Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Firstly, the sky isn't falling, the risks posed by the gadget API already existed elsewhere in Windows generally, but this is another new attack surface without any legacy dependencies. This is my general view on the gadget API. Yahoo widgets. Finally, why on earth does the trust model for gadgets consist of full trust and nothing more. Why not allow gadgets to state in their manifest that for example they don't need to execute things, won't make use of ActiveX controls and will only connect to a specific host? Or have the OS force a restrained environment for them to run within. The usability and convenience offered by them isn't worth the opportunities they proffer. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerable test application: Simple Web Server (SWS)
Very interesting, been a while on here now. Downloading as I speak.. will post a follow-up. - S -Original Message- From: [EMAIL PROTECTED] [mailto:full- [EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: Monday, September 10, 2007 11:36 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk; code- [EMAIL PROTECTED] Subject: [Full-disclosure] Vulnerable test application: Simple Web Server (SWS) Every once in a while (last time a few months ago) someone emails one of the mailing lists about searching for an example binary, mostly for: - Reverse engineering for vulnerabilities, as a study tool. - Testing fuzzers Some of these exist, but I asked my employer, Beyond Security, to release our test application, specific for testing fuzzing (built for the beSTORM fuzzer). They agreed to release the HTTP version, following their agreement to release our ANI XML specification. The GUI allows you to choose what port your want to run it on, as well as which vulnerabilities should be active. It is called Simple Web Server or SWS, and has the following vulnerabilities: 1. Off-By-One in Content-Length (Integer overflow/malloc issue) 2. Overflow in User-Agent 3. Overflow in Method 4. Overflow in URI 5. Overflow in Host 6. Overflow in Version 7. Overflow in complete packet 8. Off By One in Receive function (linefeed/carriage return issue) 9. Overflow in Authorization Type 10. Overflow in Base64 decoded 11. Overflow in Username of authorization 12. Overflow in Password of authorization 13. Overflow in Body 14. Cross site scripting It can be found on Beyond Security's website, here: http://www.beyondsecurity.com/sws_overview.html Thanks, Gadi Evron. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
Stop whining and impressing us with your age and lack of schooling, and your opinions about what the list may NOT need. -scene_whore- empire? How much cable do you have? Str -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Sunday, April 30, 2006 3:27 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable On 4/29/06, Secunia Research [EMAIL PROTECTED] wrote: Microsoft therefore treats this as a privately disclosed vulnerability, thus Secunia will not be releasing any further details before Microsoft releases a patch for this vulnerability. Kind regards, Thomas Kristensen CTO Secunia Hammerensgade 4, 2. floor DK-1267 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145 On Fri, 2006-04-28 at 09:33 +0200, Secunia Research wrote: Hello, There has recently been some discussion regarding whether or not the MSIE Nested Object Vulnerability reported by Michal Zalewski is exploitable or not. Yes, some amougst the script kid population of the list weren't sure if it was exploitable, everyone else with a clue knew it was exploitable, hence the reason MZ disclosed the advisory in the first place. The list doesn't need Secunia verfication of advisories. Infact no one needs your entire Secunia website. I can't wait for John Cartwright to drop you guys as a sponsor. (The biggest mistake he ever made) If the vulnerability is privately disclosed and _isn't_ the same as MZ's then why talk about it in public? Sending an e-mail to MZ and telling him his advisory had uncovered a nest of ants, attached to his original tip off would have be more than adequate. Btw, when are you guys growing your -scene whore- empire? Perhaps Zone-h.org will be your next purchase. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
Spare me the pedantics. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Sunday, April 30, 2006 4:30 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable On 4/29/06, Strykar [EMAIL PROTECTED] wrote: Stop whining and impressing us with your age and lack of schooling, and your opinions about what the list may NOT need. -scene_whore- empire? How much cable do you have? Str Its funny, folks like you. I actually whine about a subject related to a thread, though the real trolls of the list just whine about people whining, without adding anything to the original topic within a thread. Cal me a whiner and then add your own opinion on the thread topic, than just saying to someone you suck, your age your lack of schooling without saying why, and giving your own opinion on the right way to be thinking about Secunia's misleading, misinformed thread title of MZ's object vulnerability is exploitable b.s. I may be a bitch, but at least i'm on-topic. Its amazing the lack of age and schooling some folks have, Regards, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/