[Full-disclosure] Hashes
MD5:1db6eff5a4961bba5779349a4932606d SHA1: 80dbb7a782da0d2c09dc4d67750575c08b61e9ac SHA256: da62ba72af7b3a4d886ab61cea6d2177139be67ff564826ab3fd6e09b56ebe06 -- I)ruid, C²ISSP [EMAIL PROTECTED] http://druid.caughq.org signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CyTRAP Labs - Urs+Nahum's Security Checklist
Dear Colleagues, I thought this might be of interestregulators have done their best to improve legislation to help organizations to better protect their information systems. Unfortunately and as a result of this, organizations have been buried in an avalanche of conflicting requirements that are difficult to keep track off. They are expected to demonstrate an acceptable standard of due care in managing their computing infrastructures and the information that networks and systems create, transmit, and store. Moreover, they have to show that all this helps reduce the risk against having their systems misused for criminal activities. Hence, we thought we write Urs+Nahum's Security Checklist. It provides well structured information that enables high-level reporting, thus empowering executive and technical leaders with a greater ability to make informed decisions. It prioritizes numerous requirements that managers need, guiding them through the process that improves corporate risk management and information security while helping improve confidentiality of data and citizens' privacy. You can get a short summary here: - short summary about Urs+Nahum's Security Checklist - press release -- http://info.cytrap.eu/?page_id=64 - an advanced copy of Urs+Nahum's Security Checklist pdf 350 KB for download - http://regustand.cytrap.eu/?p=1 (PS. it is complementary and free for everybody, of course) Urs+Nahum's Security Checklist will be released May 30, 2007. We hope that it will be useful to you all in your daily work. Please let us know what you think about this work, if you can spare the time, of course. Enjoy your long weekend. Cordially Urs E. Gattiker CyTRAP Labs Roentgenstrasse 49 8005 Zurich Switzerland +41 (0)44 272 - 1876 +41 (0)76 200 - 7778 (mobile) email: Urs+Nahum-Checklist at CyTRAP.eu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] alexa.com XSS
http://thumbnails.alexa.com/update_thumbnail?url=%3Cscript%3Ealert(%22alexa%20sucks%22)%3C/script%3E is there more to say? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] BO in http://rad.msn.com/ADSAdClient31.dll
___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hashes
To what? Your dog? The universe? an MP3 you downloaded? a program? :P On Tuesday 29 May 2007 03:17, I)ruid wrote: MD5:1db6eff5a4961bba5779349a4932606d SHA1: 80dbb7a782da0d2c09dc4d67750575c08b61e9ac SHA256: da62ba72af7b3a4d886ab61cea6d2177139be67ff564826ab3fd6e09b56ebe06 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hashes
On 5/29/07, Kradorex Xeron [EMAIL PROTECTED] wrote: To what? Your dog? The universe? an MP3 you downloaded? a program? :P I would guess to a PoC or chunk of vulnerable code, posted for integrity's sake -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] alexa.com XSS
http://thumbnails.alexa.com/update_thumbnail?url=%3Cscript%3Ealert(%22alexa%20sucks%22)%3C/script%3E is there more to say? Thank you, The thumbnail image for scriptalert(alexa sucks)/script will be updated within 48 hours ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hashes
Try dumping it on the free hashing forum at http://www.hashbreaker.com They can crack it. On 5/29/07, I)ruid [EMAIL PROTECTED] wrote: MD5:1db6eff5a4961bba5779349a4932606d SHA1: 80dbb7a782da0d2c09dc4d67750575c08b61e9ac SHA256: da62ba72af7b3a4d886ab61cea6d2177139be67ff564826ab3fd6e09b56ebe06 -- I)ruid, C²ISSP [EMAIL PROTECTED] http://druid.caughq.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hashes
On 5/29/07, Kradorex Xeron [EMAIL PROTECTED] wrote: To what? Your dog? The universe? an MP3 you downloaded? a program? Could be porn, as I did: http://www.security-express.com/archives/fulldisclosure/2007-05/0468.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] alexa.com XSS
Seems fixed or doesn't work in FireFox 1.5.0.11 --- MC Iglo wrote: http://thumbnails.alexa.com/update_thumbnail?url=%3Cscript%3Ealert(%22alexa%20sucks%22)%3C/script%3E is there more to say? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CyTRAP Labs - Urs+Nahum's Security Checklist
