Salut,
On Fri, 2006-08-25 at 08:54 +0530, Ajay Pal Singh Atwal wrote:
Ahhh well maybe we are forgetting the actual **for_real_men**
technique for patching vulnerabilities and problems that can only be
applied to GNU/ Linux like systems.
The diff files (aka patch files), applied directly to
Hi there,
Could someone please provide me with products or solutions that can secure OWA authentication?
The client is already utilizing smartcards with certs for the internal network authentication.
The problem is that the client needs another form of authentication against the OWA instead of
On Fri, 25 Aug 2006 08:34:00 CDT, John Dietz said:
Please correct me if I am wrong but I believe the numbers n3td3v is
looking for is how much code size the patches ADD to the system, not
the actual size of the patches themselves.
OK, but that again is yet another different metric. And all it
So, at defcon, one of the evenings, at one of the tables... several people
sat. Some of them were decent and therefore shall remain nameless. When
introductions were made, we realized that
The others were:
Morning_Wood, the bantown fa*ot spammer, and me.
We have a picture together, morning,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gadi, you are scary?
Gadi Evron wrote:
So, at defcon, one of the evenings, at one of the tables... several people
sat. Some of them were decent and therefore shall remain nameless. When
introductions were made, we realized that
The others
Dear Gadi Evron,
Your email spawned the following thought in my head :
I think it's time we update that chart over here
http://attrition.org/hosted/sexchart/sexchart.9.42 ;)
Sorry I could not resist.
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3
I'm looking for a security researcher named Gobbles. If anyone could send
me his contact information I would appreciate it.
sadf
e9a4f234e0f5d3e587c3d27e709b7eda
___
Full-Disclosure - We believe in it.
Charter:
One possibility is to consider doing a two-stage authentication
scheme, where the user first authenticates with (say) an RSA SecurID
token, and then after authenticating there gets forwarded to the usual
OWA login page (all SSL encrypted of course!). I've seen this used
with good results.
On Fri, 25 Aug 2006 10:24:55 EDT, Adriel Desautels said:
Gadi, you are scary?
Yes, he is. And that I'm the one your mother warned you about T-shirt
doesn't help matters any. :)
pgpVdTBC8fT0e.pgp
Description: PGP signature
___
Full-Disclosure - We
On 8/25/06, Gadi Evron [EMAIL PROTECTED] wrote:
So, at defcon, one of the evenings, at one of the tables... several peoplesat. Some of them were decent and therefore shall remain nameless. When
introductions were made, we realized thatThe others were:Morning_Wood, the bantown fa*ot spammer,
On 8/25/06, Lohan Spies [EMAIL PROTECTED] wrote:
Hi there,
Could someone please provide me with products or solutions that can secure
OWA authentication?
Properly configured, Microsoft ISA Server 2006 is your best bet.
[...]
...D
--
CPDE - Certified Petroleum Distribution Engineer
CCBC -
SecurID cards (or any other two-factor
authentication) with SSL VPN would be your best bet.
Brendan Dolan-Gavitt
[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
08/25/2006 10:54 AM
To
Lohan Spies [EMAIL PROTECTED]
cc
full-disclosure@lists.grok.org.uk
Subject
Re: [Full-disclosure]
On 8/25/06, Adriel Desautels [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gadi, you are scary?
To sum up your question, Gadi makes big bird look like a midget.
/str0ke
___
Full-Disclosure - We believe in it.
Charter:
Please correct me if I am wrong but I believe the numbers n3td3v is
looking for is how much code size the patches ADD to the system, not
the actual size of the patches themselves. Though I tend to agree
that it doesn't really prove anything, I have to admit I myself am
quite curious about these
I missed you n3tty :)From: n3td3v [EMAIL PROTECTED]
My request to security researchers:I have for a long time now been under the theory that *some* Microsoftpatches once added together outweigh the actual file size of theoriginal Microsoft product.
yahoo gmail m$ blah blahContact me (on or off
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:150
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:151
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Indiana University Security Advisory:
Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities
Advisory ID:
20060824_FXPS_Print_Engine_Vulnerabilities[2]
Revisions:
08-24-2006 2350 UTC 1.0 Initial Public Release
Issues:
FTP
Hi there.
Sorry for the book in advance. I am not half as intelligent as some of you,
and this list is extremely informative, but I don't speak up much. I have
an issue, and maybe you guys can shed some light on it, and the risks it can
pose.
I do surveys at a site www.pineconeresearch.com.
On Fri, 25 Aug 2006 09:01:39 -0500 asdfasf wrote:
I'm looking for a security researcher named Gobbles. If anyone could send
me his contact information I would appreciate it.
Gobbles? The [EMAIL PROTECTED] The
Netdev-counterpart-on-bugtraq-some-years-ago-Gobbles? Him a security
researcher?
if i remeber correct gobbles did have some talent and were slightly funny where netdev doesn't have talent and isnt funny...On 8/25/06, Denis Jedig
[EMAIL PROTECTED] wrote:On Fri, 25 Aug 2006 09:01:39 -0500 asdfasf wrote:
I'm looking for a security researcher named Gobbles.If anyone could send
Dear Denis Jedig,
DJ Gobbles? The [EMAIL PROTECTED] The
DJ Netdev-counterpart-on-bugtraq-some-years-ago-Gobbles? Him a security
DJ researcher? Made my day.
You just made mine, Goobles released the finest exploits, some 0-day
some BSD ones which where claimed to be impossible to do, and his
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:152
http://www.mandriva.com/security/
How can you compare gobbles with n3td3v thats blasphemy !
- Original Message -
From: Thierry Zoller [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com;
pen-test@securityfocus.com; [EMAIL PROTECTED]
Sent: Friday, August 25, 2006 10:40 PM
Subject: Re:
http://en.wikipedia.org/wiki/Gobbles
On 8/25/06, GroundZero Security [EMAIL PROTECTED] wrote:
How can you compare gobbles with n3td3v thats blasphemy !
- Original Message -
From: Thierry Zoller [EMAIL PROTECTED]
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com;
On Fri, 25 Aug 2006 22:40:14 +0200 Thierry Zoller wrote:
You just made mine, Goobles released the finest exploits,
I remembered reading some advisories back in 2003 which were not that much
state of the art. Possibly something has changed, maybe I just lost my
mind ;-) Anyway, I stand
Hi,
I'm writting a TNS Listener honeypot. Yes, I'm finishing it. Anyway, I'm
thinking what is the most interesting honeypot for us the good guys.
What are you looking for? A SMB/CIFS Honeypot? Or any other?
Please, contribute, what is the kind of LOW LEVEL INTERACTION HONEYPOTS
what are you
Description:
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network
Admission Control (NAC) product that uses the network infrastructure to enforce
security policy compliance on all devices seeking to access network computing
resources. With NAC Appliance, network
28 matches
Mail list logo