Didn't mean to have you apologize, it did it's job. It showed
That I was not vulnerable. I just found it interesting that my
AV called it something that could not be found through search.
No worries Randall. =) I really should of warned about the possible AV
warnings, as some might not
Brian,
First, you wrote that I do not really believe in full disclosure
even though I clearly stated I am for it. I find it a little bit
difficult to argue on that level of reasoning, but please allow
me to clarify what I tried to propose anyway: I truly believe that
vulnerability disclosure
http://yro.slashdot.org/yro/04/10/07/204217.shtml?tid=153tid=219
Every server operator should have zeroizing equipment
(rapid, unreversible data erasing gear) available immeditely
at the scene.
Essentially, hard drives can be destroyed by heating them
above their specific temperature, where
This hit me today.
The URL is:
http://%32%31%31%2E%39%37%2E%32%34%38%2E%36%30:%38%37/%63%69%74/%69%6E%64%65%78%2E%68%74%6D
( http://211.97.248.60:87/cit/confirm.htm )
- Original Message -
From: CITI [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 07, 2004 9:08 PM
---
Fedora Legacy Update Advisory
Synopsis: Updated netpbm resolves security vulnerabilities
Advisory ID: FLSA:1257
Issue date:2004-10-08
Product: Red Hat Linux
Keywords:
I stand corrected
There is a lovely little link at the bottom of the page. Heh...
http://www.citibank.com/domain/redirect/footer/abuse.htm
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pablo
Sent: 08 October 2004 11:31
To: [EMAIL PROTECTED]
This and other similar ones have been flooding it's way across the internet
for a while now, that one I have received in most of my email accounts
(personal business) over the last 2 weeks.
Unfortunately while people are stupid enough to believe the email, who will
click on the link and supply
Yes, but as iss, eeye and ngs are finding the bugs, and not you, they
get to make up the rules. And they've each chosen a slightly different
rule, most likely dominated by their marketing department's studies of
what got them the most publicity per-bug. Nobody cares about the good
of the
There's a bold red ! Consumer Alert notice on their homepage.
On Fri, 8 Oct 2004 11:59:44 +0100, Simon Lorentsen
[EMAIL PROTECTED] wrote:
I stand corrected
There is a lovely little link at the bottom of the page. Heh...
http://www.citibank.com/domain/redirect/footer/abuse.htm
I just don't understand people who think by using some cheap trick they
get into my files or website and hack them, that they have no personal responsibility.
It's insane to think and criminal that anything you can get into is fair game.
Just because I have a cheap lock you can break does not
About Citibank Scam :
it's an phising attack based on GDI+ JPEG overflow.
The exploit JPEG is named Ducky.jpg, and is detected by some antivirus
systems as Trojan.Ducky.
The message from CityBank is not textual, but an imagemap of an image
that is made to look like text.
The image is called
Who pissed in your Wheaties?
-KF
Clairmont, Jan M wrote:
I just don't understand people who think by using some cheap trick they
get into my files or website and hack them, that they have no personal responsibility.
It's insane to think and criminal that anything you can get into is fair game.
--
S E C O N D C A L L F O R P A P E R S
--
Privacy Respecting Incident Management
PRIMA
This is the internet.
This isn't your home, your car, your wallet.
This is the internet.
Offline analogies do not work. They also make my brain hurt, please do
not use them.
Whilst breaking a weak lock is criminal on the internet and in real
life, it's also a hell of a lot easier to do on the
H. Doesn't look like citibank to me;
Hualin Qian
address: Chinese Academy of Sciences
address: Computer Network Center
address: P.O.Box 2418-26
address: Beijing, 100081
address: CN
phone:+86 1 2569960
e-mail: [EMAIL PROTECTED]
nic-hdl:
The fact that something is illegal discourages
no-one, the fact that
they may get caught and punushed discourages most.
If you drive your Lambhorgini to a city, pull off the
side of the road, leave the keys in it and doors open,
and someone steals it...don't be surprised.
The difference
Neither does 211.97.248.60:-)[EMAIL PROTECTED] wrote:
H. Doesn't look like citibank to me;Hualin Qianaddress: Chinese Academy of Sciencesaddress: Computer Network Centeraddress: P.O.Box 2418-26address: Beijing, 100081address: CNphone: +86 1 2569960e-mail: [EMAIL PROTECTED]nic-hdl:
I beg to differ. This is not public domain. This is something we all
pay for and have a vested interest in.
The days of the 'wild west' are over. There is a new sheriff in town.
Because of stupid script kiddies and black hat assholes, things are
going to change whether you like it or not -
Micheal,
I beg to differ. This is not public domain. This
is something we all
pay for and have a vested interest in.
I agree that we do pay for our access.
The days of the 'wild west' are over. There is a
new sheriff in town.
How so? Who or where is this sheriff? Are you
referring
No
matter how many laws are passed or how many policies
are written, they are pretty much useless as they
are not capable of changing people.
Laws don't change people's behaviour...the enforcement
of the laws does.
In the days of NIPC, the Attorney General mandated a
threshold of $5k
Enforcement of a law is a function of how many people are policing a
behavior. Take smoking, we've made it increasingly socially unacceptable in
most circles and the number of people smoking DECREASED rapidly and for a
sustained period.
There will always be people bucking societal norms and the
Umm, should the Paladin of Security have weak locks? ;-)
Compute Fair, Compute Fun, Compute secure
Jan Clairmont Paladin of Security, Take no Prisoners!
Unix Security Support/Consultant
___
Full-Disclosure - We believe in it.
