin, Ph.D
:http://www.chuvakin.org
: http://chuvakin.blogspot.com
: http://www.info-secure.org
You forgot one part of your sig:
Director of PCI Compliance Solutions at Qualys
- security curmudgeon
___
Fun and Misc
On Mon, 23 Mar 2009, Anton Chuvakin wrote:
: : I'd say that PCI DSS did more to information security than *anything
: : else* since Windows added automated updates.
:
: Care to back that up in any way? I think the customers of Heartland, RBS
: and other compromises would disagree.
:
:
http://mrwiggleslovesyou.com/rehab506.html
Awesome.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
On Wed, 15 Apr 2009, Larry Seltzer wrote:
: For the sake of argument, and in their defense, none of yesterday's
: vulnerabilities apply to IE8, and the IE vulnerabilities all exploit in
: the context of the logged-in user which, in Vista, is likely to be
: less-privileged (unless the
: For the sake of common sense, what is the distribution of IE8?
:
: Are you saying that more popular products have more vulnerabilities? I
: don't understand the question? And IE8 was in widespread beta since over
: a year ago.
Dodge .. dodge .. evade!
Popular products have more published
On Thu, 23 Apr 2009, Mike Preston wrote:
: I think the worst vendor I personally see for this is a certain spam
: gateway supplier spamming me on a regular basis even though I have opted
: out of their list once.
And not including their name will never put public pressure on them and
they
On Mon, 22 Jun 2009, Gadi Evron wrote:
: Here's a story of someone trying to scam me from a friend's facebook
: account which they took over:
:
: http://darkreading.com/blog/archives/2009/06/facebook_419_im.html
Can I pay money for them to throw you in the gap?
http://twitter.com/thedarktangent/status/2288114054
On Wed, 24 Jun 2009, Jon Kibler wrote:
: -BEGIN PGP SIGNED MESSAGE-
: Hash: SHA1
:
: Hi,
:
: Can anyone get to the DEFCON web site? I have been trying since Sunday
: and I cannot get the site to respond. I have tried from 3
On Mon, 29 Jun 2009, Paul Ferguson wrote:
: Michael Lynn flashback...
oh how we forget, he was one of many..
August 01, 2005
Black Hat - Leaked Cisco slides pulled after legal threats
http://www.infoworld.com/d/security-central/black-hat-leaked-cisco-slides-pulled-after-legal-threats-156
: http://nukeometer.com/
:
: It counts nukes from the country entered, which is a little weird.
: (Moscow, Russia, for example).
Not really. If they fall into the hands of a hostile force from within
that country, they become a threat. Also gives a nice perspective of the
real nuclear
On Sat, 25 Jul 2009, ch...@blask.org wrote:
: --- On Sat, 7/25/09, Rob, grandpa of Ryan, Trevor, Devon Hannah
rmsl...@shaw.ca wrote:
:
: As long as you trust them, Google can probably keep the systems more
: secure than a bunch of random sysadmins who may or may not have
: training ...
:
: (Just in case anyone's interested: http://www.foxitsoftware.com/pdf/reader/ )
That may save you for a while, as attackers will focus on Adobe due to the
numerous vulnerabilities and incredible distribution.
However, Foxit Reader is likely to be equally vulnerable. Researchers have
already
On Mon, 27 Jul 2009, Alexandre Dulaunoy wrote:
: On Mon, Jul 27, 2009 at 8:55 PM, Anton Chuvakinan...@chuvakin.org wrote:
: They probably were NOT, contrary to what their spokesperson seem to say.
:
: Network solutions is listed in the PCI DSS Validated Services Providers
: starting of
: On Sun, Oct 11, 2009 at 11:05:09AM -0400, The Security Community wrote:
: What security professional in their right mind would use Twitter?
:
: Twitter is for twits. I fail to see the attraction of what amounts
: to stream of conciousness net.diarrhoea. I guess my random thoughts
: In addition since when can a civilian company do something without a warant ?
Since forever. A private/civilian company can choose to assist law
enforcement if they choose, without requiring a subpoena. Many companies
opt to require a subpoena for their own legal protection, sometimes when
No, str0ke is dead.
