[EMAIL PROTECTED] wrote:
Perhaps I don't see your point. How is this more secure than StackGuard?
StackGuard protection system has an extremaly grave bug
with the terminator and null canaries. In certain circumstances (not rare) this bug
can be exploited
preventing StackGuard to detect
A couple of people have sent me mail asking how to set Outlook 2000 such
that mail comes in under the 'Restricted Sites' zone. Here's how:
select Tools menu, Options item
select security tab
The area you want is in the middle of the page in the section marked
'Secure Content'. Default setting
David LeBlanc writes:
YOU CAN GET THE USER TO EXECUTE ARBITRARY CODE. Period. End of story.
What you do with that code is up to you. There is no need to delve into
the details of just how you steal the lunch money from the end users.
Well, it should be noted that there are things you can
On Wed, Sep 01, 1999 at 09:08:55PM +0400, Seva Gluschenko wrote:
man sendmail:
/-C
...skipping...
-Cfile Use alternate configuration file. Sendmail refuses to run
as root if an alternate configuration file is specified.
and it does, for sure %-).
Just tested this on
At 16:44 01.09.99 +0800, [EMAIL PROTECTED] wrote:
[implementation of 802.1q VLANs on Cisco Catalyst 2900 series]
This has been
discussed with Cisco and we believe that it is an issue with the
802.1q specification rather than an implementation issue.
I disagree. IMHO, the root of the matter is
Here's what I said about this on another list:
I must admit that this doesn't make much sense to me.
I was at Crypto, but I must have missed the rump session talk in question
(and it's entirely possible that the talk occurred anyway - I was out of the
room for a good deal of that session). In
Debian has
discovered this bug two years ago and fixed it. Therefore versions in
both, the stable and the unstable, distributions of Debian are not
vulnerable to this problem..
Regardless of which, I was successfully able to take advantage of the
overflow on Debian (GNU/Linux) 2.1,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You can manually download the updates at
http://www.microsoft.com/windows98/downloads/corporate.asp
Personally, I prefer to actually save the update files so that I don't
need to download everything all over again whenever windows breaks and
I have
The other
thing is that the default install for NT (especially on HP's) is FAT,
Wrong. That could be how that manufacturer sets up _some_ of their
machines, but it isn't default for NT install.
Micron and Intergraph also install NT on FAT when they ship it to you.
I can't think of many
patching:
in rc.conf above inetd_flags type -l -R 1024? :)
Hi,
At the beginning i'd like to excuse all of you if it is commonly well
known (hmm, i guess it is, but noone patched it ;.
Both DoS`s use something known as portfuck (e.g. `while true; do telnet
host port done`).
1. If you use it
Gentleman;
I submitted what I thought was a minor issue on Redhat's handling
of passwords. Is it me? Is it something I missed? Any password you
assign over 8 characters gets cut...
At first I thought it was my system but its not since I tested it at
home,
but then at work its the same thing:
On Fri, 3 Sep 1999, Alfonso Lazaro wrote:
Date: Fri, 3 Sep 1999 13:18:02 +0200
From: Alfonso Lazaro [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: limit maximum nr. of processes.
El dia Wed, Sep 01, 1999 at 10:53:48AM +0200, Petter Wahlman [EMAIL PROTECTED]
escribió:
to
Okay,
I added a link to http://www.sassproductions.com/hacked.htm that allows
you to test the exploit against a specific file. Specifically you need to
copy Reg Edit to the program files folder and give it a whirl. As always, if
you can't figure it out then View Source.
Over and out,
Seth
- Original Message -
From: Lucky Green [EMAIL PROTECTED]
To: cypherpunks@Algebra. COM [EMAIL PROTECTED]
Cc: Cryptography@C2. Net [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, September 03, 1999 12:21 AM
Subject: NSA key in MSFT Crypto API
Perhaps not surprisingly, the debugging
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday, September 4, a description of a potential problem with
the WatchGuard Firebox default configuration file was posted to
Bugtraq. At WatchGuard we take this sort of issue very seriously.
When we saw the post, we initiated contact with the
Does this writing to an EXE bypass Anti-Virus protection against programs
that write to EXE's?
How about a less damaging example that writes to say "C:\temp\example.exe"
so we can see what it does safely?
At 21:16 8/30/1999 -0400, SysAdmin Wrote:
snip
ANY Windows 98 file can be overwritten.
On Sat, 4 Sep 1999, Wietse Venema wrote:
Whatever reasoning the poster used, it is invalid with any reasonable
mail system, because it is the mail system that chooses the bounce
message originator address; the bounce message originator address
is not under control by the attacker.
In other
Was this part of a suse installation?
Not part of SuSE 6 (which I use) or 5.2.
What distro are you running?
didn't he say SuSE?
He probably got hacked some how and the hacker forgot to remove this.
+-- +
| Stuart Harris / Unix systems
confirmed to run under 5.0.4 as well.
On Fri, Sep 03, 1999 at 05:20:17PM -0500, Brock Tellier wrote:
Greetings,
INFO:
There is a local root comprimise in SCO 5.0.5's /bin/doctor 2.0.0e2 and probably
others. By supplying a doctor script file you can read the first partial line of any
There's been a lot of press recently about Windows 2000 backdoors such as
the NSA key Crypto issue. I've been mulling over another "backdoor" for the
past few days and the more I think about the more cynical I become.
We has Windows 95, then were blessed with 98 and soon Windows 2000
Outlook Express 5 allows setting the Security Zones in the exact same way:
Tools/Options/Security. So does Outlook 98.
I don't think previous versions allowed it.
--On 9/7/1999, 11:23 AM -0700 David LeBlanc [EMAIL PROTECTED] wrote:
I'm not sure what the variants of Outlook allow in this
On Wed, 8 Sep 1999, Dylan Griffiths wrote:
John N Dvorak wrote:
Sven,
I have verified the following platforms:
BSDI 2.1
BSDI 3.1
BSDI 4.0
BSDI 4.0.1
Cobalt Linux (MIPS) - RedHat based
All vulnerable.
I am testing on other Linux platforms, but I presume all BSD and
Linux-based
22 matches
Mail list logo