[Full-Disclosure] Robustness patch for TWiki, vulnerability in ImageGalleryPlugin

* TWiki robustness patch After CAN-2004-1037 was discovered in November 2004, I wrote a patch which systematically replaces unsafe subprocess invocation constructs in the TWiki source code. This patch was published, submitted to the TWiki developers, and they ported it into the DEVELOP branch:

Re: [Full-Disclosure] Administrivia: List Compromised due to Mailman Vulnerability

* John Cartwright: > Subscriber addresses and passwords have been compromised. All list > members are advised to change their password immediately. There do > not appear to be further signs of intrusion although investigations > continue. Recent Mailman versions from CVS contain a script to rese

Re: [Full-Disclosure] OT: Tool for sanitizing MS office documents?

* Clement Dupuis: > This is why so many companies have adopted the PDF format for document > exchange. What you see is what it is, no hidden code or revision bits. This view is a bit too simplistic. PDF files can contain layers, and the text that is nicely covered by those black rectangle may s

Re: [Full-Disclosure] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability

* Marc Haber: >> VIII. DISCLOSURE TIMELINE >> >> 09/30/2004 Initial vendor notification >> 09/30/2004 Initial vendor response > 01/04/2005 Vendor releases a patch (publicly, by the way) > 01/14/2005 Vendor releases interim release incorporating the patch >> 01/14/2005 Public disclosu

Re: [Full-Disclosure] Possible DNS compromise/poisoning?

> Is anyone else seeing this: > > --SNIP-- > ;; QUESTION SECTION: > ;www.microsoft.com. IN A > > ;; ANSWER SECTION: > www.microsoft.com. 2415IN CNAME > www.microsoft.com.nsatc.net. > --SNIP-- > > Notice that www.microsoft.com is a cname for > www.microsoft.com.nsatc.n

Re: [Full-Disclosure] Pattern matching search tool

* Paul Schmehl: > Is anyone aware of a search tool (not Google or search engine > aggregation software) that could be used to search our network for > "interesting stuff"? It needs to be capable of doing pattern > matching similar to perl's regular expression stuff. For active sites, ngrep is ra

Re: [Full-Disclosure] MediaSentry false positives?

* Valdis Kletnieks: > On Wed, 05 Jan 2005 13:00:41 +0100, Florian Weimer said: > >> RIPE doesn't have an announcement of the prefix, so I think >> MediaSentry was in error. > > Did you just check the RADB, or did you actually poke a looking glass to > see wha

Re: [Full-Disclosure] MediaSentry false positives?

> Has anybody received "Notice of claimed infringement" from MediaSentry > for IP addresses which, while registered to you or your organization, > are in a range not actively in use? I've independently received another report of this problem. > I see two likely possibilities -- either MediaSentry

Re: [Full-Disclosure] This sums up Yahoo!s security policy to a -T-

* Bart Lansing: > If their refusal to release that mail even after their customer is dead is an > indication as to their privacy practices, three cheers for Yahoo. I agree. It's not even clear to me that it's in the relatives' interest to know *everything*. If there's some in these messages h

Re: [Full-Disclosure] TCP Port 42 port scans? What the heck over...

* James Lay: > Here they be. ODD. Anyone else seeing this? Probably yes. 8-) 42/TCP is used by Microsoft's WINS replication, and this service has got a security hole for which Microsoft has yet to release a patch. ___ Full-Disclosure - We believe in i

Re: [Full-Disclosure] A suggestion to all AV vendors...

* Valdis Kletnieks: > It's still applying band-aids to a hemophiliac rather than supplying > them with clotting factor. The only *sustainable* long-term solution is > to use software that was designed with a sane security model, so there's > no *need* for a separate A/V product. It's not just so

Re: [Full-Disclosure] Time Expiry Alogorithm??

* Andrew Farmer: > On 23 Nov 2004, at 15:02, Florian Weimer wrote: >> * Andrew Farmer: >>> Especially considering that there aren't enough atoms in the >>> universe to store all that precalculated data, nor enough energy >>> to do all the calculations. &

Re: [Full-Disclosure] Time Expiry Alogorithm??

* Andrew Farmer: > Especially considering that there aren't enough atoms in the universe to > store all that precalculated data, nor enough energy to do all the > calculations. Typically, such estimates ignore the possibilities of quantum superpositions. > (Schneier says that there's enough ener

Re: [Full-Disclosure] Time Expiry Alogorithm??

