For those interested.
-- Forwarded message --
Date: Sat, 1 Mar 2008 22:08:29 +
From: Petko D. Petkov [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: The Router Hacking Challenge is Over!
http://www.gnucitizen.org/projects/router-hacking-challenge/
The
I'm an MRTG guy, but many aren't.
-- Forwarded message --
Date: Tue, 12 Feb 2008 14:42:01 -0200
From: Mario Sergio Candian [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: cacti -- Multiple security vulnerabilities have been discovered
Affected packages:
cacti 0.8.7b
On Thu, 24 Jan 2008, Fred Baker wrote:
I still think IP+timestamp doesn't imply what person did something
it doesn't, no any more than the association of your cell phone with a cell
tower conclusively implies that the owner of a telephone used it to do
something in particular. However, in
On Thu, 17 Jan 2008, Sean Donelan wrote:
On Wed, 16 Jan 2008, Gadi Evron wrote:
Yes, I still believe these ISP distributed machines called broadband
routers are a network operators issue. But not all may agree on that.
What specifications can consumer electronics stores and ISPs include
On Wed, 16 Jan 2008, Simon Lockhart wrote:
On Wed Jan 16, 2008 at 12:09:48PM -, Rod Beck wrote:
6. I am not aware of any Dutch per se ISP conferences although that market is
certainly quite vibrant. I am also disappointed to see the Canadians and
Irish have next to nothing despite Ireland
Props to Jeff Chan who I saw it from.
Yes, I still believe these ISP distributed machines called broadband
routers are a network operators issue. But not all may agree on that.
--
http://news.yahoo.com/s/pcworld/20080116/tc_pcworld/141399
Flash Attack Could Take Over Your Router
Robert
I was told I should care about smaller entities that ccTLDs on this, so
here is a forward to NANOG of a discussion on DNS-operations.
-- Forwarded message --
Date: Tue, 4 Dec 2007 00:56:51 -0600 (CST)
From: Gadi Evron [EMAIL PROTECTED]
To: Rickard Dahlstrand [EMAIL PROTECTED
On Mon, 3 Dec 2007, John Kristoff wrote:
On Mon, 03 Dec 2007 15:16:47 -0200
MARLON BORBA [EMAIL PROTECTED] wrote:
I am in search of a good book about Network Architecture and Design,
with emphasis in Quality of Service and convergent networks, to be used
as a reference. Could you please
Hey Rich.
We discussed the technology before but the actual mental click here is
important -- thank you.
BTW, I *think* it was Randy Bush who said today's leechers are
tomorrow's cachers. His quote was longer but I can't remember it.
Gadi.
On Mon, 22 Oct 2007, Rich Groves wrote:
On Fri, 12 Oct 2007, Leigh Porter wrote:
You are more likely to get 5000 zonealarm emails
Or a place on dshield's top 10.
Justin M. Streiner wrote:
On Fri, 12 Oct 2007, Chris Owen wrote:
You can't consider every wacko on the net when doing something like
this. Anyone who
On Fri, 12 Oct 2007, Paul Ferguson wrote:
So, back to my original question: If you alert an ISP that bad and
possibly criminal activity is taking place by one of their customer,
and they do not take corrective action (even after a year), what do
you do?
That's a different question all
I am unsure what to say.
-- Forwarded message --
Date: Tue, 04 Sep 2007 11:14:34 +0200
From: Lubomir Kundrak [EMAIL PROTECTED]
To: funsec [EMAIL PROTECTED]
Subject: [funsec] The Great IPv6 experiment
This is kind of... interesting.
[snip]
We're taking 10 gigabytes of the
Hi, like last time, we are looking for community input and questions for
the Internet security operations community, to be discussed during ISOI 3.
ISOI is happening this Monday and Tuesday, we will likely compile the
responses in a few weeks.
We will reply to people personally on issues
On 22 May 2007, Paul Vixie wrote:
apropos of this...
As to NS fastflux, I think you are right. But it may also be an issue of
policy. Is there a reason today to allow any domain to change NSs
constantly?