Charter:
Laws don't change people's behaviour...the enforcement
of the laws does.
I'm going to be optimistic (it being Friday) and say that there are
other factors worth mentioning that act to change established behaviour.
Education is a big one--and I'm not just talking about the education
of the
I have very weak locks, because I live on the range in the wild, but have a big
pit for them to fall in after they get there, landmines and all. You may get in
but there is no guarantee you'll ever get out.;-
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf
This is an interesting perspective Harlan, but I cant say that I agree with you. The point I was trying to make was that there exists a need to change the inclinations of the mind and of the heart in order to make a difference. Behavior is just a bi product of this type of change. You can enforce
Surely the threat of Take no Prisoners! is enough to scare anyone off, Harry.
On Fri, 08 Oct 2004 14:09:26 -0400, Harry Hoffman
[EMAIL PROTECTED] wrote:
Umm, should the Paladin of Security have weak locks? ;-)
Compute Fair, Compute Fun, Compute secure
Jan Clairmont Paladin of
On Thu, 7 Oct 2004, Gregory Gilliss wrote:
IANAL.
Criminal trespass affects real property. Computers and cyberspace,
contrary to popular belief, do not constitute real property. However
incorrect, at least on the first part; a computer is a solid quantifiable
object, if I buy one from dell,
On Fri, 8 Oct 2004, Andrew Smith wrote:
This is the internet.
This isn't your home, your car, your wallet.
This is the internet.
Offline analogies do not work. They also make my brain hurt, please do
not use them.
as if I care about yer weak brain and the pain it causes you,...
Whilst
I'm wondering how dangerous it is to allow a user on a
mysql db to view the grants for another user. Could
they take the encrypted password data and possibly
crack it? If they can, how easy is it?
___
Full-Disclosure - We believe in it.
Charter:
Jesse, et al...
...expect to see an ongoing barrage on injustices...
This has been ongoing since Cain slew Abel...or if you like, since Og
clubbed Ooog outside his cave and dragged his cavewoman off by her hair.
Please don't ever depend on the nature of man changing in order to have
safety
I want to echo Andrew Smith's concern. THIS GUY IS FROM CITIGROUP!!!
I'm glad that Citigroup is building their security around what's
lawfull and what's unlawfull on the INTERNET!!!
It's the Internet dude... Next time you decide to rant like this on
the list and sign your name as a UNIX
Keep those cards and letters coming. This list has become way more entertaining than
real security news could ever be ;)
-
Steve Blass
If security through obscurity is pointless why do we keep passwords secret?
___
Full-Disclosure - We believe in
###
Luigi Auriemma
Applications: Some old games developed by Monolith
http://www.lith.com
Versions: - Alien versus Predator 2 = 1.0.9.6
- Blood 2
David Hane wrote:
I'm wondering how dangerous it is to allow a user on a
mysql db to view the grants for another user. Could
they take the encrypted password data and possibly
crack it? If they can, how easy is it?
If a user can read the password data, it should be possible to do a
phood 4 th0ugh7,
last i heard being on the internet was voluntary...
( whether you are a person or business enity
and many successfull business have no internet presence )
if i am correct... being on the the internet is not manditory to
conduct life sustaining activities...
( eat, shit, sleep [
OK. You're wrong.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of morning_wood
Sent: Friday, October 08, 2004 3:53 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Hacking into private files, my credit card purchases,
personal correspondence or
Am i the only one concerned at the childish behavious on these mailing lists?
I've not been reading for so long, but in my second or third email to
these lists i've been told that someone 'doesn't care' about me and my
'weak brain'.
And now this 'OK. You're wrong.' ?
Is this neccesary?
I beleive
You should get used to it. It's Full-Disclosure and it's unmoderated.
Somebody starts a stupid childish rant like this guy from Citigroup
(which by the way is making me think twice on doing business with
them). I would advise all people who decide to tell somebody that
they have a weak brain to
Not entirely sure if this is appropriate for full-disclosure. Ah Well.
As you may well know there are programs that scour the internet
looking for email addresses, some people attempt to thwart them
writing emails like my_email (AT) mydomain (DOT) com. These don't
really work, so i figured some
On Fri, 8 Oct 2004, Martin Viktora wrote:
I truly believe that vulnerability disclosure should follow these steps:
0. (The primordial sin) The vulnerable product is released and all
information about the vulnerability is made available *by the vendor
itself* to anyone with enough competence,
I have to laugh, since I had the same thought as you! Except I interpreted
the childish behavior as coming from the side you seem to be defending. :-)
Perception is everything.
IMO, arguing that our presence on the Internet is voluntary and that it
somehow excuses bad behavior is simply
- Original Message -
From: Pavel Kankovsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, October 09, 2004 12:11 AM
Subject: Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer
vulnerabilities
gt; 0. (quot;The primordial sinquot;) The vulnerable product is released
Georgi Guninski security advisory #71, 2004
http://www.guninski.com/where_do_you_want_billg_to_go_today_1.html
.. snip ..
By opening html in IE it is possible to read at least well formed xml from
arbitrary servers. The info then may be transmitted.
GreyMagic disclosed the EXACT same issue on
Got this from company network on Snort oinking WEB-CLIENT JPEG parser
heap overflow attempt
(http://www.snort.org/snort-db/sid.html?sid=1-2705).
Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @
hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h
trojan
Ok, this will be my last post on this subject. It's getting borring,
and I have work to do. My point is that, as in real life, we need
security on the Internet because of the way people choose to behave.
I, you and most others choose to behive in a socially excepted
manner, which is to say we
45 matches
Mail list logo