[Full-disclosure] [HITB-Announce] HITBSecConf2009 - Malaysia Videos Released! *Correction*

[Hafez Kamal]

 Justin Lundy (Founder & CEO, Subterrain) was replaced by Fyodor Yarochkin & 
The Grugq. Sorry about that Fyodor! :D

---
Hafez Kamal
HITB Crew
Hack in The Box (M) Sdn. Bhd.
Suite 26.3, Level 26, Menara IMC,
No. 8 Jalan Sultan Ismail,
50250 Kuala Lumpur,
Malaysia

Tel: +603-20394724
Fax: +603-20318359

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[Jubei Trippataka]

On Wed, Mar 24, 2010 at 1:05 AM,  wrote:

> Could you please stop all this fucking noise ?
> On such a mailing-list people want to read of technical facts, not all
> this shit that has been polluting the list recently.
> Retarted teens and computer nuts, please get out of here.
>
> Thanks.
>
>

Recently? This list has always been like this... You must be new. STFU and
enjoy your stay :-)

-- 
ciao

JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-916-1] Kerberos vulnerabilities

[Kees Cook]

===
Ubuntu Security Notice USN-916-1 March 23, 2010
krb5 vulnerabilities
CVE-2010-0283, CVE-2010-0628
===

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  krb5-kdc1.7dfsg~beta3-1ubuntu0.5
  libgssapi-krb5-21.7dfsg~beta3-1ubuntu0.5

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Emmanuel Bouillon discovered that Kerberos did not correctly handle
certain message types.  An unauthenticated remote attacker could send
specially crafted traffic to cause the KDC to crash, leading to a denial
of service. (CVE-2010-0283)

Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz discovered
that Kerberos did not correctly handle certain GSS packets.  An
unauthenticated remote attacker could send specially crafted traffic
that would cause services using GSS-API to crash, leading to a denial
of service. (CVE-2010-0628)


Updated packages for Ubuntu 9.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.7dfsg~beta3-1ubuntu0.5.diff.gz
  Size/MD5:   109771 251d580217995b122a2e44c462c477c4

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.7dfsg~beta3-1ubuntu0.5.dsc
  Size/MD5: 1780 29d971fcd21f4a4d07b69c5da60ef6d3

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.7dfsg~beta3.orig.tar.gz
  Size/MD5: 12235083 5219bf9a5c23d6a1d9d9687b918f632d

  Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.7dfsg~beta3-1ubuntu0.5_all.deb
  Size/MD5:  2174480 cd74ab02997fc7a0b40be396af6b5d1c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   142316 85cbf145a99e160b917c60ce6df6c871

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssapi-krb5-2_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   114750 727cf2d7378bcb0a2cb2e8525152c136

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssrpc4_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:78944 5812796d8e9576949ca6590fba6076d6

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libk5crypto3_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   110550 b010e33f425668f01d68c88a9280a4fa

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5clnt6_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:61100 bbef0141968bc0abb06b40ccf398f03f

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5srv6_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:74662 b388197aab1a2159564fba5439267083

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkdb5-4_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:58856 7ebfa74e11e583428cdecc1562f2269c

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-3_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   354298 5c5ede84c4e0158161026a8c6db64a56

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:  1497276 5b9cf128382a6cb2e9edd1c43fbcf50e

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   101374 39f182f5a00d9f93d4922bbdc69a2376

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5support0_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:41954 4bf81b07f1a8136e635ec7ece590d101

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   109788 8b7f30ef636e7fab46d548de8142f572

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   218016 c5ddcb4f6d12d68c52938e1de49a4132

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:70928 63a146898e09513ddf275f44b8c3739f

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   111954 4f68125c3af4493a2ad2687be42a426d

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:   208416 aafee5ace7dc7c88ecdf1d02ff0d5ac2

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:72698 ec69fa68c460603f6afe86742b2a43a2

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.7dfsg~beta3-1ubuntu0.5_amd64.deb
  Size/MD5:86314 c1dc390b6248f0045abec8bee136e483

http://security.ubuntu.com/ubuntu/pool/unive

Re: [Full-disclosure] [WEB SECURITY] announcing skipfish, an automated web app security scanner

[NeZa]

Hey Michal,

Great!! effort and thanks for sharing.

Are you considering to implement "web macros" in near future for this tool?

So that you can manually crawl apps and fill out expected data (Captchas,
Credit Cards)  in order to do a thorough analysis.

As you know, sometimes a captcha or lack of valid information in the forms
break the app flow and therefore the web applications missed to test
important sections.

Let me know your thoughts.

On Fri, Mar 19, 2010 at 12:51 PM, Michal Zalewski wrote:

> Hi folks,
>
> I am happy to announce the availability of skipfish - our open-source,
> fully automated, active web application scanner. There are several
> things that probably make it interesting:
>
> 1) High speed: pure C code, highly optimized HTTP handling, minimal
> CPU footprint - easily achieving 2000 requests per second with
> responsive targets.
>
> 2) Ease of use: heuristics to support a variety of quirky web
> frameworks and mixed-technology sites, with automatic learning
> capabilities, on-the-fly wordlist creation, and form autocompletion.
>
> 3) Cutting-edge security logic: high quality, low false positive,
> differential security checks, capable of spotting a range of subtle
> flaws, including blind injection vectors.
>
> To download, please go to:
> http://code.google.com/p/skipfish
>
> Read more:
> http://code.google.com/p/skipfish/wiki/SkipfishDoc
>
> Cheers,
> /mz
>
>
> 
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>


-- 
NeZa
Hacker Wanna Be from Nezahualcoyotl
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities

[s2-security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities

Severity: Moderate

Vendor: SpringSource

Versions Affected:
SpringSource Hyperic HQ 4.2 pre-release versions
SpringSource Hyperic HQ 4.1.0 to 4.1.2
SpringSource Hyperic HQ 4.0.0 to 4.0.3
Earlier unsupported versions may also be affected

Summary:
Multiple fields are vulnerable to stored XSS.

Description:
Data retrieved from the database was used directly when forming the HTML 
output. This allowed an attacker to enter HTML in many of the input fields and 
have it used when the field was later displayed to a user. Data is now suitably 
encoded to make it safe for inclusion in HTML.