...i just now saw the following on comp.protocols.dns.bind (bind-users@):
On Tue, 22 May 2007, David Ulevitch wrote:
Gadi Evron wrote:
On Mon, 21 May 2007, Chris L. Morrow wrote:
ok, so 'today' you can't think of a reason (nor can I really easily) but
it's not clear that this may remain the case tomorrow. It's possible that
as a way to 'better loadshare
On Tue, 22 May 2007, David Ulevitch wrote:
snip
These questions, and more (but I'm biased to DNS), can be solved at the
edge for those who want them. It's decentralized there. It's done the
right way there. It's also doable in a safe and fail-open kind of way.
This is what I'm
On Sun, 20 May 2007, Roger Marquis wrote:
An odd pattern of DNS failures began appearing in the logs yesterday:
Fastflux.
Gadi.
On Mon, 21 May 2007, Chris L. Morrow wrote:
On Sun, 20 May 2007, Roger Marquis wrote:
If not, have any root nameservers been hacked?
To partly answer my own question, no. The data returned by root
(gtld) nameservers is not changing rapidly. Thanks for the pointers
to fast
On Mon, 21 May 2007, Stephane Bortzmeyer wrote:
On Sun, May 20, 2007 at 09:25:37PM -0700,
Roger Marquis [EMAIL PROTECTED] wrote
a message of 15 lines which said:
If not, have any root nameservers been hacked?
To partly answer my own question, no.
I cannot find the original
On Mon, 21 May 2007, Chris L. Morrow wrote:
On Mon, 21 May 2007, Gadi Evron wrote:
On Mon, 21 May 2007, Chris L. Morrow wrote:
the root servers are responsible how exactly for the fast-flux issues?
Also, there might be some legittimate business that uses something like
the FF
On Mon, 21 May 2007, Chris L. Morrow wrote:
ok, so 'today' you can't think of a reason (nor can I really easily) but
it's not clear that this may remain the case tomorrow. It's possible that
as a way to 'better loadshare' traffic akamai (just to make an example)
could start doing this as
On Mon, 21 May 2007, Chris L. Morrow wrote:
On Mon, 21 May 2007, Gadi Evron wrote:
As to NS fastflux, I think you are right. But it may also be an issue of
policy. Is there a reason today to allow any domain to change NSs
constantly?
well, so it's not explicitly denied in the current
On Wed, 16 May 2007, Ross Hosman wrote:
Gadi,
I appreciate your well thought out email but I sit here and wonder
what exactly you are trying to accomplish with it? Are you just trying
to shame the two ISPs listed publicly or are you trying to spark a
discussion about something that many
On Sun, 13 May 2007, Sean Donelan wrote:
On Sun, 13 May 2007, Gadi Evron wrote:
Passing the buck! Buck passer! (see below - skip to Dilbert link)
I guess you missed my attempts 3 or 4 years ago at trying to establish
some standards for CPE concerning security. I've been at this party
On Sun, 13 May 2007, Sean Donelan wrote:
On Sun, 13 May 2007, Florian Weimer wrote:
Fortunately, there is a simple solution to this kind of problem: ISPs
are very likely liable if they fail to alert customers about security
problems, and do not provide updates in a timely manner. After
On Mon, 14 May 2007, Chris L. Morrow wrote:
On Sun, 13 May 2007, Gadi Evron wrote:
There is little to no financial incentive for ISPs to do something about
this problem right now, even if it is currently under their direct
control. Later on, when it is a problem - it will cost more
of us will stick around to help
that change (or try to). For now though, it is about one vulnerability
ignored at a time, and working on our communities.
Gadi Evron.
ISPs, who spent some time and
effort exploring this threat and in some cases acting on it. If anyone can
share their experience on dealing with securing their infrastructure in
this regard publicly, it would be much appreciated.
Thanks.
Gadi Evron.
On Fri, 20 Apr 2007, Simon Lyall wrote:
On Thu, 19 Apr 2007, Gadi Evron wrote:
Looking at the lack of security response and seriousness from this ISP, I
personally, in hindsight (although it was impossible to see back
then) would not waste time with reporting issues to them, now
On Fri, 20 Apr 2007 [EMAIL PROTECTED] wrote:
On Fri, 20 Apr 2007, Gadi Evron wrote:
Now, that is off-topic to NANOG.
