Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

2007-09-29 Thread Jimby Sharp 
Exactly! And the so called security experts who are giving long
lectures in the list about how any bug can result in a potential
security flaw, they are forgetting that if a security flaw arises it
arises because of the programmer and not Firefox.

If I use strcpy() to read user input into a buffer, I am at fault and
not C compiler.

On 9/30/07, Andrew Farmer <[EMAIL PROTECTED]> wrote:
> On 28 Sep 07, at 19:25, wac wrote:
> > On 9/28/07, Jimby Sharp <[EMAIL PROTECTED]> wrote:
> >> How is this serious and is it related to security in any manner? If
> >> not, please do not spam. :-(
> >
> >  Many bugs are security related (I would say all). How it is security
> > related? Think. What happens if your bank calculates something
> > wrong and
> > puts the lower in your account and the higher in another account?
> > Yes It
> > might be little but what about a little many
> > times? That could be done with javascript too. Then... you are not
> > safe
> > anymore.
>
> If your bank is doing financial calculations using Javascript in a
> standard web browser, you have bigger things to worry about than
> roundoff errors.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread James Matthews 
On 9/29/07, James Matthews <[EMAIL PROTECTED]> wrote:
> Test
>
> On 9/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > On Sat, 29 Sep 2007 14:15:09 +0200, Thierry Zoller said:
> >
> > > Just a sample test of how many of you read this email. Let's see how
> > > good it performs for mailinglists and what comes out.
> >
> > What you're getting isn't a test of how many people read the mail. What
> you
> > got was a count of people who read the mail in MUAs that don't protect
> > against
> > web bugs.
> >
> > It's also possible that some small percentage of people are using MUAs
> that
> > will pre-fetch the linked files, but then the user discards the mail
> unread
> > (I don't know any offhand that do this, but there *was* the brou-ha-ha a
> > while
> > back about certain browsers that would prefetch linked pages from Google
> > searches even if the user didn't visit them, causing lots of hits to links
> > that the user may not even have realized happened, so it's certainly well
> > within the realm of possibility).
> >
>
>
> --
> http://www.goldwatches.com/mens/cufflinks.html
> http://www.jewelerslounge.com
>


-- 
http://www.goldwatches.com/mens/cufflinks.html
http://www.jewelerslounge.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread James Matthews 
Test

On 9/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Sat, 29 Sep 2007 14:15:09 +0200, Thierry Zoller said:
>
> > Just a sample test of how many of you read this email. Let's see how
> > good it performs for mailinglists and what comes out.
>
> What you're getting isn't a test of how many people read the mail. What you
> got was a count of people who read the mail in MUAs that don't protect
> against
> web bugs.
>
> It's also possible that some small percentage of people are using MUAs that
> will pre-fetch the linked files, but then the user discards the mail unread
> (I don't know any offhand that do this, but there *was* the brou-ha-ha a
> while
> back about certain browsers that would prefetch linked pages from Google
> searches even if the user didn't visit them, causing lots of hits to links
> that the user may not even have realized happened, so it's certainly well
> within the realm of possibility).
>


-- 
http://www.goldwatches.com/mens/cufflinks.html
http://www.jewelerslounge.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Valdis . Kletnieks 
On Sat, 29 Sep 2007 14:15:09 +0200, Thierry Zoller said:

> Just a sample test of how many of you read this email. Let's see how
> good it performs for mailinglists and what comes out.

What you're getting isn't a test of how many people read the mail. What you
got was a count of people who read the mail in MUAs that don't protect against
web bugs.

It's also possible that some small percentage of people are using MUAs that
will pre-fetch the linked files, but then the user discards the mail unread
(I don't know any offhand that do this, but there *was* the brou-ha-ha a while
back about certain browsers that would prefetch linked pages from Google
searches even if the user didn't visit them, causing lots of hits to links
that the user may not even have realized happened, so it's certainly well
within the realm of possibility).


pgpAWhCrCQz2z.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Morning Wood 
Outlook Express blocks this by default, unless you click
the "show images" dialog thingie

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] gadi evron

2007-09-29 Thread jt5944-27a 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, 29 Sep 2007 07:39:44 -0600 [EMAIL PROTECTED] wrote:
>New research results out:
>
>http://lul-disclosure.net

gobbles - you sad little backwards retard. havent you learned that
it is not polite to make death threats against people? does your
employer dave aitel know that you are off your meds again? by the
way - new episodes of south park are coming out next week so maybe
you can find some other lame reference besides gobbles and crab
people. we should start calling you cartman since you are a fat
white supremacist and neo-nazi. then again rocky - you are living
up to your name as a dull and uncreative sequel that should have
never been made.

kisses!

