Re: [Full-disclosure] ASUS Eee PC rooted out of the box
On Sat, 09 Feb 2008 21:29:59 GMT, worried security said: the netdev agenda supports reepex. Gonna be a long hard haul to world domination with that reepex dragging along behind you slowing you down... pgpStw4HS2rQ8.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Joey, here's a pic of you that I took on that special day! http://www.movv.com/prvupload/uploads/super_retard_stfu.jpg Paul Schmehl wrote: --On Monday, February 11, 2008 13:10:09 -0500 Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOL. PICS PICS! I wouldn't have thought that his death would be a laughing matter. Considering he was only 31, it's rather tragic. (And no, the original post was not a joke, and yes, he really did die.) -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
On Feb 11, 2008 8:21 PM, Abilash Praveen [EMAIL PROTECTED] wrote: If Justin was good at securities he wouldn't have kept his mother's name as his security question, however I agree with n3td3v. His mother's name was a very loose example of the possibilities, but I don't want to give the bad guys any ideas that could mean a serious crime be commited, but yeah, i'm sure the good guys around here with an evil mind for potentials can see what i'm trying to spell out. Regards, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability
ZDI-08-004: Adobe Acrobat Javascript for PDF Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-004.html February 11, 2008 -- Affected Vendor: Adobe -- Affected Products: Reader 8.1.1 and earlier versions Acrobat 8.1.1 and earlier versions -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5941. For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file.. The specific flaw exists in the parsing of embedded JavaScript code within PDF documents. When the function printSepsWithParams() is called with certain malicious parameter values an integer overflow can occur resulting in a memory corruption. This may be subsequently leveraged to execute arbitrary code under the privileges of the current user. -- Vendor Response: Adobe has issued an update to correct this vulnerability. More details can be found at: http://www.adobe.com/support/security/advisories/apsa08-01.html -- Disclosure Timeline: 2007.11.14 - Vulnerability reported to vendor 2008.02.11 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-08-005: Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability
ZDI-08-005: Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-005.html February 11, 2008 -- CVE ID: CVE-2008-0639 -- Affected Vendor: Novell -- Affected Products: Novell Netware Client -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID . For further product information on the TippingPoint IPS: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. The EnumPrinters function exposed by this DLL contains a logical flaw allowing an attacker to bypass a patch introduced to prevent the vulnerability described in ZDI-07-045. Exploitation of this vulnerability leads to arbitrary code execution in the context of the SYSTEM user. -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: http://download.novell.com/Download?buildid=SszG22IIugM~ -- Disclosure Timeline: 2007.12.11 - Vulnerability reported to vendor 2008.02.11 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Anonymous and Avosani Gabriele. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo
You have the same feeling as what I had a couple of years back when my 23 years old friend (only son for his parents and a Microsoft VIP) passed away in his sleep. Everything seems to be a vanity when someone very good and contributing to technology passes away. We all work so hard, and when we die - we have nothing to take with us. None of the praises are going to help Justin or his family now. He is missed and missed forever! I fear eternal life now. On 2/12/08, Gadi Evron [EMAIL PROTECTED] wrote: I was just woken up with the news of Justin's death and am unsure what to think or how to respond--I need to. I feel things are left unfinished, a light just disappeared without warning, and all I can think of is what I said to him, when and where. Was I nice? Was I respectful? Did I always treat him right? What could I do differently? What will our small corner of the universe look like without him? What's clear is that he was a good guy who strove to always do better and was not afraid of voicing his opinion or making himself heard. He was also quick to apologize when necessary. His opinions never stopped him from seeing the person on the other side. He took subjects he discussed seriously, but never lost sight of the fun. He never stopped learning and he evolved a great deal over the past couple of years in which I had the opportunity to know him. One day, I was hoping to meet him. He was a good guy. He became an integral part of our community and only now I realize how much that is true. He cared. I care. He is missed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
I can ...but I won't ! WTF is worth the time/$$$ to intrude into abilashpraveen.com eh ?? On Feb 11, 2008 3:46 PM, Abilash Praveen [EMAIL PROTECTED] wrote: Hello experts, I had been talking to our web hosts the other day and they seem to have a lot of unusual brute force attack on the servers recently. I'm guessing that it could be because of my emails to the list? I mean, do you advice on using a personal email for this type of list? Or should I use something like @ gmail.com? I know they can't easily break in to our servers, but am I just giving them a chance? Abilash ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
