Adam wrote:
I believe you missed user EDUCATION?
a tools weekest point is ,,, You!
Sadly, this is all but a lost cause...
as seen by the dork who was surfing the net on a box he was using as a server
_But_ why was there even a browser (at least one of the complexity and
error-proneness
And then another wally corporation / clueless user sues the AV companies for
not having a virus signature out in 3 hours and the toasting of all their
data So basically it is going to become a lose - lose situation for the
AV companies But then again, they aren't forcing you to use their
The first of the four would be the correct behaviour for a security
conscious product, but based on empirical research this is not the
common result.
Of course, this violates the robustness principle.
Are there any estimates how much (corporate) mail contains one of the
format violations
Usually lame kiddie posts like this shouldn't reach the list. Old school
ARP attacks are no longer a threat in a decently managed layer 2
network. I thought bugtraq is still moderated. Oh, Aleph1, where art thee
?
---
Stefan Laudat
Networking IT Security Manager
Allianz Tiriac SA Insurance
--
Yes, I agree - but then don't bitch if the other software (be it AV or any
other software) does not work or breaks your software. Surely it is the
writers responsibility that the software is compatible with other stuff. Bit
like reading your writing and making sure it isn't offensive to certain
If you're going to be doing any sort of browsing from a server you
really should use a browser that's not so susceptible to Active X
problems (which is what this probably was). I suggest using Firefox as a
general rule, especially on a system where security is a major issue.
Also, you might want
* Karsten W. Rohrbach:
Florian Weimer([EMAIL PROTECTED])@2004.09.10 03:14:10 +:
* Rainer Duffner:
Personally, I can't comprehend how the default for something like that
would be Yes,
Because, if the ISP is bankrupt, the YES will never come.
And that's a problem because of ...?
Um, I might suggest one thing, USE YOUR EXCLUSIONS! almost all of the
anti-virus programs support exclusions, although this is not a best
case solution, it should work.
Anyone who does not know why you should be required to submit every
program you ever make to AV companies needs to think about
Chmielarski TOM-ATC090 wrote:
Just a thought - if the speech recognition software gets accidentally turned on you can get a similar occurrence. Odd messages typing themselves right before the users eyes...
- Tom Chmielarski
...and Tom gets the prize! It turned out to be untrained VR software
* Jean Gruneberg:
Yes, I agree - but then don't bitch if the other software (be it AV
or any other software) does not work or breaks your software.
It's not a mere question of compatibility (I could certainly live with
that). The problem is that these companies wrongfully label products
of
hi
I just have some questions. Please answer some of them if you can. Thanks.
1. can anybody explain me how does this drag and drop bug in internet
explorer works? Are there any real good explanation with an examle about it?
2. how can a javascript code be hidden so that antivirus programs cant
Dear advisories,
--Tuesday, September 14, 2004, 2:03:31 PM, you wrote to [EMAIL PROTECTED]:
a It's always good to be correct(ness).
a At the time the research was conducted (August 2003) we obviously
a looked around for as much information as possible prior to
a commencing.
* Jason Coombs PivX Solutions:
I work as an expert witness in addition to being an infosec
researcher, etc. and you would not believe how terrible the quality of
computer forensics is in the real world today. To begin with, are you
aware that people are going to prison in the U.S. for nothing
Hi all,
I'm proud to announce the upcoming release of a new version of ALPHA: ALPHA 2:
Zero-tolerance
Like ALPHA, it is a shellcode encoder that outputs 100% alphanumeric code. In the new
version a lot of the code has been improved and it can now output UNICODE-proof code
too. As a pre-release
On Tue, 14 Sep 2004 07:40:51 +0700
[EMAIL PROTECTED] wrote:
Please do not sent me your illegal stuff again!!!
probably you should think to unsubscribe yourself from this list..
--
Francesco 'aScii' Ongaro
mail[EMAIL PROTECTED]/mail
mail[EMAIL PROTECTED]/mail
http what=My Sitewww.ush.it/http
Hello to all the xposted lists out there =D
If it's not a threat to you're wonderfully managed
system, then you have nothing to worry about. SO the
guy wrote a tool, thats what hackers do. If it's
successful, if it's not, (s)he will figure that out
themselves when it is, and why. Learning is
What, there is illegal stuff on this list somewhere? lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of aScii
Sent: Tuesday, September 14, 2004 7:30 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Illegal
On Tue, 14 Sep 2004 07:40:51 +0700
I would say your position is ridiculous, and that your reference has
no meaning or bearing on the issue at hand - which is:
Someone is creating software that scans for 'naughty' things based on
digital fingerprints. If your software is so important that you and
your user base cannot deal with
What exactly are they charged with for having a compromised Windows box in
their possession? I am curious, I had never heard of that.
