[Full-disclosure] Fwd: Chat with Dude VanWinkle
-- Forwarded message -- From: worried security [EMAIL PROTECTED] Date: Dec 21, 2007 9:40 AM Subject: Re: Chat with Dude VanWinkle To: Dude VanWinkle [EMAIL PROTECTED] On Dec 20, 2007 4:43 AM, Dude VanWinkle [EMAIL PROTECTED] wrote: These messages were sent while you were offline. 4:43 AM Dude: oh noes, are you part of netdev? Yes, and everyone else is in the security community. We have over 3600 members currently. We're made up of: online news journalists, corporate security, government security, military defense, intelligence service, law inforcement and freelance ethical hackers. Of course, there will be members of n3td3v that are greyhat,blackhat and click and play script kiddiots in their bedrooms. although those folks will find it hard to operate here because the vast majority of our members are whitehats, and will report anything suspicious, wrong, or illegal to the proper authorities, if they are not the proper authority themselves. http://groups.google.com/group/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( F - )
On Dec 20, 2007 7:19 PM, SecReview [EMAIL PROTECTED] wrote: 1.) What are your qualifications for reviewing these companies? We are a team of security professionals that have been performing a wide array of penetration tests, vulnerability assessments, web application security services etc. One of our team members has founded two different security companies both of which have been very successful and have offered high quality services. Yes we have all sorts of pretty little certifications, but those don't really matter. So this is basically a tacit admission that every one of your team has something to gain by smearing the competition. At this point, I'm inclined to believe that the firms you've scored favorably are your employers. You're not only incompetent, it seems that you're unethical as well. Not that I'm surprised. PaulM ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Chat with Dude VanWinkle
On Dec 21, 2007 11:05 AM, php0t [EMAIL PROTECTED] wrote: We're made up of: online news journalists, corporate security, government security, military defense, intelligence service, law inforcement and freelance ethical hackers. You are one of the most delusional people I have ever encountered on the internet. Keep the trollware coming, thanks! :-)) p. So whats your expert analysis of who are members of the n3td3v news group, considering I only advertise it on Full-Disclosure. Valdis, you can come in on this one I don't think I am delusional that the group is made up of those folks. My plan is to get an elite group of people from all sections of security society built up, so in the long term we won't need a secunia sponsored mailing list. I fucking hate secunia, and I refuse to post anything serious on this list as long as this list is sponsored by them. In 5 to 10 years n3td3v should be an elite force of people from corporate,government,military,intelligence,law and freelance ethical hackers that is way bigger than any other group on the internet. l0pht,phrack,milw0rm,funsec will all be small fish compared to my elite group. We are building up the capability for the future, Yes we are an easy target for php0t etc right now, but in the future we will be the biggest on the internet in the long term. To build up something big doesn't happen with a few spam runs on Full-Disclosure, it takes a 20 year effort to build up a user base and become the biggest security group around. So those who laugh about n3td3v won't be laughing tomorrow. Its all about tomorrow right now, not today. php0t e-mails me everytime I post on Full-Disclosure to make fun of me... so now I post one of his e-mails on Full-Disclosure. Stop sucking up Secunia's arse crack, we all need to move off this list. Full-Disclosure was good back in the day when it was run by Len Rose and Netsys, its just a load of bollox now that its been hi-hacked by Secunia. Check out these people, everyone dispises them... everyone should troll this peice of shit until Secunia pull out. http://www.securityfocus.com/brief/640 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Providers - Exposed] Audit Serve, Inc. ( F- )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So, because I disagree strongly with your actions I must be the subject of your review? Clearly, your progenitors were swimming in the shallow end of the gene pool when they set about screwing your sorry excuse for a brain into existence. You obviously didn't understand the salient points of my reponse, so lets try it again: . It is perfectly possible to create a complex system and offer it to customers cheaply, even if the volumes are not enough to cover ones costs. This is known as loss leading, and as I explained, is a reasonable way to upsell more comprehensive and therefore more costly services. This sort of thing is Sales and Marketing 101 and should be quite obvious to even your neuron-challenged grey-matter. . You gave an F for poor quality service (your words), without buying a service. QED. It is quite obvious that the we you refer to is just you and the reviews you