Just because you disagree with someone's opinion, doesn't make it
offtopic.
snip
I'm not sure the debate on public disclosure vs private falls under NANOG
AUP.
Do you
On Fri, 20 Apr 2007, Stephen Wilcox wrote:
On Thu, Apr 19, 2007 at 06:10:06PM -0500, Gadi Evron wrote:
I am generally worried about the trend that is emerging of reporting
security issues resulting in legal threats.
well in this case i dont know the nature of the threat but asking
On Thu, 19 Apr 2007, Will Hargrave wrote:
Gadi Evron wrote:
A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
of a critical vulnerability that can compromise the security of the ISP's
subscribers
On Thu, 19 Apr 2007, Edward Lewis wrote:
At 18:30 -0500 4/17/07, Gadi Evron wrote:
http://www.theregister.com/2007/04/17/hackers_service_terminated/
A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
On Tue, 3 Apr 2007, Adrian Chadd wrote:
On Tue, Apr 03, 2007, Tony Finch wrote:
On Mon, 2 Apr 2007, David Conrad wrote:
Even if a delay were imposed, I'm not sure I see how this would actually
help
as I would assume it would require folks to actually look at the list of
On Tue, 3 Apr 2007, Andy Davidson wrote:
On 3 Apr 2007, at 03:02, Gadi Evron wrote:
What are your thoughts on basic suggestions such as:
1. Allowing registrars to terminate domains based on abuse, rather
than just fake contact details.
I don't like this because its impossible
On Tue, 3 Apr 2007, Andre Oppermann wrote:
Gadi Evron wrote:
What are your thoughts on basic suggestions such as:
1. Allowing registrars to terminate domains based on abuse, rather than
just fake contact details.
Are you crazy or what? Ever heard of due process? What is abuse? Who
that starts a 50-message OT argument about botnets? NANOG-L would
be
more useful to those of use who actually operate networks if you would stop
it.
At least this time you send a comprehensible note to the list rather than
can't you die already in private. :)
Gadi Evron wrote
On Mon, 2 Apr 2007, Rod Beck wrote:
I rarely post, but that is clearly a problem. The Americans seem to believe
in the presumption of guilt and the infallibility of accusation. As an
American born and bred I can hardly be accused of bias.
Clearly spam is a serious problem in terms of
On Mon, 2 Apr 2007, Joe Abley wrote:
On 1-Apr-2007, at 22:30, Gadi Evron wrote:
But building a wall to protect your port from attacks by pirates
will not
make the pirates go away, and unfortunately, we can't convince
everybody
to build walls and our security is nwoadays
On Mon, 2 Apr 2007, David Conrad wrote:
On Apr 1, 2007, at 8:45 AM, Gadi Evron wrote:
On Sun, 1 Apr 2007, David Conrad wrote:
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
I'm not clear what this realm actually is.
Abuse and Security (non infrastructure).
Well, ICANN is supposed
On Mon, 2 Apr 2007, David Conrad wrote:
On Apr 2, 2007, at 7:12 PM, Joseph S D Yao wrote:
On Mon, Apr 02, 2007 at 05:33:08PM -0700, David Conrad wrote:
I think this might be a bit in conflict with efforts registries have
to reduce the turnaround in zone modification to the order of
On Mon, 2 Apr 2007, Robert Bonomi wrote:
From: David Conrad [EMAIL PROTECTED]
Subject: Re: On-going Internet Emergency and Domain Names
Date: Mon, 2 Apr 2007 17:33:08 -0700
On Apr 2, 2007, at 4:56 PM, Douglas Otis wrote:
The recommendation was for registries to provide a
start to make sense now that flames and personal
attacks have died down.
[previous NANOG post here]
Where do we go from here? If we do proceed, what legitimate business
concerns stand to lose money? (or not earn as much?)