--On Tuesday, February 12, 2008 02:16:02 +0530 Abilash Praveen [EMAIL PROTECTED] wrote: Hello experts, I had been talking to our web hosts the other day and they seem to have a lot of unusual brute force attack on the servers recently. I'm guessing that it could be because of my emails to the list? I mean, do you advice on using a personal email for this type of list? Or should I use something like @gmail.com? I know they can't easily break in to our servers, but am I just giving them a chance? The chances of your little corner of the web being singled out for attack are pretty low. Besides, the level of pure crap flying around on the internet makes it nearly impossible to distinguish a directed attack from the usual garbage. So, you do your best to properly configure and secure everything, keep good logs and sit back and watch the crap fly. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 STOP TROLLING WE ARE MOURNING YOU TERRORIST On Mon, 11 Feb 2008 15:46:02 -0500 Abilash Praveen [EMAIL PROTECTED] wrote: Hello experts, I had been talking to our web hosts the other day and they seem to have a lot of unusual brute force attack on the servers recently. I'm guessing that it could be because of my emails to the list? I mean, do you advice on using a personal email for this type of list? Or should I use something like @ gmail.com? I know they can't easily break in to our servers, but am I just giving them a chance? Abilash -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkewuwIACgkQ+cOIFG8Ql/6bUQP/W1v5tbiWdduUEJlZsS2YgMlTbq4P dmv3SI5OBtH7n9ULWyAJeZpuBq8cLTKBS5BJzvJU7eUH0KEFlCvU2Rjk7Cv0tPqGztCh q70Yk2zbnEQnHnyrbNtDvYXG3lfPHnzsqUurn7mZNamGtZOMs1/R0Ub7itJyJwsx+mOn tUMFZx8= =eHCr -END PGP SIGNATURE- -- Keep your hair. Click for permanent solution to hair restoration http://tagline.hushmail.com/fc/Ioyw6h4eaWsBkavZOH8l90DXcH74oERgwgs7yGPKrMybgJNW6lI4I4/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200802-04 ] Gallery: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Gallery: Multiple vulnerabilities Date: February 11, 2008 Bugs: #203217 ID: 200802-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were discovered in Gallery. Background == Gallery is a web-based application for creating and viewing photo albums. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/gallery2.2.4 = 2.2.4 2.0 Description === The Gallery developement team reported and fixed critical vulnerabilities during an internal audit (CVE-2007-6685, CVE-2007-6686, CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690, CVE-2007-6691, CVE-2007-6692, CVE-2007-6693). Impact == A remote attacker could exploit these vulnerabilities to execute arbitrary code, conduct Cross-Site Scripting and Cross-Site Request Forgery attacks, or disclose sensitive informations. Workaround == There is no known workaround at this time. Resolution == All Gallery users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/gallery-2.2.4 References == [ 1 ] CVE-2007-6685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6685 [ 2 ] CVE-2007-6686 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6686 [ 3 ] CVE-2007-6687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6687 [ 4 ] CVE-2007-6688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6688 [ 5 ] CVE-2007-6689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6689 [ 6 ] CVE-2007-6690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6690 [ 7 ] CVE-2007-6691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6691 [ 8 ] CVE-2007-6692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6692 [ 9 ] CVE-2007-6693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6693 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200802-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHsNVUuhJ+ozIKI5gRAlQUAJ9lFeYFWn1P5j9gCoQZeMPDd2Qv7gCeMHGd 9O6IeInam6ViQoXcHvw1twU= =Gzzi -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Brute force attack - need your advice
Hello experts, I had been talking to our web hosts the other day and they seem to have a lot of unusual brute force attack on the servers recently. I'm guessing that it could be because of my emails to the list? I mean, do you advice on using a personal email for this type of list? Or should I use something like @ gmail.com? I know they can't easily break in to our servers, but am I just giving them a chance? Abilash ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
I always think of these pics when those precious snowflakes post nonsense: http://i118.photobucket.com/albums/o100/EMPulse_of_KC/itg_quarterly.jpg http://www.stevelambe.com/posts/Nerd.jpg http://www.encyclopediadramatica.com/images/8/88/Itg.jpg Attention whores, the lot of them. Par for the course... On Mon, February 11, 2008 2:51 pm, Geoffrey Gowey wrote: I can't even believe some of the people on this list would take this posting as a joke. This could have been any of us. Disagreeing about a persons opinion and discussing is part of being on this list, but it's something else entirely when, solely based on what they voiced on a professional mailing list about professional topics, some of the members are rejoicing. Now that is just purely tasteless and cold hearted. I guess the fact that these people who are rejoicing are the same group that hide behind anonymous mail just goes to show that keyboard bravery really can separate a person from their humanity. For those of you keyboard warriors who may disagree with some of the people here and voice your disagreement in a manner befitting a toddler I normally chalk up your nonsense to immaturity, but celebrating the death of someone who maintained his professionalism is inhuman. It has been par for the course for years to have a heavy helping of nonsense come from those who would hide their identity not for professional reasons, but for them to act out what Freud defined as their Id. This topic, however, shows these same bunch of people for what they truly are: self-serving immature cowards. I never knew really knew this person while he was alive and I am not trying to paint a picture of him as a saint, but for the immature lot on this list now would be a good time to know when to refrain from your impulse of banging out some immature posting. Show some small measure of humanity and let those affected who knew this person grieve without your antics. On Feb 11, 2008 7:40 AM, Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LETS JUST DISAGREE TO AGREE ON THIS ONE PLEASE On Mon, 11 Feb 2008 14:51:05 -0500 Geoffrey Gowey [EMAIL PROTECTED] wrote: I can't even believe some of the people on this list would take this posting as a joke. This could have been any of us. Disagreeing about a persons opinion and discussing is part of being on this list, but it's something else entirely when, solely based on what they voiced on a professional mailing list about professional topics, some of the members are rejoicing. Now that is just purely tasteless and cold hearted. I guess the fact that these people who are rejoicing are the same group that hide behind anonymous mail just goes to show that keyboard bravery really can separate a person from their humanity. For those of you keyboard warriors who may disagree with some of the people here and voice your disagreement in a manner befitting a toddler I normally chalk up your nonsense to immaturity, but celebrating the death of someone who maintained his professionalism is inhuman. It has been par for the course for years to have a heavy helping of nonsense come from those who would hide their identity not for professional reasons, but for them to act out what