are purporting to offer are simply a transparent way of getting something published to help you apply for a job. So, with that in mind, consider this: What potential employer is going to consider your published works, when the entire (mercifully so far only one) collection is to be reviews of goods and services you have not actually seen or received. At this point, the unutterable stupidity of this is so monumental that a cogent analogy of the requisite gravity escapes me. Finally, your last quote is priceless: Not even sure why people would use your service instead of going direct to Qualys. It's called re-selling. Go back to school skiddie, you have no place here and no place in the trade. SR On Tue, 18 Dec 2007 18:07:03 + SecReview [EMAIL PROTECTED] wrote: It is not highly possible that they have developed a high quality automated tool that covers all the basis because their price points are not high enough to afford them a good development team. In conjunction, they clearly advertise the use of QualysGuard all over their website which is not their own tool. It is more likely that they are a rubber stamp shop of approval that make a buck by enabling their customers to put a check in the box. Frankly, thats not security, thats even a a disservice. They are for all intents and purposes selling a false sense of security to customers who don't know any better. That said, I'd have to guess that you are Mitchell H. Levine as you've taken this post so personally. If you are, then why don't you improve the quality of your service offerings so that we can give you a better review. As it stands, you've received an F- because of the poor quality of your service. Not even sure why people would use your service instead of going direct to Qualys. Cheers On Tue, 18 Dec 2007 05:39:48 -0500 SilentRunner [EMAIL PROTECTED] wrote: Are you an idiot? It is certainly more than possible that Audit Serve are a low quality one-size-fits-all merchant. It is also equally possible that they have developed a high quality automated tool that covers all the basics and provides them a lead to upsell more advanced services. That's business, you get what you pay for. You don't know because you read their website with the critical eye of a self-important nerd, trying to be something you aren't (IE professional). You might as well write a car review by reading the financial reports of the car manufacturer. What you should have done at the very least is purchased their service and asked them to test elements of your pre-configured and properly baselined honey-net against known criteria. I'm guessing that your student loan doesn't stretch beyond partying or you might have produced something useful, muppet. SR On Mon, 17 Dec 2007 20:46:59 + secreview [EMAIL PROTECTED] wrote: We found Audit Serve, Inc., run by Mitchell H. Levine, by searching for Penetration Testing on Google. Audit Serve, Inc. offers, IS Auditing, Integrated Auditing, Sarbanes-Oxley Implementation Services, Sarbanes-Oxley Ongoing Compliance Services, PCI, Security andInternet Vulnerability Assessment Penetration Testing Services.Our first impression of Audit Serve, Inc. was that they were a rubber stamp of approval shop that offers services that will do nothing to truly raise your proverbial security bar but will let you fill in your security checklist. This impression was made so quickly because of the $495.00 price quote on their main page. It reads Internet Vulnerability Assessment Penetration Testing starting at $495. (Just as an FYI, it is impossible to perform any human driven professional security services for that price. The cost of talent is simply too high.)When digging into their services we quickly realize that our initial impression of Audit Serve was accurate. They are in fact a rubber stamp of approval shop. Their security service deliverables appear to be the product of automated scanners (QualysGuard) and not the product of human talent. This also coincides with them being able to offer Internet
Re: [Full-disclosure] Fwd: Chat with Dude VanWinkle
Yes we are an easy target for php0t etc right now, but in the future we will be the biggest on the internet in the long term. I didn't know 'being targetted' means somebody replies to one of your mails (OFF LIST!) to express an opinion. What is going to change about this in the long term? Is a laser satellite going to vaporize me from outer space if I happen to mail you? php0t e-mails me everytime I post on Full-Disclosure to make fun of me... You are making fun of yourself. I am only appreciating your work: sending you a laugh in private. Do you mind? Too bad. For the record, I only replied to your last two trollmails. so now I post one of his e-mails on Full-Disclosure. Right on. Why, exactly? everyone should troll this peice of shit until Secunia pull out. Oh, so THIS is why. I never would have guessed. php0t ps: sorry for all future spam / trollware you might get from this n3td3v person claiming I am the reason. This is my last email to the list on this subject - so merry xmas happy new year to all. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] For Christmas..