Mitigation:
Hyperic HQ Open Source users should upgrade to Hyperic HQ 4.2
Hyperic HQ Enterprise 4.1.x users may upgrade to Hyperic Enterprise 4.2 or 
4.1.2.1
Hyperic HQ Enterprise 4.0.x users may upgrade to Hyperic Enterprise 4.2 or 
4.0.3.2
Users of any earlier version should upgrade 4.2

Example:
Paste the following code into the description field:
alert("XSS Vulnerable")

Credit:
This vulnerability was discovered and reported to SpringSource by Aaron Kulick 
of CBS Interactive.

References:
http://www.springsource.com/security/hyperic-hq


The SpringSource Security Team
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0

iQIcBAEBAgAGBQJLqSfoAAoJECc+NjlVtVaxTmIP/1aEX8IK62sHc23F6P0ca4Cp
HkiUF+z2SJy06h8Ntq01ewoI9VoucWwo7VzdZo2iGtRezDKHD2uuxMCRgDCArNeZ
sjKRpZozeDPrWOBWe1YUP8shKltomi48oNS0N4mcVg3SQV4Lcu9dR9wppT0W/05C
1EqnJw75/36C187v1OhoiGDc1c+7V3aW2wndjhO6dgkBiigLd72kmx2zqux9kZWQ
0qpfqpTO3VxxUc0y47zNEDgI0e4q6iPL8NRvfcTdEI2cZNGWAEpWLeJW7fWAnsWd
T7b8ziRaQ1ZcHPUmp3CoCmGHGP/xOWhywYZXakuIJQpBUJ4ly46KicBWcHVExawR
KpQA8f5tZJyxHBn8PTxzz8+MYkwzhesyeHkKLcSfgO/0jfum+Ue1PMUIQQ682CQT
kEYkEKyUxIRxELaGiCTrpDdHp76MN/KzEl5DhgeOwhfd92M0U43twGNTL6xMOhbh
fdVEHL4tNeRcvX87mTk1vI0FtptGdsws1DDg2c1dP0fUFMTaySoK0oZG7cXr/NBt
xU/LYntxjuIQNj98eyPH9YjURGVII+0hcHY0WYVGI55dwxrtNj9Fb5UhiYuIIiQ/
woiLxIoIbW4bOfzlFEGPbn/TnpN8yzxJn36RbNU9i5hitTbLqBI9TERzM18hOFvj
+G0/W1h4a8IwgI2Fu59k
=NxoS
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2022-1] New mediawiki packages fix several vulnerabilities

[Nico Golde]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA-2022-1secur...@debian.org
http://www.debian.org/security/ Nico Golde
March 23th, 2010http://www.debian.org/security/faq
- --

Package: mediawiki
Vulnerability  : several
Problem type   : remote
Debian-specific: no
Debian bug : none
CVE ID : none assigned yet

Several vulnerabilities have been discovered in mediawiki, a web-based wiki
engine.  The following issues have been identified:

Insufficient input sanitization in the CSS validation code allows editors
to display external images in wiki pages.  This can be a privacy concern
on public wikis as it allows attackers to gather IP addresses and other
information by linking these images to a web server under their control.

Insufficient permission checks have been found in thump.php which can lead
to disclosure of image files that are restricted to certain users
(e.g. with img_auth.php).


For the stable distribution (lenny), this problem has been fixed in
version 1.12.0-2lenny4.

For the testing distribution (squeeze), this problem has been fixed in
version 1:1.15.2-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.15.2-1.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- 

Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4.dsc
Size/MD5 checksum: 1549 cdd8466f627db0d230059bea9dc3bffa
  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0.orig.tar.gz
Size/MD5 checksum:  7188806 117a1360f440883a51f0ebca32906ea0
  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4.diff.gz
Size/MD5 checksum:61443 fe024a07a1555b8aa813183b98de41da

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4_all.deb
Size/MD5 checksum:  7231304 ec3604e69ac212e506df83c93e8fec14

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_alpha.deb
Size/MD5 checksum:49794 92ea80eb2c975d2fa01e48385467eacd

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_amd64.deb
Size/MD5 checksum:   156990 4a889dd13d45f38b3594a2dd47e9b59e

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_arm.deb
Size/MD5 checksum:49258 93033e2a83ec4436b07648a20f53ff60

armel architecture (ARM EABI)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_armel.deb
Size/MD5 checksum:49226 2814b384dc142da907fa80ac1af1d32a

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_hppa.deb
Size/MD5 checksum:49774 29bfc18a66159684703604a192bc654a

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_i386.deb
Size/MD5 checksum:   138776 109b418d062e4b954b98386ac36240d7

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_ia64.deb
Size/MD5 checksum:49762 4eabbe35adb52e9b3c27ac3cebac3126

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_mipsel.deb
Size/MD5 checksum:49772 243c3c339a86ea1bbca7fa58192fd364

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_powerpc.deb
Size/MD5 checksum:   162814 82c66b11b70c174cc3b08e36cb4430be

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_s390.deb
Size/MD5 checksum:49246 7ffe72a079284372ae24c49e55b6170b

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_sparc.deb
Size/MD5 checksum:   158134 d96cefd805d0ced4b6477c244ebf

[Full-disclosure] Safari browser port blocking bypassed by integer overflow

[Gary Niger]

 g . o . a . t . s . e   s  . e . c . u . r . i . t . y 
  g . a . p . i . n . g   h . o . l . e . s  e . x . p . o . s . e . d
 http://security.goatse.fr/
   (323) 306-4576 


attention: due to technical limitations, this advisory cannot be displayed 
correctly. to view with images and video, visit the following page: 
http://encyclopediadramatica.com/Safari_XPS_Attack 
warning: some of the content on this link may offend you and your employer.

We at the Goatse Security labs have been delving into an old (but also new)
class of web exploits originally coined cross-protocol scripting, but now more
commonly referred to as inter-protocol exploitation. 

