Re: [Full-disclosure] Phone Forensics
I really have no idea if this software is worth anything but Paraben have a software for Cell phone forensic, you might want to look into it http://www.paraben-forensics.com/catalog/product_info.php? cPath=25products_id=273 I'd be interested to know if you found the answer to your questions. Hugo On 6-Sep-05, at 9:54 PM, [EMAIL PROTECTED] wrote: Evening All, Since this forum often dicsusses various forensic topics I thought I would see if someone here could help with an issue that I am trying to resolve. Is it possible to do a forensic investigation on a telephone that stores caller ID information after the delete function has been invoked? In otherwords, if the user has deleted the incoming caller list is it possible to dump memory to see whats there? Along this same line is it possible to gather any inbound caller ID information from a telco or another agency without a trace being initiated? Any advice you might have would be greatly appreciated. Thanks, John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 802-1] New cvs packages fix insecure temporary files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 802-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze September 7th, 2005 http://www.debian.org/security/faq - -- Package: cvs Vulnerability : insecure temporary files Problem-Type : local Debian-specific: no CVE ID : CAN-2005-2693 Debian Bug : 325106 Marcus Meissner discovered that the cvsbug program from CVS, which serves the popular Concurrent Versions System, uses temporary files in an insecure fashion. For the old stable distribution (woody) this problem has been fixed in version 1.11.1p1debian-13. In the stable distribution (sarge) the cvs package does not expose the cvsbug program anymore. In the unstable distribution (sid) the cvs package does not expose the cvsbug program anymore. We recommend that you upgrade your cvs package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.dsc Size/MD5 checksum: 683 db16b937ddd5274dbcba38cd4fcd5888 http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.diff.gz Size/MD5 checksum:57477 0f11d7ca8cb7b35bf4a12a8c4ad2716d http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205 Alpha architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_alpha.deb Size/MD5 checksum: 1179406 05f69db4383e65beda9af4fa5dc33481 ARM architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_arm.deb Size/MD5 checksum: 1106388 916e15a512c7010791a726ad60a758a5 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_i386.deb Size/MD5 checksum: 1085478 94dfd853806b5f4e17343184fa8b3a1e Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_ia64.deb Size/MD5 checksum: 1272636 1966842db5aa4b4b73d70fb94cd53e82 HP Precision architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_hppa.deb Size/MD5 checksum: 1148570 7d984ac4ba3ae1c98e1b31d09bc17b5e Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_m68k.deb Size/MD5 checksum: 1067076 1c32e3d2af7669d06152c1586b2ab9be Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mips.deb Size/MD5 checksum: 1130904 622e68d86b8ae619b6d014bb91cf8b33 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mipsel.deb Size/MD5 checksum: 1132312 e6af9436fbd30a273abb8f7cff80 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_powerpc.deb Size/MD5 checksum: 1117418 a45eb850d4e47f4f26162dc50060e8a2 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_s390.deb Size/MD5 checksum: 1098166 fd9bea393a0d256e01b0c7c22933af6e Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_sparc.deb Size/MD5 checksum: 1108092 68aa285e827a0ce5b10733c6d0fb37bf These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDHolQW5ql+IAeqTIRAuFKAKCe5tg4wPkMDqgrIQuH4UIoR+O2ywCghpQ+ wOc7j4pP0EaQSKyD7hqigp0= =RnDs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-176-1] kcheckpass vulnerability
=== Ubuntu Security Notice USN-176-1 September 07, 2005 kdebase vulnerability CAN-2005-2494 === A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: kdebase-bin The problem can be corrected by upgrading the affected package to version 4:3.4.0-0ubuntu18.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ilja van Sprundel discovered a flaw in the lock file handling of kcheckpass. A local attacker could exploit this to execute arbitrary code with root privileges. Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.diff.gz Size/MD5: 189597 ef9b4ad4f1e4340a2ecdaad471670b63 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.dsc Size/MD5: 1622 2a0d3a6c1e146f5b54b5e7a20bf58cea http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0.orig.tar.gz Size/MD5: 26947670 31334d21606078a1f1eab1c3a25317e9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-data_3.4.0-0ubuntu18.1_all.deb Size/MD5: 4608912 0113ee173e4da0e4d3c233c4288ec667 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-doc_3.4.0-0ubuntu18.1_all.deb Size/MD5: 1084404 5715fca77f5f4224c63f78cb1e1b418d http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1_all.deb Size/MD5:22020 a5cbdaa9f938a786b3cd74a6396d5e20 