I believe the BackTrack guys get some of it and put the rest back into Offensive Security. See http://www.remote- exploit.org/news.html, June 07. Elazar On Thu, 20 Dec 2007 20:02:03 -0500 Matthew Hall [EMAIL PROTECTED] wrote: gmaggro wrote: ..it would be a nice touch if everyone sent a few dollars to the projects or authors of the security tools they use. I have donated a bit already to some of my favourites, but I'm only one person. Alot of folks have worked hard to bring us some good shit, let's give a little back. In fact, let's give alot more back then we have been doing, collectively (ugh) speaking. Think of it as enlightened self-interest; helping these folks out makes it far more likely you'll see even more good stuff from them in the future. That's an awfully self-less gesture :) Any ideas which projects 'deserve' the money? There are a lot of sec projects, and not a lot of money ;) Personally, i'll give to Backtrack (but that's not really giving back to the developers), Nikto guys and Phenoelit. I don't remember paypal donate type things, or any of these guys being regular hacker profiteering types though... Matt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html -- Click here to find the perfect banking opportunity! http://tagline.hushmail.com/fc/Ioyw6h4etVLCKIVAyVb1MR4W3G3NCBNaOEqaxc73JbNNlBBnIQy1WA/ Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( A + )
PaulM: You'd be right only if you weren't wrong. That being said, we're not going to talk to the trolls any more. While it might be amusing it's a waste of our time, and our readers time. We will continue to write reviews and will continue to be as honest and truthful as possible during our reviews. Likewise, if any of our legitimate readers have any questions or comments about our blog, we'd very much appreciate them. We especially want people to comment if they have worked with a vendor that we have assessed, we want to know your experience. Other than that, thanks for your time and thanks for reading! On Fri, 21 Dec 2007 07:00:40 -0500 Paul Melson [EMAIL PROTECTED] wrote: On Dec 20, 2007 7:19 PM, SecReview [EMAIL PROTECTED] wrote: 1.) What are your qualifications for reviewing these companies? We are a team of security professionals that have been performing a wide array of penetration tests, vulnerability assessments, web application security services etc. One of our team members has founded two different security companies both of which have been very successful and have offered high quality services. Yes we have all sorts of pretty little certifications, but those don't really matter. So this is basically a tacit admission that every one of your team has something to gain by smearing the competition. At this point, I'm inclined to believe that the firms you've scored favorably are your employers. You're not only incompetent, it seems that you're unethical as well. Not that I'm surprised. PaulM Regards, The Secreview Team http://secreview.blogspot.com -- Click for free information on accounting careers, $150 hour potential. http://tagline.hushmail.com/fc/Ioyw6h4dCaRmEr952Q9rDz2W8lHgc6veIDv3aadT6aNuLUwzQUCOfu/ Professional IT Security Service Providers - Exposed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( A + )
Unless I missed something, these seemed like legitimate responses. They may not have all been delivered with tact, but I mean, you are on FD, what did you expect? I think some valid points are brought up about your credentials and your process. Nate On 12/21/07, SecReview [EMAIL PROTECTED] wrote: PaulM: You'd be right only if you weren't wrong. That being said, we're not going to talk to the trolls any more. While it might be amusing it's a waste of our time, and our readers time. We will continue to write reviews and will continue to be as honest and truthful as possible during our reviews. Likewise, if any of our legitimate readers have any questions or comments about our blog, we'd very much appreciate them. We especially want people to comment if they have worked with a vendor that we have assessed, we want to know your experience. Other than that, thanks for your time and thanks for reading! On Fri, 21 Dec 2007 07:00:40 -0500 Paul Melson [EMAIL PROTECTED] wrote: On Dec 20, 2007 7:19 PM, SecReview [EMAIL PROTECTED] wrote: 1.) What are your qualifications for reviewing these companies? We are a team of security professionals that have been performing a wide array of penetration tests, vulnerability assessments, web application security services etc. One of our team members has founded two different security companies both of which have been very successful and have offered high quality services. Yes we have all sorts of pretty little certifications, but those don't really matter. So this is basically a tacit admission that every one of your team has something to gain by smearing the competition. At this point, I'm inclined to believe that the firms you've scored favorably are your employers. You're not only incompetent, it seems that you're unethical as well. Not that I'm surprised. PaulM Regards, The Secreview Team http://secreview.blogspot.com -- Click for free information on accounting careers, $150 hour potential. http://tagline.hushmail.com/fc/Ioyw6h4dCaRmEr952Q9rDz2W8lHgc6veIDv3aadT6aNuLUwzQUCOfu/ Professional IT Security Service Providers - Exposed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( A + )