Gadi Evron,
[EMAIL PROTECTED]
[Top-Posting]
Thanks David, of course, as you know, this was not an attack on you. I
appreciate you clarifying to me a bitmore on what ICANN does, does not
and is not supposed to do.
I will contact you off-list for further consultation. Many thanks again
for all your help!
So, who *is* able to
On Sun, 1 Apr 2007, Mikael Abrahamsson wrote:
net today that has made it into the raging success it is today. It's not
perfect, but it works, and it doesn't have a single point of failure.
You just lost my respect for the remainder of this thread. :)
... and people have very bad
http://www.securitylab.ru/news/extra/293608.php
There are two cross site scripting attacks on Cisco.s web site and Maria
Sharapova's site to announce that she has passed the Cisco certification
test and will now become a security engineer.
Gadi.
On Sun, 1 Apr 2007, micky coughes wrote:
On 4/1/07, Gadi Evron [EMAIL PROTECTED] wrote:
http://www.securitylab.ru/news/extra/293608.php
There are two cross site scripting attacks on Cisco.s web site and Maria
Sharapova's site to announce that she has passed the Cisco certification
On Sun, 1 Apr 2007, David Conrad wrote:
On Mar 31, 2007, at 8:44 PM, Gadi Evron wrote:
ICANN has not shown any interest or ability to affect change in
this realm.
I'm not clear what this realm actually is.
Abuse and Security (non infrastructure). ICANN, as far as I understand,
manages
On Sun, 1 Apr 2007, David Conrad wrote:
Hi,
On Apr 1, 2007, at 6:54 AM, J. Oquendo wrote:
Summary:
Confusion resulting from hearsay and extrapolations.
The key-signing key signs the zone key, which is held by VeriSign.
Except that the root zone hasn't been signed and there are
On Sun, 1 Apr 2007, Chris L. Morrow wrote:
On Sun, 1 Apr 2007, Paul Vixie wrote:
But, that's the DNS edge, I'm not ready to see the DNS core gain
features
like this. Or if they do come, I'd like them to come as a result of
consensus
driven protocol engineering (like inside the
On 1 Apr 2007, Paul Vixie wrote:
[EMAIL PROTECTED] (Gadi Evron) writes:
On Sun, 1 Apr 2007, Adrian Chadd wrote:
Stop trying to fix things in the core - it won't work, honest - and start
trying to fix things closer to the edge where the actual problem is.
Thing is, the problem
On Sun, 1 Apr 2007, Cat Okita wrote:
On Sun, 1 Apr 2007, Douglas Otis wrote:
Until Internet commerce requires some physical proof of identity, fraud
will continue. A zone preview approach can reduce related exploits and
associated crime, and the amount of information pushed to the edge.
On 1 Apr 2007, Paul Vixie wrote:
We're looking at the alligators surrounding us. Gadi is trying to
convince us to help him in draining the swamp (which may indeed be a
positive thing in the long run).
Does that sound about right?
that sounds exactly wrong. harkening back to my
On 31 Mar 2007, Paul Vixie wrote:
whoa. this is like deja vu all over again. when [EMAIL PROTECTED] asked me
to
patch BIND gethostbyaddr() back in 1994 or so to disallow non-ascii host
names in order to protect sendmail from a /var/spool/mqueue/qf* formatting
vulnerability, i was fresh
On Sat, 31 Mar 2007, Mikael Abrahamsson wrote:
On Sat, 31 Mar 2007, Gadi Evron wrote:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
The argument can be made that you're trying to solve a windows-problem by
implementing blocking in DNS.
Next step would
On Sat, 31 Mar 2007 [EMAIL PROTECTED] wrote:
OK, so, do you officially declare the emergency? Should we all block the
This is an emergecy incident on the scale of WMF, but no, it is indeed
being handled. I am raising the flag on an ever increasing problem with
DNS.
This latest incident
On Sat, 31 Mar 2007, Mattias Ahnberg wrote:
Gadi Evron wrote:
The real problem? Okay, I'd like your ideas than. :)
Just because one doesn't have a solution to the real
problem doesn't invalidate them from objecting to an
idea presented by someone else, you know?
