[Full-disclosure] NEW VMSA-2014-0002 VMware vSphere updates to third party libraries

["VMware Security Response Center"]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- ---
VMware Security Advisory

Advisory ID: VMSA-2014-0002
Synopsis:VMware vSphere updates to third party libraries 
Issue date:  2014-03-11
Updated on:  2014-03-11 (initial advisory)
CVE numbers: --NTP ---
 CVE-2013-5211
 --glibc (service console) ---
 CVE-2013-4332
 --JRE--
 See references
- ---

1. Summary

   VMware has updated vSphere third party libraries.

2. Relevant releases

   vCenter Server Appliance 5.5 prior to 5.5 Update 1 

   VMware vCenter Server 5.5 prior 5.5 Update 1

   VMware Update Manager 5.5 prior 5.5 Update 1

   VMware ESXi 5.5 without patch ESXi550-201403101-SG

3. Problem Description

   a. DDoS vulnerability in NTP third party libraries

  The NTP daemon has a DDoS vulnerability in the handling of the
  "monlist" command. An attacker may send a forged request to a
  vulnerable NTP server resulting in an amplified response to the
  intended target of the DDoS attack. 
  
  Mitigation

  Mitigation for this issue is documented in VMware Knowledge Base
  article 2070193. This article also documents when vSphere 
  products are affected.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2013-5211 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMwareProduct Running Replace with/
  Product   Version on  Apply Patch
  = === === =
  VCSA  5.5 Linux   5.5 Update 1  
  VCSA  5.1 Linux   patch pending 
  VCSA  5.0 Linux   patch pending 
  
  ESXi  5.5 ESXiESXi550-201403101-SG
  ESXi  5.1 ESXipatch pending 
  ESXi  5.0 ESXipatch pending 
  ESXi  4.1 ESXipatch pending 
  ESXi  4.0 ESXipatch pending 

  ESX   4.1 ESX patch pending 
  ESX   4.0 ESX patch pending 


  b. Update to ESXi glibc package

 The ESXi glibc package is updated to version
 glibc-2.5-118.el5_10.2 to resolve a security issue.

 The Common Vulnerabilities and Exposures project (cve.mitre.org)
 has assigned the name CVE-2013-4332 to this issue.

 Column 4 of the following table lists the action required to
 remediate the vulnerability in each release, if a solution is
 available.

 VMware  Product   Running  Replace with/
 Product Version   on   Apply Patch
 ==    ===  =
 ESXi5.5   ESXi ESXi550-201403101-SG
 ESXi5.1   ESXi patch pending
 ESXi5.0   ESXi patch pending 
 ESXi4.1   ESXi no patch planned
 ESXi4.0   ESXi no patch planned

 ESX 4.1   ESX  not applicable
 ESX 4.0   ESX  not applicable

  c. vCenter and Update Manager, Oracle JRE 1.7 Update 45
  
 Oracle JRE is updated to version JRE 1.7 Update 45, which
 addresses multiple security issues that existed in earlier
 releases of Oracle JRE. 

 Oracle has documented the CVE identifiers that are addressed
 in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch 
 Update Advisory of October 2013. The References section provides
 a link to this advisory.

 Column 4 of the following table lists the action required to
 remediate the vulnerability in each release, if a solution is
 available.

 VMware   Product   Running Replace with/
 Product  Version   on  Apply Patch
 ====   === =
 vCenter Server   5.5   Any 5.5 Update 1  
 vCenter Server   5.1   Any not applicable **
 vCenter Server   5.0   Any not applicable **
 vCenter Server   4.1   Windows not applicable **
 vCenter Server   4.0   Windows not applicable *

 Update Manager   5.5   Windows 5.5 Update 1 
 Update Manager   5.1   Windows not applicable **
 Update Manager   5.0   Windows not applicable **
 Update Manager   4.1   Windows not applicable *
 Update Manager   4.0   Windows not applicable *

 ESXi any   ESXinot applicable

 ESX  4.1   ESX not applicable **
 ESX  4.0   ESX not applicable *
   
 * this product uses the Oracle JRE 1.5.0 family
 ** this product uses the Oracle JRE 1.6.0 family
 
4. S

[Full-disclosure] [SECURITY] [DSA 2873-1] file security update

[Salvatore Bonaccorso]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-2873-1   secur...@debian.org
http://www.debian.org/security/  Salvatore Bonaccorso
March 11, 2014 http://www.debian.org/security/faq
- -

Package: file
Vulnerability  : several
CVE ID : CVE-2014-2270
Debian Bug : 703993

Several vulnerabilities have been found in file, a file type
classification tool.