-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkb+6oQACgkQiDw0BWMaDTENRwP/ZW36z1nDTPft/V2md3W3bXtKmX16
9hstmceYqVHAPstbNN+PORU4DwPet2uTwX0HefQ5PdDKNyDJCRUVfXm1Wi2imYajoiDZ
XcUm1lbPEWcctxsy4TWFi7vy1BwHeJOYaE+lc7s00L9XqowwAc3zZkInkyM3s8iOMOYx
R+ePIQk=
=X+g4
-END PGP SIGNATURE-

--
Visa, MasterCard, AMEX & Discover. Compare Offers & Apply Online. Click here!
http://tagline.hushmail.com/fc/Ioyw6h4d7hvTBKxLi5VC4kPbiL5gh311Fga2uwdbWlX62baZ9t1ozW/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread lee . e . rian 
>From: Thierry Zoller <[EMAIL PROTECTED]>>Date: 09/29/2007 08:15AM>>Hi All,>>Just a sample test of how many of you read this email. Let's see how>good it performs for mailinglists and what comes out.>>More info - DidTheyReadIt.comReading your email with IE7 I get  This page contains both secure and nonsecure items.  Do you want to display the nonsecure items?Click on no and it displays your msg without tring to load the img src="" webbugFirefox isn't anywhere near as good in this regard - I get  You have requested an encrypted page that contains some unencrypted information. Information  that you see or enter on this page could easily be read by a third party.  [x] Alert me whenever I'm about to view an encrypted page that contains some unencrypted information.As soon as I click on OK, Firefox tries to load the webbug image.Regards,Lee
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

2007-09-29 Thread Andrew Farmer 
On 28 Sep 07, at 19:25, wac wrote:
> On 9/28/07, Jimby Sharp <[EMAIL PROTECTED]> wrote:
>> How is this serious and is it related to security in any manner? If
>> not, please do not spam. :-(
>
>  Many bugs are security related (I would say all). How it is security
> related? Think. What happens if your bank calculates something  
> wrong and
> puts the lower in your account and the higher in another account?  
> Yes It
> might be little but what about a little many
> times? That could be done with javascript too. Then... you are not  
> safe
> anymore.

If your bank is doing financial calculations using Javascript in a
standard web browser, you have bigger things to worry about than
roundoff errors.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Thierry Zoller 
Dear Paul,

PS> Is that in any way different from
PS> http://en.wikipedia.org/wiki/Web_bug
PS> ?

No not at all, just that it allows for fast tests without me setting
up scripts an like.

BTW Do they have "edge" in china, beause somebody is reading FD in
China over the Iphone. *gr*


-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Paul Szabo 
Thierry,

> More info - DidTheyReadIt.com
> ...http://e-mail-servers.com/jpg"; ... width="1" height="1">

Is that in any way different from
http://en.wikipedia.org/wiki/Web_bug
?

Cheers,

Paul Szabo   [EMAIL PROTECTED]   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of SydneyAustralia

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] gadi evron

2007-09-29 Thread gjgowey 
They really need to restrict kindergardeners from purchasing domain names and 
webservers.  Putting out a contract on someone, essentially, is a good way to 
start life with a felony conviction.

Geoff


Sent from my BlackBerry wireless handheld.

-Original Message-
From: "Richard Golodner" <[EMAIL PROTECTED]>

Date: Sat, 29 Sep 2007 12:15:24 
To:<[EMAIL PROTECTED]>, 
Subject: Re: [Full-disclosure] gadi evron


You may think this whole Gadi thing funny, but remember that some of the
readers who are on these lists really do professional security work and that
includes more than just data networks. Be careful what you wish for.
Richard Golodner

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, September 29, 2007 9:40 AM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] gadi evron

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

New research results out:

http://lul-disclosure.net
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkb+VaAACgkQDSsj4Jxmu6l8AwQAwZsftyN9qNn6Gyq3tnpUu/97s/q3
ZSOUf3I0ddFLLCwz1nqs9zr64nE6tC8/0sdqkcmmq78QAzz2xwSTyaHeNC+XkBDAK8ox
wjnUCqQYWjLyTbNYoMFj5qhOeI18IVmm5qUDOAfkcwG7iHmsv9Qc8nuwS5R+gLFMjnDI
u6dx4/s=
=4Dx3
-END PGP SIGNATURE-

--
Click for information on obtaining a VA loan.
http://tagline.hushmail.com/fc/Ioyw6h4d9CuOGxcVwhQCHYHD2t5G8xyrDqc4ydYynxj3G
w0Eyvevu4/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] New RFID Mailing List Owner 0day

2007-09-29 Thread Jeffrey Denton 
Your script assumes a few things that are not part of a default
Slackware install.

# This script was created for use on Slackware!

> exit 5

What is the purpose of the exit status code of 5?  Yes, any non-zero
number indicates an error.  Common exit codes are 0 (succeeded), 1 (or
any non-zero number, failure), 126 (command found but not executable),
127 (command not found), and 128+N (fatal error where N is the SIGNAL
that caused the exit).  An exit status of 5 works, just curious as to
its purpose.

> chown root.staff ping

"staff" is not a default group in Slackware.  Your script assumes that
it has already been created.

> chmod 500 ttysnoop

"ttysnoop" is not installed by Slackware.

> chmod 600 inetd.conf

It would also be a good idea to remove the execute permissions from
/etc/rc.d/rc.inetd and any other service in /etc/rc.d that isn't
needed.  Restricting the read permissions of the contents of that
directory is also a good idea.

> cp /root/slack/syslog.conf /etc

The file, "/root/slack/syslog.conf" does not exist by default in Slackware.

