Re: [Full-disclosure] CVE-2010-0249 in the wild

2010-01-22 Thread exploit dev
It is funny to me the hax0r cool biological warfare (since people love
> to compare the two, bleh.) aspect of these attacks originating,
> supposedly, from a country whose population is more susceptible to
> compromise than that of the target.


I totally agree with you. Just think that some hosts "neighbors" to domains
found (related to cve-2010-0249), from what I saw, exploits vulnerabilities
through ActiveX Applications (toolbar, IM, media player) that are designed
in China for the Chinese.





-- 
http://extraexploit.blogspot.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] CVE-2010-0249 in the wild

2010-01-22 Thread Marc Maiffret
And one has to wonder what exactly it means if anything that some of
the exploits involved are dropping malware that installs and
manipulates your web browsing experience to be geared towards
Sogou.com, a distasteful Google knock off in China. More than that
though they even install Sogou Explorer which appears to be a Google
Chrome like, but yet again clunky, knock off.

So is it attackers that just happen to really love Sogou and want to
share it with the world? Criminals doing it to make money off of Sogou
browser install referral programs? (If they have such a thing.)
Chinese company looking to expand its market share through hacking?
And if so is there government support for such a program? And if so
again then how does Baidu feel about that? Or something else entirely
making this a completely moot point to begin with? Inquiring minds
want to know...

It is funny to me the hax0r cool biological warfare (since people love
to compare the two, bleh.) aspect of these attacks originating,
supposedly, from a country whose population is more susceptible to
compromise than that of the target. That is of course at least more
easily susceptible given the prevalence and reliability of IE 6
exploits vs. other IE versions. With China having an estimated 60%[1]
of browsers on IE6 vs. 12% in the U.S. Not to imply further as to a
country being the culprit. In that vein though you do have to find the
irony that unlike physical warfare, where a dropped bomb is a dead
bomb,  here in cyberspace you can drop a bomb that can then be tossed
back at you more effectively than your original.

Signed,
Marc Maiffret
Chief Security Architect
FireEye, Inc.
http://www.FireEye.com

[1] - http://gs.statcounter.com/#browser_version-CN-daily-20080701-20100119-bar

On Fri, Jan 22, 2010 at 2:41 PM, exploit dev  wrote:
> Hi to all,
>
> i have just updated the list of URL that spreading stuff through
> cve-2010-0249. If you are interested check:
>
> http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html
>
> --
> http://extraexploit.blogspot.com
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] CVE-2010-0249 in the wild

2010-01-22 Thread exploit dev
Hi to all,

i have just updated the list of URL that spreading stuff through
cve-2010-0249. If you are interested check:

http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html


-- 
http://extraexploit.blogspot.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Netragard's Exploit Acquisition Program -- We're back at it again.

2010-01-22 Thread Netragard Advisories
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

We've brought back our Exploit Acquisition Program.   For those interested in 
selling research, have a read.  

http://snosoft.blogspot.com/2010/01/resurrection-of-eap.html


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAktaJfIACgkQQwbn1P9Iaa3GYwCcCbgeInSodccat5AKd66NvDqr
YrAAoKGjdArdZA3qX6tuyUTZFAdo24kB
=+X7r
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] Silverstripe <= v2.3.4: two XSS vulnerabilities

2010-01-22 Thread Moritz Naumann
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Silverstripe CMS, , version 2.3.4 and lower
(and its unreleased 2.4 branch), is vulnerable to two Cross Site
Scripting issues.

1. The comment posting mechanism of Silverstripe ('PostCommentForm')
fails to properly sanitize the 'CommenterURL' parameter. This allows for
persistent injection of HTML or javascript code within existing HTML tags.

2. The forum module is vulnerable to a reflective XSS issue caused by
the search script failing to properly sanitize input to the 'Search'
parameter. When invoking this URL:
SILVERSTRIPESITE/forums/search/?Search=%22%20onmouseover=%22javascript:alert%280%29;%22
trying to reorder the search results will trigger execution of the
injected javascript code.


