Re: [Full-disclosure] Zotob Worm Remover
On Mon, 22 Aug 2005 01:15:17 BST, n3td3v said: > Diabl0 won't be happy that you're trying to supress his worm. Could be worse. We could have decided his worm wasn't bothersome enough to be worth suppressing. :) pgplBeLr79Imm.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Zotob Worm Remover
On 8/21/05, Ill will <[EMAIL PROTECTED]> wrote: > Made a Zotob Worm Remover that removes the processes/files/registry entries > from variants A through G. includes MASM source code. Diabl0 won't be happy that you're trying to supress his worm. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] BBCode [IMG] [/IMG ] Tag Vulnerability
Hi, Saw this one on www.waraxe.us (Discovered by Easyex) and i was thinking if there are some more possibilities using the method described. The POC below is for phpBB. - == make yourself a folder on your host rename the folder to signature.jpg this will trick bbcode that its an image file. example http://sitewithmaliciouscode/signature.jpg inside that folder .. put this code .. and rename it to index.php file. Quote: http://hosttobeexploited/phpBB/login.php?logout=true";); exit; ?> this will make every visitor getting logout when they view the thread that have image linked to this. === This seems to be working on almost all the scripts using BBcode. Successfully tested on vBulletin 3.0.7 and phpBB 2.0.17 when used the image link to the folder with the malicious code as the forum signature. What i was wondering is there anything more serious than logging out the users that can be done with this? The admin folders of ipb and phpbb need reauthentication. So nothing serious for them but anything more innovative that could be done? And any way to fix this? Regards, -- http://www.h4cky0u.org (In)Security at its best... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FrSIRT False Alarm
"amazing" http://www.securityfocus.com/archive/1/359969/2004-04-06/2004-04-12/0 btw, another KillBit: http://isc.sans.org/msddskillbit.php Paul a écrit : "Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed." Believe it or not, I am in full agreement with this statement. Regards, Paul Greyhats Security http://greyhatsecurity.org - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, August 20, 2005 6:13 AM Subject: Re: [Full-disclosure] FrSIRT False Alarm MS said: "Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed." http://www.microsoft.com/technet/security/advisory/906267.mspx chaotic :> do you have a test page? No. We used the public exploit to generate a specially crafted page. Best regards, FrSIRT / French Security Incident Response Team 24/7 http://www.frsirt.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDBew5OjxwThxio44RAoWgAJ9k5+qAasePjIG8OaOe2AFjBKsvjQCfVFuD I0Yc2oleSNh/jqc8lKRxQp8= =CAvW -END PGP SIGNATURE- KEY: 0xA7C69C5F PRINT: 694C 3495 BCC4 2F8B D794 6BD4 AF8B 457B A7C6 9C5F ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal
Hi! I'm sorry, but you were not the first one who noticed this kind of problem. :-) I've discovered the same type of problems much earlier and reported it to the vendor several times. However, Hauri *never* responded to our inqueries. When I was calling them, they at least acknowledged that they got my mails, but nothing has happened later. You can find more details about the issue the in the following article: "Durchleuchter - 16 Virenscanner für Windows", Andreas Marx & Axel Vahldiek, c't 01/2005, page 128pp. (10 pages) The tests for this article were performed in November and December 2004. There are a lot more vulnerabilities in this product, e.g. everyone can get Administrator rights on a "protected" PC very easily. A good number of the problems are described in the above article for the German c't magazine, too. BTW: It's interesting to see that you have tested *exactly* the same kind of archive files we've used in the c't review... cheers, Andreas Marx CEO, AV-Test.org http://www.av-test.org __ Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach! Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Zotob Worm Remover
