[Full-disclosure] [ MDVSA-2009:257 ] qemu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:257 http://www.mandriva.com/security/ ___ Package : qemu Date: October 5, 2009 Affected: 2009.0, Enterprise Server 5.0 ___ Problem Description: Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. (CVE-2008-0928) The updated packages have been patched to prevent this. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928 ___ Updated Packages: Mandriva Linux 2009.0: 57bef154e8cd25b642dce57763e16554 2009.0/i586/dkms-kqemu-1.4.0-0.pre1.0.2mdv2009.0.i586.rpm 329a667ed2903819014161849d344861 2009.0/i586/qemu-0.9.1-0.r5137.1.2mdv2009.0.i586.rpm db1ca03164a5ff2de841c4037c450bd6 2009.0/i586/qemu-img-0.9.1-0.r5137.1.2mdv2009.0.i586.rpm 93fdd8eee03c1f6096d8191a192f4640 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 8ac6d994096bf85f3e4b4e708148e13c 2009.0/x86_64/dkms-kqemu-1.4.0-0.pre1.0.2mdv2009.0.x86_64.rpm 2f8acf7a55e0c6e68a41da161c28d8e8 2009.0/x86_64/qemu-0.9.1-0.r5137.1.2mdv2009.0.x86_64.rpm 5dd666c65695a3a3db651455e735d5df 2009.0/x86_64/qemu-img-0.9.1-0.r5137.1.2mdv2009.0.x86_64.rpm 93fdd8eee03c1f6096d8191a192f4640 2009.0/SRPMS/qemu-0.9.1-0.r5137.1.2mdv2009.0.src.rpm Mandriva Enterprise Server 5: 3438296928c91d6622555fc99b1f351a mes5/i586/dkms-kqemu-1.4.0-0.pre1.0.2mdvmes5.i586.rpm 37c18d0d549fc3820f010b11dc59fabf mes5/i586/qemu-0.9.1-0.r5137.1.2mdvmes5.i586.rpm e53fcf1dac65b13c16dbdc78dcb05ecd mes5/i586/qemu-img-0.9.1-0.r5137.1.2mdvmes5.i586.rpm b154a1c5d6ac4e5b2a010fe2f1bf32eb mes5/SRPMS/qemu-0.9.1-0.r5137.1.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 2969010fc07ede667a6638a2826aa2fc mes5/x86_64/dkms-kqemu-1.4.0-0.pre1.0.2mdvmes5.x86_64.rpm ef9508b52fc4f1f16e077d37f34ea63c mes5/x86_64/qemu-0.9.1-0.r5137.1.2mdvmes5.x86_64.rpm 034235886f9799bda18d9e8018e4 mes5/x86_64/qemu-img-0.9.1-0.r5137.1.2mdvmes5.x86_64.rpm b154a1c5d6ac4e5b2a010fe2f1bf32eb mes5/SRPMS/qemu-0.9.1-0.r5137.1.2mdvmes5.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKy4clmqjQ0CJFipgRAnk+AJ9LASPFW6fXHJ0sDZUT9RbJo8Wt/QCg5+NK R/D7OiJge6nzf7peU/UWjuQ= =S5Q3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:256 ] dbus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:256 http://www.mandriva.com/security/ ___ Package : dbus Date: October 6, 2009 Affected: 2008.1, 2009.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability was discovered and corrected in dbus: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 (CVE-2009-1189). This update provides a fix for this vulnerability. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189 ___ Updated Packages: Mandriva Linux 2008.1: a1d1e3dc737e1a4827a9529db2e3308a 2008.1/i586/dbus-1.1.20-5.2mdv2008.1.i586.rpm e9a35f39a855151ca27c06b261a34a4d 2008.1/i586/dbus-x11-1.1.20-5.2mdv2008.1.i586.rpm 11f206c95fd281daeab789ec3e7b4c21 2008.1/i586/libdbus-1_3-1.1.20-5.2mdv2008.1.i586.rpm d3907296ccc8a6fa66f716907c0bb780 2008.1/i586/libdbus-1-devel-1.1.20-5.2mdv2008.1.i586.rpm aa54669bdc4c618d680156b633db24c7 2008.1/SRPMS/dbus-1.1.20-5.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 5221836d3ef1c8269d52079c67945d4a 2008.1/x86_64/dbus-1.1.20-5.2mdv2008.1.x86_64.rpm b6503f824662c20dc0ecc5d334fe5ce8 2008.1/x86_64/dbus-x11-1.1.20-5.2mdv2008.1.x86_64.rpm 1f06af2644b6977c45751a6a40ef83e3 2008.1/x86_64/lib64dbus-1_3-1.1.20-5.2mdv2008.1.x86_64.rpm 324a55d3ded9a2880969ee20fba3827f 2008.1/x86_64/lib64dbus-1-devel-1.1.20-5.2mdv2008.1.x86_64.rpm aa54669bdc4c618d680156b633db24c7 2008.1/SRPMS/dbus-1.1.20-5.