Freud defined as their Id. This topic, however, shows these same bunch of people for what they truly are: self-serving immature cowards. I never knew really knew this person while he was alive and I am not trying to paint a picture of him as a saint, but for the immature lot on this list now would be a good time to know when to refrain from your impulse of banging out some immature posting. Show some small measure of humanity and let those affected who knew this person grieve without your antics. On Feb 11, 2008 7:40 AM, Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Kindest Regards, Geoff -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkewq2QACgkQ+cOIFG8Ql/4dggQAi5WCrhE4d1g2h4A3qTG1vuo8BJs9 efXC2AaLk1KogPDq18mqKr91c2ygDYmmqimsNLrRzuU8dCwf4gKyOMyJuG/q/z/cJO7Z ZEuj4924mitzUB7prwY84nQ9TLhsX+nihHntiIhjjYMO2ECz9vWqrcNSEYMOkHTQTp58 xJmp3KA= =vgSm -END PGP SIGNATURE- -- Learn to trade with confidence! Online Stock Trading. Click Now! http://tagline.hushmail.com/fc/Ioyw6h4dPc0HTN4oVfAQZHIwahSJCrNFvzIPp8PiKIpOV9iwTsit9O/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DEATH OF AN INTERNET ROCKSTAR
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 DOES ANYONE KNOW WHAT METHOD THE BITCH USED TO OFF HIMSELF -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkewohgACgkQ+cOIFG8Ql/51qAQAuen67uPVaecxAqit9wGWJnndcNGv J0/WaeJDfeY012jCs6PQm0zFOMZYU2x5J1q5s1laSFJzAjBFvusBq1ZT31k6VXIDOjq0 X+p5H00x9g3lNpXaHcb6cVE4eLucB4oem2qyoVMzNFU/gsXZpKDn6EoyFXi5aTkG1VdD GEVvlnM= =NxWy -END PGP SIGNATURE- -- Click to learn about options trading and how to make more money from the pros. http://tagline.hushmail.com/fc/Ioyw6h4eA177vGnKrisbAoJdPhNNAVJtVxudAKiHeiDY9Zk8lLTg1K/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
On 11/02/2008, Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Additionally: http://www.legacy.com/Atlanta/Obituaries.asp?Page=LifeStoryPersonId=102891429 -- Ronald MacDonald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
LOLOLOLOL. J On Mon, 11 Feb 2008 13:18:21 -0500 Simon Smith [EMAIL PROTECTED] wrote: Hey Joey, he was a prick but christ man, lay off, he is dead! Joey Mengele wrote: LOLOLOL. PICS PICS! J On Mon, 11 Feb 2008 10:40:33 -0500 Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CvfKbqV1QpBLhpA2GafKsTOCj8X MF8GoZgmuCFoovKvc0/ --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- -- Click for free information on attaining an equity line of credit. http://tagline.hushmail.com/fc/Ioyw6h4d9K1E03VF2Bj5kvT8O89UknANQXAIC3jt1zlWARUBkfuB4E/ http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Agreed, who would have even considered the post to be a joke or even funny at all! On Feb 11, 2008, at 1:43 PM, Simon Smith wrote: Amen! Paul Schmehl wrote: --On Monday, February 11, 2008 13:10:09 -0500 Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOL. PICS PICS! I wouldn't have thought that his death would be a laughing matter. Considering he was only 31, it's rather tragic. (And no, the original post was not a joke, and yes, he really did die.) -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1494-1[EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer February 11, 2008 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : missing access checks Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0010 CVE-2008-0163 CVE-2008-0600 The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges (CVE-2008-0010, CVE-2008-0600). In the vserver-enabled kernels, a missing access check on certain symlinks in /proc enabled local attackers to access resources in other vservers (CVE-2008-0163). For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch1. In addition to these fixes, this update also incorporates changes from the upcoming point release of the stable distribution. The old stable distribution (sarge) is not affected by this problem. The unstable (sid) and testing distributions will be fixed soon. We recommend that you upgrade your linux-2.6 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, i386, ia64 and s390. The remaining updates will follow. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch1.diff.gz Size/MD5 checksum: 5379550 6a28d0278e4abe270c0c1f69ed463b9c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch1.dsc Size/MD5 checksum: 5680 684a9ddb3b6975ce30764b26377f9162 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 3753320 1e23b46c2d099b80cc0502c1ebb72e1b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum:53924 5bd9cd783c6e8fdc37ccfe767578616d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 1582740 8f6c460f657f081dcb367688ddf695a7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 42181646 6d8046bfab1037093850d4194ab7e205 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 1105710 744ef385a2799906634ea3bb0c96e481 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch1_all.deb Size/MD5 checksum: 3736216 ca1179eeb523abe2ec79d32c6291b21f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_alpha.deb Size/MD5 checksum:53432 6a4fa9d91e94001156df2fc0b2734881 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch1_alpha.deb Size/MD5 checksum: 23843418 a3deed56c7f65efc99fca3c80a0caa88 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_alpha.deb Size/MD5 checksum: 3027008 58817d16f3a96938ce15165feab3df05 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch1_alpha.deb Size/MD5 checksum: 23535814 9d284588da0acfb391f15c307b7329be http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch1_alpha.deb Size/MD5 checksum: 266840 456d1471ee10e314276f45b26174b10d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch1_alpha.deb Size/MD5 checksum: 266486 0f72f068044bfa6d94affaf9329f6208 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch1_alpha.deb Size/MD5 checksum: 23490812 cb4bc1a4c532173af1731fca79e721db
[Full-disclosure] [ GLSA 200802-03 ] Horde IMP: Security bypass