* Georgi Guninski: > would prefer to keep my secrets encrypted with algorithm whose breaking > requires *provable* average runtime x^4242 or even x^42 instead of > *suspected runtime* 2^(x/4). It depends on the constant factors you omitted, including those in the lower-order terms. 8-) AES can

Re: [Full-Disclosure] OT: U.S. 2004 Election Fraud.

* Paul Schmehl: > --On Monday, November 15, 2004 07:25:58 PM +0100 Florian Weimer > <[EMAIL PROTECTED]> wrote: >>> >>> <http://www.sbe.state.va.us/Election/Electoral_College.htm> >>> <http://www.usconstitution.net/consttop_elec.html> >>&

Re: [Full-Disclosure] OT: U.S. 2004 Election Fraud.

* Paul Schmehl: > --On Monday, November 15, 2004 05:18:16 PM +0100 Florian Weimer > <[EMAIL PROTECTED]> wrote: >> >> The problem isn't so much the weighting (it's even more extreme in the >> senate), but the "the winner gets it all" principl

Re: [Full-Disclosure] OT: U.S. 2004 Election Fraud.

> Sorry list, I just couldn't resist.. > > *Electoral votes vs. Population [1] > > StatePopulation Votes Votes / M pop. > - > Alaska 648,818 34.624 > Wyoming 501,242 35.985 > Texas22,118,509 341.537 > >

Re: [Full-Disclosure] Re: AV companies better hire good lawyers soon.

* James Tucker: >> According to the FBI fornsics agent I heard at a recent security >> conference this is a fairly common defense. The other is trying to >> claim that any gaps in the evidence chain are when a law enforcement >> type planted the porn there. > > there are laws and processes which

Re: [Full-Disclosure] AV companies better hire good lawyers soon.

> What exactly are they charged with for having a compromised Windows box in > their possession? I am curious, I had never heard of that. Credit card fraud, probably. There are also reports that someone with child porn on his hard disk got away because he claimed that the virus did it. The case

Re: [Full-Disclosure] AV companies better hire good lawyers soon.

* Jason Coombs PivX Solutions: > I work as an expert witness in addition to being an infosec > researcher, etc. and you would not believe how terrible the quality of > computer forensics is in the real world today. To begin with, are you > aware that people are going to prison in the U.S. for noth

Re: [Full-Disclosure] AV companies better hire good lawyers soon.

* Jean Gruneberg: > Yes, I agree - but then don't bitch if the other software (be it AV > or any other software) does not work or breaks your software. It's not a mere question of compatibility (I could certainly live with that). The problem is that these companies wrongfully label products of c

Re: [Full-Disclosure] Teen hacker controls ebay

* Karsten W. Rohrbach: > Florian Weimer([EMAIL PROTECTED])@2004.09.10 03:14:10 +: >> * Rainer Duffner: >> >> >> Personally, I can't comprehend how the default for something like that >> >> would be "Yes", >> > >> >

Re: [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue

> The first of the four would be the correct behaviour for a security > conscious product, but based on empirical research this is not the > common result. Of course, this violates the robustness principle. Are there any estimates how much (corporate) mail contains one of the format violations

Re: [Full-Disclosure] AV companies better hire good lawyers soon.

* Micheal Espinola, Jr.: > I disagree. Programmer's should know to submit their code to the > various AV companies in order to avoid false-positives. This is a ridiculous proposition. It's like suggesting that you have to submit your writings to the Department of Justice before you can exercise

Re: [Full-Disclosure] Teen hacker controls ebay

* Marcin Owsiany: >> The delegation was changed because Ebay's registrar for the .DE zone, >> TUCOWS, didn't object when asked by DENIC whether the change was >> alright. > > The "asking" was actually two programs "talking", right? Yes, DENIC sends two or three mail messages over a period of five

Re: [Full-Disclosure] Teen hacker controls ebay

* Über GuidoZ: > I believe it was done through email. DENIC received the request to > change the DNS, then emailed Tucows to see if it was ok to make the > changes. By default, the answer is yes. So, since no one responded > saying "Hell no! Don't do that", the changes were made. > > Personally, I

Re: [Full-Disclosure] Teen hacker controls ebay

* Rainer Duffner: >> Personally, I can't comprehend how the default for something like that >> would be "Yes", > > Because, if the ISP is bankrupt, the "YES" will never come. And that's a problem because of ...? DENIC (the registry) claims to have a direct contractual relationship with all doma

