lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1050048886.20744.3.camel@loft.virustraq.com>
From: gossi at lab6.com (Gossi The Dog)
Subject: MCAFEE E-MAIL SCAN ALERT!~FWD: INTERNET S

On Fri, 2003-04-11 at 07:07, Valdis.Kletnieks@...edu wrote:
> On Wed, 09 Apr 2003 22:12:45 EDT, Jason <security@...enik.com>  said:
> 
> > Look at how your "protections" expose you when dealing with lists too. 
> > Then look at those annoying out of office notifications. Nothing like 
> > telling a lot of people the perfect contact points in an org doing some 
> > type of security, ohh and by the way, they are out of the office!
> 
> And better yet, the mail packages that are the biggest offenders are also both
> quite well known as the subject of security advisories, and also quite helpful
> in providing their exact release/build info, so you can carefully craft a
> message for maximum impact.
> 
> Might as well just attach a .BMP of concentric red-and-white circles to the note ;)

Well - indeed.  I seem to recall if you send duff (like 500 bytes) SMTP
commands to NAI Webshield, it causes it to crash.  I never really
bothered following it up.

Plus, NAI Webshield doesn't log the IP in email headers of connecting
servers.  So you can do HELO nasa.gov, and it passes it on as nasa.gov
in the headers.  Could be quite handy, that.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