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Horde IMP: Security bypass Date: February 11, 2008 Bugs: #205377 ID: 200802-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Insufficient checks in Horde may allow a remote attacker to bypass security restrictions. Background == Horde IMP provides a web-based access to IMAP and POP3 mailboxes. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-apps/horde-imp4.1.6 = 4.1.6 Description === Ulf Harnhammar, Secunia Research discovered that the frame and frameset HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked. Impact == A remote attacker could entice a user to open a specially crafted HTML e-mail, possibly resulting in the deletion of arbitrary e-mail messages. Workaround == There is no known workaround at this time. Resolution == All Horde IMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/horde-imp-4.1.6 References == [ 1 ] CVE-2007-6018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200802-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHsMu0uhJ+ozIKI5gRAs7IAJ9LidWBaJ2y444ahU0lxEeNOkXPsQCgiwT7 vfR5myUgGhfOREBpXZKAC0M= =vZ98 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 THIS IS NO TIME FOR YOU'RE SILLY JOKES On Mon, 11 Feb 2008 16:32:12 -0500 Paul Schmehl [EMAIL PROTECTED] wrote: --On Tuesday, February 12, 2008 02:16:02 +0530 Abilash Praveen [EMAIL PROTECTED] wrote: Hello experts, I had been talking to our web hosts the other day and they seem to have a lot of unusual brute force attack on the servers recently. I'm guessing that it could be because of my emails to the list? I mean, do you advice on using a personal email for this type of list? Or should I use something like @gmail.com? I know they can't easily break in to our servers, but am I just giving them a chance? The chances of your little corner of the web being singled out for attack are pretty low. Besides, the level of pure crap flying around on the internet makes it nearly impossible to distinguish a directed attack from the usual garbage. So, you do your best to properly configure and secure everything, keep good logs and sit back and watch the crap fly. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkewyQIACgkQ+cOIFG8Ql/4OuQP9EagLTXFp69+sIA+rSiAVLK9Vt3rG X3Bl+4/Ev6rbsszr6xw9hCfxX8C83ezUJSJtv2+iB4cBs4g2mjmR/55xEenE3LbqTQMK tzMF+NkTNiCQNSKW3NGDl3elmB3VFBVyGCflvDPKX6x2CujF5IQ1kBultrnKOIluyP/6 0oH5wR8= =ufp2 -END PGP SIGNATURE- -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9Cvgc7YPPsxUFlHRG4Zv2wsnezmFCVO8EPxvr2BKFhnE8I/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
On Mon, 11 Feb 2008 16:57:40 EST, Peter Dawson said: WTF is worth the time/$$$ to intrude into abilashpraveen.com eh ?? If you're a black hat, it's often worth a *LOT* to see your actual high-value target say: WTF is abilashpraveen.com and how come they just hacked us? Remember - an uninteresting host has actual value to a black hat - everything from a throw-away jump point for launching an attack, to sending spam, to hosting the websites the spam points back to, and other creative uses. And the *more* uninteresting it is, the *more* likely that it's running on autopilot and the hacking won't be noticed pgpFRcRhoIJav.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Another article. http://antivirus.about.com/b/2008/02/11/rip-dude.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 VERIFIED TO WORK AGAINST THE LATEST FIREFOX On Mon, 11 Feb 2008 15:36:35 -0500 worried security [EMAIL PROTECTED] wrote: On Feb 11, 2008 8:21 PM, Abilash Praveen [EMAIL PROTECTED] wrote: If Justin was good at securities he wouldn't have kept his mother's name as his security question, however I agree with n3td3v. His mother's name was a very loose example of the possibilities, but I don't want to give the bad guys any ideas that could mean a serious crime be commited, but yeah, i'm sure the good guys around here with an evil mind for potentials can see what i'm trying to spell out. Regards, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkewtAsACgkQ+cOIFG8Ql/4pmAP+LCZYdEFoeH8WAAOoXvKFAmZoVkZ9 CRbNywCiLq2YebbS7RHNQHKZzjlOlH1qqers6Ip9Q4zqW77PCeZBkxfLQ65lK73Wb3F2 2sZDvjnSg3W8MdiZNTh/tVl3sBEn48doFWYgyn7uVEfX5tvXPNMFpHbhmeZBPelQNf8M XAZkw/0= =RDne -END PGP SIGNATURE- -- Real Estate Investment - Click NOW! http://tagline.hushmail.com/fc/Ioyw6h4dnwyeRjjTiwe6iAtP9pXJeFoszDZCEZrRu5R0SHJtckuuZC/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
If Justin was good at securities he wouldn't have kept his mother's name as his security question, however I agree with n3td3v. On 2/12/08, worried security [EMAIL PROTECTED] wrote: On Feb 11, 2008 3:40 PM, Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. --JG This is sad news, however... I think its wrong for you to post his name and personal information and employment onto a large mailing list of this size and nature. I've been in the security scene 9 years and I know not to post information like this. He is now open to real life identity theft, social engineering, phishing, vishing and other mischief. Let's just hope his secret question isn't his mothers name etc. Especially in the first few days, weeks, his family,friends,employers etc are going to be open to exploitation with this information around. Regards, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:043 ] - Updated kernel packages fix multiple vulnerabilities and bugs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:043 http://www.mandriva.com/security/ ___ Package : kernel Date: February 11, 2008 Affected: 2007.0, 2007.1 ___ Problem Description: A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges. Mandriva urges all users to upgrade to these new kernels immediately as this flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600 ___ Updated Packages: Mandriva Linux 2007.0: c63758e3abeda7602d9a81890253d854 2007.0/i586/kernel-2.6.17.17mdv-1-1mdv2007.0.i586.rpm eb743ddfbb72aac4763ad008cb5bcad5 2007.0/i586/kernel-doc-2.6.17.17mdv-1-1mdv2007.0.i586.rpm 974492b95aeb6349888ec4f9a6499fbf 2007.0/i586/kernel-enterprise-2.6.17.17mdv-1-1mdv2007.0.i586.rpm ad17be478e5debd28663e0e3e788fba7 2007.0/i586/kernel-legacy-2.6.17.17mdv-1-1mdv2007.0.i586.rpm 12a369a4da1cf126ce0dbb61893b7476 2007.0/i586/kernel-source-2.6.17.17mdv-1-1mdv2007.0.i586.rpm 2fd75aa15c00fd06882dc5a9c88c560d 2007.0/i586/kernel-source-stripped-2.6.17.17mdv-1-1mdv2007.0.i586.rpm 44b699bd4418488011747c6f9d90cac5 2007.0/i586/kernel-xen0-2.6.17.17mdv-1-1mdv2007.0.i586.rpm c2cbe1e2e11cdd66b8e1e926603cac7b 2007.0/i586/kernel-xenU-2.6.17.17mdv-1-1mdv2007.0.i586.rpm 8e0c25c3078b3e08902767ee05e8c6eb 2007.0/SRPMS/kernel-2.6.17.17mdv-1-1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c7875e488362c15ecb76e7d4d0a5aef8 2007.0/x86_64/kernel-2.6.17.17mdv-1-1mdv2007.0.x86_64.rpm e9f0a1008002ffe40bae5406249c5ff3 2007.0/x86_64/kernel-doc-2.6.17.17mdv-1-1mdv2007.0.x86_64.rpm 36133c70f730c3e29bd03626630522c7 2007.0/x86_64/kernel-source-2.6.17.17mdv-1-1mdv2007.0.x86_64.rpm 3441a1c0d0dca1bcd4b2ce0f70c776c7 2007.0/x86_64/kernel-source-stripped-2.6.17.17mdv-1-1mdv2007.0.x86_64.rpm 2569a3b256c64bb44e2f7257e8b891db 2007.0/x86_64/kernel-xen0-2.6.17.17mdv-1-1mdv2007.0.x86_64.rpm 568b997678edddc1af69defe02052229 2007.0/x86_64/kernel-xenU-2.6.17.17mdv-1-1mdv2007.0.x86_64.rpm 8e0c25c3078b3e08902767ee05e8c6eb 2007.0/SRPMS/kernel-2.6.17.17mdv-1-1mdv2007.0.src.rpm Mandriva Linux 2007.1: 0f1453e9367c4483e8a09d1f86abbfc7 