[Full-disclosure] n3td3v not a troll
New x tube video. DVD quality only. http://videos.videosextube2009.com/x-tube-video.html --~--~-~--~~~---~--~~ You received this message because you are subscribed pt type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> [Full-disclosure] n3td3v not a troll n3td3v Reply via email to [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll Razi Shaban Re: [Full-disclosure] n3td3v not a troll Valdis . Kletnieks Re: [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll . Re: [Full-disclosure] n3td3v not a troll Randal T. Rioux Re: [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll . Re: [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll . Re: [Full-disclosure] n3td3v not a troll n3td3v Reply via email to [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll Razi Shaban Re: [Full-disclosure] n3td3v not a troll Valdis . Kletnieks Re: [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll . Re: [Full-disclosure] n3td3v not a troll Randal T. Rioux Re: [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll . Re: [Full-disclosure] n3td3v not a troll n3td3v Re: [Full-disclosure] n3td3v not a troll . Re: [Full-disclosure] n3td3v not a troll n3td3v Reply via email to
Re: [Full-disclosure] Zero-day Catcher for Windows available for sell
Nama/HP/Area kota 1. Cahyo/08129958488/Cikarang 2. Yosep/081220247000/Bandung/Garut/Tasik 3. Rosso/08812314156/demak/semarang
[Full-disclosure] [SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1637-1 [EMAIL PROTECTED] http://www.debian.org/security/ Devin Carraway September 15, 2008http://www.debian.org/security/faq - Package: git-core Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2008-3546 Debian Bug : 494097 Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies this vulnerabilitiy as CVE-2008-3546. For the stable distribution (etch), this problem has been fixed in version 1.4.4.4-2.1+etch1. For the unstable distribution (sid), this problem has been fixed in version 1.5.6.5-1. We recommend that you upgrade your git-core packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1.dsc Size/MD5 checksum: 801 e1da32690d937c31112734e3a568a6b2 http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz Size/MD5 checksum: 1054130 99bc7ea441226f792b6f796a838e7ef0 http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1.diff.gz Size/MD5 checksum:80042 b10d0f2f899b73e92cc22fd0e7616f8a Architecture independent packages: http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum:68534 bc1c4be53e445eb2a9a1cba42410f85e http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum:93752 fbbef80ad27745f79072bce3e5ae3a96 http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum:62850 dfaff5a7df0025792768a536fae519af http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum:88008 b10f4275020e838c1fb1a1af6ccef056 http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum:55366 5b7be4b5951849b301d1faddf831dff8 http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum: 466200 0a21d338c7741147ff36242abaf3b402 http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum: 100590 990844afb17ba526bbffb49796497b6e http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-2.1+etch1_all.deb Size/MD5 checksum:99352 a2d4c126758efa9fa9a549e8736f80a3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_alpha.deb Size/MD5 checksum: 3092536 10a91198e5606dc6b1f6037803389d53 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_amd64.deb Size/MD5 checksum: 2627502 3fad9097fef2d907e66a28c9cb3f9684 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_arm.deb Size/MD5 checksum: 2317560 de4bd89d3a608df2b1216f86cf0b8b53 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_hppa.deb Size/MD5 checksum: 2692126 53c2bf7b21e779e94c34405201be7910 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_i386.deb Size/MD5 checksum: 2330734 769253444bc1f266f706bc742bec86ee ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_ia64.deb Size/MD5 checksum: 3813238 65d7e5064d427e425173653300a6b5c6 mips architecture (MIPS (Big Endian))
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 5:49 PM, [EMAIL PROTECTED] wrote: On Mon, 15 Sep 2008 08:09:12 BST, n3td3v said: n3td3v is outspoken but hes not a troll. he is a serious security researcher with his own mailing list. ... and then someone hurtfully says im a troll, what does this mean? It means that if you don't understand what a troll is, It means posting inflammatory comments on purpose to get a response, yet i've never done this ever, So I can't be a troll, because I've never purposely set out to post something just to get a reaction. Anything I say is my actual opinion, so accept it or unsubscribe. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
It means posting inflammatory comments on purpose to get a response, yet i've never done this ever, So I can't be a troll, because I've never purposely set out to post something just to get a reaction. Anything I say is my actual opinion, so accept it or unsubscribe. Every comment you've ever made is inflammatory. If you're not trying to get a response, then why the hell are you posting? You are a troll, by definition. Good day, fd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, 15 Sep 2008 08:09:12 BST, n3td3v said: n3td3v is outspoken but hes not a troll. he is a serious security researcher with his own mailing list. ... and then someone hurtfully says im a troll, what does this mean? It means that if you don't understand what a troll is, you're probably not cut out to be a serious security researcher, and no amount of referencing yourself in the 3rd person will help that... pgpoygF999Air.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 6:36 PM, Randal T. Rioux [EMAIL PROTECTED] wrote: It is Full-Disclosure, not Opinion-Disclosure. Its both. Although, anyone who doesn't share the American way of thinking is branded a troll or a terrorist. Oops! I just got onto the terrorist watch list for apparently trolling Full-Disclosure, woopy fucking d. I have a big ass mailing list with members on it, it might be a terrorist cell, time to get me on the watch list dude, got to be on the safe side!!! You can't have someone as high profile as me not on the watch list Hahahaha. If you suspect it, report it: 0800 789 321 http://farm4.static.flickr.com/3255/2810415169_cdc0e24b7d_b.jpg Complete fucking joke the paranoia we live in. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
n3td3v wrote: On Mon, Sep 15, 2008 at 5:49 PM, [EMAIL PROTECTED] wrote: On Mon, 15 Sep 2008 08:09:12 BST, n3td3v said: n3td3v is outspoken but hes not a troll. he is a serious security researcher with his own mailing list. ... and then someone hurtfully says im a troll, what does this mean? It means that if you don't understand what a troll is, It means posting inflammatory comments on purpose to get a response, yet i've never done this ever, So I can't be a troll, because I've never purposely set out to post something just to get a reaction. Anything I say is my actual opinion, so accept it or unsubscribe. Why don't you all go research into some security, and stop wasting our bandwidths on this? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
