lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <41B1FD84D49E05448A4233378E6BF475163C5E@entmsgnt03.fm.frd.fmlh.edu>
From: jheidtke at fmlh.edu (Jerry Heidtke)
Subject: Foundstone Labs to Release Absolutely FREE Tool

The ISS tool (http://www.iss.net/support/product_utilities/ms03-043/)
will do this (display a pop up). In fact, by default, the ISS tools pops
up a message directing people to their website:

------------------------------------------------------------------------
This popup is generated by the "Messenger Service".
A critical bug has been found in this service that
will allow hackers to gain control over this machine.
Microsoft describes the bug at the following URL:

http://www.microsoft.com/technet/security/bulletin/MS03-043.asp

You can protect yourself via the Windows Update
mechanism, or by disabling the "Messenger Service" via
the "Services" control panel.

The following URL provides explains why you received this message and 
additional ways that you can protect your desktop:

http://www.iss.net/support/ms03-043

THIS MESSAGE WILL CONTINUE TO APPEAR UNTIL YOU FIX THIS PROBLEM!
------------------------------------------------------------------------

The message can be customized. As it stands, some people might consider
it to be spam. The tool could be used as a very effective messenger spam
tool. Other messenger spam tools I've seen are more limited in the ports
they can send pop up messages to.

Jerry

-----Original Message-----
From: Brown, Randy (InfoSec) [mailto:randy.brown@...com] 
Sent: Friday, October 17, 2003 10:49 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Foundstone Labs to Release Absolutely
FREE Tool


Nice tool.  Be nice to have a feature that displays a pop-up on the
remote for those instances where folks are on a dial-up, remote...  The
pop-up box could be configured with a message that the user has to do
something...

         Randy
What can Brown do for you?  (tm)


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Michael
Renzmann
Sent: Friday, October 17, 2003 11:13 AM
To: James Foster
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Foundstone Labs to Release Absolutely
FREE Tool


Hi.

James Foster wrote:
> One liner: Our free tool, MessengerScan, is available for free 
> download
> at www.foundstone.com <http://www.foundstone.com/>

Nothing about your tool, but your advertising here sucks. Posting a 
short and factual mail would be fine, but this marketing-speech is 
really misplaced here.

Bye, Mike

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