Re: [Full-Disclosure] Teen hacker controls ebay

* Gaurang Pandya: > http://www.theinquirer.net/?article=18288 Says, a teen > hacker "he had managed to become the new owner of > eBay.de." can any one tell me what do they mean by > this..did he actually changed ip address at DNS or its > DNS Cache poisioning or something else?? The delegation wa

Re: [Full-Disclosure] The 'good worm' from HP

> Stuff like counter-attacking has been discussed often, This isn't necessary counter-attacking. Most operators of large, decentralized networks who have some say on what's running on the machines (e.g. operators of educational or corporate networks) follow some process that detects compromised m

Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack

* Aaron Gray: > It turns out I was going about the process of vulnerability > notification all wrong. I should have gone to the United States > Computer Emergency Readiness Team to report them. > The US-CERT home page provides an email address [EMAIL PROTECTED] for > reporting vulnerabilities. If

Re: [Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability

* Stefan Esser: > Application: PHP <= 4.3.7 >PHP5 <= 5.0.0RC3 > Severity: A vulnerability within PHP allows remote code >execution on PHP servers with activated memory_limit > Risk: Critical Uh-oh. Has anybody got a minimal patch to fix this issue

Re: [Full-Disclosure] Is Mozilla's "patch" enough?

* Aviv Raff: > Security patches shouldn't be overridden unless intended too (i.e > uninstalled). This is not standard industry practice. Especially if a patch might break previously working configuration, I completely agree that it's correct. For most people, having a working system is more imp

Re: [Full-Disclosure] Is Mozilla's "patch" enough?

* Aviv Raff: > On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer <[EMAIL PROTECTED]> wrote: >> * Aviv Raff: >> >> > Security patches shouldn't be overridden unless intended too (i.e >> > uninstalled). >> >> This is not standard

Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions

* Jordan Cole: >> I wonder if they break down and release a "fix" in a week's time. > > Hm... in a way, that's a pretty good joke. :) No, it isn't. Untested hotfixes for functionality problems are often available after just a short period of time, and sometimes there is documentation how to dis

Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions

* Jordan Cole: > Hm... the fact that the average user probably doesn't even realise > there are browsers out there besides IE means nothing, I suppose. And > I saw from reading it (this morning) that there are two basic replies > to any question: > > a) we're considering it, but can't say for sure

Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines

> The Organization for Internet Safety (OIS) extends an invitation to > the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing > lists to participate in the ongoing public review of the OIS Security > Vulnerability Reporting and Response Guidelines. The definition of the term "security

[Full-Disclosure] Re: SUSE Security Announcement: kernel (SUSE-SA:2004:020)

* Roman Drahtmueller: > Multiple security vulnerabilities are being addressed with this security > update of the Linux kernel. Do you plan to release generic advisories (not SuSE-specific ones) for some of the issues? > Kernel memory access vulnerabilities are fixed in the e1000, dec

Re: [Full-Disclosure] IBM Potential Credential Impersonation Attack paper?

> I found the following IBM advisory via their outside advisory service: > http://www-1.ibm.com/support/docview.wss?uid=swg21168762 > > They refer to an externally available paper that identifies a form of > credential impersonation exploit that can affect multiple IBM > products. Does anybody know

[Full-Disclosure] Re: [VulnDiscuss] Re: [VulnWatch] TCP Reset Attacks: Paper and Code Now Availble

to attack those TCP connections with RST segments. Probably he didn't test an IOS-to-IOS TCP connection. -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart ZENDASfax +49-711-121-3688 ___ Full

Re: [Full-Disclosure] OT microsoft "feature"

"Davide Del Vecchio" <[EMAIL PROTECTED]> writes: > It seems like the 0 character implies a modification in the IP field.. In some programming languages, the leading zero signals that an octal number follows. And guess what? "10", as an octal number, denotes the number eight... -- Current mai

Re: [Full-Disclosure] Operating Systems Security, "Microsoft Security, baby steps"

Todd Burroughs wrote: > I know that other major software companies use OpenSSL in their products; > the "free/open source" software community responds very quickly, much > faster than any commercial vendor (I noticed that Cisco released > a patch). This is proof, same day fix vs. fix in a few mon

Re: Browser security was Re: [Full-Disclosure] MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities

