Re: [Full-disclosure] XSS at Aon.at, Austrian ISP
seems already fixed ... good job. -Nikolay Kichukov - Original Message - From: Florian Stinglmayr [EMAIL PROTECTED] To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk Sent: Tuesday, March 13, 2007 10:09 AM Subject: [Full-disclosure] XSS at Aon.at, Austrian ISP Here we go: http://jawe.aon.at/search/aon.sp?query=scriptalert(1);/script The issue has been reported to AON before. Regards, Florian Stinglmayr ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
Hello Richard, Seems to me I have also been so unprotected for this long ... I love the debian project and hope it is not going to an end... However I already use apache2 for all my machines. Regards, -Nikolay Kichukov - Original Message - From: Richard Thrippleton [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, February 27, 2007 3:37 AM Subject: Re: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only) On Mon Feb 26 21:15, Nikolay Kichukov wrote: Lool, how long has this bug been around? Almost a year, looking at that original patch that caused the problem. To be fair, nobody had commented on the security issues until I stumbled across them a month ago though. Sounds scary. Yeah, scared me when I first saw it and realised how vulnerable I'd been for so long. What's also scary is the complete lack of action on what is a fairly serious problem. I used to think that the Debian project had a sane attitude to security. Maybe all the good developers have gone to Ubuntu. Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese Professor Cracks Fifth Data Security Algorithm (SHA-1)
Hello: On 3/24/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Sat, 24 Mar 2007 11:48:10 CDT, wac said: Of course not, is enough to find a collision and you'll get for example a message signed by somebody else that looks completely authentic since signatures encrypt that hash with the private key. No, if you have a signature to some text, you need to find a collision to a specified value - the one the signature covers. That is what I mean. If original hash was 0x1234 (assuming 16 bits) and you want a signed text that looks signed by the private keys holder you have to construct a text with the same 0x1234 hash. There is where collisions would come into the game. For instance, if you have a 16 bit hash, finding two texts that both have a hash value of 0x1F6E doesn't do you much good if the signature is for 0x4ED2. And due to the birthday paradox, finding any pair of colliding hashes is a lot easier than finding a collision to a specific hash. We are assuming that it was cracked right? I believe that it means if you can find something let's call it Y that has the same output from the hash function as the original H(X) = H(Y) let's call the original signed content X. Of course does not seems to me that SHA-1 was cracked, it was IMHO at most weakened and some collision was found but to call it cracked is well... too strong. In my opinion is a claim made by the one who claims it to be famous or something twisting a little the truth. To me something half true is a lie. Also I was not referring of course to find a pair of colliding hashes since that would be pointless (yes well maybe has some use who knows). We all know that they collide and collisions exist. The pigeon hole principle right? BTW somebody has a paper where that SHA-1 crack is clearly explained? I would like to read it and not trust such claims just because somebody says so (I don't mean that is not true just want to think by myself, it could be possible that some rounds could be... well... simplified). Haven't found any paper about it. Just things like this http://theory.csail.mit.edu/~yiqun/shanote.pdf that just gives a collision example. But nothing about the weaknesses of the algorithm. And this is old news. BTW very interesting that birthday paradox. And being able to force a collision to a specific hash may not be very useful all by itself - for instance, if you're trying to collide the hash that the PGP signature covers in this message, you *might* be able to find a string of bits. But you won't be able to make it a *plausible* signature unless your string of bits is *also* a chunk of English text, that reads as if I wrote it. So not only do you need to be able to collide a specific hash, you need to do so with at least *some* control over the content of the text, which is even harder. Well you could add some garbage at the end of the message. In a text message would call attention that something is wrong (maybe because is signed and you would not be able to tell if the key holder signed a text with that garbage at the end or somewhere else), but not on binary content for example a driver or an executable image that simply skips the garbage that causes the collision when executed. Although a weakness will be of help to accomplish this, making the attack to take less time. However if the attack takes let's say 10 000 years instead of 1000 000 is well... almost the same thing. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Redirection vulnerability in oracle entreprise manager
