Next Page >>
Hammer of God
> Virginia Tech
>
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
> same time I think they send a message about XP users being on shaky
>>> Virginia Tech
>>>
>>> -----Original Message-----
>>> From: Larry Seltzer [mailto:larry@larryseltzer.com] Sent: Wednesday,
>>> September 16, 2009 5:03 PM
>>> To: Susan Bradley; Thor (Hammer of God)
>>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>>> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>>
>>> Yes, they used the bulletin to soft-pedal the description, but at the
>>> same time I think they send a message about XP users being on shaky
Virginia Tech
-----Original Message-----
From: Larry Seltzer [mailto:larry@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
> Virginia Tech
>
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
> same time I think they send a message about XP users being on shaky
t
From: Rohit Patnaik [mailto:quanticle@gmail.com]
Sent: Tuesday, December 15, 2009 6:29 PM
To: Thor (Hammer of God)
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] File Access Vulnerability in Easy File Sharing Web Server
Wow. Very nice find. One question: all the cited tools are Windows executables. Has there been any attempt to run the database viewer in Linux via Wine? I'm wondering if I'm going to have to set up a VM to try to confirm this, or if I can try to do this via Wine.
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only "default" for people running XP standalone/consumer that are
not even in a home network settings.
On Fri, Jan 15, 2010 at 12:15 PM, Gadi Evron <ge@linuxbox.org> wrote:
>
> On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
>>
>> I could only imagine. The other problem is that many people seem to think I'm saying something against the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist). They don't seem to get the clear distinction (to me) between the Chinese people and China's network. It's the machines I'm concerned with the attacks coming from those machine. Just because the machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against the machines. However, that unfortunately comes across to those who choose not to think it through as me saying something against the Chinese themselves.
>>
>> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational, and to have something to rail about. In the face of the reality of China's horribly infected network, when I suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice and a racist.
>
sub set of customer base.
(Bottom line, yes, the marketing team definitely got a hold of that
bulletin)
Thor (Hammer of God) wrote:
> Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
>
> 1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
>
> 2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
-Alex
-----Original Message-----
From: gjgowey@tmo.blackberry.net [mailto:gjgowey@tmo.blackberry.net]
Sent: Thursday, October 11, 2007 8:28 AM
To: pdp (architect); Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
Not to step in to the middle of this, but I once worked for an employer with what I considered the best way of stopping attacks cold: a proxy server that prompted you for your credentials when you went to an external web site and gp settings that disabled the ability to save your username/password locally as well as tight settings on the systems to prevent pretty much anything from being installed or modified. So everytime you opened up a brand new session of ie and tried to access an external site you were prompted for your username/password. Somehow I doubt there's any malware around that is designed to survive in that type of an environment.
https://abegetchell.com/
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@isatools.org]
> Sent: Sunday, July 20, 2008 4:33 PM
> To: 'me@abegetchell.com'; 'Thor (Hammer of God)'; 'Johan Beisser'
> Cc: bugtraq@securityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> It's about reality & priorities.
>
On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
> I could only imagine. The other problem is that many people seem to think I'm saying something against the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist). They don't seem to get the clear distinction (to me) between the Chinese people and China's network. It's the machines I'm concerned with the attacks coming from those machine. Just because the machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against the machines. However, that unfortunately comes across to those who choose not to think it through as me saying something against the Chinese themselves.
>
> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational, and to have something to rail about. In the face of the reality of China's horribly infected network, when I suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice and a racist.
The Chinese network is indeed very infected, which in turn causes the
rest of the world great computerized harm. Nobody disputes this.
The solution of blocking China, however, is one which harms both people
outside of China, as well as those inside of China. Therefore, it
101555
*****************************************************************
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Friday, November 02, 2007 1:19 AM
To: Roger A. Grimes; bugtraq@securityfocus.com;
full-disclosure@lists.grok.org.uk
Cc: Alex Eckelberry; Gadi Evron
Subject: RE: mac trojan in-the-wild
Frankly, I like that someone has taken the time to do the numbers and produce the data; even if I can't use it the way I'd prefer.
Jim
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Friday, January 15, 2010 10:05 AM
To: Gadi Evron
Cc: bugtraq@securityfocus.com
Subject: RE: All China, All The Time
> -----Original Message-----
> From: iarethebest@gmail.com [mailto:iarethebest@gmail.com] On
> Behalf Of adam
> Sent: Thursday, September 15, 2011 11:26 PM
> To: Thor (Hammer of God)
> Cc: security@acrossecurity.com; Christian Sciberras;
> full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: Re: [Full-disclosure] Microsoft's Binary Planting
> Clean-Up Mission
>
>
>> -----Original Message-----
>> From: iarethebest@gmail.com [mailto:iarethebest@gmail.com] On
>> Behalf Of adam
>> Sent: Thursday, September 15, 2011 11:26 PM
>> To: Thor (Hammer of God)
>> Cc: security@acrossecurity.com; Christian Sciberras;
>
>> full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>
>> Subject: Re: [Full-disclosure] Microsoft's Binary Planting
t
> -----Original Message-----
> From: Thor (Hammer of God)
> Sent: Wednesday, January 16, 2008 2:20 PM
> To: 'GomoR'
> Cc: bugtraq@securityfocus.com
> Subject: RE: Country by Country ISA Computer Sets
>
It's a fair bet that any SMTP connection attempts that fail to agree with your MX record are "less than trustworthy".
