Gadi.
--
Gadi Evron,
http://gadievron.com/
is what they have in mind.
Gadi.
--
Gadi Evron,
http://gadievron.com/
http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm
A government report into cybercrime has recommended that internet
service providers (ISPs) force customers to use antivirus and firewall
software or risk being disconnected.
security
Committee chair Belinda Neal
http://edition.cnn.com/2010/TECH/web/07/01/finland.broadband/index.html?hpt=T2
Interesting...
The upcoming issue will be about cyber war. Check out the front page image:
http://sphotos.ak.fbcdn.net/hphotos-ak-snc3/hs488.snc3/26668_410367784059_6013004059_4296972_499550_n.jpg
Gadi.
On 7/25/10 8:24 PM, Tarig Yassin wrote:
I would like to issue a question here, who controls this Internet?
Vix does, who else?
:)
Gadi.
I withhold comment... discuss amongst yourselves.
Best,
Gadi.
Original Message
Subject:[funsec] And Google becomes a DNS..
Date: Sun, 5 Dec 2010 17:34:50 +0200
From: Imri Goldberg lorgan...@gmail.com
To: funsec fun...@linuxbox.org
Found on reddit:
On 12/5/10 5:50 PM, Gadi Evron wrote:
I withhold comment... discuss amongst yourselves.
Found on reddit:
http:/
Not sure why the URL didn't go through...
http://i.imgur.com/Q5SVu.png
Enjoy.
Gadi.
Christopher Morrow wrote:
On Fri, Jun 5, 2009 at 1:44 AM, Deepak Jaindee...@ai.net wrote:
What does it say about these providers AUP that the FTC needed to go to court
to turn them off?
I hate to re-start the atrivo/intercage/mccolo thread(s) but, often
what happens is there just arent any
J. Oquendo wrote:
(press 3) - rerouted to an APNIC block (outsourced!):
Velcome is here to en eye esh tee dish is John
I'm having trouble with mail..
vell have you tried reboot?
vat vershun of vindows are you use?
*ducks
http://www.youtube.com/watch?v=QpmLrz_lSuE
The IT Crowd, one of
While this is the Gentoo advisory, it's generic enough.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
---BeginMessage---
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory
. Don't shoot the
messenger though!
And it wasn't really NANOG that did or does much of what he describes,
but NANOG is a good enough representative name for the community of
people who do, when we our definition to network operations.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog
feeling inside.
Off topic, I found it hilarious how all the tweets came back to facebook
and set statuses about twitter. :o)
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites
http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml
'Landmark case' indicates that ISPs may be held liable if they know
about criminal activity on their customers' Websites and fail to act
A federal
Gadi Evron wrote:
Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites
http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml
Corrected URL:
http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml;jsessionid
jamie wrote:
FYI, This was discussed in the already-OT thread Beware : a very bad
precedent set a week ago.
Ah. I apologize. It happens.
On Mon, Sep 7, 2009 at 11:59 AM, Gadi Evron g...@linuxbox.org
mailto:g...@linuxbox.org wrote:
Gadi Evron wrote:
Jury Exacts $32M Penalty
The story is covered by PC mag:
---
... major Dutch ISPs have agreed to share information and establish a
common set of rules for responding to users infected with malware,
especially those in botnets. The agreement, called a treaty by locals,
involves 14 ISPs covering 98% of the market.
Christopher Morrow wrote:
I would also point out that Qwest does this walled-garden approach for
their customers (have been for at least 5 years now? d...@qwest could
clarify) and they've seen success with it. Aliant in .ca also has some
fairly aggressive anti-malware works installed. There are
Eugeniu Patrascu wrote:
Gadi Evron wrote:
Barton F Bruce wrote:
Stopping the abuse is fine, but cutting service to the point that a
family
using VOIP only for their phone service can't call 911 and several
children
burn to death could bring all sorts of undesirable regulation let
alone
Jim Mercer wrote:
can anyone point me at a Kaspersky tech with a clue? maybe we can re-craft
our login url to not offend the Kaspersky suite.
Forwarding.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
is hosted by the ISOTF, but is governed by members.
Note: SCADA, network operations, and other related issues should be
discussed in the appropriate forums, elsewhere. This group deals with
the internet.
To subscribe:
http://isotf.org/mailman/listinfo/cii
Gadi Evron for ISOTF-CII-WG.