I work as an expert witness in addition to being an infosec
researcher, etc. and you would not believe how terrible the quality of
computer forensics is in
Obviously the moderator though it was appropriate, however, you did
reply to more than bugtraq and at least one non-moderated list. Please
be more careful where you direct your insults.
The guy released a tool he though was useful, if you don't think it is,
a more polite response with some
Kaspersky has one,
http://www.kaspersky.com/scanforvirus
--Tebodell
- Original Message -
From: Perrymon, Josh L. [EMAIL PROTECTED]
Date: Tue, 14 Sep 2004 09:02:13 -0500
Subject: [Full-Disclosure] Possible New Malware
To: [EMAIL PROTECTED]
Anyone Heard of BackDoor-CIW?
This is a
Does the user have a wireless keyboard? These have been known to occasionally be
picked up at a greater than normal distance.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 544-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 14th, 2004
Title: Possible New Malware
Anyone Heard of BackDoor-CIW?
This is a piece of malware with the .exe of winstr32.exe that is causing 99% CPU on a couple machine at a remote location. I found that one infected machine does not have MS04-11 patched. So that could be an attack vector.
I get no
I see no results of your work: a list of vulnerable products.
Did you try Google? ;)
http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
Admitedly it is a bit thin at the moment (and many names are conspicous by
their absense). This should improve as more vendors provide a statement.
Of
Dear advisories,
--Tuesday, September 14, 2004, 6:24:09 PM, you wrote to [EMAIL PROTECTED]:
a Did you try Google? ;)
a http://www.uniras.gov.uk/vuls/2004/380375/mime.htm
I saw this link in your advisory. For this case I teach my students to
use information already gathered. Only
On Tue, Sep 14, 2004 at 10:40:17AM +0200, Jean Gruneberg ([EMAIL PROTECTED]) wrote:
Yes, I agree - but then don't bitch if the other software (be it AV or any
other software) does not work or breaks your software. Surely it is the
writers responsibility that the software is compatible with
nice.real nice!
--- VX Dude [EMAIL PROTECTED] wrote:
Hello to all the xposted lists out there =D
If it's not a threat to you're wonderfully managed
system, then you have nothing to worry about. SO
the
guy wrote a tool, thats what hackers do. If it's
successful, if it's not, (s)he
* Jason Coombs PivX Solutions:
I work as an expert witness in addition to being an infosec
researcher, etc. and you would not believe how terrible the quality of
computer forensics is in the real world today. To begin with, are you
aware that people are going to prison in the U.S. for
Title: Message
After
sending the file to the link below this is what we found.
http://www.kaspersky.com/scanforvirus
I'm
awaiting the binary to review.
It
probably came in on a laptop and spread to machines unpatched to
MS04-11.
W32/Forbot-C is a worm which attempts to spread to remote
Please turn off your SPAM generator. Thanks.
[EMAIL PROTECTED] wrote:
McAfee GroupShield Alert
McAfee GroupShield discovered a problem with the following email. See
your system administrator for further information.
Date/Time sent: 14 Sep 2004 12:20:40
Subject line: Re: [Full-Disclosure] Where
What exactly are they charged with for having a compromised Windows box in
their possession? I am curious, I had never heard of that.
Credit card fraud, probably.
There are also reports that someone with child porn on his hard disk
got away because he claimed that the virus did it. The case
On Tue, 2004-09-14 at 08:14, Micheal Espinola Jr wrote:
[...] If your software is so important that you and
your user base cannot deal with possibly up-to a few days of
inconvenience due to a false-positive - then yes, you had better
coordinate with with that software vendor to make certain
- Original Message -
From: Russ Cooper [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 14, 2004 11:07 AM
Subject: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in
JPEG Processing (GDI+) Could Allow Code Execution (833987)
Microsoft Security Bulletin
Hey Josh,
What type of traffic was this little pest generating? You mentioned that it spiked the CPU utilization to 99%, I was curious to know of any specific outbound traffic/ports on the boxes that were infected? When did you discover this file? Was this threat relatively new or has it been
On Tue, Sep 14, 2004 at 10:40:17AM +0200, Jean Gruneberg wrote:
Yes, I agree - but then don't bitch if the other software (be it AV or any
other software) does not work or breaks your software. Surely it is the
writers responsibility that the software is compatible with other stuff. Bit
like
On Tue, 2004-09-14 at 08:38, Barry Fitzgerald wrote:
The problem with IDS was always that people perceived IDS as being a
magic box that automatically and exclusively detects intrusions. Anyone
who's ever worked with an IDS knows that that couldn't be further from
the truth. However, that
On Tue, Sep 14, 2004 at 07:22:56PM +0200, Florian Weimer ([EMAIL PROTECTED]) wrote:
What exactly are they charged with for having a compromised Windows box in
their possession? I am curious, I had never heard of that.