Its both. Although, anyone who doesn't share the American way of thinking is branded a troll or a terrorist. ^^ Inflammatory remark You sent it to a mailing list, you obviously want a response. Troll. Good day, fd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, September 15, 2008 1:08 pm, n3td3v wrote: On Mon, Sep 15, 2008 at 5:49 PM, [EMAIL PROTECTED] wrote: On Mon, 15 Sep 2008 08:09:12 BST, n3td3v said: n3td3v is outspoken but hes not a troll. he is a serious security researcher with his own mailing list. ... and then someone hurtfully says im a troll, what does this mean? It means that if you don't understand what a troll is, It means posting inflammatory comments on purpose to get a response, yet i've never done this ever, So I can't be a troll, because I've never purposely set out to post something just to get a reaction. Anything I say is my actual opinion, so accept it or unsubscribe. It is Full-Disclosure, not Opinion-Disclosure. Sure, you can do it. Just expect the appropriate responses. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 7:25 PM, . [EMAIL PROTECTED] wrote: Its both. Although, anyone who doesn't share the American way of thinking is branded a troll or a terrorist. ^^ Inflammatory remark You sent it to a mailing list, you obviously want a response. Troll. Good day, fd Thats not an inflammatory remark, its the mindset you dicks are living in. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Zero-day Catcher for Windows available for sell
So guys, look at this PDF I made (attached). Still no actual evidence that this program exists other than my word, but hey, I'm a pretty reliable guy, right? Eugene Chukhlomin, the guy who got his RSA breaker theory broken and the same guy who patented a giant projector? On 9/15/08, Zero-day catcher team [EMAIL PROTECTED] wrote: Short review: http://rapidshare.com/files/145438401/ZDC.pdf.html or www.zerodaycatcher.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
As a non-American living in the Middle East, if you don't think that that's an inflammatory remark I kindly request that you get a fucking clue. Good day. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 7:39 PM, . [EMAIL PROTECTED] wrote: As a non-American living in the Middle East, if you don't think that that's an inflammatory remark I kindly request that you get a fucking clue. Good day. You're not in the middle east, you prick. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
How the fuck would you know? You want my address? I happen to live in Amman, Jordan. Where do you live? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 7:45 PM, Razi Shaban [EMAIL PROTECTED] wrote: How the fuck would you know? You want my address? I happen to live in Amman, Jordan. Where do you live? Scotland, UK. Come and get me. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, 15 Sep 2008 22:39:48 +0400, . said: As a non-American living in the Middle East, if you don't think that that's an inflammatory remark I kindly request that you get a fucking clue. If he got a fucking clue he might figure out how to reproduce. Is that really what you want? pgpKbXWDpwmqY.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
If he got a fucking clue he might figure out how to reproduce. Is that really what you want? Reproducing requires a partner, does it not? Maybe when he leaves his mother's basement he'll rape one, until then the world is safe. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
Opps! It was actually Valdis who mentioned rape, but we better add you both to the watch list anyway! HAHAHAHA. On Mon, Sep 15, 2008 at 8:04 PM, n3td3v [EMAIL PROTECTED] wrote: On Mon, Sep 15, 2008 at 7:52 PM, . [EMAIL PROTECTED] wrote: Reproducing requires a partner, does it not? Maybe when he leaves his mother's basement he'll rape one, until then the world is safe. You mentioned rape, you might be a terrorist, you're added to the watch list. If you suspect it, report it: 0800 789 321 http://farm4.static.flickr.com/3255/2810415169_cdc0e24b7d_b.jpg All the best, n3td3v Don't forget to report me as well! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 7:52 PM, . [EMAIL PROTECTED] wrote: Reproducing requires a partner, does it not? Maybe when he leaves his mother's basement he'll rape one, until then the world is safe. You mentioned rape, you might be a terrorist, you're added to the watch list. If you suspect it, report it: 0800 789 321 http://farm4.static.flickr.com/3255/2810415169_cdc0e24b7d_b.jpg All the best, n3td3v Don't forget to report me as well! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, 15 Sep 2008 20:12:27 BST, n3td3v said: Opps! It was actually Valdis who mentioned rape, but we better add you both to the watch list anyway! HAHAHAHA. If you actually *read* the note, you'll see that comment was '.'s reply to my comment: On Mon, Sep 15, 2008 at 8:04 PM, n3td3v [EMAIL PROTECTED] wrote: On Mon, Sep 15, 2008 at 7:52 PM, . [EMAIL PROTECTED] wrote: Reproducing requires a partner, does it not? Maybe when he leaves his mother's basement he'll rape one, until then the world is safe. You mentioned rape, you might be a terrorist, you're added to the watch list. And here, you're replying to . not to me. Serious security researchers are required to be able to do complicated forensic tasks like following who said what for at least 3 or 4 consecutive messages in a properly cited e-mail exchange. pgpRSvyk6yITY.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 15 Sep 2008 03:09:12 -0400 n3td3v [EMAIL PROTECTED] wrote: n3td3v is outspoken but hes not a troll. he is a serious security researcher with his own mailing list. There is a difference between being outspoken and making dumb comments no one cares about. For instance, if I were to go into a group of Mac users and make a strong, technical argument that OS X security was a joke, then I would be outspoken. If I come onto a security list talking about things no one cares about and making arguments that have no backing, in addition to making very uneducated and ignorant assumptions about respected members of the research community being a part of xyz intelligence agency, then I would be a troll. You are the latter. You want to be respected and not laughed at, be the first one. Being outspoken doesn't mean you have to act dumb. i post this to reddit http://www.reddit.com/r/netsec/comments/70ygi/questions_not_answere d_on_cnet_live_chat/ and then someone hurtfully says im a troll, what does this mean? See above. It means you post stuff no one cares about and/or run your mouth off about things you have no business talking about. all the best, n3td3v Respect is earned, not given. You've done nothing to merit the respect of anyone here and hurt your case by your insane obsession with intel agencies and making accusations against people you know nothing about. -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkjOsDUACgkQGwcl4JwqQeDyAAQAjTI5MsFK7nVysrZT8JFkjm4znBQh ufDTeIGkH8dsPU3c8QRofrf5CSkYbbdm0k1j6xRl9cDZJ4X68/tAG/ubQsKdQrmulk5P Yq2oHDJdLmP9/7OSlEYK7A3KJh4CUoy080PkSPN8HoEF5vWpbCP2aF2mJTwUsEP1T72C C/ZSy3M= =rIWe -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 8:29 PM, [EMAIL PROTECTED] wrote: Serious security researchers are required to be able to do complicated forensic tasks like following who said what for at least 3 or 4 consecutive messages in a properly cited e-mail exchange. Add me to the watch list already, c'mon I haven't all day. I'm obviously a troll/terrorist... get me added. 