We just cannot let libraries protect terrorits. Imagine if a big "mushroom cloud" were to blow Washington, and we later found out that the author of this crime once borrowed a nuclear science book!
Science books and books with a bias against the US should also be banned. Anyone saying the opposite is against the Homeland Security!!
But keep both feets on the ground, because you're not and (probably) will never be rich enough to spend millions on toys.
This is nice and all... but it remains toys. I dont think anyone really need a plasma screen instead of a regular mirror for shaving, but hey, its cool.
We're like mechanics looking at a movie star's custom ferrari.
From: sh@phion.com [mailto:sh@phion.com] Sent: Thursday, September 26, 2002 5:44 AM To: bugtraq@securityfocus.com Subject: Microsoft PPTP Server and Client remote vulnerability
phion Security Advisory 26/09/2002
Microsoft PPTP Server and Client remote vulnerability
Summary
The Microsoft PPTP Service shipping with Windows 2000 and XP contains a
remotely exploitable pre-authentication bufferoverflow.
Affected Systems
Microsoft Windows 2000 and XP running either a PPTP Server or Client.
Impact
With a specially crafted PPTP packet it is possible to overwrite kernel
memory.
A DoS resulting in a lockup of the machine has been verified on
Windows 2000 SP3 and Windows XP.
A remote compromise should be possible deploying proper shellcode,
as we were able to fill EDI and EDX with our data.
Clients are vulnerable too, because the Service always listens on port
1723 on any interface of the machine, this might be of special concern
to DSL users which use PPTP to connect to their modem.
Solution
As a temporary solution for the Client issue, one might firewall the PPTP
port in the Internet Connection Firewall for Windows XP.
We dont know of any solution for Windows 2000 and Windows XP PPTP servers.
The vendor has been informed.
Acknowledgements
The bug has been discovered by Stephan Hoffmann and Thomas Unterleitner
on behalf of phion Information Technologies.
Contact Information
phion Information Technologies can be reached via:
office@phion.com / http://www.phion.com
Stephan Hoffmann can be reached via:
sh@phion.com
Thomas Unterleitner can be reached via:
t.unterleitner@phion.com
References
[1] phion Information Technologies
http://www.phion.com/
Exploit
phion Information Technologies will not provide an exploit for this issue.
Disclaimer
This advisory does not claim to be complete or to be usable for any
purpose.
This advisory is free for open distribution in unmodified form.
Articles or Publications that are based on information from this advisory
have to include link [1].
From: Ron DuFresne [mailto:dufresne@winternet.com] Sent: Tuesday, September 24, 2002 9:54 AM To: firewalls@isc.org Subject: Slapper worm redux;
Those folks relying upon security through obscurity might well wish to get on the ball and fully patch-up;
September 23 VNUNET.COM. A suspect has been arrested on suspicion of authoring the Slapper worm. But although the threat of the worm seems to have been short-lived, a new variant is already set to take up where its predecessor left off. Although the ISC's 'most attacked ports' chart no longer features Slapper in its Top 10 a variant, Slapper.B, has been spotted in the wild. Slapper.B has several subtle differences, but is for the most part an updated version of its predecessor. Both worms attempt to exploit a known vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process. The two variants also carry the same payload, a password-protected backdoor and denial of service (DoS) capabilities. ISS's Morgan said that with the new variant on the loose his company had calculated that about 10,000 servers were probably now infected, and that the network was probably going to be used for DoS attacks. He added that it was unlikely the original author created the second worm. "It was significant that source code for the original Slapper was distributed within the computer underground immediately after the worm was detected in the wild," he said. Source: http://www.vnunet.com/News/1135274
-- "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
The thing is, it is not like opening your mailbox.
Its more like walking in spawn shops to see if they are selling anything illegal.
You are INVITING people to come and look at your stuff when you share it on Kazaa. It's not like if they, without your consent, used a security bug to look in your private data. A pawn shop could not say "I never authorized policemen in my pawn shop to look at my stuff for sale" if there is a big sign outside and welcome everyone.
You cannot sell drugs in a bar and put a sign outside saying "anyone but cops can get inside", and then when they bust you say something like "I never authorized them to get in!". If me, mister internet citizen no name you've never heard about, is authorized to look at your stuff, then everyone is. Including law enforcement people.
Entering in a house where the door is unlocked is more like getting unauthorized access to a server.
Sharing copyrighted materials on a P2P network is more like having a website distributing warez. Sure, you can say "hey I never authorized you to probe my port 80 for illegal http content", but you willingly let the door open for everyone. It's not like if they hacked into your computer system.