http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/xfonts-konsole_3.4.0-0ubuntu18.1_all.deb Size/MD5:37918 0440a29214683017d1548827d23216ef amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 245308 3ada910e36591419d1f0ba38a232817f http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 654580 3cecf0faa5052101ae9b78cdd419c506 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 7957406 298659794585e115ea77e95145b93d13 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1152760 04be6e4170365ee880e3c4e8ec72de78 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_amd64.deb Size/MD5:60926 4e17272ffd172817699f091f1ba0ef1f http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 807684 973dfa2562de81a394d58b5c500998ab http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 227036 e8df4158d5c12c4f6002a8025244fc62 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1100276 bb6d55387499b8a346a851670dfd93c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 739976 312fb8213a0d25275fdac66bd048b2e1 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 670860 ac2219d79ad555f1099657708f2eb1c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 185742 b072ff11f1270bcac9d9f207ae4c5cf5 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1784494 ddc8fafc29b6b807eebdd382b5160318 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 1805694 10da13879440693317057681f8bb684e http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 245018 eadf78db296c0129e13fadec01881a0b http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 206766 f7bf70a03730ddebc1563ba840b5fe3b http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 135228 1660abe0a875b18ec26adcb3caec13c1 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 2081982 911b6550bef1e7bc5bff918061d3a9c2 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 596520 8b2805d0f76e45f08103f43674ed1f55 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 100464 008c6c9414412a5641a2bae5a64c2890 http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_amd64.deb Size/MD5: 473208 148899c8aef9076a3287675d93dadb61
Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
hi what's the effect of this 'vulnerability' ? it seems that messages can't be carried from a USER desktop to a prerogative desktop . Regards, c.y. wang security analysis engineer Shanda Interactive Entertainment Co. Ltd, Shanghai, China. Phone: +86-21-50504740-5046 Email: [EMAIL PROTECTED] - Original Message - From: Jerome Athias [EMAIL PROTECTED] To: Frederic Charpentier [EMAIL PROTECTED] Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk Sent: Tuesday, September 06, 2005 7:20 PM Subject: Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability It was posted by Andres Tarasco to full-disclosure allready Additionaly: 1) french version of the advisory: http://www.athias.fr/alertes-bulletins-securite/20050905_Microsoft.Windows_Validation.keybd_event.html 2) I use to use this trick to obtain SYSTEM privileges with just ADMIN privileges: AT 20:00 /INTERACTIVE cmd.exe Cheers, /JA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RDP Windows 2000
Hello, Jason Bridge! You wrote at 07.09.2005 9:07: Does anyone know a reg hack to allow RDP to windows 2000 pro? Justly - in no way. If you do not respect legal issues and have a Windows 2000 Server installation CD, you can use utils such as NTSwitch to switch W2K Pro to Server, upgrade it with installation CD in unattended mode, install a terminal services then switch back to W2K Pro. Terminal will continue working even on Pro mode, and you will have a 2 administrative remote sessions (exactly as in Server). -- Regards, Raoul Nakhmanson-Kulish, Elfor Soft Ltd., IT Department ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV
It is possible to remotely view the source code of web script files though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web script file must be on a FAT or a FAT32 volume, web scripts located on a NTFS are not vulnerable. The information has been provided by Inge Henriksen mailto:inge.henriksen%20at%20booleansoft.com. The original article can be found at: http://ingehenriksen.blogspot.com/2005/09/iis-51-allows-for-remote-viewing-of.html Advisory in french: http://www.athias.fr/alertes-bulletins-securite/20050907_Microsoft.IIS.5.1_Divulgation.de.Sources.html Regards /JA smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Microsoft Windows keybd_event validation vulnerability
