lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Jun 2014 10:48:37 +1000
From: surivaton surivaton <>
To: Dave Warren <>
Subject: Re: [FD] TrueCrypt?

Truecrypt is either stupid or its they way of telling everyone
something is wrong.
root@...i:~# fierce -dns
DNS Servers for

Trying zone transfer first...

Whoah, it worked - misconfigured DNS server found:    259200    IN    SOA (
                    2010021509    ; Serial
                    10800    ; Refresh
                    3600    ; Retry
                    604800    ; Expire
                    10800 )    ; Minimum TTL    259200    IN    NS    259200    IN    NS    259200    IN    A    259200    IN    MX    10    259200    IN    TXT    "v=spf1 ip4: -all"    259200    IN    A    259200    IN    A    259200    IN    A    259200    IN    A    259200    IN    A

There isn't much point continuing, you have everything.
Have a nice day.
Who in there right mind lets you do zone transfers.
I mean seriously back in windows server 2003 it was common but god
damn I think they are trying to tell us something.

On 6/5/14, Dave Warren <> wrote:
> On 2014-06-03 04:09, Dave Howe wrote:
>> The issue we have with the current TC builds is that they are not
>> reproducible.
>> The source code is available online, and is in the process of being
>> audited, but there is no guarantee the installer almost all the users
>> have installed TC with contained code actually built from that source.
> claims to have managed to build a reasonably identical build (such that
> the remaining differences can be identified and explained as build
> date/time stamps). The site includes instructions to reproduce the work.
> I haven't tried it personally, but it might be an interesting exercise
> to see if anyone else can independently reproduce the binaries.
> _______________________________________________
> Sent through the Full Disclosure mailing list
> Web Archives & RSS:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists