lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: valmont27 at yahoo.com (Valmont vbamont) Subject: Re: Contents of Full-Disclosure digest micro$ have its group of software genius to do junkware.. open source is free speech.. M$ is goin down as people are getting more smarter each day and he cant catch us all.. > > > Today's Topics: > > 1. Re: ISS Security Brief: "MS Blast" MSRPC DCOM > Worm Propagation (fwd) (Jeremiah Cornelius) > 2. Upcoming MS chat (John Sec) > 3. Re: smarter dcom worm (Jeremiah Cornelius) > 4. next blaster variant on its way (Brown, Bobby > (US - Hermitage)) > 5. Microsoft MCWNDX.OCX ActiveX buffer overflow > (Tri Huynh) > 6. new msblaster on the loose? (David Vincent) > 7. RE: windowsupdate.com (Turk, Anthony) > 8. Re: windowsupdate.com (KF) > 9. Re[2]: [Full-Disclosure] MSBLASTER - aka > LOVESAN/POZA ? (Geysap) > 10. Re: Windows Dcom Worm Killer (r1an@...h.ai) > 11. Cisco Security Advisory: CiscoWorks > Application Vulnerabilities (Cisco Systems Product > Security Incident Response Team) > 12. Denial of Service Vulnerability in NFS on IRIX > (SGI Security Coordinator) > 13. Re: new msblaster on the loose? (Person) > 14. Re: Microsoft MCWNDX.OCX ActiveX buffer > overflow (Thor Larholm) > 15. Administrivia: List Contact Changes (Len Rose) > 16. RE: smarter dcom worm (gml) > 17. RE: dobble-clicking msblast.exe (gml) > 18. RE: smarter dcom worm (gml) > 19. RE: recent RPC/DCOM worm thought (Kerry > Steele) > 20. OpenBSD protect windows update ? (D B) > 21. RE: ISS Security Brief: "MS Blast" MSRPC DCOM > Worm Propagation (fwd) (Joey) > 22. Re: [Dshield] new msblaster on the loose? > (John Sage) > 23. (forw) [f0x@...irrelsoup.net: Re: > [Full-Disclosure] windowsupdate.com] (Gabe Arnold) > 24. Re: windowsupdate.com (Felipe Scuciatto dos > Santos) > 25. Firewalls (Geo.) > 26. Re: windowsupdate.com (Laurent LEVIER) > 27. Re: Vulnerability Disclosure Debate (Ben > Laurie) > 28. FW: [Full-Disclosure] smarter dcom worm > (Bassett, Mark) > 29. Re: Windows Dcom Worm Killer (w g) > > --__--__-- > > Message: 1 > From: Jeremiah Cornelius <jeremiah@....net> > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] ISS Security Brief: > "MS Blast" MSRPC DCOM Worm Propagation (fwd) > Date: Wed, 13 Aug 2003 09:06:25 -0700 > > <SNIP> > > Just to pile on... > > > > > http://www.eweek.com/article2/0,3959,1200038,00.asp > > > > "The federal government last week awarded a $90 > million contract to > > Microsoft Corp. to provide the Department of > Homeland Security with > > desktop and server software." > > > > Tax dollars at work... > <SNIP> > > In the trainwreck clusterfrag against Jeffersonian > Democracy that is DHS, one > can only be glad that they are stuck with M$ > junkware. I wouldn't want > Stassi using good software either... > > -- > Jeremiah Cornelius, CISSP, CCNA, MCSE > Information Security Technology > email: jcorneli@...mail.com - mobile: 415.235.7689 > > "What would be the use of immortality to a person > who cannot use well a half > hour?" > --Ralph Waldo Emerson > > > --__--__-- > > Message: 2 > From: "John Sec" <john_sec_lists@...mail.com> > To: full-disclosure@...ts.netsys.com > Date: Wed, 13 Aug 2003 16:32:57 +0000 > Subject: [Full-Disclosure] Upcoming MS chat > > I thought some of you might want to participate in > this one: > > August 18: Chat with a Microsoft executive about the > Blaster worm - > Discussion on Trustworthy Computing and security at > Microsoft with Security > Business Unit Vice President Mike Nash. Come with > your questions on security > products, initiatives and issues for Mike. > > http://www.microsoft.com/technet/treeview/?url=/technet/itcommunity/chats/ > > _________________________________________________________________ > Add photos to your e-mail with MSN 8. Get 2 months > FREE*. > http://join.msn.com/?page=features/featuredemail > > > --__--__-- > > Message: 3 > From: Jeremiah Cornelius <jeremiah@....net> > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] smarter dcom worm > Date: Wed, 13 Aug 2003 09:36:10 -0700 > > On Tuesday 12 August 2003 04:51 pm, Marc Maiffret > wrote: > <SNIP> > > You are correct in that "this worm sucks" but I > think you could more > > eloquently put it as "this is probably the biggest > pile of shit glued > > together crap ass excuse for a worm" that I've > ever seen. >:-] That is NOT > > to say it is not being affective and damaging > though. It is definitely a > > bad one. > <SNIP> > > Thanks for getting this out there, Marc! > > I have been trying to indicate to victims in my > customer base that they should > be glad that this first round is a bit of a hassle, > but maybe a blessing for > them, because the worm is junk code - just short of > a dud. > > Hey! Free, unscheduled assessment! > > We will undoubtably see a transition to a more > robust transport and exploit > code, coupled with a more threatening payload - like > the Code Red / Nimda > transition in 2001. I am afraid that the number of > vectors will go up, > though. All the port-blocks and ACLs that drop > Blaster will be conveniently > avoided for the next wave here. Anyone who > cherry-picked symptomatic > approaches over a holistic application of depth > defenses are still going to > be hit - and they'll wonder just how it could have > happened again! > > -- > Jeremiah Cornelius, CISSP, CCNA, MCSE > Information Security Technology > email: jcorneli@...mail.com - mobile: 415.235.7689 > > "What would be the use of immortality to a person > who cannot use well a half > hour?" > --Ralph Waldo Emerson > > > --__--__-- > > Message: 4 > From: "Brown, Bobby (US - Hermitage)" > <bobbrown@...oitte.com> > To: full-disclosure@...ts.netsys.com > Date: Wed, 13 Aug 2003 11:04:31 -0500 > Subject: [Full-Disclosure] next blaster variant on > its === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Powered by blists - more mailing lists