Re: [Full-disclosure] Google Sacure

[Jim Popovitch]

On Sat, 2007-10-27 at 00:06 -0400, scott wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> They can't even spell 'secure'.What the hell is 'sacure'?

Perhaps it's suppose to be sauce. :-)

-Jim P.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Sacure

[scott]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

They can't even spell 'secure'.What the hell is 'sacure'?

Regards,
   Scott

[EMAIL PROTECTED] wrote:
> The truth about Sacure is that they have little to no capabilities
> or talent what so ever. Their website has been malfunctioning since
> well before August 2007 and they never caught it.  Why would anyone
> hire a “Managed Security” company that can’t detect issues in their
> own network? How the hell are they going to detect issues in yours?
>
> Reference:
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-
> October/067050.html
>
> Furthermore, Sacure has a broken customer portal. How would a
> “leader” in “Managed Security Services” not notice that their
> customer portal was broken? When you try to login to the portal you
> get an error that shows “Query failed : Table
> ‘sacure123.assessment’ doesn’t exist”. The obvious comes to mind;
> Sacure must not have any customers that use their “Managed Security
> Service”… so… how are they a leader again?
>
> In addition Sacure also claims that they are “Professional Security
> Service” experts. This is obviously bullshit. When you read through
> the materials on their website you find things like references to
> XSS (“Cross-Site Shipping”). What the fuck is that? Are they going
> to send UPS to assess your network? Last time I checked XSS was
> Cross-Site Scripting.
>
> Reference:
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-
> October/067065.html
>
> I wish that people in the security community would take the time to
> expose the “fake” security companies like Sacure for what they
> really are. This would help innocent buyers who do not know any
> better to avoid companies like Sacure. It would help them to avoid
> being ripped off.
>
> Sacure… it’s a fucking joke.
>
>
> On Fri, 26 Oct 2007 00:27:34 -0400 scott
> <[EMAIL PROTECTED]> wrote:
>> First off,it's on GoDaddy (dot)com.That should be the first
>> pointer.
>>
>>
>>
>> Michael Bann wrote:
>>> Maybe it's a joke. :-)
>>>
>>> Fabrizio wrote:
 Way too much info.

 Let's map out some tables names now

 http://www.sacure.com/login_process.php

 On 10/25/07, *Juha-Matti Laurio* <[EMAIL PROTECTED]
 > wrote:


>> http://www.sacure.com/news/home/sacure-to-offer-security-staffing-
>> and-consulting-services/
 generates the same result as well.

 - Juha-Matti

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 
 Hosted and sponsored by Secunia - http://secunia.com/


 
>> 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
>
>

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHIrlAxajqy/aNaRsRApwMAJ9Obal+uzlNax+l2uat0PZMMMtmowCeMz99
JC1z7NFsDBtvGqI46zXYCWg=
=iXxr
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] MySpace URL redirection

[Fabrizio]

Risk: potentially high
File under: annoyances

"hey! check out my cool myspace page!"

warning: will crash Internet Exploder.

http://profile.myspace.com/index.cfm?fuseaction=cms.goto&_i=176efaa7-1908-488e-aa3e-2565dcf843d6&_u=http://www.modernlifeisrubbish.co.uk/etc/crash-ie.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] rPSA-2007-0225-1 firefox

[rPath Update Announcements]

rPath Security Advisory: 2007-0225-1
Published: 2007-10-26
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/2.0.0.8-0.1-1

rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1858

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340

Description:
Previous versions of the firefox package are vulnerable to several
types of attacks, some of which are understood to allow compromised
or malicious sites to run arbitrary code as the user running firefox.

http://wiki.rpath.com/Advisories:rPSA-2007-0225

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [xssworm.com] Alert : XSS Worms - Cross-Site Scripting and Web 2.0 Application Security Blog

[XSS Worm XSS Security Information Portal]

Greetings To All

We are proud to announce the grand-opening of XSS Worm : Cross Site
Scripting Attacks ™ - http://www.xssworm.com/ - Cross Site Scripting Attacks
: the new site for discussion of XSS (also known as CSS (not to be confused
with Cascading Style Sheets (also sometimes referred to as CSS))
vulnerabilities) security issues in web-enabled networks and dynamic
Internet applications.