9/11, 9/11, 9/11 All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Immunity Debugger v1.7 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Immunity is proud to announce: Immunity Debugger v1.7 It's been a rough couple of months and the release got delayed by other projects, but the new version is now among us! New in this release: New methods had been added for setting variables on the disassembled functions. Scripts for auditing drivers and ActiveX are now available and good amount of bugs have been fixed. We would like to express our appreciation for the enormous amount of contributions, feedback and requests we receive daily from the Immunity Debugger community at http://forum.immunityinc.com. Thanks for using Immunity Debugger! We hope you enjoy this month's release, Check out the Changelog below for more detailed information. You can upgrade your current Immunity Debugger by going to Help/Update or directly downloading the new installer from http://www.immunityinc.com/products-immdbg.shtml Sincerely Team Immunity http://www.immunityinc.com 1.70 Build 0 New Features: - - Debugger o Added support for variable decoding when second pass analysis enabled - - Immunity Debugger API o Added getVariable/setVariable methods o Added driverlib.py for analyzing drivers - - PyCommands o activex.py for auditing ActiveX controls - - Bug Fixes o Fixed Python pathing issue when JIT debugging/spawning from right-click o Fixed Module.getName() method to return only the module name o Fixed length check error in imm.Assemble() -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIznksnx8KWzmcRsERAs7qAJ0REXx/FMua6u/8tQxoOgQ08D8XNQCfU5uY ESnth3WbiV5SGuPJ5nTnGqE= =9vBL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Critical Vulnerability in Apple Quick time’s Indeo Codec
http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/ Paul Byrne of NGSSoftware has discovered a critical vulnerability in Apple Quicktime's implementation of the Indeo Codec (CVE-ID: CVE-2008-3615) which may allow an attacker to execute arbitrary code on a user’s system via playing a malformed movie file in Quicktime containing video encoded in the Indeo Codec. This is also possible to be executed through the Quicktime Internet Explorer Active X control. It is in the Quicktime library for Indeo in the file ir50_32.qtx which was previous distributed through Apple's website but written by a third party. The codec has now been removed and is no longer supported in the latest version of Quicktime. This issue has been resolved in the newest version of Apple Quicktime 7.5.5, to see Apple's release go to: http://support.apple.com/kb/HT3027 NGSSoftware are going to withhold details of this flaw for three months. Full details will be published in December 2008. This three month window will allow other vendors the time needed to create patches in their versions of Indeo Codec before the details are released to the general public. This reflects NGSSoftware’s approach to responsible disclosure. NGSSoftware Insight Security Research Email: [EMAIL PROTECTED] http://www.ngssoftware.com http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070 -- E-MAIL DISCLAIMER The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments. The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain. NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1 4BF with Company Number 04225835 and VAT Number 783096402 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
Dear All, I've been reading Full Disclosure for quite some time and, for the most part, value the content I find here. It helps me with my work and helps me keep abreast of developments in the wonderful worlds of network and application security. In this post, I seek to spark some discussion as to how this unmoderated list might improve it's effectiveness with regard to self-policing and how subscribers might employ methods to filter extraneous content whilst retaining that which is truly valuable. On a personal level, I have tried in the past to filter out posts which fail to meet certain criteria using both blacklists and whitelists of content keywords. I've found these to be ineffective in so much as either filtering the signal or not filtering the noise to varying degrees. I've tried blacklisting email addresses where the content is often of little value, but again this is not very effective at filtering out noise (although it usually has very little negative impact on the signal). These methods have taken-up far too much time to implement and manage for their levels of effectiveness and perhaps exceed the time spent manually reviewing posts to determine their worth. Many of you would no doubt agree that the dissatisfaction with the level of noise is oft expressed (which often generates further noise). One possible solution which would require consensus might to be apply lessons learned by parents and other adults with responsibility for children. When dealing with a child displaying anti-social or otherwise undesired behaviour, one should not engage the child at that same level. For example, one should not retort as this implies permission and complicity. Instead a clear indication should be given that the behaviour of the child does not meet the required level of desirability. This should be done in a non-threatening, but authoritative response and delivered in an articulate and consistent manner. The key is to set clear boundaries. Failure to stay within clearly defined boundaries carries a penalty, such as a child time-out (naughty-chair) where the child is removed to an area where they are unable to participate but can observe the continuation of normal activity. Obviously I am not comparing any FD users to children nor suggesting they be treated as such, but I think that an approach similar to this may have some merit for dealing with the phenomenon of noise escalation which often occurs in response to a noisy event. If, for example, a message was posted to the list which was perceived to be undesirable, disrespectful or otherwise noisy it might help a great deal if firstly the poster were gently chided with respect to their post and secondly the post elicited no other response and certainly none which might be perceived as undesirable. The latter I think is most important because without such responses, there is a) less noise generated and b) less fuel for those who repeatedly post trivial and useless or inflammatory material. Finally, I should say that I am acutely aware that this post may itself be construed as noise, but I hope humbly that it is received in the spirit with which it is meant. I welcome your ideas and recommendations. Sincerely, Iain O'Dorf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
On Mon, Sep 15, 2008 at 8:45 PM, Od Orf [EMAIL PROTECTED] wrote: Failure to stay within clearly defined boundaries carries a penalty, such as a child time-out (naughty-chair) where the child is removed to an area where they are unable to participate but can observe the continuation of normal activity. In America this is called the electric chair, let's extradite everyone to America we don't agree with on F-D and put them in the naughty chair. The Americans think they actually have control of F-D, even though its a British mailing list and is with all due respect owned by MI5/6/GCHQ, nothing actually to do with American rules at all. If we want to play around on our own mailing list all day, we fucking will. So less of the lecturing from Americans about how F-D should be run, OK? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 7:57 PM, [EMAIL PROTECTED] wrote: your insane obsession with intel agencies Add me to the watch list. You never know, 9/11 and all that jazz. What's the anti-terrorist hotline number again? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