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 215ccf38f576bec61e61fc6051124434 2009.0/i586/dbus-1.2.3-2.2mdv2009.0.i586.rpm f9fa47fe70299069babb6f8c9713af7e 2009.0/i586/dbus-x11-1.2.3-2.2mdv2009.0.i586.rpm 697fa33756593aa08f0ba95058dfe35b 2009.0/i586/libdbus-1_3-1.2.3-2.2mdv2009.0.i586.rpm b330b7b339ff67790c30da985dd7f440 2009.0/i586/libdbus-1-devel-1.2.3-2.2mdv2009.0.i586.rpm 031a8c677cc5991ca5e8e697133c11aa 2009.0/SRPMS/dbus-1.2.3-2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 10de67ba852e1f03c8c5068a1932c9a4 2009.0/x86_64/dbus-1.2.3-2.2mdv2009.0.x86_64.rpm 63126e1831d32cc8fca0d302a854110a 2009.0/x86_64/dbus-x11-1.2.3-2.2mdv2009.0.x86_64.rpm 9502f2304d46083597555fce5002f036 2009.0/x86_64/lib64dbus-1_3-1.2.3-2.2mdv2009.0.x86_64.rpm 61ff69d44d8a5ee5a074896a1367c44b 2009.0/x86_64/lib64dbus-1-devel-1.2.3-2.2mdv2009.0.x86_64.rpm 031a8c677cc5991ca5e8e697133c11aa 2009.0/SRPMS/dbus-1.2.3-2.2mdv2009.0.src.rpm Mandriva Enterprise Server 5: 70a9654d8ce376e719b746ac6d6f18ce mes5/i586/dbus-1.2.3-2.2mdvmes5.i586.rpm c7046464734a015f02178186b3172cbe mes5/i586/dbus-x11-1.2.3-2.2mdvmes5.i586.rpm 5d80c2ad6fa253e65abd0d22c15e1682 mes5/i586/libdbus-1_3-1.2.3-2.2mdvmes5.i586.rpm a1977f7af5f039346775da2cbd8fbddd mes5/i586/libdbus-1-devel-1.2.3-2.2mdvmes5.i586.rpm a8041ed9daac331ec21941be8807635c mes5/SRPMS/dbus-1.2.3-2.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: ffe499ed02e415401abfeb6ff47df151 mes5/x86_64/dbus-1.2.3-2.2mdvmes5.x86_64.rpm 4fce107e5ffd58229e6f252120defee7 mes5/x86_64/dbus-x11-1.2.3-2.2mdvmes5.x86_64.rpm c67a437e620a291c359ca24e335d77c6 mes5/x86_64/lib64dbus-1_3-1.2.3-2.2mdvmes5.x86_64.rpm 80cbb52eff0c2ccbb07aea8fe6a97251 mes5/x86_64/lib64dbus-1-devel-1.2.3-2.2mdvmes5.x86_64.rpm a8041ed9daac331ec21941be8807635c mes5/SRPMS/dbus-1.2.3-2.2mdvmes5.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKy4IamqjQ0CJFipgRAlN/AJ4rUpjwNUgJX/wqcVGk8PS0yz41MQCg2t6k 0wyxtDmzMG4xdp7fO86yTf8= =7PMi -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-dis
[Full-disclosure] CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Jetty Persistent XSS in Sample Cookies Application 1. *Advisory Information* Title: Jetty Persistent XSS in Sample Cookies Application Advisory Id: CORE-2009-0922 Advisory URL: http://www.coresecurity.com/content/jetty-persistent-xss Date published: 2009-10-06 Date of last update: 2009-10-06 Vendors contacted: Jetty Team Release mode: Coordinated release 2. *Vulnerability Information* Class: Persistent Cross-site Scripting [CWE-79] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: N/A CVE Name: N/A 3. *Vulnerability Description* Jetty [1] includes several sample web applications for the developer to learn from. One of them sets cookies with user supplied data, and then dumps them as html. This application does not filter the user supplied data when outputting it to the visitor. This constitutes a persistent XSS vulnerability [2]. This application accepts the cookie content as a GET parameter. This allows an attacker to trick someone into clicking a handcrafted link with malicious code as the cookie content, and thus executing that code in a privileged domain, such as localhost, any domain in the intranet zone, or a domain where another web application is running. For example, the following link will result in JavaScript code being executed on the localhost domain if the victim has deployed a default installation of Jetty in his workstation: http://localhost:8080/cookie/?Name=aaa&Value=bbbalert(1)bbbccc&Age=. 4. *Vulnerable packages* . Jetty 6.1.19 . Jetty 6.1.20 5. *Non-vulnerable packages* . Jetty 6.1.21 . Jetty 7.0.0 6. *Vendor Information, Solutions and Workarounds* A workaround is to disable this particular example on any running instance of Jetty in a particular workstation. Examples should always be disabled on production servers, as recommended by the software vendor. 7. *Credits* This vulnerability was discovered by Aureliano Calvo from Core Security Technologies during Bugweek 2009 [3]. 8. *Technical Description / Proof of Concept Code* The problem resides in the 'CookieDump.java' file from the examples. /- Cookie[] cookies = request.getCookies(); for (int i=0;cookies!=null && i"+cookies[i].getName()+"="+cookies[i].getValue()+""); } - -/ 'cookies[i].getValue()' should be filtered to avoid malicious code from being executed. 9. *Report Timeline* . 2009-09-22: Core Security Technologies contacts Jan Bartel and Greg Wilkins from Webtide, notifying them of the existence of a XSS vulnerability in a sample application. Core sends its PGP key and asks Jan for his, would he like to keep future communications encrypted. . 