Re: [Full-disclosure] [Newbie] How to search in all full-disclosure@lists.grok.org.uk
José: Is there a way to make full search by keyword in all full-disclosure@lists.grok.org.uk archive of messages? site:http://lists.grok.org.uk full-disclosure KEYWORD Carlos Pantelides @dev4sechttp://seguridad-agile.blogspot.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pentesting Distributions or Projects for Raspberry Pi
Jay: Do you know other projects, distributions, and installer kits for Raspberry PI aside from the distributions and kits mentioned in this article: http://resources.infosecinstitute.com/pentesting-distributions-and-installer-kits-for-your-raspberry-pi/ ? Nice link. I've added a slight modification to w3af in order to turn on and off some leds and give feedback in a head-less uncontrolled scan scenario. http://seguridad-agile.blogspot.com/2013/05/w3af-on-raspberry-pi.html Carlos Pantelides @dev4sec http://seguridad-agile.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Netbeans Jira Plugin does not check https certificates
Title: --- Netbeans Jira Plugin does not check https certificates Disclosure Timeline: - [2012-01-02] Vulnerability reported (http://netbeans.org/bugzilla/show_bug.cgi?id=206848) [2012-01-03] Assigned [2012-01-30] More info added and asked for status [2012-02-08] No answer, fully disclosed Introduction Jira is a project tracking tool. It provides an API. (www.atlassian.com/software/jira) Netbeans is an IDE that can consume Jira's API (www.netbeans.org) As provided by Atlassian Jira Studio, the API is protected at the transport layer with https. Details --- Connecting to a jira instance through an intercepting proxy like webscarab raise no warning from the IDE nor the plugin, so you can decrypt the conversation, including username and password. Checked that other applications detected the wrong certificates. Affected Versions -- NetBeans IDE 7.0.1 (Build 201107282000) NetBeans IDE 7.1 (Build 201112071828) NetBeans IDE Dev (Build 201201260600) Carlos Pantelides - http://seguridad-agile.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Those who try to manage potentially malicious servers do so over IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. Feature or bug, vnc or ip kvm, the same behavior has a virtual box virtualized machine with shared clipboard. You can choose disabled, direction and bidirectional (by default) Something to keep in mind, at least the beginners like me. Just run in the guest and see your clipboard, sure there are more elegant ways of doing the same. (tested linux in linux with virtual box and linux in mac with vmware) while true; do xsel -p echo xsel -s echo xsel -b echo done Carlos Pantelides - http://seguridad-agile.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/