As of recently this security hole has been silently fixed.
From: Peter Lustlos peter.lustlo...@yahoo.com
To: full-disclosure@lists.grok.org.uk
Sent: Monday, December 10, 2012 2:57 PM
Subject: Any.Do sends passwords in plaintext
Any.Do transmits Passwords
Is it really necessary to spam the list with a separate email for every issue
you want to report? Perhaps one email a week with a link to the full report
would suffice?
On 10 Apr 2013, at 11:31, secur...@mandriva.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
, 2013 at 11:44:22AM +0100, Peter W-S wrote:
Is it really necessary to spam the list with a separate email for
every issue you want to report? Perhaps one email a week with a
link to the full report would suffice?
It is necessary.
Waiting a week for a batched email to find out my software has
CVE identifier? It's pretty disturbing if someone actually uses
vulnerabilities like these to infect others.
Also, I guess this wasn't reported to the plugin review team at WP.org so I
forwarded it to them there - there is a free version of this plugin available
for download there
--
Peter
,
and for providing a proposed fix.
* TWiki:Main.PeterThoeny for creating the fix, patch and advisory.
---++ Action Plan with Timeline
* 2013-02-12 - John Lightsey of nixnuts.net discloses issue to
TWikiSecurityMailingList [4]
* 2013-02-13 - developer verifies issue - Peter Thoeny
@Valdis, your correct.
He was expelled for other reasons. Despite receiving clear directives not
to, he attempted repeatedly to intrude into areas of College information
systems that had no relation with student information systems.
These actions and behaviours breach the *code of professional
Dear list,
I've written an exploit for an interesting bug which I found a day or so
ago, and thought I'd share it with you.
http://pastebin.com/QP7eZaJt
Hope you enjoy!
-Peter
/*
NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012
- Bypass DEP + ASLR + /GS + CoE
.
* TWiki:Main.PeterThoeny for creating the fix, patch and advisory.
---++ Action Plan with Timeline
* 2012-12-10: User discloses issue to TWikiSecurityMailingList [4],
George Clark, Foswiki
* 2012-12-10: Developer verifies issue, Peter Thoeny
* 2012-12-10: Developer fixes code, Peter Thoeny
* 2012-12-10
Any.Do transmits Passwords in plaintext.
==
Some of you may be interested to know that the Task Management and TODO-list
Application, Any.Do, happily transmits your password and just about everything
else in plaintext.
They were even so kind to include a README.md documenting exactly this
In most case there are keyboards attached to computers, they provide an
excellent opportunity for providing content to your mails.
On 2012-11-15 13:02, mohit tyagi wrote:
___
Full-Disclosure - We believe in it.
Charter:
Dont feed the trolls !
On Tue, Oct 30, 2012 at 11:21 AM, Mikhail A. Utin
mu...@commonwealthcare.org wrote:
Normal way of doing security research business (for normal people of
course) is to inform the vendor and discuss the issue. I would not describe
further steps as they are well-known.
I was looking and appear that this bug was fixed a long time ago at ms,
No, the bugs remain. However...
also windows help (.hlp) do not appear to be automatic opened in windows
vista and later.
That's the point - hlp is such an unsafe file format that the
winhlp32.exe was *removed* from
Antony if u wanna do my home work i suggest you to find the offset
where cause the crash change some byte and play with come back when
there is not second chance ,instruction is not valid and it
references not valid data.
Irrespective of the cause of the invalid access, the exception is
How can i make sure a crash is not exploitable? (( The short answer is
simple assume every crash is exploitable and just fix it.))
No, it costs a lot of time and money to fix even one issue.
We don't want to waste it on something that isn't exploitable.
No, it costs a lot of time and money to fix even one issue.
We don't want to waste it on something that isn't exploitable.
There are at least four problems with this argument. First, the
argument basically says defective software is OK.
You've interpreted don't want to waste it as won't fix
I have discovered many crashes during testing MS product which i can
discuss with authority responsible
memory corruption during the handling of the pub files a
context-dependent attacker can execute arbitrary code.
ecx=0004 ... esi=
...