I believe your answers are definitely more trollish and kiddie-like than the legitimate responses, despite the aggressive or tactless comments, as Nate mentioned. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( A + )
I agree with Nate. It's odd how you dismiss any critics as 'trolls,' and only believe that people who compliment your efforts are 'legitimate readers.' As an author and public speaker I know that I get the most value from people who critique my work because they help me to improve. Sure, being slapped on the back feels good, but having someone point out my mistakes helps me to fix them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nate McFeters Sent: Friday, December 21, 2007 2:08 PM To: SecReview Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( A + ) Unless I missed something, these seemed like legitimate responses. They may not have all been delivered with tact, but I mean, you are on FD, what did you expect? I think some valid points are brought up about your credentials and your process. Nate On 12/21/07, SecReview [EMAIL PROTECTED] wrote: PaulM: You'd be right only if you weren't wrong. That being said, we're not going to talk to the trolls any more. While it might be amusing it's a waste of our time, and our readers time. We will continue to write reviews and will continue to be as honest and truthful as possible during our reviews. Likewise, if any of our legitimate readers have any questions or comments about our blog, we'd very much appreciate them. We especially want people to comment if they have worked with a vendor that we have assessed, we want to know your experience. Other than that, thanks for your time and thanks for reading! On Fri, 21 Dec 2007 07:00:40 -0500 Paul Melson [EMAIL PROTECTED] wrote: On Dec 20, 2007 7:19 PM, SecReview [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: 1.) What are your qualifications for reviewing these companies? We are a team of security professionals that have been performing a wide array of penetration tests, vulnerability assessments, web application security services etc. One of our team members has founded two different security companies both of which have been very successful and have offered high quality services. Yes we have all sorts of pretty little certifications, but those don't really matter. So this is basically a tacit admission that every one of your team has something to gain by smearing the competition. At this point, I'm inclined to believe that the firms you've scored favorably are your employers. You're not only incompetent, it seems that you're unethical as well. Not that I'm surprised. PaulM Regards, The Secreview Team http://secreview.blogspot.com -- Click for free information on accounting careers, $150 hour potential. http://tagline.hushmail.com/fc/Ioyw6h4dCaRmEr952Q9rDz2W8lHgc6veIDv3aadT6aNuL UwzQUCOfu/ Professional IT Security Service Providers - Exposed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Chat with Dude VanWinkle
On Dec 21, 2007 1:11 PM, worried security [EMAIL PROTECTED] wrote: On Dec 21, 2007 11:05 AM, php0t [EMAIL PROTECTED] wrote: We're made up of: online news journalists, corporate security, government security, military defense, intelligence service, law inforcement and freelance ethical hackers. You are one of the most delusional people I have ever encountered on the internet. Keep the trollware coming, thanks! :-)) p. So whats your expert analysis of who are members of the n3td3v news group, considering I only advertise it on Full-Disclosure. Valdis, you can come in on this one I don't think I am delusional that the group is made up of those folks. So php0t, answer my question instead of snipping it out of your last e-mail, and we await input from Valdis.Kletnieks. If you're an expert, please give me the members of my group, and remember I have an advantage of having the list of the members sitting infront of me, you don't. So tell me what i'm delusional about exactly. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Buffer-overflow in WinUAE 1.4.4
###
Luigi Auriemma
Application: WinUAE
http://www.winuae.net
Versions: = 1.4.4
Platforms:Windows
Bug: buffer-overflow
Exploitation: local
Date: 21 Dec 2007
Author: Luigi Auriemma
e-mail: [EMAIL PROTECTED]
web:aluigi.org
###
1) Introduction
2) Bug
3) The Code
4) Fix
###
===
1) Introduction
===
WinUAE is the most known and used Amiga emulator for Windows.
