INFO-VAX Tue, 29 Apr 2008 Volume 2008 : Issue 239 Contents: HCL Notebook Model No: Y2002 Re: scripting a telnet session to VMS Re: scripting a telnet session to VMS Re: ssh hostkey file location VMS Audio Update - Episode #19 - Special "Endeavour" Edition (Part 3/4) 3/4)3/4) ---------------------------------------------------------------------- Date: Tue, 29 Apr 2008 00:11:56 -0700 (PDT) From: santoshanmsoft@gmail.com Subject: HCL Notebook Model No: Y2002 Message-ID: Features: * Model: Y2002 * Platform: AMD * CPU: Turion TL-50 * RAM: 512 MB * HDD: 120 GB * Screen: 15.4 Wide * ODD: DVD Super Multi * Operating System: Vista Home Basic * Features: Vista, Camera Bluetooth, Dual Core Turion Warranty: 1 Year Manufacturer Warranty For more information please visit =96 http://homeshop18.com/shop/faces/tiles/product.jsp?productID=3D17163&catalog= ueID=3D2&categoryID=3D920 ------------------------------ Date: Tue, 29 Apr 2008 11:51:31 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: scripting a telnet session to VMS Message-ID: In article <48167c60$0$90268$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >david20@alpha2.mdx.ac.uk wrote: >> In article <4814d72c$0$90263$14726298@news.sunsite.dk>, =?ISO-8859-1?Q?Arne_Vajh=F8j?= writes: >>> That is not hacking unless the malware is targeted against a >>> specific PC. >>> >> I've seen tons of desktop "classroom" PCs which were infected with backdoor >> programs by students so that they could show off by ejecting the CD or >> controlling the machine in some otherway remotely. These were definitely >> targeted at the machines in those particular classrooms and used programs such >> as B02K, Sub7 etc etc > >But if the students has been granted access to the systems, then >it is still not hacking. > If it requires them to escalate their privileges through a local vulnerability in order to install the backdoor program then they hacked the system. >> From a hacker perspective installing a RAT on a user's PC and recording his >> keystrokes whilst he logs in through the company firewall would definitely >> be a better option than directly attacking the firewall. > >Absolutely. > >I just think it is very rare that the malware gets installed via >hacking. > >Sending them an email with "click on this EXE to see a nude picture >of xxxxxxxxxx" seems to be the preferred way. > Which is a form of hacking - though unless the user has privileges or the code run can make use of a privilege escalation vulnerability it won't compromise the whole machine but just that user's account. Unfortunately many Desktop/Laptop PC users habitually login to their PCs with Admin or Admin equivalent privileged accounts. >>> >>> It is definitely possible. But it just never seems to happen in >>> real life. >>> >> Just because you haven't heard of it happening does mean that it never >> happens. > >True. > >But we hear daily about virus infections etc.. > >If one hear about 1000 cases of A and 0 cases of B over a year >it is rather obvious to conclude that A is much more frequent than B. > >It does not mean that B can not happen. > >> There have also been a number of cases where after a court case involving >> pornography the defendent has been declared innocent since the computer >> involved had backdoor programs installed on it which could have been used to >> plant the pictures. >> >> "A landmark trial recently found that illegal pornography had been placed on an >> innocent man's computer by a trojan program..." > >trojan != hacking > > Here we will have to disagree. Targetting a user with a trojan is a classic hacking method. >There are millions of PC's infected with all kinds of malware. > And that somehow means those systems aren't vulnerable to hacking ??? David Webb Security team leader CCSS Middlesex University >Arne ------------------------------ Date: Tue, 29 Apr 2008 06:51:55 -0700 (PDT) From: AEF Subject: Re: scripting a telnet session to VMS Message-ID: <95f534b5-90c7-4eef-9e4c-bd3e4deba2f8@a70g2000hsh.googlegroups.com> On Apr 28, 9:39 pm, Arne Vajh=F8j wrote: > davi...@alpha2.mdx.ac.uk wrote: > > In article <4814d72c$0$90263$14726...@news.sunsite.dk>, =3D?ISO-8859-1?Q= ?Arne_Vajh=3DF8j?