2009-09-23: Greg Wilkins asks for technical information about the vulnerability in plaintext. He also comments that some vulnerabilities have been fixed in the 6.1.21 and 7.0 releases, and asks Core to verify if the reported vulnerability has already been fixed in their repositories. . 2009-09-23: Technical details are sent by Core, specifying that the Persistent XSS that was discovered has not been fixed in the repositories pointed to by Greg. Core asks for a release date for the fixed version of Jetty in order to release the advisory only when a fixed version is available. . 2009-09-24: Greg Wilkins acknowledges the vulnerability and confirms it will be fixed on release 7.0.0, due the week of September 28th. A release date for Jetty 6.1.22 is not yet scheduled. Greg mentions that the recommended workaround for production servers is not to deploy the example applications. . 2009-09-28: Core reminds Greg that a deadline for the release of this advisory has been set to Monday October 5th. . 2009-09-28: Greg Wilkins agrees with the proposed publication date, since there is a good workaround. . 2009-10-06: The advisory CORE-2009-0922 is published. 10. *References* [1] http://jetty.mortbay.org/ [2] http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) [3] The author participated in Core Bugweek 2009 as member of the team "Bugged Coffee". 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 12. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security
Re: [Full-disclosure] when I grow up
On Tue, 06 Oct 2009 10:46:19 EDT, T Biehn said: > Can't you make a good hunk of low-risk cash by 'pretending' to be a > money mule? (Profile: 20s, looking for 'easy' work.) Stealing from the old Mafia wasn't so bad. If you got caught, it was usually "just business" and they dispatched you in the most economical way feasible. These days, the field is dominated by crazy and rutheless South American drug cartels, ruthless and crazy Asian Yakuza-like gangs, and *really* crazy, ruthless, psycopathic gangs from the Ukraine. Low risk? Hardly. pgpEBTSeZMAmZ.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-843-1] BackupPC vulnerability
=== Ubuntu Security Notice USN-843-1 October 06, 2009 backuppc vulnerability CVE-2009-3369 === A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: backuppc3.0.0-4ubuntu1.1 Ubuntu 8.10: backuppc3.1.0-3ubuntu2.1 Ubuntu 9.04: backuppc3.1.0-4ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.0.0-4ubuntu1.1.diff.gz Size/MD5:21923 9900a0a3545140aa8dfa99c82325c2a6 http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.0.0-4ubuntu1.1.dsc Size/MD5: 725 b95b75a4b08f5d51b0cc498e3b11abd5 http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.0.0.orig.tar.gz Size/MD5: 432200 dc37728c1dc9225354523f279045f3f3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.0.0-4ubuntu1.1_all.deb Size/MD5: 491322 b09233c28365bca07e7589cde9e70f29 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0-3ubuntu2.1.diff.gz Size/MD5:24091 e9caaf9693e426e523d383844cfd http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0-3ubuntu2.1.dsc Size/MD5: 1123 655eb9b56a61072ee29f5c12096c1cbb http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0.orig.tar.gz Size/MD5: 474981 84b4471852ef910768eae9963ef932d2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0-3ubuntu2.1_all.deb Size/MD5: 537934 8ba6638c0e0c971db6c0b5a8635cd54e Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0-4ubuntu1.1.diff.gz Size/MD5:27074 395e09fdee61feb651812c68d447e1c7 http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0-4ubuntu1.1.dsc Size/MD5: 1123 b71592b894e37a3e08a42f13b0884f2c http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0.orig.tar.gz Size/MD5: 474981 84b4471852ef910768eae9963ef932d2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/b/backuppc/backuppc_3.1.0-4ubuntu1.1_all.deb Size/MD5: 540222 b52db5cf3ec5b95fa34eeff76046e318 signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-842-1] Wget vulnerability