Aaron Reffett reported a flaw in the way the file utility determined the
type of Portable Executable (PE) format files, the executable format
used on Windows. When processing a defective or intentionally prepared
PE executable which contains invalid offset information, the
file_strncmp routine will access memory that is out of bounds, causing
file to crash. The Common Vulnerabilities and Exposures project ID
CVE-2014-2270 has been assigned to identify this flaw.

Mike Frysinger reported that file's rule for detecting AWK scripts
significantly slows down file. The regular expression to detect AWK
files contained two star operators, which could be exploited to cause
excessive backtracking in the regex engine.

For the oldstable distribution (squeeze), these problems have been fixed
in version 5.04-5+squeeze4.

For the stable distribution (wheezy), these problems have been fixed in
version 5.11-2+deb7u2.

For the testing distribution (jessie), these problems have been fixed in
version 1:5.17-1.

For the unstable distribution (sid), these problems have been fixed in
version 1:5.17-1.

We recommend that you upgrade your file packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJTH3t1AAoJEAVMuPMTQ89EmTYP/Ak8+mTumYv3xlNXhvUstsBN
IAFXKVn9fDQj7zpLgnoZwW5qAVCCg6leh4C5f2lCRgIVuuPBkmfSOeUjnIY6Vg/S
HvuEUXoVhJ/HWCGu5u+t7KrggtH6yUIgWIN8CM++Ufivid2W1V8AFuqgwuSmbudf
Yc35lq5AUy4VHuk2kDhYzUvlUf2UCjEQe43FAIe1CzyjiSXiKWIszkPo6TZjOxIf
372ZnjrY7f+aPsW4B6qkytPgYVnmym08urs8yzGH0RQF3Nmx/hk7xaR5xkdsKQ+z
868H3jQZxJUf6YxCb7U58aeVEKwDHRo+u6W3TxwRTyaNreQCK32KJODw7/AQsASP
c5A4Sr77Tl+IXDx+zkECFQWt35qJtBL1IIyhGNbVelr8EgpsrhHMnv0iWEKhmweM
Sf3czFYd/r23s24HGFosQkYcx6VicvvRodqFLjNZS9vCqe3e7HJ6wBygDjjk2vw1
UXOz46op1g3b0MoSEI4ihuXn7xzhb523VPePZbAOyn8bH89zagWm6V1nQ6jsLQ2A
m/NctoEbUYXXHd09ur7BSUVEE/196rsutH39e+Ms7tzoRBgUBaXPuzcyzYgngz/G
BZ3dLz8JLuK2nTW9h0pL+NGexNO50o/wKs0I9ON+QTL6m4Md7Ff1dDowUOdBWpDd
1MZF2p4X9YDoBVTtek+n
=Wumm
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities

[CORE Advisories Team]

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities



1. *Advisory Information*

Title: Oracle VirtualBox 3D Acceleration Multiple Memory Corruption
Vulnerabilities
Advisory ID: CORE-2014-0002
Advisory URL:
http://www.coresecurity.com/content/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
Date published: 2014-03-11
Date of last update: 2014-03-11
Vendors contacted: Oracle
Release mode: User release



2. *Vulnerability Information*

Class: Improper Validation of Array Index [CWE-129], Improper Validation
of Array Index [CWE-129], Improper Validation of Array Index [CWE-129]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2014-0981, CVE-2014-0982, CVE-2014-0983



3. *Vulnerability Description*

VirtualBox is a general-purpose full virtualizer for x86 hardware,
targeted at server, desktop and embedded use.