Goatse Security has a double feature for you, starting with a 0day vuln:

* Safari browser port blocking bypassed by integer overflow

and a technique that, as far as I know, has not been premiered before:

* XHR (XMLHttpRequest) as a vector for mail merging or wordlist attacks in
   XPS/IPE attacks

We're going to show you how these two methods combine like Voltron into a whole
much larger than its parts. At the end of this short advisory you will be able
to take any Safari web browser and make it a spam drone, a wordlist-based logon
cracker for networks, or a relay for payloads to arbitrary daemons. You will be
able to do all of this without passing any shellcode or alerting any IDS to
compromise. 

Let's cover the bug.

First, I would like to give credit to my cat, Gary C. Berries, as the initial
researcher to uncover this bug. Without my cat's assistance as an enterprise
class keyboard-based integer fuzzer this vulnerability would have been left 
unearthed.

Apple is going to learn several lessons here, the most important of which is 
probably not to let an unsigned short pose as anything other than an unsigned 
short. Open up a Safari browser on your favorite chode-sniffing operating 
system. Go to a "banned" port like 25 and you'll get an error:

___Not allowed to use restricted network port___ (WebKitErrorDomain:103) 

Add 65536 to 25 to make 65561 and revisit the site on this new port-- no such
cockblocking. You're good to go. You can now use the Safari web browser as a
device to hit any port on any address with a cross-protocol scripting attack.

HOWTO video! http://vimeo.com/10302434

List of Webkit-based browsers found to be affected:
OS X Safari
iPhone/iPod Safari
iPad Safari (confirmed with iPad Simulator in SDK 3.2 beta 4 w/ XCode 3.2.2)
Arora
iCab
OmniWeb
Stainless

The only Webkit-based browser found to not be vulnerable:
Google Chrome

For all Apple's talk of "think different" the only one actually doing so in
regards to browser security is Google. XSS, XPS/IPE, all the traditional
methods fail against Chrome. Google, I don't even care that you are the most
ruthlessly evil corporation in existence anymore. Your stuff just works. You
had me sold at functional reliability. There was a time in my life that I had
large concern about corporate ethics. Now I know that all corporations are
evil. Some more than others. The one who is evil and smart will only ruin you
with malice, where the one that is evil and stupid can ruin you out of both
malice and out of sheer incompetence.

To give this exploit a little of that "je ne sais quoi", we need to come up 
with a good attack vector. Now we're going to show you how Apple didn't just
unearth a decade-old vulnerability and make it viable again a la Microsoft, it
actually becomes more viable to exploit in this new generation than it was at
the time of its inception. When cross-protocol scripting was born, Javascript
was pretty young. There wasn't a whole lot you could do with it then--any bits
of Javascript now called AJAX wouldn't be a cross-browser standard until 2004.

So I looked at this integer overflow and I thought to myself what exactly I'd 
find this useful for. The answers I came up with were:

* Getting idiot Mac-using creative people at bulk mailing companies to click
   on links which spew SMTP envelopes at their internal mailserver, thereby
   utilizing someone else's email reputation to send CPA offers of my own.
* Bruteforcing device passwords via a wordlist and then phoning home
* Reflashing network devices with firmware more fun than the factory default
* Relay exploit payloads to non-HTTP daemons on arbitrary TCP ports
* Get a Safari web browser to do pretty much anything on any TCP port and not
   have any current IDS/IPS in existence be any wiser for it.

We summarily implemented all of these things, but I'm going to show you how to
do the first one since the code is trivially altered to do many of the others.
Also because it is the most fun and easy way to monetize this particular vuln,
and I'm hoping other people will make use of it before Apple patches!

(The best part of our first cross-protocol scripting PoC release:
http://encyclopediadramatica.com/Firefox_XPS_IRC_Attack
was seeing 

Re: [Full-disclosure] Voting for bans

[Clement Gamé]

> Yep, with a large amount of that being from narcissists that just
> *have* to get their jokes or jibes in and can't either ignore him or,
> better yet, just hit delete.
>
>   
>> He is struggling for reactions on his topics, and he will always get some
>> reactions (Yes, even if I don't respond). The noise in the last days was
>> terrible.
>> 
>
> Yes it has been. Again, though, it's been mostly from folks that want
> to get in their snide comments or make themselves look good with their
> jabs and pokes; the signal level would again go up if they'd let it
> rest and just hit delete.
>
>   
Yes, we all want to shine in society and be loved and venerated among 
our peers..in short we're constantly seeking for approval.
This is how the world works and you know what ? you're not an exception 
dude !


>> We have the freedom to ban him from your inboxes. Let's do it!
>> 
>
> Like I said, kill-file. It really does work.
>
> Seriously, Jan, I do understand where you're coming from but banning
> account after account does no good in a world of unlimited email
> accounts. What *does* work is to let someone post at will and simply
> ignoring what you don't want to reply to. The problem isn't that we
> have one person that posts a ton of crud, it's that we have one person
> that posts and fifty that insist on commenting about how it's crud -
> and then continue to harp about how that single poster needs to go
> away when he replies to each of them.
>
> kmw
>
>   


-- 
Clément Gamé
CEO

digi-nation.com S.A.R.L
1 rue carnot
95300 Pontoise
France
+33.6.73.65.17.47

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Voting for bans

[McGhee, Eddie]

this isn't a democracy, add a filter and be quiet, your just giving him more 
ammo with threads like this



From: full-disclosure-boun...@lists.grok.org.uk 
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Jan G.B.
Sent: 23 March 2010 15:18
To: full-disclosure
Subject: [Full-disclosure] Voting for bans

Hi FD,

let's face it: "Andrew Wallace" a.k.a. "netd3v", also appearing as "James O' 
Hare" is back on the list.
We all know that the email address he used to use is banned. We also know that 
our inboxes are filled with crap since he returned some weeks ago.

What can we do?

Not much. He showed us several times, that "talking" to him makes no sense.
He is struggling for reactions on his topics, and he will always get some 
reactions (Yes, even if I don't respond). The noise in the last days was 
terrible.
So my proposal is that we vote to ban his new address 
jamesohar...@googlemail.com
We can (and should!) ban all his future addresses upon recognition, unless he 
comes back with a new persona (which is quite unlikely).

We have the freedom to ban him from your inboxes. Let's do it!

