lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed Jan 11 09:48:36 2006
From: mjcarter at ihug.co.nz (Mike)
Subject: How to Determine My System Vulnerabilities

There is of course the other (remote?) possibility that Eugene's company has
experienced a serious compromise and various mail accounts are now sending
out erroneous emails.

Mike
www.infosec.co.nz

-----Original Message-----
From: Mike [mailto:mjcarter@...g.co.nz] 
Sent: Wednesday, January 11, 2006 10:38 PM
To: 'full-disclosure@...ts.grok.org.uk'
Subject: RE: [Full-disclosure] How to Determine My System Vulnerabilities

You may have nailed it Nick, we used unlocked PCs to shock users into
compliance at my previous company. (One) of the techniques was to send
emails on behalf of the offender.

Looks of surprise and denial from the perceived senders "but I didn't send
that!"
"Lock your PC next time!! And while you're here please re-read this security
policy!"

We only sent to internal addresses though :)

Mike
www.infosec.co.nz

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Nick
FitzGerald
Sent: Wednesday, January 11, 2006 4:56 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] How to Determine My System Vulnerabilities

Eugene.Smith@...s.frb.org wrote:

> I have three servers running Linux Red Hat OS.  I would lke to find a 
> source for information regarding "How Too" when it comes to determining 
> what level of kernel, SSH, PHP, ect my servers are running.  I do know how

> to check some of these things but am looking for someone who is very 
> knowledgeble and is willing to answer questions about this OS.

Do I detect a case of "I went to get coffee without locking my 
terminal"??

(Quickly followed by a case of "HR wants to have a talk with <insert 
one of Eugene Smith's co-workers' names here>"...)


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