VirtualBox provides -among many other features- 3D Acceleration for
guest machines
through its Guest Additions. This feature allows guest machines to use
the host machine's
GPU to render 3D graphics based on then OpenGL or Direct3D APIs.

Multiple memory corruption vulnerabilities have been found in the code
that implements
3D Acceleration for OpenGL graphics in Oracle VirtualBox.
These vulnerabilities could allow an attacker who is already running
code within
a Guest OS to escape from the virtual machine and execute arbitrary code
on the Host OS.


4. *Vulnerable packages*

   . Oracle VirtualBox v4.2.20 and earlier.
   . Oracle VirtualBox v4.3.6 and earlier.
   . Other versions may be affected too but they were no checked.

5. *Non-vulnerable packages*

   . Oracle VirtualBox v4.3.8.

6. *Credits*

This vulnerability was discovered and researched by Francisco Falcon from
Core Exploit Writers Team. The publication of this advisory was coordinated
by Andres Blanco from Core Advisories Team.



7. *Technical Description / Proof of Concept Code*

VirtualBox makes use of the *Chromium*[1] open-source library
(not to be confused with the open-source web browser) in order to
provide 3D Acceleration for OpenGL graphics.

Chromium provides remote rendering of OpenGL graphics through a
client/server model, in which
a client (i.e. an OpenGL application) delegates the rendering to the
server, which has access
to 3D-capable hardware.

When 3D Acceleration is enabled in VirtualBox, OpenGL apps running
within a Guest OS
(acting as Chromium clients) will send rendering commands to the
Chromium server, which is
running in the context of the hypervisor in the Host OS.

The code that handles OpenGL rendering commands on the Host side is
prone to multiple memory
corruption vulnerabilities, as described below.


7.1. *VirtualBox crNetRecvReadback Memory Corruption Vulnerability*

[CVE-2014-0981] The first vulnerability is caused by a *design flaw* in
Chromium. The Chromium server makes use
of "*network pointers*". As defined in Chromium's documentation,
'"Network pointers are
simply memory addresses that reside on another machine.[...] The
networking layer will then
take care of writing the payload data to the specified address."'[2]

So the Chromium's server code, which runs in the context of the
VirtualBox hypervisor
in the Host OS, provides a write-what-where memory corruption primitive
*by design*, which
can be exploited to corrupt arbitrary memory addresses with arbitrary
data in the hypervisor process
from within a virtual machine.

This is the code of the vulnerable function [file
'src/VBox/GuestHost/OpenGL/util/net.c'], which can
be reached by sending a 'CR_MESSAGE_READBACK' message to the
'VBoxSharedCrOpenGL' service:


/-
/**
 * Called by the main receive function when we get a CR_MESSAGE_READBACK
 * message.  Used to implement glGet*() functions.
 */
static void
crNetRecvReadback( CRMessageReadback *rb, unsigned int len )
{
/* minus the header, the destination pointer,
 * *and* the implicit writeback pointer at the head. */

int payload_len = len - sizeof( *rb );
int *writeback;
void *dest_ptr;
crMemcpy( &writeback, &(rb->writeback_ptr), sizeof( writeback ) );
crMemcpy( &dest_ptr, &(rb->readback_ptr), sizeof( dest_ptr ) );

(*writeback)--;
crMemcpy( dest_ptr, ((char *)rb) + sizeof(*rb), payload_len );
}

 
-/

Note that 'rb' points to a 'CRMessageReadback' structure, which is fully
controlled by the
application running inside a VM that is sending OpenGL rendering
commands to the Host side.
The 'len' parameter is also fully controlled from the Guest side, so
it's possible to:

   1. decrement the value stored at any memory address within the
address space of the hypervisor.
   2. write any data to any memory address within the address space of
the hypervisor.

7.2. *VirtualBox crNetRecvWriteback Memory Corruption Vulnerability*

[CVE-2014-0982] The second vulnerability is closely related to the first
one,

Re: [Full-disclosure] OT What is happening with bitcoins?