Regards,
Jan




Off-Topic:
Anyone still has a link/picture to the defcon stickers from 2008? (was it 
2008?) I would prefer a good resolution so that I can print it out and hang it 
in the office.
All I found was this one, on a shirt, which isn't so good for my office wall 
because of hotness: http://img142.imageshack.us/i/n3td3vsuxft5.jpg/
and this shirt .. http://img92.imageshack.us/i/backeh7.jpg/
and the related song ...
Feel free to send it (Image, Link to Image) to me privately - please don't 
annoy the whole list on that subject. ;)

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[sunjester]

Wow, this topic was dumb. I'm glad i could add to it.

-- 
Founder/Activist/Freelance Developer
http://fusecurity.com/ | "Free Security Technology"
http://www.rentacoder.com/ | http://www.freelancer.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Voting for bans

[Kevin Wilcox]

On 23 March 2010 11:18, Jan G.B.  wrote:

> We all know that the email address he used to use is banned.

Yep

> We also know that our inboxes are filled with crap since he returned some 
> weeks ago.

Yep, with a large amount of that being from narcissists that just
*have* to get their jokes or jibes in and can't either ignore him or,
better yet, just hit delete.

> What can we do?

Kill-file.

> Not much. He showed us several times, that "talking" to him makes no sense.

Kill-file or ignore. It works, and it works for *anyone* you don't
want to deal with. It's great.

> He is struggling for reactions on his topics, and he will always get some
> reactions (Yes, even if I don't respond). The noise in the last days was
> terrible.

Yes it has been. Again, though, it's been mostly from folks that want
to get in their snide comments or make themselves look good with their
jabs and pokes; the signal level would again go up if they'd let it
rest and just hit delete.

> We have the freedom to ban him from your inboxes. Let's do it!

Like I said, kill-file. It really does work.

Seriously, Jan, I do understand where you're coming from but banning
account after account does no good in a world of unlimited email
accounts. What *does* work is to let someone post at will and simply
ignoring what you don't want to reply to. The problem isn't that we
have one person that posts a ton of crud, it's that we have one person
that posts and fifty that insist on commenting about how it's crud -
and then continue to harp about how that single poster needs to go
away when he replies to each of them.

kmw

-- 
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Voting for bans

[Jan G.B.]

Hi FD,

let's face it: "Andrew Wallace" a.k.a. "netd3v", also appearing as "James O'
Hare" is back on the list.
We all know that the email address he used to use is banned. We also know
that our inboxes are filled with crap since he returned some weeks ago.

What can we do?

Not much. He showed us several times, that "talking" to him makes no sense.
He is struggling for reactions on his topics, and he will always get some
reactions (Yes, even if I don't respond). The noise in the last days was
terrible.
So my proposal is that we vote to ban his new address
jamesohar...@googlemail.com
We can (and should!) ban all his future addresses upon recognition, unless
he comes back with a new persona (which is quite unlikely).

We have the freedom to ban him from your inboxes. Let's do it!

Regards,
Jan




Off-Topic:
Anyone still has a link/picture to the defcon stickers from 2008? (was it
2008?) I would prefer a good resolution so that I can print it out and hang
it in the office.
All I found was this one, on a shirt, which isn't so good for my office wall
because of hotness: http://img142.imageshack.us/i/n3td3vsuxft5.jpg/
and this shirt .. http://img92.imageshack.us/i/backeh7.jpg/
and the related song ...
Feel free to send it (Image, Link to Image) to me privately - please don't
annoy the whole list on that subject. ;)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[james o' hare]

On Tue, Mar 23, 2010 at 3:00 PM, James Rankin  wrote:
> Can we get this smacked-up Scottish fruitcake on the banned list again?

Why for asking The Mossad not to clone our passports on the same day
they've been banned from the UK?

Andrew

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[James Rankin]

Can we get this smacked-up Scottish fruitcake on the banned list again? He
was laughably ridiculous years ago, but the routine wore out a long time
back.  And don't bother battering your keyboard at me n3tty, I'm adding all
your stupid new aliases to the block list as I speak.

On 23 March 2010 14:19, james o' hare  wrote:

> On Tue, Mar 23, 2010 at 2:07 PM,   wrote:
> > Please, STOP !!!
>
> ...cloning our passports.
>
> Andrew
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question."
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2010:065 ] cpio

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2010:065
 http://www.mandriva.com/security/
 ___

 Package : cpio
 Date: March 23, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
   Enterprise Server 5.0, Multi Network Firewall 2.0
 ___

 Problem Description:

 A vulnerability has been found and corrected in cpio and tar:
 
 Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c
 in the rmt client functionality in GNU tar before 1.23 and GNU cpio
 before 2.11 allows remote rmt servers to cause a denial of service
 (memory corruption) or possibly execute arbitrary code by sending more
 data than was requested, related to archive filenames that contain a :
 (colon) character (CVE-2010-0624).
 
 The Tar package as shipped with Mandriva Linux is not affected
 by this vulnerability, but it was patched nonetheless in order to
 provide additional security to customers who recompile the package
 while having the rsh package installed.
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624
 ___

 Updated Packages:

 Mandriva Linux 2008.0:
 56cdfb4e12affc6594049570fb8d35ce  2008.0/i586/cpio-2.9-2.2mdv2008.0.i586.rpm
 705c2df54a9920908909423da574b32d  2008.0/i586/tar-1.18-1.2mdv2008.0.i586.rpm 
 596789a93702aecd07562281c9d48f78  2008.0/SRPMS/cpio-2.9-2.2mdv2008.0.src.rpm
 b1a645b471280fa0e51c38aedfa504aa  2008.0/SRPMS/tar-1.18-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 d7eaf79ca34d67b5f152372813254cb1  
2008.0/x86_64/cpio-2.9-2.2mdv2008.0.x86_64.rpm
 2c97f01252660e80b9d00b7ebd7815e5  
2008.0/x86_64/tar-1.18-1.2mdv2008.0.x86_64.rpm 
 596789a93702aecd07562281c9d48f78  2008.0/SRPMS/cpio-2.9-2.2mdv2008.0.src.rpm
 b1a645b471280fa0e51c38aedfa504aa  2008.0/SRPMS/tar-1.18-1.2mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 a3058108cddda8dde95b20b9be7d2aae  2009.0/i586/cpio-2.9-5.1mdv2009.0.i586.rpm
 8af041a2f14d3ea6761eb1ec77fa4964  2009.0/i586/tar-1.20-7.1mdv2009.0.i586.rpm 
 93f6cecaa13c9b3495721592305e1339  2009.0/SRPMS/cpio-2.9-5.1mdv2009.0.src.rpm
 a755272047ac5cb179a5c294057154cd  2009.0/SRPMS/tar-1.20-7.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 ab93a4d266e37076e233aa2367a8c478  
2009.0/x86_64/cpio-2.9-5.1mdv2009.0.x86_64.rpm
 67ed3f23bcc8a8b633cbd8c8d7b9516b  
2009.0/x86_64/tar-1.20-7.1mdv2009.0.x86_64.rpm 
 93f6cecaa13c9b3495721592305e1339  2009.0/SRPMS/cpio-2.9-5.1mdv2009.0.src.rpm
 a755272047ac5cb179a5c294057154cd  2009.0/SRPMS/tar-1.20-7.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 2d0eeca73eb44a8c7e41c50fd4c20add  2009.1/i586/cpio-2.9-6.1mdv2009.1.i586.rpm
 3cff4bb92b1ca2e074e1382f555bf7bc  2009.1/i586/tar-1.21-2.1mdv2009.1.i586.rpm 
 b5be5792c0e7e74eae6c373a40dd  2009.1/SRPMS/cpio-2.9-6.1mdv2009.1.src.rpm
 a5ed5628ea098b1687cd432aff6adb38  2009.1/SRPMS/tar-1.21-2.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 d15356d257890237b4176c3206f03b4d  
2009.1/x86_64/cpio-2.9-6.1mdv2009.1.x86_64.rpm
 edd4211deb588b7b649606e8585bd15a  
2009.1/x86_64/tar-1.21-2.1mdv2009.1.x86_64.rpm 
 b5be5792c0e7e74eae6c373a40dd  2009.1/SRPMS/cpio-2.9-6.1mdv2009.1.src.rpm
 a5ed5628ea098b1687cd432aff6adb38  2009.1/SRPMS/tar-1.21-2.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 bbe43728f9f8db2ceabba5dcb375e4a7  2010.0/i586/cpio-2.10-1.1mdv2010.0.i586.rpm
 d5f150a07bf5fb6e6918b49f80742031  2010.0/i586/tar-1.22-2.1mdv2010.0.i586.rpm 
 f3379cc3d9787bda215d08dd56d33e3c  2010.0/SRPMS/cpio-2.10-1.1mdv2010.0.src.rpm
 d6f6ed62e6c1cc2bf1761408427ff0a1  2010.0/SRPMS/tar-1.22-2.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 9bbaba5025e46793b44503684fe963a3  
2010.0/x86_64/cpio-2.10-1.1mdv2010.0.x86_64.rpm
 965f38e0f6d386e02d6a174f84871dd9  
2010.0/x86_64/tar-1.22-2.1mdv2010.0.x86_64.rpm 
 f3379cc3d9787bda215d08dd56d33e3c  2010.0/SRPMS/cpio-2.10-1.1mdv2010.0.src.rpm
 d6f6ed62e6c1cc2bf1761408427ff0a1  2010.0/SRPMS/tar-1.22-2.1mdv2010.0.src.rpm

 Corporate 4.0:
 f614d9c66ae80c195bff9126e1755284  
corporate/4.0/i586/cpio-2.6-5.2.20060mlcs4.i586.rpm
 2ab8ec94b6e698122a2965bc942f4507  
corporate/4.0/i586/tar-1.15.1-5.5.20060mlcs4.i586.rpm 
 3ea902eef3045f53fc5731cd7d2ae9bd  
corporate/4.0/SRPMS/cpio-2.6-5.2.20060mlcs4.src.rpm
 c4eb72165f7f6e82b8fa1e61f03ae8d8  
corporate/4.0/SRPMS/tar-1.15.1-5.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 459a97a9a72f94a331f71a3ab7364d73  
corporate/4.0/x86_64/cpio-2.6-5.2.20060mlcs4.x86_64.rpm
 f6f389f792d26da8599ca3f52337bfda  
corporate/4.0/x86_64/tar-1.15.1-5.5.20060mlcs4.x86_64.

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[news]

Could you please stop all this fucking noise ?
On such a mailing-list people want to read of technical facts, not all
this shit that has been polluting the list recently.
Retarted teens and computer nuts, please get out of here.

Thanks.

On Tue, 23 Mar 2010 07:48:41 -0500, RandallM  wrote:
> You kids would be ashamed of you. If they acted like this in class
> you'd whoop'em.
> 
> 
> 
> On Tue, Mar 23, 2010 at 7:00 AM,
>  wrote:
>> Send Full-Disclosure mailing list submissions to
>>        full-disclos...@lists.grok.org.uk
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
>> or, via email, send a message with subject or body 'help' to
>>        full-disclosure-requ...@lists.grok.org.uk
>>
>> You can reach the person managing the list at
>>        full-disclosure-ow...@lists.grok.org.uk
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Full-Disclosure digest..."
>>
>>
>> Note to digest recipients - when replying to digest posts, please trim
>> your post appropriately. Thank you.
>>
>>
>> Today's Topics:
>>
>>   1. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (Christian Sciberras)
>>   2. Re: The feeling of being followed is horrible.    Need freedom
>>      from survellience. Please god help. (Christian Sciberras)
>>   3. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (james o' hare)
>>   4. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (Christian Sciberras)
>>   5. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (valdis.kletni...@vt.edu)
>>   6. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (james o' hare)
>>   7. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (Benji)
>>   8. [ MDVSA-2010:063 ] libpng (secur...@mandriva.com)
>>   9. [HITB-Announce] HITBSecConf2009 - Malaysia Videos Released!
>>      (Hafez Kamal)
>>  10. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (Dan Yefimov)
>>  11. Vulnerability Astaro Security Linux v5
>>      (Mehdi Mahdjoub - Sysdream IT Security Services)
>>  12. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (Jan G.B.)
>>  13. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>>      TAKEDOWN (Christian Sciberras)
>>  14. CSI Computer Crime and Security Survey 2009 (Jonathan Leigh)
>>  15. Vulnerabilities in CaptchaSecurityImages (MustLive)
>>  16. Re: China denounces Google 'US ties' (Jan G.B.)
>>
>>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[Jan G.B.]