Gary Flynn wrote: > >Wow. A GNU/Linux distributor who finally releases a security update for > >Mozilla. Isn't this a first? > > > >There is a list of published issues at: > > I'm glad you said "published" instead of "known". :) That was quite deliberate. 8-) There are quite a few security bu

Re: [Full-Disclosure] MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities

Mandrake Linux Security Team wrote: > A number of vulnerabilities were discovered in Mozilla 1.4: Wow. A GNU/Linux distributor who finally releases a security update for Mozilla. Isn't this a first? There is a list of published issues at:

Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP

3APA3A wrote: > ASN.1 is used by many services, but all use different underlying > protocols. It's not likely NetMeeting or MS ISA server to be primary > attack targets. Attack against MS IPSec implementation, Exchange, > SMB/CIFS, RPC services, IIS and specially IE will no have

Re: [Full-Disclosure] 3 new MS patches next week... but none fix

Tim wrote: > I realized that M$ must be giving pre-release information to major > vendors. Probably for a heafty price tag. You receive additional information if you are a Premium Support customer, such as a rough sketch of the upcoming security patches (affected products, severity of the vulner

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

Roman Drahtmueller wrote: > The fact that security-relevant bugs get found and fixed in an open, > transparent and traceable way may be specific to Linux, yes. The changelog message was quite cryptic. This is not the first time something like this has happened. Most of the security professional

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

Wojciech Purczynski wrote: > This is not an integer overflow bug. do_brk() doesn't verify its arguments > at all, allowing to create arbitrarily large virtual memory mapping (vma) > consuming kernel memory. At least this explains why it wasn't found by the Stanford checker tool. Thanks.

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

[EMAIL PROTECTED] wrote: > Recently multiple servers of the Debian project were compromised using a > Debian developers account and an unknown root exploit. Forensics > revealed a burneye encrypted exploit. Robert van der Meulen managed to > decrypt the binary which revealed a kernel exploit. Stud

Re: [Full-Disclosure] SSH Exploit Request

Jeremiah Cornelius wrote: > > The last exploit for a critical vulnerability in OpenSSH is from 2001. > > > > You might be helpful - in some /small/ way: > > Google for "gobbles" and "ssh" Bingo! This vulnerability is not critical; it only affected a fraction of all deployed SSH systems.

Re: [Full-Disclosure] SSH Exploit Request

Robert Davies wrote: > A service is flawed in one way or another, patch it! If the vendor says the > service is broke in some way, believe them, get off your lazy ass and get > patching. If you are the admin, do your job and quit whining! The OpenSSH maintainers lured Debian into distributing a v

Re: [Full-Disclosure] SSH Exploit Request

Jack Chum wrote: > Though it's late to ask, but could anyone send me the last openssh > exploit for our lab-test? The last exploit for a critical vulnerability in OpenSSH is from 2001. > We need to test it before we are permitted to upgrade. Please help. Help yourself and redesign your patch ma

[Full-Disclosure] Remote MS03-043 detection for Windows NT

Is there a tool that can tell unpatched Windows NT machines from those which have the MS03-043 fix applied? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] New variant of Nachi ?

Helmut Springer wrote: > Has anyone seen any evidence besides this and the two postings on > public lists? No real trace after more than 24h it seems... We see increased scanning activity, but it doesn't look like a widespread worm: date| sources | targets | flows +-

Re: [Full-Disclosure] Bugtraq?

David wrote: > I haven't gotten any emails from it for the last 2 days, it might be > broke. BUGTRAQ is only moderated during US office hours, at least that's the impression I got. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.co

Re: [Full-Disclosure] Application level firewall

Jason Freidman wrote: > Is there any sort of application level firewall for linux? There are plenty of application-level firewalls for hooking SQL databases to the Internet, most of them poorly implemented. 8-> ___ Full-Disclosure - We believe in it. C

Re: [Full-Disclosure] IRC DCC Exploit

Farrukh Hussain wrote: > I want to know about DCC Exploit, Upgrade to a recent mIRC version. That's all you need to know. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] SunnComm to sue 'Shift key' student for $10m

Nick Jacobsen wrote: > it seems to me the perfect chance for a countersuite... cause at least > as far as I know, most state's definition of computer crime would > include installing software on a machine withough the owners permission. > or knowlege.. and since that is what SunnComm's protectio

Re: [Full-Disclosure] Spam with PGP

Lan Guy wrote: > I just got this piece of Spam, with a PGP signature! Yes, mock PGP signatures are a good way to increase the non-spam status of message in some rating tools. Others probably just mark all PGP messages as spam. Real PGP messages are statistically insignificant, I guess. 8-( ___

Re: [Full-Disclosure] Solaris security patches.