Simon Lockhart wrote:
On Wed Nov 18, 2009 at 07:08:31PM +0200, Gadi Evron wrote:
ISOTF Critical Internet Infrastructure WG is now open to public
participation.
Sorry, who is ISOTF?
I tried looking on the website, but the About ISOTF page is blank...
http://www.isotf.org/?page_value
back:
http://www.reddit.com/r/reddit.com/comments/6a32u/please_enter_the_first_1178_digits_of_pi_wait/
As to if it's a joke... one way to find out. :)
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
ISOI 6 was hosted by the University of Texas, Dallas, and supported by
Baylor University.
http://isotf.org/isoi6.html
ISOI 7 was hosted by Websense and ESET, and supported by Facebook and
Softlayer:
http://isotf.org/isoi7.html
Gadi.
Regards
Jorge
--
Gadi Evron,
g...@linuxbox.org
Gadi Evron wrote:
I can share personal examples of past uses relating to NANOG, which are
public:
Oh, duh! The outages mailing list is part of the ISOTF, although clearly
its own entity.
Gadi.
?
As to the intricate web of who they are and where their resources lie,
these are usually cases where the more you dig, the more you find -- ad
infinitum.
Me? I'd just kick them after verifying they are not victims themselves.
I hope this helps,
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog
On 9/26/11 2:31 AM, Jimmy Hess wrote:
Sorry... what makes you think the problem with use of a
AS-reputation systems is
social and not technical?
IP packets are not stamped with the numbers of any of the AS they
transitted to reach your network.
The IP protocol simply does not expose AS number
We tried to outline some of the challenges of building such a system in our
NANOG52 presentation:
http://www.merit.edu/networkresearch/papers/pdf/2011/NANOG52_reputation-nanog.pdf
In particular see slide 4. where we tried to lay down what we think the
requirements are for a socially
Video at:
http://edition.cnn.com/video/#/video/bestoftv/2011/12/13/erin-schmidt-on-iran.cnn
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
On Fri, 26 Sep 2008, Term wrote:
Hi,
Is there anyone on this list that can give me a noc/security contact for
someone at theplanet.com
I have been getting a DDos from servers hosted with them for the past 60
hours
and they seem to have the care factor of 0
There are some good security
of the Estonian economy.
Those who wish to download the document:
http://www.mod.gov.ee/?op=bodyid=518
My contact there specified she'd be happy to answer any questions. To avoid
spam of her inbox, email me for her address.
Gadi Evron.
On Fri, 26 Sep 2008, Marshall Eubanks wrote:
Does anyone know what this group is really about and how it might actually
impact real networks ?
Reminds me of something Fergie said at ISOI 5 just a couple of weeks ago:
if only the records industry was interested in folks like Atrivo and RBN
I do believe the wireless is provided for 200 Paul and everyone hosted
there. But if gloating in an inflamatory fashion ... oh, fake email
address. What a surprise.
Gadi.
On Wed, 1 Oct 2008, intercage blows wrote:
* RussM ([EMAIL PROTECTED]) has joined #dronebl
* RussM *pokes*
On Tue, 7 Oct 2008, Steven M. Bellovin wrote:
On Tue, 7 Oct 2008 14:07:04 -0400 (EDT)
Sean Donelan [EMAIL PROTECTED] wrote:
On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote:
On Tue, 07 Oct 2008 11:30:11 CDT, J. Oquendo said:
What about exceeding the minimum requirements for a change.
(I think
-- Forwarded message --
Date: Tue, 28 Oct 2008 20:47:48 -0700
From: Paul Ferguson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [funsec] ICANN Terminates EstDomains' Registrar Accreditation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Mr. Tsastsin,
Be advised that
On Wed, 29 Oct 2008, Gadi Evron wrote:
actually nobody has posted any info about this other than what you just
posted, no details/carrier/location etc.
Jared was kind enough to take the hosting load, and the list is now hosted
there.
Also, following discussions on nanog-futures I
-- Forwarded message --
Date: Tue, 11 Nov 2008 18:22:42 -0800
From: Paul Ferguson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Via Security Fix.
[snip]
A
On Wed, 12 Nov 2008, Kee Hinckley wrote:
After reading this, and the (Washington Post I believe--I'm away from my
laptop right now) article on this, two things are bothering me.
The article expressed a good deal of frustration with the (lack of) speed
with which law enforcement has been
On Fri, 28 Nov 2008, Howard C. Berkowitz wrote:
It seems that all these cases are more under the bottom than over the top.