On Mon, Sep 15, 2008 at 9:38 PM, Razi Shaban [EMAIL PROTECTED] wrote: Perhaps you didn't notice, but he was talking about people like you. Was he, omg, no really??? 9/11 Call the cops!!! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
I would never think of filtering FD, the colorful comments are what make this list classic! Filtering it out would be a tragedy and a crime against humanity. On Mon, Sep 15, 2008 at 3:45 PM, Od Orf [EMAIL PROTECTED] wrote: Dear All, I've been reading Full Disclosure for quite some time and, for the most part, value the content I find here. It helps me with my work and helps me keep abreast of developments in the wonderful worlds of network and application security. In this post, I seek to spark some discussion as to how this unmoderated list might improve it's effectiveness with regard to self-policing and how subscribers might employ methods to filter extraneous content whilst retaining that which is truly valuable. On a personal level, I have tried in the past to filter out posts which fail to meet certain criteria using both blacklists and whitelists of content keywords. I've found these to be ineffective in so much as either filtering the signal or not filtering the noise to varying degrees. I've tried blacklisting email addresses where the content is often of little value, but again this is not very effective at filtering out noise (although it usually has very little negative impact on the signal). These methods have taken-up far too much time to implement and manage for their levels of effectiveness and perhaps exceed the time spent manually reviewing posts to determine their worth. Many of you would no doubt agree that the dissatisfaction with the level of noise is oft expressed (which often generates further noise). One possible solution which would require consensus might to be apply lessons learned by parents and other adults with responsibility for children. When dealing with a child displaying anti-social or otherwise undesired behaviour, one should not engage the child at that same level. For example, one should not retort as this implies permission and complicity. Instead a clear indication should be given that the behaviour of the child does not meet the required level of desirability. This should be done in a non-threatening, but authoritative response and delivered in an articulate and consistent manner. The key is to set clear boundaries. Failure to stay within clearly defined boundaries carries a penalty, such as a child time-out (naughty-chair) where the child is removed to an area where they are unable to participate but can observe the continuation of normal activity. Obviously I am not comparing any FD users to children nor suggesting they be treated as such, but I think that an approach similar to this may have some merit for dealing with the phenomenon of noise escalation which often occurs in response to a noisy event. If, for example, a message was posted to the list which was perceived to be undesirable, disrespectful or otherwise noisy it might help a great deal if firstly the poster were gently chided with respect to their post and secondly the post elicited no other response and certainly none which might be perceived as undesirable. The latter I think is most important because without such responses, there is a) less noise generated and b) less fuel for those who repeatedly post trivial and useless or inflammatory material. Finally, I should say that I am acutely aware that this post may itself be construed as noise, but I hope humbly that it is received in the spirit with which it is meant. I welcome your ideas and recommendations. Sincerely, Iain O'Dorf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- If you see me laughing, you better have backups ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
On Mon, Sep 15, 2008 at 9:38 PM, Stack Smasher [EMAIL PROTECTED] wrote: I would never think of filtering FD, the colorful comments are what make this list classic! Filtering it out would be a tragedy and a crime against humanity. If you filter FD, the terrorists might be missed out by accident!!! Is that a risk you can take post-9/11??? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, 15 Sep 2008 21:43:28 BST, n3td3v said: On Mon, Sep 15, 2008 at 7:57 PM, [EMAIL PROTECTED] wrote: your insane obsession with intel agencies Add me to the watch list. You never know, 9/11 and all that jazz. But if you're on the watch list, you probably won't be able to pass the security check to work at MI5/6. Except maybe mowing the lawn out front. pgpz9HqYmw4LY.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Zero-day Catcher for Windows available for sell
RSA theory, discussed here, was not broken (if you have evidence - please, share it or turn off your claims in this context). If you (or somebody) need actual evidence of program existense without payment - we can give you one copy (with corresponding NDA, with notarial witness of signature). Trial and bypass way - not best way here (if you understand us). Concerning Eugene Chukhlomin - not only The Big Prism laser projection system, you forget his patents for Quasi-monopol power source (magnetic generator) and time-amplitude audio coding algorithms. Cheers, Zero-day catcher team Probably Shadowgamers: So guys, look at this PDF I made (attached). Still no actual evidence that this program exists other than my word, but hey, I'm a pretty reliable guy, right? Eugene Chukhlomin, the guy who got his RSA breaker theory broken and the same guy who patented a giant projector? On 9/15/08, Zero-day catcher team [EMAIL PROTECTED] wrote: Short review: http://rapidshare.com/files/145438401/ZDC.pdf.html or www.zerodaycatcher.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v not a troll
On Mon, Sep 15, 2008 at 10:00 PM, [EMAIL PROTECTED] wrote: On Mon, 15 Sep 2008 21:43:28 BST, n3td3v said: On Mon, Sep 15, 2008 at 7:57 PM, [EMAIL PROTECTED] wrote: your insane obsession with intel agencies Add me to the watch list. You never know, 9/11 and all that jazz. But if you're on the watch list, you probably won't be able to pass the security check to work at MI5/6. Except maybe mowing the lawn out front. Mowers are too electrical, it might be risky... 9/11. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
On Mon, 15 Sep 2008 21:56:47 BST, n3td3v said: If you filter FD, the terrorists might be missed out by accident!!! Is that a risk you can take post-9/11??? If you're doing *actual* threat analysis, the risk that a *credible* threat will be pre-announced on the F-D list (as opposed to wannabes that couldn't terrorize their way out of a wet box of tissues) is sufficiently low that it can probably be ignored. If you're doing Security Theatre, or Firesign Theatre, or other surreal theatrical event, the rules are of course different... pgpGvVbbOHWiF.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