=== Ubuntu Security Notice USN-842-1 October 06, 2009 wget vulnerability CVE-2009-3490 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: wget1.10.2-1ubuntu1.1 Ubuntu 8.04 LTS: wget1.10.2-3ubuntu1.1 Ubuntu 8.10: wget1.11.4-1ubuntu1.1 Ubuntu 9.04: wget1.11.4-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.diff.gz Size/MD5:13576 1e0bd3f6766ccec47e56543add24f6ee http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1.dsc Size/MD5: 635 2fc7a7bb0b375f0197066634251b678f http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_amd64.deb Size/MD5: 242902 bc6388c0a62bfeb733bd9650831a16d7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_i386.deb Size/MD5: 231806 a2db447d60ee6a2c110d0821710f64e5 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_powerpc.deb Size/MD5: 237456 0cb5f38c14d929ff5bf4cf49f596173f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-1ubuntu1.1_sparc.deb Size/MD5: 234566 5715c3e3c7a1fdc5088062620c1ef7a0 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.diff.gz Size/MD5: 159701 285fb3ed2f3b72cfb2a660aa69e88992 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1.dsc Size/MD5: 724 64e8f5ca18e46e6b623f28f32636b3b0 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2.orig.tar.gz Size/MD5: 1213056 795fefbb7099f93e2d346b026785c4b8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_amd64.deb Size/MD5: 245188 3ce5dcf59f0b6846d0e1603e7792b767 http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_amd64.udeb Size/MD5: 113810 32e6d086f555f54d7e792308e9a751fe i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_i386.deb Size/MD5: 237758 333fc10b43cabaea85ba3bf2e8f8912d http://security.ubuntu.com/ubuntu/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_i386.udeb Size/MD5: 106420 d9b515296d12378b9836107b566c5f98 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_lpia.deb Size/MD5: 237412 a8a6b4b9be478453498db1c973ce0bae http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_lpia.udeb Size/MD5: 106408 e4963b7ffe58e88dca118a9a2eebd6ea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_powerpc.deb Size/MD5: 253120 8808b0485d41f832ec07583d8aabd5f5 http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_powerpc.udeb Size/MD5: 121562 bb4a522a48a60ae1802bbfb098011002 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/w/wget/wget_1.10.2-3ubuntu1.1_sparc.deb Size/MD5: 239116 a96b7a74035cec7ee7b652e0f8723c35 http://ports.ubuntu.com/pool/universe/w/wget/wget-udeb_1.10.2-3ubuntu1.1_sparc.udeb Size/MD5: 107290 e23bd05c06e106745de3c29e46e5d330 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.diff.gz Size/MD5:18317 8600c594c0263c32b546ee4aeab34621 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.11.4-1ubuntu1.1.dsc Size/MD5: 1162 f8bdcd44667c37f106b514d94264f4bd http://security.ubuntu.com/ubuntu/pool/mai
Re: [Full-disclosure] when I grow up
VK, obviously you don't own the account you have them send the money to. You just happen to have an 'entangled' ATM card. -Travis On Tue, Oct 6, 2009 at 11:00 AM, wrote: > On Tue, 06 Oct 2009 10:46:19 EDT, T Biehn said: >> Can't you make a good hunk of low-risk cash by 'pretending' to be a >> money mule? (Profile: 20s, looking for 'easy' work.) > > Stealing from the old Mafia wasn't so bad. If you got caught, it was > usually "just business" and they dispatched you in the most economical > way feasible. > > These days, the field is dominated by crazy and rutheless South American drug > cartels, ruthless and crazy Asian Yakuza-like gangs, and *really* crazy, > ruthless, psycopathic gangs from the Ukraine. > > Low risk? Hardly. > > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] when I grow up
Can't you make a good hunk of low-risk cash by 'pretending' to be a money mule? (Profile: 20s, looking for 'easy' work.) -Travis On Tue, Oct 6, 2009 at 8:40 AM, RandallM wrote: > ...when I grow up Daddy, I want to be a Money Mule! > > -- > been great, thanks > a.k.a System > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] when I grow up
...when I grow up Daddy, I want to be a Money Mule! -- been great, thanks a.k.a System ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