Every couple of years there is a story about some anti virus company, data
center, or whatever running out of an old nuclear bunker/military
base/middle of no where.
On Sun, 14 Dec 2008, Rich Kulawiec wrote:
On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
but you need to be much more specific about what you want from
medium and smaller isps, and what the immediate payoffs (cf. the
financial secions of the newpaper) will be to them to justify the
On Sun, 14 Dec 2008, Christopher Morrow wrote:
On Sun, Dec 14, 2008 at 8:44 PM, Gadi Evron g...@linuxbox.org wrote:
On Sun, 14 Dec 2008, Rich Kulawiec wrote:
On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
but you need to be much more specific about what you want from
medium
-- Forwarded message --
Date: Mon, 22 Dec 2008 09:35:54 -0500
From: Marc Deslauriers marc.deslauri...@canonical.com
To: ubuntu-security-annou...@lists.ubuntu.com
Cc: bugt...@securityfocus.com, full-disclos...@lists.grok.org.uk
Subject: [USN-698-1] Nagios vulnerability
Hi folks and happy new year!
I am emailing to spam about a talk about to be given at the CCC conference
(25c3). I apologize for the cross-posting.
At the 4th day of CCC (30th), there is an interesting as-of-yet no details
disclosed talk by a couple of good people.
FX has given a comprehensive talk about IOS exploitation (including even TCL
scripts operators leave behind when they moved jobs to retain access).
He has shown effective and ineffective ways of detecting compromise in IOS.
Then, he has shown how reliable exploitation of IOS routers works.
On Fri, 2 Jan 2009, Joe Abley wrote:
On 2009-01-02, at 09:04, Rodrick Brown wrote:
A team of security researchers and academics has broken a core piece
of Internet technology. They made their work public at the 25th Chaos
Communication Congress in Berlin today. The team was able to create a
On Fri, 2 Jan 2009, Dragos Ruiu wrote:
www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation;
sid:101;)
You can't really use any snort rule to detect SHA-1 certs created by a
fake authority created using the MD5 issue.
Yes, this is a serious matter, but it hardly has any
On Sun, 4 Jan 2009, John Kristoff wrote:
On Sun, 4 Jan 2009 21:06:34 -0500
Jeffrey Lyon jeffrey.l...@blacklotus.net wrote:
Say for instance one wanted to create an ethical botnet, how would
this be done in a manner that is legal, non-abusive toward other
networks, and unquestionably used for
On Mon, 5 Jan 2009, Patrick W. Gilmore wrote:
On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote:
On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote:
You want to 'attack' yourself, I do not see any problems. And I see lots
of possible benefits.
This can be done internally using various
hehe
On Fri, 9 Jan 2009, neal rauhauser wrote:
Cogent drops packets.
Angry customers call. Twice.
Admin writes haiku.
On Fri, 9 Jan 2009, Steve Fischer wrote:
That is too funny!
He cheated by adding periods :P
-Original Message-
From: neal rauhauser [mailto:nrauhau...@gmail.com]
Sent: Friday, January 09, 2009 3:06 PM
To: nanog@nanog.org
Subject: Cogent haiku
Cogent drops packets.
Angry customers
On Fri, 23 Jan 2009, Jeffrey Lyon wrote:
I respectfully disagree. Network engineers have to keep up with many
tasks and preventing DoS/DDoS should be the responsibility of
everyone. I see more folks worried about spam than they are actual
security.
Because non of us wantsto spend the next two
On Sun, 22 Feb 2009, Danny McPherson wrote:
On Feb 22, 2009, at 10:10 PM, Christopher Morrow wrote:
On Mon, Feb 23, 2009 at 12:06 AM, Paul Wall pauldotw...@gmail.com wrote:
On Sun, Feb 22, 2009 at 2:57 AM, Gadi Evron g...@linuxbox.org wrote:
What was that story with an African routes some
-- Forwarded message --
Date: Wed, 25 Feb 2009 01:05:01 +0100
From: secur...@mandriva.com
Reply-To: xsecur...@mandriva.com
To: bugt...@securityfocus.com
Subject: [ MDVSA-2009:054 ] nagios
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 25 Feb 2009, Eric Gearhart wrote:
I hate to be pedantic but is this something that should get forwarded
to NANOG? I guess the relevance is justified because a lot of network
folks run Nagios...?
