Hi Rohit,
Do you know if series 60 OS is the only affected OS ?
Allan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, January 24, 2005 6:01 AM
To: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com
Subject:
Op Tuesday 25 January 2005 05:35, Etaoin Shrdlu sgreifde:
It is not at all a good idea. I don't read the list in a digest, and
can't see why I should Might I suggest either using a gmail account to
subscribe, or channeling it in as a newsgroup (ala Usenet), which will
allow you to have what
Sir,
I work on Redhat Linux and we want to know if there is any method to mirror the '/proc' filesystem on one machine-A to another machine-B so as to monitor all the events occuring in A using machine-B.
Preeth.
___
Full-Disclosure - We believe in
Etaoin Shrdlu to Brian Anderson:
snip
I have previously messaged the List-Owner regarding adding this
however he suggested I ask the list so here I am.
Do you believe that this is good idea and should be implemented?
It is not at all a good idea. ...
Au contraire...
... I don't
I'm interested in finding if there is any truth behind
these claims at hushmail.com. Can anyone tell of
their experiences with hushmail or give them a review?
Does anyone know of a different service that claims
not to log IPs?
From the Hushmail Technical FAQ:
Is there any way the recipient of a
To me this suggests that, unlike most web based e-mail providers such
as hotmail, hushmail does not send the user's I.P address in the
headers of the e-mail address, but hushmail still logs IP addresses.
___
Full-Disclosure - We believe in it.
Charter:
[MS] claim there are no
unfixed vulnerabilities to Terminal Server on Windows Server 2000
Service Pack 4.
I find that hard to believe and I know you guys will know if they
are
full of it, or they are correct. Please let me know ASAP of any
CURRENT vulnerabilities int Terminal Server.
Bryan,
Thanks for your input.
On Tue, Jan 25, 2005 at 12:04:45AM -0800, [EMAIL PROTECTED] wrote:
Full-Disclosure aspect: knowing the capabilities and limitations of the
various firewalls employed. How policies can be violated without detection.
Vendors and open-source community need to push
I was asking for anyone with evidence or experience
dealing with hushmail. You seem to have neither.
Can anyone verify hushmail's claims or provide some
recounting of events that would seem to bolster their
claims?
Thank you.
--- Andrew Smith [EMAIL PROTECTED] wrote:
To me this suggests
I was asking for anyone with evidence or experience
dealing with hushmail. You seem to have neither.
Can anyone verify hushmail's claims or provide some
recounting of events that would seem to bolster their
claims?
--- Andrew Smith [EMAIL PROTECTED] wrote:
To me this suggests that,
On Tue, 25 Jan 2005 08:58:39 GMT, preeth k said:
I work on Redhat Linux and we want to know if there is any method to mirror
the '/proc' filesystem on one machine-A to another machine-B so as to monitor
all the events occuring in A using machine-B
The problem is that even if you *could*
Pseudo Nym wrote:
I was asking for anyone with evidence or experience
dealing with hushmail. You seem to have neither.
Well, at least he had the courtesy to reply to you. But read on, MacDuff.
Can anyone verify hushmail's claims or provide some
recounting of events that would seem to bolster
===
Ubuntu Security Notice USN-70-1January 25, 2005
libdbi-perl vulnerabilities
CAN-2005-0077
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
Terminal Server encrypts its traffic, yes, but it doesn't do any
verification of what server it's connecting to. This is equivalent to
SSL with anonymous DH key agreement - you know no eavesdroppers can
listen in, but you have no idea who you're talking to.
So a MiTM attack is possible, there is
Yeah, fine, so if this bothers you use a VPN. I still it's something
very few people need to worry about.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Please join us for first free OWASP LA/OC chapter meeting.
Theme: (Web) Application Security
Date / Time:
Friday, Feb 18, 2004 / 6.00 PM to 8.00 PM
Venue
Foundstone, Inc
27201, Puerta Real, #400
Mission Viejo, CA 92691
Agenda
6.00 - 6.30 Arrival and chit-chat
6.30 - 6.50 Presentation 1 (20
On Tue, 25 Jan 2005 12:12:10 EST, Larry Seltzer said:
Yeah, fine, so if this bothers you use a VPN. I still it's something
very few people need to worry about.
More correctly, the vast majority of sites are so screwed security-wise that
they'll never have the opportunity to see a MITM attack
On Tue, 25 Jan 2005 11:22:25 CST, [EMAIL PROTECTED] said:
How hard is it to verify this yourself by, as has been suggested
elsewhere, signing up and sending yourself an email? Not to overly harsh
your mellow, but the solution to getting this information is not exactly
ocket science...
I think that this may trigger on the regular HTTP request that SkyPE does
at
start up (and only then). This checks the SkyPE web site for updates. This
is
also what the available Snort signature trigger on, simply because it's the
only kind of traffic that has a recognizable signature.
