Title: Phish Registry
Ciphertrustcan be trusted - I have used their
Ironmail product to block spam. Company is based in the
U.S.
I
have had quite a few support telephone conversations when their product has
faulted. Ironmail is installed on-site, they send you the servers and help you
Dear Marc SCHAEFER,
--Thursday, March 30, 2006, 9:52:10 AM, you wrote to
full-disclosure@lists.grok.org.uk:
MSTesting pings and telnet on the remote tunnel address (e.g.
MS192.168.1.2) and capturing data with the libre software Ethereal on the
MSreal Ethernet interface did show me
On 3/29/06, Ian stuart Turnbull [EMAIL PROTECTED] wrote:
I have just started in this hacking [ethical I should quickly add]
s/ethical/grey hat/g;
... WHY doesn't someone
send a message to these machines that the owner will see
there is talk of ISP's doing this once they get r00ted and
Just because no-one has told you, or you haven't seen it doesn't mean
it doesn't happen.
It's pretty concerning to me, as a java programmer, that the verifier
is off by default and hence any jar running can run free or the
contraints I've tried to enforce. Or that another j2ee app could
possibly
On 3/30/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Just because no-one has told you, or you haven't seen it doesn't mean
it doesn't happen.
amen. what's the cost if you are wrong? (the likely case over a
sufficient period of time against motivated attackers)
that artificial security
Perhaps you're just a moron.
I think I speak for _everyone_ when I say, please leave this list.
You have your own list of security experts and rogue employees
that I'm sure would love to hear this kind of stuff. Keep it on your
own list.
On 3/29/06, n3td3v [EMAIL PROTECTED] wrote:
Nah, I must
On 3/29/06, n3td3v [EMAIL PROTECTED] wrote:
Third party patches, a matter of trust
Why are third party patches a bad thing?
they are only a bad thing if they are not trusted and not well tested.
They force Microsoft to rush out a patch before
Q.A testing has been fully completed in the
radix tree
--
Javor Ninov aka DrFrancky
securitydot.net
vanilla sky wrote:
guys could anyone tell me what is the linux routing ip table look-up
algorithm
and where the details about it can be found ??
i could find for
... BSD = PATRICIA (Practical Algorithm To Retrieve Information Coded in
Networksecurity.fi Security Advisory (30-03-2006)
Title: McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
Criticality: High (3/3)
Affected software: McAfee VirusScan versions 10 Build 10.0.21 and prior
Author: Juha-Matti Laurio
Date: 30th March, 2006
Advisory ID: Networksecurity.fi
Jerome Athias wrote:
ExplorerXP : Directory Traversal and Cross Site Scripting
Software : ExplorerXP
Some mention of the manufacturer or a link to the mfr's website would have
helped here.
Two vulnerabilities have been discovered in ExploreXP, which can be
exploited by malicious people
A simple Google search returns that :
http://www.phpscripts-fr.net/scripts/script.php?id=933
Cheers
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
The original poster mentioned NetBEUI. If the legacy NetBEUI protocol is
really installed on the system, certain Microsoft sharing attempts would
be expected to bypass IP (and therefore all IP VPNs) entirely. Right?
-Jay
|Date: Thu, 30 Mar 2006 07:52:10 +0200
|From: [EMAIL PROTECTED] (Marc
The original poster mentioned NetBEUI. If the legacy NetBEUI protocol is
really installed on the system, certain Microsoft sharing attempts would
be expected to bypass IP (and therefore all IP VPNs) entirely. Right?
NetBEUI is a L2 protocol .. not routable. It would depend on the VPN
type
On Wed, 29 Mar 2006 23:36:28 +0100, n3td3v said:
You mean like Seiden who broke into banks and told everyone about it, and is
now one of the biggest security experts in the industry. He sent me an
e-mail telling me a week or so back telling me to take you seriously, i'm
beginning to wonder
end this now, I'd swear you wanted him to come back.
On 3/30/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Wed, 29 Mar 2006 23:36:28 +0100, n3td3v said:
You mean like Seiden who broke into banks and told everyone about it,
and is
now one of the biggest security experts in the industry.
I am logged in as a regular user but have root permission in
the tmp directory through a different shell. I am stuck as to what is my next
move to be able to change the root users password to one I know. Any help?
Tom
___
Full-Disclosure
if you're chrooted under /tmp (as it sounds from your email) you're out
of luck, unless you have a way to escape the chroot due to a
misconfiguration of that environment in the first place.
Easiest way to reset a lost UNIX password is boot from a live CD (eg:
knoppix) .. mount the / partition
Julien GROSJEAN - Proxiad wrote:
A simple Google search returns that :
http://www.phpscripts-fr.net/scripts/script.php?id=933
That depends on what you mean by simple. I just put ExplorerXP into
google, which I think is about as simple as you can get. That website
doesn't show up until
Once upon a time, Michael Holstein [EMAIL PROTECTED] said:
if you're chrooted under /tmp (as it sounds from your email) you're out
of luck, unless you have a way to escape the chroot due to a
misconfiguration of that environment in the first place.