> # Tighten up the log file perms now
> cd /var/log
> chmod 600 syslog log.auth log.cron log.daemon log.kern log.mail
> log.mark log.syslog
> chmod 600 log.user messages ftp.log secure.log
> chown root.wheel syslog log.auth log.cron log.daemon log.kern
> log.mail log.mark log.syslog
> chown root.wheel log.user messages ftp.log secure.log

Most of these files do not exist by default.  I'll assume that they
are the product of your custom syslog.conf.

> echo "MAKE SURE YOU ADD USERS THAT YOU WANT TO BE ABLE TO SU TO
> ROOT"
> echo "TO THE ROOT AND WHEEL GROUPS OR THEY WON'T BE ABLE TO!!."

There is nothing in a default Slackware install that will restrict the
use of the "su" command.  Slackware does not use PAM.  The
"/etc/suauth" file does not exist by default.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] gadi evron

2007-09-29 Thread T Biehn 
Watch out for Mossad doued.

On 9/29/07, Richard Golodner <[EMAIL PROTECTED]> wrote:
>
> You may think this whole Gadi thing funny, but remember that some of the
> readers who are on these lists really do professional security work and
> that
> includes more than just data networks. Be careful what you wish for.
> Richard Golodner
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Saturday, September 29, 2007 9:40 AM
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] gadi evron
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> New research results out:
>
> http://lul-disclosure.net
> -BEGIN PGP SIGNATURE-
> Note: This signature can be verified at https://www.hushtools.com/verify
> Charset: UTF8
> Version: Hush 2.5
>
> wpwEAQECAAYFAkb+VaAACgkQDSsj4Jxmu6l8AwQAwZsftyN9qNn6Gyq3tnpUu/97s/q3
> ZSOUf3I0ddFLLCwz1nqs9zr64nE6tC8/0sdqkcmmq78QAzz2xwSTyaHeNC+XkBDAK8ox
> wjnUCqQYWjLyTbNYoMFj5qhOeI18IVmm5qUDOAfkcwG7iHmsv9Qc8nuwS5R+gLFMjnDI
> u6dx4/s=
> =4Dx3
> -END PGP SIGNATURE-
>
> --
> Click for information on obtaining a VA loan.
>
> http://tagline.hushmail.com/fc/Ioyw6h4d9CuOGxcVwhQCHYHD2t5G8xyrDqc4ydYynxj3G
> w0Eyvevu4/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] gadi evron

2007-09-29 Thread Richard Golodner 
You may think this whole Gadi thing funny, but remember that some of the
readers who are on these lists really do professional security work and that
includes more than just data networks. Be careful what you wish for.
Richard Golodner

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, September 29, 2007 9:40 AM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] gadi evron

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

New research results out:

http://lul-disclosure.net
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkb+VaAACgkQDSsj4Jxmu6l8AwQAwZsftyN9qNn6Gyq3tnpUu/97s/q3
ZSOUf3I0ddFLLCwz1nqs9zr64nE6tC8/0sdqkcmmq78QAzz2xwSTyaHeNC+XkBDAK8ox
wjnUCqQYWjLyTbNYoMFj5qhOeI18IVmm5qUDOAfkcwG7iHmsv9Qc8nuwS5R+gLFMjnDI
u6dx4/s=
=4Dx3
-END PGP SIGNATURE-

--
Click for information on obtaining a VA loan.
http://tagline.hushmail.com/fc/Ioyw6h4d9CuOGxcVwhQCHYHD2t5G8xyrDqc4ydYynxj3G
w0Eyvevu4/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Brian Taylor 
I highly doubt it.  How would they track a plain text email?  There's nothing 
in email, apart from the servers that are handling the email, to facilitate 
this.  Now if someone specifically designed an email client to talk to the 
'didtheyreadit.com' servers and inform them directly of when they read email 
and everyone used it to read email.

It works just like the US post office...  You send mail, but unless the 
recipient does something or you paid the post office extra to obtain proof of 
delivery then you'll never know if it got there.



 Original message 
>Date: Sat, 29 Sep 2007 13:01:19 -0400
>From: Fabrizio <[EMAIL PROTECTED]>  
>Subject: Re: [Full-disclosure] Testing DidTheyReadIt.com  
>To: full-disclosure@lists.grok.org.uk
>
>   Looks like it's similar to the 1px transparent image
>   technique spammers use. Gmail seems to be blocking
>   an image in the email. I wonder if this works with
>   plain text emails.
>
>   Fabrizio
>
>   p.s. i read this list on the weekends.
>
>   On 9/29/07, Juha-Matti Laurio
>   <[EMAIL PROTECTED]> wrote:
>
> Your headers etc. doesn't state that this service
> is in use.
>
> If your test will work, it is interesting to know
> how many read this list during the weekends too.
> Maybe you can let us know.
>
> BTW:
> http://www.didtheyreadit.com/index.php/html/howitworks#tagging
>
> - Juha-Matti
>
> Thierry Zoller <[EMAIL PROTECTED]> wrote:
> >
> > Hi All,
> >
> > Just a sample test of how many of you read this
> email. Let's see how
> > good it performs for mailinglists and what comes
> out.
> >
> > More info - DidTheyReadIt.com
> >
> >
> > --
> > http://secdev.zoller.lu
> > Thierry Zoller
> > Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1
> 1200 9f89 a000
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
> http://secunia.com/
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Fabrizio 
Looks like it's similar to the 1px transparent image technique spammers use.
Gmail seems to be blocking an image in the email. I wonder if this works
with plain text emails.