2010/3/23 james o' hare 

> On Tue, Mar 23, 2010 at 11:13 AM, Jan G.B. 
> wrote:
> > Full disclosure is not a blog where you're supposed to paste news you may
> > find interesting.
> > We don't need a BBC echo here. So get (this) off the list.
> > Thanks
>
> It was hacker cyber attack intelligence government related though.
>
> Andrew
>
> I repeat for you: We don't need a BBC echo here. Is it so hard to
understand?
Did it work now? Great. On to the next level:
This is not a Blog where you're supposed to paste the work of others.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[james o' hare]

On Tue, Mar 23, 2010 at 2:07 PM,   wrote:
> Please, STOP !!!

...cloning our passports.

Andrew

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[news]

Please, STOP !!!

On Tue, 23 Mar 2010 14:05:27 +, "james o' hare"
 wrote:
> On Tue, Mar 23, 2010 at 1:56 PM,   wrote:
>> On Tue, 23 Mar 2010 13:39:26 -, "james o' hare" said:
>>> On Tue, Mar 23, 2010 at 11:13 AM, Jan G.B. 
>>> wrote:
>>> > Full disclosure is not a blog where you're supposed to paste news
you
>>> > may
>>> > find interesting.
>>> > We don't need a BBC echo here. So get (this) off the list.
>>> > Thanks
>>>
>>> It was hacker cyber attack intelligence government related though.
>>
>> Besides which, we know Andrew didn't even post it - if it was the
*real*
>> Andrew, he'd have found a way to involve Mossad in it.
>>
> 
> Valdis you spoke too soon:
> 
> The UK is to expel an Israeli diplomat over the use of 12 cloned
> British passports in the Dubai murder of a Hamas leader, the BBC has
> learned.
> 
> BBC Middle East editor Jeremy Bowen said the person to be expelled is
> likely to be the London head of Israel's secret service, Mossad.
> 
> http://news.bbc.co.uk/1/hi/uk/8582518.stm
> 
> Andrew
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[james o' hare]

On Tue, Mar 23, 2010 at 1:56 PM,   wrote:
> On Tue, 23 Mar 2010 13:39:26 -, "james o' hare" said:
>> On Tue, Mar 23, 2010 at 11:13 AM, Jan G.B.  wrote:
>> > Full disclosure is not a blog where you're supposed to paste news you may
>> > find interesting.
>> > We don't need a BBC echo here. So get (this) off the list.
>> > Thanks
>>
>> It was hacker cyber attack intelligence government related though.
>
> Besides which, we know Andrew didn't even post it - if it was the *real*
> Andrew, he'd have found a way to involve Mossad in it.
>

Valdis you spoke too soon:

The UK is to expel an Israeli diplomat over the use of 12 cloned
British passports in the Dubai murder of a Hamas leader, the BBC has
learned.

BBC Middle East editor Jeremy Bowen said the person to be expelled is
likely to be the London head of Israel's secret service, Mossad.

http://news.bbc.co.uk/1/hi/uk/8582518.stm

Andrew

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[Valdis . Kletnieks]

On Tue, 23 Mar 2010 13:39:26 -, "james o' hare" said:
> On Tue, Mar 23, 2010 at 11:13 AM, Jan G.B.  wrote:
> > Full disclosure is not a blog where you're supposed to paste news you may
> > find interesting.
> > We don't need a BBC echo here. So get (this) off the list.
> > Thanks
> 
> It was hacker cyber attack intelligence government related though.

Besides which, we know Andrew didn't even post it - if it was the *real*
Andrew, he'd have found a way to involve Mossad in it.



pgpCfnBtaJzPD.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[james o' hare]

On Tue, Mar 23, 2010 at 11:13 AM, Jan G.B.  wrote:
> Full disclosure is not a blog where you're supposed to paste news you may
> find interesting.
> We don't need a BBC echo here. So get (this) off the list.
> Thanks

It was hacker cyber attack intelligence government related though.

Andrew

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2010:064 ] libpng

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2010:064
 http://www.mandriva.com/security/
 ___

 Package : libpng
 Date: March 23, 2010
 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 ___

 Problem Description:

 A vulnerability has been found and corrected in libpng:
 
 The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before
 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly
 handle compressed ancillary-chunk data that has a disproportionately
 large uncompressed representation, which allows remote attackers to
 cause a denial of service (memory and CPU consumption, and application
 hang) via a crafted PNG file, as demonstrated by use of the deflate
 compression method on data composed of many occurrences of the same
 character, related to a decompression bomb attack (CVE-2010-0205).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
 ___

 Updated Packages:

