Re: [Full-disclosure] iPhone Security Settings

[Stephen Hildrey]

Fabio Pietrosanti (naif) wrote:
> root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
> mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh

Nice find. Even my AMD 4200+ can cope with that...

$ john pw
Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS])
alpine   (mobile)
dottie   (root)

Steve

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] iPhone Security Settings

[Erik Tews]

Am Montag, den 02.07.2007, 00:07 +0200 schrieb Fabio Pietrosanti (naif):
> There are a couple of user with their password:
> 
> root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
> mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh
> 
> Does someone have some time to arrange a quick john session (should be
> quick)?

Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS])
alpine   (mobile)
dottie   (root)
guesses: 2  time: 0:00:00:16 (3)  c/s: 551883  trying: royour - b1o2w8


Yes, it was quick


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] iPhone Security Settings

[Fabio Pietrosanti (naif)]

The file is a zip file.

It's interesting to note the encrypted DMG image "694-5262-39.dmg" of
82MB . It ask for a password.


Instead the 15MB file "694-5259-38.dmg" it's not a DMG image and it's
not encrypted (strings 694-5259-38.dmg | less) .

Some selected information to have an idea of what's inside:

DWD_USIF_BOOTLOADER_FILENAME/Secure_USIF_Bootloader.3.9.fls
MN_SMS_CB_MESSAGE_ID_LIMIT_IND
sio#wake-ind
SI_PHONE_NUMBER_READ_IND
../../ms-gprs-l1-src/text/l1d_rshd.c
../../ms-ds-src/at/atc/common/text/atc_sdl_mn.c
SIMULATED RESET due to AT+CFUN=16. This is NOT a crash!
../../ms-bt-src/src/bt-ctrl/io_bt.c
../../ms-gprs-l2-src/ma/mac/text/decoders/mac_decoders.c
../../ms-gprs-l2-src/rl/rlc/text/rlc_op2.c
../../ms-l3-src/rr/grr/text/grr_op2.c
   1 ==> output of EQUALIZER RAW DATA acc. to  using a
Argument Types: [int: 1/2/3/4/5],[int:0/1/2/3],[int => abs. Hz
value],[int: 1 - 100]
GSM Ciphering:%s, GSM Ciphering Algorithm: A5/%d, GPRS Ciphering:%s,
GPRS Ciphering Algorithm: GEA/%d
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/IfxSource/DLL_source/OS_dependent_code/timer_if/../../../../IFWD_timer.c
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp
/System/Library/PrivateFrameworks/Bom.framework/Bom
/SourceCache/Bom/Bom-122.0.0.3/Common/BOMSystemCmds.c
/dev/tty.baseband
/private/tmp/.SafeBoot
/bin/cat /System/Library/CoreServices/BootX | /usr/bin/openssl dgst
-sha1 -hex -out /System/Library/Caches/com.apple.bootxsignature
Boot-loader is active
Skip secure loader
Injecting EBL-Loader (PSI).
DWD_RAM_BOOTLOADER_FILENAME/Default_RAM_Bootloader.7.0.fls
GsmRadioModule::fEnableMobileAnalyzer
Signature cannot be authenticated
single user shell terminated.
Singleuser boot -- fsck not done
sq->capacity >= (4096 + 7) / 8) + (sizeof(giantDigit)) - 1) /
(sizeof(giantDigit))) + 1)
/System/Library/Lockdown/SBOOT_S5L8900.pem
/System/Library/Lockdown/SBOOT_S5L8900_DEV.pem

There are a couple of user with their password:

root:XUU7aqfpey51o:0:0::0:0:System Administrator:/var/root:/bin/sh
mobile:/smx7MYTQIi2M:501:0::0:0:Mobile User:/var/mobile:/bin/sh

Does someone have some time to arrange a quick john session (should be
quick)?

In Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img2
there is the string:
Apple Secure Boot Certification Authority1


* The password of the encrypted DMG?
* The user root and mobile with preconfigured passwords?
* The "GsmRadioModule::fEnableMobileAnalyzer" ?
* The
/SourceCache/BaseBandFWUpdater/BaseBandFWUpdater-39/AtInterface.cpp that
maybe use at command to update the firmware of the GSM transceiver?
* What's bom? /System/Library/PrivateFrameworks/Bom.framework/Bom
* The security of the boot system plenty of digital signatures to
prevent firmware hacking?


-naif

Kevin Finisterre (lists) wrote:
> While you are at it...
>
> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ 
> 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw
>
> -KF
>
> On Jun 29, 2007, at 8:10 PM, John Smith wrote:
>
>   
>> http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html
>>
>> John
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>> 
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>   

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200707-01 ] Firebird: Buffer overflow

[Raphael Marichez]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200707-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Firebird: Buffer overflow
  Date: July 01, 2007
  Bugs: #181811
ID: 200707-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A vulnerability has been discovered in Firebird, allowing for the
execution of arbitrary code.