As long as network operators related vulns don't start showing up every
couple of months
This came across my RSS feed today from gizmodo:
http://www.reddit.com/r/technology/comments/845v3/this_data_center_has_got_its_shit_together/
In this email message I'd like to discuss two subjects:
a. Phishing against ISPs.
b. Phishing in different languages against ISPs as soon as Google adds a
new translation module.
[My apologies to those who receive this email more than once. I am
approaching several different industries on this
William Allen Simpson wrote:
I've not recently seen an ISP account phish here. The last one I remember
was circa 2003. It was a dictionary attack, arriving at my was@ account
(long since rendered useless by spam volume and terminated).
However, I don't save phish/spam anymore. I used to save
Joe Blanchard wrote:
Anyone have a copy of this? Would like to analyze it and understand its
propagation.
Thanks
-Joe
I'm sure someone sent you a sample by now. As to the malware itself...
I haven't personally been following conficker as I've been busy with
other issues (as much as
Jorge Amodio wrote:
On Thu, Apr 9, 2009 at 1:20 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
isn't there a mailing list for this sort of thing? outages@ I think it is?
Jared put together long time ago outages at outages.org seems to still be
active and receiving reports about this
This is one of them mysterious and rare cases where a non router OS
vulnerability may affect network operations.
Sometimes news finds us in mysterious yet obvious ways.
HD Moore (respected security researcher) set a status which I noticed on
my twitter:
@hdmoore reading through
On Wed, 16 May 2007, Ian Mason wrote:
- so much so that this is the first time I was explicitly aware that he
offers paid consultancy in this area, if that is indeed the case.
I don't. Nor do I work for a colsultancy.
Thanks,
Gadi.
On Sun, 12 Aug 2007, Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As bad as the domain tasting problem really is, will anyone from
the Ops community speak up?
http://www.icann.org/announcements/announcement-2-10aug07.htm
I personally consider this issue to be one of
.
Sebastian Muniz, a researcher with Core Security Technologies, developed
the software, which he will unveil on May 22 at the EuSecWest conference
in London.
Gadi Evron.
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman
16, 2008 at 9:06 PM, Gadi Evron [EMAIL PROTECTED] wrote:
At the upcoming EusecWest Sebastian Muniz will apparently unveil an IOS
rootkit. skip below for the news item itself.
We've had discussions on this before, here and elsewhere. I've been
heavily attacked on the subject of considering router
On Sat, 17 May 2008, Suresh Ramasubramanian wrote:
On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft
[EMAIL PROTECTED] wrote:
If the way of running this isn't out in the wild and it's actually
dangerous then a pox on anyone who releases it, especially to gain
publicity at the expensive of
On Sat, 17 May 2008, Simon Lockhart wrote:
On Sat May 17, 2008 at 04:47:02PM +0930, Matthew Moyle-Croft wrote:
Paul Wall wrote:
What if some good comes from this root kit?
I'm sure it'll be good for a number of security providers to hawk their
wares.
How long before we need to install
On Sat, 17 May 2008, Matthew Moyle-Croft wrote:
The question is who can't afford for these things to happen...
Gadi.
I can't help but feel you're pushing fear to further some other interest here
Gadi.
It is alright to have feelings.
Gadi.
On Sat, 17 May 2008, Matthew Moyle-Croft wrote:
It is alright to have feelings.
Gadi.
So I ask again, expecting nothing but another flippant answer:
I will honour you flame-bait, but only once.
Do you actually have live examples of this or able to demonstrate it or are
you just
On Sat, 17 May 2008, Matthew Moyle-Croft wrote:
I'd love to know what magical mystical protection your routers have that
will
enable them to avoid the same fate as every other device and operating
system
has. There's only one thing up there that doesn't have known rootkits
in the wild.
On Sat, 17 May 2008, Felix 'FX' Lindner wrote:
But I don't see a reason for panic and Cisco is at least partially
right with their response
(
http://www.cisco.com/en/US/products/products_security_response09186a0080997783.html
)
to the whole issue: someone still needs a privilege level 15
On Sun, 18 May 2008, Mark Smith wrote:
Reflections on Trusting Trust
http://cm.bell-labs.com/who/ken/trust.html
That is the #1 paper on security anyone can read, and reading your email I
was about to ask if you ever read it. It certainly is my fav.