XSS - a word commonly used by modern security experts to categorize a wide
range of emerging web-enabled security threats. This unpronounceable word
was once said to derive from the common term "Cross Site Scripting" (the
leading X in this instance perhaps alluding to the Cross of the popular
novel.) Yes friends our Web sites are being more complicated from day to
day; and the web sites which has been produced by html is decreasing on the
net. The popular ones are php;asp;jsp and other technologies and with this
increasing the attacks are being more dangerous.

It's very common and unfortunately still an issue we have to deal with in
many web-aware applications. Internally the XSS WORM Team has been working
on several XSS Security projects to help mitigate and fix these security
issues, as well as to detect them in the code sources that are available
online so that they can be fixed a worm is developed.

According to a new study, up to over *90% of all (100%) web sites* may be
vulnerable to some form of security attack.

Prominent Jeremiah Grossman of WhiteHat Security (whitehat.com) — the Web
applications security founded by vulnerability scanning whiz Jeremiah
Grossman — concludes that as many as 90 percent of all the sites that it has
tested in the last year remain open to some form of hijack or infection.

The leading problem remains many sites' vulnerability to cross-site
scripting (XSS) hacks, through which attackers place malicious code on
legitimate sites to trick end users into handing over their personal
information or passwords.

As many as 75 percent of the pages scanned by WhiteHat had some form of
XSS-exploitable flaw, according to the paper. But it's not only XSS Worms
that application developers have to be conerned about - according to
Whitehat, Cross Request Forgery attacks are emerging as the "new .. [xss] "
and hackers are scrambling to update their virus engines.

"The best way to think about Response Splitting is that it's executed
similarly to Cross-Site Scripting (XSS) … *but more powerful*."  -- Jeremiah
Grossman

As in the rest of the online world, however, WhiteHat contends that XSS
threats top the list of vulnerability classes by vertical, followed closely
by Information Leakage.

"These statistics continue to reveal recurring and emerging issues that are
affecting Web sites across industries," said Grossman, who wears the title
of CTO at WhiteHat. "As increasing amounts of sensitive data are stored
online, WhiteHat remains vigilant about alerting companies to common attack
methods and emphasizing the importance of Web site vulnerability management
as part of their overall security posture."

The original security article source can be located at
http://weblog.infoworld.com/zeroday/archives/2007/10/study_90_percen.html

This is our introduction for the newest premium security information service
XSSworm.com : cross-site scripting attacks - we will be posting news and
updates on these topics and we welcome all of your comments on the topics of
Web 2.0 Security, Cross-Site Scripting, XSS Worms, XSRF Worms, Digg and
Social Networking worms, Youtube worms, Facebook worms, Web 2.0 Security and
XML and so much more.

Please pay our XSS page a visit and leave your comments! - only the most
relevant XSS security news and tools and comments only - no spam please your
blackhat SEO  tricks is not welcome here.

This email has been cross-posted for discussion on our XSS Security
Discussion Forum board: http://tiniuri.com/f/n7 - replies welcome on list or
on site. Thanks.

Regards

The XSSWorm . Com Security Team.

--
Francesco Vaj
CSS Security Researcher -- XSSworm.com
mailto:[EMAIL PROTECTED]
Aim: XSS Cross Site
http://www.XSSworm.com - Cross Site Scripting Attacks
Web 2.0 Application Security Information Blog 2007 

"Vaj, bella vaj."
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)

[reepex]

seriously. enough with the irc ass kissing.

On 10/26/07, don bailey <[EMAIL PROTECTED]> wrote:
> > Thank you, Captain Obvious - I specifically *said* that only one of them
> > needs to be blind spoofing.
> >
> >> only possible if sequence number is 100% (or close to 100%) predictable.
> >
> > And Michael Zalewski's work showed that even on many boxes that *claim*
> > to have RFC1948 randomization, you can do pretty well on the predicting.
> >
>
> Seriously. Enough with the asterisks.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Sacure

[whupass]

The truth about Sacure is that they have little to no capabilities 
or talent what so ever. Their website has been malfunctioning since 
well before August 2007 and they never caught it.  Why would anyone 
hire a “Managed Security” company that can’t detect issues in their 
own network? How the hell are they going to detect issues in yours?

