-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:255
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02652463
Version: 1
HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running on
Linux and Windows, Remote Cross Site Scripting (XSS)
NOTICE: The information in this Securit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02653973
Version: 1
HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux
and Windows, Remote Full Path Disclosure
NOTICE: The information in this Security Bulletin shou
> We has OpenBSD tell us:
>
> "We have never allowed US citizens or foreign citizens working in the
> US to hack on crypto code"
> http://marc.info/?l=3Dopenbsd-tech&m=3D129237675106730&w=3D2
That statement remains true.
IPSEC isn't 100% crypto; it is a complex layered subsystem with many
other
использовать свой мозг! Is we think with our brain and ask: "how is
team OpenBSD lying to is public" well then is the proof is in the
каша!
We has OpenBSD tell us:
"We have never allowed US citizens or foreign citizens working in the
US to hack on crypto code"
http://marc.info/?l=openbsd-tech&m=
On 12/14/10 8:35 PM, musnt live wrote:
Original e-mail is from Theo DeRaadt
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
Then also read Jason Wright's response and clear denial:
http://marc.info/?l=openbsd-tech&m=129244045916861&w=2
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:254
http://www.mandriva.com/security/
_
On Mon, 13 Dec 2010 hpdisclos...@anonmail.de wrote:
> i just found out that there is a hidden user on every HP MSA2000 G3
> SAN out there:
>
> username: admin
> password: !admin
Confirmed on P2000 G3 (fw L100R013). (Please, HP, is it really
necessary to give us *so many* different reasons to ha
www.eVuln.com advisory:
BBCode CSS XSS in slickMsg
Summary: http://evuln.com/vulns/162/summary.html
Details: http://evuln.com/vulns/162/description.html
---Summary---
eVuln ID: EV0162
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross Site Scripting
www.eVuln.com advisory:
"post" - Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/161/summary.html
Details: http://evuln.com/vulns/161/description.html
---Summary---
eVuln ID: EV0161
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross S
Original e-mail is from Theo DeRaadt
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
I have received a mail regarding the early development of the OpenBSD
IPSEC stack. It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors int
===
Ubuntu Security Notice USN-1024-2 December 13, 2010
openjdk-6 regression
https://launchpad.net/bugs/688522
===
A security issue affects the following Ubuntu releases:
Ubuntu
iDefense Security Advisory 12.14.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, p
> 1) Yup, pretty unconvincing. Though one could separate window shadows,
I'm guessing you have your window manager configured to render window
shadows. In this case, this is less plausible, yup, unless you do the
inverted gradient trick.
> 2) Where is "here"? :)
I tried to dig something up, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02656471
Version: 1
HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of
Service (DoS), Gain Privileged Access
NOTICE: The information in this Security Bulletin should
=[BEGIN-ACROS-REPORT]=
PUBLIC
=
ACROS Security Problem Report #2010-12-14-1
-
ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book
Hi folks,
Two minor things that do not deserve a lengthy discussion, but are
probably mildly interesting and worth mentioning for the record:
1) Chrome browser is an interesting example of the perils of using
minimalistic window chrome, allowing multiple windows to be spliced
seamlessly to confus
iDefense Security Advisory 12.14.10
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, p
Hi,
The OSSTMM has been released today at www.osstmm.org.
It's a big document so you may want to check out first some of the
reviews and commentary on it first. InfoSec Island is having an OSSTMM
week to spread the word:
https://www.infosecisland.com/osstmm.html
Some of the articles availab
www.eVuln.com advisory:
"post" - Non-persistent XSS in slickMsg
Summary: http://evuln.com/vulns/161/summary.html
Details: http://evuln.com/vulns/161/description.html
---Summary---
eVuln ID: EV0161
Software: slickMsg
Vendor: n/a
Version: 0.7-alpha
Critical Level: low
Type: Cross S
But he said that RedHat (and thus CentOS) doesn't have Econet enabled by
default.
--Ariel
fireb...@backtrack.com.br wrote:
> I tested it on a VM with CentOS 5.5 i386 updated and did not work.
>
> Last login: Tue Dec 13 12:48:54 2010
> [r...@localhost~]#nano full-nelson.c
> [r...@localhost~]#gcc-o
On 12/13/2010 11:19 AM, Michael Bauer wrote:
An administrator is very different there are many levels of
administrative control in windows to say an admin is an admin is
absurd.
I disagree. There's only one level of pwned.
There is a big difference between a local admin and a domain
admin.
Hey Dan,
Freaking THANK YOU first and foremost. I've been waiting for someone to say
that for days now, and was just about to myself.
Just because everyone and their brother want's to show off that they can
compile & run some software (herp a derp, good job) DOESN'T mean they should
immediate
>The attack has some academically interesting details about how cached
>credentials work, but I agree with Stefan. If you own the machine, you own
>the machine. What's to stop you from, say, simply installing a rootkit?
Exactly. More importantly, even if you must make users local admins, there is
Everyone.
Please read my original post. I never claimed to gain access to
networked resources using the masqueraded account. My method merely
shows that you can modify the SAM and SECURITY hives without using DLL
injection or any other advanced technique that security Admins are
currently lookin
Can anyone confirm this vulnerabilty?
I don't have a MSA for testing at the moment.
> Hi,
>
> i just found out that there is a hidden user on every HP MSA2000 G3
> SAN out there:
>
> username: admin
> password: !admin
>
> this user doesnt show up in the user manager, and the password
> cannot b
Maybe what some of us need to learn from this is that we should never think in
absolutes such as local VS domain users. There are numerous account types and
the overrides to take into account with any OS and they change.
This is more of a wakeup call to brush up on our understanding of permissi
"Andrea Lee" wrote:
> I hope I'm not just feeding the troll...
No. You just made a complete fool of yourself.-P
Read the initial post again.
CAREFULLY.
Especially that part about unplugging from the network.
> A local admin is an admin on one system. The domain admin is an admin
> on all system
"StenoPlasma @ ExploitDevelopment" wrote:
Your MUA is defective, it strips the "References:" header!
> Stefan,
>
> For you information:
>
> Cached domain accounts on a local system are not stored in the SAM. They
> are stored in the SECURITY registry hive. When a cached domain user logs
>
29 matches
Mail list logo