Thanks for reminding us all of the url.
On Sun, 18 May 2008, Dragos Ruiu wrote:
On 17-May-08, at 3:12 AM, Suresh Ramasubramanian wrote:
On Sat, May 17, 2008 at 12:47 PM, Matthew Moyle-Croft
[EMAIL PROTECTED] wrote:
If the way of running this isn't out in the wild and it's actually
dangerous then a pox on anyone who releases it,
On Sun, 18 May 2008, Suresh Ramasubramanian wrote:
Let's put it this way.
1. Yes there's nothing to patch, as such
2. It can be prevented by what's widely regarded as BCP on router
security, and has been covered at *nog, in cisco training material,
etc etc for quite some time now.
I am
On Sun, 18 May 2008, Joel Jaeggli wrote:
Dragos Ruiu wrote:
First of all about prevention, I'm not at all sure about this being
covered by existing router security planning / BCP.
I don't believe most operators reflash their routers periodically, nor
check existing images (particularly
On Sun, 18 May 2008, Joel Jaeggli wrote:
The result from your check can easily be modified, first thing I would have
changed is the checker.
That is a normal thing to do with rootkits (return bogus results). Which is
part of the reason I suggested that method I did. Short of pulling the
On Mon, 19 May 2008, Deepak Jain wrote:
Wouldn't this level of verification/authentication of running code be a
pretty trivial function via RANCID or similar tool?
Absolutely, and it actually makes sense. The problem though is that it is
one again an escalation war and counter-inventions
by a third party:
Battling Botnets and Online Mobs
Estonia's Defense Efforts during the Internet War
URL: http://www.ciaonet.org/journals/gjia/v9i1/699.pdf
It is not technical, I hope you find it useful.
Gadi Evron.
___
NANOG mailing list
NANOG
On Tue, 27 May 2008 [EMAIL PROTECTED] wrote:
On Tue, 27 May 2008 11:02:32 CDT, Gadi Evron said:
On Tue, 27 May 2008, Jared Mauch wrote:
*yawn*
I guess we will wait for the next one before waking up, than.
No Gadi. What Jared is saying is that there are exactly *ZERO* routers
(for some
On Tue, 27 May 2008, Jared Mauch wrote:
On May 27, 2008, at 12:02 PM, Gadi Evron wrote:
On Tue, 27 May 2008, Jared Mauch wrote:
On May 27, 2008, at 8:42 AM, Alexander Harrowell wrote:
An alternative rootkit ? Privilege level 16 used by the Lawful Intercept
[12] feature could be abused
On Thu, 29 May 2008, Steven M. Bellovin wrote:
On Wed, 28 May 2008 10:37:05 +0100
[EMAIL PROTECTED] wrote:
So let's see - if you had a billion CPUs in your botnet, and
each one could go at a billion to the second, you still need
2**69 seconds or 449,235,776,528,695 years. Not bad - only
Lightning storm, subsequent commercial power failure. UPS not up due to
restructing.
We are working on getting backup servers alive, as to DNS we used to
secondary at vixie's, but due to IP changes and movements removed that for
now.
A comedy of mistakes.
Details below.
--
On Fri, 27 Jun 2008, Roger Marquis wrote:
On Fri, 27 Jun 2008, Christopher Morrow wrote:
1) Fast flux 2) Botnets 3) Domain tasting 4) valid contact info
These are separate and distinct issues...
They are separate but also linked by being issues that only be addressed at
the registrar level,
On Fri, 27 Jun 2008, Tomas L. Byrnes wrote:
These issues are not separate and distinct, but rather related.
A graduated level of analysis of membership in any of the sets of:
1: Recently registered domain.
2: Short TTL
3: Appearance in DShield, Shadowserver, Cyber-TA and other sensor lists.
On Sat, 28 Jun 2008, Christopher Morrow wrote:
On Fri, Jun 27, 2008 at 11:11 PM, Roger Marquis [EMAIL PROTECTED] wrote:
On Fri, 27 Jun 2008, Christopher Morrow wrote:
I'd point out that FastFlux is actually sort of how Akamai does
it's job (inconsistent dns responses)
That's not really fast
On Sat, 28 Jun 2008, Christopher Morrow wrote:
On Sat, Jun 28, 2008 at 12:34 AM, Gadi Evron [EMAIL PROTECTED] wrote:
Interesting, I was under the impression anything less than 120 is
effectively as good as 120.