Product: Oracle Entreprise manager Vulnerabilities: Phishing Level: Medium By: Handrix handrix_at_morx_org 25 March 2007 MorX security research team www.morx.org The oracle entreprise manager are vulnerable to phishing attack in help rubric, an attacker can redirect your login and password to an another malicious website. Any way feel free to verify the whole login page contenent before making your sensible information on. Other solution deactivate the help link Simple request : http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=falselinkHelp=falsefile=http://www.maliciousserver.dot:5500/em/console/ Version: Oracle entreprise manager 10g May be others ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Phishing vulnerability in oracle entreprise manager
Product: Oracle Entreprise manager Vulnerabilities: Phishing Level: Medium By: Handrix handrix_at_morx_org 25 March 2007 MorX security research team www.morx.org The oracle entreprise manager are vulnerable to phishing attack in help rubric, an attacker can redirect your login and password to an another malicious website. Any way feel free to verify the whole login page contenent before making your sensible information on. Other solution deactivate the help link Simple request : http://www.victimeserver.com:5500/em/console/help/fr/topic?inOHW=falselinkHelp=falsefile=http://www.maliciousserver.dot:5500/em/console/ Version: Oracle entreprise manager 10g May be others ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] hi5 Antiphishing Departement
Yep it works. I cloned that and modified it to mail me the user cookie see http://bottester.hi5.com You have to be logged to make it work ok. Sometimes doesn't works correctly, it takes you to the home page. Try several times. No idea why. Sometimes when you modify your profile in hi5 you have to do it two or three times until it works. Maybe they have some broken code when updating the database. Adding the subject seems to break it, anyway works well as a phishing attack since you can tell the user to fill that field. On 3/24/07, beNi [EMAIL PROTECTED] wrote: I felt the need to extend the list of Antiphishing Departements of some Social Networks, so the Myspace Antiphishing Departement ( http://www.myspace.com/antiphishing ) got another friend, the hi5 Antiphishing Departement ( http://antiphishing.hi5.com ). Full blog post is available here: http://mybeni.rootzilla.de/mybeNi/2007/hi5_antiphishing_departement/ -- benjamin beNi flesch mybeNi websecurity - http://mybeNi.rootzilla.de/mybeNi (coolest guy in da hood) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Phishtank.com Gone?
Phishtank.com resolves to 127.0.0.1, has someone taken it offline? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I'm not the only one who can't resolve phishtank.com, but some can..
; DiG 9.2.3 @dns1.menandmice.com phishtank.com A ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 60010 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 9071IN A 127.0.0.1 ;; AUTHORITY SECTION: phishtank.com. 167471 IN NS dns2.parkpage.foundationapi.com. phishtank.com. 167471 IN NS dns.parkpage.foundationapi.com. ;; Query time: 197 msec ;; SERVER: 217.151.171.7#53(dns1.menandmice.com) ;; WHEN: Sun Mar 25 18:29:25 2007 ;; MSG SIZE rcvd: 107 but others are working ; DiG 9.3.2 @ns.kloth.net phishtank.com A ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 51509 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com.60 IN A 66.135.40.79 ;; Query time: 64 msec ;; SERVER: 88.198.39.133#53(88.198.39.133) ;; WHEN: Sun Mar 25 20:30:29 2007 ;; MSG SIZE rcvd: 47 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishtank.com Gone?
Phishtank.com resolves to 127.0.0.1, has someone taken it offline? No, I'm still getting to the site. I don't suppose mcafee.com, symantec.com and a lot of other security domains also resolve to 127.0.0.1 for you, do they? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishtank.com Gone?
Pinging www.phishtank.com [66.135.40.79] with 32 bytes of data: Reply from 66.135.40.79: bytes=32 time=69ms TTL=52 Reply from 66.135.40.79: bytes=32 time=70ms TTL=52 Reply from 66.135.40.79: bytes=32 time=70ms TTL=52 Reply from 66.135.40.79: bytes=32 time=69ms TTL=52 On 3/25/07, Michael Ward [EMAIL PROTECTED] wrote: Phishtank.com resolves to 127.0.0.1, has someone taken it offline? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- .:.:i.wake.up.and.think.dreams.are.real:.:. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I'm not the only one who can't resolve phishtank.com, but some can..