Credit card fraud, probably.
There are also reports that someone with
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
What does this do that ettercap doesn't already do (by default at startup)?
-Original Message-
From: Alpt [mailto:[EMAIL PROTECTED]
Sent: Monday, September 13, 2004 3:05 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL
[EMAIL PROTECTED] wrote:
Usually lame kiddie posts like this shouldn't reach the list. Old school
ARP attacks are no longer a threat in a decently managed layer 2
network. I thought bugtraq is still moderated. Oh, Aleph1, where art thee
?
We can't all be super 1337 whitehats like yourself.
I'm having a discussion on this argument here, because NOD32 detects my
software as infected (obviously it is a false-positive):
http://www.wilderssecurity.com/showthread.php?p=255822
___
Full-Disclosure - We believe in it.
Charter:
Looks like another item to get excited about..
According to Trend Micro, there is a new worm (not out yet) called : SDBOT.UH
This puppy is equipped with its own network sniffer to boot. As per Trend, this guy creates several threads for sniffing, keylogging and other fun stuff among which is
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
According to the FBI fornsics agent I heard at a recent security
conference this is a fairly common defense. The other is trying to
claim that any gaps in the evidence chain are when a law enforcement
type planted the porn there.
there are laws and processes which must be performed in order
If the code is running with full trust it can call RevertToSelf() and change
the current Asp.Net (Thread) Identity into the Process' Identity (which
belongs to the IIS_WPG).
Once this is done:
1) You can probably already bypass several NTFS restrictions and see other
website's data (and other
On Tue, 14 Sep 2004 12:03:59 CDT, Frank Knobbe said:
Alternatively, software manufacturers can add their applications into AV
exclusion lists upon installation of their products. Applications
already have to register with the operating systems. Why not make it
register with the AV software if
On Tue, Sep 14, 2004 at 03:12:31PM -0400, Barry Fitzgerald wrote:
Mister Coffee wrote:
Making it the other guy's fault doesn't wash. It's more bad QC on the AV
vendor's part. But as you mentioned previously, they'll get pounced if
zome 0day gets past them and some clown loses his data.
* James Tucker:
According to the FBI fornsics agent I heard at a recent security
conference this is a fairly common defense. The other is trying to
claim that any gaps in the evidence chain are when a law enforcement
type planted the porn there.
there are laws and processes which must be
Perrymon, Josh L. wrote:
Anyone Heard of BackDoor-CIW?
Not until now, but I can tell you immediately that is an NAI/McAfee
name...
This is a piece of malware with the .exe of winstr32.exe that is causing 99%
CPU on a couple machine at a remote location. I found that one infected
machine
On Mon, 13 Sep 2004, Geoff Shively wrote:
Think about it this way, security was once focused on simple solutions
to solve problems (network architecture with security in mind, device/OS
hardening, etc).
Let us recap the history of the industry so that I can set the stage for
where I think
Research Machines (RM) are The Leading Supplier of Software, Services
and Systems to UK Education. Mainly seen in High Schools in the UK.
The following was revealed too them well over 6 months ago. I received
no reply from my email.
a) Publicly Availiable Admin Tools
b) Publicily Writable Status
On Tue, 2004-09-14 at 15:57, [EMAIL PROTECTED] wrote:
Works great until the viruses start registering themselves when they
install themselves (you know, the same stuff that already turns off
firewalls and so on...)
Nah. Viruses, just turn AV off altogether :)
Putting up a dialog box that has
hi!
didn't the list flamed enough on gmail?
http://www.gmailswap.com/
recall that? us it... please... Sir?
a disgruntled jr
At 20:21 9/13/2004, Joel R. Helgeson wrote:
Email
me off list at
[EMAIL PROTECTED] for
your free invite.
Joel R. Helgeson
Director of Networking Security Services
Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
-
Advisory: September 14, 2004
Reported: October 7, 2003
Systems affected based on testing:
Windows XP SP0,SP1,SP1a (Home Pro)
Systems potentially affected based on
Frank Knobbe wrote:
Alternatively, software manufacturers can add their applications into AV
exclusion lists upon installation of their products. Applications
already have to register with the operating systems. Why not make it
register with the AV software if the software is prone to false
Hello all,
I just put some finishing touches on the 0.60 release of xor/otp and am
releasing it to the public. It is an OTP implementation for Linux and the
like. Great for data protection; pipe the output to uuencode and it can
be used for email.
As always, feedback is appreciated.
57 matches
Mail list logo