2007.1/i586/kernel-2.6.17.17mdv-1-1mdv2007.1.i586.rpm 04f805797e6ad66ce6e2ef4356c5ae20 2007.1/i586/kernel-doc-2.6.17.17mdv-1-1mdv2007.1.i586.rpm bddd4e3c46da24bab5107e36ebf052a9 2007.1/i586/kernel-doc-latest-2.6.17-17mdv.i586.rpm bc5309d6003dbf70cf08cc287c878911 2007.1/i586/kernel-enterprise-2.6.17.17mdv-1-1mdv2007.1.i586.rpm fc903c61146c16b45ba2f86f5f4e9318 2007.1/i586/kernel-enterprise-latest-2.6.17-17mdv.i586.rpm b0eba323c633baf341216fe5c000a852 2007.1/i586/kernel-latest-2.6.17-17mdv.i586.rpm 3789dfc33bbcfd7a4643e623a3d3f887 2007.1/i586/kernel-legacy-2.6.17.17mdv-1-1mdv2007.1.i586.rpm a014d9595a4e80b3ff51976b59822acb 2007.1/i586/kernel-legacy-latest-2.6.17-17mdv.i586.rpm 555822b1f7400be240d63aa993809fa5 2007.1/i586/kernel-source-2.6.17.17mdv-1-1mdv2007.1.i586.rpm d99f1b9db0461be5c7dc187b6e0e76aa 2007.1/i586/kernel-source-latest-2.6.17-17mdv.i586.rpm 5f579b07b3b40cf3a2e7e30e0a3c7f24 2007.1/i586/kernel-source-stripped-2.6.17.17mdv-1-1mdv2007.1.i586.rpm fa83757c3f38fff305df8a212c264e04 2007.1/i586/kernel-source-stripped-latest-2.6.17-17mdv.i586.rpm 2b380e48adf57862740a883acf8b5eed 2007.1/i586/kernel-xen0-2.6.17.17mdv-1-1mdv2007.1.i586.rpm 80852864b2146eadc762235ec61e5a13 2007.1/i586/kernel-xen0-latest-2.6.17-17mdv.i586.rpm 0cac0d1e82089622d3d3566720accb14 2007.1/i586/kernel-xenU-2.6.17.17mdv-1-1mdv2007.1.i586.rpm 750d97ef65990e039ba6c5437e4301e5 2007.1/i586/kernel-xenU-latest-2.6.17-17mdv.i586.rpm 6761309040b1a1980bc95eca54f205b2 2007.1/SRPMS/kernel-2.6.17.17mdv-1-1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 01be7ee171bfd72f353b091492c21e54 2007.1/x86_64/kernel-2.6.17.17mdv-1-1mdv2007.1.x86_64.rpm 722594b383eaa2eb1ab68d5f8916deb1 2007.1/x86_64/kernel-doc-2.6.17.17mdv-1-1mdv2007.1.x86_64.rpm 2371fdd019b0aa8d6f789fa0d3964a10 2007.1/x86_64/kernel-doc-latest-2.6.17-17mdv.x86_64.rpm 32309ca753c4eec5077f0e7c0389f82e 2007.1/x86_64/kernel-latest-2.6.17-17mdv.x86_64.rpm 233a48b8e2d0f46a5e3518539e42806b
Re: [Full-disclosure] Dude VanWinkle's Death
On Feb 11, 2008 3:40 PM, Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. --JG This is sad news, however... I think its wrong for you to post his name and personal information and employment onto a large mailing list of this size and nature. I've been in the security scene 9 years and I know not to post information like this. He is now open to real life identity theft, social engineering, phishing, vishing and other mischief. Let's just hope his secret question isn't his mothers name etc. Especially in the first few days, weeks, his family,friends,employers etc are going to be open to exploitation with this information around. Regards, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
I can't even believe some of the people on this list would take this posting as a joke. This could have been any of us. Disagreeing about a persons opinion and discussing is part of being on this list, but it's something else entirely when, solely based on what they voiced on a professional mailing list about professional topics, some of the members are rejoicing. Now that is just purely tasteless and cold hearted. I guess the fact that these people who are rejoicing are the same group that hide behind anonymous mail just goes to show that keyboard bravery really can separate a person from their humanity. For those of you keyboard warriors who may disagree with some of the people here and voice your disagreement in a manner befitting a toddler I normally chalk up your nonsense to immaturity, but celebrating the death of someone who maintained his professionalism is inhuman. It has been par for the course for years to have a heavy helping of nonsense come from those who would hide their identity not for professional reasons, but for them to act out what Freud defined as their Id. This topic, however, shows these same bunch of people for what they truly are: self-serving immature cowards. I never knew really knew this person while he was alive and I am not trying to paint a picture of him as a saint, but for the immature lot on this list now would be a good time to know when to refrain from your impulse of banging out some immature posting. Show some small measure of humanity and let those affected who knew this person grieve without your antics. On Feb 11, 2008 7:40 AM, Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Kindest Regards, Geoff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105
### Luigi Auriemma Application: Larson Software Technology Network Print Server http://www.cgmlarson.com/products/NetworkPrintServer.php Versions: = 9.4.2 build 105 Platforms:Windows Bugs: A] format string in logging B] license buffer-overflow Exploitation: remote Date: 11 Feb 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bugs 3) The Code 4) Fix ### === 1) Introduction === LstNPS is a CGM print server for Windows. ### === 2) Bugs === --- A] format string in logging --- The server is affected by a format string vulnerability located in the logging functions (by default enabled and set on Information) which passes the log message directly to vsnprintf without the format argument. -- B] license buffer-overflow -- The LICENSE command handled by the server leads to a buffer-overflow vulnerability when a license string longer than 128 bytes is copied in a stack buffer using strncpy in the wrong way. ### === 3) The Code === A] echo USEP %n%n%n%s%s%s|nc SERVER 3114 -v -v B] echo LICENSE a...160...a|nc SERVER 3114 -v -v ### == 4) Fix == No Fix ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RIP Dude VanWinkle
This news saddens me greatly. Justin and I had plans to meet up at SPICON in Atlanta just a few months ago, but he bailed out and never came down. Was he a bit shy of social gatherings? I told him that a group of us would be getting dinner and drinks, but I never heard back from him. He finally responded a week later, after the conference, saying he was busy. Does anyone know the cause of death? It's really a bummer :-( The dude abides... And I'm talkin' about the Dude here -- sometimes there's a man who, well, he's the man for his time'n place, he fits right in there -- and that's the Dude, -- Kristian Erik Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
