I believe it is per TCP session, but don't quote me on that. Actually
now that i think about it, if it indeed is per TCP session then the
second rule will not trigger, since the SSL connection will be a part
of a different session.
I am not 100% sure though. Try it out and let us know. You might
The first rule would get flowbits:noalert; flowbits:set,google.user.agent;
And the second rule would get flowbits:isset,google.user.agent;
Is that global (if #1, then always #2), or is it "per-IP" ?
I verified I can block the SSL session setup using the snort sig I
posted the other day .. but
Check out flowbits.
The first rule would get flowbits:noalert; flowbits:set,google.user.agent;
And the second rule would get flowbits:isset,google.user.agent;
That way the alert for the first rule would be suppressed and the
second rule would only trigger if the first one occured previously.
On
I am using Google desktop version 4. By default search across computers
is not enabled. Can someone explain me why all the noise if I just don't
use the feature.
True, it's not enabled by default, but Google is pitching this as an
easy way to access your work documents from home (or vise-versa
On Mon, 13 Feb 2006 23:38:41 +0530, Prabhat Sharma said:
> I am using Google desktop version 4. By default search across computers is
> not enabled. Can someone explain me why all the noise if I just don't use
> the feature.
The noise is because many of us have dozens, or hundreds, or thousands o
I am using Google desktop version 4. By default search across computers is not enabled. Can someone explain me why all the noise if I just don't use the feature.I believe that educating the users is the best way to safeguard against issues like this. As my understanding says most of the incidents t
First, I made a mistake in the version number. The current/new one is
version 3 (the one that uploads your data to Google)
I've been experimenting with Snort sigs to detect this.
Google Desktop uses a unique user-agent (I got a tip about this from
another user at full-disclosure -- thanks Char
On Sat, 11 Feb 2006, Jason Coombs wrote:
> Date: Sat, 11 Feb 2006 21:49:35 +1300
> From: Jason Coombs <[EMAIL PROTECTED]>
> To: J.A. Terranson <[EMAIL PROTECTED]>
> Cc: Full-Disclosure
> Subject: Re: [Full-disclosure] blocking Google Desktop
>
> J.A. Terranson w
On Sun, 12 Feb 2006, Nick FitzGerald wrote:
Go to HR, explain that the new security policy about not running Google
Desktop is make-or-break and explain why. To achieve this you may need
higher-level management buy-in, so hopefully you can threaten exposure
under HIPAA, Sarbanes-Oxley or some s
gboyce wrote:
> As a computer user, I certainly do have this choice. I'm certainly not
> going to install Google Desktop. In fact, I generally don't run Windows,
> so I don't even have the OPTIOn of running Google Desktop.
>
> This new "feature" still worries me though, and I want to find out h
On Sat, 11 Feb 2006, J.A. Terranson wrote:
Yes boys and girls, it is not safe to hand your mission critical data to
ANY third party.
If your data is sensitive, keep it home.
If you don't like Google's email "features", you have a choice you know.
(Hint: GO SOMEWHERE ELSE!)
Yes, it re
Hand j.a. a cup or coffee
Randall M
[-Original Message-
[From: [EMAIL PROTECTED]
[[mailto:[EMAIL PROTECTED] On Behalf
[Of J.A. Terranson
[Sent: Saturday, February 11, 2006 2:10 AM
[To: Full-Disclosure
[Subject: Re: [Full-disclosure] blocking Google Desktop
[
[
[
[On Fri, 10 Feb
lto:[EMAIL PROTECTED] On Behalf
[Of Michael Holstein
[Sent: Friday, February 10, 2006 1:37 PM
[To: full-disclosure@lists.grok.org.uk
[Subject: Re: [Full-disclosure] blocking Google Desktop
[
[> I would also venture to say that they should be publicizing
[> information for corporations to
J.A. Terranson wrote:
Invite the idiot in the
white house, I hear he's feeling unloved today :-)
Do you mean: "invite the idiot" in the white house ?
Or do you mean: invite the "idiot in the white house" ?