=3D writes: > >> That is not hacking unless the malware is targeted against a > >> specific PC. > > > I've seen tons of desktop "classroom" PCs which were infected with backd= oor > > programs by students so that they could show off by ejecting the CD or > > controlling the machine in some otherway remotely. These were definitely= > > targeted at the machines in those particular classrooms and used program= s such > > as B02K, Sub7 etc etc > > But if the students has been granted access to the systems, then > it is still not hacking. > > > From a hacker perspective installing a RAT on a user's PC and recording = his > > keystrokes whilst he logs in through the company firewall would definite= ly > > be a better option than directly attacking the firewall. > > Absolutely. > > I just think it is very rare that the malware gets installed via > hacking. > > Sending them an email with "click on this EXE to see a nude picture > of xxxxxxxxxx" seems to be the preferred way. > > > > >> It is definitely possible. But it just never seems to happen in > >> real life. > > > Just because you haven't heard of it happening does mean that it never > > happens. > > True. > > But we hear daily about virus infections etc.. > > If one hear about 1000 cases of A and 0 cases of B over a year > it is rather obvious to conclude that A is much more frequent than B. > > It does not mean that B can not happen. > > > There have also been a number of cases where after a court case involvin= g > > pornography the defendent has been declared innocent since the computer > > involved had backdoor programs installed on it which could have been use= d to > > plant the pictures. > > > "A landmark trial recently found that illegal pornography had been place= d on an > > innocent man's computer by a trojan program..." > > trojan !=3D hacking > > There are millions of PC's infected with all kinds of malware. > > Arne Well then what does constitute hacking? I've heard of PC's (yes, desktop PC's -- I'm talking about PC's in users homes by ordinary people) being taken over to distribute all kinds of malware, to record keystrokes, spyware installs, stealing financial information, distribute spam. What the hell constitutes hacking in your mind? Does the PC have to literally explode and burn down the user's house? AEF ------------------------------ Date: Tue, 29 Apr 2008 09:38:57 +0100 From: Anton Shterenlikht Subject: Re: ssh hostkey file location Message-ID: <20080429083857.GA99498@mech-aslap33.men.bris.ac.uk> On Mon, Apr 28, 2008 at 04:30:00PM +0000, Rob Brown wrote: > On Mon, 28 Apr 2008, Anton Shterenlikht wrote: > > >On Mon, Apr 28, 2008 at 08:41:49AM -0500, Steven M. Schweda wrote: > >>From: Anton Shterenlikht > >> > >>>How can I find the SSH2 hostkey of a VMS node, i.e. the one that > >>>is being copied to known_hosts when you first connect? > > Or were you logged into an account who's default device was a rooted > logical, such as SYSTEM? (Duffy's target audience was probably not > "new users who are logged in as SYSTEM". ;-) ) When a rooted logical > is used as the device specifier, file system searches do not extend > beyond the domain of the rooted logical. Oh.. I didn't know this. This is my case indeed. I'm logged in as SYSTEM and the mentioned logicals are: $ show logical sys$sysdevice "SYS$SYSDEVICE" = "$1$DGA1:" (LNM$SYSTEM_TABLE) $ show logical sys$sysroot "SYS$SYSROOT" = "$1$DGA1:[SYS1.]" (LNM$SYSTEM_TABLE) = "SYS$COMMON:" 1 "SYS$COMMON" = "$1$DGA1:[SYS1.SYSCOMMON.]" (LNM$SYSTEM_TABLE) $ many thanks -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423 ------------------------------ Date: Tue, 29 Apr 2008 05:02:36 -0700 (PDT) From: IanMiller Subject: VMS Audio Update - Episode #19 - Special "Endeavour" Edition (Part 3/4) 3/4)3/4) Message-ID: This episode contains the third part of an interview with Nina Buik, President of Encompass, and various bootcamp presenters talk about their sessions. Part one of the interview was in VAU #17 and part two was in VAU #18 http://www.openvms.org/stories.php?story=08/04/29/9711409 ------------------------------ End of INFO-VAX 2008.239 ************************