Domain: securepoint.com
Stories and comments across the archive that link to securepoint.com.
Comments · 20
-
Take all the code you want!
> Can I have all your code for free, then?
Sure!
Most of it is floating around without my name attached. A couple tools are in the Bugtraq archives somewhere, though not under this name. There may also be some here and somewhere in here, though I can't keep track of where everything is any more.
Open source is like that, you know. I don't even know who all is using what any more. Especially because I prefer NOT to have my work attributed to me and do most things anonymously or pseudonymously.
-
Re:stupid stupid stupid
doh! posted the wrong URL
http://securepoint.com/lists/html/bugtraq/2007-02/msg00056.html -
Re:The best "no tresspassing" sign you can make
yeah cos linux is really secure, look at the evidence -
Re:Browser shmouser
Java works just fine for Operating Systems, just like LISP did before it. It's just that the idea of *needing* assembly/C for OSes is so ingrained that people can't get over it.
Toy operating systems have been written in lots of languages, dosen't mean they are suited for it, C was developed pretty much from day one to make portable operating systems, the fact that every major operating system family not vendor developed for vendor hardware (e.g. not VMS or the various IBM mainframe OS) are implementated in C should be some indication. Indeed C code can be compiled and executed on far more platfroms than java, e.g. see NetBSD, or the Linux kernel.
Bull. In fact, Java OSes have the potential to be *faster* than today's OSes. Why? Because no hardware protection is needed from code. It's all handled in the memory model, making it impossible for GPF/segfaults to occur.
That sounds reliable, no seriously, the JVM written in what assembler executing with all the applications in supervisor mode, handling hardware interupts and every other little thing ...
And well garbage collection has the potential to improve preformance in some memory usage patterns, not all or even most (and forcing you to use it all the time is one way in which java decreases overall performance.)
Dead. End. Until you can absolutely control the code, someone will always find a way out of your little cage.
And they cant break out of the JVM ? The hardware protection model is at least not circumventable, and virtual machine is no help if you can break out of it
http://msgs.securepoint.com/cgi-bin/get/bugtraq021 1/255.html
It is an old item, I didnt do an exhaustavie search, but it illustrates my point java, suffers from the same potential security problems as the approach suggested with jails, systrace (which is a form of jail), better memory allocation techniques e.g. from openbsd, that catch common off by one errors for instance and kill the program right away (kinda have to fix that before you ship huh).
My point is by improving the security model of the existing OS, even making it more java like e.g. executing in a tightly controled environment with only access to the resources its needs, but not adopting the instruction translation which robs performance, manadatory garbage collection which is only suitable for some patterns of memory usage the broken object finalization model that entails, the fact that object orientated programming is not always the right tool for every problem, java dosent compare to lisp at all, not even close, C++ is a lot closer with template metaprograming, and real generics. It also confers other benefits, it supports both procedural, and object orientated programming as well as the ability to emulate functional programming languages as well. It is just my opinion (but not mine alone) that java is a bad language, and a much worse "platform". Its popular but so was COBOL (which java just over took as the most popular language, says something dosent it ?). I am sure it has its uses but its agan not a panacea and most assuredly not the answer for writing operating systems.
It is hyperbole. Eclipse is a development environment, not a regular desktop app. Comparing footprints there is just silly. I can find you plenty of "native" development environments with very similar footprints.
What? Its an ide, arguably a glorified text editor, it is an order of magnitude less complicated then say a web browser, office suite, or other "desktop applications". And incidently visual studio dosen't have that kind of footprint, not Xcode, not Kdevelop ... -
Re:OpenSSH has problems right now
He's probably talking about the typical default Red Hat server setup, which most of these server farm places rent as a Linux server. A lot of people just rent these and use them as is.
Researching a little on the lists it seems like there are a lot of good suggestions such as "exponential backoff" and keeping track of misbehaving IP addresses but no action on the part of developers for a year or more, and no good reasons given to not put them into use (except what seems like lazyness because it looks like more work).