[Ron Scott-Adams]

Julius hit the nail on the head here. Transaction malleability is not some 
heretofore undiscovered bug in the Bitcoin implementation. It was a known 
entity long ago, and presumably with the creator(s) awareness. It really isn’t 
a problem itself; it’s perfectly mitigable with the correct implementations on 
the exchange’s side. It’s worth noting nearly all of the FUD surrounding BTC 
comes down to mistakes made with and among exchanges. Exchanges of any kind 
carry risk, and a new kind of exchange such as this is bound to have some 
serious question marks in the first many years of existence.

For more on transaction malleability and the technical considerations, see 
https://en.bitcoin.it/wiki/Transaction_Malleability, noting especially the 
following:
“...this does mean that, for instance, it is not safe to accept a chain of 
unconfirmed transactions under any circumstance because the later transactions 
will depend on the hashes of the previous transactions, and those hashes can be 
changed until they are confirmed in a block.”

The above is a huge note, and is made clear elsewhere as well. However, 
mistakes around this were still made, and continue to be made today. Live and 
learn, caveat emptor, etc.

On Mar 10, 2014, at 10:57 AM, Julius Kivimäki  wrote:

> Saying that the malleability thing is an issue with bitcoins is like saying 
> that sql injection is an issue with mysql.
> 
> 
> 2014-03-07 15:58 GMT+02:00 Meaux, Kirk :
> More to the point, has the transaction malleability issue been fixed that 
> caused Magic’s downfall?
> 
> Even though most exchanges just code around it, it’s still kind of a really 
> big issue if it isn’t fixed. :d
> 
>  
> 
>  
> 
> From: Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk] On 
> Behalf Of Pedro Worcel
> Sent: Thursday, March 06, 2014 6:09 PM
> To: Georgi Guninski
> Cc: full-disclosure
> Subject: Re: [Full-disclosure] OT What is happening with bitcoins?
> 
>  
> 
> Bitcoins are doing great actually. =)
> 
> Used to be worth 0 a few years back, useless, and now you can use them to buy 
> some stuff.
> 
> 
>  
> 
> 2014-03-07 4:06 GMT+13:00 Georgi Guninski :
> 
> Read on theregister that bitcoins are in trouble.
> 
> Allegedly mtgox lost $400M maybe related to
> transactions.
> 
> Are the bugs in bitcoin or just sufficiently
> many ones got rooted?
> 
> Is bitcoin still alive?
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 
> 
> --
> 
> GPG: http://is.gd/droope
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Passwords Analyser Tool

[Daniel Wood]

Nahu-

For the most part I use pipal, however, I've used PACK in the past as well. 
PACK is great if you use hashcat for cracking as it generates valid masks as 
input files for you.

http://thesprawl.org/projects/pack/

Daniel

> On Mar 10, 2014, at 11:45 AM, Nahuel Grisolia  
> wrote:
> 
> Hi all!
> 
> Is there any passwords analyser open source tool out there? right now I'm 
> running Pipal (1) and I find it very useful, but I just want to know if you 
> are using any other alternative.
> 
> Thanks!
> 
> Nahu.-
> 
> (1) http://www.digininja.org/projects/pipal.php
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue

[Guillaume Ross]

- Affected Vendor: https://www.apple.com/
- Affected Software: Safari/Facetime on iOS
- Affected Version: iOS 7 prior to 7.1
- Issue Type: Lack of user confirmation leading to a call being
established, revealing the user's identity (phone number or email address)
- Release Date: March 10, 2014
- Discovered by: Guillaume Ross / @gepeto42
- CVE Identifier: CVE-2013-6835
- Issue Status: Vendor has published iOS 7.1 which resolves this issue by
adding a prompt before establishing the call.

**Summary**

Facetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows
audio only calls. The audio version uses a vulnerable URL scheme which is
not used by Facetime Video.
The URL Scheme used for Facetime-Audio allows a website to establish a
Facetime-audio call to the attacker's account, revealing the phone number
or email address of the user browsing the site.

By entering the URL in an inline frame, the attack is automated, and
similar to a CSRF attack across apps. Safari does not prompt the user
before establishing the call.

