Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WEEPING FOR WEP
Gary Warner wrote: I'm going through this one at work right now myself. My team convinced me that we should use WPA2 with TKIP for our new wireless service. Guess what? Most Windows-controlled wireless laptops don't have an option to select WPA2 as their authentication protocol! My team says No problem, we can just have them download a more recent version of their driver and use the software that comes with their wireless card to manage their wireless instead of the windows client. ARRRGH! *NOT* a valid answer! I suspect whether this is a most or not depends a lot on your hardware refresh cycle and what sort of kit you buy - if you've been buying Intel Centrino kit, it all supports WPA (the ipw2100 may not, but everything since then certainly does) so long as you've got the latest drivers and the WPA2 Hotfix for XP. I've implemented WPA2 Infrastructures recently, and the number of laptops which haven't supported WPA2 is somewhere in the 10-15% range. Oddly enough, we have two ipw2200-equipped Toshiba laptops which (even after a full reinstall, and using identical drivers/firmware to machines that do work) refuse to talk WPA2... If you have older prism kit, or a chipset like atheros which is commonly rebadged/resold, you may not have WPA2-compatible drivers/firmware for the card even if the same chipset in other vendors' devices (or in linux) supports WPA2. Thankfully, at the current point in time, sporting the Wifi logo requires WPA2 support so far as I'm aware, so anything you buy now *should* support WPA2. I'm not sure when this requirement came into effect, though.. - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] More information on ZERT patch for ANI 0day
Gadi Evron wrote: Although eEye has released a third-party patch that will prevent the latest exploit from working, it doesn't fix the flawed copy routine. It simply requires that any cursors loaded must reside within the Windows directory (typically C:\WINDOWS\ or C:\WINNT\). This approach should successfully mitigate most drive-by's, but might be bypassed by an attacker with access to this directory. I'm thinking that an attacker with write access to %systemroot% probably has juicier, simpler targets to attack (which potentially let them run code in a higher security context) than animated cursors. - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] More information on ZERT patch for ANI 0day
Gadi, Gadi Evron wrote: I'm thinking that an attacker with write access to %systemroot% probably has juicier, simpler targets to attack (which potentially let them run code in a higher security context) than animated cursors. http://www.milw0rm.com/exploits/3636 I'm struggling to see what direct relevance this has to what I just said... - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] More information on ZERT patch for ANI 0day
Gadi, Gadi Evron wrote: It has relevance to what you replied to. No doubt - but unfortunately not the part of it that I was actually responding to; this isn't actually a reply to what I said, just a random vaguely topical link. - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] More information on ZERT patch for ANI 0day
Gadi, Gadi Evron wrote: For a real current attack. Understandably. This is the attack which this thread is about, as indicated in the subject line of the e-mail. To recap, you used the phrase flawed copy routine. to refer to the fact that you could carry out an attack using this particular attack method by writing to typically C:\WINDOWS\ or C:\WINNT\. Again, to recap, my point was: an attacker with write access to %systemroot% probably has juicier, simpler targets to attack (which potentially let them run code in a higher security context) than animated cursors. Do you have any reply to make to what I actually *said*? - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 -- smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PayPal acount removal: bug or feature?
[EMAIL PROTECTED] wrote: Anybody else thinking 'phish'? :) Actually, no - I experienced almost precisely the same thing with an old paypal account that we'd long since lost the password to and which was associated with a dead e-mail address, and I remember experiencing something similar to that described. I don't remember precisely how much information I had to provide other than the account name. I don't know if this only works with long-idle accounts, but I do recall it being slightly odd at the time (and I checked the account was legitimately closed! Thankfully, I wasn't too shocked since the account was associated with dead bank details, anyhow..) - James. -- James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: https://www.bsrf.org.uk ~ http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/