A note about this advisory:
UAE (and consequently WinUAE) is affected by some design bugs which
introduce other security problems (as pointed by the same developer)
so I focused only on the following non-design security bug.
###
==
2) Bug
==
WinUAE supports various types of compressed floppy disk images.
Gzip compression (images with gz, adz, roz and hdz extensions) is
handled by an internal function called zfile_gunzip in which is used a
stack buffer of 1000 (MAX_DPATH) bytes for including the name of the
file available in the gzipped archive.
The instructions which copy the name from the archive to the buffer
don't check it's length allowing an attacker to exploit the subsequent
buffer-overflow for executing malicious code.
From zfile.c:
struct zfile *zfile_gunzip (struct zfile *z)
{
uae_u8 header[2 + 1 + 1 + 4 + 1 + 1];
z_stream zs;
int i, size, ret, first;
uae_u8 flags;
long offset;
char name[MAX_DPATH];
uae_u8 buffer[8192];
...
do {
zfile_fread (name + i, 1, 1, z);
} while (name[i++]);
...
###
===
3) The Code
===
http://aluigi.org/poc/winuaebof.zip
###
==
4) Fix
==
Version 1.4.5
###
---
Luigi Auriemma
http://aluigi.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Title: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability CA Vuln ID (CAID): 35970 CA Advisory Date: 2007-12-19 Reported By: Ingres Corporation Impact: Attacker can gain elevated privileges. Summary: A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected. The vulnerability, CVE-2007-6334, is associated with users who connect after the first user being assigned the privileges and identity of the first user. In all reported instances, the application (typically an ASP.NET application using the Ingres ODBC driver) was running on Microsoft IIS Web server, and with the Integrated Windows Authentication (IWA) option enabled. While IWA is not enabled by default, it is a commonly used option. It should be noted that the Ingres .NET data provider is not affected. Mitigating Factors: The vulnerability exists only on Windows systems running Microsoft IIS Web server that have the Integrated Windows Authentication (IWA) option enabled. Severity: CA has given this vulnerability a High risk rating. Affected Products: All CA products that embed Ingres 2.5 and Ingres 2.6, and also run Microsoft IIS Web server with the Integrated Windows Authentication (IWA) option enabled. Affected Platforms: Windows Status and Recommendation (URLs may wrap): Ingres has issued the following patches to address the vulnerabilities. Ingres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch- 2.6.0701.12467-win-x86.zip Ingres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch- 2.6.0701.12473-win-x86-DBL.zip Ingres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch- 2.5.0605.12291-win-x86.zip Potential problems installing the patches: While testing these patches, CA identified an install issue when the user is presented with the option to make a backup of the Ingres installation. In cases where a space is in the path, the path is not properly read. The backup does get taken and is by default stored in the %II_SYSTEM%\ingres\install\backup directory. Additionally, if the user happens to press the Set Directory button, the path will be displayed. Clicking ok will result in a message stating ... spaces are not supported in paths... . This also is an error; pressing cancel will return the user to the first screen with the default path, and while the displayed path is terminated at a space, the actual path does work. To avoid this issue, use DOS 8.3 definitions (ex. C:\progra~1\CA\ingres). How to determine if you are affected: Check the %II_SYSTEM%\ingres\version.rel file to identify the Ingres version. If the installed version of Ingres 2.6 is a Double-Byte version (should have DBL referenced), please download the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch. Workaround: None References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Important Security Notice for Customers Using Products that Embed Ingres on Microsoft Windows ONLY http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp Solution Document Reference APARs: N/A CA Security