[Full-Disclosure] Re: Full-disclosure digest, Vol 1 #2020 - 10 msgs

["jialc" <jialc () netpower com cn>]

full-disclosure-request,您好！

        

======= 2004-11-04 01:00:09 您在来信中写道：=======

> Send Full-Disclosure mailing list submissions to
>       full-disclosure () lists netsys com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://lists.netsys.com/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>       full-disclosure-request () lists netsys com
>
> You can reach the person managing the list at
>       full-disclosure-admin () lists netsys com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Today's Topics:
>
>   1. I am NOT out of here hahaha (Frank de Wit)
>   2. Re: I am out of here (Berend-Jan Wever)
>   3. RE: Security (for the common people) in electronic vote? (Sean Crawford)
>   4. [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability (Thierry Carrez)
>   5. Re: I am out of here (Berend-Jan Wever)
>   6. Re: How to clear contents of protected storage - Windows 2000 (Danny)
>   7. Re: How to clear contents of protected storage - Windows 2000 (Danny)
>   8. RE: I am out of here (Banta, Will)
>   9. Re: I am out of here (Barry Fitzgerald)
>  10. Re: I am out of here (kyle l)
>
> --__--__--
>
> Message: 1
> Date: Wed, 03 Nov 2004 11:30:56 +0100
> From: Frank de Wit <frankdewit () home nl>
> CC: full-disclosure () lists netsys com
> Subject: [Full-disclosure] I am NOT out of here hahaha
>
> people talking about politics are usually boring, thinking only about 
> themselves and what they can gain personally by doing politics
> politics have nothing to do with thinking about the wellbeing of 
> people... only the RedCross, SalvationArmy, MSF etc do that
> that's why those people like to mail about offtopic things on this 
> FD-list, they are too stupid to care or understand what they're doing
> personally I have fun pressing the delete key very much lately...
> they are all wrinting blisters on their fingers, and all for nothing 
> because no-one reads it hahaha
> hojje from holland
>
> Ali Campbell wrote:
>
> > Hugo van der Kooij wrote:
> >
> > > Thank you all for turning a security mailinglist into a mudpool in which
> > > throwing around dirt about political candidates has become the prime
> > > objective.
> > >
> > > However that was not my objective when I came to this list so it seems
> > > this list has become rather useless to me.
> > >
> > > Quite a pity. But that is full-disclosure for you.
> > >
> > > So long and thanks for all the fish.
> > >
> > > Hugo.
> >
> > Me too. I'm unsubscribing. Have a nice day.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> --__--__--
>
> Message: 2
> From: "Berend-Jan Wever" <skylined () edup tudelft nl>
> To: <full-disclosure () lists netsys com>
> Subject: Re: [Full-disclosure] I am out of here
> Date: Wed, 3 Nov 2004 14:34:34 +0100
>
> If you can't stand the heat, get out of the kitchen!
>
> Cheers,
> SkyLined
>
>
> --__--__--
>
> Message: 3
> Reply-To: <sean01 () accnet com au>
> From: "Sean Crawford" <sean01 () accnet com au>
> To: <full-disclosure () lists netsys com>
> Subject: RE: [Full-disclosure] Security (for the common people) in electronic vote?
> Date: Thu, 4 Nov 2004 01:05:47 +1100
>
> Now Australian and the US both have angry gnomes as the heads of state.....
>
> Flame me off list please....
>
>
>
> ---> 
> ---> -----Messaggio originale-----
> ---> Surprise!
> ---> 
> ---> with electronic vote win Bush,
> ---> so we've made a great scientific discover:
> ---> in information technology bits=bush :-)
> ---> 
> ---> Tiziano Radice
>
>
> --__--__--
>
> Message: 4
> Date: Wed, 03 Nov 2004 15:06:32 +0100
> From: Thierry Carrez <koon () gentoo org>
> Organization: Gentoo Linux
> To: gentoo-announce () gentoo org
> CC: bugtraq () securityfocus com, full-disclosure () lists netsys com,
>   security-alerts () linuxsecurity com
> Subject: [Full-disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability
>
> This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
> --------------enig76CB791339E9D081EAF57416
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory                           GLSA 200411-07
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>                                            http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>  Severity: Normal