How many
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: phpEventCalendar HTML injection
Vulnerability discovery: Madelman madelman AT iname.com
Date: 25/01/2005
Severity: Medium. Registered users can obtain other users cookies
Summary:
-
phpEventCalendar is a MySQL backed application that
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I really have to agree with starwars on this one, I have been reading
Phrack for years now, c'mon people even if a few groups are not willing
to try an publish Phrack for everyone to vote on, why don't a few of us
get together and keep Phrack going?
Daniel Sichel wrote:
snip
Naturally I
don't like this answer because of horror stories I have heard
about Terminal server. They claim there are no unfixed
vulnerabilities to Terminal Server on Windows Server 2000
Service Pack 4.
The problem with terminal server is not any
Thank you Valdis, you were spot on. I'm sorry, I must
have been misunderstood, my main concern IS a blunt
legal object being used against hushmail to find my
identity. Without contact with their staff there is
no way to prove their claim that their log files do
not correlate IP addresses to
On Jan 25, 2005, at 2:38 PM, Curt Purdy wrote:
Daniel Sichel wrote:
snip
Naturally I
don't like this answer because of horror stories I have heard
about Terminal server. They claim there are no unfixed
vulnerabilities to Terminal Server on Windows Server 2000
Service Pack 4.
The problem with
Thank you Valdis, you were spot on. I'm sorry, I must
have been misunderstood, my main concern IS a blunt
legal object being used against hushmail to find my
identity.
No business can ignore a judges orders to produce whatever required
information.
The business can contest the request but if
On Tue, 25 Jan 2005 14:51:07 MST, james edwards said:
No business can ignore a judges orders to produce whatever required
information.
The business can contest the request but if it is proven out the information
must be produced.
So tell me - what do you do when you get served a subpoena
I totally disagree. I think that Phrack.org was a bunch of watered
down old bullshit. If Long Live anything, Long Live pHC.
whiteh8 f0' lyfE
On Tue, Jan 25, 2005 at 08:34:01PM +, xyberpix wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I really have to agree with starwars on this
Your point ?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users
can bypass access restrictions
Advisory
I have to agree with James,
If you are using Hushmail's free e-mail service and expecting that to
hide you from the government, then you are in trouble. Mine as well keep
e-mailing from your yahoo address anyways. You must assume all things
log your IP address, even anon proxies. Which most
I agree, renamed the Admin account and create a fake Admin account, put
very good logging on it. Because any attempts on this account would be
attacks.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Steve Tornio
Sent: Tuesday, January 25, 2005
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local
privilege elevation
Advisory number:
- Original Message -
From: [EMAIL PROTECTED]
To: james edwards [EMAIL PROTECTED]
Cc: full-disclosure@lists.netsys.com
Sent: Wednesday, January 26, 2005 9:13 AM
Subject: Re: [Full-Disclosure] hushmail.com, is this true?
On Tue, 25 Jan 2005 14:51:07 MST, james edwards said:
No
This is from an earlier e-mail I drafted but did not
send:
ah hah, I made another mistake. I meant Etaoin
instead of Atte in my last e-mail. Thank you Etaoin,
I'm VERY glad to here that you know people who do or
who have worked there. That's very comforting.
Anyone else got anything?
and
They can't produce information that doesn't exist, which begs the
questions: do they log your ip address?
No business can ignore a judges orders to produce whatever required
information.
The business can contest the request but if it is proven out the information
must be produced.
They can't produce information that doesn't exist, which begs the
questions: do they log your ip address?
It is a pointless question.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
They can't force you to produce information you can prove you don't have...
Actually, I believe the Sarbanes Oxley Act requires companies keep records
for a period of time. Not sure the entire specifics of this but I'm sure
if you wanted to quote me on this you could (http://tinyurl.com/542n3)
On Tue, 25 Jan 2005, james edwards wrote:
No business can ignore a judges orders to produce whatever required
information. The business can contest the request but if it is proven
out the information must be produced.
You're assuming here. A US Judge has no juridstiction over a company in
Does Hush track IP addresses of visitors or address holders?
Hushmail.com does log IP addresses to analyze market trends and gather
broad demographic information for aggregate use. However, Hushmail.com
will never log your IP address in such a way that it can be associated
with your Hushmail
Bryan,
On Tue, Jan 25, 2005 at 10:05:42AM -0800, [EMAIL PROTECTED] wrote:
I think that this may trigger on the regular HTTP request that SkyPE does
at
start up (and only then). This checks the SkyPE web site for updates. This
is
also what the available Snort signature trigger on, simply
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: xpdf
Advisory ID:
J.A. Terranson wrote:
If you are really serious about one-way, non-traceable email, google for
mixmaster.
Last I looked, I would have recommended that you start here.
http://freedom.gmsociety.org/ (George Mason Society Freedom Project)
On the other hand, I suspect that hushmail does not keep the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: cups
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: gpdf
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: koffice
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: kernel
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: tetex
Advisory ID:
Microsoft TS is vulnerable to MITM attaks. I usual use IPSec-AH as migitiation
factor. So - it may mitigate over vulnerabilities - such as brute force etc,
because strict ipsec authentication.
(c)oded by [EMAIL PROTECTED]
___
Full-Disclosure - We
50 matches
Mail list logo