Fabrizio

p.s. i read this list on the weekends.

On 9/29/07, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote:
>
> Your headers etc. doesn't state that this service is in use.
>
> If your test will work, it is interesting to know how many read this list
> during the weekends too.
> Maybe you can let us know.
>
> BTW:
> http://www.didtheyreadit.com/index.php/html/howitworks#tagging
>
> - Juha-Matti
>
> Thierry Zoller <[EMAIL PROTECTED]> wrote:
> >
> > Hi All,
> >
> > Just a sample test of how many of you read this email. Let's see how
> > good it performs for mailinglists and what comes out.
> >
> > More info - DidTheyReadIt.com
> >
> >
> > --
> > http://secdev.zoller.lu
> > Thierry Zoller
> > Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1 1200 9f89 a000
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] defining 0day

2007-09-29 Thread Jimby Sharp 
It's very easy to hide under an anonymous email-ID and pour out
bullshit to insult others but it takes guts to do the same with your
real name. Since, you do not have the guts to sign your message with
your real name, we are free to ignore whatever you post.

I appeal the FD admins to ban the trolls. A little moderation is
required for any meaningful discussion to take place.

Now, if you reply to this e-mail with an anonymous ID again, it will
only prove what a coward bastard you are. If you have the guts, insult
others with your real name.

On 9/29/07, Awful Disclosure <[EMAIL PROTECTED]> wrote:
> I know that this term means. 0 day - is the day when this jewish slut
> Gadi got his first homosexual experience and his gayed ass became
> looks like (0), not (.). So this this 0-day.
>
> btw, word "Gadi" is close to "Gadit", that in Russian means "to defecate".
>
> >There is a difference between Sun Tsu-like stealth and civil war-like
> >"throw bodies at it".
>
> >I quite agree 0days would be important tools, but not necessarily the only
> >tool. Then, it would only be a fascilitating technology. A known
>
> >vulnerability is also useful in many cases.
>
> >About botnets, they are at the very heart of the matter--not necessarily
> >for being used in this fashion, but rather because the Internet is perfect
>
> >for plausible deniability, and then, of course, there is the matter of a
> >/fifth column
> /, inside your network.
> >
> > Gadi.
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] defining 0day

2007-09-29 Thread Awful Disclosure 
I know that this term means. 0 day - is the day when this jewish slut
Gadi got his first homosexual experience and his gayed ass became
looks like (0), not (.). So this this 0-day.

btw, word "Gadi" is close to "Gadit", that in Russian means "to defecate".

>There is a difference between Sun Tsu-like stealth and civil war-like
>"throw bodies at it".

>I quite agree 0days would be important tools, but not necessarily the only
>tool. Then, it would only be a fascilitating technology. A known
>vulnerability is also useful in many cases.

>About botnets, they are at the very heart of the matter--not necessarily
>for being used in this fashion, but rather because the Internet is perfect
>for plausible deniability, and then, of course, there is the matter of a
*>/fifth column/*, inside your network.
>
>   Gadi.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Juha-Matti Laurio 
Your headers etc. doesn't state that this service is in use.

If your test will work, it is interesting to know how many read this list 
during the weekends too.
Maybe you can let us know.

BTW:
http://www.didtheyreadit.com/index.php/html/howitworks#tagging

- Juha-Matti

Thierry Zoller <[EMAIL PROTECTED]> wrote: 
> 
> Hi All,
> 
> Just a sample test of how many of you read this email. Let's see how
> good it performs for mailinglists and what comes out.
> 
> More info - DidTheyReadIt.com
> 
> 
> -- 
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1 1200 9f89 a000
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] gadi evron

2007-09-29 Thread imul 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

New research results out:

http://lul-disclosure.net
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkb+VaAACgkQDSsj4Jxmu6l8AwQAwZsftyN9qNn6Gyq3tnpUu/97s/q3
ZSOUf3I0ddFLLCwz1nqs9zr64nE6tC8/0sdqkcmmq78QAzz2xwSTyaHeNC+XkBDAK8ox
wjnUCqQYWjLyTbNYoMFj5qhOeI18IVmm5qUDOAfkcwG7iHmsv9Qc8nuwS5R+gLFMjnDI
u6dx4/s=
=4Dx3
-END PGP SIGNATURE-

--
Click for information on obtaining a VA loan.
http://tagline.hushmail.com/fc/Ioyw6h4d9CuOGxcVwhQCHYHD2t5G8xyrDqc4ydYynxj3Gw0Eyvevu4/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Anshuman G 
heh, nice test :).

On 9/29/07, Thierry Zoller <[EMAIL PROTECTED]> wrote:
>
>
> Hi All,
>
> Just a sample test of how many of you read this email. Let's see how
> good it performs for mailinglists and what comes out.
>
> More info - DidTheyReadIt.com
>
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1 1200 9f89 a000
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

2007-09-29 Thread Jimby Sharp 
Go and read floating point math.