If you give the opportunity to everyone on the internet to open the door and take stuff (like sharing on a P2P network), your analogy doesnt work anymore.
"I dont know with what weapons will be fought the third world war, but I know the fourth will be fought with sticks and rocks".
Re:Useful, but not necessary
on
Programming PHP
·
· Score: 1
I used to read documentation with my laptop while in my bath. Way cheaper than buying those dead tree books.
I thought it was a good idea until I had to call tech support and they told me that it was not considered 'normal use' for the warranty. It only takes tech support people to say that taking a bath/shower is not normal I guess.
Does anyone remember the episode where Dilbert becomes the project manager for an electronic voting system?
Then politicians try to buy him with a smoking chick:)
Here are some quotes from that episode for you fellow slashdotters:
Quotes from Ethics
Asok: "Oh, my, this is so not in my job description. I don't think I can possibly..." Boss: "Stop whining and start slathering."
Boss: "There sure is a lot of weather today, all up there in the sky."
Loud Howard: "I always vote for the tallest guy. The tall ones are better."
Alice: "What's the old familiarity technique?" Wally: "It involves spending so much time with a woman that she gets used to your faults. It's like falling in love, but without the expense."
Dilbert: "How did you get Ben Franklin's body?" Garbage man: "You'd be surprised what people throw out."
Garbage man: "Keep your shirt on." Dilbert: "I had no intention of taking it off." Garbage man: "You make it hard for people to help you."
Dilbert: "I have an ethical question about our democratic system." Ben Franklin: "Ah, yes, by now I suppose you've figured out it was all a big joke." Dilbert: "What?" Garbage man: "He doesn't know." Ben Franklin: "Nevermind."
Ben Franklin: "The average voter can't find his bunghole with two hands. You don't want to leave it up to them, do you?"
Loud Howard: "Thanks to your internet voting network, no one will ever have to vote thirsty again."
Asok: "Hey! Look at me! I'm voting and I'm not even a citizen."
Re:Kind of Bummed - Just Brute Force
on
Awari Solved
·
· Score: 1
In fact, calculating every possible combinations of beads after your move is probably the only way to play this game _perfect_.
Heuristics could do a good job always winning against a human, but playing perfect has a different meaning. With chess, we use different heuristics to 'estimate' the next best move. The computer can't play perfect because there are too many possible board configurations (way more than this game).
"If this theory holds true it may explain why some humans who are repeatedly exposed to HIV don't get sick."
If you do not have HIV and expose yourself repeatedly to HIV, you probably dont know about it!
Where does the idea of some people being immune to HIV come from? Have anyone heard about someone who slept without any protection, many times, with a girl who had HIV, and got away with it?
There is many hops between you and the server/clients elsewhere on the net with who you want to transfer data. You want a "T1", and want to know the difference between a bad and a good T1.
I am no network ingeneer or have the pretention to know anything about this but here is how I see it:
A T1 is the speed of a link. When jumping a hop, that measure is not anymore a good one. The next hop, out of your provider, will probably not have only you for client. Then it depends of the speed of its external link and the number of clients * the utilisation of theses clients.
My cablemodem provider does not have an external link to the net fast enough to support the number of its clients * the speed I can get.
And where is the data routed when it leaves your ISP? Maybe it can be a factor...
The ultimate test would be to use few servers, placed in areas where you will often transfer data.
Then transfer many packets of a fixed length, and check on the other side the latency and the throughput (with each one). Repeat again every 2 hours, everyday, for x days, using both T1 providers. Compare the results... Depending of the quality of the ISP external link (and who's at the other end), and the traffic generated by the other clients, you will get different results...
From: aleph1@securityfocus.com [mailto:aleph1@securityfocus.com] Sent: Wednesday, July 17, 2002 5:28 PM To: bugtraq@securityfocus.com Subject: Administrivia: Symantec acquiring SecurityFocus
Good day,
Today, SecurityFocus and Symantec announced that Symantec is acquiring SecurityFocus. Symantec sees real value in the services SecurityFocus provides to its customers and believes they are an excellent fit with their current offerings. We at SecurityFocus see this as an opportunity to provide even better services for the security community.
Symantec recognizes the value and uniqueness of the public services SecurityFocus provides to the community, such as the numerous mailing lists we host and the content we provide via the SecurityFocus Online web site.
In particular, Symantec and SecurityFocus want to ease any fears as to whether the character of this mailing list will change.
Frequently Asked Questions:
Q. What is the Symantec strategy for keeping data sources?
A. We believe it is critical to maintain the integrity of the existing
security community currently part of the SecurityFocus portal and
Bugtraq mailing list.