On 25-Mar-07, at 12:31 PM, Michael Ward wrote: ; DiG 9.2.3 @dns1.menandmice.com phishtank.com A ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 60010 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com.9071IN A 127.0.0.1 ;; AUTHORITY SECTION: phishtank.com.167471 IN NS dns2.parkpage.foundationapi.com. phishtank.com.167471 IN NS dns.parkpage.foundationapi.com. ;; Query time: 197 msec ;; SERVER: 217.151.171.7#53(dns1.menandmice.com) ;; WHEN: Sun Mar 25 18:29:25 2007 ;; MSG SIZE rcvd: 107 but others are working ; DiG 9.3.2 @ns.kloth.net phishtank.com A ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 51509 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 60 IN A 66.135.40.79 ;; Query time: 64 msec ;; SERVER: 88.198.39.133#53(88.198.39.133) ;; WHEN: Sun Mar 25 20:30:29 2007 ;; MSG SIZE rcvd: 47 Shaw Cablesystems in Calgary ;; ANSWER SECTION: phishtank.com. 14400 IN A 127.0.0.1 Interland server in Georgia ;; ANSWER SECTION: phishtank.com. 60 IN A 66.135.40.79 ;; AUTHORITY SECTION: phishtank.com. 3434IN NS auth1.opendns.com. phishtank.com. 3434IN NS auth2.opendns.com. phishtank.com. 3434IN NS auth3.opendns.com. ;; ADDITIONAL SECTION: auth1.opendns.com. 172634 IN A 38.99.14.20 auth2.opendns.com. 172634 IN A 208.67.219.54 auth3.opendns.com. 172634 IN A 208.69.39.2 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FLEA-2007-0003-1: cups
Foresight Linux Essential Advisory: 2007-0003-1 Published: 2007-03-25 Rating: Minor Updated Versions: cups=/[EMAIL PROTECTED]:devel//[EMAIL PROTECTED]:1-devel//1/1.2.10-0.1-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.1-0.10-2 References: https://issues.foresightlinux.org/browse/FL-205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0720 Description: Previous versions of the cups package could be forced to hang via a client partially negotiating an ssl connection. In this state, cups would not allow other connections to be made, a denial of service. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishtank.com Gone?
On 25-Mar-07, at 12:35 PM, Larry Seltzer wrote: Phishtank.com resolves to 127.0.0.1, has someone taken it offline? No, I'm still getting to the site. I don't suppose mcafee.com, symantec.com and a lot of other security domains also resolve to 127.0.0.1 for you, do they? Larry Seltzer It's just phishtank.com for me, the others resolve fine. My checks were run from linux boxes ;) localhost address checking from Shaw in Calgary, normal result checking from an Interland server in the US. Tremaine Lea Network Security Consultant ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishtank.com Gone?
Humm, Same for me. [EMAIL PROTECTED]:~ dig phishtank.com | grep A ;; -HEADER- opcode: QUERY, status: NOERROR, id: 32352 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 6352IN A 127.0.0.1 ;; AUTHORITY SECTION: On 3/26/07, Tremaine Lea [EMAIL PROTECTED] wrote: On 25-Mar-07, at 12:35 PM, Larry Seltzer wrote: Phishtank.com resolves to 127.0.0.1, has someone taken it offline? No, I'm still getting to the site. I don't suppose mcafee.com, symantec.com and a lot of other security domains also resolve to 127.0.0.1 for you, do they? Larry Seltzer It's just phishtank.com for me, the others resolve fine. My checks were run from linux boxes ;) localhost address checking from Shaw in Calgary, normal result checking from an Interland server in the US. Tremaine Lea Network Security Consultant ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I'm not the only one who can't resolve phishtank.com, but some can..
