Article Comments for Steve Manzuik

CyberCop 5.5

Anonymous User — Mon, 04 Jul 2005 09:05:14 GMT

Anonymous User
Mon, 04 Jul 2005 09:05:14 GMT
very impressive software, complete with 3d rotating pictures of network topology objects. even tells me my windows box that runs IIS has an apache vulnerability. Can accurately detect 100% of false positives. Heh, i can even use this to rip off clients and charge $1000 for a pen test, and put all those legit highly skilled pen testers out of business.

CyberCop 5.5

Anonymous User — Thu, 04 Nov 2004 20:35:26 GMT

Anonymous User
Thu, 04 Nov 2004 20:35:26 GMT
I’m waiting until my Pentium 100MHz system with 64MB of RAM and 48MB of hard disk space gets shipped from Gateway.

CyberCop 5.5

Anonymous User — Sun, 31 Oct 2004 10:59:07 GMT

Anonymous User
Sun, 31 Oct 2004 10:59:07 GMT
Heh... 4 years later some anonymous wienie says "not good" Shut up, loser. Your 8 character contribution is worthless... only slightly less than this one.

CyberCop 5.5

Anonymous User — Thu, 28 Oct 2004 01:57:40 GMT

Anonymous User
Thu, 28 Oct 2004 01:57:40 GMT
not good

CA Inoculate IT for Exchange Can Be Bypassed

Anonymous User — Mon, 25 Oct 2004 19:49:08 GMT

Anonymous User
Mon, 25 Oct 2004 19:49:08 GMT
is perfect

CA Inoculate IT for Exchange Can Be Bypassed

Anonymous User — Mon, 25 Oct 2004 19:49:08 GMT

Anonymous User
Mon, 25 Oct 2004 19:49:08 GMT
is perfect

AOL Instant Messenger May Run Java or VBScript

Richard E Turner — Mon, 26 Apr 2004 19:42:39 GMT

Richard E Turner
Mon, 26 Apr 2004 19:42:39 GMT
I am told I need to get onto aol’s Java, have you taken care of the problem? There is no sense getting onto it if its nothing but trouble. And which Java does this computer need, there are so many different names.

Outlook Express and Internet Explorer 5.5 Can Allow Local Files to be Read

Bradley Dick — Fri, 22 Jun 2001 09:22:10 GMT

Bradley Dick
Fri, 22 Jun 2001 09:22:10 GMT

Try using 2 pages....
I was going to post but not sure about Microsoft’s Policy’s Email me for code. Page1 test.asp
Page2 test1.asp
this code works. The thing is why even now does microsoft not have a fix. This works on all version of ie5.0 and 5.5 regardless of service packs or service packs on windows 2000

CA Inoculate IT for Exchange Can Be Bypassed

kjt — Thu, 22 Feb 2001 14:34:28 GMT

kjt
Thu, 22 Feb 2001 14:34:28 GMT
fyi, CA has released a patch. http://support.ca.com/Download/patches/ilitnt/LO86959.html

Vulnerability in Multiple SSH Implementations

C. Wilcox — Tue, 13 Feb 2001 15:45:16 GMT

C. Wilcox
Tue, 13 Feb 2001 15:45:16 GMT
The Core SDI announcement and Razor page say only OpenBSD *prior to* 2.3.0 is vulnerable

ATT Labs VNC Vulnerable To Attack

lurker — Thu, 01 Feb 2001 14:16:33 GMT

lurker
Thu, 01 Feb 2001 14:16:33 GMT
Not a lot of info here - is this some newly discovered vulnerability? It’s pretty well documented in the VNC FAQ that this is possible. Are there now known middle-player tools or attack strategies or is this just a warning to underline already known design limitations?

ATT Labs VNC Vulnerable To Attack

Chris Arsenault — Fri, 26 Jan 2001 18:24:50 GMT

Chris Arsenault
Fri, 26 Jan 2001 18:24:50 GMT
If WINVNC is used correctly and secured correctly it is safer than most products on the market. VNC’s website offers customizations that allow to be extremely secure even with no encryption on a private/internal network. First off, Install VNC using the default install and then install it as a service (On all 95, 98, NT, 2000 machines). Follow the directions on the VNC website to secure the listening server using the following. Authhosts registry setting. This allows the listening server to only accept connections from a specific IP address or IP address range Accept/Deny Query registry setting This allows the listening server to display an Accept or Deny message to the user/machine one is trying to control Instruct the person sitting on the listening end that an agreement should be made prior to initiating any remote control session either by phone or communicate that the session will occur at a specific time. Come up with a stragedy to keep unauthorized remote control from occuring. Have the person on the listening end change the password frequently. Typically a legit. support call will be initiate with a phone call. At that time a support person can instruct the user to change the password. Install Intrusion Detection Software to monitor any IP’s which maybe trying to listen in or attack a particular individual. Following the above steps will ensure security in using VNC as an open source package for performing essential remote support. Please contact if you would like the above formalized Chris Arsenault, MCP chrisamcp@hotmail.com Network Administrator Houston, TX