Q. What is Symantec's disclosure policy?
A. Symantec believes in responsible vulnerability disclosure and is active
in initiatives to set best practices in this area. Our first priority
is to help our customers protect their computing assets by providing
tools and information to safeguard their systems.
We will work with vendors, if we discover vulnerabilities in other
products, to report and investigate the issue in a thorough and timely
fashion, in the same way that Symantec will work with other security
researchers if they find an issue with any Symantec technology.
We observe a 30-day grace period after the notification of a security
advisory to give users an opportunity to apply the patch. During this
grace period, we provide our customers significant information about
the vulnerability and the fix, but not step-by-step instructions for
exploiting the vulnerability. We do not provide detailed exploit code
or provide samples of malicious code except to other trusted security
researchers and in a secured manner.
Q. Will Symantec change SecurityFocus' vulnerability reporting policy?
A. We believe that in order for the SecurityFocus/Bugtraq community to be
effective, it must be an independent entity. We believe that its
current disclosure policy is appropriate for the venue. Symantec will
continue to operate with its separate disclosure policy.
Sincerly, Elias Levy, David Ahmad, and the rest of the SecurityFocus staff
I am about to buy a mini digital camera. Maybe a small aiptek pencam camera or a logitech credit card sized camera. Picture quality is not great, but I want something I can carry around wherever I go, without thinking about it.
I already carry a cell phone, so for someone like me one with an integrated digital camera could be very nice.
Slashdot Mirror
Security first.
We just cannot let libraries protect terrorits. Imagine if a big "mushroom cloud" were to blow Washington, and we later found out that the author of this crime once borrowed a nuclear science book!
Science books and books with a bias against the US should also be banned. Anyone saying the opposite is against the Homeland Security!!
Don't forget their stock holders :)
:)
I bought some AMD at 8.50$ this summer and felt pretty bad when it fell to 3.50$... I should have waited until then to buy. It's now back at 6.14$.
If they Intel loose this appeal AMD stocks will probably go higher, hopefully over what I paid for it.
This is good news
Did you know Dick Cheney was chief executive officer of Halliburton, a huge oil company?
Anyone shocked by the fact that Philip Morris, a tobacco company, is in the top 5 all time donors?
Yeah of course it's China!
Here is the proof!
But keep both feets on the ground, because you're not and (probably) will never be rich enough to spend millions on toys.
This is nice and all... but it remains toys. I dont think anyone really need a plasma screen instead of a regular mirror for shaving, but hey, its cool.
We're like mechanics looking at a movie star's custom ferrari.
Are you telling me I can make 83,200$ US a year just working one hour a day, sending millions of emails?
Where do I sign up?
"It will certainly be the best KDE ever."
Better than the future releases? Woah, I must download that now.
find it ironic that the "Ability to play mp3s and oggs" comes in fourth position (in order of importance)?
I mean, it is better if the device is user friendly and can't play mp3/ogg than if it isnt user friendly and do everything you want?
From: sh@phion.com [mailto:sh@phion.com]
Sent: Thursday, September 26, 2002 5:44 AM
To: bugtraq@securityfocus.com
Subject: Microsoft PPTP Server and Client remote vulnerability
phion Security Advisory 26/09/2002
Microsoft PPTP Server and Client remote vulnerability
Summary
The Microsoft PPTP Service shipping with Windows 2000 and XP contains a
remotely exploitable pre-authentication bufferoverflow.
Affected Systems
Microsoft Windows 2000 and XP running either a PPTP Server or Client.
Impact
With a specially crafted PPTP packet it is possible to overwrite kernel
memory.
A DoS resulting in a lockup of the machine has been verified on
Windows 2000 SP3 and Windows XP.
A remote compromise should be possible deploying proper shellcode,
as we were able to fill EDI and EDX with our data.
Clients are vulnerable too, because the Service always listens on port
1723 on any interface of the machine, this might be of special concern
to DSL users which use PPTP to connect to their modem.
Solution
As a temporary solution for the Client issue, one might firewall the PPTP
port in the Internet Connection Firewall for Windows XP.
We dont know of any solution for Windows 2000 and Windows XP PPTP servers.
The vendor has been informed.
Acknowledgements
The bug has been discovered by Stephan Hoffmann and Thomas Unterleitner
on behalf of phion Information Technologies.
Contact Information
phion Information Technologies can be reached via:
office@phion.com / http://www.phion.com
Stephan Hoffmann can be reached via:
sh@phion.com
Thomas Unterleitner can be reached via:
t.unterleitner@phion.com
References
[1] phion Information Technologies
http://www.phion.com/
Exploit
phion Information Technologies will not provide an exploit for this issue.