Reference:

http://lists.grok.org.uk/pipermail/full-disclosure/2007-
October/067050.html 

Furthermore, Sacure has a broken customer portal. How would a 
“leader” in “Managed Security Services” not notice that their 
customer portal was broken? When you try to login to the portal you 
get an error that shows “Query failed : Table 
‘sacure123.assessment’ doesn’t exist”. The obvious comes to mind; 
Sacure must not have any customers that use their “Managed Security 
Service”… so… how are they a leader again?

In addition Sacure also claims that they are “Professional Security 
Service” experts. This is obviously bullshit. When you read through 
the materials on their website you find things like references to 
XSS (“Cross-Site Shipping”). What the fuck is that? Are they going 
to send UPS to assess your network? Last time I checked XSS was 
Cross-Site Scripting.

Reference:

http://lists.grok.org.uk/pipermail/full-disclosure/2007-
October/067065.html

I wish that people in the security community would take the time to 
expose the “fake” security companies like Sacure for what they 
really are. This would help innocent buyers who do not know any 
better to avoid companies like Sacure. It would help them to avoid 
being ripped off. 

Sacure… it’s a fucking joke.


On Fri, 26 Oct 2007 00:27:34 -0400 scott 
<[EMAIL PROTECTED]> wrote:
>First off,it's on GoDaddy (dot)com.That should be the first 
>pointer.
>
>
>
>Michael Bann wrote:
>> Maybe it's a joke. :-)
>>
>> Fabrizio wrote:
>>> Way too much info.
>>>
>>> Let's map out some tables names now
>>>
>>> http://www.sacure.com/login_process.php
>>>
>>> On 10/25/07, *Juha-Matti Laurio* <[EMAIL PROTECTED]
>>> > wrote:
>>>
>>>
>http://www.sacure.com/news/home/sacure-to-offer-security-staffing-
>and-consulting-services/
>>>
>>> generates the same result as well.
>>>
>>> - Juha-Matti
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> 
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>> 
>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)

[Valdis . Kletnieks]

On Fri, 26 Oct 2007 18:03:27 +0400, 3APA3A said:

> I  afraid  you  misunderstanding  or  misinterpreting results of Michael
> Zalewski's  work  (which is, by the way, last real "hack" in the initial
> meaning  of this word in the field of computer security). In most cases,
> you have good probability to guess SN after some number of guesses. E.g.
> for  Windows NT 4 you have 100% probability after 5000 guesses. There is
> no  OS  with  100% or even 50% probablity after 1 guess. And you have to
> remember,  that  result  of  the  guess is not known to you immediately,
> because you are spoofing blindly.

I'm fully aware of that.  How is that any different than the *many* exploits
we've seen that have to launch the attack a number of times with different
offsets because the "right" one can't be predicted?

Not every exploit triggers 100% the first time.  Deal with it.


pgpoLZCheFy5T.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Sacure (A. Jodoin)

[alexandre jodoin]

In fine prints, at the end of the document (Pen Test Whitepaper) :

"While every precaution has been taken in the preparation of this document, 
Sacure assumes no responsibility for errors,
omissions or damages resulting from the use of the information herein."

What a joke...
_
R U Ready for Windows Live Messenger Beta 8.5? Try it today!
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] RealPlayer vuln - versions affected?

[TERRY HE]

Yes, according to the advisory from secunia.

Terry

On 10/26/07, Murray, Mike <[EMAIL PROTECTED]> wrote:
>
>  Anyone know if RealPlayer Enterprise is affected?
>
>
>
> Mike
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Sacure (A. Jodoin)

[Michael Holstein]

>
> WTF is cross-site shipping ???

A way to implement RFC 1149.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] RealPlayer vuln - versions affected?

[Murray, Mike]

Anyone know if RealPlayer Enterprise is affected?

