he
suggested I ask the list so here I am.
Do you believe that this is "good idea" and should be implemented?
Thanks
BJA
--
=====
Brian Anderson Email: [EMAIL PROTECTED] |
Information Security Phone:
http://www.zone-h.org/defacements/mirror/id=1756014/
On Mon, 29 Nov 2004 14:58:25 +0200, Rossen Naydenov
<[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi guys,
>
> I just noticed the banner on www.sco.com
> If you don't saw it( because it is removed) this is w
So wouldn't yellow paper or a nice big yellow watermark at least give them eye
strain?
Or support companies that have separate cartridges for each color and keep an
empty yellow on hand.
wrote:
Next time you make a printout from your color laser printer,
shine an LED flashlight beam on it and exa
idea if this kid can do anything or is he just someone who found out how to use his ./ skills???
Brian
- Liquid Vision Media
e it
used for political debate that has very little to do with exploits,
vulnerabilities, etc. There are lists for that type of discussion; this
isn't one of them.
I add this to the long list of folks asking, please, take this
discussion off-list.
Anyone have a simple script to mock a dha against port 25? I am attempting to provide a demo of a DHA protection system.
Brian Toovey
Senior Security Analyst
igxglobal
389 Main Street Suite 206
Hackensack, NJ 07601
Ph: 201-498-0555x2225
[EMAIL PROTECTED]
PGP Key: http://www.igxglobal.com
Are these the guys that take money from M$ to post positive security reports of IIS webservers and other M$ systems?
Brian
On Wed, 2004-07-21 at 14:51, [EMAIL PROTECTED] wrote:
mi2g == 'many idiots glued 2gether'
I like it.
"Hey, Mikey! I think he likes it."
On Fri, 2004-07-16 at 12:10, D'Amato Luigi wrote:
Linked below is a Hardening stack TCP/IP tool for Windows.
hardened win tcp stack - oxymoron?
Brian
signature.asc
Description: This is a digitally signed message part
cts at our proxy to protect against it. Your thoughts on that method equiv?
Brian
On Fri, 2004-06-25 at 14:53, [EMAIL PROTECTED] wrote:
Where is Microsoft now "protecting their customers" as they love
to bray? Should not someone in authority of this public company
step forward and explai
Groupshield says it was replaced because of a Scanner Timed Out Virus.
bipin gautam wrote:
Hello everybody,
I wounder how many Antivirus/Trojan/Spyware scanners
will choak to death while having a manual scan of the
file:
http://www.geocities.com/visitbipin/SERVER_dwn.zip
I was woundering, what woul
http://www.farukh.com/1.GIF
Best Regards from,
Farrukh Hussain.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Brian Toovey
Senior Security Analyst
igxglobal
389 Main Street Suite 206
Hackensack, NJ
der open-source - oh why bother with this.
regards,
Tobias W.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
regards,
Brian
signature.asc
Description: This is a digitally signed message part
x27;re breaking the
law then so be it. Nothing like some self-righteous
popompous asso wake me up in the morning!
agreed
__
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
_______
Interesting. I keep hearing this without specifics. I find this kind of
problem to be very rare in our production environment (10,000 devices), and
limited to poorly written apps. I work in a medical environment, where
there's no lack of poorly written apps, and even amongst that population,
pro
about it. If mail
server's running lha code can be compromised If desktop users only have to
download their email.
anyone have a thought on the severity of this?
http://www.securityfocus.com/bid/10243
Brian Toovey
igxglobal
389 Main Street Suite 206
Hackensack, NJ 07601
Ph: 20
Anybody know if checkpoint will release a patch to a customer without a vaiid
licensing agreement?
http://www.checkpoint.com/techsupport/alerts/ike_vpn.html
Brian Toovey
igxglobal
389 Main Street Suite 206
Hackensack, NJ 07601
Ph: 201-498-0555x2225
[EMAIL PROTECTED]
gnupg key:
http
Actually, the letter will probably have the date for the shutdown, and
state that all PC's must have a TCP upgrade or they will be unable to
connect to the updated protocol. Call your vendor for updates. ;)
Feher Tamas wrote:
Hello,
I wonder if some foul will initiate a chain letter that clai
had their hands on something that a competitor identified as a
backdoor trojan, but NAI still cannot detect it because they filtered
E-mail sent via a virus submission address.)
