Interesting research
http://www.eff.org/press/archives/2010/05/13
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Nope, I just plug it into a USB port on a computer and it comes right up. Did
it on 2 Win7 boxes that I’ve never plugged the phone into before and a
Win2008R2 box to double check. The R2 box didn’t automatically install
drivers, but it would have worked had I done so…
t
From: Zach C. [mailt
Truly? Wait, are you going through AFC or some other way? It was my
understanding that iPhone internal storage never comes up any other way...
Doesn't lockdownd require that your computer be paired before even going SSL
to start services?
On May 18, 2010 4:23 PM, "Thor (Hammer of God)"
wrote:
A
Actually, no. It doesn't have to pair to read and write to internal storage.
You only have access to the pictures dir and other files they may have put on
the "external storage" section, but you can plug it into any system that has
drivers and access it.
t
-Original Message-
From: fu
The iPhone uses proprietary protocols over USB for file operations, syncing
and the like -- only real authentication that I can recall (and I got it
working to begin with ;)) was that the session with lockdownd (kind of a
broker for starting services, etc.) eventually goes SSL... there is also
devi
On Mon, May 17, 2010 at 6:28 AM, Bernd Marienfeldt wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> I've recently upgraded to Ubuntu Lucid Lynx (10.04 LTS) and been
> surprised by the iPhone 3GS (3.1.3 - 7E18) mounting behavior:
>
> Fully switch off the iPhone 3GS and then c
===
Ubuntu Security Notice USN-939-1 May 18, 2010
xorg-server vulnerabilities
CVE-2009-1573, CVE-2010-1166
===
A security issue affects the following Ubuntu releases:
Ubun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:099
http://www.mandriva.com/security/
--On Tuesday, May 18, 2010 14:40:45 + "Thor (Hammer of God)"
wrote:
>
>
> What messages warning you from using Windows? I certainly hope you do not
> have me confused with the OP – I already used the term “hysteria” to
> describe his ideas and subsequent recommendations. The entire premise
> AFAIK the USB-protocol does not contain any authorization /
> authentication-mechanism:
USB just defines the signaling protocol and interface.
After that, you can make the target device to whatever you want with the
corresponding driver on the host side. Take a look at any Sansa MP3
player ..
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:098
http://www.mandriva.com/security/
All I saw was "sent from my HTC" from him. Maybe I'm glad I missed
it ;)
On May 18, 2010, at 8:15 AM, Christian Sciberras
wrote:
Thor,
Sorry, I didn't make my points clear enough. I was replying
sarcastically to Cassidy's remarks and asking him to prove his claims.
Regards.
On T
On Tue, 18 May 2010 18:00:52 +0300, Georgi Guninski said:
> why flame about constants about detectable malware when the world missed
> 100% of the undetectable malware? :)
"There are known knowns. These are things we know that we know. There are known
unknowns. That is to say, there are things th
Thor,
Sorry, I didn't make my points clear enough. I was replying sarcastically to
Cassidy's remarks and asking him to prove his claims.
Regards.
On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God)
wrote:
> What messages warning you from using Windows? I certainly hope you do not
> have me
On Sun, May 16, 2010 at 08:49:29PM -0400, valdis.kletni...@vt.edu wrote:
> On Sun, 16 May 2010 23:49:00 BST, lsi said:
> > Malware is flooding at 243% (+/- error). This is consuming the
> > oxygen in your machine.
>
> The basic error in your analysis is that although there may in fact be
why fl
What messages warning you from using Windows? I certainly hope you do not have
me confused with the OP - I already used the term "hysteria" to describe his
ideas and subsequent recommendations. The entire premise is fatally flawed,
and the subsequent replies show a level of ignorance that I ha
Je serai absent(e) à partir du 2010-05-17 de retour le 2010-05-24.
Je répondrai à votre message dès mon retour.___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:097
http://www.mandriva.com/security/
Hello Full-Disclosure!
I want to warn you about security vulnerability in different browsers.