 

Mike

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Sacure (A. Jodoin)

[Juha-Matti Laurio]

When typing these words _shipp_ing and script_ing_ these keys aren't even near 
each other on the keyboard... :)
 
- Juha-Matti

alexandre jodoin <[EMAIL PROTECTED]> wrote: 
> 
> >> How can security companies protect us if they can't even configure their 
> >> shit right?
>  
> More on that :
> >From their "Pen Test Whitepaper" on http://www.sacure.com/index.php
> "The Web-based authentication is exploited by using XSS (cross-site shipping) 
> or SLQ injection or MITM (Man-in-the-Middle) attacks."
>  
> WTF is cross-site shipping ???
> :)
> _
> Are you ready for Windows Live Messenger Beta 8.5 ? Get the latest for free 
> today!
> http://entertainment.sympatico.msn.ca/WindowsLiveMessenger

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)

[don bailey]

> Thank you, Captain Obvious - I specifically *said* that only one of them
> needs to be blind spoofing.
> 
>> only possible if sequence number is 100% (or close to 100%) predictable.
> 
> And Michael Zalewski's work showed that even on many boxes that *claim*
> to have RFC1948 randomization, you can do pretty well on the predicting.
> 

Seriously. Enough with the asterisks.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Using GPUs to crack hashes

[rx8volution]

I wrote about it a little more... compiled some information.

http://www.ishackingyou.com/content/elcomsoft-brute-force-craking-using-nvidia-gpu

Elcomsoft and their insane little ideas... bah!  Good thing this is only
good for brute-force attacks... *gulp*

RX8volution

North, Quinn wrote:
> Looks I now have something to do with my idle SLi cycles! 
>
> < 
> http://technology.newscientist.com/article.ns?id=dn12825&feedId=online-news_rss20
>  >
>
>
> --=Q=--
>  
> This email is intended for the recipient only.  If you are not the intended 
> recipient please disregard, and do not use the information for any purpose.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>   

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Sacure (A. Jodoin)

[alexandre jodoin]

>> How can security companies protect us if they can't even configure their 
>> shit right?
 
More on that :
>From their "Pen Test Whitepaper" on http://www.sacure.com/index.php
"The Web-based authentication is exploited by using XSS (cross-site shipping) 
or SLQ injection or MITM (Man-in-the-Middle) attacks."
 
WTF is cross-site shipping ???
:)
_
Are you ready for Windows Live Messenger Beta 8.5 ? Get the latest for free 
today!
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)

[3APA3A]

Dear [EMAIL PROTECTED],


VKve> Thank you, Captain Obvious - I specifically *said* that only one of them
VKve> needs to be blind spoofing.

There  is  a  difference  between "you needn't" and "you can't" and "you
won't".  You  say you needn't spoof another one. I say you won't and you
can't.

VKve> And Michael Zalewski's work showed that even on many boxes that *claim*
VKve> to have RFC1948 randomization, you can do pretty well on the predicting.

I  afraid  you  misunderstanding  or  misinterpreting results of Michael
Zalewski's  work  (which is, by the way, last real "hack" in the initial
meaning  of this word in the field of computer security). In most cases,
you have good probability to guess SN after some number of guesses. E.g.
for  Windows NT 4 you have 100% probability after 5000 guesses. There is
no  OS  with  100% or even 50% probablity after 1 guess. And you have to
remember,  that  result  of  the  guess is not known to you immediately,
because you are spoofing blindly.

-- 
~/ZARAZA http://securityvulns.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)

[Valdis . Kletnieks]

On Fri, 26 Oct 2007 12:41:37 +0400, 3APA3A said:

> So,  generally, 1. there is no reason to spoof both connections. 2. it's

Thank you, Captain Obvious - I specifically *said* that only one of them
needs to be blind spoofing.

> only possible if sequence number is 100% (or close to 100%) predictable.

And Michael Zalewski's work showed that even on many boxes that *claim*
to have RFC1948 randomization, you can do pretty well on the predicting.


pgpzX7ttU4qRY.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)

[3APA3A]

Dear [EMAIL PROTECTED],

During  blind  TCP  spoofing  you can send data, but you can not receive
one.  That's  why  it's  blind. The general idea is to insert some data,
e.g.  commands  into telnet session or HTTP request into established TCP
connection.  Usually, you have only one packet to insert, because, after
connection is spoofed, sequence number go out of order and hijacked side
will  reply with RST (unless you can blindly guess both sequence numbers
and predict the moment another side will sent some data with accuracy of
approximately  100ms.  In this case both sides can consider extra packet
as  a  duplicate and ignore it).