Looks fine for me: ; DiG 9.3.4 phishtank.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26391 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 42 IN A 66.135.40.79 ;; Query time: 4 msec ;; SERVER: 10.0.1.1#53(10.0.1.1) ;; WHEN: Sun Mar 25 15:49:29 2007 ;; MSG SIZE rcvd: 47 - Do some of you happen to have a poisoned MS or Symantec DNS cache upstream of you? (See [1] fmi.) tim 1. http://www.incidents.org/presentations/dnspoisoning.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I'm not the only one who can't resolve phishtank.com, but some can..
; DiG 9.2.3 @dns1.menandmice.com phishtank.com A ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 60010 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 9071IN A 127.0.0.1 ;; AUTHORITY SECTION: phishtank.com. 167471 IN NS dns2.parkpage.foundationapi.com. phishtank.com. 167471 IN NS dns.parkpage.foundationapi.com. ;; Query time: 197 msec ;; SERVER: 217.151.171.7#53(dns1.menandmice.com) ;; WHEN: Sun Mar 25 18:29:25 2007 ;; MSG SIZE rcvd: 107 but others are working ; DiG 9.3.2 @ns.kloth.net phishtank.com A ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 51509 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com.60 IN A 66.135.40.79 ;; Query time: 64 msec ;; SERVER: 88.198.39.133#53(88.198.39.133) ;; WHEN: Sun Mar 25 20:30:29 2007 ;; MSG SIZE rcvd: 47 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I'm not the only one who can't resolve phishtank.com, but some can..
I get a valid answer as well: Tracing to phishtank.com[a] via 127.0.0.1, maximum of 3 retries 127.0.0.1 (127.0.0.1) |\___ auth3.opendns.com [phishtank.com] (208.69.39.2) Got authoritative answer |\___ auth2.opendns.com [phishtank.com] (208.67.219.54) Got authoritative answer \___ auth1.opendns.com [phishtank.com] (38.99.14.20) Got authoritative answer auth1.opendns.com (38.99.14.20) phishtank.com - 66.135.40.79 auth2.opendns.com (208.67.219.54) phishtank.com - 66.135.40.79 auth3.opendns.com (208.69.39.2) phishtank.com - 66.135.40.79 What'd I'd do is throw it in your hosts file temporarily until DNS behaves On Sunday 25 March 2007 15:53, Tim wrote: Looks fine for me: ; DiG 9.3.4 phishtank.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26391 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com.42 IN A 66.135.40.79 ;; Query time: 4 msec ;; SERVER: 10.0.1.1#53(10.0.1.1) ;; WHEN: Sun Mar 25 15:49:29 2007 ;; MSG SIZE rcvd: 47 - Do some of you happen to have a poisoned MS or Symantec DNS cache upstream of you? (See [1] fmi.) tim 1. http://www.incidents.org/presentations/dnspoisoning.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I'm not the only one who can't resolve phishtank.com, but some can..
I'm on a Mac, so I'm pretty sure I don't have any DNS poisoning or evil malware. My hosts is intact: caprica:~ mward$ cat /etc/hosts ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost On Mar 25, 2007, at 3:53 PM, Tim wrote: Looks fine for me: ; DiG 9.3.4 phishtank.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 26391 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com.42 IN A 66.135.40.79 ;; Query time: 4 msec ;; SERVER: 10.0.1.1#53(10.0.1.1) ;; WHEN: Sun Mar 25 15:49:29 2007 ;; MSG SIZE rcvd: 47 - Do some of you happen to have a poisoned MS or Symantec DNS cache upstream of you? (See [1] fmi.) tim 1. http://www.incidents.org/presentations/dnspoisoning.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I'm not the only one who can't resolve phishtank.com, but some can..
I'm on a Mac, so I'm pretty sure I don't have any DNS poisoning or evil malware. My hosts is intact: Um, you might want to read the article. If your upstream DNS cache is poisoned, it doesn't matter what OS you're running. Now, if you're running your own secure cache that goes directly to the roots, then you're right, you'd be immune to this specific attack. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishtank.com Gone?
