On Thu, 21 Oct 2004, Paul Schmehl wrote:
FYI: This election *does* matter to people not in America. If you haven't
noticed, the position of President of the USA is currently being played
by a power-crazed jesus freak who has a penchant for declaring war on
anyone who he thinks God might
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: kdegraphics
Advisory
Hi,
I would like to point out a design flaw in human communication. The bug is
shown rather clearly on this list lately but manifests itself in the
following ways:
- Heated discussion which are completely irrelevant to the context of the
environment.
- Oneliners put in front of a long
You can certainly have multiple time servers specified with Windows
Time Service (SNTP). RTM. It has the ability to failover through a
list.
If you need the full features of NTP, by all means use a third party
daemon. However, in keeping my routers, RADIUS, and Kerberos sync'd
properly - I
Paul J. Morris wrote:
[...]
we will not know whether the results of this election, regardless of who wins,
reflect the votes that people actually cast.
And how is that different than with paper ballots? Do you witness the
counting of all the thousands of ballots yourself? Does anyone take
i heart about that demonstration a couple of weeks ago. now
it's an official announcement at parsec.jp [0]. since there is not
much technical info on that issue in the announcement, i googled
around and found a link to an interesting post about the IEEE1394
OHCI interface on kerneltrap [1] back
Hello,
I am trying to figure out what would be faster to look up, a regexp or
hash table.
If both files had a the same amount of data in them which one would be
faster ??
Lets for example 10,000 lines ???
Michael.
___
Full-Disclosure - We believe in
the mark 2 model doesn't have any earlobes and the appendix is gone,
leaving a residual dimple on the caecum.
it's the lack of earlobes that allows them to be easily identified...
all mark 1s should only mate with mark 2s to further the species.
mikie
[EMAIL PROTECTED] wrote on 22/10/2004
Hi All,
I am seeing some network traffic for some windows host trying to
contact random remote hosts port 445 and these hosts also try to
connect 212.175.149.149.6667
Is this some kind of an IRC bot/trojan?
Anybody aware of it?
We cannot find anything with the virus scanner.
This virus is very
Title: ms backup schedule
Hey all,
I having trouble getting the ms backup schedule to work. I was told I need to make it a service.
Any advice would be great
Hugo van der Kooij wrote:
I would like to point out a design
flaw in human communication.
What you describe is an implementation bug, not a design flaw.
FD'ers in particular also appear to have a Reply To All defect whereby every thought
that enters one's head while reading FD is compulsively
Why the fsck would you post that to this list.
Not meaning to start a flame war but is the list titled Tech Support ??
No it isn't!!
Read the list charter and find out!
--
DanB UK
London, UK
___
Full-Disclosure - We believe in it.
Charter:
heh, what kind of question is that, hash tables partition the data
into smaller tables that can be indexed by the hash of the string, so
you need to do only a few dereferences and maybe some compares if you
got collisions.
afaik a regexp needs to process every entry atleast once.
On Thu, 21 Oct
Hello all,
Since I received information from SUN Microsystems that they did not
plan to release
Sun Alert for the issues I found in their CLDC [1] reference
implementation, I would
like to announce the following.
I found two very serious security vulnerabilities in Java technology for
mobile
Ok, someone please call someone else
a Nazi so we can invoke the ancient and honorable rule that will result
in this thread being killed.
Bart Lansing
Manager, Desktop Services/Lotus Notes
Kohl's IT
[EMAIL PROTECTED] wrote on 10/21/2004
04:35:05 PM:
Wow, that has to rate as one of the
Joe Hood wrote:
We can only pray that al-quaeda isn't as successful as they were in Spain.
Yeah, have you ever wondered why they haven't attacked?
Hmmm... maybe it's because they want Bush to win? Or, if an attack
occurred, would that bolster Bush in the election?
These issues aren't quite
Can you verify if you have any connections making it out to that
212.175.149.149 address? It appears to be a host located in Turkey.
I may have already pulled the whois info on this host from ripe.net
From looking at the contact info for the host is looks like possibly a
broadband provider in
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:libtiff
Announcement-ID:SUSE-SA:2004:038
Date: Friday,
Sounds like a IRC trojan that is trying to spread via network shares
(maybe weak passwords). 6667 is the IRC port, so it looks like it needs
that for command and control.
Can you get a copy of it?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
just a quick comment (unfortunately I don't
have time to give a more complete comment and
I still haven't had a chance to update my write up
on this GDI+ bug)...
some of those exploits have misleading comments...
they talk about overwriting PEB's lock routine function
pointer, but this isn't
Apart from not being supported by IBM any longer? Insecurities in WAS usually emerge
from how you deploy it (LDAP? - remember that ldap requests are usually clear
text)(and hardly anyone ever managed to get Global Security working so often the admin
console is not secured), are specific to the
So right off the bat you know you are sacrificing something.
Why settle for less than the best when the best is free?
Two reasons. Say you don't need the full feature set of NTP and/or you
manage hundreds of thousands of machines globally and you don't want to have
to add something
Hi there,
Sorry for a question which I'm sure a lot of people on this list will
consider trivial, but I'm subscribed, so I might as well ask it here.