Trying to fix DNS
On Sat, 31 Mar 2007, Paul Vixie wrote:
...
Back to reality and 2007:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
As to blacklisting, it's not my favorite solution but rather a limited
alternative I also saw you mention on occasion. What alternatives do
On Sat, 31 Mar 2007, Roland Dobbins wrote:
week or the week before or the month before that - after a while, a
state of 'emergency' becomes the norm, and thus the bar is raised.
Indeed. This background noise is what it means to lose the war, we lost
it, now we fight to maintain life in
On Sat, 31 Mar 2007, Matt Ghali wrote:
On Sat, 31 Mar 2007, Gadi Evron wrote:
Back to reality and 2007:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
Your reality must be interesting. In my reality, the problem is with
a client app thats historically
On Sat, 31 Mar 2007, Stephen Satchell wrote:
Gadi Evron wrote:
Amen. Really.
I'd honestly like more ideas.
What did IETF and ICANN say when you approached them through their
public-comment channels?
ICANN is well aware of the issues through their visibility into
operational
On Sat, 31 Mar 2007, william(at)elan.net wrote:
On Sat, 31 Mar 2007, Fergie wrote:
Amen.
The Registry policies, as they stand today, enable criminals.
Registry or Registrar?
Both.
Gadi.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
On Sat, 31 Mar 2007, Matt Ghali wrote:
On Sat, 31 Mar 2007, Fergie wrote:
The Registry policies, as they stand today, enable criminals.
and airlines enable drug smugglers. idiot.
If drugs were smuggled by airlines or airlines with or without their
knowledge, and they, as well as the
On Sat, 31 Mar 2007, Patrick Giagnocavo wrote:
There is a current on-going Internet emergency: a critical 0day
vulnerability currently exploited in the wild threatens numerous
desktop
systems which are being compromised and turned into bots,
I feel very strongly that this is just
On Sun, 1 Apr 2007, Adrian Chadd wrote:
Stop trying to fix things in the core - it won't work, honest - and start
trying to fix things closer to the edge where the actual problem is.
Thing is, the problem IS in the core. DNS is no longer just being abused,
it is pretty much an abuse
On Sun, 1 Apr 2007, Petri Helenius wrote:
Gadi Evron wrote:
Thing is, the problem IS in the core. DNS is no longer just being abused,
it is pretty much an abuse infrastructure. That needs to be fixed if
security operations on the Internet at their current effectiveness
(which is low
this was indeed just an email message, sent among
friends.
- Begin quoted message -
Date: Fri, 16 Feb 2007 02:32:46 -0600 (CST)
From: Gadi Evron
To: [EMAIL PROTECTED]
Subject: [reg-ops] Internet security and domain names
Hi all, this is a tiny bit long. Please have patience, this is important
On Fri, 30 Mar 2007, Jeff Shultz wrote:
So, is there a list of domains that we could null-route if we could
convince our DNS managers to set us up as the SOA for those domains on
our local DNS servers - thus protecting our own customers somewhat?
I won't discount the assertion that
On Wed, 21 Mar 2007, Mike Caudill wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Boyle [EMAIL PROTECTED] [2007-03-20 19:11] wrote:
At 05:48 PM 3/20/2007, you wrote:
I wonder what their security process is for other types of routers?
Try [EMAIL PROTECTED]
I wonder what their security process is for other types of routers?
-- Forwarded message --
Date: 20 Mar 2007 20:31:01 -
From: [EMAIL PROTECTED]
To: bugtraq@securityfocus.com
Subject: Linksys WAG200G - Information disclosure
Hi there,
About 2 months ago I bought a wireless
On Thu, 15 Mar 2007, Justin M. Streiner wrote:
On Thu, 15 Mar 2007, Michael K. Smith - Adhost wrote:
- Technical Support Representative
- Network Administrator
- Senior Network Administrator
Or, you could just call them all booger eaters and be done with it.
Booger Eater
On Wed, 14 Mar 2007, K. Graham wrote:
I was called a nocling but I doubt that would pass the HR test.
There's also reboot monkey. :)
How about Network Support something ?
