Microsoft still hasn't gotten strong encryption right...
2) @hidden_share_listing = open FH "smbclient -l |";
Smbclient will list hidden administrative shares no problem. The $ only hides them at the Explorer level, they are still passed cleartext in SMB.
3) $access_to_C$ = smbrelay()
Smbrelay finally got around to exploiting the sams SMB vulnerabilities that Windows has had since the beginning of time. And Windows 2000, unless run totally natively, is vulnerable to this.
4) This open source nonsense...
Just because the source is closed doesn't mean its more secure, it just means its easier to hide bugs. How many bugs did Win2k have when released?
And WHO REALLY TRUSTS MICROSOFT? With closed source, you're putting absolute trust of everything you do within Microsoft's hands...the same company that is under Federal scrutiny for illegal business practices.
"Who do you want your personal information sold to today?"
5) VB and scripting
Microsoft is the lead distributor of the most insecure programming model in history, COM.
"Which email do you want your web browser to import into Word today?"
6)Microsoft has only been including any security features in their software since around 1995. IMHO, M$ and Linux are on equal security footing...they both suffer from a lack of GSAs.
(Good System Administrators).
Of course you can. Switched networks are vulnerable to ARP poisoning attacks...and are thus vulnerable to sniffing and session hijacking.
Anyone who tells you switched networks are invulnerable to sniffing is lying. Its just a little harder to do. There are some tools (which I won't name, for the sake of my karma) that do both.
...anything that attaches to the head.
It seems counter-intuitive, but could you imagine
using a helmet or visor to play Quake?
I can see the whiplash lawsuits at Id's door now...
"Our client, D34thFr0mAB0V3, suffered a fractured sternum while attempting to 'rail-snap' a third party..."
-t
Samba doesn't have the "client" side functionality that Windows has.
In other words, its hard to trick the target into
making that initial SMB session request.
On a windows system, typing "file://w.x.y.z/blah.txt" will initiate an SMB session request if w.x.y.z is remote. On a linux box, it won't do anything.
-thang
Whoever said that Internet access was a right?
Tuition pays for alot of things, but most often it does not pay for internet access.
Do any of you honestly think that forking over $20 or $40 or even $100 a semester pays for a 10M ethernet connection?
Take a reality check. Most colleges are providing access for RESEARCH and ACADEMIC PURPOSES, not ENTERTAINMENT. If the students were to be charged for the amount of bandwidth they used, they'd be paying $1000's of dollars a month.
My cable modem with Mediaone costs $40 a month at 1.5M. Students get a 10M switched ethernet connection for $35 every 4 months. Do the math.
-Thang
Re:Much better than Sixth Sense (SPOILERS FOR BOTH
on
Review: "Unbreakable"
·
· Score: 1
I don't think you understood the ending of 6th Sense at all.
The whole point was that Willis' character was a ghost who hadn't moved on, which the boy helped him do. You forget that the movie ended with the mother and boy scene, after Willis' character had already come to terms with his death. The scene with him dying on the bed at the END of the movie was a flashback to when he was alive...at the beginning.
-Thang
The SANS Institute GIAC (Global Incident Analysis Center) has been doing this sort of thing since before Y2K. Its continually run and moderated by the leading intrusion detection professionals in the world (namely Northcutt, Breton, Pomeranz, Novak, etc..).
Check it out
Sorry, Intrusion Detection is an art, and requires alot more than posting firewall logs and using nslookup.
-Thang
Slashdot Mirror
1) $admin_passwords = L0phtcrack(\%SAM_Database);
Microsoft still hasn't gotten strong encryption right...
2) @hidden_share_listing = open FH "smbclient -l |";
Smbclient will list hidden administrative shares no problem. The $ only hides them at the Explorer level, they are still passed cleartext in SMB.
3) $access_to_C$ = smbrelay()
Smbrelay finally got around to exploiting the sams SMB vulnerabilities that Windows has had since the beginning of time. And Windows 2000, unless run totally natively, is vulnerable to this.
4) This open source nonsense...
Just because the source is closed doesn't mean its more secure, it just means its easier to hide bugs. How many bugs did Win2k have when released?
And WHO REALLY TRUSTS MICROSOFT? With closed source, you're putting absolute trust of everything you do within Microsoft's hands...the same company that is under Federal scrutiny for illegal business practices.
"Who do you want your personal information sold to today?"
5) VB and scripting
Microsoft is the lead distributor of the most insecure programming model in history, COM.
"Which email do you want your web browser to import into Word today?"
6)Microsoft has only been including any security features in their software since around 1995. IMHO, M$ and Linux are on equal security footing...they both suffer from a lack of GSAs.
(Good System Administrators).
Actually, although I don't use samba much, I'm almost positive that there a netscape plugin that will make netscape use SMB-type browsing.
Incidentally, I tested out netscape, its ITS default behavior for file:// links is FTP...
Of course you can. Switched networks are vulnerable to ARP poisoning attacks...and are thus vulnerable to sniffing and session hijacking.
Anyone who tells you switched networks are invulnerable to sniffing is lying. Its just a little harder to do. There are some tools (which I won't name, for the sake of my karma) that do both.
-t
...anything that attaches to the head. It seems counter-intuitive, but could you imagine using a helmet or visor to play Quake? I can see the whiplash lawsuits at Id's door now... "Our client, D34thFr0mAB0V3, suffered a fractured sternum while attempting to 'rail-snap' a third party..." -t
Samba doesn't have the "client" side functionality that Windows has. In other words, its hard to trick the target into making that initial SMB session request. On a windows system, typing "file://w.x.y.z/blah.txt" will initiate an SMB session request if w.x.y.z is remote. On a linux box, it won't do anything. -thang
"throw out your hubs and move to a switched network fabric" This can help, but of course you can sniff on a switched network ;)
-Thang
Whoever said that Internet access was a right? Tuition pays for alot of things, but most often it does not pay for internet access. Do any of you honestly think that forking over $20 or $40 or even $100 a semester pays for a 10M ethernet connection? Take a reality check. Most colleges are providing access for RESEARCH and ACADEMIC PURPOSES, not ENTERTAINMENT. If the students were to be charged for the amount of bandwidth they used, they'd be paying $1000's of dollars a month. My cable modem with Mediaone costs $40 a month at 1.5M. Students get a 10M switched ethernet connection for $35 every 4 months. Do the math. -Thang
I don't think you understood the ending of 6th Sense at all. The whole point was that Willis' character was a ghost who hadn't moved on, which the boy helped him do. You forget that the movie ended with the mother and boy scene, after Willis' character had already come to terms with his death. The scene with him dying on the bed at the END of the movie was a flashback to when he was alive...at the beginning. -Thang
The SANS Institute GIAC (Global Incident Analysis Center) has been doing this sort of thing since before Y2K. Its continually run and moderated by the leading intrusion detection professionals in the world (namely Northcutt, Breton, Pomeranz, Novak, etc..). Check it out Sorry, Intrusion Detection is an art, and requires alot more than posting firewall logs and using nslookup. -Thang