Ok yeah I hear u on the jump points vectors. Makes sense ! On Feb 11, 2008 5:10 PM, [EMAIL PROTECTED] wrote: On Mon, 11 Feb 2008 16:57:40 EST, Peter Dawson said: WTF is worth the time/$$$ to intrude into abilashpraveen.com eh ?? If you're a black hat, it's often worth a *LOT* to see your actual high-value target say: WTF is abilashpraveen.com and how come they just hacked us? Remember - an uninteresting host has actual value to a black hat - everything from a throw-away jump point for launching an attack, to sending spam, to hosting the websites the spam points back to, and other creative uses. And the *more* uninteresting it is, the *more* likely that it's running on autopilot and the hacking won't be noticed ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Some dumb faggot suiciding appears more of a net social benefit than a tragedy. On Feb 11, 2008 10:41 AM, Paul Schmehl [EMAIL PROTECTED] wrote: --On Monday, February 11, 2008 13:10:09 -0500 Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOL. PICS PICS! I wouldn't have thought that his death would be a laughing matter. Considering he was only 31, it's rather tragic. (And no, the original post was not a joke, and yes, he really did die.) -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo
I was just woken up with the news of Justin's death and am unsure what to think or how to respond--I need to. I feel things are left unfinished, a light just disappeared without warning, and all I can think of is what I said to him, when and where. Was I nice? Was I respectful? Did I always treat him right? What could I do differently? What will our small corner of the universe look like without him? What's clear is that he was a good guy who strove to always do better and was not afraid of voicing his opinion or making himself heard. He was also quick to apologize when necessary. His opinions never stopped him from seeing the person on the other side. He took subjects he discussed seriously, but never lost sight of the fun. He never stopped learning and he evolved a great deal over the past couple of years in which I had the opportunity to know him. One day, I was hoping to meet him. He was a good guy. He became an integral part of our community and only now I realize how much that is true. He cared. I care. He is missed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Brute force attack - need your advice
Salut, Abilash, On Tue, 12 Feb 2008 02:16:02 +0530, Abilash Praveen wrote: I had been talking to our web hosts the other day and they seem to have a lot of unusual brute force attack on the servers recently. I'm guessing that it could be because of my emails to the list? I mean, do you advice on using a personal email for this type of list? Or should I use something like @ gmail.com? I know they can't easily break in to our servers, but am I just giving them a chance? I don't really think that this is closely related to the use of your mail address. Outside in the real nature, there is rain/snow/whatever, which occurs from time to time in some type of natural cycle, and you can't help it. The same goes for SPAM and worms/virii/other automated attacks. They'll always be there, like the rain and the show. What you should do is put on a rain coat: make sure your systems are up to date and looking regularly for holes in the coat. Keep the SPAM and worms off yourself, and whatever flies through your network is just random noise. (But please don't deduce from this posting that you should use it as input in a random number generator to generate cryptographic keys!) Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33Güterstrasse 86 Fax:+41 61 383 14 674053 Basel Web:www.sygroup.ch [EMAIL PROTECTED] signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [inbox] in Memory of Dude VanWinkle / Justin Plazzo
It truly is a sad day today that JP died. I know some people didn't like his postings, but that doesn't really matter. It's truly sad when one of our own dies unexpectedly like this, truly sad. Does anyone have any news as to how this tragedy happened? He surely will be missed, he always added a little spice to certain topics that will forever be gone. Rest in peace JP, the universe is now yours to explore... Exibar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: Monday, February 11, 2008 3:43 PM To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Subject: [inbox] [Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo I was just woken up with the news of Justin's death and am unsure what to think or how to respond--I need to. I feel things are left unfinished, a light just disappeared without warning, and all I can think of is what I said to him, when and where. Was I nice? Was I respectful? Did I always treat him right? What could I do differently? What will our small corner of the universe look like without him? What's clear is that he was a good guy who strove to always do better and was not afraid of voicing his opinion or making himself heard. He was also quick to apologize when necessary. His opinions never stopped him from seeing the person on the other side. He took subjects he discussed seriously, but never lost sight of the fun. He never stopped learning and he evolved a great deal over the past couple of years in which I had the opportunity to know him. One day, I was hoping to meet him. He was a good guy. He became an integral part of our community and only now I realize how much that is true. He cared. I care. He is missed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
--On Monday, February 11, 2008 13:10:09 -0500 Joey Mengele [EMAIL PROTECTED] wrote: LOLOLOL. PICS PICS! I wouldn't have thought that his death would be a laughing matter. Considering he was only 31, it's rather tragic. (And no, the original post was not a joke, and yes, he really did die.) -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x
### Luigi Auriemma Applications: Opium OPI Server http://www.cyansoftware.com/Opium_OPI.htm cyanPrintIP Easy OPI http://www.cyansoftware.com/cyanPrintIP_Easy_OPI.htm cyanPrintIP http://www.cyansoftware.com/cyanPrintIP.htm Versions: Opium OPI Server = 4.10.1028 cyanPrintIP Easy OPI = 4.10.1030 cyanPrintIP Professional = 4.10.1030 cyanPrintIP Workstation = 4.10.836 cyanPrintIP Standard = 4.10.940 cyanPrintIP Basic = 4.10.1030 Platforms:Windows Bugs: A] format string in ReportSysLogEvent B] service crash through Send queue state commands Exploitation: remote Date: 11 Feb 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bugs 3) The Code 4) Fix ### === 1) Introduction === Opium and cyanPrintIP are a family of LPD products for the network sharing of printers. ### === 2) Bugs === - A] format string in ReportSysLogEvent - The LPD servers are affected by a format string vulnerability in the ReportSysLogEvent function used for logging. The best way for exploiting this vulnerability is through a malformed queue name which will be used to build a Print queue error message directly passed to vsprintf without the needed format argument. After the