Hi.
Seth Woolley wrote:
Disclaimer:
I (Seth) am not a php expert, and I don't run this code, so I haven't
tested the vendor-provided patch yet, although I assume the vendor has.
Be advised.
I tested the patch against the current release version of wordpress
(v0.71). Although I couldn't notice
-BEGIN PGP SIGNED MESSAGE-
Richard M. Smith wrote:
I have posted a copy of the Hamilton v. Microsoft law
suit complaint on my Web site:
http://www.computerbytesman.com/security/hamilton_v_microsoft_complaint.htm
This Reuters story provides background on this proposed
class
On Thu, Oct 02, 2003 at 02:21:21PM +0200, Feher Tamas wrote:
My idea to solve the above dilemma is: why not implement a system for
industry-wide virus identification, called Virus Name System (VNS),
somewhat similar in its nature to the distributed Domain Name System
(DNS) of the Internet.
http://www.halflife2.net/forums/showthread.php?s=e6e7d0ce0abe19997425ef50fa7fe1dfthreadid=10692
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://pivx.com/larholm/unpatched - 31 Unpatched IE Security Vulnerabilities
___
On Fri, 3 Oct 2003, Jeroen Massar wrote:
Quite offtopic. But what I still wonder is why the heck one
isn't allowed to do business and become large.
It's the monopoly that so many of us have a problem with. Leveraging
dominance in one market to gain control of another. Many large companies
OK, M$ has been reported to have modified the EULA and export license
agreement :
The SOFTWARE is intended for distribution only in the United States
(Excluding California), its territories and possessions (including Puerto
Rico, Guam, and U.S. Virgin Islands), and Canada. Export of the SOFTWARE
The fact that they have at least two former NSA personnel in the ranks of
senior technical management should be all the tip-off that anyone would need.
Are you kidding? Former NSA tech folks are a dime a dozen. I work with
half a dozen of them at FedEx.
Psst: It would've been funnier if you
Schmehl, Paul L wrote:
snip
I'm not going to disagree with this at all, however I would point out
that standards are one thing, implementation entirely another. It's
nice to have standards that provide guidance in security structuring,
but without the tools to implement those guidelines,
Following on the heels of the very good looking microsoft security patch
worm, i am now in posession of an even more convincing Ebay Request to
reconfirm your credit card number, PayPal account, password, etc. This
appears to be an excellent fake and we can expect many people to be
-Original Message-
From: Jeroen Massar [mailto:[EMAIL PROTECTED]
Sent: Friday, October 03, 2003 5:16 AM
To: 'Richard M. Smith'; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] OT: Hamilton v. Microsoft
lawsuit complaint is now online
Quite offtopic. But what I still wonder is
As it is now posted on easynews.com, not the best idea really as posts are
defo logged by them ref. recent FBI tracking cases of viruses etc
RF
-Original Message-
From: Thor Larholm [mailto:[EMAIL PROTECTED]
Sent: 03 October 2003 09:20
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject:
Brief Description
-
Users of Cisco Pix Firewalls may discover that their pool of NAT'ted IP
addresses is running out, and that a reboot or reload of the firewall clears
the problem.
Details
---
The problem is caused by the Firewall being swamped by incoming ICMP packets
on
Isn't this just the same as the ebayupdates.com scam some 8-9 months
ago? The form even looks identical (from what I remember of the form).
See:
http://www.siliconvalley.com/mld/siliconvalley/4713932.htm
or
http://news.bbc.co.uk/1/hi/business/2581197.stm
BenR.
Old news. *yawn*
On Fri,
Conclusion
--
The people behind ES5 have intentionally added malicious code to ES5. If
you have followed the ES5 discussions on message boards and read what the
ES5 people have said and done (eg. DoS attacking BitTorrent sites), this
comes as no surprise. The question then is why did they
So what happens if you take a Windows XP laptop on a business trip
outside the US? Are you in breach of the EULA if you take the install CD
with you? Or are you in breach for simply taking the laptop with Windows
installed on it?