>     Title: Proxytunnel: Format string vulnerability
>      Date: November 03, 2004
>      Bugs: #69379
>        ID: 200411-07
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Synopsis
> ========
>
> Proxytunnel is vulnerable to a format string vulnerability, potentially
> allowing a remote server to execute arbitrary code with the rights of
> the Proxytunnel process.
>
> Background
> ==========
>
> Proxytunnel is a program that tunnels connections to a remote server
> through a standard HTTPS proxy.
>
> Affected packages
> =================
>
>    -------------------------------------------------------------------
>     Package               /  Vulnerable  /                 Unaffected
>    -------------------------------------------------------------------
>  1  net-misc/proxytunnel       < 1.2.3                       >= 1.2.3
>
> Description
> ===========
>
> Florian Schilhabel of the Gentoo Linux Security Audit project found a
> format string vulnerability in Proxytunnel. When the program is started
> in daemon mode (-a [port]), it improperly logs invalid proxy answers to
> syslog.
>
> Impact
> ======
>
> A malicious remote server could send specially-crafted invalid answers
> to exploit the format string vulnerability, potentially allowing the
> execution of arbitrary code on the tunnelling host with the rights of
> the Proxytunnel process.
>
> Workaround
> ==========
>
> You can mitigate the issue by only allowing connections to trusted
> remote servers.
>
> Resolution
> ==========
>
> All Proxytunnel users should upgrade to the latest version:
>
>    # emerge --sync
>    # emerge --ask --oneshot --verbose ">=net-misc/proxytunnel-1.2.3"
>
> References
> ==========
>
>  [ 1 ] CAN-2004-0992
>        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0992
>  [ 2 ] Proxytunnel News
>        http://proxytunnel.sourceforge.net/news.html
>
> Availability
> ============
>
> This GLSA and any updates to it are available for viewing at
> the Gentoo Security Website:
>
>  http://security.gentoo.org/glsa/glsa-200411-07.xml
>
> Concerns?
> =========
>
> Security is a primary focus of Gentoo Linux and ensuring the
> confidentiality and security of our users machines is of utmost
> importance to us. Any security concerns should be addressed to
> security () gentoo org or alternatively, you may file a bug at
> http://bugs.gentoo.org.
>
> License
> =======
>
> Copyright 2004 Gentoo Foundation, Inc; referenced text
> belongs to its owner(s).
>
> The contents of this document are licensed under the
> Creative Commons - Attribution / Share Alike license.
>
> http://creativecommons.org/licenses/by-sa/1.0
>
>
> --------------enig76CB791339E9D081EAF57416
> Content-Type: application/pgp-signature; name="signature.asc"
> Content-Description: OpenPGP digital signature
> Content-Disposition: attachment; filename="signature.asc"
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFBiOXtvcL1obalX08RAnYnAJwIshpFa+FYWxodGye7GhzXT3u/4QCfezXh
> UCoNhH9Pa2ynywjd+lSdtUk=
> =WJOx
> -----END PGP SIGNATURE-----
>
> --------------enig76CB791339E9D081EAF57416--
>
>
> --__--__--
>
> Message: 5
> From: "Berend-Jan Wever" <skylined () edup tudelft nl>
> To: <full-disclosure () lists netsys com>
> Subject: Re: [Full-disclosure] I am out of here
> Date: Wed, 3 Nov 2004 15:39:02 +0100
>
> > If you can't stand the heat, get out of the kitchen!
>
> And btw: if you're not cooking, get the fuck out too!
>
> Cheers,
> SkyLined
>
>
>
> --__--__--
>
> Message: 6
> Date: Wed, 3 Nov 2004 09:56:31 -0500
> From: Danny <nocmonkey () gmail com>
> Reply-To: Danny <nocmonkey () gmail com>
> To: 3APA3A <3apa3a () security nnov ru>
> Subject: Re: [Full-disclosure] How to clear contents of protected storage - Windows 2000
> Cc: full-disclosure () lists netsys com
>
> On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a () security nnov ru> wrote:
> > Dear Danny,
> >
> > You can use Cain & Abel (http://www.oxid.it).
>
> Hi 3APA3A,
>
> Thank you for the tip. For this particular job, it does not display
> all of the entries listed from pstoreview.exe, specifically the
> INETCOMM Server passwords.
>
> Anything else I can try?
>
> ...D
>
>
> --__--__--
>
> Message: 7
> Date: Wed, 3 Nov 2004 10:15:36 -0500
> From: Danny <nocmonkey () gmail com>
> Reply-To: Danny <nocmonkey () gmail com>