MSVCR90!memmove+0x140:
7855b450
this become news this am. but its been noted quite some time back ...its
like #whattookthemsolong to make it pub
http://bits.blogs.nytimes.com/2012/10/02/google-warns-new-state-sponsored-cyberattack-targets/
On Fri, Oct 5, 2012 at 1:51 PM, Nick Boyce nick.bo...@gmail.com wrote:
On Fri, Oct 5,
and this is coming from person who is has many years experience in
Penetration Testing of many Government Organizations of India and other
global corporate giants.
Who the friggin hell hires such peeps who give away key /userid/pwd eh ?
/pd
On Wed, Aug 15, 2012 at 2:52 PM, Harry Hoffman
Dubbed Gauss, the virus may also be capable of attacking critical
infrastructure and was built in the same laboratories as Stuxnet, the
computer worm widely believed to have been used by the United States and
Israel to attack Iran's nuclear program, Kaspersky Lab said on Thursday.
not sure. I think its lesson on how2 pwn the troll n bully l!
On Thu, Aug 9, 2012 at 4:16 PM, Benji m...@b3nji.com wrote:
ah fantastic, a lesson on trolling and bullying. what a valuable
service you are providing.
On Thu, Aug 9, 2012 at 8:19 PM, Pete Herzog p...@isecom.org wrote:
Hi,
nice infografixs
http://go.bloomberg.com/multimedia/china-hackers-activity-logged-reveals-multiple-victims-worldwide/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
Thor (Hammer of God) : If and when they fix it is up to them.
so if vendor don't fix it /ack the bug.. then what ??
Responsibility works both ways.. Advise the vendor.. if they say fuck it..
I say fuck u.. and will advise the community !
There is a responsibility to disclose a venerability to
Well that guys an idiot.. Orange has data network coverage, spanning 220
countries and territories, 967 cities 1,468 PoPs worldwide.. nice way to
draw attention to themselves..
Best comment you should consider a job outside of the IT
/pd
On Tue, Jul 3, 2012 at 11:28 AM, Gage Bystrom
quick quick nuke the co-ord [ 49°28'14 North | 16°56'48 East ]
On Mon, Jun 25, 2012 at 2:49 PM, Jardel Weyrich jweyr...@gmail.com wrote:
And you're trying to impersonate someone by using my email address as
sender? I don't get it.
Received: from emkei.cz (emkei.cz [46.167.245.118])
http://www.europarl.europa.eu/news/en/pressroom/content/20120326IPR41843/html/Hacking-IT-systems-to-become-a-criminal-offence
On Sun, Jun 10, 2012 at 10:33 PM, Pablo Ximenes pa...@ximen.es wrote:
Hi Folks,
I was wondering if any of you could point out any good references
(academic
++Thor !!
On Fri, Jun 8, 2012 at 1:03 PM, Thor (Hammer of God)
t...@hammerofgod.comwrote:
finding solutions to countries using cyberwar and using innocent
peoples machines to carry it out,
invading peoples privacy and generally doing terrible stuff in the
name of god and country.
haha..da retrun of da farewell dossier !!
On Wed, Jun 6, 2012 at 2:21 PM, coderman coder...@gmail.com wrote:
On Wed, Jun 6, 2012 at 11:16 AM, coderman coder...@gmail.com wrote:
... uncle sam has been up in yer SCADA for
two decades.
three decades; too early for maths!
lets not 4get = Waychopee and Electric Skillet
http://www.theage.com.au/news/breaking/weathering-the-cyber-storm/2006/02/11/1139542441421.html
http://www.wired.com/politics/law/news/2005/05/67644
On Tue, Jun 5, 2012 at 11:53 AM, valdis.kletni...@vt.edu wrote:
On Tue, 05 Jun 2012 17:01:49 +0300,
..and what good will that do ??
US have not signed the Rome Statute of the ICC .. so The Hague has no
jurisdciation of US citizens !
/pd
On Tue, Jun 5, 2012 at 1:57 PM, andrew.wallace
andrew.wall...@rocketmail.com wrote:
Why isn't anyone launching a criminal investigation into US Govt
== there are no such thing as an attack tree.
Eh ?? Seems that Schneier was blowing smoke up in the air with his
thoughts on attack trees !!
Anyhoot, here's another good old linky Military Operations Research V10,
N2, 2005,
http://www.innovativedecisions.com/documents/Buckshaw-Parnelletal.pdf
is FLAME is actually a cyberweapon ?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
at the CeBIT
/AU zone., that was a week ago.. waht a co-incidence !!