exploitation will be created a dump and the server will be automatically restarted by the Restart process. B] service crash through Send queue state commands The servers are not able to handle the two Send queue state LPD commands (3 and 4) when received at the beginning of the connection, so when not expected by it. The result is the immediate crash/termination of the server which will be not restarted automatically. ### === 3) The Code === http://aluigi.org/poc/cyanuro.zip ### == 4) Fix == No fix ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Multiple vulnerabilities in EztremeZ-IP File and Printer Server 5.1.2x15
### Luigi Auriemma Application: EztremeZ-IP File and Printer Server http://www.grouplogic.com/products/extreme/overview.cfm Versions: = 5.1.2x15 Platforms:Windows Bugs: A] crash through the SLP service B] crash through the AFP service C] limited directory traversal in Zidget/HTTP Exploitation: remote Date: 10 Feb 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bugs 3) The Code 4) Fix ### === 1) Introduction === EztremeZ-IP is a server for Windows which supports both the Apple Filing Protocol and Line Printer Daemon for the sharing of files and printers. ### === 2) Bugs === A] crash through the SLP service EztremeZ-IP runs by default with a SLP (Service Location Protocol) daemon enabled. The service is affected by a problem during the handling of the number of available URLs, in fact there are no instructions which check if the incoming packet can really contain the number of URLs specified in it. The resulting effect is the crash of the entire server when a big amount of URLs is used due to the read access to the unallocated memory after the packet. B] crash through the AFP service The UAM field in the AFP protocol is used for choosing a guest access to the remote devices or a specific type of encrypted/hashed password for the authentication. An invalid UAM will cause the crash of the server since it doesn't check if the type of authentication specified by the client is available or not. - C] limited directory traversal in Zidget/HTTP - By default is enabled also a small webserver which runs on port 8081 and gives access to the Zidget widget and the master list. This service is affected by a directory traversal vulnerability which allows an attacker to download any file in the disk which has one of the following extensions: gif, png, jpg, xml, ico, zip and html. There are no other ways for bypassing the extension's limitation, anyway the XML files are often used as format for the configuration files of various programs. The directory traversal can be exploited only with the plain backslash char, hex chars are not supported by the server. ### === 3) The Code === http://aluigi.org/poc/ezipirla.zip ### == 4) Fix == No fix ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
LOLOLOL. PICS PICS! J On Mon, 11 Feb 2008 10:40:33 -0500 Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CvfKbqV1QpBLhpA2GafKsTOCj8XMF8GoZgmuCFoovKvc0/ --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo
He will definitely be missed. Especially his witty siglines. RIP Dude! Regards, Scott Abilash Praveen wrote: You have the same feeling as what I had a couple of years back when my 23 years old friend (only son for his parents and a Microsoft VIP) passed away in his sleep. Everything seems to be a vanity when someone very good and contributing to technology passes away. We all work so hard, and when we die - we have nothing to take with us. None of the praises are going to help Justin or his family now. He is missed and missed forever! I fear eternal life now. On 2/12/08, Gadi Evron [EMAIL PROTECTED] wrote: I was just woken up with the news of Justin's death and am unsure what to think or how to respond--I need to. I feel things are left unfinished, a light just disappeared without warning, and all I can think of is what I said to him, when and where. Was I nice? Was I respectful? Did I always treat him right? What could I do differently? What will our small corner of the universe look like without him? What's clear is that he was a good guy who strove to always do better and was not afraid of voicing his opinion or making himself heard. He was also quick to apologize when necessary. His opinions never stopped him from seeing the person on the other side. He took subjects he discussed seriously, but never lost sight of the fun. He never stopped learning and he evolved a great deal over the past couple of years in which I had the opportunity to know him. One day, I was hoping to meet him. He was a good guy. He became an integral part of our community and only now I realize how much that is true. He cared. I care. He is missed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference
===[ ABSTRACT ]=
A new vmsplice() system call was introduced in the 2.6.17 release of the
Linux kernel. In the 2.6.23 kernel the system call functionality has
been further extended resulting in two new critical vulnerabilities.
===[ AFFECTED SOFTWARE ]
Linux 2.6.23 - 2.6.24
For the exact kernel version please refer to an information provided by
your vendor.
===[ DESCRIPTION ]==
VULNERABILITY #1
Inappropriate dereference of user-supplied memory pointers in the
code beginning at line 1378 in the vmsplice_to_user() kernel
function (fs/splice.c):
---8--- fs/splice.c:1378 ---8---
error = get_user(base, iov-iov_base);
/* ... */
if (unlikely(!base)) {
error = -EFAULT;
break;
}
/* ... */
sd.u.userptr = base;
/* ... */
size = __splice_from_pipe(pipe, sd, pipe_to_user);
---8--- fs/splice.c:1401 ---8---
The code lacks validation of these pointers (i.e. with access_ok()).
The __splice_from_pipe() assumes these are valid user-memory pointers
and never makes any verification of them. The function dereferences the
pointers with __copy_to_user_inatomic() function (in pipe_to_user()) in
order to write data to user-process memory in this case leading to
possibility of arbitrary data (read from pipe) to arbitrary kernel
memory.
VULNERABILITY #2
The copy_from_user_mmap_sem() function copies data from user-process
memory with the use of __copy_from_user_inatomic() without validating
user-supplied pointer with access_ok():
---8--- fs/splice.c:1188 ---8---
partial = __copy_from_user_inatomic(dst, src, n);
---8--- fs/splice.c:1188 ---8---
This vulnerability leads to indirect reading of arbitrary kernel memory.
===[ IMPACT ]===
Vulnerabilities may lead to local system compromise including execution
of arbitrary machine code in the context of running kernel.
Vulnerability #1 has been successfully exploited on Linux 2.6.24.
Vulnerability #2 not tested.