 Mandriva Linux 2009.0:
 e0f5c5c179b1224d99f6b16b718069b1  
2009.0/i586/libpng3-1.2.31-2.2mdv2009.0.i586.rpm
 5e5e6ec06e5d5997d82b1780c6e364e1  
2009.0/i586/libpng-devel-1.2.31-2.2mdv2009.0.i586.rpm
 48c2108e471923710e8ac01d7984df3a  
2009.0/i586/libpng-source-1.2.31-2.2mdv2009.0.i586.rpm
 24e60615f07e3310091b96db44821b55  
2009.0/i586/libpng-static-devel-1.2.31-2.2mdv2009.0.i586.rpm 
 148ad37542ef79c0ed97be519be0478d  
2009.0/SRPMS/libpng-1.2.31-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 0a76c1bbd16c3ff1e23027aeba6dbb70  
2009.0/x86_64/lib64png3-1.2.31-2.2mdv2009.0.x86_64.rpm
 8e01630ee7eb85327dc226632b535ffd  
2009.0/x86_64/lib64png-devel-1.2.31-2.2mdv2009.0.x86_64.rpm
 ed2d30ab62de27e52052fc2bd5958540  
2009.0/x86_64/lib64png-static-devel-1.2.31-2.2mdv2009.0.x86_64.rpm
 363e0b340727539dab6765b89660fb43  
2009.0/x86_64/libpng-source-1.2.31-2.2mdv2009.0.x86_64.rpm 
 148ad37542ef79c0ed97be519be0478d  
2009.0/SRPMS/libpng-1.2.31-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 eb835d104959137d6ca68071e8f55fc6  
2009.1/i586/libpng3-1.2.35-1.1mdv2009.1.i586.rpm
 c0154024cdcfa2d9fb221e2f4483546c  
2009.1/i586/libpng-devel-1.2.35-1.1mdv2009.1.i586.rpm
 22ec75a046bd10bfa69afa223e651357  
2009.1/i586/libpng-source-1.2.35-1.1mdv2009.1.i586.rpm
 2ddcfacf2b6dfa6bf873ffb49bbec43e  
2009.1/i586/libpng-static-devel-1.2.35-1.1mdv2009.1.i586.rpm 
 d28bd0a3c425381e441c0c1d4202ee3d  
2009.1/SRPMS/libpng-1.2.35-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 c9eec8bdd1b1a2aea33a9e5f8dfdc05e  
2009.1/x86_64/lib64png3-1.2.35-1.1mdv2009.1.x86_64.rpm
 36436b03497287eefe7011cfc4b69ab5  
2009.1/x86_64/lib64png-devel-1.2.35-1.1mdv2009.1.x86_64.rpm
 810be607e4dcc0c1e6157dd0281b3122  
2009.1/x86_64/lib64png-static-devel-1.2.35-1.1mdv2009.1.x86_64.rpm
 948e22de64093275c10dbd781cde02ed  
2009.1/x86_64/libpng-source-1.2.35-1.1mdv2009.1.x86_64.rpm 
 d28bd0a3c425381e441c0c1d4202ee3d  
2009.1/SRPMS/libpng-1.2.35-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 50a03f5191cc9383c09ef152fa6ebb8c  
2010.0/i586/libpng3-1.2.40-1.1mdv2010.0.i586.rpm
 6a528114a5d5cf86c684a179f5ee36b8  
2010.0/i586/libpng-devel-1.2.40-1.1mdv2010.0.i586.rpm
 9a1154491d80af5ced9a02e37947bf2c  
2010.0/i586/libpng-source-1.2.40-1.1mdv2010.0.i586.rpm
 fb0671ad70f8202f32c7566d08070a8c  
2010.0/i586/libpng-static-devel-1.2.40-1.1mdv2010.0.i586.rpm 
 5911cb03cac15875905c17214463ab65  
2010.0/SRPMS/libpng-1.2.40-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 08e10e44a82ca8df8c6586bf07d3b6ce  
2010.0/x86_64/lib64png3-1.2.40-1.1mdv2010.0.x86_64.rpm
 224425aa77a35bd3233c89613562fe7e  
2010.0/x86_64/lib64png-devel-1.2.40-1.1mdv2010.0.x86_64.rpm
 2682dae8ecdb43af20aadea093d3f03d  
2010.0/x86_64/lib64png-static-devel-1.2.40-1.1mdv2010.0.x86_64.rpm
 be6b483916a098489e41d13bf2f98d63  
2010.0/x86_64/libpng-source-1.2.40-1.1mdv2010.0.x86_64.rpm 
 5911cb03cac15875905c17214463ab65  
2010.0/SRPMS/libpng-1.2.40-1.1mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 cb7196e7825b553e2414b76e236abf36  mes5/i586/libpng3-1.2.31-2.2mdvmes5.i586.rpm
 909211c1ac708b89b790e75261ac27b4  
mes5/i586/libpng-devel-1.2.31-2.2mdvmes5.i586.rpm
 5216e2e783fee0043ccf34c84db096fd  
mes5/i586/libpng-source-1.2.31-2.2mdvmes5.i586.rpm
 321d36768502ddfb1b90086b6204a670  
mes5/i586/libpng-static-devel-1.2.31-2.2mdvmes5.i586.rpm 
 b2e5c72d1cc33ec0e53b36a590cafa35  mes5/SRPMS/libpng-1.2.31-2.2mdv2009.0.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 457da1eac0895ee795e2076d46e723d6  
mes5/x86_64/lib64png3-1.2.31-2.2mdvmes5.x86_64.rpm
 80a132428cc6638972263f7f92fef9da  
mes5/x86_64/lib64png-dev

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[RandallM]

You kids would be ashamed of you. If they acted like this in class
you'd whoop'em.



On Tue, Mar 23, 2010 at 7:00 AM,
 wrote:
> Send Full-Disclosure mailing list submissions to
>        full-disclos...@lists.grok.org.uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>        full-disclosure-requ...@lists.grok.org.uk
>
> You can reach the person managing the list at
>        full-disclosure-ow...@lists.grok.org.uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim your 
> post appropriately. Thank you.
>
>
> Today's Topics:
>
>   1. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (Christian Sciberras)
>   2. Re: The feeling of being followed is horrible.    Need freedom
>      from survellience. Please god help. (Christian Sciberras)
>   3. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (james o' hare)
>   4. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (Christian Sciberras)
>   5. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (valdis.kletni...@vt.edu)
>   6. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (james o' hare)
>   7. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (Benji)
>   8. [ MDVSA-2010:063 ] libpng (secur...@mandriva.com)
>   9. [HITB-Announce] HITBSecConf2009 - Malaysia Videos Released!
>      (Hafez Kamal)
>  10. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (Dan Yefimov)
>  11. Vulnerability Astaro Security Linux v5
>      (Mehdi Mahdjoub - Sysdream IT Security Services)
>  12. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (Jan G.B.)
>  13. Re: WINDOWS KERNEL SOURCE LEAK GET IT NOW B4      INEVITABLE
>      TAKEDOWN (Christian Sciberras)
>  14. CSI Computer Crime and Security Survey 2009 (Jonathan Leigh)
>  15. Vulnerabilities in CaptchaSecurityImages (MustLive)
>  16. Re: China denounces Google 'US ties' (Jan G.B.)
>
>


-- 
been great, thanks
RandyM
a.k.a System

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[un-encumbered]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I think someone should start a list to police the proper use of
TLD's as per RFC 1591. Because I know half of you aren't Commercial
entities!
Also the list should also enforce using a real name for an email
address, and not signing by another.
And BTW whats up with tagging numbers at the end, there is no
mention of that in the RFC..
Oh I missed this the list had been to quiet and civil lately.

