-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> I've already told you that there is no such threat, since the attack
>> you describe can only be initiated by someone who already has
>> unrestricted access. Please stop wasting everybody's time.
> You are wrong. Unrestricted access means _really un

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TITLE: Security flaw in DNSONE appliance (http://www.infoblox.com)

TYPE: Script injection over DHCP

QUOTE from INFOBLOX:

DNS One appliances are designed to provide the foundation for
next-generation network identity services
in a secure and easy-to-

[ more ]  [ reply ]

At 19:27 2004-06-17 +0200, Joel Eriksson wrote:
>On Wed, Jun 16, 2004 at 01:26:28PM +0200, R Armiento wrote:
>[snip]
> > For example: attacker 'A' sends 'B' a social engineering request
> > for "the secret plans" and says "if you are unsure, forward my
> > request to your boss and ask if this is oka

[ more ]  [ reply ]

This is nothing new to spam filtering. Any dynamic/proactive filter mechanism is subject to the sam shenanigans.

This has been a "feature" of IntrusionPreventionSystems since they came out. Spoof an attack from an IP you want to be denied, and the IDS updates the ruleset on the firewall (what a

[ more ]  [ reply ]

Assumming we are on a XP Pro box, does anyone know if the exe has the same
effect on Admin, power user, and normal user accounts? or just more
privilaged accounts such as Power users and/or Administrators??

More to the point, does anyone know what it is exactly doing to prevent the
cd from being co

[ more ]  [ reply ]

Your point on the Rejected messages is that it does happen. Reverse-NDR's
are a real problem - and are a loophole since NDR is a smtp spec.

On a second note, your comment on filters, (not involving the me2 spam
filter companies) filters do not stop spam, and sometimes they are truly
more detrimenta

[ more ]  [ reply ]

Typically, when an application is being installed in Mac OS X (assuming
X?), if it requires system file modification it will require an
administrative level password to continue. While it is true that I
haven't purchased said malware, this is the usual case. If this
'helpful drm software' is bei

[ more ]  [ reply ]

* Manuel Bouyer <bouyer (at) antioche.eu (dot) org [email concealed]> [2004-06-18 12:46]:
> On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote:
> > [...]
> >
> > AFFECTED DISTRIBUTIONS:
> > FreeBSD 5.x i386
> > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed)
>
> NetBSD is not, a LKM can't

[ more ]  [ reply ]

Hello,

Here is what I have from TrendMicro IWSS v1

A virus (Compressed_Huge_File, Eicar_test_file,
Eicar_test_file, Eicar_test_file, Eicar_test_file,
Eicar_test_file, Eicar_test_file) was detected in file
SERVER_dwn.zip in http traffic on 6/15/04 3:10:06 PM
with action deleted taken.

CPU on the s

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application: Internet Scanner 7
Vendors: Internet Security Systems (www.iss.net)
Platforms: Windows
Vulnerability: Restriction Bypa

[ more ]  [ reply ]

I think spam filters arn't the solution to the spam problem. If someone gets
200 spam emails aday then what use is a spam filter telling them the email
was rejected? The user will end up not looking at the list of rejected
emails because it's sooo big.

Filtering certain works is also bad aswell

[ more ]  [ reply ]

> On Wed, Jun 16, 2004 at 01:26:28PM +0200, R Armiento wrote:
>>For example: attacker 'A' sends 'B' a social engineering request
>>for "the secret plans"
...
>>spam filter silently drops the email. 'A' forges a reply

Joel Eriksson wrote:
> it's not a "real" vulnerability that gives remote root to
>

[ more ]  [ reply ]

>As a addendum, perhaps, though I wouldn't doubt someone
>might make some nice proof of concept code for this...

Don't mind if I do :)

The following demo will read out your logon name and your logon domain, or
at least it should :)

http://jelmer.homedns.org/test.htm

The url used is http://jelmer

[ more ]  [ reply ]

Greetings,

spam filters are a really big concern for most customers we have. They sure
hate spam, know that it statistically means that their employees will loose
some time filtering it out, not to mention those evil spam that carry
malicious code or point to malicious sites.