LocalWeb 2000 Vulnerable to Directory Traversal

Phil Curnow — Mon, 22 Jan 2001 15:39:17 GMT

Phil Curnow
Mon, 22 Jan 2001 15:39:17 GMT
I am the author of LocalWEB2000, and I am sending a message to let you know that I have now fixed this problem. I will be releasing Version 1.1.1 in a couple of days that addresses this issue and a couple of other minor bugs. I am really grateful for the time that has been taken to find this problem and to report it to me and make the net user community aware of this problem. As I say version 1.1.1 should be available in the next couple of days. Kind Regards Phil Curnow Author - LocalWEB2000

Microsoft NetMeeting Desktop Sharing Vulnerable to DoS Attack

James E. Recer — Wed, 27 Dec 2000 10:45:17 GMT

James E. Recer
Wed, 27 Dec 2000 10:45:17 GMT
The link for the download takes me to a blank page.

Thanks for bringing this to our attention James! We’ve updated the page with a link to MS00-077, which contains links to Microsoft’s official patches.
Mark Joseph Edwards, News Editor

Multiple Command Line SMTP Mailers Contain Vulnerabilities

sam — Thu, 14 Dec 2000 18:02:39 GMT

sam
Thu, 14 Dec 2000 18:02:39 GMT
I know of at least two of your mentioned programs (Blat and SendMail) that have been come very upset that you are trying to make the ’scare’ factor of this article worse by pretending no vendor responded to this exploit. Perhaps you should have waited more than a few minutes before saying that no one responded.... Sam

IPSwitch IMail Server Vulnerable to DoS Attack

David Schmidt — Wed, 13 Dec 2000 13:22:10 GMT

David Schmidt
Wed, 13 Dec 2000 13:22:10 GMT
A patch was posted by IPSwitch on December 12/2000 See ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/IM605HF2.exe

WinU Contains Backdoor Passwords

Alan Holmes — Tue, 24 Oct 2000 07:10:59 GMT

Alan Holmes
Tue, 24 Oct 2000 07:10:59 GMT
Bardon released an upgrade to WinU which removes the backdoor passwords. Version 5.2 of WinU and version 2.7 of Full Control fixes the backdoor passwords. The upgrade is free if you have 5.x of WinU already. If you’re running an earlier version, better hope you have an active maintenence plan with Bardon. Everything is explained on their website. http://www.bardon.com

Wingate Server Exposes Log Files

SilverSandStorm — Wed, 18 Oct 2000 10:09:59 GMT

SilverSandStorm
Wed, 18 Oct 2000 10:09:59 GMT
A good article, with a couple of flaws. 1. The title...it should be Wingate Server allows remote user to view files on server. 2. What is the vulnerability exactly ? Looking at the code all I see is the user is connecting to port 8010 and requesting the filename... rather a GET /path/file. Note (for a path of /test/dog.cgi, this will do a GET //test/dog.cgi. Havi I missed something here ?

Please see the vendor’s response to this issue.
Thanks, Mark J. Edwards, News Editor

Win9x and Me Allow Access to Shares Without Password

Enrique — Thu, 12 Oct 2000 14:09:29 GMT

Enrique
Thu, 12 Oct 2000 14:09:29 GMT
These links give me this error: "Directory Listing Denied".

Thanks for the notice--we’ve corrected the download URLs!
Mark J. Edwards

Directory Listings can be Obtained From Microsoft IIS Server

mark — Thu, 12 Oct 2000 08:40:50 GMT

mark
Thu, 12 Oct 2000 08:40:50 GMT
Your link to Microsoft is incorrect.

Thanks, we’ve corrected the link!

Mark J. Edwards

Outlook Express and Internet Explorer 5.5 Can Allow Local Files to be Read

Kirk Schafer — Fri, 29 Sep 2000 14:23:48 GMT

Kirk Schafer
Fri, 29 Sep 2000 14:23:48 GMT
The code you specified on this page contains several errors, and in fact never appears in the browser window because it causes a debug error. Following is a corrected, and functional, version of the code. I’ll let you figure out how to display it on your page. alert("This will read C:\\Test.TXT\\, you may have to create it"); a= GetObject("c:\\test.txt","htmlfile"); setTimeout("alert(a.body.innerText);",2000); Kirk

Outlook Express and Internet Explorer 5.5 Can Allow Local Files to be Read

Rob Campbell — Thu, 28 Sep 2000 20:44:29 GMT

Rob Campbell
Thu, 28 Sep 2000 20:44:29 GMT
Another workaround is to set "Script ActiveX controls marked safe for scripting" to disable for the zone. With that set, files cannot be read regardless of the Active Scripting setting.

EServ 2.92 Is Vulnerable To A DoS Attack

Andrey Cherezov — Wed, 27 Sep 2000 23:52:17 GMT

Andrey Cherezov
Wed, 27 Sep 2000 23:52:17 GMT
Eserv/2.93 beta (ftp://ftp.eserv.ru/pub/Eserv2999.zip) released a month ago (23 Aug 2000) does not contain this bug. You can check.