Tim Saunders
-Original Message-
From: Rob Lewis
Jeroen Massar [mailto:[EMAIL PROTECTED] wrote:
Quite offtopic. But what I still wonder is why the heck one
isn't allowed to do business and become large. Is it all
jealousy? If they where so bad why do they get the revenue
and not your company producing super duper software?
Its not quite
This is really sad there development network under all circumstances
should not be connected to the internet. This is just lapse security on
Valves part. Most big development shops have too workstations on
separate networks just for this reason one network will be used for
development only and the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-03:17.procfs Security Advisory
The FreeBSD Project
Topic:
At 09:31 AM 10/3/03 -0500, Schmehl, Paul L wrote:
We have a long established tradition in America of rooting for the
little guyuntil he becomes big and successful. Then we hate him and
do everything we can to tear him down and destroy him. And since we've
mastered the art of litigation,
--- Cael Abal [EMAIL PROTECTED] wrote:
Excellent job finding and documenting this feature. As for the
developers' motivations, though, I don't think it's necessary to point
at colusion with the RIAA/MPAA.
In all honesty, I'm surprised we haven't seen *more* backdoors of this
type in
clapclap
at least Valve is being adult about it and admitting it,
I applaud them on plublicly stating the facts and
risking ( oh yes ) CORPORATE embarasement.
I hope this sets a new trend.
Donnie Werner
CTO e2 Labs
http://e2-labs.com
[EMAIL PROTECTED]
Do you know the definition of export? I don't think so. The
SOFTWARE is intended for distribution... As a software provider you should
understand these terms.
-Original Message-
From: Tim Saunders [mailto:[EMAIL PROTECTED]
Sent: Friday, October 03, 2003 11:02 AM
To: Rob
On Fri, Oct 03, 2003 at 10:55:53AM -0400, Brown, Rodrick said:
Valves part. Most big development shops have too workstations on
separate networks just for this reason one network will be used for
development only and the other for email/internet etc..
most?
Source, please; in my limited
On Fri, 03 Oct 2003 08:40:19 CDT, Rob Lewis [EMAIL PROTECTED] said:
OK, M$ has been reported to have modified the EULA and export license
agreement :
Citation?
The SOFTWARE is intended for distribution only in the United States
(Excluding California)
Do you *really* think that Microsoft
http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm
Given the magnitude of the issues that have been raised, and their
potential impact on the security and stability of the Internet, the DNS
and the .com and .net top level domains, VeriSign must suspend the
changes to the .com and
Looks like ICANN has decided it was time to pick a fight, and
now Verisign has 36 hours to turn sitefinder off or be sued.
http://www.icann.org/announcements/advisory-03oct03.htm
--
Rodrigo Barbosa [EMAIL PROTECTED]
Be excellent to each other ... - Bill Ted (Wyld Stallyns)
pgp0.pgp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2 Oct 2003 15:47:26 -0400
Richard M. Smith [EMAIL PROTECTED] wrote:
Class-action suit points to Microsoft security flaws
http://news.com.com/2100-1009-5085730.html
The lawsuit, filed Tuesday in Los Angeles Superior Court,
also claims that
Brown, Rodrick [EMAIL PROTECTED] wrote:
This is really sad there development network under all circumstances
should not be connected to the internet. This is just lapse security on
Valves part. Most big development shops have too workstations on
separate networks just for this reason one
as a side note..
any service that offers remote traceroute functions
such as ATT's Spy Glass, many PHP
frontend sites as well as most polular perl/cgi
scripts. ( traceroute.pl )
Donnie Werner
CTO e2-labs.com
___
Full-Disclosure - We believe in it.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is in response to the e-mail posted by John Airey. The original
e-mail is available at
http://lists.netsys.com/pipermail/full-disclosure/2003-October/011356.html
Hi John,
Cisco's Product Security Incident Response Team (PSIRT) was not
previously
On Fri, 2003-10-03 at 11:56, Rodrigo Barbosa wrote:
Looks like ICANN has decided it was time to pick a fight, and
now Verisign has 36 hours to turn sitefinder off or be sued.
http://www.icann.org/announcements/advisory-03oct03.htm
By the time this arrives, others will probably have posted
Doesn't seem that anybody else had replied to this ^^
Kinda weird... Or am I missing traffic?