On 9/29/07, wac <[EMAIL PROTECTED]> wrote:
>
>  Many bugs are security related (I would say all). How it is security
> related? Think. What happens if your bank calculates something wrong and
> puts the lower in your account and the higher in another account? Yes It
> might be little but what about a little many times? That could be done
> with javascript too. Then... you are not safe anymore.
> Specially today with the invasion of AJAX. One of the
> browsers is broken for sure (several?). They should do the same even in such
> small things. Should at least be very carefully documented. However just
> documenting it is only going to bring trouble since many programmers won't
> be aware of that. They would not even be making mistakes in the code but
> triggering somebodie's else errors. This kind of stuff happens many times.
> For instance a couple of days ago I hitted a problem in wich both Opera and
> Firefox behaved differently to IE (some parameters in the form where not
> sent to the server). Was with a   instead of
>  (or the other way around can't remember right
> was the workaround).
>
>  Yes, every bug is security related. A database that is out of synch. An
> improperly rounded number. Remember why Arianne blowed up on the air because
> of this? Remember the mars landrover locked because of a priority inversion
> bug? Would you call it a security bug? I really doubt many of you would.
> However millions were lost. Wasn't security related? Think. What about if
> someday the computers that handle the nuclear plant nearby make a wrong
> rouding and one of the parameters go out of rank? Computers handle that,
> handle your car, all of your communications, your heart beat and even your
> foot steps (heard about those smart Adidas with a chip?).
>
>  What if an airplane computer miss one of the parameters? It *is* a security
> bug even if it is not a stack/heap overflow, an integer overflow and all of
> the rest you all know about. I consider if not all of the bugs, at least the
> vast majority as security bugs. For your very own good start thinking that
> way too. Because someday you could even die just because somebody's else
> made a mistake in one of those control systems. Worst yet... because someone
> thought that it wasn't a security bug and was not important to fix it.
>
> Regards
> Waldo Alvarez
>
> PD: Now you have another way to verify (fingerprint) wich browser is used to
> browse a website even with spoofed User-Agent headers if javascript is
> turned on.
>
> > And go and learn some floating point maths.
> >
> > On 9/28/07, carl hardwick <[EMAIL PROTECTED] > wrote:
> > > There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
> > > subtractions.
> > >
> > > PoC concept here:
> > > javascript:5.2-0.1
> > > (copy this code into address bar)
> > >
> > > Firefox 2.0.0.7 result: 5.1005 (WRONG!)
> > > Internet Explorer 7 result: 5.1 (OK)
> > >
> > > ___
> > > Full-Disclosure - We believe in it.
> > > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1378-2] New Linux 2.6.18 packages fix several vulnerabilities

2007-09-29 Thread dann frazier 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1378-2[EMAIL PROTECTED]
http://www.debian.org/security/   Dann Frazier
September 28th, 2007http://www.debian.org/security/faq
- --

Package: linux-2.6
Vulnerability  : several
Problem-Type   : local
Debian-specific: no
CVE ID : CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573
 CVE-2007-4849

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-3731

Evan Teran discovered a potential local denial of service (oops) in
the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests.

CVE-2007-3739

Adam Litke reported a potential local denial of service (oops) on
powerpc platforms resulting from unchecked VMA expansion into address
space reserved for hugetlb pages.

CVE-2007-3740

Steve French reported that CIFS filesystems with CAP_UNIX enabled 
were not honoring a process' umask which may lead to unintentinally
relaxed permissions.

CVE-2007-4573

Wojciech Purczynski discovered a vulnerability that can be exploitd
by a local user to obtain superuser privileges on x86_64 systems.
This resulted from improper clearing of the high bits of registers
during ia32 system call emulation. This vulnerability is relevant
to the Debian amd64 port as well as users of the i386 port who run
the amd64 linux-image flavour.

CVE-2007-4849

Michael Stone reported an issue with the JFFS2 filesystem. Legacy
modes for inodes that were created with POSIX ACL support enabled
were not being written out to the medium, resulting in incorrect
permissions upon remount.

These problems have been fixed in the stable distribution in version 
2.6.18.dfsg.1-13etch3.

This advisory has been updated to include a build for the arm architecture,
which was not yet available at the time of DSA-1378-1.

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

 Debian 4.0 (etch)
 fai-kernels 1.17+etch.13etch3
 user-mode-linux 2.6.18-1um-2etch.13etch3

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

  Source archives:


http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.dsc
  Size/MD5 checksum: 5672 c1bd844f7cda4fbe195633ca2f10e1ed

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.diff.gz
  Size/MD5 checksum:  5318081 24ff4c8f5d53eb3b7c9fe8a080827045

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
  Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060

http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.dsc
  Size/MD5 checksum:  740 ae1bf8aadf49ec47235774fac7f5cb06

http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.tar.gz
  Size/MD5 checksum:54342 9c94bc12cef25ab30b5a66035c7588a2

http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.dsc
  Size/MD5 checksum:  892 76ffc1795c64ab756e04659d71b448f7

http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.diff.gz
  Size/MD5 checksum:14307 80979b335d9db66a3994b5c0f9f6136b

http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
  Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582

  Architecture independent components:


http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch3_all.deb
  Size/MD5 checksum:  3586464 642f8635f26aa477585eede9fb3e3a8e

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manua

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug [FIB FOUND/CONFIRMED]

2007-09-29 Thread Susam Pal 
Compile and run this.