Response Blog posting: CA Products That Embed Ingres Authentication Vulnerability http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.asp x CA Vuln ID (CAID): 35970 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970 Reported By: Ingres Corporation http://ingres.com/support/security.php http://ingres.com/support/security-alertDec17.php CVE References: CVE-2007-6334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334 OSVDB References: 39358 http://osvdb.org/39358 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our Submit a Vulnerability form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFHbBONeSWR3+KUGYURAtV8AKCHCW/DwVR5vSoekJzV4NUHTchVOgCfZbvv rcXOC6qogf8vSaNQPgTFWfI= =WFZ6
[Full-disclosure] AOL Instant Messenger AIM 6.0 or 6.5 Beta or higher local zone XSS
Sorry for the brief post but Im still able to bypass filters that aol has put in place. So again with frustration I come to FD to imply pressure on a company to patch correct. From reading feedback from AOL they feel the vulnerability is put to bed and requires no more attention. I am not posting 0day PoC only currently patched examples. Do not use any AIM 6 or higher client. old PoC http://before0day.com/Lists/Posts/Post.aspx?ID=3 references http://www.wired.com/politics/security/news/2007/12/aim_hack http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199 http://talkback.zdnet.com/5208-12691-0.html?forumID=1threadID=41986messageID=785355start=-1 greets: HaZe, illwill,kurupt Michael Evanchik http://before0day.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hikaru
All, I read a paper last night titled The Geometry of Innocent Flesh on the Bone (http://www.cse.ucsd.edu/~hovav/). It described a technique similar to return-into-libc. The utility I'm attaching (hikaru) implements an automated binary analysis to determine possible instructions (gadgets, per the article) that can be used for this exploitation method. See the included README for detailed usage instructions. - Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hikaru
It would help if I attached the file wouldn't it? - Ben All, I read a paper last night titled The Geometry of Innocent Flesh on the Bone (http://www.cse.ucsd.edu/~hovav/). It described a technique similar to return-into-libc. The utility I'm attaching (hikaru) implements an automated binary analysis to determine possible instructions (gadgets, per the article) that can be used for this exploitation method. See the included README for detailed usage instructions. - Ben hikaru-0.1b.tar.gz Description: application/gzip-compressed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hikaru
On Dec 21, 2007 5:36 PM, Ben [EMAIL PROTECTED] wrote: All, I read a paper last night titled The Geometry of Innocent Flesh on the Bone (http://www.cse.ucsd.edu/~hovav/). It described a technique similar to return-into-libc. yes, this is fun stuff :) ''' Our thesis: In any sufficiently large body of x86 executable code there will exist sufficiently many useful code sequences that an attacker who controls the stack will be able, by means of the return-into-libc techniques we introduce, to cause the exploited program to undertake arbitrary computation. ''' 10 pts to the first person using this approach to dlopen for full arbitrary execution :) so which is more useful in practice, NX or ASLR? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Chat with Dude VanWinkle
On Fri, 21 Dec 2007 13:11:22 GMT, worried security said: In 5 to 10 years n3td3v should be an elite force of people from corporate,government,military,intelligence,law and freelance ethical hackers that is way bigger than any other group on the internet. The only problem is that the talent pool is quite shallow, and there simply aren't enough people to make a group that's both an elite force and way bigger. It's even more difficult when you consider that most of the actually elite people are already busy with membership in too many groups already, and won't be interested in joining another one unless they see some *clear* benefit not already provided by any groups they are already in. pgpsz57CXqfEm.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
