On Fri, 19 Jan 2001, Russ wrote:
> To the best of my knowledge, Peter Guttman(sp?) has demonstrated for years
> now that there is no form of over-writing which makes any substantial
> difference to the ability to recover previously written data from a computer
> hard disk.
>
> My understanding of
> To the best of my knowledge, Peter Guttman(sp?) has demonstrated for years
> now that there is no form of over-writing which makes any substantial
> difference to the ability to recover previously written data from a
computer
> hard disk.
Guttman's paper, "Secure Deletion of Data from Magnetic
>PMTU discovery is used by TCP (primarily if not exclusively). Isn't it
>possible to 1. check TCP sequence numbers in ICMP frag. needed messages
>generated as a response to a TCP datagram (in the same way they should be
>checked on any ICMP dest. unreachable to prevent a trivial DoS),
>2. disregar
Due to some mail trouble, I'm manually forwarding this note. The
signature should check out.
Ryan
From: Microsoft Security Response Center
Sent: Monday, January 22, 2001 2:17 PM
To: '[EMAIL PROTECTED]'
Cc: Microsoft Security Response Center
Su
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linux-Mandrake Security Update Advisory
Package name: MySQL and php
Date:
Russ,
> To the best of my knowledge, Peter Guttman(sp?) has demonstrated for years
> now that there is no form of over-writing which makes any substantial
> difference to the ability to recover previously written data from
> a computer
> hard disk.
You're correct that Peter Gutmann (note spellin
__
S.A.F.E.R. Security Bulletin 010123.EXP.1.10
__
TITLE: Buffer overflow in Lotus Domino SMTP Server
DATE : January 23, 2001
NATURE : Remote execution of code, Denial
*** Aa explotable example of this has been found using white text. I think
it's time this hits the list, wether MS likes it or not -Ben ***
DHTML/CSS/web-based email Vulnerability
Report: Dylan Griffiths ([EMAIL PROTECTED]) and Ben Li ([EMAIL PROTECTED])
Discovery: Ben Li
Jan 15, 200
In Solaris 2.6 patch 106468-02 replaces cu in Sol 7 patch 108372-01 replaces
it for gets() use. The script does SegFault in 8, but no core file... I am
running 10/2000 revision and 108372 came out in may, so it's probably cool.
--
hal king Unix System Group
Hi!
I got forwarded this 'exploit' of MySQL:
Lus> Hello...
Lus> Here's a exploit for this...
Lus> [See attached...]
Lus> Regardz,
Lus> Lus Miguel Silva aka wC
Lus> Member of lonoss.org and unsecurity.org
Lus> http://www.lonoss.org/
Lus> http://www.unsecurity.org/
Lus> http://www.ispgaya.pt/ Stu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-012-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 22, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-015-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 23, 2001
- -
Patch for Potential Vulnerability in Oracle XSQL Servlet
Description:
A potential security vulnerability in Oracle XSQL Servlet has been
discovered when using stylesheets as URL parameters which permits the
execution of arbitrary Java code on the Oracle 8.1.7.0.0 database server
with elevated pri
One of the advertised features of EFS was protection of data in the event of
say a stolen laptop. EFS was supposed to protect against someone throwing
the harddrive into another system that they did have admin access on, and
circumventing the NTFS permissions in that manner.
Again this issue sho
Hi fish stiqz,
Well, after reading you first message regarding this, I tried your
tool and loaded a page with 2 A's into my netscape and it crashed
the same moment. Impressive.
So, I decided to try this again and see, whether I could reproduce
the different behavior with different size
There is a big difference between using a simple sector editor to recover
files, like the EFS flaw would apparently allow you to, and having to use
some fairly sophisticated magnetic data recovery equipment. Sector editors
are widely available, and a person can fetch the data without your
knowledg
In case anyone's interested, here's a summary of the responses I received to
my incorrect assertions;
I should say that I was under the honest belief that companies, such as
OnTrack, made available services which could recover overwritten data at a
reasonable price. I called them this morning and
This indeed is a bug in Iris 1.01 beta and it has been fixed within Iris
2.0. Iris 2.0 should be released within the next two days. All users of Iris
1.01 are being contacted and sent a url to 2.0 once it is released.