-Original Message-
From: [EMAIL PROTECTED] [mailto:full-disclosure-
[EMAIL PROTECTED] On Behalf Of Frank Knobbe
Sent: Friday, October 03, 2003 13:08
To: [EMAIL PROTECTED]
Subject: Re:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Truly sad. I personally liked the service... I'm prone to typoz (did I mean typos?)
with every sentence I write.
- -- I always wonder why people choose to support MS and then complain about all of
these issues that are known in advance.
I'm not getting any replies back either. I'm guessing people are of the
'Well it's about damn time mentality and just going to wait and see
what will happen tomorrow.
On a related note, School of Rock comes out today and I'm guessing a
bunch of the US IT staff will be calling in sick to be one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| Guardian Digital Security AdvisoryOctober 03, 2003 |
| http://www.guardiandigital.comESA-20031003-028
Hi all,
Once again I'd just like to let you know that I've released Packit 0.7 to
http://packit.sourceforge.net. It should also be available shortly on
http://www.packetfactory.net.
Check out http://packit.sourceforge.net/ChangeLog for a full list of
changes.
Description:
Packit is a network
Wow, you must be one of the few people that actually liked it ^^
I personally hated it =/ Still do!
-Original Message-
From: [EMAIL PROTECTED] [mailto:full-disclosure-
[EMAIL PROTECTED] On Behalf Of Byron Copeland
Sent: Friday, October 03, 2003 14:09
To: 'Frank Knobbe'; [EMAIL
Just in case nobody saw Verisign's response:
http://biz.yahoo.com/prnews/031003/sff057_1.html
VeriSign Will Temporarily Suspend Web Navigation Service in Order to
Continue To Work With Internet Community Towards a Long-Term
Implementation
MOUNTAIN VIEW, Calif., Oct. 3 /PRNewswire-FirstCall/ --
I have the described behaviour when visiting google.com, but have
neither the aolfix.exe nor registry entries, on my XP box. Where would
one find the registry entry for the current DNS(s)?
___
Full-Disclosure - We believe in it.
Charter:
The issue isn't the service itself...the issue is the large number of
privacy violations combined with Verisign's anti-competitive history
(http://www.nuclearelephant.com/papers/verisign.html). Is catching a
type-o really worth the risk of your personal information, passwords,
session ids, and
- Original Message -
From: Matt Larson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 03, 2003 3:50 PM
Subject: Removal of wildcard A records from .com and .net zones
:
: VeriSign was directed by ICANN to suspend the Site Finder service by
: 0100 UTC on Sunday, October
... Get ready for all the tools you fixed to start breaking again ...
(It's worth it though)
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you build it, they will come.
Cut the crapola... I think you're in denial. Where is there a privacy issue here?
- -- I always wonder why people choose to support MS and then complain about all of
these issues that are known in advance.
Since this sounds like troll bait, I'll just say it has already been
discussed in great detail on this list. If you're new here, I would
suggest searching for Verisign in the recent (1 month ago) archives.
Cut the crapola... I think you're in denial. Where is there a privacy issue here?
--On Thursday, October 02, 2003 6:29 AM -0500 Paul Tinsley
[EMAIL PROTECTED] wrote:
Someone brought to my attention that I neglected udp (thank you Adam),
sorry about that I was in a hurry when I posted this, there is another
just like the tcp one that says udp :) Both are being triggered by
Don't you have anything better to do? We really need two lists: one
moderated list for professionals who just want the facts, and a trolling
list.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Yep it would, I threw those up real quick just to try and get some
visibility as to how much we were being affected by it. Didn't put much
thought into it. Just out of curiosity how many of those out there who
are using this or other similar rules are still seeing traffic to those
Honestly I don't think it was the multiple lists that had anything to do
with Bugtraq; it was probably more closely related to the $75 million
dollars Symantec paid for ALL the lists...just a shot in the dark
though.