-
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera
and other browsers
-
URL: http://websecurity.com.ua/4206/
Cassidy MacFarlane would like to recall the message, "[Full-disclosure]
Windows' future (reprise)".
www.grantmanagement.co.uk
www.gmhelp.co.uk
Please consider the environment before printing this email and any attachments.
This message and any files transmitted with it are confidential and i
On Tue, 18 May 2010 14:38:47 +0200, Christian Sciberras said:
> That is because it is a hardware protocol. But that doesn't mean
> applications can't have their own protocol, or use a standard one such as
> TLS.
Or get even simpler - design the device with the rule: "Don't even bother
talking on
On Tue, 18 May 2010 14:02:53 +0200, Gregor Schneider said:
> AFAIK the USB-protocol does not contain any authorization /
> authentication-mechanism:
-1 (as you put it).
1) Google "broken as designed" sometime.
2) Google for "secure USB flash drive". Oddly enough, the lack of said
mechanism does
That is because it is a hardware protocol. But that doesn't mean
applications can't have their own protocol, or use a standard one such as
TLS.
As a comparison, it is like https/ssl vs tcp/ip protocol.
Cheers.
On Tue, May 18, 2010 at 2:02 PM, Gregor Schneider wrote:
> On Tue, May 18, 2010 at
On Tue, May 18, 2010 at 11:39 AM, wrote:
>
> The fact that most devices do it doesn't mean it's not a security flaw.
>
-1
AFAIK the USB-protocol does not contain any authorization /
authentication-mechanism:
http://www.beyondlogic.org/usbnutshell/usb3.htm
Please correct me if I'm wrong...
Ch
Happens they are completely unrelated stories. Also happens that I won't
fall for someone's hysteria from using windows.
By the way, I don't know you, but I would depend on the _fact_ that I've
been using a product without a hitch rather then someone's claims that the
said product will fall in a y
On 17 May 2010 21:49, lsi wrote:
> My interpretation of risk assessment tells me that if the chances of
> denial-of-service due to malware flooding is small, but the potential
> damage is substantial, despite the improbability, then that risk must
> be mitigated.
>
Then your interpretation / risk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2038-2 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 17, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2047-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
May 17, 2010
CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX
interface
Severity: Critical
Vendor:
SpringSource, a division of VMware
Versions Affected:
tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A
Description:
A problem has been identified in the
com.spring
Dear List,
I'm writing on behalf of the Check Point Vulnerability Discovery Team to
clarify this issue. Here is our advisory and the specific timeline:
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
GhostScript 8.70 and lower stack o
On 18/05/10 09:24, Gregor Schneider wrote:
> Question:
>
> iPhone OS 3.1.3? Jailbreaked / original firmware?
>
> I'll check it tonight with a 3G, iPhone OS 3.1.1, Jailbreak and come
> back to you.
Hi Gregor,
I updated my blog, hope this helps:
http://marienfeldt.wordpress.com/2010/03/22/iphon
On Tue, 18 May 2010 10:24:42 +0200, Gregor Schneider said:
> IIRC, the iPhone gets mounted, however, you'll only have access to
> pictures & videos (3gs). I wouldn't consider that a security flaw -
> this behaviour is standard for almost any device being mounted via USB.
The fact that most devices
Sent from my HTC
-Original Message-
From: Thor (Hammer of God)
Sent: 15 May 2010 21:59
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Windows' future (reprise)
No, It's Tim Mullen. No "Bill" here.
No, I don't misunderstand: You said "You may recall that last y
Gregor Schneider writes:
> Bernd,
>
> IIRC, the iPhone gets mounted, however, you'll only have access to
> pictures & videos (3gs). I wouldn't consider that a security flaw -
> this behaviour is standard for almost any device being mounted via
> USB.
>
> Question:
>
> iPhone OS 3.1.3? Jailbreak
Bernd,
IIRC, the iPhone gets mounted, however, you'll only have access to
pictures & videos (3gs). I wouldn't consider that a security flaw -
this behaviour is standard for almost any device being mounted via
USB.
Question:
iPhone OS 3.1.3? Jailbreaked / original firmware?
I'll check it tonight
35 matches
Mail list logo