Gadi.
--
beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi
- HD Moore to Gadi Evron
01580
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Monday, March 12, 2007 8:29 PM
To: Blanchard, Michael (InfoSec)
Cc: funsec@linuxbox.org
Subject: RE: [funsec] Not so fast, broadband providers tell big users
On Mon, 12 Mar 2007 [EMAIL PROTECTED] wrote:
wow, it's
Hi guys. A guy named Sid recently wrote on securiteam (where I write
as well) on an accidental discovery he made on the security of his home
broadband router with its default settings.
Apparently, he started by discovering he had port 23 open (which was
telnet for the router rather than for him
On Tue, 20 Feb 2007, Rich Kulawiec wrote:
Hi Rich,
snip good stuff thanks for your input, Rich. As always, quite
interesting.
BTW #2: All of this leaves open an important and likely-unanswerable
question: how many systems are compromised but not as yet manifesting
any external sign of it?
On Wed, 21 Feb 2007, Sean Donelan wrote:
If you can't measure a problem, its difficult to tell if you are
making things better or worse.
On Tue, 20 Feb 2007, Rich Kulawiec wrote:
I don't understand why you don't believe those numbers. The estimates
that people are making are based
On Sat, 17 Feb 2007, Sean Donelan wrote:
On Sat, 17 Feb 2007, Petri Helenius wrote:
After all these years, I'm still surprised a consortium of ISP's haven't
figured out a way to do something a-la Packet Fence for their clients
where
- whenever an infected machine is detected after
On Sat, 17 Feb 2007, Sean Donelan wrote:
On Sat, 17 Feb 2007, Gadi Evron wrote:
Public ISPs have been testing these types of systems for over 5 years.
What sorts of differences can you think of that would explain why public
ISPs have found them not very effective?
Public ISPs have
On Sat, 17 Feb 2007, Sean Donelan wrote:
On Sat, 17 Feb 2007, Gadi Evron wrote:
Yes, but that is because the successful ISPs currently often implement
their own if they have the resources and RD power. The really big ones
have it automated, the small ones have it limited to be activated
On Sat, 17 Feb 2007, Sean Donelan wrote:
On Sat, 17 Feb 2007, Gadi Evron wrote:
Is there a significant difference between the many ISPs implementing
walled gardens and other ISPs as far as infection rates?
Yes.
Then please share, many people would love to have that data.
Same goes
On Fri, 16 Feb 2007, Eric Gauthier wrote:
Heya,
And the fact that web servers are getting botted is just the cycle of
reincarnation - it wasn't that long ago that .edu's had a reputation of
getting pwned for the exact same reasons that webservers are targets now:
easy to attack,
On Thu, 15 Feb 2007 [EMAIL PROTECTED] wrote:
On Thu, 15 Feb 2007 11:30:34 EST, Drew Weaver said:
Has anyone created an RBL, much like (possibly) the BOGON list which
includes the IP addresses of hosts which seem to be infected and are
attempting to brute-force SSH/HTTP, etc?
No BL
On Thu, 15 Feb 2007, Peter Moody wrote:
I kept quiet on this for a while, but honestly, I appreciate Vint Cerf
mentioning this where he did, and raising awareness among people who can
potentially help us solve the problem of the Internet.
Still, although I kept quiet for a while, us
.
- - ferg
- -- Gadi Evron [EMAIL PROTECTED] wrote:
On Thu, 15 Feb 2007, Peter Moody wrote:
I kept quiet on this for a while, but honestly, I appreciate Vint Cerf
mentioning this where he did, and raising awareness among people who
can potentially help us solve the problem
On Wed, 14 Feb 2007, Robert E. Seastrom wrote:
[EMAIL PROTECTED] writes:
Do you know of any network operators who have no Solaris boxes at all
used in the management of some part of their network? Seems to me that
it is very common for network operators to use Solaris boxes to manage
it happened and why, a
quick beta patch and even discussing openly on mailing lists.
I am in awe. Now it is time for others to follow their example.
This one, despite its simplicity and age is going to be with us for a
while.
Gadi Evron.