Just thought I'd share my experience. Perhaps it will save someone else
the frustration that I had.
Brian
--
Brian
.com/sinit.html
This model will surely be recreated and improved, sooner rather than later.
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
"There are 10 types of people in this world. Those who
understand binary
med to be in common use.
A proof-of-concept exploit is available at:
http://www.macmerc.com/news/archives/1270
Contributors:
Ereet Hagiwara
Brian Caswell
Dragos Ruiu
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
agine (as you mention) reverse engineering the patch and/or
sniffing the network traffic of your (or another) scanner in action
would be much more productive methods of determining how to write an
exploit than your advisory was.
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assu
The message contains Unicode characters and has been sent as a binary attachment.
<>
d the GPG Plugin. The
claim in the 'advisory' that a vulnerability exists: 'on recent versions
of Squirrelmail, including the current CVS version.' is just plain false.
To the members of the "Bugtraq Research Team": The members of the GPG
Plugin and Squirrelmail d
and the GPG Plugin. The
claim in the 'advisory' that a vulnerability exists: 'on recent versions
of Squirrelmail, including the current CVS version.' is just plain false.
To the members of the "Bugtraq Research Team": The members of the GPG
Plugin and Squirrelmail d
missed my point. If the hacker can run "start" anything on
your system, it's game over anyway.
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
"There are 10 types of people in this world. Those w
Nathan Bates wrote:
Brian Eckman had thus to say: (Mon, Dec 22, 2003 at 02:12:53PM -0600)
[...]
For Windows, if it's a backdoor that is named something.txt, well,
again, the attacker would have to find a way to rename that file and
execute it with appropriate permissions. Again, I im
Larry W. Cashdollar wrote:
On Mon, 22 Dec 2003, Brian Eckman wrote:
Schmehl, Paul L wrote:
Hmmm. Well, if the execute bit isn't set, then I'd assume it can be
considered relatively safe. If the attacker can later find a way to
chmod it and then execute it with the privliges needed
your machine as well.
For Windows, if it's a backdoor that is named something.txt, well,
again, the attacker would have to find a way to rename that file and
execute it with appropriate permissions. Again, I imagine that if they
can do that, that they could find other ways of compromising your
ies. passwd is sgid
to get access to the tcb dir, and the shadow entry is writable
by the user directly, and only contain's that user's entry.
More info at http://www.openwall.com/tcb/
--
Brian Hatch Thou shalt not pray
Systems andto Zeus for things
it's resolved). If/when we find one doing this that is not in the
dorms, I'll probably visit it personally and report back.
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
"There are 10 types of people in this world. Those who
understand
in this regard.
Not that Solaris is perfect, but it's been in use long enough that if current
security was inadequate this would have been dealt with some time ago.
--
Brian Bennett
[EMAIL PROTECTED]
http://digitalelf.net/
It is undignified for a woman to play servant to a man who is not
trolls. The charter says "it is expected
that the list will be largely self-policing". Well, we can all pitch in
by ignoring stuff that belongs on security-basics type lists. Or better
yet, kindly show them to the door, of a more appropriate forum for their
question, that is.
Regards,
Welcome to the drawback of unmoderated "full-disclosure."
-Original Message-
From: Bipin Gautam [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 8:59 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Shortcut.. may cause 100% cpu use!!!
--[Effected]--
The exploit has bee
in the 'file'
section for open, so you'd be able to use that to
avoid a shell in the open without writing the code
yourself.
--
Brian Hatch Why do croutons come
Systems andin airtight packages?
Security Engineer Aren't they j
espond to another comment, the MS03-040 patch might *not*
address this type of attack on a system. Internet Explorer fully patched
with default settings *still* allows silent delivery and install of
executables. POC was sent to this list weeks ago.
Brian
--
Brian Eckman
Security Analyst
OIT Securi
Tunnel
over SSL inside a MITM'd SSL too. However regardless how
you do it, with the MITM they should be smart enough to
catch the HTTPTunnel-style traffic.
--
Brian Hatch I have no cognitive
Systems andpowers. It's amazing
Security Engineer
severed their network connection in
the meantime.) This is getting really old...
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
s rendered in an html capable
browser, it is human readable.
Very sneaky!