#include 

int main(int argc, char **argv) {
  float a = 0.7;
  if(a == 0.7) {
printf("%f is equal to %f\n", a, 0.7);
  } else {
printf("%f is not equal to %f\n", a, 0.7);
  }
}

On many implementations (not necessarily all implementations) you will
get the output as:-

0.70 is not equal to 0.70

For example, on my Debian Etch with gcc 4.1.2, the output is as shown
above. This doesn't mean it is a bug in 'gcc'. It's just a limitation
of floating point math. If someone doesn't take care of the floating
point behavior while writing code in JavaScript, it is a bug in the
JavaScript code and not a bug in Firefox.

Regards,
Susam Pal
http://susam.in/

On 9/28/07, blah <[EMAIL PROTECTED]> wrote:
> IE7 was fine for me, showed up in FF 2.0.0.7
>
> However, I think it's much wider-spread than initially thought.  I
> found the same most unsettling results using:
> javascript:4.2-0.1
> javascript:3.2-0.1
> javascript:2.2-0.1
>
> I did not have time to try more, but obviously all of you can see the
> possibilities.  Because it appears this works with any number, I've
> dubbed it the FIB, (Firefox Infinite Bug).
>
> I think this should get its own exploit category, too, since
> assuredly, perhaps one day, this will be exploitable.
>
> On 9/28/07, Steven Adair <[EMAIL PROTECTED]> wrote:
> > So are we dealing with an RDCB (Recently Disclosed Calculation Bug) or was
> > this just a mistake?
> >
> > Steven
> >
> > > Actually, I see 5.1005 in both browsers.
> > >
> > > Larry Seltzer
> > > eWEEK.com Security Center Editor
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

2007-09-29 Thread Bob Clary 
carl hardwick wrote:
> There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
> subtractions.
> 
> PoC concept here:
> javascript:5.2-0.1
> (copy this code into address bar)
> 
> Firefox 2.0.0.7 result: 5.1005 (WRONG!)
> Internet Explorer 7 result: 5.1 (OK)
> 

Please read .

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Testing DidTheyReadIt.com

2007-09-29 Thread Thierry Zoller 

Hi All,

Just a sample test of how many of you read this email. Let's see how
good it performs for mailinglists and what comes out.

More info - DidTheyReadIt.com


-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1 1200 9f89 a000

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

2007-09-29 Thread full-disclosure 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Not so much it required such a long thread.

On Fri, 28 Sep 2007 15:29:18 -0400 Rodrigo Barbosa
<[EMAIL PROTECTED]> wrote:
>On Fri, Sep 28, 2007 at 09:09:02PM +0200, Michal Zalewski wrote:
>> On Sat, 29 Sep 2007, Jimby Sharp wrote:
>>
>> > I don't get the same from C-style double arithmetics. Could
>you provide
>> > a sample code that you believe should show the same behavior?
>>
>> If you don't, it's presumably because the subtraction is
>optimized out by
>> the compiler, or because you printf() with an insufficient
>precision in
>> format spec. The following should do the trick:
>>
>> volatile double a = 5.2;
>> volatile double b = 0.1;
>> main() { printf("%.16lf\n",a-b); }
>
>Confirmed here with:
>
>gcc (GCC) 4.1.1 20070105 (Red Hat 4.1.1-52)
>
>Actually quite interesting.
>
>--
>Rodrigo Barbosa
>"Quid quid Latine dictum sit, altum viditur"
>"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-BEGIN PGP SIGNATURE-
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2.5

wpwEAQECAAYFAkb+RoIACgkQ+dWaEhErNvTOsgP/ZcU7BhwhtlxVR3DGfKQU7mn5uLVR
cN9rMB+G+yvM8CtdwrN3d0aJDCd2LFIal0XhnzvlPIV86wAhWic2gS89TRGHt9J82mKp
PyqHJWN0OAfMY0EjbURREjaz4dxmfV0d+T8la5b/vLRDhcI7HlH7YvLBrLcuDSAcySZX
5BtQnKE=
=uIWZ
-END PGP SIGNATURE-

--
Click here to find great prices on contact lenses.  Save now.
http://tagline.hushmail.com/fc/Ioyw6h4ea3BpGtXYQZ6VgDfUuhClr58eVgjo8X0nsCkACj902Us7mY/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] .NET REMOTING on port 31337

2007-09-29 Thread full-disclosure 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Evan,

Your racism is not appreciated.  Please do not mail me again.