/pd
On Mon, May 28, 2012 at 11:46 AM, yersinia yersinia.spi...@gmail.comwrote:
On Mon, May 28, 2012 at 5:34 PM, Peter Dawson slash...@gmail.com wrote:
is FLAME is actually a cyberweapon ?
Apparently YES
http
yes thats true ..but lets not 4get one needs to forkup $150/- before you
can finger their servers
2012/5/23 Thor (Hammer of God) t...@hammerofgod.com
Hell Juan. As per the conditions of the contract I forwarded, I am
pleased to see that you have given me full permission to assess any systems
Unlikely, usually these switches are quite large and when a user has OOB it
usually means console access to the server, i.e. nothing to do with network
topology.
If they are like most ISPs/carriers, the only thing that will be on a
separate switch is their management network(s).
On 16 March
What makes you think those services would be split onto separate switches
(which would be rather odd actually)?
On 16 March 2012 16:30, Jerry dePriest jerr...@mc.net wrote:
They had a DoS of mail, www and shell. They state a switch went out. who
runs mail, www and shell on the same switch?
This is Juan Sacco's new spam puppet. He just posted the same thing using his
real name elsewhere.
nore...@exploitpack.com skrev:
Exploit Pack - New video! Release - Ultimate 2.1
Check it out! http://www.youtube.com/watch?v=4TrsFry13TU
Exploit Pack Team
http://exploitpack.com
On 01/24/2012 07:18 PM, Mario Vilas wrote:
Guys, could you please read carefully everything before you reply?
I read carefully. It still didn't make sense, though.
And you wouldn't be allowed to use copypaste while you edit sensitive
documents either, I guess?
I don't know how you could get
have the clipboard disabled...
On 01/25/2012 08:44 AM, Peter Osterberg wrote:
I think Ben's report make complete sense actually, it would be better to
have the clipboard feature as a default. Security before features... =)
___
Full-Disclosure - We
I could never lower myself to your level so I guess you win
On 01/25/2012 10:32 AM, GloW - XD wrote:
you are seriously more retarded than even the n3td3v+me+you
together...damn army..!
On 25 January 2012 19:29, Peter Osterberg j...@vel.nu wrote:
Wasn't the original thread originally
On 01/25/2012 10:54 AM, Mario Vilas wrote:
The bottom line is, the problem here is using VNC for what Ben is
using it. There are many more problems with that scenario and
clipboard sharing may be the least of them.
That may very well be true. I am not trying to debate that.
does any1 know about abnormal user patterns emerging fom
http://vi.sualize.us ??
Seems that other sites are being flooded with user streams form this
property. has http://vi.sualize.us has been compromised ?
___
Full-Disclosure - We believe in it.
Link to full advisory:
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
Vendor's official statement:
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
Remote root command execution (non-authenticated)
It made news all over the interwebs too- Zack jerkin da chicken !!
So much for privacy..
On Wed, Dec 7, 2011 at 9:59 AM, Peter Dawson slash...@gmail.com wrote:
Yes this was closed pretty fast. FB is already facing numerous Privacy
breach issues.. in US/Canada
http://ftc.gov/opa/2011/11
, Dec 6, 2011 at 2:41 PM, Peter Dawson slash...@gmail.com wrote:
Has this been ACK'ed by anyone else ?? Seems that FB's Report
in/Block process breaks their own privacy stds !
http://forum.bodybuilding.com/showthread.php?t=140261733
___
Full
Has this been ACK'ed by anyone else ?? Seems that FB's Report in/Block
process breaks their own privacy stds !
http://forum.bodybuilding.com/showthread.php?t=140261733
___
Full-Disclosure - We believe in it.
Charter:
Send site owner/admin anon email and leave it at that.. as Thor mentioned
give em the info for free!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
any know the CC vectors for this ??
http://isc.sans.edu/diary.html?storyid=12061rss
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Yes to a certain degree its all about Saving FACE. .. however FB's
30member integrity team is only bothered about how to manage the vectors
that have been primed to protect.
FB is the largest network protected .. (YES big word Protected !! / they
have over 25B checks per day and reaching upto
I dont think that he waited for vendor to confirm fix in production and I
dont see a reason that he needs to wait . If FB did not ask him to refrain
from disclosure.. y shld he ?