The one thing to note is that someone has to actually click and view the
"evil"
On Fri, Jan 19, 2001 at 08:30:01PM +0100, Pierre Beyssac wrote:
> On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
> > The buffer overflowed is a 80 byte static local buffer:
> > static char buf[80];
>
> It is patched by default in FreeBSD's package collection. Here's
> the patc
Hi,
- Original Message -
From: "Nicolas GREGOIRE" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 18, 2001 5:44 PM
Subject: Buffer overflow in MySQL < 3.23.31
> Hi,
>
> all versions of MySQL < 3.23.31 have a buffer-overflow which crashs the
> server and which seems t
==
Defcom Labs Advisory def-2001-06
Easycom/Safecom 10/100 Multiple DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001-01-23
==
On Mon, Jan 22, 2001 at 01:30:33PM +0100, Peter Gründl wrote:
>Defcom Labs Advisory def-2001-05
Oooh, how fancy! ;-)
> --=[Detailed Description]=
> The Fasttrack 4.1 server caches requests for non-existing URLs with
> valid extensi
On Sun, Jan 21, 2001 at 04:40:53PM +0100, Pavel Kankovsky wrote:
> On Mon, 15 Jan 2001, antirez wrote:
>
> > It's possible to slowdown (a lot) connections between two
> > arbirary hosts (but at least one with the PMTU discovery enabled)
> > using some spoofed TCP/IP packet. Maybe you can do
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated mysql packages available for Red Hat Linux 7
Advisory ID: RHSA-2001:003-07
Issue date:2001-01-18
Updated on:2001-01-23
> So to suggest that your perceived EFS flaw can be resolved by over-writing
> is naive. The only solution is to encrypt in memory or use some removable
> partition as the temp space.
>
I agree with the use of 'percevied' in this case. Though the behavior is
interesting in regard to the creation
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:09 Security Advisory
FreeBSD, Inc.
Topic: crontab allo
On Mon, Jan 22, 2001 at 06:15:33PM -0500, Niels Provos wrote:
> IPv6 is another case though. Here you have mandatory PMTU for all
> protocols.
In this case, and even with IPv4 if you want UDP PMTU API and so on,
the only way seems to sign the outgoing packets with an HMAC and
a local key. So you
CORE SDI
http://www.core-sdi.com
Vulnerability report for weak authentication in ATT VNC
Date Published: 2001-01-23
Advisory ID: CORE-2001011501
Bugtraq ID: 2275
CVE CAN: None currently assigned.
Title: Weak authenticati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-016-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 23, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-017-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 23, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-014-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 23, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:password sniffing in kdesu
Advisory number:CSSA-2001-005.0
Issue date:
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:07 Security Advisory
FreeBSD, Inc.
Topic: Multiple XFr
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:10 Security Advisory
FreeBSD, Inc.
Topic: bind remote
On Mon, Jan 22, 2001 at 05:28:50PM -0800, Ryan Russell wrote:
> Due to some mail trouble, I'm manually forwarding this note.
> From: Microsoft Security Response Center
> Subject:Re: BugTraq: EFS Win 2000 flaw
> "... it is recommended that it is always better to start by crea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-018-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 23, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-013-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 23, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-014-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 23, 2001
- -
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:08 Security Advisory
FreeBSD, Inc.
Topic: ipfw/ip6fw a
Dan Kaminsky <[EMAIL PROTECTED]> writes:
> That means no
> decryption keys ever get written, no passwords get saved, and most
> importantly, *no plaintext data gets stored, not even "temporarily"*.
Interestingly, when a system hibernates e
This post will be short because it does not need a lot
of explanation. This is in a really specific case.
If you have the password of the router and if you are
logged to it you will not be able to delete all the traces.
The router logs the connection and the disconnection
of telnet sessions. I
41 matches
Mail list logo