On Fri, 28 Sep 2007 15:44:51 -0400 Evan Pitstick
<[EMAIL PROTECTED]> wrote:
>Simon Smith is friends with KF the infosec nigger midget.  Be
>careful or he will steal your watermelons for his friend.
>
>On Fri, 2007-09-28 at 15:37 -0400, [EMAIL PROTECTED]
>wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> fascinating tell me more
>>
>> On Fri, 28 Sep 2007 15:36:07 -0400 Simon Smith
><[EMAIL PROTECTED]>
>> wrote:
>> >I don't have any techniques...
>> >
>> >[EMAIL PROTECTED] wrote:
>> >> educate me dude i bet i'll win this one.
>> >>
>> >> are your techniques more advanced than the anvil ids suite?
>> >>
>> >> On Fri, 28 Sep 2007 15:22:23 -0400 Simon Smith
>> ><[EMAIL PROTECTED]>
>> >> wrote:
>> >>> I do... but I don't have time to explain it to you... its
>> >>> complicated...
>> >>> post-nmap stuff...
>> >>
>> >>> [EMAIL PROTECTED] wrote:
>>  dunno how do you plan on figuring out what is running there
>> 
>>  On Fri, 28 Sep 2007 15:07:34 -0400 Simon Smith
>> >>> <[EMAIL PROTECTED]>
>>  wrote:
>> > Phew... thought you were serious for a moment...
>> > I mean... what more could there be aside from nmap. ;]
>> > [EMAIL PROTECTED] wrote:
>> >> No just kidding lol a lot of people here seem to make
>money
>> >in
>> > this
>> >> business.
>> >>
>> >> On Fri, 28 Sep 2007 15:01:01 -0400 Simon Smith
>> > <[EMAIL PROTECTED]>
>> >> wrote:
>> >>> No way...
>> >>> are you serious?
>> >>> ;P
>> >>> [EMAIL PROTECTED] wrote:
>>  Sounds like you will need to learn how to use debugging
>> >and
>> >>> other
>>  reverse engineering tools dude.  Security gets a little
>> >more
>>  complicated post-nmap.
>> 
>> 
>> 
>>  On Fri, 28 Sep 2007 14:21:52 -0400 Simon Smith
>> >>> <[EMAIL PROTECTED]>
>>  wrote:
>> > Got output... and it was... no idea what it was...
>can't
>> > paste
>> >>> it
>> > due to
>> > confidentiality though.
>> > Fabrizio wrote:
>> >> .NET Remoting is "a generic system for different
>> > applications
>> >>> to
>> > use to
>> >> communicate with one another." It's part of the .NET
>> >>> framework,
>> >> obviously. (not trying to be a smart ass)
>> >>
>> >> I'm gonna take a wild guess and say it's not a good
>> >>> thing..
>> >> Connect to it, and see if you get any output, if you
>> >>> haven't
>> > already
>> >> done so.
>> >>
>> >> Fabrizio
>> >>
>> >>
>> >>
>> >> On 9/28/07, * Simon Smith* <[EMAIL PROTECTED]
>> >> > wrote:
>> >>
>> >>
>> >> Has anyone ever heard of .NET REMOTING running on
>port
>> > 31337?
>> >>> If
>> > so,
>> >> have you ever seen it "legitimate"?
>> >>
>> >>
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-
>> > charter.html
>> > charter.html>
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >> --
>---
>> >--
>> >>> --
>> > --
>> >>> --
>> > ---
>> >> ___
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-
>> > charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> > --
>> > - simon
>> > --
>> > http://www.snosoft.com
>> >>> --
>> >>> Click here to find great prices on contact lenses.  Save
>> >now.
>> >>>
>> >>>
>>
>>http://tagline.hushmail.com/fc/Ioyw6h4ea3DsXjSV0BsP1YTozy3Px8JSHxZ
>E
>> >
>> >>
>> >>> v9UYiKIbvmBMS8cN5D/
>> >>
>> >>
>> >>> --
>> >>> - simon
>> >>> --
>> >>> http://www.snosoft.com
>> > --
>> > Click here for free information on exciting leadership
>> >>> programs.
>> >>>
>>
>>http://tagline.hushmail.com/fc/Ioyw6h4dDEsHl9DycYqbZ3GrueBGQ2n3jOJ
>L
>> >
>> >>
>> > u8VBwDe3bXvscFUYtv/
>> 
>> 
>> 
>> > --
>> > - simon
>> > --
>> > http://www.snosoft.com
>> >>> --
>> >>> Click for free information on accounting careers, $150 hour
>> >>> potential.
>> >>>
>>
>>http://tagline.hushmail.com/fc/Ioyw6h4dCaQzqlFuxiHhBM76jQM7p3uFLDV
>T
>> >
>> >>> jtv7Yywb9ixgu0UUOR/
>> >>
>> >>
>> >>
>> >>
>> >>> --
>> >>
>> >>> - simon
>> >>
>> >>> --
>> >>> http://www.snosoft.com
>> >
>> >--
>> >
>> >- simon
>> >
>> >--
>> >htt

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

2007-09-29 Thread wac 
Hello:

On 9/28/07, Jimby Sharp <[EMAIL PROTECTED]> wrote:
>
> How is this serious and is it related to security in any manner? If
> not, please do not spam. :-(


 Many bugs are security related (I would say all). How it is security
related? Think. What happens if your bank calculates something wrong and
puts the lower in your account and the higher in another account? Yes It
might be little but what about a little many
times? That could be done with javascript too. Then... you are not safe
anymore. Specially today with the invasion of AJAX. One of the browsers is
broken for sure (several?). They should do the same even in such small
things. Should at least be very carefully documented. However just
documenting it is only going to bring trouble since many programmers won't
be aware of that. They would not even be making mistakes in the code but
triggering somebodie's else errors. This kind of stuff happens many times.
For instance a couple of days ago I hitted a problem in wich both Opera and
Firefox behaved differently to IE (some parameters in the form where not
sent to the server). Was with a   instead of
 (or the other way around can't remember right
was the workaround).