And it looks like the new sshd_config's "MaxStartups" and other like directives won't help with the brute force issue either.
The strange twist is that if you delay a login for a particular user then an attacker could almost lock out that valid user by keeping his retry delay high. So basing it on the users ID is a bad idea, it looks like tracking abusive IPs is a good way to do it, and it should work even with multible connections, so it has to be multi thread compatible which is more complicated work and that's probably why the developers are so against any changes.
Mailing lists for OpenSSH:
http://www.mindrot.org/mailman/listinfo/openssh-un ix-dev
openssh-unix-dev@mindrot.org
http://msgs.securepoint.com/cgi-bin/get/openssh-un ix-dev-previous.html -
do the same with windows itself...It's interesting that you can do the same type of test with windows utilities as well as described in this Full Disclosure note.
Hi all,
Wanna do a quick test to see if the programmers that wrote your windows operating system have any clue as to what there doing ? Run these
commands from cmd.exe in the system32 directory:
for %i in (*.exe) do start %i %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
for %i in (*.exe) do start %i AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.... (type as much "A"-s as
cmd.exe allows on one line.)
Each command will execute every program in your system32 directory, most
of them will either ignore the parameter or report an error because the
parameter doesn't make sence... But on my win2k system I found 6
programs vulnerable to these very simple formatsting and BoF tests....
grpconv even gives EIP 0x00410041, can it be any easier?
These are not vulnerabilities in itself: you cannot gain access or elevate priviledges but I just wanted to let you know that these programmers did a sloppy job.
Cheers,
SkyLined
-
IE bugs and phishing
The fourth vulnerability (createPopup) has already been exploited in phishing scams for some time now. Initial reports of the exploit only started coming in a couple months ago, even the vulnerability has existed since IE 5.5.
Scammers use it to mask the address bar and/or other browser widgets (such as the secure icon). This exploit is particularly dangerous because it can be used to mask/disguise any part of the user's screen, including other windows or even the start menu.
I submitted it to slashdot over a month ago, but it was never greenlighted. I guess these IE vulnerabilities are so commonplace it takes several at once to make the main page...
-
The holes have been posted, all right
No way we could figure out if he actually tried to email them, but the post/email states that he posted to the Bugtraq list when he found these bugs/holes. If they are in the archive, I'd be inclined to believe him rather than anyone at GameSpy.
You mean like this? It was posted back in June! Try a search for "Luigi Auriemma Gamespy" here and see what you get. -
The holes have been posted, all right
No way we could figure out if he actually tried to email them, but the post/email states that he posted to the Bugtraq list when he found these bugs/holes. If they are in the archive, I'd be inclined to believe him rather than anyone at GameSpy.
You mean like this? It was posted back in June! Try a search for "Luigi Auriemma Gamespy" here and see what you get. -
SpamAssassin rules to filter bounces
-
Re:/dev/null is unacceptable> > Email needs to be reliable communication medium. If a message can not be delivered, it has to be returned to the sender.
> The thing is, the sender was forged. Since the virus scanner knows the message was a virus and correctly identifies it as such, shouldn't it know that the virus uses forged headers? And since it should know the header was forged, it should NOT return the message.
Sure, if the virus scanner is 100% sure that it has identified a virus email. But a lot of times, these things aren't 100%:
- Many people are just blocking all Win32 executables, which could stop a legitimate attempt to send a program. In that case, it would be helpful to say "if this is deliberate, put it in a
.ZIP file" or something. Silently discarding the message is right out. (I do this with a 5XX rejection response after the DATA command.) - Also, many people are discarding the messages by subject. I'm also doing this, because sometimes I get virus emails without the actual attachment payload. (I'm not sure if the virus just doesn't always send it or if it was stripped out en route.) I have gotten legitimate emails with the subject "Thank you!" before. It's acceptable for me for these in the future to be rejected with a "Please change the subject line if this isn't a virus" sort of message. It's not acceptable to me for these to be silently discarded.