Len Rose wrote: > NOTE: These are personal opinions and as such I do not speak > for any entity other than myself. > It's been quite a while for those who rely on ssh and sendmail, > so generally everyone eventually is forced to ditch "official" > versions of ssh and sendmail in favour of buildi

Re: [Full-Disclosure] Vendor non-acknowledgement

On Tue, Sep 30, 2003 at 09:37:53AM -0500, Kent A wrote: > Novell recently put out security release > (http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087316.htm) > based upon my notifications to them. Do most vendors acknowledge > security professionals that bring vulnerabilities to

Re: [Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing

On Tue, Sep 30, 2003 at 03:27:50PM +0100, Mark J Cox wrote: > Who is affected? > - > > All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all > versions of SSLeay are affected. > > Any application that makes use of OpenSSL's ASN1 library to parse > untrusted data.

Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly

On Sun, Sep 28, 2003 at 08:04:58PM +0200, Michal Zalewski wrote: > I'd argue... many vendors (Okena aka Cisco, BlackICE aka ISS, etc) > provide integrated corporation-wide mechanisms for enforcing group > firewalling, access and logging/IDS policies on workstations or groups of > workstations (and

Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly

On Sun, Sep 28, 2003 at 12:20:28PM -0500, Paul Schmehl wrote: > I don't think "we" as a "security community" have even begun to tackle this > problem. We talk about it, but who is *really* doing it? For example, if > you want to network machines you *have* to use SMB/NetBIOS for Windows, NFS

Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly

On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote: > I think we have lost the point of the thread CyberInsecurity: The Cost of > Monopoly which states your exact point that diversity is the most important > aspect of network protection. I often hear such claims, but I'd rather see compan

Re: [Full-Disclosure] My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list

On Thu, Sep 25, 2003 at 12:08:57PM +0200, Michal Zalewski wrote: > On Thu, 25 Sep 2003, Florian Weimer wrote: > > > Especially as some of the flaws (the replay attacks) are actually > > documented in the manual. > > And correct me if I am wrong, but it appears to me

Re: [Full-Disclosure] My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list

On Thu, Sep 25, 2003 at 12:08:57PM +0200, Michal Zalewski wrote: > > Especially as some of the flaws (the replay attacks) are actually > > documented in the manual. > > And correct me if I am wrong, but it appears to me that replay attacks are > not that much of a concern when encrypting TCP/IP p

Re: [Full-Disclosure] My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list

On Thu, Sep 25, 2003 at 03:43:06AM +0200, Jake Appelbaum wrote: > After reading Gutmann's short but to the point email a few points that > he made seemed obvious. Some of the flaws were not so obvious. CIPE > seemed to have some very simple flaws and some of the fixes were easy to > implement. Th

Re: [Full-Disclosure] EXPLOIT : RPC DCOM (MS03-039)

[EMAIL PROTECTED] writes: > Has anyone tested this exploit successfully? I havn't been able to > make it work as of yet. I tried the Target 0 type and have the > exact DLL versions referenced. Just wondering if this is BS or > there is some other dependency on my test systems that isn't quite >

Re: [Full-Disclosure] OpenSSH exploit w/privsep

"Brown, Rodrick" <[EMAIL PROTECTED]> writes: > Has it been confirmed that the exploit in the wild works on system with > privsep enabled?? So far, it hasn't been confirmed that there is an exploit in the wild. 8-/ ___ Full-Disclosure - We believe in i

Re: [Full-Disclosure] new ssh exploit?