 Yes, every bug is security related. A database that is out of synch. An
improperly rounded number. Remember why Arianne blowed up on the air because
of this? Remember the mars landrover locked because of a priority inversion
bug? Would you call it a security bug? I really doubt many of you would.
However millions were lost. Wasn't security related? Think. What about if
someday the computers that handle the nuclear plant nearby make a wrong
rouding and one of the parameters go out of rank? Computers handle that,
handle your car, all of your communications, your heart beat and even your
foot steps (heard about those smart Adidas with a chip?).

 What if an airplane computer miss one of the parameters? It *is* a security
bug even if it is not a stack/heap overflow, an integer overflow and all of
the rest you all know about. I consider if not all of the bugs, at least the
vast majority as security bugs. For your very own good start thinking that
way too. Because someday you could even die just because somebody's else
made a mistake in one of those control systems. Worst yet... because someone
thought that it wasn't a security bug and was not important to fix it.

Regards
Waldo Alvarez

PD: Now you have another way to verify (fingerprint) wich browser is used to
browse a website even with spoofed User-Agent headers if javascript is
turned on.

And go and learn some floating point maths.
>
> On 9/28/07, carl hardwick <[EMAIL PROTECTED]> wrote:
> > There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
> > subtractions.
> >
> > PoC concept here:
> > javascript:5.2-0.1
> > (copy this code into address bar)
> >
> > Firefox 2.0.0.7 result: 5.1005 (WRONG!)
> > Internet Explorer 7 result: 5.1 (OK)
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-522-1] OpenSSL vulnerabilities

2007-09-29 Thread Kees Cook 
=== 
Ubuntu Security Notice USN-522-1 September 29, 2007
openssl vulnerabilities
CVE-2007-3108, CVE-2007-5135
===

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libssl0.9.8 0.9.8a-7ubuntu0.4

Ubuntu 6.10:
  libssl0.9.8 0.9.8b-2ubuntu2.1

Ubuntu 7.04:
  libssl0.9.8 0.9.8c-4ubuntu0.1

After a standard system upgrade you need to reboot your computer to
affect the necessary changes.

Details follow:

It was discovered that OpenSSL did not correctly perform Montgomery
multiplications.  Local attackers might be able to reconstruct RSA
private keys by examining another user's OpenSSL processes. (CVE-2007-3108)

Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function
did not correctly check the size of the buffer it was writing to.
A remote attacker could exploit this to write one NULL byte past the end of
an application's cipher list buffer, possibly leading to arbitrary code
execution or a denial of service. (CVE-2007-5135)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4.diff.gz
  Size/MD5:40104 abaa56ceffcfafd0d628fc68b1c83675

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4.dsc
  Size/MD5:  814 e348ddbc2703e3dda91c500531cf4f45

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
  Size/MD5:  3271435 1d16c727c10185e4d694f87f5e424ee1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_amd64.udeb
  Size/MD5:   571738 9e614030df1cc56597aa4e7a7df23d18

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_amd64.deb
  Size/MD5:  2167362 c46ae159491e08e6df452617f069fb1a

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_amd64.deb
  Size/MD5:  1682190 3f8e4f0e18004602d6d05200d1ceaa59

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.4_amd64.deb
  Size/MD5:   875108 fde0f7829a2684230b42b9aa37474a87

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4_amd64.deb
  Size/MD5:   984620 3c835a22e594cd97d7286944c94144bb

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_i386.udeb
  Size/MD5:   509504 7461427863f8fb2515f4e666a445eb09

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_i386.deb
  Size/MD5:  2023780 d20f64ea8137c4c9aed26e911078bd15

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_i386.deb
  Size/MD5:  5051744 e377b372e70216b7c913229c840fe01e

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.4_i386.deb
  Size/MD5:  2595078 4d10155df912f64bb004d154b942bea1

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4_i386.deb
  Size/MD5:   976114 4cf728c1f64e50634489c6c9838eae69

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_powerpc.udeb
  Size/MD5:   557892 32b64e8623c7f77c4d8c2a26fa58ff90

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_powerpc.deb
  Size/MD5:  2181178 4e1f7491e3801576114ceac6235199d9

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_powerpc.deb
  Size/MD5:  1726640 0da13816bfddf51e4b306c3aa78c466e

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.4_powerpc.deb
  Size/MD5:   861466 d2650c1bfa597edefd32fa380bee42ec

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.4_powerpc.deb
  Size/MD5:   980256 3e1b6dec9136ba3c9456dc4301a105c5

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.4_sparc.udeb
  Size/MD5:   530816 8a79b8c47ab103c6fe308c35fc73e1a6

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.4_sparc.deb
  Size/MD5:  2092694 fd51d17a31a87f289860621e3ceef1c0

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.4_sparc.deb
  Size/MD5:  3941790 24f88f1ec00a33da9af06476cd24c845

http://security.ubuntu.com/ubuntu/po