Disclaimer
This advisory does not claim to be complete or to be usable for any
purpose.
This advisory is free for open distribution in unmodified form.
Articles or Publications that are based on information from this advisory
have to include link [1].
From: Ron DuFresne [mailto:dufresne@winternet.com]
Sent: Tuesday, September 24, 2002 9:54 AM
To: firewalls@isc.org
Subject: Slapper worm redux;
Those folks relying upon security through obscurity might well wish to get
on the ball and fully patch-up;
September 23 VNUNET.COM.
A suspect has been arrested on suspicion of authoring the Slapper worm.
But although the threat of the worm seems to have been short-lived, a new
variant is already set to take up where its predecessor left off. Although
the ISC's 'most attacked ports' chart no longer features Slapper in its
Top 10 a variant, Slapper.B, has been spotted in the wild. Slapper.B has
several subtle differences, but is for the most part an updated version of
its predecessor. Both worms attempt to exploit a known vulnerability in
the Secure Sockets Layer 2.0 (SSLv2) handshake process. The two variants
also carry the same payload, a password-protected backdoor and denial of
service (DoS) capabilities. ISS's Morgan said that with the new variant on
the loose his company had calculated that about 10,000 servers were
probably now infected, and that the network was probably going to be used
for DoS attacks. He added that it was unlikely the original author created
the second worm. "It was significant that source code for the original
Slapper was distributed within the computer underground immediately after
the worm was detected in the wild," he said. Source:
http://www.vnunet.com/News/1135274
--
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
I want this beside my router!
The thing is, it is not like opening your mailbox.
Its more like walking in spawn shops to see if they are selling anything illegal.
You are INVITING people to come and look at your stuff when you share it on Kazaa. It's not like if they, without your consent, used a security bug to look in your private data. A pawn shop could not say "I never authorized policemen in my pawn shop to look at my stuff for sale" if there is a big sign outside and welcome everyone.
You cannot sell drugs in a bar and put a sign outside saying "anyone but cops can get inside", and then when they bust you say something like "I never authorized them to get in!". If me, mister internet citizen no name you've never heard about, is authorized to look at your stuff, then everyone is. Including law enforcement people.
This is not a good analogy.
Let me explain my point of view:
Entering in a house where the door is unlocked is more like getting unauthorized access to a server.
Sharing copyrighted materials on a P2P network is more like having a website distributing warez. Sure, you can say "hey I never authorized you to probe my port 80 for illegal http content", but you willingly let the door open for everyone. It's not like if they hacked into your computer system.
If you give the opportunity to everyone on the internet to open the door and take stuff (like sharing on a P2P network), your analogy doesnt work anymore.
Albert Einstein once said something like:
"I dont know with what weapons will be fought the third world war, but I know the fourth will be fought with sticks and rocks".
I used to read documentation with my laptop while in my bath. Way cheaper than buying those dead tree books.
I thought it was a good idea until I had to call tech support and they told me that it was not considered 'normal use' for the warranty. It only takes tech support people to say that taking a bath/shower is not normal I guess.
Does anyone remember the episode where Dilbert becomes the project manager for an electronic voting system?
:)
Then politicians try to buy him with a smoking chick
Here are some quotes from that episode for you fellow slashdotters:
Quotes from Ethics
Asok: "Oh, my, this is so not in my job description. I don't think I can possibly..."
Boss: "Stop whining and start slathering."
Boss: "There sure is a lot of weather today, all up there in the sky."
Loud Howard: "I always vote for the tallest guy. The tall ones are better."
Alice: "What's the old familiarity technique?"
Wally: "It involves spending so much time with a woman that she gets used to your faults. It's like falling in love, but without the expense."
Dilbert: "How did you get Ben Franklin's body?"
Garbage man: "You'd be surprised what people throw out."
Garbage man: "Keep your shirt on."
Dilbert: "I had no intention of taking it off."
Garbage man: "You make it hard for people to help you."
Dilbert: "I have an ethical question about our democratic system."
Ben Franklin: "Ah, yes, by now I suppose you've figured out it was all a big joke."
Dilbert: "What?"
Garbage man: "He doesn't know."
Ben Franklin: "Nevermind."
Ben Franklin: "The average voter can't find his bunghole with two hands. You don't want to leave it up to them, do you?"
Loud Howard: "Thanks to your internet voting network, no one will ever have to vote thirsty again."
Asok: "Hey! Look at me! I'm voting and I'm not even a citizen."