On 2005-09-06 Frederic Charpentier wrote: I haven't seen any information about this new local exploit for Microsoft Windows : http://www.haxorcitos.com/MSRC-6005bgs-EN.txt Description from Haxorcitos : As is Known, with the current Microsoft Security Model, applications that share the destkop are able to send messages between them. Every Desktop application is able to obtain the handle of every process executed in the same desktop. This feature and the possibility of any application to emulate a virtual keyboard by sending key strokes, allows every process to send messages and keys as if there were an interactive user. This has been known for years and is the exact reason why Microsoft recommends that any service running with elevated privileges should *not* be run interactively [1]. This flaw allows for shatter attacks [2,3] and we have used it in [4] to attack personal firewalls. [1] http://support.microsoft.com/default.aspx?scid=kb;en-us;327618 [2] http://security.tombom.co.uk/shatter.html [3] http://security.tombom.co.uk/moreshatter.html [4] http://copton.net/vortraege/pfw/index.html Regards Ansgar Wiechers -- Another option [for defragmentation] is to back up your important files, erase the hard disk, then reinstall Mac OS X and your backed up files. --http://docs.info.apple.com/article.html?artnum=25668 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200509-06 ] Squid: Denial of Service vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200509-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Squid: Denial of Service vulnerabilities Date: September 07, 2005 Bugs: #104603 ID: 200509-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Squid contains several bugs when handling certain malformed requests resulting in a Denial of Service. Background == Squid is a full-featured Web proxy cache designed to run on Unix-like systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many more features. Affected packages = --- Package / Vulnerable /Unaffected --- 1 www-proxy/squid 2.5.10-r2 = 2.5.10-r2 Description === Certain malformed requests result in a segmentation fault in the sslConnectTimeout function, handling of other certain requests trigger assertion failures. Impact == By performing malformed requests an attacker could cause Squid to crash by triggering an assertion failure or invalid memory reference. Workaround == There is no known workaround at this time. Resolution == All Squid users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-proxy/squid-2.5.10-r2 References == [ 1 ] Squid Patches http://www.squid-cache.org/Versions/v2/2.5/bugs/ Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200509-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 pgpcZn0uxcuT0.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow === Revision 1.0 For Public Release 2005 September 7 1600 UTC (GMT) - -- Contents Summary Affected Products Details Impact Software Versions and Fixes Obtaining Fixed Software Workarounds Exploitation and Public Announcements Status of This Notice: FINAL Distribution Revision History Cisco Security Procedures - -- Summary === The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition. Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected. Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected. Only devices running certain versions of Cisco IOS are affected. Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml. Affected Products = Vulnerable Products +-- Devices that are running the following release trains of Cisco IOS are affected if Firewall Authentication Proxy for FTP and/or Telnet Sessions is configured and applied to an active interface. * 12.2ZH and 12.2ZL based trains * 12.3 based trains * 12.3T based trains * 12.4 based trains * 12.4T based trains To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as Internetwork Operating System Software or simply IOS. On the next line of output, the image name will be displayed between parentheses, followed by Version and the Cisco IOS release name. Other Cisco devices will not have the show version command, or will give different output. The following example identifies a Cisco 7200 router running Cisco IOS release 12.3(10a) with an installed image name of C7200-JK8O3S-M. Router#show version Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-JK8O3S-M), Version 12.3(10a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Additional information about Cisco IOS release naming can be found at http://www.cisco.com/warp/public/620/1.html. Refer to the Details section for more information about affected and unaffected configurations. Products Confirmed Not Vulnerable + * Products that are not running Cisco IOS are not affected * Products that are running Cisco IOS versions 12.2 and earlier (including 12.0S) are not affected. (excluding 12.2ZH and 12.2ZL) * Products that are running Cisco IOS are not affected unless they are configured for Firewall Authentication Proxy for FTP and/or Telnet Sessions. * Products that are running Cisco IOS XR are not affected. No other Cisco products are currently known to be affected by this vulnerability. Details === The Cisco IOS Firewall Authentication Proxy feature allows network administrators to apply specific security policies on a per-user basis. With the Firewall Authentication Proxy for FTP and/or Telnet Sessions feature, users can log into the network services via FTP and/or Telnet, and their specific access profiles are automatically retrieved and applied from a Remote Authentication Dial In User Service (RADIUS), or Terminal Access Controller Access Control System Plus (TACACS+) authentication server. Cisco IOS Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack when processing the user authentication credentials from an Authentication Proxy Telnet/FTP session. To exploit this vulnerability an attacker must first complete a TCP connection to the IOS device running affected software and receive an auth-proxy authentication prompt. This vulnerability is documented in the Cisco Bug Toolkit as Bug ID CSCsa54608 (registered customers only) To determine if your device is running Firewall Authentication Proxy for FTP and/or Telnet Sessions feature, log into the device and issue the show ip auth-proxy configuration command to display the configuration of Firewall Authentication Proxy services. The following example identifies Firewall Authentication Proxy services running for Telnet and FTP under the proxy rule name proxy_example. Router#show
