Hello,
Has everyone seen the immunitysec.org report yet?
http://www.immunitysec.com/downloads/tc0.pdf
...Immunity's findings clearly show that the best platform
for your
targets to be running is Microsoft Windows, allowing you
unparalleled
value for their dollar.
Yeah, Microsoft Windows is
Author: Jürgen Schmidt, heise Security
Date: August 13,2004
German Advisory: http://www.heise.de/security/artikel/50046
English Version: http://www.heise.de/security/artikel/50051
Overview
With Service Pack 2, Microsoft introduces a new
security feature to warn users before executing
On Sun, Aug 15, 2004 at 01:52:33PM +0200, Maarten wrote:
On Sunday 15 August 2004 04:52, Nick FitzGerald wrote:
Maarten wrote:
yada yada. You may work in the industry (and be blind because of it) and I
may have an incredible high IQ (so much higher than yours that you perceive
I'm stupid
On Thu, 2004-08-12 at 15:54 -0500, Ron DuFresne wrote:
Ahh, but this was an error on your end sir, M$ has always advised that
patching or adding apps to the system should be done with everything
closed, and in most cases users are best served to reboot and patch/add
apps prior to doing
Was wondering how long it would talk for the holes to show up. SP2 isn't
the be all and end of windows security, although it is a step in the
right direction.
In my opinion MS has a lot of legacy code to address, preventing buffer
overflows from happening is all well and good but if the code
-Original Message-
From: Juergen Schmidt [mailto:[EMAIL PROTECTED]
Sent: Monday, August 16, 2004 3:41 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Flaws security feature of SP2
Author: Jürgen Schmidt, heise Security
Date: August 13,2004
German Advisory:
On Monday 16 August 2004 03:36, you wrote:
On Sun, 15 Aug 2004, Noam Rathaus wrote:
#ll -l /usr/bin/X11/dpsinfo
-rwxr-xr-x1 root root 6456 Jul 7 18:07
/usr/bin/X11/dpsinfo
symbols found)...(no debugging symbols found)...(no debugging symbols
found)...
Program
Hello,
This is not really anything new, try googling for someones IP address, there is a lot of sensitive information to be found.
Even better search for a public anonymous proxy IP, some proxy servers keep a public log of who has used them and what sites
they were used to visit. Not so anonymous
Much stuff deleted.
m$ have actually got this one right!
It's great that it works for your one configuration, but there are
thousands of other configurations out there. For some, it is not
working, even when they read the documentation. The world is not just
you and your PC.
350
This is too boring. *Please* can you all desist?
Entrenched positions aren't going to be changed by this back-biting, flaming
and personal attacks (you know who you are). You're damaging your own
repuations on this thread. Don't forget it's all searchable on Google.
This thread has been going
Cut the guy a little slack, Wood. Yeah, it's been around forever and a day, but maybe
his e-mail will cause someone reading it to go looking in their Enterprise for it and
find some moron webmaster using it on an Internet-facing server. If so, he did some
good. Relax.
-Original
Right On Brother. You don't need a big community start small with committed people who
want to stop spam, virii, Trojans and
work the solution. Like GOOGLE, that's how most great projects get started.
Jan Clairmont
Firewall Administrator/Consultant
-Original Message-
From: [EMAIL
Which is more distracting to a list? Somebody asking a question that may
or may not be off-topic or some pompus ass passing judgement on somebody
else's post while contributing absolutely nothing positive to the
discussion?
To remain on-topic: Your best bet would be to go with SP2, seeing as how
I was only showing the point that name of a virus doesn't stop a company
form working and creating IDE to stop a virus. They can name them
whatever they want. Most of us really don't care most of the time, as
long as it gets stopped. AV vendors can choose to name the same (at
least in the same
maybe because we use our computers for other than a simple
workstation.. i couldnt even get visual studio installed tat in itself
show microsoft hadnt tested this shit fully before streaming it to the
masses
On Mon, 16 Aug 2004 15:05:45 +0200, Soderland, Craig
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:rsync
Announcement-ID:SUSE-SA:2004:026
Date: Monday,
I am trying to figure out from all of your posts if you are just a troll or
truly think you are saying something that can help.
You complain about the past and then complain about SP2 in the same breath
like you are saying, I don't like what they did, so I don't like what they
will ever do. This
OK - see the comments below and reverse them.
It's [sad|great] that it [doesn't work|works] for your one configuration,
but there are thousands of other configurations out there. For some, it
[is|is not] working, even when they [don't read|read] the documentation.