Od Orf wrote: On a personal level, I have tried in the past to filter out posts which fail to meet certain criteria using both blacklists and whitelists of content keywords. I've found these to be ineffective in Just filter out all messages with the phrase n3td3v in adress, subject or body and you'll get very close to a functional FD list. A large majority of the noise is either from, replying to or mentioning that keyword. -- // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
No way! The list is effective because it is unmoderated, full stop. btw the only filter I apply is to trash NetD4v (all messages containing that lame word). nicola 2008/9/15 Stack Smasher [EMAIL PROTECTED] I would never think of filtering FD, the colorful comments are what make this list classic! Filtering it out would be a tragedy and a crime against humanity. On Mon, Sep 15, 2008 at 3:45 PM, Od Orf [EMAIL PROTECTED] wrote: Dear All, I've been reading Full Disclosure for quite some time and, for the most part, value the content I find here. It helps me with my work and helps me keep abreast of developments in the wonderful worlds of network and application security. In this post, I seek to spark some discussion as to how this unmoderated list might improve it's effectiveness with regard to self-policing and how subscribers might employ methods to filter extraneous content whilst retaining that which is truly valuable. On a personal level, I have tried in the past to filter out posts which fail to meet certain criteria using both blacklists and whitelists of content keywords. I've found these to be ineffective in so much as either filtering the signal or not filtering the noise to varying degrees. I've tried blacklisting email addresses where the content is often of little value, but again this is not very effective at filtering out noise (although it usually has very little negative impact on the signal). These methods have taken-up far too much time to implement and manage for their levels of effectiveness and perhaps exceed the time spent manually reviewing posts to determine their worth. Many of you would no doubt agree that the dissatisfaction with the level of noise is oft expressed (which often generates further noise). One possible solution which would require consensus might to be apply lessons learned by parents and other adults with responsibility for children. When dealing with a child displaying anti-social or otherwise undesired behaviour, one should not engage the child at that same level. For example, one should not retort as this implies permission and complicity. Instead a clear indication should be given that the behaviour of the child does not meet the required level of desirability. This should be done in a non-threatening, but authoritative response and delivered in an articulate and consistent manner. The key is to set clear boundaries. Failure to stay within clearly defined boundaries carries a penalty, such as a child time-out (naughty-chair) where the child is removed to an area where they are unable to participate but can observe the continuation of normal activity. Obviously I am not comparing any FD users to children nor suggesting they be treated as such, but I think that an approach similar to this may have some merit for dealing with the phenomenon of noise escalation which often occurs in response to a noisy event. If, for example, a message was posted to the list which was perceived to be undesirable, disrespectful or otherwise noisy it might help a great deal if firstly the poster were gently chided with respect to their post and secondly the post elicited no other response and certainly none which might be perceived as undesirable. The latter I think is most important because without such responses, there is a) less noise generated and b) less fuel for those who repeatedly post trivial and useless or inflammatory material. Finally, I should say that I am acutely aware that this post may itself be construed as noise, but I hope humbly that it is received in the spirit with which it is meant. I welcome your ideas and recommendations. Sincerely, Iain O'Dorf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- If you see me laughing, you better have backups ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- == Nicola Del Vacchio [EMAIL PROTECTED] == CISSP Microsoft Certified Professional MCSE:Security CompTIA Security+ Certified Professional == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
On Mon, Sep 15, 2008 at 10:02 PM, Anders B Jansson [EMAIL PROTECTED] wrote: Just filter out all messages with the phrase n3td3v in adress, subject or body and you'll get very close to a functional FD list. A large majority of the noise is either from, replying to or mentioning that keyword. -- // hdw They should thank me I keep to the same keyword, I could be a terrorist and randomize my alias for every post, then you guys would be fucked. HAHAHAHA. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
I dunno, lately it is going beyond amusing and straight past the 90% mark of distractions / useless garbage / possibly imbalanced ramblings . might be time to fire up a filter, sadly. /TJ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stack Smasher Sent: Monday, September 15, 2008 4:38 PM To: Od Orf Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD I would never think of filtering FD, the colorful comments are what make this list classic! Filtering it out would be a tragedy and a crime against humanity. On Mon, Sep 15, 2008 at 3:45 PM, Od Orf [EMAIL PROTECTED] wrote: Dear All, I've been reading Full Disclosure for quite some time and, for the most part, value the content I find here. It helps me with my work and helps me keep abreast of developments in the wonderful worlds of network and application security. In this post, I seek to spark some discussion as to how this unmoderated list might improve it's effectiveness with regard to self-policing and how subscribers might employ methods to filter extraneous content whilst retaining that which is truly valuable. On a personal level, I have tried in the past to filter out posts which fail to meet certain criteria using both blacklists and whitelists of content keywords. I've found these to be ineffective in so much as either filtering the signal or not filtering the noise to varying degrees. I've tried blacklisting email addresses where the content is often of little value, but again this is not very effective at filtering out noise (although it usually has very little negative impact on the signal). These methods have taken-up far too much time to implement and manage for their levels of effectiveness and perhaps exceed the time spent manually reviewing posts to determine their worth. Many of you would no doubt agree that the dissatisfaction with the level of noise is oft expressed (which often generates further noise). One possible solution which would require consensus might to be apply lessons learned by parents and other adults with responsibility for children. When dealing with a child displaying anti-social or otherwise undesired behaviour, one should not engage the child at that same level. For example, one