According to its quickly responding developers, Silverstripe version
2.3.5 fixes both issues:
http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456

Relevant SCM changesets:
http://open.silverstripe.org/changeset/97034
http://open.silverstripe.org/changeset/97070
http://open.silverstripe.org/changeset/97073
http://open.silverstripe.org/changeset/97074
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREKAAYFAktZ9qEACgkQn6GkvSd/BgzVmACfaNiygTiaMy59QygEu0xeZ93S
KzsAoIIQA7krAVdNycjXdh7EaIMUiVk+
=9I4y
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] [USN-890-3] Python 2.4 vulnerabilities

2010-01-22 Thread Jamie Strandboge
===
Ubuntu Security Notice USN-890-3   January 22, 2010
python2.4 vulnerabilities
CVE-2009-3560, CVE-2009-3720
===

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4   2.4.3-0ubuntu6.4
  python2.4-minimal   2.4.3-0ubuntu6.4

Ubuntu 8.04 LTS:
  python2.4   2.4.5-1ubuntu4.3
  python2.4-minimal   2.4.5-1ubuntu4.3

Ubuntu 8.10:
  python2.4   2.4.5-5ubuntu1.2
  python2.4-minimal   2.4.5-5ubuntu1.2

Ubuntu 9.04:
  python2.4   2.4.6-1ubuntu3.2.9.04.1
  python2.4-minimal   2.4.6-1ubuntu3.2.9.04.1

Ubuntu 9.10:
  python2.4   2.4.6-1ubuntu3.2.9.10.1
  python2.4-minimal   2.4.6-1ubuntu3.2.9.10.1

After a standard system upgrade you need to restart any Python 2.4
applications that use the PyExpat module to effect the necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for the PyExpat module in Python 2.4.

Original advisory details:

 Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
 not properly process malformed XML. If a user or application linked against
 Expat were tricked into opening a crafted XML file, an attacker could cause
 a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
 
 It was discovered that Expat did not properly process malformed UTF-8
 sequences. If a user or application linked against Expat were tricked into
 opening a crafted XML file, an attacker could cause a denial of service via
 application crash. (CVE-2009-3560)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3-0ubuntu6.4.diff.gz
  Size/MD5:  2664095 5de4651cbd7cde17234d4211ba2411ae

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3-0ubuntu6.4.dsc
  Size/MD5: 1231 531ed5726641e53070416713ae73fc13

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3.orig.tar.gz
  Size/MD5:  9328584 fd9dd825b8c680fa04c2fc2c957964b1

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/idle-python2.4_2.4.3-0ubuntu6.4_all.deb
  Size/MD5:   243560 46eb30d3ba78d65a24942d45399ab253

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-doc_2.4.3-0ubuntu6.4_all.deb
  Size/MD5:  3358290 ddd3fe197e3e098f60440048d47eb887

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-examples_2.4.3-0ubuntu6.4_all.deb
  Size/MD5:   587756 2066487eb0f6b0c2928fc992162a77af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dbg_2.4.3-0ubuntu6.4_amd64.deb
  Size/MD5:  5570950 10762ebd4d1da8b3f5c154b0331e72ab

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dev_2.4.3-0ubuntu6.4_amd64.deb
  Size/MD5:  1635738 bb3f078081d50c309edd48f768b3c731

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-gdbm_2.4.3-0ubuntu6.4_amd64.deb
  Size/MD5:30414 67faa5e501c7f3dc9a3963f7048df087

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-minimal_2.4.3-0ubuntu6.4_amd64.deb
  Size/MD5:   794578 9f54103d56a5f8df99c802846452c047

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-tk_2.4.3-0ubuntu6.4_amd64.deb
  Size/MD5:   114202 49798f581bc3d754a6f1f70100a4fd43

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3-0ubuntu6.4_amd64.deb
  Size/MD5:  2862842 a734f567c48c97db1a9edaab2293cd36

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dbg_2.4.3-0ubuntu6.4_i386.deb
  Size/MD5:  4832926 e3b2968fe756fe6afb9c71392420b906

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dev_2.4.3-0ubuntu6.4_i386.deb
  Size/MD5:  1466698 c8a5dbb232fdc29bc527f46729e3f68b

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-gdbm_2.4.3-0ubuntu6.4_i386.deb
  Size/MD5:29704 9006cb06f2fdf32ce673583b1908e789

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-minimal_2.4.3-0ubuntu6.4_i386.deb
  Size/MD5:   703714 fc3f12993b059cb8bfd324a15fdf16eb

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-tk_2.4.3-0ubuntu6.4_i386.deb
  Size/MD5:   110502 07647877c6b7c58848e7055936c8

http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/p

Re: [Full-disclosure] PHC is _NOT_ DEAD !!!!

2010-01-22 Thread phc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


>my spamfilter is crying now

STFU !! y0 fuqin jew !!!