I have not measured... I bet yahoo has though :) and/or Akamai.
There's a reason
-hoc groups and populations (not necessarily under any
flag or leadership, think Estonia).
Gadi.
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2008 8:33 PM
To: Tomas L. Byrnes
Cc: Christopher Morrow; Roger Marquis; nanog@nanog.org
I forgot to change the subject line, apologies.
On Sat, 28 Jun 2008, Gadi Evron wrote:
On Fri, 27 Jun 2008, Tomas L. Byrnes wrote:
I just know who should be held for further processing @ the gate.
This is getting off-topic, so let's continue the discussion for a couple more
emails to see
On Sun, 29 Jun 2008, Tuc at T-B-O-H.NET wrote:
This requires serious elaboration. How could you use a domain in
.exe to actually attack someone? (No handwaving, please, actual
study.)
I think it would be the other way around - I would assume that that
was a near worthless TLD, as it
would
On Sun, 29 Jun 2008, John Levine wrote:
We already see this in the email world, where a self-appointed cartel
like the MAAWG can decide technical rules and policies, bypassing
both IETF and ICANN.
As an active participant in both the IETF and MAAWG, and a former
member of the ICANN ALAC, I can
On Thu, 24 Jul 2008, Joe Greco wrote:
downplay this all you want, we can infect a name server in 11 seconds now,
which was never true before. i've been tracking this area since 1995. don't
try to tell me, or anybody, that dan's work isn't absolutely groundbreaking.
i am sick and bloody tired
On Thu, 24 Jul 2008, John Kristoff wrote:
On Thu, 24 Jul 2008 10:06:25 +0100
Simon Waters [EMAIL PROTECTED] wrote:
I checked last night, and noticed TLD servers for .VA and .MUSEUM are
still offering recursion amongst a load of less popular top level
domains.
Indeed just under 10% of the
On Thu, 24 Jul 2008, Gadi Evron wrote:
But sticking to the point, TLD servers should (under most circumstances) be
Should NEVER, oops.
On Thu, 24 Jul 2008, Martin Hannigan wrote:
I personally know several folks from within and wayyy from outside the
DNS
world who discovered this very out there and obvious issue and worked
hard
to try and contact the operators. Those that haven't fixed it yet,
likely
won't if all thing
On Thu, 24 Jul 2008, Steve Bertrand wrote:
Gadi Evron wrote:
On Thu, 24 Jul 2008, Martin Hannigan wrote:
I personally know several folks from within and wayyy from outside the
DNS
world who discovered this very out there and obvious issue and worked
hard
to try and contact the operators
On Sun, 27 Jul 2008, Paul Wall wrote:
Simon,
Sorry to steer this in a different direction, but could you please
tell us a bit about the new MLC's plans for suspending habitual
off-topic posters in violation of the three strikes rule, such as
Gadi Evron and Larry Sheldon?
can you take your
-- Forwarded message --
Date: Tue, 29 Jul 2008 11:31:11 +0100
From: Andy Davis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Remote Cisco IOS FTP exploit
Hi,
The IOS FTP server vulnerabilities were published in an advisory by
Cisco in May 2007. The FTP server does not run
I guess history decided the previous discussion in favor of vix. Although
I doubt vix sees this compromise at ATT as a victory, but rather a loss.
Note: HD has not been compromised.
Gadi.
-- Forwarded message --
Date: Wed, 30 Jul 2008 11:46:49 -0700
From: Dragos Ruiu
.
-Original Message-
From: Martin Hannigan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2008 9:13 PM
To: Suresh Ramasubramanian; Gadi Evron; nanog@nanog.org
Subject: Re: [funsec] Subject line misleading. ATT Pwned.
Sweet Irony:Metasploit Creator a Victim of His Own Creation (fwd
On Thu, 31 Jul 2008, Patrick Giagnocavo wrote:
Today I looked at my most recent bill from Level3.
They are now assessing a 2.5% surcharge, which is listed as Taxes on the
bandwidth bill I have. In the state of PA, telecoms services are explicitly
not taxable.
When you call Level3 billing,
On Thu, 31 Jul 2008, Joe Maimon wrote:
You try something, see if it works. Then try something a little bit less,
see if it works, and so on.
If what you are saying translates to
How much pain can we inflict on our customers before they break (whether or
not it increases revenue or decreases
1 - 100 of 184 matches
Mail list logo