So,  generally, 1. there is no reason to spoof both connections. 2. it's
only possible if sequence number is 100% (or close to 100%) predictable.

--Friday, October 26, 2007, 1:14:23 AM, you wrote to [EMAIL PROTECTED]:

VKve> On Fri, 26 Oct 2007 00:43:10 +0400, 3APA3A said:

>>  Randomized ISN doesn't protect against MitM.

VKve> Doing  a  MitM  is  basically just spoofing two connections at the
VKve> same  time. If you know how to do one, you know how to do two. And
VKve> if  you  know  how  to do one of them *blind*, it vastly increases
VKve> your  options  (as  you only need to be able to see the traffic in
VKve> one direction rather than both).





-- 
~/ZARAZA http://securityvulns.com/
Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его 
прочитать. (Твен)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] FLEA-2007-0060-1 initscripts

[Foresight Linux Essential Announcement Service]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0060-1
Published: 2007-10-26

Rating: Trivial

Updated Versions:
initscripts=/[EMAIL PROTECTED]:devel//[EMAIL 
PROTECTED]:1-devel//1/8.33-2.9-1
group-dist=/[EMAIL PROTECTED]:1-devel//1/1.4.1-0.1-10

References:
https://issues.rpath.com/browse/RPL-1825

Description:
Previous versions of the initscripts package do not set sufficiently
restrictive permissions on the /var/log/btmp file, leading to an
information exposure issue in which users' passwords may be revealed to
unprivileged users in cases when the passwords have been inadvertently
entered as usernames at some login prompts.

Because sshd detects the incorrect permissions on /var/log/btmp and
thus does not log failed authentications (instead issuing a warning
about the file permissions to /var/log/secure), and gdm does not
log the user name, this vulnerability is generally limited to failed
logins at the system text console or over a local serial port.

- ---

Copyright 2007 Foresight Linux Project
Portions Copyright 2007 rPath Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRyGm4tfwEn07iAtZAQKJTg/+N7ZMGHsvcbaYFUG+OBZUm0BORGj1UzYP
U2zkGY5XdBVIeDXeNOT4HJdOkMzORC7M4az6EEzqa9UU9TBOkcRZMvz9gF/bu14O
KqTfB5QhHkvQzpB9/ExMgnvayvugwtDMnQq1KuDSyKsCKHyc4spp3vdH9F5KylZz
EHKJYmNaJKwU8Sbs9UhLKcgNb+Lxd+SfQlYSABfd3tXWcDkQgJaaTzMvskDu5w/i
NTGB33MnCwJIoIjYWEndD+aitRrq/yAE5bVq7cS0vQWpi/yvv85HSbruMAmXqlTz
Q1mL8kud7K2a0Nh2d1yr4TYYndArP6W6J9/lLh0ev/b3kMq0S5KmZDvKTEdymMAJ
sZueikAVpnIfKUFao4zlnSLyS716FHCgnoizp0pJ5HI4MbGQnhIdZz/YWymUiADE
THGcP8rbX2bR7pKeXcvF0M4hWZ5tiXGXXjvRUFCmvRZLCVnbqVCqoW4m5UpQixa0
NxsVUG34XMXfb8hcmPt1UviQeKCbrJelsU+NFQCLpEqZfg6Bme+Kez/x7U9xXxON
NfbxN4t4fwZTmHnv/rG6j/cr1/1IsABC8bzWWCZhdJ56j/CC41Y/Gz1BpM18Y9e/
nT1Xuejgge3rlO/w+mhVr27ZUX7Zzx0G/G8PkyQptylX4bHrx4iqNa5h/x6A6mtS
Cz27HdtuXqg=
=/cpa
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] TCP Hijacking (aka Man-in-the-Middle)

[A . L . M . Buxey]

hi,

theres a possibility there - but if you're on the same network and
there is no seperation protection then there are lots of other
tools and methods that could be used to stick your box as a man-in-middle
if new or unsure you need to look for, eg gratuitous ARP, ARP poisoning,
Cain & Able... a few pointers to get you on the wrong side of your
network admin ;-)

alan

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/