I tried the link you listed, but it didn't work (no surprise there since it's not released), but it looks like the document's available at: http://www.cytrap.eu/files/ReguStand/2007/pdf/Urs%2BNahumChecklist-2007-05-29.pdf so i guess it is released. who wants to wait til tomorrow? On 5/28/07, CyTRAP Labs - advisory [EMAIL PROTECTED] wrote: Dear Colleagues, I thought this might be of interestregulators have done their best to improve legislation to help organizations to better protect their information systems. Unfortunately and as a result of this, organizations have been buried in an avalanche of conflicting requirements that are difficult to keep track off. They are expected to demonstrate an acceptable standard of due care in managing their computing infrastructures and the information that networks and systems create, transmit, and store. Moreover, they have to show that all this helps reduce the risk against having their systems misused for criminal activities. Hence, we thought we write Urs+Nahum's Security Checklist. It provides well structured information that enables high-level reporting, thus empowering executive and technical leaders with a greater ability to make informed decisions. It prioritizes numerous requirements that managers need, guiding them through the process that improves corporate risk management and information security while helping improve confidentiality of data and citizens' privacy. You can get a short summary here: - short summary about Urs+Nahum's Security Checklist - press release -- http://info.cytrap.eu/?page_id=64 - an advanced copy of Urs+Nahum's Security Checklist pdf 350 KB for download - http://regustand.cytrap.eu/?p=1 (PS. it is complementary and free for everybody, of course) Urs+Nahum's Security Checklist will be released May 30, 2007. We hope that it will be useful to you all in your daily work. Please let us know what you think about this work, if you can spare the time, of course. Enjoy your long weekend. Cordially Urs E. Gattiker CyTRAP Labs Roentgenstrasse 49 8005 Zurich Switzerland +41 (0)44 272 - 1876 +41 (0)76 200 - 7778 (mobile) email: Urs+Nahum-Checklist at CyTRAP.eu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] alexa.com XSS
Fixed. Worked for a while. FF 1.5.0.11, Vista RC2 (yes, I know) On Tue, 29 May 2007 16:44:47 -0400 kefka [EMAIL PROTECTED] wrote: k Seems fixed or doesn't work in FireFox 1.5.0.11 k --- k MC Iglo wrote: k http://thumbnails.alexa.com/update_thumbnail?url=%3Cscript%3Ealert(%22alexa%20sucks%22)%3C/script%3E k k is there more to say? k k ___ k Full-Disclosure - We believe in it. k Charter: http://lists.grok.org.uk/full-disclosure-charter.html k Hosted and sponsored by Secunia - http://secunia.com/ k k k k ___ k Full-Disclosure - We believe in it. k Charter: http://lists.grok.org.uk/full-disclosure-charter.html k Hosted and sponsored by Secunia - http://secunia.com/ - Carlos Cardoso http://www.carloscardoso.com == blog semi-pessoal http://www.contraditorium.com == ProBlogging e cultura digital You lost today, kid. But that doesn't mean you have to like it ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hashes
when i put it in this site it said it hashed to a text file containing the following: - you're a dumb cunt. also this hash shit is getting really old. thx gaz - On 5/30/07, Spudster [EMAIL PROTECTED] wrote: Try dumping it on the free hashing forum at http://www.hashbreaker.com They can crack it. On 5/29/07, I)ruid [EMAIL PROTECTED] wrote: MD5:1db6eff5a4961bba5779349a4932606d SHA1: 80dbb7a782da0d2c09dc4d67750575c08b61e9ac SHA256: da62ba72af7b3a4d886ab61cea6d2177139be67ff564826ab3fd6e09b56ebe06 -- I)ruid, C²ISSP [EMAIL PROTECTED] http://druid.caughq.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The Next Super JavaScript Malware - the web has crashed
http://www.gnucitizen.org/blog/the-next-super-worm In this article I explain a technique that can be used by malicious minds to build the next generation of JavaScript based malware. The post is for education purposes and I welcome everyone who has ideas how to stop these types of attacks to do so by sending an email or posting a comment. We do really need to start thinking about how to fight back and start developing strategies that can apply. cheers -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] alexa.com XSS
kefka wrote: Seems fixed or doesn't work in FireFox 1.5.0.11 --- MC Iglo wrote: http://thumbnails.alexa.com/update_thumbnail?url=%3Cscript%3Ealert(%22alexa%20sucks%22)%3C/script%3E It worked perfectly until.. they fixed it : ) Note: It seems that alexa people grep logs or is subscribed to fd since it worked only for 1-2 hours. Bye, Michele Sandrelli ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] alexa.com XSS
this means, they fixed it pretty fast. ok, it isn't that difficult ^^ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/