If you are root, chroot is easy to break
Looking at the routing tables through NETSTAT.EXE is
... well ...
strange. No interface, strange routes, it's a bit
difficult
to really understand how routing works on this
proprietary plateform.
Has someone also experienced this, or was it some
strange local pecularity ?
Use the ROUTE
zap zoid wrote:
http://www.foxnews.com/story/0,2933,189406,00.html
Anybody else following this story?
I tend not to follow anything on Fox News. It turns people into
mindless zombies.
Thoughts?
Why was this posted to a security list?
Is this a security threat to the United States?
Isn't it easier to boot into single user mode and reset the password? It
doesn't require you to load the live CD which is one less step.
depends on if they setup 'console' as insecure or not in /etc/ttys.
~Mike.
___
Full-Disclosure - We believe in
Nah dude, he stood in defence of Kevin Mitnick, works with the UN, whitehouse, fbi etc. He's a world leading advisor with much infulence on the super powers of the world in relation to information technology security.
n3td3v be gone like you said you would.
and Kevin Mitnick is just a flashy name used to get ppl to buy
On 3/30/06, n3td3v [EMAIL PROTECTED] wrote:
Nah dude, he stood in defence of Kevin Mitnick, works with the UN,
whitehouse, fbi etc. He's a world leading advisor with much infulence on
the
The most powerful hackers in the world being told to get off fd, well that says a lot for fd then doesn't it. I'll be off and leave you skids to it. I don't want to hold up your list of free vulnerabilities and exploits which you stalk this list for, because none of you can find your own
On 3/30/06, n3td3v [EMAIL PROTECTED] wrote:
The most powerful hackers in the world being told to get off fd, well that says a lot for fd then doesn't it. I'll be off and leave you skids to it. I don't want to hold up your list of free vulnerabilities and exploits which you stalk this list for,
Name one powerful hacker kicked out of here? Just one. And you don't
count (niether do I but I've never claimed to be an expert or
important).
-sb
On 3/30/06, n3td3v [EMAIL PROTECTED] wrote:
The most powerful hackers in the world being told to get off fd, well that
says a lot for fd then
Michael Holstein wrote:
Isn't it easier to boot into single user mode and reset the password? It
doesn't require you to load the live CD which is one less step.
depends on if they setup 'console' as insecure or not in /etc/ttys.
Setuid script on /tmp?
Given that /tmp isn't mounted with
Title: Message
No,
please.. Really, keep your word just this one time.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
n3td3vSent: Thursday, March 30, 2006 10:55 PMTo:
s89df987 s9f87s987f; full-disclosure@lists.grok.org.ukSubject: Re:
Funny you should think FD isn't already moderated, our main [EMAIL PROTECTED] address has been moderated for months, hence the reason we're using
[EMAIL PROTECTED] . This might be an interesting read for you freedom of speech Americans, who are currently bombing the hell out of the middle east to
Can we get back onto topic. Not everybody is going to like everybody,
and this list is really starting to irritate me with this useless
complaining about who should be on and who should be off the list. If
you don't like it, leave.
Webguy
-Original Message-
From: [EMAIL PROTECTED]
Webguy, please get off this list.
-- Michael
On 3/31/06, Dixon, Wayne [EMAIL PROTECTED] wrote:
Can we get back onto topic. Not everybody is going to like everybody,
and this list is really starting to irritate me with this useless
complaining about who should be on and who should be off the
Michael Holstein wrote:
Easiest way to reset a lost UNIX password is boot from a live CD
(eg: knoppix) .. mount the / partition of your hard drive (eg: mnt -t
ext2 /dev/hda1 /mnt) then do chroot /mnt and execute passwd root
from in there.
Isn't it easier to boot into single user mode and
spam said:
Isn't it easier to boot into single user mode and reset the password? It
doesn't require you to load the live CD which is one less step.
Most *nix systems these days require you to enter the root password before
giving you a shell in single user mode. I guess its a security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Kerry!
On Fri, 31 Mar 2006, Kerry Thompson wrote:
Most *nix systems these days require you to enter the root password before
giving you a shell in single user mode.
Trivial to defeat. Just boot in to single user mode with these kernel
Every other online banking website features a long page on how
not to be a phishing victim. Good? Usually not. Many of those
web pages contain misleading tips and incorrect statements.
Read more: Phishing Tips Debunked
http://www.hexview.com/sdp/node/24
(Show this article to your
Tip #2: Invalid credentials work on impersonated websites.
If you feel there is something wrong with a website, use invalid
username and invalid password to log in. If the website then presents
you with the Logon failed page, you are possibly on a legitimate
website, so you may proceed with
On Fri, 31 Mar 2006 [EMAIL PROTECTED] wrote:
If the website then presents you with the Logon failed page, you are
possibly on a legitimate website, so you may proceed with logging in
using your correct credentials. If it gets you right through - it is
definitely a phishing attempt.
Note to
38 matches
Mail list logo