On Tue, 13 Feb 2007, Albert Meyer wrote:
Gadi Evron wrote:
A couple of updates and a summary digest of useful information shared from
all around on this vulnerability, for those of us trying to make sense of
what it means to our networks:
Gadi,
This post appears to have been written
On Mon, 12 Feb 2007, Sean Donelan wrote:
On Sun, 11 Feb 2007, Gadi Evron wrote:
Colin Powell mentioned at RSA in his extremely good, entertaining and
pointless talk something of relevance. During the cold war American kids
were trained to hide beneath their desktops in caseof a nuclear
On Mon, 12 Feb 2007, Hank Nussbacher wrote:
At 10:02 PM 11-02-07 -0500, Daniel Senie wrote:
IP Multicast as a solution to video distribution is a non-starter. IP
Multicast for the wide area is a failure. It assumes large numbers of
people will watch the same content at the same
On Mon, 12 Feb 2007, Stephane Bortzmeyer wrote:
On Mon, Feb 12, 2007 at 01:45:41AM -0500,
Sean Donelan [EMAIL PROTECTED] wrote
a message of 16 lines which said:
The important lesson is you can educate people. The content may have
been bogus,
snip
If you can come up with a few
On Mon, 12 Feb 2007, Alexander Harrowell wrote:
On 2/12/07, Gadi Evron [EMAIL PROTECTED] wrote:
As a very smart person said a couple of weeks ago when this same argument
was made: are you willing to do tech-support for my mother is she uses
linux?
Gadi.
Name anyone
On Sat, 10 Feb 2007, Sean Donelan wrote:
On Tue, 6 Feb 2007, Roy wrote:
Its amazing how reporters has to butcher technology information to make it
understood by their editors
http://www.cnn.com/2007/TECH/internet/02/06/internet.attacks.ap/index.html?eref=rss_topstories
Do we keep
On Sun, 11 Feb 2007, Sean Donelan wrote:
On Sat, 10 Feb 2007, Stasiniewicz, Adam wrote:
Sean makes a good point, but there is one small problem with his
suggestions. He is preaching to the choir.
Just trying to get the choir to sing on key. Of course, I know the choir
will probably
On Sun, 11 Feb 2007, Paul Vixie wrote:
(i'm guessing kc will be on the phone soon, to get from them their data?)
Any of us with any sense know the Internet could potentially die tomorrow
morning. Any of us with any sense know it could be done in any number of
ways, ranging from relatively
On Sun, 11 Feb 2007, Chris L. Morrow wrote:
because people can't get more pipe? perhaps next time the news folks could
ask someone who runs a network what the problems are that face network
operators? (or did I miss the hue and cry on nanog-l about full pipes and
no more fiber to push
On Mon, 12 Feb 2007, David W. Hankins wrote:
On Sun, Feb 11, 2007 at 11:14:49AM -0700, brett watson wrote:
Verisign, the American firm which provides the backbone for much of
the net, including domain names .com and .net,...
IP over domain name registration?
We already had Video
On Sun, 11 Feb 2007, William Schultz wrote:
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-
disable.html
Tested on Sol10, and it indeed works... Good thing we use SSH, right?!
It works.
Credit to Johannes Ullrich at the SANS ISC.
I believe the vulnerability is that it
From HD Moore:
but this bug isnt -froot, its -fanythingbutroot =P
On Sun, 11 Feb 2007, William Schultz wrote:
http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-
disable.html
Tested on Sol10, and it indeed works... Good thing we use SSH, right?!
On Sat, 3 Feb 2007, Suresh Ramasubramanian wrote:
What do nanogers usually do when caught in a situation like this?
Important question: if memory serves, and you are in the Paris Charles de
Gaulle International Airport, wireless costs money.
This is after paying, right?
I had this problem in
On Thu, 1 Feb 2007, Trent Lloyd wrote:
snip
The only way for it not to arrive at the name server is for something in
the way to block it. Perhaps a transparent filter, or perhaps the IP
addresses of the name servers are your firewalls, which will block and
pass the rest on to the
1 - 100 of 422 matches
Mail list logo