>> Heh.  I agree, but only because this month has been a fairly
>quiet one
>> regarding n3td3v drama.

from now on, everything would be darker and deeper

On Fri, 22 Jan 2010 03:24:48 +0200 dramacrat 
wrote:
>why you gotta say shit like that
>
>my spamfilter is crying now
>
>2010/1/22 Rohit Patnaik 
>
>> Heh.  I agree, but only because this month has been a fairly
>quiet one
>> regarding n3td3v drama.
>>
>> --Rohit Patnaik
>>
>>
>> On Thu, Jan 21, 2010 at 10:20 AM, Christian Sciberras
>wrote:
>>
>>> Vote +1 for "message of the month" award.
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Jan 21, 2010 at 2:22 PM,  wrote:
>>>
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 peep game nigga, peep game, feel us !



 - --Phrack High Council
 -BEGIN PGP SIGNATURE-
 Charset: UTF8
 Note: This signature can be verified at
>https://www.hushtools.com/verify
 Version: Hush 3.0


>wpwEAQMCAAYFAktYVRAACgkQPBffzoCVnANW3QP9EMxg0GLjH2DfaH7sAsH/0UsrBQz
>+

>yo+ob4Qy8hF373vHTy0GjTxLYPPYuT58xUEwdzO/vnHNJlGkWjbCucnJiQj3hAdXZ/R
>/

>fYQP1Kg978//PDBMyTUBRCwIafjELdhHgUl3a7nR7dlRsu8hRx6ebHncw0+HmfW95uh
>Y
 VpjBPQ4=
 =AsaL
 -END PGP SIGNATURE-

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAktZiesACgkQPBffzoCVnAPinQQAkeizwPKNujYcvNIr56+EBFTtWFPE
AqWH3VmxflT6cmZXbf6Ojj1+zbWn9Tkz3yFlOlnfnEvVQ5HI9UsP1kKCJZmnktPTG01X
rXJzqVHc0Llcacc7JNRFSoPogxn07d2ZuwBF/y8X3F6zWTT0NP/L8ouDsLK7hotvI9Bg
Ihn7Kmc=
=qCEP
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] iiscan results - a closer look

2010-01-22 Thread Gregor Schneider
FYI:

Here's a brief analysis of the IISCAN-ops:

http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html

Cheers

Gregor
-- 
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] PHC is _NOT_ DEAD !!!!

2010-01-22 Thread Christian Sciberras
Looks like someone touched a nerve...
My impression of PHC is that of a couple of sploit kidsif that's the
best they can throw at us.






On Fri, Jan 22, 2010 at 12:20 PM,  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> >my spamfilter is crying now
>
> STFU !! y0 fuqin jew !!!
>
> >> Heh.  I agree, but only because this month has been a fairly
> >quiet one
> >> regarding n3td3v drama.
>
> from now on, everything would be darker and deeper
>
> On Fri, 22 Jan 2010 03:24:48 +0200 dramacrat 
> wrote:
> >why you gotta say shit like that
> >
> >my spamfilter is crying now
> >
> >2010/1/22 Rohit Patnaik 
> >
> >> Heh.  I agree, but only because this month has been a fairly
> >quiet one
> >> regarding n3td3v drama.
> >>
> >> --Rohit Patnaik
> >>
> >>
> >> On Thu, Jan 21, 2010 at 10:20 AM, Christian Sciberras
> >wrote:
> >>
> >>> Vote +1 for "message of the month" award.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Thu, Jan 21, 2010 at 2:22 PM,  wrote:
> >>>
>  -BEGIN PGP SIGNED MESSAGE-
>  Hash: SHA1
> 
>  peep game nigga, peep game, feel us !
> 
> 
> 
>  - --Phrack High Council
>  -BEGIN PGP SIGNATURE-
>  Charset: UTF8
>  Note: This signature can be verified at
> >https://www.hushtools.com/verify
>  Version: Hush 3.0
> 
> 
> >wpwEAQMCAAYFAktYVRAACgkQPBffzoCVnANW3QP9EMxg0GLjH2DfaH7sAsH/0UsrBQz
> >+
> 
> >yo+ob4Qy8hF373vHTy0GjTxLYPPYuT58xUEwdzO/vnHNJlGkWjbCucnJiQj3hAdXZ/R
> >/
> 
> >fYQP1Kg978//PDBMyTUBRCwIafjELdhHgUl3a7nR7dlRsu8hRx6ebHncw0+HmfW95uh
> >Y
>  VpjBPQ4=
>  =AsaL
>  -END PGP SIGNATURE-
> 
>  ___
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
> 
> >>>
> >>>
> >>> ___
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>
> >>
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wpwEAQMCAAYFAktZiesACgkQPBffzoCVnAPinQQAkeizwPKNujYcvNIr56+EBFTtWFPE
> AqWH3VmxflT6cmZXbf6Ojj1+zbWn9Tkz3yFlOlnfnEvVQ5HI9UsP1kKCJZmnktPTG01X
> rXJzqVHc0Llcacc7JNRFSoPogxn07d2ZuwBF/y8X3F6zWTT0NP/L8ouDsLK7hotvI9Bg
> Ihn7Kmc=
> =qCEP
> -END PGP SIGNATURE-
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes

2010-01-22 Thread Jeffrey Walton
> Given Microsoft's already poor reputation regarding security, I'm not sure
> how it'd be possible for them to degrade their reputation any more
I don't believe its as bad as you think since Microsoft adopted a SDLC
(prior to circa 2001 was a different story). I also believe a
significant portion of the perception is due to vendors running on a
Windows operating system. When is the last time you heard someone
bashing Adobe, which is currently 'King of the Vulnerability Hill.'?

"Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009)
http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/
"Adobe predicted as top 2010 hacker target" (Dec 2009)
http://www.theregister.co.uk/2009/12/29/security_predictions_2010/.

You're probably not going to like this, but in 2003, Apache on Linux
over took IIS as most defaced (the Server market share between Windows
and *nix appears to be about equal - see below). Zone-H Statistics
Report, http://www.zone-h.org/news/id/4686

I'm not sticking up for Microsoft. I simply claim the numbers state otherwise.

> Very few people use Microsoft software because of its security reputation.
Presuming 'people' equates to Desktop installations, the numbers I
have seen indicate otherwise. When estimated through browser use,
Microsoft appears to have about 90%. Personally, I am familiar with
two US federal agencies where the desktop is exclusively Microsoft
(about 160,000 total hosts combined, unless the US government has
downsized since 2006).

If you're talking about servers, the numbers indicate that Microsoft
is on par with *nix (IDC report) or slightly above *nix (Gartner
report).

Again, I'm not sticking up for Microsoft. I simply claim the numbers
state otherwise.

> The main reasons for using Microsoft are ease of use and compatibility
> with other users.
Is *nix not trying to do the same? These are two key factors which
*must* be fulfilled before *nix can displace Microsoft on the Desktop.
IT departments like 'easy to use' - it keeps help desk calls to a
minimum. IT departments also like compatibility since they don't have
to spend time researching problems, workarounds, and solutions.

> Given that, I'm not sure that Microsoft's perception will be
> affected very much in the user community.
Agreed.

I do question Microsoft's position on *not* patching flaws when
discovered or reported in a timely manner. But that's another story,
and brings in co-conspirators, such as iDefense and TippingPoint.

For example, CVE-2009-2502 was reported to Microsoft in 2007 by a firm
which buys bugs to save everyone from 0-days. Microsoft probably knew
about the 2502 bug earlier, since the GDI+/JPEG vuln was made public
in Microsoft Security Bulletin MS04-028 (I'm making the leap that
Microsoft performed additional audits on the GDI+ module when reports
started arriving). Yet the bug was not fixed until 2009 (almost 2
years). See http://seclists.org/fulldisclosure/2009/Oct/196.

~JW

On Thu, Jan 21, 2010 at 6:34 PM, Rohit Patnaik  wrote:
> Given Microsoft's already poor reputation regarding security, I'm not sure
> how it'd be possible for them to degrade their reputation any more.  Very
> few people use Microsoft software because of its security reputation.  The
> main reasons for using Microsoft are ease of use and compatibility with
> other users.  Given that, I'm not sure that Microsoft's perception will be
> affected very much in the user community.
>
> -- Rohit Patnaik
>
> On Wed, Jan 20, 2010 at 6:17 PM, ☣ frank^2  wrote:
>>
>> On Wed, Jan 20, 2010 at 10:25 AM, Dan Kaminsky  wrote:
>> > Seriously.  I mean, just look at Linux, Firefox, and OpenOffice.
>> > Pristine code, not a single security vulnerability between them :)
>> >
>>
>> That's a red herring. His point was the public perception of the
>> software company-- true or not-- would be hindered because Microsoft
>> is all-encompassing. Compared to the world of open-source, the risk is
>> distributed by the sheer virtue of software engineering being
>> distributed amongst thousands of entities. This means that the
>> vulnerabilities are spread across different parties, rather than
>> having all vulnerabilities encompassed by a single party-- in this
>> case, Microsoft.
>>
>> His argument was irrelevant to corporations vs. open-source being more
>> vulnerable than one another-- it was simply a commentary on
>> distributed risk in software engineering.
>>
>> --
>> "Did you and them get your degree from the same university of trolls?
>> I have mistaken nothing for nothing. Fuck you."
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_