Background
==

Firebird is an open source relational database that runs on Linux,
Windows, and various UNIX systems.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  dev-db/firebird   < 2.0.1>= 2.0.1

Description
===

Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow
when processing "connect" requests with an overly large "p_cnct_count"
value.

Impact
==

An unauthenticated remote attacker could send a specially crafted
request to a vulnerable server, possibly resulting in the execution of
arbitrary code with the privileges of the user running Firebird.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Firebird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.1"

References
==

  [ 1 ] CVE-2007-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3181

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200707-01.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgpZ6HECVvq08.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow

[Steve Kemp]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1328[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 01, 2007
- 

Package: unicon-imc2
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2835


Steve Kemp from the Debian Security Audit project discovered that
unicon-imc2, a Chinese input method library, makes unsafe use of
an environmental variable, which may be exploited to execute arbitary
code.

For the stable distribution (etch) this problem has been fixed in
version 3.0.4-11etch1.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your unicon-imc2 package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian GNU/Linux 4.0 alias etch
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.diff.gz
Size/MD5 checksum:14966 c3a081d69f9f81055de331690bf85e70
  http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4.orig.tar.gz
Size/MD5 checksum:  5704272 dfb8650debe038f85270b4ad60ad313b
  http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.dsc
Size/MD5 checksum:  603 711b8ba2894e03f257f7d6a74f526563

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_alpha.deb
Size/MD5 checksum:  4376642 8cfd1066d51dc11862115179be4ce4e4

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_amd64.deb
Size/MD5 checksum:  4362080 bad015c61850c9a4fe5d85edc77073fd

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_arm.deb
Size/MD5 checksum:  4152566 0d8b6a4a3bab316d49eea2211affea61

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_hppa.deb
Size/MD5 checksum:  4546634 dbdc37a0fb794ac2d806a1c960ff7c43

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_i386.deb
Size/MD5 checksum:  4153202 24ddede20e4b9ad3b15694275ad9d597

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_ia64.deb
Size/MD5 checksum:  4387184 c9494e9f38687b4cafb6b291942ddf6a

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_mipsel.deb
Size/MD5 checksum:  4159956 05c58cfe2805a3cd5a20171943e241c4

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_powerpc.deb
Size/MD5 checksum:  4516520 cb01b1bbc9bf724b7c6e97231945a964

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_s390.deb
Size/MD5 checksum:  4544838 7c2e4aa746330e0d94417a7254f03714

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_sparc.deb
Size/MD5 checksum:  4501702 246893314e59799c4cabc3353fa8998f


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show ' and http://packages.debian.org/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGh/x0wM/Gs81MDZ0RAhBEAKCTnKdYgVekvJvX8B9cz2r++tdoowCgsjNn
x0APOWgiDchUvmcOce+s4Hc=
=6JOd
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1327-1] New gsambad packages fix unsafe temporary files

[Steve Kemp]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1327[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 01, 2007
- 

Package: gsambad
Vulnerability  : insecurity temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2838


Steve Kemp from the Debian Security Audit project discovered that gsambad,
a GTK+ configuration tool for samba, uses temporary files in an unsafe
manner which may be exploited to truncate arbitary files from the local
system.

For the stable distribution (etch) this problem has been fixed in
version 0.1.4-2etch1.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your gsambad package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian GNU/Linux 4.0 alias etch
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.diff.gz
Size/MD5 checksum:24766 8ac63c3ecf53c7243f6f8675d3e2bb48
  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.dsc
Size/MD5 checksum:  609 35dc69c7f48b6b327b782d310037eac6
  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4.orig.tar.gz
Size/MD5 checksum:   385776 ced255218e024b43de6d42c9fc1653d2

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_alpha.deb
Size/MD5 checksum:   109878 5aadc8c608d516df18c4bffb0cee70a9

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_amd64.deb
Size/MD5 checksum:92416 9f332e4530c72917193402535c9f83e4

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_arm.deb
Size/MD5 checksum:88570 7f540eb27987fe1d8130279f1a3f41e1

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_i386.deb
Size/MD5 checksum:93918 4f47a220caba72b7daadf205545dd214

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_ia64.deb
Size/MD5 checksum:   120170 68f5483b3c10a787b7d8c6f3a7a39a34

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_mipsel.deb
Size/MD5 checksum:87426 7f4408ddd5cb502067dcea364344cfe8

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_powerpc.deb
Size/MD5 checksum:92822 4995be1a528256e86bb254dee1b0cc0f