Jim
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: Saturday, January 19, 2008 10:41 AM
To: bugtraq@securityfocus.com
Subject: RE: Country by Country ISA Computer Sets
There is nothing irrational about identifying the source of unwanted
Discovered by:
Timothy "Thor" Mullen
Testing by Steve "Raging Haggis" Moffat, Hammer of God, Bermuda Labs
Product: Easy File Sharing Web Server, current versions, default installation
Vendor: http://www.sharing-file.com/
Vendor Notification and Disclosure:
-----Original Message-----
From: "pdp (architect)" <pdp.gnucitizen@googlemail.com>
Date: Thu, 11 Oct 2007 01:17:16
To:"Thor (Hammer of God)" <thor@hammerofgod.com>
Cc:full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
Thor, with no disrespect but you are wrong. Security in depth does not
t
>-----Original Message-----
>From: Jim Harrison [mailto:Jim@isatools.org]
>Sent: Tuesday, March 20, 2012 1:28 PM
>To: Thor (Hammer of God); 'bugtraq@securityfocus.com'
>Subject: RE: Regarding MS12-020
>
>Gee, Tim - someone might think you had an axe to grind <ducks swinging
>keyboard>...
>I know; Thor has a hammer, but it still works (barely).
more security, get appv/medv/whateverv or other virtualization.
It's not a security platform. It's a get the stupid 16 bit line of
business app working platform.
Thor (Hammer of God) wrote:
> P.S.
>
> Anyone check to see if the default "XP Mode" VM you get for free with Win7 hyperv is vulnerable and what the implications are for a host running an XP vm that get's DoS'd are?
>
> I get the whole "XP code to too old to care" bit, but it seems odd to take that "old code" and re-market it around compatibility and re-distribute it with free downloads for Win7 while saying "we won't patch old code."
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 8:21 AM
> To: Thor (Hammer of God); Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> I agree that the FAQ explanation in the advisory is vague about what
> protection the firewall provides. One clue I would infer about it is
t
> -----Original Message-----
> From: GomoR [mailto:bt@gomor.org]
> Sent: Wednesday, January 16, 2008 1:54 PM
> To: Thor (Hammer of God)
> Cc: bugtraq@securityfocus.com
> Subject: Re: Country by Country ISA Computer Sets
>
> On Mon, Jan 14, 2008 at 02:20:50PM -0800, Thor (Hammer of God) wrote:
> [..]
-----Original Message-----
From: kattrap@gmail.com [mailto:kattrap@gmail.com] On Behalf Of Andrea Lee
Sent: Monday, December 13, 2010 2:12 PM
To: Thor (Hammer of God)
Cc: George Carlson; bugtraq@securityfocus.com;
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
as Cached Domain Admin Accounts (2010-M$-002)
> -----Original Message-----
> From: Roger A. Grimes [mailto:roger@banneretcs.com]
> Sent: Thursday, November 01, 2007 5:37 PM
> To: Alex Eckelberry; Thor (Hammer of God); Gadi Evron;
> bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
> Subject: RE: mac trojan in-the-wild
>
> Actually, on that same note, I recently did an analysis of the last
> three years of published Windows vulnerabilities.
>
>
> -----Original Message-----
> From: kattrap@gmail.com [mailto:kattrap@gmail.com] On Behalf Of Andrea Lee
> Sent: Monday, December 13, 2010 2:12 PM
> To: Thor (Hammer of God)
> Cc: George Carlson; bugtraq@securityfocus.com;
> full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
> Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
> as Cached Domain Admin Accounts (2010-M$-002)
This isn’t a security issue its a privacy issue.
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: 03 December 2009 22:27
To: bugtraq@securityfocus.com
Subject: RE: Millions of PDF invisibly embedded with your internal disk
paths
(Fixing rejected post)
> -----Original Message-----
> From: full-disclosure-bounces@lists.grok.org.uk
> [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf
> Of Thor (Hammer of God)
> Sent: Thursday, September 15, 2011 10:59 PM
> To: security@acrossecurity.com; 'ChristianSciberras'
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: Re: [Full-disclosure] Microsoft's Binary Planting
> Clean-Up Mission
t
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
> Sent: Wednesday, September 16, 2009 10:16 AM
> To: Thor (Hammer of God)
> Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> It's XP. Running in RDP mode. It's got IE6, and wants antivirus. Of
> course it's vulnerable to any and all gobs of stuff out there. But
Jim
-----Original Message-----
From: Abe Getchell [mailto:me@abegetchell.com]
Sent: Sunday, July 20, 2008 12:32 PM
To: 'Thor (Hammer of God)'; Jim Harrison; 'Johan Beisser'
Cc: bugtraq@securityfocus.com
Subject: RE: Windows Vista Power Management & Local Security Policy
So, you guys don't think it's an issue that power management in Vista
(apparently) has a pass to bypass local security policy?
Next Page>>
|