___
Full-Disclosure - We believe in
Good to see they want to give the community notice, like they did with
their original change.
On Fri, 3 Oct 2003, james wrote:
- Original Message -
From: Matt Larson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 03, 2003 3:50 PM
Subject: Removal of wildcard A
Title: RE: [Full-Disclosure] RE: [Troll-Disclosure] Has Verisign time arrived ?
Don't you have anything better to do? We really need two lists: one
moderated list for professionals who just want the facts,
That was tried with BugTraq; but look where you're posting now.
Cheers,
Joshua
hi list,
i was thinking that too protect ourselves from unknown attacks, there must
be a way to detect things such as shellcode decoders in payloads. after a
bit of research, i have compiled this small list of publicly availiable
encoder/decoder systems in the hope that snort or another IDS
I haven't seen anything that indicates the hosts file and registry files have changed
from those originally described. Aolfix will be gone when you look since it deletes
itself after doing the other changed.
Some of the registry keys that were discussed on this list previously are guids for
--On Friday, October 03, 2003 20:10:08 -0500 Paul Tinsley
[EMAIL PROTECTED] wrote:
Yep it would, I threw those up real quick just to try and get some
visibility as to how much we were being affected by it. Didn't put much
thought into it. Just out of curiosity how many of those out there
--On Friday, October 03, 2003 18:39:31 -0400 Mike O'Connor
[EMAIL PROTECTED] wrote:
I have the described behaviour when visiting google.com, but have
neither the aolfix.exe nor registry entries, on my XP box. Where would
one find the registry entry for the current DNS(s)?
They aren't in the
-BEGIN PGP
SIGNED MESSAGE--
--Title:
Cumulative Patch for Internet Explorer
(828750)Date: October 3,
2003Software: Internet Explorer 5.01
Internet Explorer
5.5
Internet Explorer
6.0
Internet Explorer 6.0 for
http://www.bugtraq.com/ only 6000$ us
hmmm...
morning_wood
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Just when we got used to Wednesday afternoon security bulletins from Microsoft, they
decide to release one on Friday evening.
http://www.microsoft.com/technet/security/bulletin/ms03-040.asp
It allegedly fixes the object tag/hta types of vulnerabilities.
Confidentiality Notice: This e-mail
They don't take checks?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
morning_wood
Sent: Friday, October 03, 2003 11:40 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] bugtraq.com
http://www.bugtraq.com/ only 6000$ us
hmmm...
morning_wood
ICANN, ICANN, you're our man! If you can't do it, no one can!
Okay, I'm done cheering. Meanwhile Verisign is *still* collecting data
for mistyped/unused URLs. Who wants to start the pool? Does Verisign
back off, and if so, when? Or do they get sued and, if they lose, do
they have to turn over all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-03:18.opensslSecurity Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sun Cobalt RaQ Control Panel Multiple Vulnerabilities
- - --
PRODUCT: Cobalt RaQ Web Control Panel
VENDOR: Sun - Cobal Networks
VULNERABLE VERSIONS:
- Sun Cobalt RaQ Servers Web Control Panel (T.I.N.P)
- Tested in a default
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenLinux: OpenSSH:
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenLinux: Updated
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenLinux: wu-ftpd
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenLinux: wget:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Updated Perl packages fix security issues.
Advisory ID: RHSA-2003:256-02
Issue date:2003-09-22
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sun Cobalt RaQ Control Panel Multiple Vulnerabilities
- --
PRODUCT: Cobalt RaQ Web Control Panel
VENDOR: Sun - Cobal Networks
VULNERABLE VERSIONS:
- Sun Cobalt RaQ Servers Web Control Panel (T.I.N.P)
- Tested in a default
67 matches
Mail list logo