should not retort as this implies permission and complicity. Instead a clear indication should be given that the behaviour of the child does not meet the required level of desirability. This should be done in a non-threatening, but authoritative response and delivered in an articulate and consistent manner. The key is to set clear boundaries. Failure to stay within clearly defined boundaries carries a penalty, such as a child time-out (naughty-chair) where the child is removed to an area where they are unable to participate but can observe the continuation of normal activity. Obviously I am not comparing any FD users to children nor suggesting they be treated as such, but I think that an approach similar to this may have some merit for dealing with the phenomenon of noise escalation which often occurs in response to a noisy event. If, for example, a message was posted to the list which was perceived to be undesirable, disrespectful or otherwise noisy it might help a great deal if firstly the poster were gently chided with respect to their post and secondly the post elicited no other response and certainly none which might be perceived as undesirable. The latter I think is most important because without such responses, there is a) less noise generated and b) less fuel for those who repeatedly post trivial and useless or inflammatory material. Finally, I should say that I am acutely aware that this post may itself be construed as noise, but I hope humbly that it is received in the spirit with which it is meant. I welcome your ideas and recommendations. Sincerely, Iain O'Dorf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- If you see me laughing, you better have backups ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
On Mon, Sep 15, 2008 at 10:17 PM, Nicola Del Vacchio [EMAIL PROTECTED] wrote: nicola A chick on F-D, no way, pics or GTFO! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
They should thank me I keep to the same keyword, I could be a terrorist and randomize my alias for every post, then you guys would be fucked. HAHAHAHA. That's not funny. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
On Mon, Sep 15, 2008 at 2:32 PM, n3td3v [EMAIL PROTECTED] wrote: ... A chick on F-D, no way, pics or GTFO! http://xkcd.com/322/ please note that egregious situations may warrant exceptional EIRP* in the direction of the target sufficient to prevent any future contamination of the gene pool by the offender. [ * the exact radiated power required is left as an exercise for the reader given the amplifier and antenna gain provided. it doesn't take many phased array watts at 50+ dBi to make an impression... ] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
Anders B Jansson wrote: Od Orf wrote: On a personal level, I have tried in the past to filter out posts which fail to meet certain criteria using both blacklists and whitelists of content keywords. I've found these to be ineffective in Just filter out all messages with the phrase n3td3v in adress, subject or body and you'll get very close to a functional FD list. A large majority of the noise is either from, replying to or mentioning that keyword. You'd be amazed at how good that works. Even just filtering n3td3v's comments allows you to watch the drama unfold through the responses, something I'm sure many find more entertaining than the source. -- Steve Lord Mandalorian Security Services Get the latest Information Security News at Infosec Update: http://news.mandalorian.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Zero-day Catcher for Windows available for sell
On 15 Sep 08, at 13:39, Zero-day catcher team wrote: RSA theory, discussed here, was not broken (if you have evidence - please, share it or turn off your claims in this context). The archives recall otherwise: http://www.security-express.com/archives/fulldisclosure/2007-04/0683.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:196 ] mplayer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:196 http://www.mandriva.com/security/ ___ Package : mplayer Date: September 15, 2008 Affected: 2008.0, 2008.1, Corporate 3.0 ___ Problem Description: Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. The updated packages have been patched to fix this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1558 ___ Updated Packages: Mandriva Linux 2008.0: 07986d15f18d7340ccdbf5906e65e2c4 2008.0/i586/libdha1.0-1.0-1.rc1.20.4mdv2008.0.i586.rpm d3c7f28d571a501a4f21a1755d1660ce 2008.0/i586/mencoder-1.0-1.rc1.20.4mdv2008.0.i586.rpm b59fee894fe681115cdb33e62dd270d0 2008.0/i586/mplayer-1.0-1.rc1.20.4mdv2008.0.i586.rpm 6b85efde94633b2d71073f1c1fc3a9dc 2008.0/i586/mplayer-doc-1.0-1.rc1.20.4mdv2008.0.i586.rpm 5b7db93db96afcde015a9ef42bca8554 2008.0/i586/mplayer-gui-1.0-1.rc1.20.4mdv2008.0.i586.rpm 0aa07da9587aa20dcb4316cc33b004b0 2008.0/SRPMS/mplayer-1.0-1.rc1.20.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4ed443cd03adfb59ed71d9144224fccc 2008.0/x86_64/mencoder-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm 75a636754a8e428cb6099b735b3bda61 2008.0/x86_64/mplayer-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm eef1df30deb2424a34ebd53be0738dbe 2008.0/x86_64/mplayer-doc-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm efd52fecf218dfe2d1a2fe2af0d350c2 2008.0/x86_64/mplayer-gui-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm 0aa07da9587aa20dcb4316cc33b004b0 2008.0/SRPMS/mplayer-1.0-1.rc1.20.4mdv2008.0.src.rpm Mandriva Linux 2008.1: 4c9e6653d3a609e3b0e12b2a2d782190 2008.1/i586/mencoder-1.0-1.rc2.10.3mdv2008.1.i586.rpm b86bd6f6814f76446e36b3ee6c16a388 2008.1/i586/mplayer-1.0-1.rc2.10.3mdv2008.1.i586.rpm 4d27ac4774ce0a0b88d5ff0717f6e6e2 2008.1/i586/mplayer-doc-1.0-1.rc2.10.3mdv2008.1.i586.rpm edae8ef02bd7511176b17cac685690c6 2008.1/i586/mplayer-gui-1.0-1.rc2.10.3mdv2008.1.i586.rpm c0033a7acff75a3b0469d04d9dad5a84 2008.1/SRPMS/mplayer-1.0-1.rc2.10.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 26bea74f84a5ed367520f481d4c5c1d3 2008.1/x86_64/mencoder-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm fa84cc334968489e822ff5eda7e5b310 2008.1/x86_64/mplayer-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm 9b1a8ae19758c90487508e429abf14a3 2008.1/x86_64/mplayer-doc-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm 5348eac886ab0abbfbffc95dfef3a9e4 2008.1/x86_64/mplayer-gui-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm c0033a7acff75a3b0469d04d9dad5a84 2008.1/SRPMS/mplayer-1.0-1.rc2.10.3mdv2008.1.src.rpm Corporate 3.0: 88de2e0d1778f0b6559d5212197cd22a corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.16.C30mdk.i586.rpm a8ea83b08be774da5331ed8d9b0e1105 corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.16.C30mdk.i586.rpm 9dec12f64b68aa8fc9a677f673e180a3 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.16.C30mdk.i586.rpm 629aa4300a95d168bf09606b99d12246 corporate/3.0/i586/mencoder-1.0-0.pre3.14.16.C30mdk.i586.rpm 8422c5b0399372678f95ee8c17df6ba4 corporate/3.0/i586/mplayer-1.0-0.pre3.14.16.C30mdk.i586.rpm d2afff5a819c129b693e9c8024d45695 corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.16.C30mdk.i586.rpm 1158a9332df052cc32a1dcc17a486278 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.16.C30mdk.src.rpm Corporate 3.0/X86_64: e0338d0c3cb1e2c33d50d63ab9a4627f corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.16.C30mdk.x86_64.rpm fd765680b0928c0c75f01fda39fd822b corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.16.C30mdk.x86_64.rpm 4c6c6b477acaf47ecf7ddd5fd15916a0 corporate/3.0/x86_64/mencoder-1.0-0.pre3.14.16.C30mdk.x86_64.rpm 7282864f91152a9cc2d1a93fe9f93732 corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.16.C30mdk.x86_64.rpm b6b49c3aec318ea67e31b8ca94597ad5 corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.16.C30mdk.x86_64.rpm 1158a9332df052cc32a1dcc17a486278 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.16.C30mdk.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact
Re: [Full-disclosure] Zero-day Catcher for Windows available for sell
Concerning integer factorization - listed thread did not finished (if you can disprove that gypothesis - please, come on - if you can, however). FYI, more or less extended description of gypothesis - http://www.security-express.com/archives/fulldisclosure/2007-04/0704.html Concerning another claims - proof please, or turn off your claims. Cheers, Zero-day catcher team Probably Shadowgamers: More precise archive: http://seclists.org/fulldisclosure/2007/Apr/0683.html Also; You sound like a patent troll at best, or someone who is completely full of shit. On 9/15/08, Andrew Farmer [EMAIL PROTECTED] wrote: On 15 Sep 08, at 13:39, Zero-day catcher team wrote: RSA theory, discussed here, was not broken (if you have evidence - please, share it or turn off your claims in this context). The archives recall otherwise: http://www.security-express.com/archives/fulldisclosure/2007-04/0683.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:182-1 ] wordnet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:182-1 http://www.mandriva.com/security/ ___ Package : wordnet Date: September 15, 2008 Affected: 2008.0, 2008.1 ___ Problem Description: Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input (CVE-2008-2149, CVE-2008-3908). Update: The previous patch had a typo that caused incorrect behaviour in WordNet. This update uses an update patch that corrects the issue and also notes the additional assigned CVE name for these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3908 ___ Updated Packages: Mandriva Linux 2008.0: 1d0d82775493396e34971c884cbabc01 2008.0/i586/libwordnet3.0-3.0-6.2mdv2008.0.i586.rpm eceaba3f5a49a9006bc415e778651bf2 2008.0/i586/libwordnet3.0-devel-3.0-6.2mdv2008.0.i586.rpm 96fb48c0c5a8b91884294f93bbe47399 2008.0/i586/wordnet-3.0-6.2mdv2008.0.i586.rpm 494942f67dad01f8223f20ec9a255cff 2008.0/SRPMS/wordnet-3.0-6.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 45a324ee32d6fa613a862b4d905f4738 2008.0/x86_64/lib64wordnet3.0-3.0-6.2mdv2008.0.x86_64.rpm e220080ca764c251d274f7ced28ea5fb 2008.0/x86_64/lib64wordnet3.0-devel-3.0-6.2mdv2008.0.x86_64.rpm 149fb69b656abf7360b750882931de41 2008.0/x86_64/wordnet-3.0-6.2mdv2008.0.x86_64.rpm 494942f67dad01f8223f20ec9a255cff 2008.0/SRPMS/wordnet-3.0-6.2mdv2008.0.src.rpm Mandriva Linux 2008.1: fdbb49dbd64ed7635088b9ee613e5786 2008.1/i586/libwordnet3.0-3.0-6.2mdv2008.1.i586.rpm 361e9bb12cdf618a12fcd7df41a98690 2008.1/i586/libwordnet3.0-devel-3.0-6.2mdv2008.1.i586.rpm e1888e6cbad6140e67932764a479fee7 2008.1/i586/wordnet-3.0-6.2mdv2008.1.i586.rpm ed24b17d2cfc64cdc814de1114a94f4b 2008.1/SRPMS/wordnet-3.0-6.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 26ca8beb8ffa8a778e290248221fe204 2008.1/x86_64/lib64wordnet3.0-3.0-6.2mdv2008.1.x86_64.rpm 5bc62faa924d2b633249ed486e3396df 2008.1/x86_64/lib64wordnet3.0-devel-3.0-6.2mdv2008.1.x86_64.rpm ba9444c750762049a65de3c3dd5732af 2008.1/x86_64/wordnet-3.0-6.2mdv2008.1.x86_64.rpm ed24b17d2cfc64cdc814de1114a94f4b 2008.1/SRPMS/wordnet-3.0-6.2mdv2008.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIzrm8mqjQ0CJFipgRAqZlAJoDgRLNqGF1rUvWyRg155zYBBfMMgCgsn3L kV5nr5LIuN3OR9VR22x5AvM= =5o2b -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v domain
I think valdis and n3td3v should get a room... n3td3v covering the room and valdis covering the viagra. [EMAIL PROTECTED] wrote: On Sat, 13 Sep 2008 19:13:20 BST, n3td3v said: Are you saying MI5 don't have an interest in protecting their computer systems? Shut the fuck up Valdis, of course they read FD and probably read it manually like any IT department in any organization should. Actually, they probably apply at least *some* automation, like some basic signal-to-noise filtering. In procmail, it would go something like: :0 *^From:.*n3td3v /dev/null At which point the list is fairly low-traffic and much higher actual usable content percentage. The chances of that procmail filter accidentally throwing a false-positive on an item that is both important *and* not also echoed on other mailing lists is sufficiently low as to not worry about. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2008:197 ] koffice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:197 http://www.mandriva.com/security/ ___ Package : koffice Date: September 15, 2008 Affected: 2008.0, 2008.1 ___ Problem Description: Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693). This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693 ___ Updated Packages: Mandriva Linux 2008.0: 283b9bd37cc40748272533cc09e97df5 2008.0/i586/koffice-1.6.3-9.2mdv2008.0.i586.rpm 95a19b9c987c19e71a102fc68dd51797 2008.0/i586/koffice-karbon-1.6.3-9.2mdv2008.0.i586.rpm bf7eef6f052174678feb692103a92155 2008.0/i586/koffice-kexi-1.6.3-9.2mdv2008.0.i586.rpm bc943ffac6d8277300645e04bd8b520c 2008.0/i586/koffice-kformula-1.6.3-9.2mdv2008.0.i586.rpm 203e3ea3d0c155077f73c76e1ad19e6f 2008.0/i586/koffice-kivio-1.6.3-9.2mdv2008.0.i586.rpm e8750033794aa7bb2ddb8fa5a2c405fd 2008.0/i586/koffice-koshell-1.6.3-9.2mdv2008.0.i586.rpm fd38ad84b37fdeaa085af5426870b148 2008.0/i586/koffice-kplato-1.6.3-9.2mdv2008.0.i586.rpm 16516205121e835db5b38c6e79bcfe05 2008.0/i586/koffice-kpresenter-1.6.3-9.2mdv2008.0.i586.rpm 7c96726a941bb2da9500971fb6c946cf 2008.0/i586/koffice-krita-1.6.3-9.2mdv2008.0.i586.rpm 997acdb3520875262f4a4fd1c523e38f 2008.0/i586/koffice-kspread-1.6.3-9.2mdv2008.0.i586.rpm 8b3ff56c28205a4d346ff3672e220e72 2008.0/i586/koffice-kugar-1.6.3-9.2mdv2008.0.i586.rpm c36beb51133418358c8c92ecad2689e7 2008.0/i586/koffice-kword-1.6.3-9.2mdv2008.0.i586.rpm e59a633f08275a64b2088ed25bfb294a 2008.0/i586/koffice-progs-1.6.3-9.2mdv2008.0.i586.rpm d5455d791cf0156d6742292c638483c7 2008.0/i586/libkoffice2-karbon-1.6.3-9.2mdv2008.0.i586.rpm 05633b1fa1c7f6556de03bd08a4b6d77 2008.0/i586/libkoffice2-karbon-devel-1.6.3-9.2mdv2008.0.i586.rpm 66f0ea6a1b60d885113e6d56f474f8bb 2008.0/i586/libkoffice2-kexi-1.6.3-9.2mdv2008.0.i586.rpm a187081fa8be73c2d8502a2118989585 2008.0/i586/libkoffice2-kexi-devel-1.6.3-9.2mdv2008.0.i586.rpm 3440fd7e3593bfe681fe181f0a878905 2008.0/i586/libkoffice2-kformula-1.6.3-9.2mdv2008.0.i586.rpm 98ffee5c094f52360791cd851aa8f3e6 2008.0/i586/libkoffice2-kformula-devel-1.6.3-9.2mdv2008.0.i586.rpm 707f2702ea76c574a811be3e42b26904 2008.0/i586/libkoffice2-kivio-1.6.3-9.2mdv2008.0.i586.rpm 114c5024a38eafc7ad6eec0a016a04e9 2008.0/i586/libkoffice2-kivio-devel-1.6.3-9.2mdv2008.0.i586.rpm 78c1002a4b10c8a47b217a2670578a74 2008.0/i586/libkoffice2-koshell-1.6.3-9.2mdv2008.0.i586.rpm 66c5643adf86b4f5930769f3580b270b 2008.0/i586/libkoffice2-kplato-1.6.3-9.2mdv2008.0.i586.rpm bc213a867b140d3e44c4770be7a6ed7c 2008.0/i586/libkoffice2-kpresenter-1.6.3-9.2mdv2008.0.i586.rpm 70739c5d2319493c70c17198e327bfec 2008.0/i586/libkoffice2-kpresenter-devel-1.6.3-9.2mdv2008.0.i586.rpm 58f52c7fc2cbc0e149e973c4414ee0f9 2008.0/i586/libkoffice2-krita-1.6.3-9.2mdv2008.0.i586.rpm 5d1f0149e8f3da5582bb470829f66412 2008.0/i586/libkoffice2-krita-devel-1.6.3-9.2mdv2008.0.i586.rpm 2278f48e081680308a2674ff55b7b9ea 2008.0/i586/libkoffice2-kspread-1.6.3-9.2mdv2008.0.i586.rpm 2d57807564c71353f9863d007c8ec0fb 2008.0/i586/libkoffice2-kspread-devel-1.6.3-9.2mdv2008.0.i586.rpm 6266b714ab7f1c436c1568a46238f892 2008.0/i586/libkoffice2-kugar-1.6.3-9.2mdv2008.0.i586.rpm 0bb0860343fb7879b314aa7be15a5131 2008.0/i586/libkoffice2-kugar-devel-1.6.3-9.2mdv2008.0.i586.rpm c728af53e8bafc0d63e2154e5e2e3e0d 2008.0/i586/libkoffice2-kword-1.6.3-9.2mdv2008.0.i586.rpm 441af8840d1f463a0facde645352ea2f 2008.0/i586/libkoffice2-kword-devel-1.6.3-9.2mdv2008.0.i586.rpm 5369a7f0ad2ea01a4dcc001030fd75ab 2008.0/i586/libkoffice2-progs-1.6.3-9.2mdv2008.0.i586.rpm b894e8902ff3caaf3f551528295b5762 2008.0/i586/libkoffice2-progs-devel-1.6.3-9.2mdv2008.0.i586.rpm 3ad53c7c3355ba5701842460ce357089 2008.0/SRPMS/koffice-1.6.3-9.