My favorite stupid hacker trick "in the white house": getting POTUS to
call you by you
On Fri, 10 Feb 2006, Line Noise wrote:
> I'm still trying to help them understand why stuffing a "Chat"
> (mis)feature into gmail is a problem. No way to turn it off, and each
> account that gets it, starts up with it enabled. Oh, boy, I really
> want the world to know when I'm "on line" (especi
Michael Holstein wrote:
Agreed. I'm actually working on testing it now, to figure out how to
write snort sigs to (detect) and/or (block) it -- assuming I can't just
blackhole *desktop.google.com on DNS.
Please do post to the list and/or make public via other means if/when
you're successful.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Michael Holstein
> Sent: Friday, February 10, 2006 11:37 AM
> To: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] blocking Google Desktop
>
> > I
S. Anyone know if Google desktop caches SAM databases?On 2/10/06, Michael Holstein <[EMAIL PROTECTED]
> wrote:> Looks like a great target for Pharming attacks. Thanks for all your data
> sent to me over an SSL connection. =)Yeah .. Google is notorious for trying to send everything into the sam
Looks like a great target for Pharming attacks. Thanks for all your data
sent to me over an SSL connection. =)
Yeah .. Google is notorious for trying to send everything into the same
domain -- trying to make our lives difficult.
Right now, I'm trying snort with REACT actions based on their SS
> Upon launching, Google Desktop made several HTTPS connections to both
> www.google.com and desktopservices.google.com. It used IE's proxy
> settings - we have an ISA cache/proxy that does integrated
> auth. If it handled NTLM auth, I'm sure it can do basic
> proxy auth as well.
> However,
t: Friday, February 10, 2006 2:37 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] blocking Google Desktop
> I would also venture to say that they should be publicizing
> information for corporations to be able to block this wholesale
> (google desktop and g
@lists.grok.org.uk
Subject: Re: [Full-disclosure] blocking Google Desktop
> I would also venture to say that they should be publicizing
> information for corporations to be able to block this wholesale
> (google desktop and gmail chat), since we all know there are financial
> institutions
On 2/10/06, Michael Holstein <[EMAIL PROTECTED]> wrote:
> I'm sure many of you corporate types are scared to death of the new
> Google Desktop (allowing Google to store anything on my drive for a month).
>
> Question : what's the most effective way to block this on a network level?
>
> Does blackho
I would also venture to say that they should be publicizing
information for corporations to be able to block this wholesale
(google desktop and gmail chat), since we all know there are financial
institutions where people work, and think nothing of saving customer
data onto laptops.
Agreed. I'm a
are Google. Resistance is futile.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Line Noise
Sent: Friday, February 10, 2006 2:30 PM
To: Michael Holstein
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] blocking Google Desktop
On 2/10/06, Michae
On 2/10/06, Michael Holstein <[EMAIL PROTECTED]> wrote:
> > Sorry, but explain? You mean something beyond the index of your
> > personal data then? Did they add something beyond that?
>
> Yes, version 4 adds the ability to "access your documents from anywhere"
> -- meaning they're sent to Google's
On Feb 10, 2006, at 1:57 PM, Michael Holstein wrote:Yes, version 4 adds the ability to "access your documents from anywhere" -- meaning they're sent to Google's Servers. crap. thanks. :( ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.
Sorry, but explain? You mean something beyond the index of your
personal data then? Did they add something beyond that?
Yes, version 4 adds the ability to "access your documents from anywhere"
-- meaning they're sent to Google's Servers.
EFF's article about it :
http://www.eff.org/news/arch
Sorry, but explain? You mean something beyond the index of your
personal data then? Did they add something beyond that?
-Josh
On Feb 10, 2006, at 11:42 AM, Michael Holstein wrote:
I'm sure many of you corporate types are scared to death of the new
Google Desktop (allowing Google to store a
I'm sure many of you corporate types are scared to death of the new
Google Desktop (allowing Google to store anything on my drive for a month).
Question : what's the most effective way to block this on a network level?
Does blackholeing desktop.google.com do the trick and prevent it from
repor
30 matches
Mail list logo