I need a Linux utility which I can use to encrypt a single gzipped file
via the command line. Obviously something open source would be
A simple passphrase -- Golfmakesyougomad! -- as a password will create
a very difficult password to crack.
Mark Challender, MCSE
Network Administrator
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Exibar
Sent: Thursday, October 21, 2004 10:07 AM
-Original Message-
From: Kyle Maxwell [mailto:[EMAIL PROTECTED]
Sent: 21 October 2004 17:57
To: Airey, John
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Possibly a stupid question RPC
over HTTP
On Thu, 21 Oct 2004 13:21:10 +0100, Airey, John
[EMAIL PROTECTED] wrote:
Paul Schmehl wrote:
Yes, what we need in an American president is a sycophantic,
indecisive appeaser so France, Germany and the UN can continue their
graft, bribery and corruption with the Arab world without interference
from those meddling idiots in America.
And you're advocating that a
Exibar wrote:
Curt,
And what was it that Bush lied to you personally about? or lied to the
American People about? WMD's in Iraq? Just because we haven't found many of
them (YES we have found some, BTW), doesn't mean they didn't exist
Like life on Mars, just because we haven't seem little
I would imagine it's time vs space trade off. A hashtable would be
quicker, but would require memory for your Hash table to actually
exist. A regexp would need no memory, but would take more time.
On Fri, 22 Oct 2004 15:02:54 +0300, upb [EMAIL PROTECTED] wrote:
heh, what kind of question is
Jason Coombs PivX Solutions wrote:
If we're going to allow these electronic voting devices in our elections, then we
the people must be empowered to become the all volunteer quality assurance army that
validates the data output.
Hey there Jason,
I share similar concerns. If we trace the
Looking for an automated UDDI / WSDL scanner
Anyone heard of such a tool? What would be the challenges in building one?
Thanks in advance
-Mike
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
The only reason this was never disclosed was originally in hopes of
proper vendor response... I spoke to their tech support about 5 times
but they were just total morons. I eventually gave up.
I was going to write a shatter like attack so this could be exploited
ala .exe file but I never had
On October 21, 2004 10:22 pm, Rosalina Hamar wrote:
i heart about that demonstration a couple of weeks ago. now
it's an official announcement at parsec.jp [0]. since there is not
much technical info on that issue in the announcement, i googled
around and found a link to an interesting post
At 01:48 PM 22/10/2004, Ali Campbell wrote:
I need a Linux utility which I can use to encrypt a single gzipped file
via the command line. Obviously something open source would be preferable.
I'm not really interested in setting up a whole suite of stuff with
keyfiles and so on, and I don't need
Posted here:
http://dfind.kd-team.com/36/55/op.php
Stack based overflow, bug discovered by Luigi Auriemma
aluigi.altervista.org
Tested working on Win2K, This public version crash on any WinXP, read
the code why.
The exploit bind a shellcode on the victim port 101.
From the code:
Why Win2k
Le vendredi 22 octobre 2004 à 13:46 -0400, Mike Tancsa a écrit :
This is only as strong as your passphrase. Using something like GPG has
other advantages since the private key can be kept in a separate location
from the encrypted file.
GnuPG can be used for symetrical ciphering only.
On Fri, 22 Oct 2004 13:20:36 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Posted here:
http://dfind.kd-team.com/36/55/op.php
Stack based overflow, bug discovered by Luigi Auriemma
aluigi.altervista.org
Tested working on Win2K, This public version crash on any WinXP, read
the code
Check out the crypt tool. Do a man crypt to see the options. Crypt
should be included with any distribution of Linux (also on Solaris).
-Michael
On Fri, 22 Oct 2004 13:46:08 -0400, Mike Tancsa [EMAIL PROTECTED] wrote:
At 01:48 PM 22/10/2004, Ali Campbell wrote:
I need a Linux utility which I
Paul Schmehl wrote:
--On Friday, October 22, 2004 10:32:34 AM -0400 Barry Fitzgerald
[EMAIL PROTECTED] wrote:
I share similar concerns. If we trace the why of this issue back
to it's root (and discard conspiracy theories - which, given the
attitude
of a certain voting machine company that
What listens on port 2000?
-KF
[EMAIL PROTECTED] wrote:
Posted here:
http://dfind.kd-team.com/36/55/op.php
Stack based overflow, bug discovered by Luigi Auriemma
aluigi.altervista.org
Tested working on Win2K, This public version crash on any WinXP, read
the code why.
The exploit bind a shellcode
And if the problem of factoring large numbers into primes was indeed
solved (this is probably what you meant), I think you'd very quickly
see a complete replacement of crypto systems in use today by the
governments with such security services.
Depending on how rigourous you are being, the large
to correct you this is for ShixxNote 6.net, not so
big app than Win2K, do not send me so many credits ^^
/*
ShixxNote 6.net buffer overflow exploit v0.1
Public exploit overflows only Win2K systems, else crashs.