Andreas Gietl <[EMAIL PROTECTED]> writes: > does privilege separation prevent the bug from being exploited? This question is a bit premature. There is no obvious way to exploit this bug, so it's hard to give an answer. ___ Full-Disclosure - We believe

Re: [Full-Disclosure] Looking for linux code of a rpc dcom Scanner

"Carl Belanger" <[EMAIL PROTECTED]> writes: > http://www.k-otik.com/exploits/09.11.dcom2_scanner.c.php This scanner classifies many hosts as "wierd", which is a bit unfortunate. The recent NASL script seems to be better in this regard. I've ported the NASL script to the doscan framework:

Re: [Full-Disclosure] Bill Gates blames the victim

"Richard M. Smith" <[EMAIL PROTECTED]> quotes Mr. Gates: > And ducking questions by blaming the victim: > >Q. "The buffer overrun flaw that made the Blaster worm >possible was specifically targeted in your code reviews >last year. Do you understand why the flaw that led to >Blas

Re: [Full-Disclosure] Authorities eye MSBlaster suspect

"Larry Roberts" <[EMAIL PROTECTED]> writes: > The funnier thing would be if this was the guy tried to make the > variant that takes over your machine via the DCOM exploit and goes > out the windowsupdate.com and downloads the fix. That would be > hilarious!!! This worm (which isn't a variant of t

Re: [Full-Disclosure] Worm side effects

"Geo." <[EMAIL PROTECTED]> writes: > I think I know why the worm used 92 byte icmp echos. AFAIK, the worm uses a standard Windows routine to generate those ICMP packets. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disc

Re: [Full-Disclosure] Sobig has a surprise...

Paul Schmehl <[EMAIL PROTECTED]> writes: > They *have* published the IP addresses. They just didn't publish them > where *you* were looking. On Tuesday or Wednesday? Where? ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full

Re: [Full-Disclosure] JAP back doored

"Drew Copley" <[EMAIL PROTECTED]> writes: >> Like everywhere else, ISPs are forced to install wiretapping >> equipment, which is basically the same. > > In the US, criminals - not citizens - may be wiretapped at the ISP > level. Criminals are citizens too. When the wiretapping takes place, they

Re: [Full-Disclosure] Sobig has a surprise...

Steve Postma <[EMAIL PROTECTED]> cites: > However, the Sobig.F worm has a surprise attack in its sleeve." >From the web site: | "As soon as we were able to crack the encryption used by the worm to | hide the list of the 20 machines, we've been trying to close them | down", explains Mikko Hyppon

Re: [Full-Disclosure] Microsoft urging users to buy HarwareFirewalls

"Richard M. Smith" <[EMAIL PROTECTED]> writes: > I agree with Microsoft's recommendation for a hardware firewall on all > home PCs. There is no thing such as a hardware firewall. Typical SoHo routers have a much more defective TCP/IP stack than Windows. Most end users (who can't configure their

Re: [Full-Disclosure] JAP back doored

"Drew Copley" <[EMAIL PROTECTED]> writes: > If the US forces developers to trojanize their applications, Like everywhere else, ISPs are forced to install wiretapping equipment, which is basically the same. ___ Full-Disclosure - We believe in it. Charte

Re: [Full-Disclosure] Sobig.F...what took so long

"Robert Ahnemann" <[EMAIL PROTECTED]> writes: > So its 4 days after the virus was found, and they just discover that its > got a list of 20 machines that it will pull from to create a massive > DDoS across the net? What took them so long to find it? The AV vendors deliberately held back this inf

Re: [Full-Disclosure] JAP back doored

"Drew Copley" <[EMAIL PROTECTED]> writes: >> Why is the U.S. government interfering with the publication >> of security advisories if the corresponding software is being >> run throughout the world? > > I haven't had any problem issuing security advisories. What is this in > reference to? The W

Re: [Full-Disclosure] JAP back doored

Adrian Nutz <[EMAIL PROTECTED]> writes: > They are in the cascades Luebeck-Berlin-Dresden and New > York-Berlin-Dresden. I think that german judges won't have a way to > force a mix in New York to implment the logging, which gives a cascade > of two (possibly) unlogged mixes if you use the New Yor

Re: [Full-Disclosure] Re: Popular Net anonymity service back-doored

"Drew Copley" <[EMAIL PROTECTED]> writes: > I would think, I would know, there would be a moral obligation to tell > their users. Moral... A conscience obligation, an obligation of > conscience. I usually interpret German privacy law much more liberally than ICPP and was really surprised that the

Re: [Full-Disclosure] JAP back doored

"Drew Copley" <[EMAIL PROTECTED]> writes: > Why is the state of Germany trojanizing applications which may be > run by anyone on the planet? Why is the U.S. government interfering with the publication of security advisories if the corresponding software is being run throughout the world? The Ger

[Full-Disclosure] Re: Popular Net anonymity service back-doored

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 "Thomas C. Greene " <[EMAIL PROTECTED]> writes: > traffic might be going straight to Big Brother, right? Wrong. After taking > the service down for a few days with the explanation that the interruption > was "due to a hardware failure", the operator