===[ DISCLOSURE TIMELINE ]==
1st Feb 2008Vendor notification
8th Feb 2008Public disclosure
===[ AUTHOR ]===
Wojciech Purczynski [EMAIL PROTECTED]
Wojciech Purczynski is a Security Researcher at Vulnerability Research
Labs, COSEINC PTE Ltd.
http://coseinc.com
Wojciech Purczynski is also a member of iSEC Security Research
http://isec.pl/
===[ LEGAL DISCLAIMER ]=
Copyright (c) 2008 Wojciech Purczynski
Copyright (c) 2008 COSEINC PTE Ltd.
All Rights Reserved.
PUBLISHING, DISTRIBUTING, PRINTING, COPYING, SCANNING, DUPLICATING IN
ANY FORM, MODIFYING WITHOUT PRIOR WRITTEN PERMISSION IS STRICTLY
PROHIBITED.
THE DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. THE
CONTENT MAY CHANGE WITHOUT NOTICE. IN NO EVENT SHALL THE AUTHORS BE
LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES, INJURIES,
LOSSES OR UNLAWFUL OFFENCES.
USE AT YOUR OWN RISK.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Andrew A wrote: Some dumb faggot suiciding ... Yet you're still posting? ... appears more of a net social benefit than a tragedy. We're waiting... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo
oh look, the full disclosure demagogue parade is here to feign sympathy for a fellow useless IT drone who also never found employment in the information security industry i wish gadi evron didn't have a big jew trustfund so he could realize his life isn't worth living and suicide too On Feb 11, 2008 12:43 PM, Gadi Evron [EMAIL PROTECTED] wrote: I was just woken up with the news of Justin's death and am unsure what to think or how to respond--I need to. I feel things are left unfinished, a light just disappeared without warning, and all I can think of is what I said to him, when and where. Was I nice? Was I respectful? Did I always treat him right? What could I do differently? What will our small corner of the universe look like without him? What's clear is that he was a good guy who strove to always do better and was not afraid of voicing his opinion or making himself heard. He was also quick to apologize when necessary. His opinions never stopped him from seeing the person on the other side. He took subjects he discussed seriously, but never lost sight of the fun. He never stopped learning and he evolved a great deal over the past couple of years in which I had the opportunity to know him. One day, I was hoping to meet him. He was a good guy. He became an integral part of our community and only now I realize how much that is true. He cared. I care. He is missed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Dude VanWinkle's Death
http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] in Memory of Dude VanWinkle / Justin Plazzo
We all work so hard, and when we die - we have nothing to take with us. None of the praises are going to help Justin or his family now. He is missed and missed forever! I fear eternal life now. Reminds me of 911 in a way. People get so caught up in this Matrix like life ... we forget about what's real and what's just bus-i-ness. If Dude were here now, what advice do you think he'd give now (after discovering eternal truths)? Jared ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [inbox] in Memory of Dude VanWinkle / JustinPlazzo
On Feb 11th Exibar said: It truly is a sad day today that JP died. I know some people didn't like his postings, but that doesn't really matter. It's truly sad when one of our own dies unexpectedly like this, truly sad. Does anyone have any news as to how this tragedy happened? He surely will be missed, he always added a little spice to certain topics that will forever be gone. Rest in peace JP, the universe is now yours to explore... Exibar Exibar, that was well said and heartfelt. JP was a good guy even if he did appear to bother some people on this list. He and I had a dialogue off-list and he was a bright, funny man with keen insight. He never mentioned any illness or anything wrong. I hope someone will say the same about me one day. Hopefully it will be in another 30 plus years as he certainly went home long before work was through most sincerely, Richard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Dude VanWinkle's Death
Joey, For a retard your quasi email forging skills are impressive. You're l33t even! Joey Mengele wrote: LOLOLOLOL. J On Mon, 11 Feb 2008 13:18:21 -0500 Simon Smith [EMAIL PROTECTED] wrote: Hey Joey, he was a prick but christ man, lay off, he is dead! Joey Mengele wrote: LOLOLOL. PICS PICS! J On Mon, 11 Feb 2008 10:40:33 -0500 Jonathan Glass [EMAIL PROTECTED] wrote: http://www.timesreporter.com/index.php?ID=79446r=6Category=7 Justin Marcus Polazzo, 31, of Atlanta, Ga., was found dead in his home on Feb. 4, 2008. He was born in Alma, Mich., on Dec. 31, 1976. At the time of his death, Justin was employed at the Georgia Institute of Technology's Office of Information Technology in the Division of Architecture and Infrastructure. Justin is survived by his parents, mother Carol Anson Stanwyck (Doug), and father Free Polazzo (Janet), brother Chad Polazzo (Lori), and stepsister Liz Stanwyck. Other area surviving relatives are Betty Anson, Wendy (Wagner) Muzechuk, Ashley and Maggie Haverfield and James Anson (Marilyn) from Illinois. A memorial service will be held Sunday, Feb. 10, 2008, in Atlanta. It's been a sad week for the friends of Dude VanWinkle. -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CvfKbqV1QpBLhpA2GafKsTOCj8X MF8GoZgmuCFoovKvc0/ --JG ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - simon -- -- Discount Self Storage - Click Now! http://tagline.hushmail.com/fc/Ioyw6h4eNgRxmknFOzeHpFU4h9Dhb94V7lzv5LwV4DJhgz9VmBgXsR/ http://www.snosoft.com -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0
### Luigi Auriemma Application: SafeNet Sentinel Protection Server SafeNet Sentinel Keys Server http://www.safenet-inc.com Versions: = 7.4.1.0 (aka SPI740SecurityPatch) Platforms:Windows Bug: directory traversal Exploitation: remote Date: 10 Feb 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === The Sentinel Protection and Key Server are two simple webservers for the monitoring of the licenses and listen respectively on ports 6002 and 7002. ### == 2) Bug == Both the webservers are affected by a directory traversal vulnerability exploitable using the backslash delimiter (the servers don't support hex chars) allowing an attacker to download any file in the disk on which the services are installed. It's funny to note that the security patch available from November 2007 was released just to fix a directory traversal vulnerability but they dropped only the slash delimiter leaving the backslash working. ### === 3) The Code === GET /..\..\..\..\..\..\..\boot.ini HTTP/1.0 ### == 4) Fix == No fix ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