Exploit code by class101 [at] DFind.kd-team.com
Bind a shellcode to the port
--On Friday, October 22, 2004 10:32:34 AM -0400 Barry Fitzgerald
[EMAIL PROTECTED] wrote:
I share similar concerns. If we trace the why of this issue back
to it's root (and discard conspiracy theories - which, given the attitude
of a certain voting machine company that begins with a 'D's
On 22 Oct 2004, at 06:50, Airey, John wrote:
On Thu, 21 Oct 2004 13:21:10 +0100, Airey, John
[EMAIL PROTECTED] wrote:
This gives you two options. One, use brute force to break
the SSL encryption. Two (and it's entirely possible that the
security services have this already) come up with a
Novell SuSe Linux LibTIFF Heap Overflow Vulnerability
iDEFENSE Security Advisory 10.22.04
www.idefense.com/application/poi/display?id=154type=vulnerabilities
October 22, 2004
I. BACKGROUND
libtiff provides support for using the Tag Image File Format (TIFF), a
widely used format for storing
Date:October 22, 2004
Product/Service: pGina 1.7.6 and probably older version
Issue:Windows DoS in certain pGina configurations
URL:http://pgina.xpasystems.com/
Advisory URL: http://www.lovebug.org/pgina_dos.txt
Service Overview:
On Fri, Oct 22, 2004 at 05:48:26PM +, Ali Campbell wrote:
Hi there,
Sorry for a question which I'm sure a lot of people on this list will
consider trivial, but I'm subscribed, so I might as well ask it here.
I need a Linux utility which I can use to encrypt a single gzipped file
via
Date: October 22, 2004
Vendor: America Online Inc.
Issue: AOL Journals BlogID incrementing discloses account names and
e-mail addresses
URL: http://journals.aol.com / AOL Keyword: Journals
Advisory:http://www.lovebug.org/aoljournals_advisory.txt
Service
openssl encryption and decryption,
encrypt
openssl enc cipher -e -in filename.txt -out filename.enc
openssl enc -aes-256-cfb -e -in filename.txt -out filename.enc
decrypt
openssl enc cipher -d -in filename.enc -out filename.txt
openssl enc -aes-256-cfb -d -in
Hi,Today I got e-mail from "69.197.83.68" CANADA ISP which has undetectable virus. Well I downloaded this file but I didn't run it because I know it is virus. and now I am complaining to "rogers.com" ISP about this matter. Because I got this file from this ISP. It is abuse of internet service. I
Firstly, a brief update on the status of reported sample vulnerabilities:
- mozilla_die1.html: confirmed, fixed in snapshots (DoS most of the time)
- mozilla_die2.html: confirmed, being worked on (likely exploitable)
- opera_die1.html: confirmed, being worked on (likely exploitable)
-
Title: Nachricht
nice
artwork.
-Ursprüngliche Nachricht-Von:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Farrukh
HussainGesendet: Freitag, 22. Oktober 2004 22:29An:
[EMAIL PROTECTED]Betreff: [Full-Disclosure]
Undetectable Virus from CANADA ISP
gpg --help
-KF
Joe Szilagyi wrote:
Hi,
What's the syntax to decrypt using this?
Regards,
Joe
- Original Message -
From: Mike Tancsa [EMAIL PROTECTED]
To: Ali Campbell [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, October 22, 2004 1:46 PM
Subject: Re: [Full-Disclosure] Q: Linux
Today I got e-mail from 69.197.83.68 CANADA ISP which has undetectable
virus.
This just means that you or your A/V hasn't updated their virus
definitions. Try multiple A/V programs, this will cover a wider range
of 'viruses'.
Well I downloaded this file but I didn't run it because I know
Andrew Smith wrote:
Today I got e-mail from 69.197.83.68 CANADA ISP which has undetectable
virus.
Threat: [EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
--On Farrukh Hussain [EMAIL PROTECTED] wrote:
Hi,
Today I got e-mail from 69.197.83.68 CANADA ISP which has
undetectable virus. Well I downloaded this file but I didn't run it
because I know it is virus.
It's undetectable, and yet you detected it.
Imagine that.
It's the W32/[EMAIL PROTECTED]
On Friday 22 October 2004 14:31, Daniel Sichel wrote:
Depending on how rigourous you are being, the large in large numbers
is a relative term. I know from talking to someone who has worked in
for real government crypto that there is enough storage space to
create a lookup db of a good chunk
===
Ubuntu Security Notice 2-1 October 22, 2004
xpdf vulnerabilities
CAN-2004-0889
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
On Fri Oct 22 22:28:50 2004, Farrukh Hussain [EMAIL PROTECTED] wrote:
Hi,
Today I got e-mail from 69.197.83.68 CANADA ISP
You mean a Canadian ISP?
which has undetectable virus.
By all anti-virus vendors?
Well I downloaded this file but I didn't run it because I know it is virus.
If
===
Ubuntu Security Notice 1-1 October 22, 2004
PNG library vulnerabilities
CAN-2004-0955
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
ph0enix wrote:
nice artwork.
-Ursprüngliche Nachricht-
*Von:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *Im Auftrag von
*Farrukh Hussain
*Gesendet:* Freitag, 22. Oktober 2004 22:29
*An:* [EMAIL PROTECTED]
*Betreff:* [Full-Disclosure] Undetectable Virus from
60 matches
Mail list logo