**Impact**

A user browsing the web could click a malicious link or load a page
containing a malicious link within an inline frame. The user would then
automatically contact the phone number or email address specified in the
URL, revealing his identity to the attacker.

**Proof of Concept**

Entering the following URL in iOS would trigger the call to the email
address specified: facetime-audio://u...@host.com

This inline frame would have the user call the specified email address as
soon as the HTML page is loaded, without prompting the user:

   

Security Content of iOS 7.1: http://support.apple.com/kb/HT6162
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Apple TV log file password disclosure

[David Schuetz]

   -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Intrepidus Group Security Advisory 
http://www.intrepidusgroup.com

   -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Title:  Apple TV Touch Setup Wi-Fi and iTunes Password Disclosure
Release Date:   10 March 2014
Discoverer: David Schuetz 
Vendor: Apple
Vendor Reference:   http://support.apple.com/kb/HT1222
CVE Reference:  CVE-2014-1279
Systems Affected:   Apple TV (3rd generation) running ATV 6.0 - 6.0.2 
Risk:   Medium
Status: Published


Timeline

Discovered: 10 October 2013
Reported:   8 November 2013
Fixed:  10 March 2014
Published:  10 March 2014


Summary

The release of Apple TV version 6.0, based on iOS 7.0, introduced a new 
convenience feature for the setup of new Apple TV units, colloquially
referred to as "Touch Setup." 

This features permits a user with a mobile iOS device such as an iPhone, to 
use BlueTooth Low Energy (BTLE) to transfer certain configuration information
to a newly-activated Apple TV system, including iTunes Store ID and password, 
and Wi-Fi SSID and password.

An issue exists where detailed logging is enabled in the Apple TV.app binary,
resulting in detailed packet data being dumped to the Apple TV log. This data 
includes hexadecimal representations of the configuration information 
transferred from the mobile device to the Apple TV, including AppleID and 
Wi-Fi passwords passed in cleartext.

An attacker with access to an Apple TV may be able to recover this data from 
the system log, if it has been stored on the Apple TV. 


Details
---
Apple TV applications may save certain logging and debugging information to 
the system using NSLog() and similar mechanisms. The logs may be viewed by 
attaching the Apple TV unit to an OS X system via a micro-USB cable, and 
using an application such as the Xcode Organizer or iPhone Configuration 
Utility. 

In general, these log entries are ephemeral, however, certain log data on
the Apple TV (and other iOS devices in general) are retained to some degree 
on the device filesystem and may thus be available for viewing at a later 
date.  At this time, it is not clear whether the Touch Setup logs are 
retained on the Apple TV or mobile iOS device after completion of the setup 
process.

The Apple TV app (as well as the touchsetupd daemon on the mobile iOS device)
sends detailed descriptions of data sent and received during the Touch Setup
process. 

In the case of the mobile iOS device, this data is encrypted using
a key exchanged between the two devices. However, it may be possible that
enough information is leaked in these debug messages (or other related log
entries) that an attacker may recover the session key and thus decrypt the
entire conversation.

In the case of the Apple TV unit, the data are generally written to the log 
two or even three times: First, the raw encrypted data as received from the 
mobile device, then the decrypted, yet compressed, plaintext of that data, 
and then finally the uncompressed data itself.

The decompressed data containing configuration information required to 
complete the Touch Setup process is provided as a binary property list 
(plist). The plist contains, among other data, the following information:

AppleID (iTunes account) information:
  * First Name
  * Last Name
  * AppleID (email address)
  * Password

Local Wi-Fi information:
  * SSID
  * Password


Steps to Reproduce
--
To demonstrate this vulnerability, the following hardware will be required:

1. Apple TV (3rd generation) running Apple TV system version 6.0 through 6.0.2 
2. A "recent" mobile iOS device such as iPhone 4S or later (see Systems 
   Affected for full list), running iOS version 7.0 or later
3. A system running OS X, with Xcode installed
4. A display connected to the Apple TV via HDMI
5. A micro-USB cable connected to the Apple TV and ready to connect to a 
   system running OS X


The procedure is as follows:

1. Ensure the Apple TV is "factory fresh" either by acquiring a new, 
   shrink-wrapped unit, or using a full "factory reset" on an existing unit.

