On Tue, 8 Jun 2010 12:16:59 -0700
Sagar Belure sagar.bel...@gmail.com wrote:
Hi list,
TMAC for Linux, is a bash program written for the purpose of changing the
MAC address of network interface cards in Linux OS, provided it has Bash
shell environment.
Please check the details and some sort
===
Ubuntu Security Notice USN-950-1 June 09, 2010
mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
CVE-2010-1621, CVE-2010-1626, CVE-2010-1848, CVE-2010-1849,
CVE-2010-1850
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Vulnerabilities in Cisco Unified Contact Center
Express
Advisory ID: cisco-sa-20100609-uccx
Revision 1.0
For Public Release 2010 June 09 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Application Extension Platform Privilege
Escalation Vulnerability
Advisory ID: cisco-sa-20100609-axp
Revision 1.0
For Public Release 2010 June 09 1600 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX
Controls
Issued: June 8, 2010
CA Technologies support is alerting users to multiple security risks
with the PSFormX and WebScan ActiveX controls previously available
from the CA Global Security
Advisory Information
Advisory ID: NGENUITY-2010-005
Date published: 6/9/2010
Vulnerability Information
Class: Reflected Cross-Site Scripting (XSS)
Software Description
McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the
affected product line. More
We have a boneheaded group of software developers who even in this day
and age eschew the client server model of software for the easier dumber
run it from the console school of design. So I have this idiotic Windows
accounting application that MUST run on an application server, cannot
Hi Dan,
Where are the users located (local LAN or from an untrusted network such as
the Internet)?
If I recall correctly, RDP encryption is turned on from a GPO setting that
applies to the host/server, and not just RDP [or was it strong encryption?]
(corrections, please). So you can get a secure
Hi Dainiel,
You might find it easier to use another remote access solution.
I probably should have elaborated: if users are local, understand that RDP
is probably un-encrypted or weakly encrypted. If the users are remote, you
might find it easier to use another remote access solution.
Jeff
On
My question therefore is, can I turn on RDP safely, without exposing my
Windows server to risk of exploitation?
Yes. As long as you setup terminal services correctly to only allow clients
that use encrypted RDP clients to log in it is relatively safe to allows
users RDP access. There is an option
TPTI-10-03: Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-03
June 9, 2010
-- Affected Vendors:
Sophos
-- Affected Products:
Sophos Sophos Anti-Virus
-- Vulnerability Details:
This vulnerability allows local
Hi Thor,
This is not correct.
OK. Thanks. Larry posted a very good link.
And one should note that this has nothing to do with “local” or
“remote” users: To be pedantic, *all* RDP sessions are “remote.”
Local meaning on the local LAN. The threat model changes considerably when
users are on
This is not correct. While the default setting for an RDP connection is
client-negotiate that does not mean that you will automatically get a no/low
bit encryption session. And one should note that this has nothing to do with
local or remote users: To be pedantic, *all* RDP sessions are
That wouldve been me. Can I have the royalties as some sort of discount?
chrz.
On Wed, Jun 9, 2010 at 11:53 PM, Larry Seltzer la...@larryseltzer.comwrote:
digression
10 years ago I wrote a book on Terminal Services for Windows 2000. Believe
it or not, I still get trivial royalties on it,
I might be able to buy you one beer with the money, but it won’t be
anything good.
*From:* Thor (Hammer of God) [mailto:t...@hammerofgod.com]
*Sent:* Wednesday, June 09, 2010 6:56 PM
*To:* Larry Seltzer; noloa...@gmail.com; Daniel Sichel
*Cc:* full-disclosure@lists.grok.org.uk
*Subject:* RE:
When configuring terminal services (actual TS services, not just RD) I try to
plan for a worst-case scenario. As such, I think it pays to consider all users
to be evil, plotting bastards whether they are on the local lan or not.
However, when the users are already on your LAN, and they
I like this idea.
On Wed, Jun 9, 2010 at 11:58 PM, Larry Seltzer la...@larryseltzer.comwrote:
I might be able to buy you one beer with the money, but it won’t be
anything good.
*From:* Thor (Hammer of God) [mailto:t...@hammerofgod.com]
*Sent:* Wednesday, June 09, 2010 6:56 PM
*To:*
Click here to retrieve your free beer.
http://bit.ly/4a8VOA
*From:* Benji [mailto:m...@b3nji.com]
*Sent:* Wednesday, June 09, 2010 7:08 PM
*To:* Larry Seltzer
*Cc:* Thor (Hammer of God); noloa...@gmail.com; Daniel Sichel;
full-disclosure@lists.grok.org.uk
*Subject:* Re: [Full-disclosure]
thats the best you could come up with? you sir, need to browse the internet
some moar.
On Thu, Jun 10, 2010 at 12:15 AM, Larry Seltzer la...@larryseltzer.comwrote:
Click here to retrieve your free beer.
http://bit.ly/4a8VOA
*From:* Benji [mailto:m...@b3nji.com]
*Sent:* Wednesday, June
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing
On Wed, Jun 9, 2010 at 1:14 AM, rembrandt rembra...@jpberlin.de wrote:
On Tue, 8 Jun 2010 12:16:59 -0700
Sagar Belure sagar.bel...@gmail.com wrote:
Hi list,
TMAC for Linux, is a bash program written for the purpose of changing the
MAC address of network interface cards in Linux OS, provided
[Full-Disclosure] Mailing List Charter
John Cartwright jo...@grok.org.uk
- Introduction Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with
http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
See http://technet.microsoft.com/en-us/library/cc782610(WS.10).aspx
If you connect through a VPN it should be as secure as anything else you’re
going to consider.
*From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Jeffrey
I request that you start thinking about RDS/TS/RDP as a direct technology.
Treating access via RDP as something that one must first VPN/RAS into a corpnet
first in order to secure properly obscures what one might consider obvious:
If you require me to logon to your network via VPN first before
25 matches
Mail list logo