09/30/2011 Reported Vulnerability to the Vendor
10/26/2011 Vendor Acknowledged Vulnerability
10/27/2011 Publicly
.
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
Em 28/10/2011, às 13:01, Peter Dawson slash...@gmail.com escreveu:
I dont think that he waited for vendor to confirm fix in production
and I dont see a reason that he needs to wait . If FB did not ask him to
refrain from
if I get it right this dude is supposed to be
- Senior Security Analyst at iViZ Techno Solutions Pvt.
Ltd.http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof
Whatever happened on protocol's for responsible disclosure ?
On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41
Canada Law and policy
http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/h_gv00084.html
/pd
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I think that Bitcoin to (linden$ ) L$ | USD is another method of morphing
the economics to support real vector values.
Bitcoin's design allows for pseudonymous ownership and transfers and thereby
making it attractive space to begin with. Plus with an overall growth
anticpated to be approx $21M,
I think he should keep advertising here and drag his customers here as
well so they can see how well respect he and his tool are by the
security industry geeks that rant him here.
It's also fun to read about his customers on his own site, they are just
making fools of themselves for admitting to
Juan Sacco skrev 2011-05-31 04:39:
We are always trying to be one step ahead of the competition, take a
visual tour of some of INSECT Pro most popular features and discover why
INSECT Pro has become a leader in security software and solutions around
the globe.
WTF?
privately.
Kind regards,
Peter van Dijk
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
applications that they
knew of.
Cheers, Peter
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Here is one of our new online tools, Base64 Decoder Encoder. Apart
from attractive, easy to use interface, it shows output in both ASCII
HEX format.
Which model do you use? Standard? PHP? IE/Outlook?
OMG they can all decode the crafted input differently!
sigh.
Here is one of our new online tools, Base64 Decoder Encoder. Apart
from attractive, easy to use interface, it shows output in both ASCII
HEX format.
Which model do you emulate? The standard one? The PHP one? The
IE/Outlook one? OMG they can all decode differently!
I would also love to follow the discussion
phocean skrev 2011-05-11 11:22:
It doesn't sound good to me and maybe other people here.
I am interested too even if I have followed it passively so far.
So why going private?
On Wed, 11 May 2011 00:35:41 +, Dobbins, Roland wrote:
On May
In Sweden they did that 14 days after they got hacked, and at the same
time informed us that we should pay attention to weird things happening
on our bank accounts...
LOL, it's fucking lame to come out with that warning 14 days after it
happened... Quite obvious that they wanted to bury the
Thank me I saved you the seconds it took to Google the link, now all you have
to do for yourself is click it and read...
http://www.nosec-inc.com/en/products/pangolin/
- Ursprungsmeddelande -
Is it nicer / better than sqlmap or have any extra features?
On Fri, Apr 29, 2011 at 1:52
it. I wouldn't have the private key in memory on
the same box because that makes it trivial to decrypt, but of course
it all depends on what problem we are trying to solve.
t
*From:*Cal Leeming [mailto:c...@foxwhisper.co.uk]
*Sent:* Wednesday, April 06, 2011 11:58 AM
*To:* Peter
Security is relative and the pwd might be handled in a secure enough fashion
compared to the value of the information it is protecting, even though it is
stored in a reversable fashion. But I wouldn't, generally speaking, hesitate to
claim that it isn't stored securely if it is reversable.
That made my morning laugh! =)
Andrew Farmer skrev 2011-03-30 00:22:
Yes, but... well, JAD does a better job of explaining than I possibly could:
Runtime rt = Runtime.getRuntime();
String str = 7z.exe x ;
str = str + \ + _filepath + \ ;
str = str + -p\ + pwd + \ ;
Interesting...!
Does that mean that there is a 100 percent risk of the same tsunami over
500 years? Is there a cycle? When was the last one? Risk would be a lot
higher than 10 percent if it was, say, 300 years since the last tsunami
Haven't dug at all into it, this is just a very spontaneous
random. Unless you play rigged slot machines.
--
Skickat från min Android-telefon med K-9 E-post. Ursäkta min fåordighet.
