Security Basics (basics) Mailing List

RE: DNS flaw for home users...

Thu, 24 Jul 2008 13:42:44 +1000

Posted by Murda Mcloud on Jul 24

Bit of searching netted me this on Kaminsky's site:

http://www.doxpara.com/
Click on the DNS checker.
Also here:
https://www.dns-oarc.net/

the second one gives pretty graphs.

> >-----Original Message-----
> >From: Murda Mcloud [mailto:murdamcloud_at_bigpond.com]
>...

DNS flaw for home users...

Thu, 24 Jul 2008 11:16:20 +1000

Posted by Murda Mcloud on Jul 24

With all the brouhaha surrounding the DNS flaw that Dan Kaminsky has hinted
at and others have 'accidentally' disclosed or stumbled upon, what kind of
advice would you be giving to home users?

Obviously the whole push is towards patching and trying to do that before
the evil ones work out how...

Firefox GPO Restrictions

Wed, 23 Jul 2008 15:45:54 -0400

Posted by Lafosse Ricardo on Jul 23

Hello all,

I am working on restricting user options in Firefox via GPO; however all
the Firefox ADM templates that I have utilized have not worked. These
templates include: wetdog, firefoxadm (from sourceforge), and firefoxadm
(from frontmotion). The users are using Firefox 2.0.0.16. Any
...

RE: College Courses for Info Sec or Certificates or Both?

Wed, 23 Jul 2008 10:54:00 -0500

Posted by William Mohney on Jul 23

Here is the bottom line information related to experience for the
various certs from ISC2

https://www.isc2.org/cgi-bin/content.cgi?category=1187

Bill

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of Krzyston,...

netqmail-1.06 CNAME_lookup_failed_temporarily._(4.4.3)

Thu, 24 Jul 2008 11:03:54 +0200

Posted by razi garbie on Jul 24

Hi list,

In my send log i keep getting CNAME_lookup_failed_temporarily for a
particular domain.

2008-07-24 08:56:20.409984500 info msg 3670583: bytes 1022 from
<me_at_mydomain.com> qp 5699 uid 64011
2008-07-24 08:56:20.522038500 starting delivery 92112: msg 3670583 to
remote...

RE: How to run a non proxy enabled application through a proxy?

Thu, 24 Jul 2008 13:09:51 +1000

Posted by Troy Robinson on Jul 24

Depending on the application, you may find proxychains another useful tool.

http://proxychains.sourceforge.net/

You configure proxychains.conf with the proxy server details as needed, then
you can execute the application through proxychains:

To run an nmap scan
proxychains nmap -P0 host -p...

Re: Nmap questions for the experts

Wed, 23 Jul 2008 11:40:53 -0500

Posted by Javier Reyna Padilla on Jul 23

Just few comments:

Javier Reyna

mark mark wrote:
> Hi,
>
> I have some questions regarding nmap. I'm not sure if this is the
> proper list, i just searched google and found some people asking
> nmap-related questions here. Anyway, here are my questions:
>
>
> 1....

Re: College Courses for Info Sec or Certificates or Both?

Wed, 23 Jul 2008 10:14:09 -0600

Posted by Patrick J Kobly on Jul 23

Not quite... Certification requirements have changed a bit in the last
year... Check out
https://www.isc2.org/cgi-bin/content.cgi?category=1187. The requirement
for the endorser also changed to require an (ISC)^2 member (any of their
certs) to endorse your application. (You used to be...

Re: Checkpoint or other Solution required

Wed, 23 Jul 2008 11:32:55 -0500

Posted by Javier Reyna Padilla on Jul 23

You can check e-mail content using smtp-resources, but this is not a
solution for inspecting a large volume of messages, your FW will be
overloaded for sure.You can check email content usin an IPS such as ISS
Proventía, snort_inline, tipping point, an antispam sucha as barracuda
spam...

Re: Call cabins with VoIP

Tue, 22 Jul 2008 20:38:07 -0600

Posted by Shawn Merdinger on Jul 22

Hola Diego,

If the cabins are within wifi reach of each other, you might look into
doing a mesh network with Linksys WRT-54G routers running Sveasoft in
WDS mode. Then you can place a router in each cabin with a VoIP phone
or an ATA adapter and regular phone. Off the main router you have a
...

RE: College Courses for Info Sec or Certificates or Both?

Wed, 23 Jul 2008 09:52:07 -0500

Posted by Brandon Louder on Jul 23

That is correct. 5 years experience in 1 of the 10 domains or 4 years
and the Security+.

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of Krzyston, Randy
Sent: Tuesday, July 22, 2008 10:38 AM
To:...

Nmap questions for the experts

Wed, 23 Jul 2008 11:56:43 +0400

Posted by mark mark on Jul 23

Hi,

I have some questions regarding nmap. I'm not sure if this is the
proper list, i just searched google and found some people asking
nmap-related questions here. Anyway, here are my questions:

1. Is there any way I can specify two different source port for nmap's
-g when doing a TCP and...

Re: Online Incident Response Management

Tue, 22 Jul 2008 22:02:53 -0400

Posted by Deepak Parashar on Jul 22

would recommend to go with ISS.

-Deepak

On Tue, Jul 22, 2008 at 9:21 AM, Ramki B Ramakrishnan <bramkie_at_gmail.com> wrote:
> You can also look at Cisco Systems MARS, it has case management.
>
> http://www.cisco.com/go/mars
>
> Ramki
> -----
> Ramki B....

Re: College Courses for Info Sec or Certificates or Both?

Tue, 22 Jul 2008 16:22:56 -0400

Posted by Chuck Taylor on Jul 22

Phil,

I think you should definitely go for your 4 year degree. The 4 year
degree is starting to become the minimum standard. I am not saying that
you cannot be successful without it, just saying that it is definitely
something employers look for. Not to mention that getting a 4 year
...

basic question about authentification

Tue, 22 Jul 2008 19:03:50 +0200

Posted by Yvon Thoraval on Jul 22

Hey all,

new to ssh and scp I'm doing files upload|download from a personal
computer to an handheld mobile phone.
on the computer side i'm using OpenSSH as installed by Apple Mac OS X 10.4.11.
on the other, an e2831 phone named "Twin-Tact" running QTopia, I've
installed by myself...