In fact, calculating every possible combinations of beads after your move is probably the only way to play this game _perfect_.
Heuristics could do a good job always winning against a human, but playing perfect has a different meaning. With chess, we use different heuristics to 'estimate' the next best move. The computer can't play perfect because there are too many possible board configurations (way more than this game).
"If this theory holds true it may explain why some humans who are repeatedly exposed to HIV don't get sick."
If you do not have HIV and expose yourself repeatedly to HIV, you probably dont know about it!
Where does the idea of some people being immune to HIV come from? Have anyone heard about someone who slept without any protection, many times, with a girl who had HIV, and got away with it?
There is many hops between you and the server/clients elsewhere on the net with who you want to transfer data. You want a "T1", and want to know the difference between a bad and a good T1.
I am no network ingeneer or have the pretention to know anything about this but here is how I see it:
A T1 is the speed of a link. When jumping a hop, that measure is not anymore a good one. The next hop, out of your provider, will probably not have only you for client. Then it depends of the speed of its external link and the number of clients * the utilisation of theses clients.
My cablemodem provider does not have an external link to the net fast enough to support the number of its clients * the speed I can get.
And where is the data routed when it leaves your ISP? Maybe it can be a factor...
The ultimate test would be to use few servers, placed in areas where you will often transfer data.
Then transfer many packets of a fixed length, and check on the other side the latency and the throughput (with each one). Repeat again every 2 hours, everyday, for x days, using both T1 providers. Compare the results... Depending of the quality of the ISP external link (and who's at the other end), and the traffic generated by the other clients, you will get different results...
Good luck in your quest
The famous website The Register prohibits linking to its stories... Seems to be only from their own ISP, but I have no time to investigate further.
Link to the Kuro5hin article
discussion at ArsTechnica
He forgot to comment #11.
Using a good VPN can help. Virtual private networks are used to link computers over insecure connections.
Many of them would need the attacker to have a much higher level of sophistication. (Use a firewall to block everything but the VPN port)
From: aleph1@securityfocus.com [mailto:aleph1@securityfocus.com]
Sent: Wednesday, July 17, 2002 5:28 PM
To: bugtraq@securityfocus.com
Subject: Administrivia: Symantec acquiring SecurityFocus
Good day,
Today, SecurityFocus and Symantec announced that Symantec is acquiring
SecurityFocus. Symantec sees real value in the services SecurityFocus
provides to its customers and believes they are an excellent fit with
their current offerings. We at SecurityFocus see this as an opportunity to
provide even better services for the security community.
Symantec recognizes the value and uniqueness of the public services
SecurityFocus provides to the community, such as the numerous mailing
lists we host and the content we provide via the SecurityFocus Online web
site.
In particular, Symantec and SecurityFocus want to ease any fears as to
whether the character of this mailing list will change.
Frequently Asked Questions:
Q. What is the Symantec strategy for keeping data sources?
A. We believe it is critical to maintain the integrity of the existing
security community currently part of the SecurityFocus portal and
Bugtraq mailing list.
Q. What is Symantec's disclosure policy?
A. Symantec believes in responsible vulnerability disclosure and is active
in initiatives to set best practices in this area. Our first priority
is to help our customers protect their computing assets by providing
tools and information to safeguard their systems.
We will work with vendors, if we discover vulnerabilities in other
products, to report and investigate the issue in a thorough and timely
fashion, in the same way that Symantec will work with other security
researchers if they find an issue with any Symantec technology.
We observe a 30-day grace period after the notification of a security
advisory to give users an opportunity to apply the patch. During this
grace period, we provide our customers significant information about
the vulnerability and the fix, but not step-by-step instructions for
exploiting the vulnerability. We do not provide detailed exploit code
or provide samples of malicious code except to other trusted security
researchers and in a secured manner.
Q. Will Symantec change SecurityFocus' vulnerability reporting policy?
A. We believe that in order for the SecurityFocus/Bugtraq community to be
effective, it must be an independent entity. We believe that its
current disclosure policy is appropriate for the venue. Symantec will
continue to operate with its separate disclosure policy.
Sincerly,
Elias Levy, David Ahmad,
and the rest of the SecurityFocus staff
Depends of your needs.
I am about to buy a mini digital camera. Maybe a small aiptek pencam camera or a logitech credit card sized camera. Picture quality is not great, but I want something I can carry around wherever I go, without thinking about it.
I already carry a cell phone, so for someone like me one with an integrated digital camera could be very nice.
Here it is. This is a quite attractive digital camera.
:)
I need to place a bid