I get a valid answer: ; DiG 9.3.2 phishtank.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 45905 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 60 IN A 66.135.40.79 ;; AUTHORITY SECTION: phishtank.com. 3536IN NS auth2.opendns.com. phishtank.com. 3536IN NS auth3.opendns.com. phishtank.com. 3536IN NS auth1.opendns.com. ;; Query time: 42 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 25 15:42:02 2007 ;; MSG SIZE rcvd: 115 What'd I'd do is throw it in your hosts file temporarily until DNS behaves On Sunday 25 March 2007 15:31, Anshuman G wrote: Humm, Same for me. [EMAIL PROTECTED]:~ dig phishtank.com | grep A ;; -HEADER- opcode: QUERY, status: NOERROR, id: 32352 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 6352IN A 127.0.0.1 ;; AUTHORITY SECTION: On 3/26/07, Tremaine Lea [EMAIL PROTECTED] wrote: On 25-Mar-07, at 12:35 PM, Larry Seltzer wrote: Phishtank.com resolves to 127.0.0.1, has someone taken it offline? No, I'm still getting to the site. I don't suppose mcafee.com, symantec.com and a lot of other security domains also resolve to 127.0.0.1 for you, do they? Larry Seltzer It's just phishtank.com for me, the others resolve fine. My checks were run from linux boxes ;) localhost address checking from Shaw in Calgary, normal result checking from an Interland server in the US. Tremaine Lea Network Security Consultant ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishtank.com Gone?
It's back now. From the owner: For a few hours earlier today, the PhishTank.com domain name was in renewal required status. All is corrected now. I hope very few people noticed, but I'm glad that two of those who did emailed us via [EMAIL PROTECTED] We've renewed the domain name for another two years, and we will investigate fully tomorrow how this happened. The frustrating part is that we _did_ put in a renewal order for the domain in late February, in plenty of time... but it wasn't processed for some reason. Our fault for not confirming everything. Happy Sunday (at least on the West Coast of the USA). John - Original Message - From: Michael Ward [EMAIL PROTECTED] Phishtank.com resolves to 127.0.0.1, has someone taken it offline? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishtank.com Gone?
I get a valid answer: phishtank.com. 3 IN A 66.135.40.79 What'd I'd do is throw it in your hosts file temporarily until DNS behaves On Sunday 25 March 2007 15:31, Anshuman G wrote: Humm, Same for me. [EMAIL PROTECTED]:~ dig phishtank.com | grep A ;; -HEADER- opcode: QUERY, status: NOERROR, id: 32352 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;phishtank.com. IN A ;; ANSWER SECTION: phishtank.com. 6352IN A 127.0.0.1 ;; AUTHORITY SECTION: On 3/26/07, Tremaine Lea [EMAIL PROTECTED] wrote: On 25-Mar-07, at 12:35 PM, Larry Seltzer wrote: Phishtank.com resolves to 127.0.0.1, has someone taken it offline? No, I'm still getting to the site. I don't suppose mcafee.com, symantec.com and a lot of other security domains also resolve to 127.0.0.1 for you, do they? Larry Seltzer It's just phishtank.com for me, the others resolve fine. My checks were run from linux boxes ;) localhost address checking from Shaw in Calgary, normal result checking from an Interland server in the US. Tremaine Lea Network Security Consultant ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
Yes every bug is scary! Every program has it's bug that will kill it! On 3/25/07, Nikolay Kichukov [EMAIL PROTECTED] wrote: Hello Richard, Seems to me I have also been so unprotected for this long ... I love the debian project and hope it is not going to an end... However I already use apache2 for all my machines. Regards, -Nikolay Kichukov - Original Message - From: Richard Thrippleton [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, February 27, 2007 3:37 AM Subject: Re: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only) On Mon Feb 26 21:15, Nikolay Kichukov wrote: Lool, how long has this bug been around? Almost a year, looking at that original patch that caused the problem. To be fair, nobody had commented on the security issues until I stumbled across them a month ago though. Sounds scary. Yeah, scared me when I first saw it and realised how vulnerable I'd been for so long. What's also scary is the complete lack of action on what is a fairly serious problem. I used to think that the Debian project had a sane attitude to security. Maybe all the good developers have gone to Ubuntu. Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