[Full-disclosure] [ Suresec Advisories ] - Kcheckpass file creation vulnerability
Suresec Security Advisory - #6 05/09/05 Kcheckpass file creation vulnerability Advisory: http://www.suresec.org/advisories/adv6.pdf Description: A lockfile handling error was found in kcheckpass which can, in certain configurations be used to create world writable files. Exploitation of this vulnerability may lead to elevated privileges . The vulnerability was discovered by Ilja van Sprundel. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Considering nSight, any thoughts? (Final comment)
Due to the number of emails I received off the list from students, I wanted to point something out. Intrusense sent out an email notice yesterday evening regarding the release of nSight 2.0. It appears they've adopted a new licensing model. Not only is their license no longer bound to a specific URL, but also they're offering free licenses for personal, educuational and otherwise non-commercial end users. I thought that was pretty cool. Steve --- Jeff Boston [EMAIL PROTECTED] wrote: - Hi. Sorry for the delay in my response. Jason/Steven, I'd highly recommend this or other products like it. It's quite affordable and very easy to get running (although they need to create more documentation). We've been using the new version of nSight for approximately 2 months now and it's been quite useful and more so by the day. I'm learning that the more network information nSight collects, the more valuable it becomes. It's helped us identify the cause of several intermittent problems we've had for at least a year now because we were able to go back and look specifically at the point in time where the problem occured (2 times in 2 months). The problem was knocking off users from a few servers in our DMZ so we're happy it's been resolved. We also had a couple users who were doing a ton of pirated software uploads/downloads. We idenitified then within 30 minutes of installing nSight. That's about it. Email me off the list if you have any questions. J. Author: Steven Rakick Date: 2005-07-30 14:302005-07-30 18:30 -400UTC To: Jason Heschel, security-basics Subject: Re: Considering nSight, any thoughts? Jason, I did respond, but to another list. Here's my post just in case... - Jason, Been running nSight for a little over a year now with data purge after 13 months. We have 3 agents at remote offices with each inspecting the traffic of around 700-900 hosts. It's been quite helpful. We *had* a ton of P2P traffic in our networks. When we started out last year, we tried to host all 3 agents on a low end HP blade (with a laptop hd). After about 2 months it became very slow (mostly due to disk IO). We upgraded to a faster blade with fast SCSI disk and it's been flying along ever since. Also, according to another poster (Darrin Maidlow) on Full Disclosure, there is a beta program in place right now for nSight 2.0 at http://www.intrusense.com/products/beta. I'm not sure if you're evaluating 2.0 or 1.x. Steve --- Jason Heschel [EMAIL PROTECTED] wrote: Hello list, We've spent the last few weeks evaluating nSight (a network analysis package from Intrusense) and are now considering making a purchase. I'm curious to hear any opinions, problems or praise people have for this software. Does it scale well? How does it perform after collecting several months worth of data? -jason - Are you a Techie? Get Your Free Tech Email Address Now! Visit http://www.TechEmail.com __ Click here to donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RDP Windows 2000
Maybe you should look at vnc. this is the first hit in google: http://www.governmentsecurity.org/archive/t12145.htmlOn 9/7/05, Raoul Nakhmanson-Kulish [EMAIL PROTECTED] wrote:Hello, Jason Bridge! You wrote at 07.09.2005 9:07: Does anyone know a reg hack to allow RDP to windows 2000 pro?Justly - in no way.If you do not respect legal issues and have a Windows 2000 Serverinstallation CD, you can use utils such as NTSwitch to switch W2K Pro to Server, upgrade it with installation CD in unattended mode, install aterminal services then switch back to W2K Pro. Terminal will continueworking even on Pro mode, and you will have a 2 administrative remote sessions (exactly as in Server).--Regards,Raoul Nakhmanson-Kulish,Elfor Soft Ltd.,IT Department___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/