Graham Gower graham.go...@gmail.com skrev:
On 30 March 2011 21:53, Peter Osterberg j...@vel.nu wrote: Risk would be a
lot higher than 10 percent if it was, say, 300 years since
Someone should go ahead and make one of those leetspeak generators,
that instead generates musntlive-speak. That'd be awesome, or even
better a decoder...
This looks interesting but I can't translate it. Someone willing to
pick it up for a Google summer code project?
15 /\/\U57
-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Peter
Osterberg
Sent: Thursday, March 24, 2011 6:31 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] is warning about SCADA security
Someone should go
RFC3986 marks both # and ! as reserved characters (sec 2.2); from a skim
read, # is used for fragment identification (somewhere in sec 3) and there
is a small note on ! ' and at the end of the document. More a standards
issue than a security issue.
Also, what he'd quoted !# is not the shebang
To be honest, none of these methods will actually be effective: root can do
what he/she likes, including monitoring *everything* you do. Worrying about
shell history is not going to solve anything.
Your only choices are to trust root, or setup your own host.
Peter Maxwell
On 6 February 2011
On Sun, 30 Jan 2011 19:22:45 -0500
Hack Talk hacktalkb...@gmail.com wrote:
Hey,
I've tried reporting issues to Harvard University tons of times in the past
but they rarely respond and even more rarely commend researchers for finding
vulnerabilities so I decided that full-disclosure was the
on the
tin. You have not done that here.
Regards,
Peter Maxwell
On 12 January 2011 19:08, Tomás Touceda chi...@gentoo.org wrote:
Hello everyone,
I wanted to announce this little pet project that was born a couple of
weeks ago, and now it sees the light in the form of a proof of
concept
On Thu, 2010-12-16 at 02:26 +1100, dave b wrote:
I hate it when some one beats me to a bug report.
https://addons.mozilla.org/en-US/firefox/user/5578717/ (this example
will only work against firefox).
The xss occurs due to no filtering / escaping the display name attribute for a
user.
Cute.
(see
above).
Maybe I should refrain from jumping in mid-thread?
Peter Setlak
peterset...@me.com
(315) 371-6611
Skype Me! (Get Skype)
** SAVE A TREE!
(Please consider the environment before printing this email or its
attachments...)
On Dec 13, 2010, at 12:12 PM, Andrea Lee wrote:
I hope I'm
On Tue, 23 Nov 2010 09:26:49 -0500
Mikhail A. Utin mu...@commonwealthcare.org wrote:
As we see, our list has a few (luckily just a few) unprofessional
people thinking of themselves as gods, and hiding in such
Russian-born domains.
The person's domain that you were replying to is Canadian.
Please don't turn this mail list into something about religion. I
couldn't care less about religion, and this is certainly not a
religious mail list. I would be on a different list if that was
something I cared about.
2010-11-18 20:46, Andrew Auernheimer skrev:
Coderman,
Everything I do is in
I did not report this, as I am unsure on what to call it, a bug, vuln or
a feature.
How very convenient !!
)-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Nice site if you manage to get to it.
In the meantime it should be obvious to anybody that WEP basically means
cleartext.
Peter Bruderer
--
Bruderer Research GmbH
On 17.07.2010, at 18:32, Thor (Hammer of God) wrote:
http://www.whatsmyip.org/fioswepcalc/
image001.png
Timothy
On Wed, 23 Jun 2010 20:12:24 +
Thor (Hammer of God) t...@hammerofgod.com wrote:
I know better than to bring up the Australia vs New Zealand
bit. Speaking of which, was there an Old Zealand? ;)
Yes, it's a province in Holland.
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
On Mon, 7 Jun 2010 21:23:22 +0100
Benji m...@b3nji.com wrote:
on an unrelated note, would anyone know how to uninstall this?
thx intentrnets.
Boy, I sure hope you are joking.
Just in case any newbies get ideas:
Never install anything offered on this list. Be very careful about
opening
On Mon, 7 Jun 2010 21:31:03 +0100
Benji m...@b3nji.com wrote:
Im new to computers, what is wrong with antimalware programs?
All anti-malware programs slow your computer. With the good ones, you
expect to get some protection from the bad guys out there.