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_s390.deb
Size/MD5 checksum:85148 8ad37130b346472026e0171d09036729

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_sparc.deb
Size/MD5 checksum:87174 b4a354e57e38c7dcaad14bff8a183975


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show ' and http://packages.debian.org/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGh/dAwM/Gs81MDZ0RAmahAKDiHd4jeEEP7/2szSHWbjEe0XWKzQCfZq9F
J2BGQIUY5fRnFXthRMTUQv8=
=i6Ld
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files

[Steve Kemp]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1326[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 01, 2007
- 

Package: fireflier-server
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2837

Steve Kemp from the Debian Security Audit project discovered that
fireflier-server, an interactive firewall rule creation tool, uses
temporary files in an unsafe manner which may be exploited to remove
arbitary files from the local system.

For the old stable distribution (sarge) this problem has been fixed in
version 1.1.5-1sarge1.

For the stable distribution (etch) this problem has been fixed in
version 1.1.6-3etch1.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your fireflier-server package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian GN/Linux 3.1 alias sarge
- ---

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.dsc
Size/MD5 checksum:  754 fd653a7d7e2c4475d1a2c2640b3e142a
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.tar.gz
Size/MD5 checksum:   499949 4ae52e40866c6ca977ddcbf8a8b5fd65

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:75194 8c878fe74627e6a6246333d5b14c228f
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:   177850 027ca26aabb6aafae2acdc748d3f4050
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:74840 d5a498e131e51d76f4044218f9298e24
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:51402 84350d096372ab3f0aa41608adf3772f

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:66538 34a5b65429e8ebdf4646d93ae8fc37c7
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:66370 6f3614d84a690531039e5b7b0adc2b6b
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:47130 68d9276db6afc61f3eec2091c6e57634
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:   147046 d0aafacb99d698957a91df99ff6eddd5

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:61610 ad9b1e6b0d0532a3494f22e6811798a9
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:64002 50b762fe9a28aa55bda45d134de95a5e
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:46878 dc55fb97f5d9a4bf8fc192d7f1f22620
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:   163486 70254f114e19769e74a02f977e70856c

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:66070 f65bbd16b3b9349271dd643b67fe5fe6
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:45686 d43fa251a29fde160e5be343ac18a5e8
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:   145080 803aa15f76f167ec61751ab4d4726011
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:63804 8935c1620e21f806b72ac23567cfde7b

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_ia64.

Re: [Full-disclosure] DOS on phrack?

[Jeff MacDonald]

On Sunday 01 July 2007 12:17 am, scott wrote:
> Possibly because I am a paranoid phreak who thinks security is a way to
> get around this problem?
>

well, posting that a website is under an attack without any evidence is a 
little skimp on details, particularly for this list, don't you think?

I was obviously too quick to respond. I shall attempt to be a little more 
considerate in the future.

regards,
-- 
Jeff MacDonald, 
Zoid Technologies 
"Web Applications That Suck Less"

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] iPhone Security Settings

[Kevin Finisterre (lists)]

While you are at it...

http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ 
061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw

-KF

On Jun 29, 2007, at 8:10 PM, John Smith wrote:

> http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html
>
> John
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] blackhat talk pulled inexplicably (at the risk of violating MONBACOPL)

[bambam]

All interesting thoughts too. I hope we get to know at some point in
the fullness of time, I bet it will be an engaging story whatever
happened.

I love a bit of gossip. (Damn monbacopl).

On 6/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Fri, 29 Jun 2007 16:50:16 BST, bambam said:
> > So by now you've almost certainly read:
> >
> > http://www.networkworld.com/news/2007/062707-black-hat.html
> >
> > MY HYPOTHESIS on what has happened is that:
>
> I've got another hypothesis.  If you read 
> http://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
> you see this text:
>
> June 29: Accepted Speaker materials due. This will include the white paper 
> and slide deck.
>
> "Speakers told BlackHat they'd be unable to avoid blowing the deadline" seems
> more plausible than some vast conspiracy requiring the replacement of millions
> of processors.
>
>


-- 
"She [Paris Hilton] provides hope for young people all over the U.S.
and the world."
http://www.ipetitions.com/petition/PH21781/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Landing Securls.com

[pdp (architect)]

http://www.gnucitizen.org/blog/landing-securlscom

In the last couple of months the GNUCITIZEN group has been secretively
working on projects of various nature. We've jump started
blogsecurity.net, the only organization that deals with web blog
security exclusively, and we also introduced great improvements into
the GNUCITIZEN Gadgets Interface, which rocks as you can see from its
project page here (http://www.gnucitizen.org/projects/gadgets). Let's
not forget about AttackAPIv3
(http://www.gnucitizen.org/projects/attackapi), which will be
available for download as soon as we fix the documentation, and Hakiri
(http://www.hakiri.com), which will make its way through as the first
hacker lifestyle portal very soon. Today we are announcing a new
project called SECURLS (http://www.securls.com) and we hope that you
will find it as interesting and useful as we do.