Content filtering is

[ more ]  [ reply ]

R Armiento wrote:

> During a recent email conversation with several participants, we discovered that the email service of one participant silently dropped legitimate emails that happened to contain certain combinations of words common in spam. I believe this sort of filter is common practice, and i

[ more ]  [ reply ]

On Thu, 17 Jun 2004 13:28:59 +0200, Manuel Bouyer said:
> On Tue, Jun 15, 2004 at 08:42:23AM +0200, Radko Keves wrote:
> > [...]
> >
> > AFFECTED DISTRIBUTIONS:
> > FreeBSD 5.x i386
> > FreeBSD, OpenBSD, NetBSD is most likely also affected (investigation needed)
>
> NetBSD is not, a LKM can't be l

[ more ]  [ reply ]

Name : ircd-hybrid-7/ircd-ratbox low-bandwidth DoS
Date : June 14th 2004
Author : Erik Sperling Johansen <einride (at) einride (dot) org [email concealed]>
Severity : Medium

This has been tested on most the ircd versions currently used on EFNet.
Other ircds may be affected.

Affected:
ircd-hybrid <=7.0.1
ircd-ra

[ more ]  [ reply ]

Autorun doesn't work with USB keyfobs. Actually, it is my
understanding that it doesn't work on any media that is deemed writable and
removable. The distinction between USB devices and CDs is that the media is
writeable, but the drives aren't removeable on CDs. That of course isn't true
if you

[ more ]  [ reply ]

On Fri, 18 Jun 2004, Jon Fiedler wrote:

> >In my opinion, any spam filter that silently drops e-mail is broken, and
> >is indeed a security risk. A spam filter MUST respond with a 500 SMTP
> >failure code if it rejects a message.

> This ignores client side spam filters,

Client-side spam filters

[ more ]  [ reply ]

David F. Skoll wrote:

>On Wed, 16 Jun 2004, R Armiento wrote:
>
>
>
>>However, 'C':s spam filter silently drops the email.
>>
>>
>
>In my opinion, any spam filter that silently drops e-mail is broken, and
>is indeed a security risk. A spam filter MUST respond with a 500 SMTP
>failure code if

[ more ]  [ reply ]

has anyone done any research on exploiting overflows with memory returned by kmalloc()? after briefly looking at source, i see that internally it relies on the kmem_cache_alloc() functions. i didn't see any sort of coalescing as with dlmalloc, so maybe it's not even possible? anyone have any lin

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

R Armiento wrote:
| During a recent email conversation with several participants, we
discovered that the email service of one participant silently
dropped legitimate emails that happened to contain certain
combinations of words common in spam. I believe

[ more ]  [ reply ]

Dag-Erling Smørgrav wrote:
> I've already told you that there is no such threat, since the attack
> you describe can only be initiated by someone who already has
> unrestricted access. Please stop wasting everybody's time.

If the vulnerability described exists then there is such a threat.

The

[ more ]  [ reply ]

On Wed, 16 Jun 2004, Tucker wrote:

> Clamav doesnt seems to be affected

> tucker@overlink~$ clamscan --version
> clamscan / ClamAV version 0.70
> tucker@overlink~$ clamscan --verbose SERVER_dwn.zip
> SERVER_dwn.zip: Eicar-Test-Signature FOUND

Same on my clamav.

I have also checked the latest F-P

[ more ]  [ reply ]

Hello,

Here is what I have from TrendMicro IWSS v1

A virus (Compressed_Huge_File, Eicar_test_file,

Eicar_test_file, Eicar_test_file, Eicar_test_file,

Eicar_test_file, Eicar_test_file) was detected in file

SERVER_dwn.zip in http traffic on 6/15/04 3:10:06 PM

with action deleted taken.

[ more ]  [ reply ]

If I recall, it is possible to disable the offending "bonus" data track by
writing over it with a black marker. This is all in theory, of course.

http://www.wired.com/news/technology/0,1282,52665,00.html

Glenn

-----Original Message-----
From: Dragos Ruiu [mailto:dr (at) kyx (dot) net [email concealed]]
Sent: Wednesday, Ju

[ more ]  [ reply ]

In-Reply-To: <200406151517.i5FFH8pC029012 (at) web179.megawebservers (dot) com [email concealed]>

This just plain simple XSS attacks, and additionally it relies on a (long since?) patched vulnerability in IIS.

>Still unclear how or why this can be interpreted into the site

>or through the browser.

What is unclear?

1.

[ more ]  [ reply ]

Just wondering if anyone else has seen this come through their mail portal.
Something has caused our McAfee Webshield SMTP to seriously eat processor
time... to the point that it will no longer forward scanned mail. I've had
to temporarily bypass it until I figure out what it's choking on. I saw
s

[ more ]  [ reply ]

Hello:

Anyone knows how to contact Starwood computer security dept?

Thanks

Jinsong

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ more ]  [ reply ]