From Bernd.Lehle@RUS.Uni-Stuttgart.DE Sat Sep 14 14:24:22 1996 Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id OAA14713 for ; Sat, 14 Sep 1996 14:23:35 +1000 From: Bernd.Lehle@RUS.Uni-Stuttgart.DE Received: from bitcom.ch ([193.192.228.9]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id TAA02619 for ; Fri, 13 Sep 1996 19:21:52 -0700 (PDT) Date: Fri, 13 Sep 1996 19:21:52 -0700 (PDT) Message-Id: <199609140221.TAA02619@pdx1.world.net> Received: from [193.192.228.39] by bitcom.ch (SMTPD32-3.00) id A6C39AB0264; Sat Sep 14 04:21:55 1996 Received: by scout.net (Amiga SMTPpost 1.04 December 9, 1994) id AA01; Sat, 14 Sep 96 04:21:56 CET ity@suburbia.net> archive/latest/353 X-Loop: best-of-security@suburbia.net Precedence: list Resent-Sender: best-of-security-request@suburbia.net Subject: BoS: Attacks against NetBIOS via TCP/IP To: BUGTRAQ@NETSPACE.ORG, best-of-security@suburbia.net Organization: The Global ScoutNet Organization Hi there, after a talk with our PC/Intel guy at the Computer Center about what's goig on right now with the PCs in our network I came to the following alarming idea: not seem to be very tempting to hack a Windows PC, but on the shared disks of Windows PCs in University offices there is often im- portant data like grades or similar. Does anybody have experience with problems, attacks or defences for this kind of setup ? We're trying to consider this problem in detail soon, but first we have to arrange a meeting with the PC guys and the (heavily UNIX-inclined) security guys :-) -- > Bernd Lehle - Stuttgart University Computer Center * A supercomputer < > Visualization / Security / Astrophysics * is a machine < eived: from [193.192.228.39] by bitcom.ch (SMTPD32-3.00) id A5F326902A6; Sat Sep 14 03:10:11 1996 Received: by scout.net (Amiga SMTPpost 1.04 December 9, 1994) id AA01; Sat, 14 Sep 96 03:10:16 CET ct: ISS has been developing the technology for real-time attack recognition and response (RealSecure) for over twelve months. In collabaration with our customers, universities, and our partners, ISS has undertaken a significant investment in time and resources to deliver a comprehensive tool to detect numerous kinds of attacks, only one of which is the SYN d the (heavily UNIX-inclined) >security guys :-) > >-- >> Bernd Lehle - Stuttgart University Computer Center * A supercomputer < >> Visualization / Security / Astrophysics * is a machine < >> lehle@rus.uni-stuttgart.de Tel:+49-711-685-5531 * that runs an < >> http://www.tat.physik.uni-tuebingen.de/~lehle * endless loop < >> pgp? -> finger bernd@visbl.rus.uni-stuttgart.de * in 2 seconds < > > > >From dsaxer Sat, 14 Sep 96 03:58:23 CET remote from scout.net Received: from pdx1.world.net by scout.net (AmigaSMTPd 0.69 Dec 9, 1994) wn submissions will be returned. This is an automated subscription mechanism. For your verification, a transcript of the original subscription request is included below. If the wrong address has been subscribed and you seem to be unable to fix it yourself, reply to this message now (quoting it entirely (for diagnostic purposes), and of course adding any comments you see fit). -- >From Tiago.Franco@Scout.Net Fri Sep 13 07:15:33 1996 >Received: from tpone.telepac.pt (tpone.telepac.pt [194.65.3.20]) by suburbia.net (8.7.4/Proff-950810) with SMTP id HAA12706 for ; Fri, 13 Sep 1996 07:15:13 +1000 d.net by scout.net (AmigaSMTPd 0.69 Dec 9, 1994) with SMTP; Sat, 14 Sep 96 03:58:27 CET Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with ESMTP id OAA27166 for ; Thu, 12 Sep 1996 14:15:52 -0700 (PDT) From: best-of-security-request@suburbia.net Received: (list@localhost) by suburbia.net (8.7.4/Proff-950810) id HAA12743 for Tiago.Franco@Scout.Net; Fri, 13 Sep 1996 07:15:37 +1000 Date: Fri, 13 Sep 1996 07:15:37 +1000 Message-Id: <199609122115.HAA12743@suburbia.net> References: <3238EDCB.5D17@Scout.Net> lted in dramatically high load averages and a frightening increase in core entropy. Further, the number, names and locations of required datum seemed to change on an almost daily basis; requiring tedious version control on the part of the mental maintainer. OVERVIEW --------- Best-of-Security is at presently moderated randomly based on a cryptographically secure RNG. Bizarre? Sound strange given our stated purpose of massive entropy reduction? Because best often equates with "vital" and the moderator doesn't have an MDA habit it n best-of-security, mail the info to the list! Even if it is a widely deployed piece of information such as a CERT advisory the proceeding argument still applies. If the information hasn't appeared on this list yet, then SEND IT. It is far better to run the risk of minor duplication in exchange for having the information out where it is needed than act conservatively about occasional doubling up on content. We do, of course take original posts. In the famous last words of Marylin Munroe, CORE Digest and Joachim Kroll: "meat, we want meat". s such as Blond jokes. those on the ethics of full NEW or hard to obtain security disclosure or computer hackers. documents (ascii), or pointers to Quotes from the Uliad. the location of such documents/papers. Old or otherwise well known Announcements of new security archives information or pointers to or mailinglists. that information. Human language translations of the above. Messages under 700 bytes. SUBSCRIBING ting with a '#' are ignored. Multiple commands per mail are allowed. Setting maxfiles to zero will remove the limit (to protect you against yourself no more than maxfiles files will be returned per request). Egrep supports most common flags. Examples: ls latest (the latest directory containes the archived messages) get latest/12 egrep some.word latest/* TECHNICAL --------- The list processor software is based on the excellent Procmail/Smartlist by Stephen R. van den Berg with some minor extensions by Julian Assange . -- "I mean, after all; you have to consider we're only made out of dust. That's admittedly not much to go on and we shouldn't forget that. But even considering, I mean it's sort of a bad beginning, we're not doing too bad. So I personally have faith that even in this lousy situation we're faced with we can make it. You get me?" - Leo Burlero/PKD +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+