Brian Dinello, CISSP
Senior Security Consultant
-Original Message-
From: Security Administrator [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 9:22 AM
To: Lan Guy
Cc: [EMAIL PROTECTED]
Subject:
porting an increase
>> in port
>> 53 traffic over the last two days. Are we looking at the precursor
to the
>> next worm?
>
>
> This is currently being discussed on NTBUGTRAQ too.
>
>
McAfee labels it QHosts-1
http://us.mcafee.com/virusInfo/default.asp?id=description
.
http://www.river.com/users/share/cluetrain/
---
---
---
with the fact that I could not
manually delete that file in Safe Mode either. They were running Windows 98.
It is unknown how the audio.exe file got onto the computer hard drive in
the first place.
I have not yet notified abuse contacts of the ISPs of the IP addresses
posted.
Brian
--
Brian
d you read my email?
I said this was OLD news. A LONG time ago. We published our findings on
snort.org a LONG time ago. Your assumptions are all wrong.
Grow up already.
-brian
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.
are
dashed out. Gee, I wonder why. As well as normal incident response,
the entire snort team did a major audit of snort at that time for anything
injected.
BTW, for those of you wanting the original sneeze, its still available
online at http://snort.sourceforge.net/sneeze-1.0.tar
-brian
Communications prior to 1.2.31
Needless to say, I doubt anyone will soon be reporting any instances of
this piece of code actually doing anything to a remote host.
Brian Dinello, CISSP
-Original Message-
From: Adam Balogh [mailto:[EMAIL PROTECTED]
Posted At: Friday, September
hat
you may have wanted, it's a good way to find similar existing
domains, without you ever issuing your own whois/etc queries.
And I like the irony of them performing the service for you.
--
Brian Hatch "Strategic analysts in Earthdome
Systems andhav
ve any other
noticable characteristics? If so I'd think we could set up
a firewall rule to drop all DNS replies that contain the
Verisign-be-damned IP address. That'd protect everything,
regardless of name server or method of access (using
host/nslookup/etc manually.)
--
Bria
At 04:09 PM 9/8/2003, Gregory A. Gilliss wrote:
spam doesn't have anything to do with security
Random complaints about spammering may have no place on F-D, but spamming
has *everything* to do with security.
1. Spammers usually rely on open mail relays to send their junk e-mails.
2. Spammers ofte
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It is basically the WINE emulated with a bit of a UI facelift to
make certain tasks easier. I cannot say whether or not WINE has
vulnerabilities, but you get to install your own copies of Microsoft
products (Crossover Office lets you install the
Heh, !
I must post this...
http://www.virtuallystrange.net/ufo/mufonontario/archive/blkout.htm
I must have been terrorist, UFO hackers that caused the grid to fail...
Honestly though, due to cost constraints, human nature, etcI find it
unlikely that mankind will ever create a fault-proof sy
me program
calling itself a worm...
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
612-626-7737
"There are 10 types of people in this world. Those who
understand binary and those who don't."
___
be
more "effective" than Code Red (whatever your definition of effective
is). However, what was provided to the list wasn't of much use to
anyone, so I was pointing out how premature it was to start labelling it.
I'll resist the temptation of responding to your flames.
Bria
x27;re playing a whole different ballgame.
I have IP addresses in the target range of this "worm". I'm seeing lots
of scanning for 445/tcp, but not coming from other addresses in it's
target range.
Brian
--
Brian Eckman
Security Analyst
OIT Security and Assurance
University o
> Has anyone noticed alot of spam coming in recently with pgp sigs
> attached? What would be the benefit of doing that?
SpamAssassin applys a non-spam bonus to PGP signed email.
The spammers are abusing the fact, trying to increase the
odds their crap gets through.
--
Brian
Neither is RedHat 9.1.
On Fri, Jun 13, 2003 at 05:57PM, Stephen Amadei was quoted stating the following:
> On Fri, 13 Jun 2003, Brian Houk wrote:
>
> > Just a warning. . .
> >
> > [03:37] chigoo ([EMAIL PROTECTED]) joined #linuxhelp.
> > [03:37] new root explo
Actually I should have made my previous e-mail a little bit more clear.
DO NOT RUN THIS
> Just a warning. . .
>
> [03:37] chigoo ([EMAIL PROTECTED]) joined #linuxhelp.