- signature-based virus scanners sometimes fail, too. Some software has notes like "disable antivirus software before installing" because they've had trouble with false positives.
I have gotten a lot of fallout myself (over 1000 messages, including bounces, majordomo responses, out of office auto-replies, support tickets, etc.) so I'm sensitive to this problem. After a postfix-users discussion, I decided that my solution of sending 5XX responses is adequate to reduce the amount of fallout for others. See my other post in this topic.
- Many people are just blocking all Win32 executables, which could stop a legitimate attempt to send a program. In that case, it would be helpful to say "if this is deliberate, put it in a
-
Re:Opera is the best!
http://msgs.securepoint.com/cgi-bin/get/bugtraq03
0 3/122.html
http://msgs.securepoint.com/cgi-bin/get/bugtraq030 4/98.html
http://msgs.securepoint.com/cgi-bin/get/bugtraq030 3/347.html
Not as pathetic as IE, although they are still unpatched and Mozilla Firebird(TM) does not feature them ;). -
Re:Opera is the best!
http://msgs.securepoint.com/cgi-bin/get/bugtraq03
0 3/122.html
http://msgs.securepoint.com/cgi-bin/get/bugtraq030 4/98.html
http://msgs.securepoint.com/cgi-bin/get/bugtraq030 3/347.html
Not as pathetic as IE, although they are still unpatched and Mozilla Firebird(TM) does not feature them ;). -
Re:Opera is the best!
http://msgs.securepoint.com/cgi-bin/get/bugtraq03
0 3/122.html
http://msgs.securepoint.com/cgi-bin/get/bugtraq030 4/98.html
http://msgs.securepoint.com/cgi-bin/get/bugtraq030 3/347.html
Not as pathetic as IE, although they are still unpatched and Mozilla Firebird(TM) does not feature them ;). -
Theft (piracy) of the Linux kernel?
OK it's off-topic but enquiring minds want to know... it *seems* (I stress SEEMS) to me that Checkpoint has basically stolen the Linux kernel. They've got a product called "SecurePlatform" which is basically Firewall/1 on a bootable CD, with a custom hardened OS. Well three guesses what OS that is. Yup it's Linux, apparently based off of RedHat with heavy mods. Where's the source? OK I know it's only customers who HAVE to get it under the terms of the GPL but I can't believe none of the customers who bought this product would have put the source up somewhere. So Checkpoint, what's going on? References -- search checkpoint.com for "SecurePlatform" (Produts -> Enterprise). See also http://dir.securepoint.com/Hardening/Linux/ and http://www.ems-global.com/securitynewsletter/secu
r ityvol2issue9.htm -- search for "checkpoint" on those pages. -
Re:Automatic downloads
Riiiggghhht. Java is safe
-
Re:Automatic downloads
Several upatched bugs allow code to escape the sandbox.
-
Re:Opera effected?
Check this out ---
[how]
(real show)
first, realize MS programmers are lazy(= "too busy") and they prefer to
look wise, so you can doubt that they generate a page to load a multimedia
file.
then, check it: i played a small trick: typing
javascript:alert(document.body.innerHTML)
in the address field when the content of MSIE is a JPG file.
soon after confirmation, try the trick and you'll find it doesn't work on
a JPG file because the URL is encoded properly.(that programmer must have
been fired for his defence)
now you may lose self-confidence -- MS is not that foolish.
but thinking about "document.open" hole(not "flaw") will encourage you.
(the essential point!)
then after several tries, you have this document.
(very few steps)
[more?]
this trick may work on other browsers, but i can't test it at present. -
Re:Old News (proof)
-
Re:How long before...
He never stated it was open source
Bullshit.
http://msgs.SecurePoint.com/cgi-bin/get/ipfilter-0 007/110/1.html
Dinivin