Re: AW: [Full-Disclosure] securing php

[EMAIL PROTECTED] writes: > You an enable PHP's "Safe Mode", which goes a long way to > closing these holes, but it's not a 100% solution. PHP uses many libraries which were not designed to cope with malicious input from the application. That's why PHP Safe Mode is unsafe *by* *design*. ___

Re: [Full-Disclosure] Vulnerability Disclosure Debate

gridrun <[EMAIL PROTECTED]> writes: > The security alliance around Microsoft is trying to push its > "reasonable vulnerability disclosure guidelines", which seeks to > prevent security researchers from publishing proof-of-concept code > alltogether, and wants them to make only limited, next to use

Re: [Full-Disclosure] Vulnerability Disclosure Debate

"Joel R. Helgeson" <[EMAIL PROTECTED]> writes: > If they did that, how could we write NESSUS plugins that would accurately > scan for vulnerabilities? You don't, so you buy a proprietary scanner. Look at who's takes part in those coordinating forums. Some companies certainly have conflicting in

[Full-Disclosure] Scanning for DCOM & fingerprinting Windows Me

It appears that using the eEye/Nessus test, a vulnerable Windows NT 4.0 system and a non-vulnerable Windows Me system are both flagged as vulnerable. Any idea how to fingerprint the Windows Me system, so that it can be flagged non-vulnerable nonetheless? ___

Re: [Full-Disclosure] MS03-26 and Windows NT4.0

"Curious ByStander" <[EMAIL PROTECTED]> writes: > When the patch for MS03-26 (RPC/DCCOM) is applied to Windows NT 4.0 it > is then not possible to log into multiple domains. Furthermore, Microsoft PSS seems to be rather undecided whether the patch is for NT 4.0 Server only, or applies to NT 4.0 W

Re: [Full-Disclosure] [Secure Network Operations, Inc.] FullDisclosure != Exploit Release

ble. If you don't publish such code, you will eventuall kill projects like Nessus and Snort by starvation. Is this your intention? -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT

Re: [Full-Disclosure] BlueBoar - 'Evil' Vendors Strike Back

is not a business. Many parts of computer security are, and I too think that's part of the problem. -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT

Re: [Full-Disclosure] Some vim problems, yet still vim much betterthan windows

can configure this externally, and IMHO that's the preferred way. It's not polite to force your own editing conventions down the throat of other users... -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-

Re: [Full-Disclosure] zen-parse@gmx.de is not zen-parse@gmx.net

ons). I'm not sure if the sharing is optional. -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 ___ Full-Di

Re: [Full-Disclosure] zen-parse@gmx.de is not zen-parse@gmx.net

threats and vulnerabilities, the Internet Security | Alliance, through the CERT/CC, provides members with exclusive access | to the CERT/CC Knowledgebase, which contains timely reports and | analysis unavailable to the general public. (http://www.isalliance.org/membership/product_services.phtml)

Re: [Full-Disclosure] zen-parse@gmx.de is not zen-parse@gmx.net

reasonable to disclose critical information on new security vulnerabilities to potential but paying blackhats *on* *the* *same* *day* *the* *vendors* *are* *notified*? -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RU

[Full-Disclosure] Remote detection of vulnerable OpenSSL versions

RUS-CERT RUS-CERT <http://CERT.Uni-Stuttgart.DE/> is the Computer Emergency Response Team located at the Computing Center (RUS) of the University of Stuttgart, Germany. URL of the current version of this document: <http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.

Re: [Full-Disclosure] openssl exploit code

larmed. Typically, the vendor gets a grace period to develop a patch. We will keep this standard. (Sorry, English isn't my native tongue.) -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT

Re: [Full-Disclosure] openssl exploit code

Solar Eclipse <[EMAIL PROTECTED]> writes: > What's next? Checking if if the vendor has been properly notified > and approves of posting the exploit code? Symantec has announced this in an interview with a German newspaper. -- Florian Weimer[EMAIL PROTECT

[Full-Disclosure] Re: Compaq mount patch broken

of the RPC code for NFS mounts. xdr_array() is actually used for interaction with rpc.mountd, so a new /sbin/mount binary was needed to remove a potential threat. (I haven't got access to a Tru64 system, so this is pure, albeit plausible speculation.) -- Florian Weimer

  1   2   >