to
external source. Malicious recordset can be built
locally.
www.michaelevanchik.com
-Original Message-From: Michael Evanchik
[mailto:[EMAIL PROTECTED]Sent: Saturday, December 25,
2004 9:11 PMTo: Aviv Raff;
full-disclosure@lists.netsys.comSubject: RE: [Full-Disclosure] YEY
To: Todd Towles
Cc: Michael Evanchik ; full-disclosure@lists.netsys.com
Sent: Thursday, December 30, 2004 12:55
PM
Subject: RE: [Full-Disclosure] And you're
proud of this Mike Evanchick?
I have to aggree with Todd on this one, the attack was
extremelyunprofessional
http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.html
mike
www.michaelevanchik.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Title: Re: [Full-Disclosure] And you're proud of this Mike Evanchick?
Let me put this lighter,
WRONG
I created this code first using KNOWN virus
strings. It would be trivial to use different code that is not
detected,
Mike
www.michaelevanchik.com
- Original Message -
From:
Todd,
Listen,you are so wrong i cant belive you
even have the guts to post this. How stupid can you be? Norton or
any AVP can easily be fooled. The active x object "ca"+n b"+ +e crea"
+ted" like this.code changed around , or even different local code can be
used and tada AVP is fooled.
2) usesall
start up menue languages
-Original
Message-From: Michael
Evanchik [mailto:[EMAIL PROTECTED]Sent: Saturday, December 25, 2004 9:11
PMTo: Aviv Raff;
full-disclosure@lists.netsys.comSubject: RE: [Full
- Notice
in your startup menu a new file called Microsoft Office.hta. When run, this
file will download and launch a harmless executable (which includes a pretty
neat fire animation)
Michael
Evanchik
Relationship1
p:
914-921-4400
f:
914-921-6007
mailto:[EMAIL PR
Had a mistake in my code o well. Works now
PoC: http://www.michaelevanchik.com/security/microsoft/ie/xss/index.html
http://www.michaelevanchik.com/security/microsoft/ie/xss/writehta.txt --
avp's should add this
Here is some new adodb code AVP's should add. No longer needed to connect
to
Had a mistake in my code o well. Works
now
PoC: http://www.michaelevanchik.com/security/microsoft/ie/xss/index.html
http://www.michaelevanchik.com/security/microsoft/ie/xss/writehta.txt
-- avp's should add this
Here is some new adodb code AVP's should add.
No longer needed to connect to
to external source.
Malicious recordset can be built locally.
www.michaelevanchik.com
-Original Message-From: Michael Evanchik
[mailto:[EMAIL PROTECTED]Sent: Monday, December 27, 2004
11:57 AMTo: Ron Jackson;
full-disclosure@lists.netsys.comSubject: RE: [Full-Disclosure] YEY
try www.michaelevanchik.com/security/microsoft/ie/xss/index.html
might
be a little more reliable PoC
1) new
not known by AVP codes
2)
usesall start up menue languages
-Original Message-From: Michael Evanchik
[mailto:[EMAIL PROTECTED]Sent: Saturday, December 25
have been spent on securing SP2,
perfection is impossible. Through the joint effort of Michael Evanchik (http://www.michaelevanchik.com) and
Paul from Greyhats Security (http://greyhats.cjb.net),
a very critical vulnerability has been developed that can compromise a user's
system without the need
Too bad I cant add this too my cart and complain to customer service I am
not receiving my item
www.michaelevanchik.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Knarr, Joshua
Sent: Wednesday, December 01, 2004 9:59 AM
To: mikx; [EMAIL
This crew has this entirely wrong. Have they read securityfocus.com lately?
This was a setup. He does have prior convictions but if you notice they are
the same date ever year. It seems they have this guy on their outlook
calendar reminders. Also by no means should anyone feel safe now since
I have no problem with this list. I use a tool to passively filter this
list the same that I do for the spam problem that has taken over planet
earth
In your email client there is a button that will take care of this for you.
Look for something in the respects of DELETE
Anyone who can not
I disagree Colin,
A good administrator knows there is more then one way to skin a cat. Rafel,
I belive was just briefly stating some solutions to the problem. I can tell
you windows protection can be defeated with a few registry changes. Combine
that with an active directory login script and I
Imsure glad Microsoft spent more on security
and xp service pack 2 then themissle defense system. This works on
me using XP Pro SP2, malware[1].exe is inmy startup folder!!! It
would be trivial and easy to trick users to drag something.I totally feel
unsecure with Microsoft and SP2 yet
who you are Gadi to give such
comments like that.
Michael Evanchik
www.MichaelEvanchik.com
- Original Message -
From:
Gadi Evron
To: Jelmer
Cc: [EMAIL PROTECTED] ; [EMAIL PROTECTED]
; [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 4:47 PM
Subject: [Full-Disclosure] Re
I sure am, i do not want to uninstall the service pack. I looked
around for any encryption pack installs but nothing for IE6. This sucks no
https sites work.Mike
- Original Message -
From:
Technoboy
To: [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 2:04
PM
From:
[EMAIL PROTECTED]
Sent:
Fri 2/20/2004 9:39 PM
To:
[EMAIL PROTECTED]
Cc:
[EMAIL PROTECTED]
Subject:
[Full-Disclosure] RE: Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
Why don't you release your
That is definately true. But unfortunately I used known local exploit examples to give due credit to some people. There are many different local exploits that norton does not pick up as well as ways to rewrite the known ones to trick norton so I have been told.
Mike
From:
Feher Tamas
e src=""/iframe
This will not need to be changed ever again since your filename and
location is permanent foreveryone on AOL.
4. Send a message with a hyperlink to your page.
Proof of Concept?----- If the bot is online you can
instant message the screen name Mi
Title: RE: [Full-Disclosure] Re: Six Step IE Remote Compromise Cache Attack
I would first like to commend microsoft on patching the exploit very quickly.
Second I would like to like to say I totally give up on internet explorer an have moved on to Mozilla firebird. Thank you open source!
10:56 AM
To:
Michael Evanchik
Cc:
[EMAIL PROTECTED]
Subject:
Re: [Full-Disclosure] Re: Six Step IE Remote
Compromise Cache Attack
Michael Evanchik wrote: 1) take out the function
name and brackets and all code below /script in default.htm and
save
Michael Evanchik
www.high-pow-er.com
25 matches
Mail list logo