> To: 3APA3A <3apa3a () security nnov ru>
> Subject: Re: [Full-disclosure] How to clear contents of protected storage - Windows 2000
> Cc: full-disclosure () lists netsys com
>
> On Wed, 3 Nov 2004 09:56:31 -0500, Danny <nocmonkey () gmail com> wrote:
> > On Wed, 3 Nov 2004 11:32:40 +0300, 3APA3A <3apa3a () security nnov ru> wrote:
> > > Dear Danny,
> > >
> > > You can use Cain & Abel (http://www.oxid.it).
> >
> > Hi 3APA3A,
> >
> > Thank you for the tip. For this particular job, it does not display
> > all of the entries listed from pstoreview.exe, specifically the
> > INETCOMM Server passwords.
> >
> > Anything else I can try?
>
> I found passview from nirsoft. Works. Case closed.
>
> ..D
>
>
> --__--__--
>
> Message: 8
> Subject: RE: [Full-disclosure] I am out of here
> Date: Wed, 3 Nov 2004 09:58:06 -0600
> From: "Banta, Will" <Will.Banta () broadwing com>
> To: <full-disclosure () lists netsys com>
>
> > Thank you all for turning a security mailinglist into a mudpool in
> which throwing around dirt about political candidates has become
> > the prime objective.
>
> What we've seen on this list only serves to show how important this
> election is to many people the world over, not just Americans.
> The drama will subside and people will return to business. All you need
> do is wait it out and ignore the obvious OT stuff if you're
> uninterested. Granted people might be more judicious in their use of
> "reply all" over "reply". 
>
> > However that was not my objective when I came to this list so it seems
> this list has become rather useless to me.
>
> What was your objective in coming to this list?
>
> > Quite a pity. But that is full-disclosure for you.
>
> I haven't been on this list long, but I've benefited from your posts so
> I think the pity is that you've decided to "take your blocks" and stalk
> off like a child.
>
> > So long and thanks for all the fish.
>
> There's more fish so why not stay awhile longer?
>
>
> >      I hate duplicates. Just reply to the relevant mailinglist.
> >      hvdkooij () vanderkooij org
> http://hvdkooij.xs4all.nl/
> >              Don't meddle in the affairs of magicians,
> >              for they are subtle and quick to anger.
>
>
> --__--__--
>
> Message: 9
> Date: Wed, 03 Nov 2004 11:02:13 -0500
> From: Barry Fitzgerald <bkfsec () sdf lonestar org>
> To: Berend-Jan Wever <skylined () edup tudelft nl>
> CC: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] I am out of here
>
> Berend-Jan Wever wrote:
>
> > > If you can't stand the heat, get out of the kitchen!
> > >    
> >
> > And btw: if you're not cooking, get the fuck out too!
> >
> >  
> Yeah - how hard is it to hit delete anyway?
>
> (I don't think I've ever joined a mailing list expecting every post to 
> be interesting to me... nor even the majority.  It seems like an 
> unrealistic expectation.)
>
>          -Barry
>
>
> --__--__--
>
> Message: 10
> Date: Wed, 3 Nov 2004 10:32:46 -0600
> From: kyle l <wtfbomb () gmail com>
> Reply-To: kyle l <wtfbomb () gmail com>
> To: Berend-Jan Wever <skylined () edup tudelft nl>
> Subject: Re: [Full-disclosure] I am out of here
> Cc: full-disclosure () lists netsys com
>
> so stop bitching... it's people like you and people like me who waste
> their time sending the types of messages like this that piss everyone
> off
>
> if it didnt happen in the first place there would not be a problem
>
> consider this next time you feel the need to inform us about leaving
> the mailing list; we really dont care.
>
> honestly.
>
>
>
> [http://www.eleat.org]
>
>
> On Wed, 3 Nov 2004 15:39:02 +0100, Berend-Jan Wever
> <skylined () edup tudelft nl> wrote:
> > > If you can't stand the heat, get out of the kitchen!
> >
> > And btw: if you're not cooking, get the fuck out too!
> >
> >
> >
> > Cheers,
> > SkyLined
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
> --__--__--
>
> _______________________________________________
> Full-Disclosure mailing list
> Full-Disclosure () lists netsys com
> http://lists.netsys.com/mailman/listinfo/full-disclosure
>
>
> End of Full-Disclosure Digest

= = = = = = = = = = = = = = = = = = = =
                        

　　　　　　　　致
礼！
 
                                 
　　　　　　　　jialc
　　　　　　　　jialc () netpower com cn
　　　　　　　　　　2004-11-11

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html