Okay, so I asked about this in another thread, but it wasn't really
picked up, and I don't want to let it go.
There is a fairly serious (and obvious) risk of Denial of Service in
many web applications that rely on back-end databases. As a previous
message stated, on many web apps, small HTTP
+---+
| Web Application Denial of Service |
+---+
There is a denial of service condition not in a specific software
product but in several web based applications.
The idea is to make a rather small HTTP request and get a big
Okay, enough people commented on this that I had to dig out my
documentation. FWIW, this is what my co-worked documented. My previous
summary was not totally accurate. This was discovered by one of my
co-workers, not myself.
-snip
From: [EMAIL PROTECTED] (name withheld to protect
Could also be RF interference. One of my coworkers tracked down a
particularly interesting problem with motion sensor lights. Turns out
the motion sensors worked at the 240mhz range, which has resonance at
2.4ghz, or something like that. Hence every time the motion sensor
worked, it would spew
Any reason not to just use Ghost?
Also, some people use VMWARE, and make a clean VMWARE image, copy it,
load the suspicious stuff, and then delete it afterwards. If you have
your virtual network interfaces disabled, it may be a fairly safe
sandbox to work in.
Mark Lachniet
-Original
RE: Accepting mail from spoofed hosts
This is really a very simple idea, and a hundred people smarter than me
must have thought of it, but I have to wonder if yet another layer of
e-mail security might not be in order as well - don't all email systems
have a unique message ID on them? Sendmail
TITLE: 03-02-04 XSS Bug in NetScreen-SA 5000
Series of SSL VPN appliance
SUMMARY
Cross Site Scripting bug in the
'delhomepage.cgi'CGI binary in the
Netscreen NetScreen-SA 5000 Series SSL VPN appliance.
DETAILS
There exists a cross-site scripting bug in
'row' parameter of the
To: Lachniet, Mark
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Michael Iseyemi
Subject: Re: [Full-Disclosure] Openssl proof of concept code? / Neoteris
On Wed, Jan 14, 2004 at 04:34:53PM -0500, Lachniet, Mark wrote:
I did search packetstorm (as always) prior to posting, but came up
short. I also spent a lot
however not at liberty to
divulge this as it is a littlebit convoluted and also
includes integration testing and efforts between
several components of a PKI.
Thanks,
Michael
-- Lachniet, Mark [EMAIL PROTECTED]
wrote: Please excuse the cross-post, and please
forgive me
if I am missing
Please excuse the cross-post, and please forgive me if I am missing
something that I should have found through conventional sources.
A few months ago, there were issues with the openssl code base, as noted
on bugtraq and in the following URLs:
http://www.openssl.org/news/secadv_20031104.txt and
10 matches
Mail list logo