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 symantec has been faster for this one http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.removal.tool.html was posted on the javascript page a few time before ;) KEY: 0xA7C69C5F PRINT: 694C 3495 BCC4 2F8B D794 6BD4 AF8B 457B A7C6 9C5F - - Original Message - From: "pingywon" <[EMAIL PROTECTED]> To: "Ill will" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, August 21, 2005 8:35 PM Subject: Re: [Full-disclosure] Zotob Worm Remover | Looks good man - glad to see someone taking some initiative over MS ;) | | ~pingywon | - Original Message - | From: "Ill will" <[EMAIL PROTECTED]> | To: <[EMAIL PROTECTED]> | Sent: Sunday, August 21, 2005 1:32 AM | Subject: Re: [Full-disclosure] Zotob Worm Remover | | | Made a Zotob Worm Remover that removes the processes/files/registry entries | from variants A through G. includes MASM source code. | http://illmob.org/0day/Zotob_Killer.rar | | - illwill | http://illmob.org | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2rc2 (MingW32) - GPGOE 0.4.1 iQIVAwUBQwjMla+LRXunxpxfAQIWRxAAlGEYBeWtv7rZgCkjFfiLZ9jfKKBAjlk+ iXvDkgASJqT3jgEwlP3BG7mFCwt/MoOobthAWK/VKhhSlvBoD+iDUh/ofcIH+xn9 Sf7TsmP+M2sOLsqhN2VOPRCS6EAbOF6XEFAu2eqWoiW9cq25sTdhlhEHI9ySy28M N1iaoc0c9yNnrpB75UPBHPTQKetWuQ90Fe9I9kiKtCU7Nlc6GHxcC9TEElAQ5trR 25GzAu/ZAkm6Qj3vu0EKP+jornXvomXuVJP/iZQz/5awKwtIUD0aOq389LQqDT5N /G4xeMJ1l52O87BONpakJD3u8nt9tw0proZtfawuxjs9eS0khPhwCB/aDP4ttTS4 6gDTJWHNO9eqFZ9LS2EkET4nDzMoThDmjesFF+5Hl901YOtdZ/bOmffYwsOD1viv p7/1M6EUcpaST1P/JePQZCgKpnh3vu79Y0bfsV24sVSbc6pbL2H05VNVsCC6Sy6A VN3olsfRYGnDVwiTM/oEqQ1OAkBdzfP6wLjkNeaBl1r5I/rK10VtmOqytMX4bjgE HIN0OJmNCblQhe8X0CAmF+W3Zxl6EDKY7KeztaFOjAwjJamBzyzEW77JCxdXMheB 2ik6q6PZhvgUOOyzql76X1TwcI0s7uGIlcmJML5N971JOe6EYtedibsPt3nefZIQ cXLGypR5YKY= =kJIp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline
Dear Sir, Your web site states at the address below that our application, Claroline, suffer from several security holes. http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html As I have emailed to the author of this warning four days ago (see my message below), Claroline is NOT concerned by these security holes. The application affected by these problems is DOKEOS (http://www.dokeos.com), not Claroline. Dokeos is a fork of Claroline coded by another development team from nearly two years now. Could you rectify the security warnings you have published as soon as possible ? As the erroneous informations published on your site inflict serious damage on our reputation. Best regards, Hugues Peeters phone : 32 (0) 10 47 85 48 e-mail : [EMAIL PROTECTED] web: http://www.claroline.net > Thanks a lot to have warned us of these code vulnerabilities. However > the code you have investigated is the Dokeos application code, a > Claroline fork. > > Two of the for security holes you've identified concern the 'Scorm' > module, which is a proper Dokeos development. Beside, we've tested the > other two identified security holes in our 'Document' module, we've > concluded that Claroline isn't affected by these ones. > > Thanks anyway to have notified us of these security issues. We forward > you warning mail to the concerned development staff. Don't hesitate to > contact us again if you find similar security problems in the original > Claroline application. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re:[Full-disclosure] Re: ATutor 1.5.1 and prior multiple XSS Vulnerabilities
mr. deep (i mean matrix_k , or h4cky0u), its nice to find these elite vuln. of behalf of someone else(you) and then telling vendor properly. just wondering, how come all the vulns are found by matrix and same vendor status "Vendor was contacted but no response received till date." grow up. fula. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Zotob Worm Remover
Looks good man - glad to see someone taking some initiative over MS ;) ~pingywon - Original Message - From: "Ill will" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, August 21, 2005 1:32 AM Subject: Re: [Full-disclosure] Zotob Worm Remover Made a Zotob Worm Remover that removes the processes/files/registry entries from variants A through G. includes MASM source code. http://illmob.org/0day/Zotob_Killer.rar - illwill http://illmob.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: MS not telling enough - ethics