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: a44b8f4851686451b697ce4f99987306 2008.0/x86_64/koffice-1.6.3-9.2mdv2008.0.x86_64.rpm c993fc059b1c79ea85d48b48a89d413a 2008.0/x86_64/koffice-karbon-1.6.3-9.2mdv2008.0.x86_64.rpm 4d445d9399112fe14c9fe77780cc1bec 2008.0/x86_64/koffice-kexi-1.6.3-9.2mdv2008.0.x86_64.rpm 605cf33c2e4332091b668c3894fb22b6 2008.0/x86_64/koffice-kformula-1.6.3-9.2mdv2008.0.x86_64.rpm
Re: [Full-disclosure] n3td3v domain
rholgstad wrote: I think valdis and n3td3v should get a room... n3td3v covering the room and valdis covering the viagra. Girls don't need viagra. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow
TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-08-06 September 15, 2008 -- CVE ID: CVE-2008-2468 -- Affected Vendors: LANDesk -- Affected Products: LANDesk Management Suite -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6411. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LANDesk Management Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QIP Server Service (qipsrvr.exe) which listens by default on TCP port 12175. The process makes a vulnerable call to MultiByteToWideChar using values obtained from packet data. A malicious 'heal' request can allow an attacker to control both the pointer to the StringToMap and the StringSize arguments. The destination buffer is either allocated on the stack or heap depending on the specified sizes. In both cases it can be overflown leading to arbitrary code execution under the context of the SYSTEM user. -- Vendor Response: LANDesk has issued an update to correct this vulnerability. More details can be found at: http://community.landesk.com/support/docs/DOC-3276 -- Disclosure Timeline: 2008-09-03 - Vulnerability reported to vendor 2008-09-15 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Aaron Portnoy, TippingPoint DVLabs ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD
Lately it has been getting very... busy with all of n3td3v's ramblings however I have anything with his name in it go into a separate folder so as to not distract me from the list as a whole. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TJ Sent: 15 September 2008 22:22 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD I dunno, lately it is going beyond amusing and straight past the 90% mark of distractions / useless garbage / possibly imbalanced ramblings . might be time to fire up a filter, sadly. /TJ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stack Smasher Sent: Monday, September 15, 2008 4:38 PM To: Od Orf Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] [RFC] Very Low Signal to Noise Ratio on FD I would never think of filtering FD, the colorful comments are what make this list classic! Filtering it out would be a tragedy and a crime against humanity. On Mon, Sep 15, 2008 at 3:45 PM, Od Orf [EMAIL PROTECTED] wrote: Dear All, I've been reading Full Disclosure for quite some time and, for the most part, value the content I find here. It helps me with my work and helps me keep abreast of developments in the wonderful worlds of network and application security. In this post, I seek to spark some discussion as to how this unmoderated list might improve it's effectiveness with regard to self-policing and how subscribers might employ methods to filter extraneous content whilst retaining that which is truly valuable. On a personal level, I have tried in the past to filter out posts which fail to meet certain criteria using both blacklists and whitelists of content keywords. I've found these to be ineffective in so much as either filtering the signal or not filtering the noise to varying degrees. I've tried blacklisting email addresses where the content is often of little value, but again this is not very effective at filtering out noise (although it usually has very little negative impact on the signal). These methods have taken-up far too much time to implement and manage for their levels of effectiveness and perhaps exceed the time spent manually reviewing posts to determine their worth. Many of you would no doubt agree that the dissatisfaction with the level of noise is oft expressed (which often generates further noise). One possible solution which would require consensus might to be apply lessons learned by parents and other adults with responsibility for children. When dealing with a child displaying anti-social or otherwise undesired behaviour, one should not engage the child at that same level. For example, one should not retort as this implies permission and complicity. Instead a clear indication should be given that the behaviour of the child does not meet the required level of desirability. This should be done in a non-threatening, but authoritative response and delivered in an articulate and consistent manner. The key is to set clear boundaries. Failure to stay within clearly defined boundaries carries a penalty, such as a child time-out (naughty-chair) where the child is removed to an area where they are unable to participate but can observe the continuation of normal activity. Obviously I am not comparing any FD users to children nor suggesting they be treated as such, but I think that an approach similar to this may have some merit for dealing with the phenomenon of noise escalation which often occurs in response to a noisy event. If, for example, a message was posted to the list which was perceived to be undesirable, disrespectful or otherwise noisy it might help a great deal if firstly the poster were gently chided with respect to their post and secondly the post elicited no other response and certainly none which might be perceived as undesirable. The latter I think is most important because without such responses, there is a) less noise generated and b) less fuel for those who repeatedly post trivial and useless or inflammatory material. Finally, I should say that I am acutely aware that this post may itself be construed as noise, but I hope humbly that it is received in the spirit with which it is meant. I welcome your ideas and recommendations. Sincerely, Iain O'Dorf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- If you see me laughing, you better have backups smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/