SECURLS is a place where you can get the latest headlines from the
security industry social networks. The website will allow you to
glance through the most important bits and pieces without the hustle
to manage and organize the vast streams of information yourself. At
the moment the website is relatively small, however further
improvements are planned to be launched very soon, so please stay
tuned. So far, you can get the latest entries from a list of websites
we believe cover large enough user base. Of course we are open for any
suggestions that you may have in mind. In the upcoming months, we are
going to integrate context sensitive system which will allow you to
filter the information that is most relevant to you. Among the planned
improvements we have things such as the Google Hacking Database and
XSSED.com integration, video casts, tutorials, presentations, etc. We
are also going to improve the current feeds and launch SECURL version
for mobiles.

It is important to understand that SECURLS is not the traditional link
directory most sites provide anyway. Behind the scenes we work with
the latest Mashup technology to integrate information sources, perform
contextual searches, filter relevant information and in general
provide the best quality of service available today. We are proud of
what we've got so far.

SECURLS IS NOT A SPLOG. THE SITE RANKING WONT BENEFIT FROM THE
GATHERED/COLLECTED CONTENT.

So, this is it. If you find it interesting, please drop us an email.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] iPhone Security Settings

[John Smith]

http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html

John

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] SMF 1.1.2

[Павел Ххххххх]

Hi!

Меня очень сильно заинтересовала инфа о PHP injection в форумах Simle machines 
forum (SMF 1.1.2).
Нельзя ли узнать подробней об этой уязвимости ?

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] How to compromise a Microosft site using SQL injection

[Security Admin (NetSec)]

http://www.zone-h.org/content/view/14780/31/



Has the explanation, and a place to upload the HOW-TO video (with test

explanation) from the hacker, http://www.unbase.com/n/5725974396





Better than any class I have taken on Web application security.  It is nice to 
know that SQL Server 2005 has its issues just like every other database server.



BTW, The hacker has a hotmail address in the HOW-TO video for you to contact 
him :)


SecAdmin
-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] phrack / n3td3v

[HACK THE GOV]

hey hey, is there a connection between these people?curious.

we've ruled out gobbles is n3td3v but maybe phrack is n3td3v or n3td3v is
phrack.

yours

hackthegov
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Rutkowska faces ‘100% unde tectable malware’ challenge, teasing?

[wac]

Blah blah blah. Please someone tell Rokowska that we know about what she
calls "blue pill" since we where little kids.

It was exposed *years ago* (1995 to be exact > 12 years) by Mark A. Ludwig
in his Giant Book of Computer viruses Page 391 from American Eagle
Publications, Inc. Chapter "Protected mode stealth"

Basically was moving the operating system into userland and running the
virus in ring-0 making it almost undetectable. It was called Isnt not blue
whatever. Yes well with vanderpool technology should be a lot easier given
the hardware support.

And guess what.. We are still alive even with a POC virus and it's source
code available to the public.

I hate that kind of noisy sensationalist press so much. That guy is always
doing it.
And btw I don't believe such thing to be totally undetectable. There's
always a little catch.

Regards
Waldo


On 6/30/07, Bipin Gautam <[EMAIL PROTECTED]> wrote:


hi guys,

ref: http://blogs.zdnet.com/security/?p=334

so are they teasing by making her the impossible challenge at this date?
:)

honeypot developers have been trying to battle the same issue of
making the virtual machine emulate guest OS like the it is run in real
hardware since some years now.

ref: http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf


But if Rutkowska or anyone is able to succeed to make it undetectable
in current hardware that would be genius!

-bipin

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DOS on phrack?

[scott]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Possibly because I am a paranoid phreak who thinks security is a way to
get around this problem?

Or just maybe I should have added...or just down for maintenance?...to
my original post.That way smart asses like yourself wouldn't need to
waste their time responding to such a despot as me.

Sorry to waste your time so you could waste more time by replying in
such an unambiguous way!

Ooops.There's my Xanax.I knew I needed it!

Bad day.Sorry for the rant.^~^

scott




Jeff MacDonald wrote:

> why is it that when a website is unavailable, the immediate assumption is 
> that 
> is being attacked?
> 
> regards,

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGhym+elSgjADJQKsRAnb2AKCHs26MXM13jhcme1niZLgMobnsCACdGlXr
4xLSTKdsdcb5HfMkAfrFgbU=
=+9Si
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/