>: Well done, anyone else who knows of people committing fraud against isc2 >: should report them. Unfortunately I don't think its feasible for isc2 to >: check everybody. >Oh, how coincidental.. What do you suggest? that they check everyone who passes the exam? >Ethics Complaint Procedures [0] so whats your complaint? people passing the exam, gaining the cert without the relevant experience? or now the ethics complaint handling procedure? > You are so proud of our certification, you won't even list yourself in > the (ISC)2 directory so that we can verify you even hold the > certification! [2] yep, you must be on crack? https://www.isc2.org/cgi-bin/cert_verification.cgi?displaycategory=1300 CERTIFICATION VERIFICATION SEARCH RESULTS Ordered by Last Name Back to Certificate Verification page. Name: Ivan Coric Brisbane Certification(s): CISSP > Best for who?! Oh yes, for you since you hold it. And best for those > issuing it, since they profit directly from the certification and the > yearly 'renewal' fee. The fact is, (ISC)2 and the CISSP certification is a > marketing ploy and money maker. It is *not* in their best interest to > allow the credibility of their certification to be tarnished for any > reason, even when criminals are 'earning' it. yeah it's good for me, and yes because I hold it. Your a smart fellow, have a lolly. Hopefully someone from ISC2 can reply to the list and address your concerns. cheers Ivan On 8/19/05, security curmudgeon <[EMAIL PROTECTED]> wrote: > > : Well done, anyone else who knows of people committing fraud against isc2 > : should report them. Unfortunately I don't think its feasible for isc2 to > : check everybody. > > Oh, how coincidental.. > > : They do random credential checking and I should I know, since I was > : audited after I passed the exam. > > Ethics Complaint Procedures [0] > > The board and its agents undertake to keep the identity of the complainant > and respondent in any complaint confidential from the general public. > > [..] > > The board will consider only complaints that specify the canon of our code > that has been violated. > > [..] > > Complaints will be accepted only from those who claim to be injured by the > alleged behavior. While any member of the public may complain about a > breach of Canon I, only principals may complain about violations of Canons > II and III, and only other professionals may complain about violations of > Canon IV. > > [..] > > All complaints must be in writing. The board is not an investigative body > and does not have investigative resources. Only information submitted in > writing will be considered. > > [..] > > Complaints and supporting evidence must be in the form of sworn > affidavits. The board will not consider other allegations. > > [..] > > Where there is disagreement between the parties over the facts alleged, > the ethics committee, at its sole discretion, may invite additional > corroboration, exculpation, rebuttals and sur-rebuttals in an attempt to > resolve such dispute. The committee is not under any obligation to make a > finding where the facts remain in dispute between the parties. Where the > committee is not able to reach a conclusion on the facts, the benefit of > all doubt goes to the respondent. > > [..] > > Discipline of certificate holders is at the sole discretion of the board. > Decisions of the board are final. > > -- > > Ok, let me translate this for you: > > Keep it private, for your own good, we swear! This way the complaint is > kept out of public scrutiny. You have to clearly define what canon was > violated, even though they are general and vague. You must personally be > injured to complain, even though breaking any of the four canons may not > directly harm one individual! You must submit said complaint in writing, > and the board does not have time to investigate your complaint at all. > Such complaints must be in the form of sworn affidavits [1], signed by a > notary as witness to your signature etc. If there is any dispute of > facts, which is entirely up the to the (ISC)2 board, it is entirely > their discretion whether to act on or continue the process. The board > may arbitrarily decide not to pursue or consider additional evidence, > will make no effort to research the matter themselves, and drop the > matter without further consideration. Even if the board finds someone > guilty of breaking one of the canons, the board will decide what > punishment, if any, is appropriate, including 'none'. > > How many hoops does one have to jump through to file a complaint that will > actually be considered?! Should I slice my wrists and bleed all over the > signed and notarized document in case they need a blood sample or DNA? > Does the complaint need to be shouted out from town square right after > slaughtering a chicken while juggling hedgehogs? I mean really, how many > ways can they make this process counter-productiv