Actually, this time M$ got the
Your computers can have different OSes on them, Your OS can run on
different brands of computers, you can run different Office Suite packages
on your different Oses (even Windows).
Contrariwise, I can't run diesel in my gasoline engine, can't run jet fuel
either. I can't easily take the heads
Exploiting this issue requires the ability to overwrite
existing files wich have a trusted or non-existant ZoneID.
Right now there is no known way to achieve this in an attack
mounted from the Internet.
Ok. So if I have the ability to do that, isn't it safe to say that I already
control
CVS Undocumented Flag Information Disclosure Vulnerability
iDEFENSE Security Advisory 08.16.04
www.idefense.com/application/poi/display?id=130type=vulnerabilities
August 16, 2004
I. BACKGROUND
CVS (Concurrent Versions System) is an open-source network-transparent
version control system.
II.
Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow
Vulnerability
iDEFENSE Security Advisory 08.13.04
www.idefense.com/application/poi/display?id=126type=vulnerabilities
August 13, 2004
I. BACKGROUND
Adobe Acrobat/Acrobat Reader are programs for creating and/or viewing
documents in
Hi,
I apologize for not doing my home work properly before
actually mailing the list. I assure that from next
time I will do even better research on the issue
before posting it to such lists.
But as most of you said that this issue is very old,
probably that is the reason why I was not able to
Hi fellaz,
IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
encrypt its user passwords. Have a look at attached proof of concept tool,
which will decrypt user password from local machine instantly.
---
G:\xploits\imail_decrypt
G:\xploits\imail_decryptimailpwdump -d
joe wrote:
I am trying to figure out from all of your posts if you are just a troll or
truly think you are saying something that can help.
You complain about the past and then complain about SP2 in the same breath
like you are saying, I don't like what they did, so I don't like what they
will ever
/
Vulnerable Program: CACTI
Version : The latest version 0.8.5a
Url: http://www.raxnet.net
The Bug: SQL injection to allows bypass the auth.
Date:
Hi iDEFENSE,
This issue was patched in the latest (June 9th) releases of CVS,
specifically 1.11.17 1.12.9.
well guess WHY it was fixed... maybe because it was found and
reported by Sebastian Krahmer back ub May?
VIII. CREDIT
An anonymous contributor is credited with discovering this
Stefan,
We were aware that the vulnerability had been patched due to the work of
Sebastian Krahmer and yourself as this was mentioned by CVS during the
vendor disclosure process. We chose to proceed with the disclosure as it
did not appear that the CVE number for this issue had been
Security professionals do NOT bitch about products. They do their best to learn the products they have to live with and secure them.
Stop complaining and start learning. If you are a true infosec professional, you will be able to devise and implement an acceptable security architecture to
Why should I be complacient and except poor
products ?Or poor advice (plonk)
- Original Message -
From:
DWreck
To: [EMAIL PROTECTED]
Sent: Monday, August 16, 2004 3:04
PM
Subject: [Full-Disclosure] lame bitching
about products
Security professionals do
This has been well documented. I remember a tool from 2002 that would
decrypt the hash from command line.
printf (IMail Password Decryptor\n);
printf (Usage: %s account name encrypted string\n, name);
printf (E.g., %s crypto CCE5DFE5E2\n
^^---CAPITAL LETTERS\n\n, name);
printf (This
Ich werde ab 16.08.2004 nicht im Büro sein. Ich kehre zurück am
18.08.2004.
Ich werde vom 16.08.2004 bis zum 17.08.04 nicht im Büro sein. In dringenden
Fällen wenden sie sich bitte an die Hotline: 5599
___
Full-Disclosure - We believe in it.
looks like devis has successfuly destablised another brain washed win user , keep up
the good work neo :-)
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Original Message -
From: DWreck [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 17, 2004 7:04 AM
Subject: [Full-Disclosure] lame bitching about products
Security professionals do NOT bitch about products. They do their best to
learn the products they have to live with
but would be very comfortable in saying this will not
occur. Had MS wanted to follow a *nix like path, they could have a long
time
ago... They were doing *nix back in 1980.
Error. read ur history. they never DID. they bought it. Called Xenix.
Like all technology in M$ product, its often
From eEye's darker days:
http://www.w00w00.org/advisories/imailpass.html
At 11:18 PM 8/16/2004 +0600, Adik wrote:
Hi fellaz,
IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
encrypt its user passwords. Have a look at attached proof of concept tool,
which will decrypt
36 matches
Mail list logo