> [03:37] new root exploit is out to slackware 9.1 and redhat 9.1!
> enjoybe nice to your frinds boxes!:> http://home.no/e
Just a warning. . .
[03:37] chigoo ([EMAIL PROTECTED]) joined #linuxhelp.
[03:37] new root exploit is out to slackware 9.1 and redhat 9.1! enjoybe
nice to your frinds boxes!:> http://home.no/exploited/exploits/kmodaxx.c
Attached is the so called exploit, and the perl code it runs locally o
t that was supposed to never
exist, so now all those kiddies will be spewing packets at IANA's
example box.
--
Brian Hatch "We all know Linux is
Systems andgreat... it does
Security Engineer infinite loops in
http://www.ifokr.org/bri/ 5
Yep, click on the logo.
http://www.grsecurity.org/realindex.php
On Mon, Mar 31, 2003 at 11:10PM, Stephen Amadei was quoted stating the following:
> On Mon, 31 Mar 2003, Jeff wrote:
>
> > http://www.grsecurity.net
> >
> > Looks like another big company screwed over a team of innocent developers.
High
Network-accessible:yes
Network-accessible:yes
Discovery: D. Boneh, D. Brumley
Writeup: Brian Hatch <[EMAIL PROTECTED]>
Summary: SSL sessions where RSA blinding is not in effect
are vulnerable to timing attacks
ich I now find
myself.
While catching a few fleas isn't unusual in the murky, dog-eat-dog
world of reporting on hackers and terrorists, this hoax is different.
Had it been a simple scam, I might be embarrassed. But in this case,
the scammer is Brian McWilliams, a former rep
At 11:11 AM 1/31/2003, Geo wrote:
>>I have a hard time feeling real outraged on behalf of the kind of users
you
are describing. Anyone who 1) visits the sort of sites where Xupiter is
offered, and 2) has their IE security settings low, and 3) is in the habit
of impatiently clicking "yes" to any pr
To protect these folks against this kind of scumware, perhaps we need the
digital equivalent of air bags. When are antivirus products going to add
detection for Xupiter et al?
Brian
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
there are other instances of the ActiveX
out there that work differently. But I'm told that IE by default prompts
before installing signed ActiveX.
In other words, you have to *lower* Microsoft's default security settings
(seldom a good idea
ecisions about
their own security."
Brian
At 10:13 AM 1/23/2003, Richard M. Smith wrote:
http://www.nytimes.com/2003/01/23/business/23LOCK.html?pagewanted=print&;
position=top
January 23, 2003
Master Key Copying Revealed
By JOHN SCHWARTZ
A security researcher has revealed a little-know
Like folks said earlier, the "Exploit" tab is missing, but that
doesn't mean the exploit is gone. You just have to dig, starting with the
stuff in the "Credit" tab, to find the SF mailing list message
that spawned the BID in the first place.
E.g., the BID 1780 exploit is in the original Bugtraq m
rk around known bugs in the server
version. (OpenSSH has lots of workarounds for server bugs
per version number.)
Take a web server, on the other hand, do clients need to work
around bugs in specific versions? No. What do we gain by
having the server announce it? Nothing. What do we loose by
havin
TI.html
I don't believe the IT industry has yet reached equivalent accords on the
handling of vulnerability info.
Brian
At 07:21 PM 12/6/2002, Richard M. Smith wrote:
Another data point in the full-disclosure/security-by-obscurity debate:
http://www.cnn.com/2002/WORLD/meast/12/06/sprojec
n
BLAH" when you can just say "Apache"? It only makes it
easier for crackers to mark you down on their well-
tailored lists.
--
Brian Hatch Anxiously awaiting
Systems andthe millenium so
Security Engineer I can start p
See below.
Not to beat a dead horse, but this doesn't explain why the Kaspersky list
server was forwarding bounce messages from list members to everyone on the
Virus News list. (E.g. see sample at the very bottom of this note.)
B.
+++
http://www.kaspersky.com/news.html?chapter=20140
Beware o
rded it to those of us on the list.
And now, thanks to Kaspersky's wacko server, everyone on the list is also
getting copies of the virus autoresponder messages sent out by the
recipients' mail gateway scanners.
Man, we would be lost without these early warning systems.
Brian
At 05
70 matches
Mail list logo