Oh and on last one...
'Your mother was a hamster and your father smelt of elderberries!'
'I fart in your general direction.'
'and now for something completely different' ...
Well maybe three.

Thanks I'll be here all week and don't forget to tip your waitress.

On Mon, 22 Mar 2010 18:08:06 -0400 james o' hare
 wrote:
>On Mon, Mar 22, 2010 at 9:51 PM, Christian Sciberras
> wrote:
>> Or you should get a .edu or .gov like all of us have!
>
>If everyone post on their .edu, .gov you would alienate everyone
>else
>who doesn't have one.
>
>That's why its an *idea* for Valdis to jump on an ordinary email
>address and conform with internet social norms.
>
>Andrew
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkuor6EACgkQu+chgrudYB1SHAQAhb6SK/uVFXIvbcSVgModw5Jidanb
mlVJ0+nixHvJxu3c276LFuLDpFZkdOgs8fyMYZxys0Tuwf4EW8uPmNZodfgb8CrpTTPr
PGG7Hd0XrSkQDqWZt/lcoWB7wHamoOIubwknj7ziq3SxNBwNLqqXLXsQB+8GWA6u3m5Z
05CW1aY=
=L4JR
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] China denounces Google 'US ties'

[Jan G.B.]

Full disclosure is not a blog where you're supposed to paste news you may
find interesting.
We don't need a BBC echo here. So get (this) off the list.

Thanks

2010/3/21 james o' hare 

> Google provides US intelligence agencies with a record of its search
> engine results, the state-run news agency Xinhua said.
>
> It also accused Google of trying to change Chinese society by imposing
> American values on it.
>
> Google denied that it was influenced by the US government, a
> spokesperson for the company was quoted as saying by AP.
>
> "Google's high-level officials have intricate ties with the US
> government. It is also an open secret that some security experts in
> the Pentagon are from Google", reporters from Xinhua wrote in a
> commentary.
>
> http://news.bbc.co.uk/1/hi/world/asia-pacific/8578968.stm
>
> It is well known that The NSA have partnered up with Google and have
> refused EPIC the details of the deal, I think we should listen to what
> The Chinese are telling us.
>
> http://epic.org/2010/02/epic-seeks-records-on-google-n.html
>
> Andrew
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Vulnerabilities in CaptchaSecurityImages

[MustLive]

Hello Full-Disclosure!

I want to warn you about security vulnerabilities in CaptchaSecurityImages.
It's captcha script which is using at many web sites and engines.

-
Advisory: Vulnerabilities in CaptchaSecurityImages
-
URL: http://websecurity.com.ua/4043/
-
Timeline:
06.10.2007 - found Insufficient Anti-automation vulnerability, during
conducting of my project Month of Bugs in Captchas
(http://websecurity.com.ua/category/mobic/).
17.09.2009 - found Denial of Service vulnerability.
17.03.2010 - disclosed at my site.
18.03.2010 - informed developers.
-
Details:

These are Insufficient Anti-automation and Denial of Service
vulnerabilities.

Insufficient Anti-automation:

Parameters characters, width and height fall under manipulation in the
captcha. They can be set in such way, that will allow easy bypass of the
captcha via half-automated or automated (with using of OCR) methods. And in
some systems (http://websecurity.com.ua/4046/) it's also possible to use
session reusing with constant captcha bypass method.

http://site/CaptchaSecurityImages.php?width=150&height=100&characters=2

In that way it's possible to set two characters and increase the size of the
captcha.

DoS:

http://site/CaptchaSecurityImages.php?width=1000&height=9000

With setting of large values of width and height it's possible to create
large load at the server.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CSI Computer Crime and Security Survey 2009

[Jonathan Leigh]

Does anyone know where one can find a copy of the "CSI Computer Crime 
and Security Survey 2009"? Or does anyone have a copy of this they could 
send me for academic use?

Thank you,
Dantevios

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[Christian Sciberras]

Pity we do not have an easy way to change topic titles.

I would rename this one "lobbying against Valdis' .edu email - pros and cons"

;-)


On Tue, Mar 23, 2010 at 10:35 AM, Jan G.B.  wrote:
> 2010/3/22 james o' hare 
>>
>> On Mon, Mar 22, 2010 at 9:51 PM, Christian Sciberras 
>> wrote:
>> > Or you should get a .edu or .gov like all of us have!
>>
>> If everyone post on their .edu, .gov you would alienate everyone else
>> who doesn't have one.
>>
>> That's why its an *idea* for Valdis to jump on an ordinary email
>> address and conform with internet social norms.
>>
>> Andrew
>>
>
> Thanks for sharing your thoughts and contributing essential information and
> intelligence with the world.
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[Jan G.B.]

2010/3/22 james o' hare 

> On Mon, Mar 22, 2010 at 9:51 PM, Christian Sciberras 
> wrote:
> > Or you should get a .edu or .gov like all of us have!
>
> If everyone post on their .edu, .gov you would alienate everyone else
> who doesn't have one.
>
> That's why its an *idea* for Valdis to jump on an ordinary email
> address and conform with internet social norms.
>
> Andrew
>
>
Thanks for sharing your thoughts and contributing essential information and
intelligence with the world.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Vulnerability Astaro Security Linux v5

[Mehdi Mahdjoub - Sysdream IT Security Services]

Program  : Astaro Security Linux v5
PoC  : XSS
Homepage : http://www.astaro.com/
Found by : Vincent Hautot
Contact  : v.hautot () sysdream com

//- Application description

Astaro Security Linux is a complete network security solution that
protects organizations against a wide range of threats to security
and productivity.


//- Description of vulnerability

This Xss was found on index.fpl page in the login form. Usig this flaw
it is possible to execute Javascript code.
Posting using multipart/form-data does not work ; use this data instead:

username...@fucking.mail&password=DTC&SID=>">alert("XSS !!!")
&cur_width=1&window_height=700&id=0121&jaction=none&frameset=active&new_id=0


//- Credits

http://www.sysdream.com/article.php?story_id=326§ion_id=78


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/