Wait, str0ke is alive.
was re: why should anyone believe you or some blog or some tweet at this
point. mail from str0ke or an update to milw0rm would go a *bit* farther
than this he-said she-said crap.
On Thu, 5 Nov 2009, Gadi Evron wrote:
: So do like drsolly and make
On Tue, 29 Dec 2009, Aryeh Goretsky (home) wrote:
: The origins of McAfee Associates is wrong.
Which is just as helpful and believable as incorrect Wikipedia entries.
___
Fun and Misc security discussion for OT posts.
On Wed, 30 Dec 2009, Aryeh Goretsky (home) wrote:
: I tried putting some of the correct information in, such as the founding
: date, and it was changed back to the wrong information.
:
: Which, I know, sounds just like Wikipedia. :o)
Why not post it here, so your information is in another
: : Why not post it here, so your information is in another place? Let
funsec
: : judge the information, both (?) sides.
: :
: : Great, another democracy deciding what's true.
:
: When you have several untrusted sources of information, what else can you
: do except consider all
On Fri, 15 Jan 2010, Larry Seltzer wrote:
: I forget exactly who, but I remember one of the security predictions for
: 2010 I heard was that large corporations would be attacked from China.
: Wow, that was really prescient!
seriously? large corporations were attacked from China in 2009, so
On Tue, 15 Jun 2010, Gadi Evron wrote:
: On 6/14/10 3:25 PM, Larry Seltzer wrote:
: Similar to an incident with WordPress a few years ago.
:
: Got a reference to the WP incident?
http://osvdb.org/search?search%5Bvuln_title%5D=trojanedsearch%5Btext_type%5D=titles
Seconded Gadi's request. I
No need to do any book review:
http://attrition.org/errata/charlatan/gregory_evans/evans07.html
Two reviews of his book found sweeping plagiarism. The first review came
in at around 60% plagiarized material. A more in-depth review found the
book almost entirely plagiarized (95%). Links and
On Tue, 28 Dec 2010, valdis.kletni...@vt.edu wrote:
: On Tue, 28 Dec 2010 06:34:08 EST, Rich Kulawiec said:
:
: Slightly more seriously: there is no substantive difference between any
: of these other than their tactics.
:
: I guess we'll have to agree to disagree then. Somehow, I think
they will in the next quarter or two. Oh wait, if I keep
reading..
On Jan. 7, Tokyo-based Trend Micro released Mobile Security for
Android, ..
There we go, the foundation of his statements! BTW, do you still work for
Trend Micro Paul?
- security curmudgeon
On Mon, 11 Apr 2011, Paul Ferguson wrote:
: On Mon, Apr 11, 2011 at 4:24 PM, Rob, grandpa of Ryan, Trevor, Devon
: Hannah rmsl...@shaw.ca wrote:
:
: APT relativity is such that for any attacker there exists a victim for whom
the
: attacker is more advanced and/or persistent
:
:
: As is persistent.. sending a couple PDFs to employees over a one day
: period got the foot in the door of RSA. That is not persistent as far as
: anything I have seen or done.
:
: Yes, but it *is* persistent as we have seen these same targeted,
: socially-engineered attacks for years now.
On Mon, 13 Jun 2011, Robert Slade wrote:
: ... and it's probably more complicated than somebody thinks ...
:
: http://econ.st/jEZiAM
Surprised it took someone watching an old movie (Total Recall) to finally
come up with scanners that allow you to walk through w/o removing
anything.
On Wed, 15 Jun 2011, Drsolly wrote:
: Here's how it works.
:
: Journo: Are you a security expert? Village idiot: Yes
:
: Thus, the village idiot is now a securoty expert.
What Drsolly said.
Then it gets worse.. when said village idiot does this three times, s/he
then begins to tell
http://news.cnet.com/8301-27080_3-20073843-245/lulzsec-releases-arizona-law-enforcement-data/?tag=mncol;1n
ironically, saw that via twitter, not Google news.
On Thu, 23 Jun 2011, RandallM wrote:
: been all over the twitts about the Lulz release of AZ law docs.. go to
: igoogle and my news ..
65 matches
Mail list logo