2. Connect the Apple TV to the display using HDMI

3. Connect the micro-USB cable to the Apple TV (it may be necessary to obtain
   a very low-profile connector, or to use a utility knife to shave the 
   micro-USB connector, in order to connect both the HDMI and USB connectors 
   simultaneously). DO NOT connect the cable to the OS X machine at this point.

4. Ensure the mobile iOS device has BlueTooth enabled and is logged in to the
   local Wi-Fi network (following Apple's instructions: 
   http://support.apple.com/kb/HT5900)

5. Launch Xcode on the OS X system, and open the Xcode organizer.

6. Reboot the Apple TV by removing and re-inserting the power cable. Once the 
   Apple logo has appear

[Full-disclosure] Passwords Analyser Tool

[Nahuel Grisolia]

Hi all!

Is there any passwords analyser open source tool out there? right now I'm 
running Pipal (1) and I find it very useful, but I just want to know if you are 
using any other alternative.

Thanks!

Nahu.-

(1) http://www.digininja.org/projects/pipal.php


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OT What is happening with bitcoins?

[Julius Kivimäki]

Saying that the malleability thing is an issue with bitcoins is like saying
that sql injection is an issue with mysql.


2014-03-07 15:58 GMT+02:00 Meaux, Kirk :

>  More to the point, has the transaction malleability issue been fixed
> that caused Magic's downfall?
>
> Even though most exchanges just code around it, it's still kind of a
> really big issue if it isn't fixed. :d
>
>
>
>
>
> *From:* Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk]
> *On Behalf Of *Pedro Worcel
> *Sent:* Thursday, March 06, 2014 6:09 PM
> *To:* Georgi Guninski
> *Cc:* full-disclosure
> *Subject:* Re: [Full-disclosure] OT What is happening with bitcoins?
>
>
>
> Bitcoins are doing great actually. =)
>
> Used to be worth 0 a few years back, useless, and now you can use them to
> buy some stuff.
>
>
>
> 2014-03-07 4:06 GMT+13:00 Georgi Guninski :
>
> Read on theregister that bitcoins are in trouble.
>
> Allegedly mtgox lost $400M maybe related to
> transactions.
>
> Are the bugs in bitcoin or just sufficiently
> many ones got rooted?
>
> Is bitcoin still alive?
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> --
>
> GPG: http://is.gd/droope 
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] NotSoSecure CTF [April 18th to 20th 2014]

[Sumit Siddharth]

Hello all,

After the huge success of our first CTF, I am pleased to announce that we
will be hosting the 2nd public CTF in April.
More details and registration page can be found here:
http://ctf.notsosecure.com/ 

Happy Hacking!

Sid
NotSoSecure Limited,
http://www.notsosecure.com 
twitter: @notsosecure
---
Upcoming NotSoSecure events:
Black Hat 2014, Las Vegas:
http://blackhat.com/us-14/training/the-art-of-exploiting-injection-flaws.htm
l 


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Hackito Ergo Sum 2014 CFP

[Alexandre De Oliveira]

Hi everyone,

Just an annouce that the Call for Papers for the 5th edition of Hackito
Ergo Sum is out!

The final date of submission is the 31th of March!

See you at Hackito !

--[ Synopsis:

Hackito Ergo Sum is an international conference focused on 
security and hacking breakthroughs from many different 
perspectives: corporate, hackers, industry, governments, 
academics. Diversity and creativity in this domain are the key 
words. HES2014 will have for its 5th edition some of the best 
hacking talents in the world.


--[ Venue:

Hackito Ergo Sum 2014 will take place in Paris, France from the 
24th to the 26th of April, 2014, at Cite des sciences et de 
l'industrie.

Address:
30 Avenue Corentin Cariou
75019 Paris
FRANCE

It is easily accessible via public transport with metro line 7, 
at the Porte de la Villette, or by car using orbital motorway 
(Multiverse level I / 61d8327deb882cf99).