Unfortunately, the bad ones are really
On Sat, 15 May 2010 14:40:29 +
Thor (Hammer of God) t...@hammerofgod.com wrote:
And for the record, these claims of 'inherent insecurity' in Windows
are simply ignorant. If you are still running Windows 95 that's your
problem. Do a little research before post assertions based on 10 or
On Sat, 15 May 2010 16:22:26 -0400
Jeffrey Walton noloa...@gmail.com wrote:
This is
along the lines of, 'Linux does not get viruses' argument. Give me a
break...
I set up a dual boot arrangement on a friend's machine. The Windows
side promptly got infected. The guy was furious and blamed his
|--|
| __ __ |
| _ / /___ _ / / _ ___ |
| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / / /
Rather funny than scary:
http://isec.pl/vulnerabilities10.html
There are loads of known vulns in winhlp32.exe, particularly in the
decompression routines. That's why it was removed from Vista, and why
.hlp files are considered to be dangerous file formats.
|--|
| __ __ |
| _ / /___ _ / / _ ___ |
| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / / /
On Thursday 14 January 2010 21:49:05 Christian Sciberras wrote:
They used an IE exploit to get in.
The people at *Google* use *IE*?!! Besides, how does an exploit in IE
affect the server?
It would affect a person with login rights to a server.
This wasn't just an attack on Google, btw, it was
.
Apache/2.2.8 (Ubuntu) Server at security.ubuntu.com Port 80
I am doing something a bit silly?
Yours, Peter.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
above, you're strongly advised to use error logging in
place of
; error displaying on production web sites.
log_errors = On
Now the error message is in the logfile and nothing is displayed in
the browser.
Peter Bruderer
--
Bruderer Research GmbH
CH-8200 Schaffhausen
On 29.09.2009
On Wednesday 16 September 2009 05:15:23 Thor (Hammer of God) wrote:
P.S.
I get the whole XP code to too old to care bit, but it seems odd to take
that old code and re-market it around compatibility and re-distribute it
with free downloads for Win7 while saying we won't patch old code.
Let's
I'm saying that the world's malware authors, in their race to stay
ahead of AV, are engaging in an uncoordinated, slow-motion DDOS of
the world's AV systems. They are flooding the blacklists, and this
flooding is accelerating. If it continues, the world's AV systems
will be useless, as will
On Friday 28 August 2009 03:39:14 Thor (Hammer of God) wrote:
If the entire argument is around the default escalation behavior being
enter a password (which they already know) vs clicking OK because you
assume entering the password is more of a deterrent, then OK, but the
premise of the people
On Friday 28 August 2009 08:29:48 Thor (Hammer of God) wrote:
Maybe I'm not saying it properly... (and I won't belabor the point
anymore). If you want a password instead of a click, then set it to
prompt for credentials rather than prompt for consent for
*administrators*.
Understood. I also
The OS on my machines will not allow a person to run an administrative
desktop. It enforces the separation between the administrator and a
normal user by requiring the creation of at least one normal user at
install. Only that normal user can log in.
On Friday 28 August 2009 09:30:26 Thor
On Thursday 27 August 2009 02:11:10 morla wrote:
when i
$ aptitude update ; aptitude safe-upgrade
or
$ apt-get update ; apt-get upgrade
it tells me that im up 2 date. but in this release the bug is still
included,.,.
i had to install linux-image-2.6.26-2-686-bigmem via
$ aptitude
On Thursday 27 August 2009 05:04:16 Rohit Patnaik wrote:
Of course, all this is based on an extrapolation of the current strategy
of blacklisting. My feeling is that, once malware levels grow beyond
this threshold, we'll see a mass switch to whitelists. In other words,
apps will go from being
I'm not sure this is a solution. Most of the people I work with will
unquestioningly click every UAC prompt. Knowing what to whitelist requires
a fair degree of technical skill beyond most users' ability.
On Thursday 27 August 2009 08:34:54 Thor (Hammer of God) wrote:
If they can just
On Thursday 27 August 2009 13:33:37 Thor (Hammer of God) wrote:
But that's the same on my Mac and Ubuntu distro too. The first user is the
admin. Granted, the default behavior on Mac/nix requires the admin
password
That's a big difference. Entering a password counts as more of a deterrence.
I cannot get this into promiscuous mode. I need to sniff all
HTTP traffic of the wireless router
Thanks in advance
This won't help as wireshark uses winpcap to access the network device.
Note that not all wireless chipsets support promiscuous mode.
peter
1 - 100 of 297 matches
Mail list logo