Map and pictures are available here:
https://plus.google.com/110203164083435669962/about?gl=fr&hl=fr


--[ Introduction:

It's 2014 and we're still on the place for a new year of hack and fun!

During the three days of HES, research conferences, solutions 
presentations, panels, debates, AND PARTIES will aim to share, 
mix, and determine the future of IT security & hacking.


--[ Content of the Research Track:

We are expecting submissions in English only. 
The format will be 45 minutes presentation + 10 minutes Q&A.

We are also allocating slots for lightning talks (15 min) at the end 
of the day.

Please note that talks whose content will be judged too 
commercial or biased toward a given vendor will be rejected. 

We will also consider new and first time presenters, so that 
anyone can get his/her foot in the door. Don't be shy, just say 
"It's one of my first conf submission", and we'll be kind.

For the research track, preference will be given to offensive, 
innovative, and highly technical proposals.

As a suggestion, we would love to see things about:

* SIPRnet, NIPRnet & other defense networks funny stories
* LTE radio and signaling abuses and/or real life hacks
* 4G, Diameter & GRX/IPX hacks
* Exploit style stylography
* CTF Antiforensics: Detection of Intelligence gathering CTFs
* Government filternets (formerly known as Internet, R.I.P)
* x86/64 & Non-x86 exploitation
* New methods to detect software bugs (source or binary based)
* Funky Kernel land exploits
* Offensive forensics
* Current kernel buffer overflows exploit techniques for your 
grandmother
* SAT solving your ROP gadgeting and chaining
* IOS vuln research & vulndev
* Identifying tainted 0-day sploits for government-sponsored grey 
market tracing
* Mobile Botnets and Overlay networks-based C&C
* IPv6 & "Carrier Grade NATs" advances
* M2M Machine Type Communication 
* Sound hacking: binaural, brown, ...
* UEFI malware writing
* Android, RIM, Bada, IOS Mobile applications & OS hacks
* TPM and Secure Boot kitting & knifing
* FPGA backdoors
* Automated Hardware reverse engineering
* Hardware security & lockpicking in 2014
* Stun the community !

We will also have a Zero Day Show, as last year, at the end of 
the conference so that people can share (love/kindness) or show 
(salivate/envy) their new babies to the world. Prepare! Zombie 
Exploitocalyps incoming :)

We highly encourage any other presentation topic, especially the 
one we may not even imagine.

If you want to share skills on a specific subject during a 
workshop, feel free to contact us.

--[ Submissions:

[*] Requested information:

Submissions must contain the following information:

* Speakers name or alias
* Presentation Title
* Description
* Needs: Internet? Others?
* Demo (Y/N)
* Company (name) or Independent?  (optional)
* Address (optional)
* Phone (optional)
* Email (optional)
* Biography (optional)

We highly encourage and will favor presentations with demos.

Specify if submission contains any of the following information:
* Tool
* Slides
* Whitepaper

[*] How to submit:

Submit your presentation and materials by sending an email to:

hes-cfp_AT_lists.hackitoergosum.org


--[ Dates:

2014-01-13Call for Paper
2014-03-31Submission Deadline
2014-04-04Acceptance notification
2014-04-07Program announcement
2014-04-24Start of conference
2014-04-26End of conference

--[  Program Committee:
The following program committee will review the submissions:
- Tavis Ormandy (Google) @taviso
- Mark Dowd (AzimuthSecurity) @mdowd
- Alex Rice (Facebook)
- Charlie Miller (Twitter) @0xcharlie
- David Litchfield (V3rity Software) @dlitchfield
- Nico Waisman (Immunity) @nicowaisman
- Philippe Langlois (P1 Security) @philpraxis
- Laurent Gaffie (Trustwave)
- Julien Tinnes (Google) 
- Brad Spengler (aka spender) (Grsecurity)
- Silvio Cesare (Volven Security Solutions) @silviocesare
- Carlos Sarraute (GranData)
- Itzik Kotler (aka izik) @itzikkotler
- Jason A. Donenfeld (ZX2C4) @zx2c4
- Rodrigo Branco (Dissect.pe) @bsdaemon
- Tim Shelton