Re: [Full-disclosure] strange domain name in phishing email
It seems that this case has the name Dotless IP Address Security Issue and KB article #168617 http://support.microsoft.com/?kbid=168617 describes it even in IE4. Correct if I'm wrong. - Juha-Matti IIRC, Microsoft changed that as one of the security updates to IE. For a time, it was a popular phishing trick. I also remember there was a way to do that (or something similar) to bypass the security zones in IE and make it think it was a trusted site, but can't find that reference at hand. The rest of windows will still do it though. Try ping 2887060730 or telnet 2887060730 80. ~Mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think this would be a client side only thing. Netcat connected fine when I have such a name (167772398 - 10.0.0.238) as a target. The reason I say this is because how would apache know what to do with: Host: 167772398 It might have been a vhost, so I dont think they have support for this. NOTE: just my thoughts Julien GROSJEAN - Proxiad wrote: I think you try to remove the slash at the end... What about the logs ? Alice Bryson a écrit : BTW, this kind of ip address would not always work. i try to use http://2887060730/ to access an internal web server http://172.21.12.250, but failed. It said 400 bad request. I use Windows XP IE 6, web server is Apache on Windows 2003, does anyone know why? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRBfdcLEDZDQ16UzTAQK2hQf/bLNUt/NOBlBFjg6x2jaKE2uQGee7uPm0 3TNdye/xgkqCBZ7b2F213fPjm4ERtijyUmKSMxWyMrMM4CSWI354mjVQqqY94FAk UbUDoZFKqUYAD5EJLuaTBLDPfrJCHJx0YwrZiHNVzGZEe2frEBn9I3AnAKvhjuGw kc6VIozuo0V8dSbumOTIkX3/ShhvyEnuZKyHD5dP7HW0PXgmV5Uz2oCnKPlSK7Q7 M4tN3jkCQJj7XyeOJuFK16kofnzPWa9B6iswnrQtEGrBLwslcuBDmLJz9HLVsKfy C3ll6DnG3H53flfFNp9adCl2iP7sPOTTgzSy275pHEg8kWM1j8ZVzQ== =86fl -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
On Tue, 14 Mar 2006, Chris Umphress wrote: On 3/14/06, gboyce [EMAIL PROTECTED] wrote: I tried this trick against my personal Apache 2 webserver, and got a 400 bad request as well. The apache log is showing Client sent malformed Host header. It looks like Apache is getting the decimal host header, and doesn't understand what to do with it. Oddly, the host mentioned in the initial e-mail is also Apache, but it's Apache 1.3. Is your Apache on windows server 1.x or 2.x? I'll jump in and say that mine works works this way (If you want to verify, it is http://1136002182/). I am using Apache 1.3 and have several virtual hosts set up. Since Apache returns the first virtual host if it doesn't match the names of any of the other virtual hosts. That could be the determining factor for why some work and others don't. I have virtual hosts setup as well, and this behavior doesn't work for me. I tested a few different servers, and what I've found is that Apache 1.3 accepts hosts defined in this manner. Apache 2.0 fails with a 400 error. Greg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
hi there: When I use IE 6 web browser, Apache 1.3 accept this kind of request but Apache 2.0 doesn't. When I use IE 7 web browser, Apache 2.0 also accept this kind of request. 2006/3/15, gboyce [EMAIL PROTECTED]: On Tue, 14 Mar 2006, Chris Umphress wrote: On 3/14/06, gboyce [EMAIL PROTECTED] wrote: I tried this trick against my personal Apache 2 webserver, and got a 400 bad request as well. The apache log is showing Client sent malformed Host header. It looks like Apache is getting the decimal host header, and doesn't understand what to do with it. Oddly, the host mentioned in the initial e-mail is also Apache, but it's Apache 1.3. Is your Apache on windows server 1.x or 2.x? I'll jump in and say that mine works works this way (If you want to verify, it is http://1136002182/). I am using Apache 1.3 and have several virtual hosts set up. Since Apache returns the first virtual host if it doesn't match the names of any of the other virtual hosts. That could be the determining factor for why some work and others don't. I have virtual hosts setup as well, and this behavior doesn't work for me. I tested a few different servers, and what I've found is that Apache 1.3 accepts hosts defined in this manner. Apache 2.0 fails with a 400 error. Greg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Can you do a packet capture, and find out what the request to the server looks like? Apache 2 doesn't seem to like the decimal host definition sent by most browsers. Perhaps IE 7 converts the decimal IP back into octal before sending it to the server. On Thu, 16 Mar 2006, Alice Bryson wrote: hi there: When I use IE 6 web browser, Apache 1.3 accept this kind of request but Apache 2.0 doesn't. When I use IE 7 web browser, Apache 2.0 also accept this kind of request. 2006/3/15, gboyce [EMAIL PROTECTED]: On Tue, 14 Mar 2006, Chris Umphress wrote: On 3/14/06, gboyce [EMAIL PROTECTED] wrote: I tried this trick against my personal Apache 2 webserver, and got a 400 bad request as well. The apache log is showing Client sent malformed Host header. It looks like Apache is getting the decimal host header, and doesn't understand what to do with it. Oddly, the host mentioned in the initial e-mail is also Apache, but it's Apache 1.3. Is your Apache on windows server 1.x or 2.x? I'll jump in and say that mine works works this way (If you want to verify, it is http://1136002182/). I am using Apache 1.3 and have several virtual hosts set up. Since Apache returns the first virtual host if it doesn't match the names of any of the other virtual hosts. That could be the determining factor for why some work and others don't. I have virtual hosts setup as well, and this behavior doesn't work for me. I tested a few different servers, and what I've found is that Apache 1.3 accepts hosts defined in this manner. Apache 2.0 fails with a 400 error. Greg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
I tried the same address using nslookup of windows and linux. The linux nslookup and host generate an error message: ** server can't find 1406379699: NXDOMAIN. nslookup of Windows translate the number to a domain name. It seems that it works different for different operating system. Have a good day and thanks for your help. On 3/15/06, gboyce [EMAIL PROTECTED] wrote: Can you do a packet capture, and find out what the request to the serverlooks like? Apache 2 doesn't seem to like the decimal host definition sent by mostbrowsers.Perhaps IE 7 converts the decimal IP back into octal beforesending it to the server.On Thu, 16 Mar 2006, Alice Bryson wrote: hi there: When I use IE 6 web browser, Apache 1.3 accept this kind of request but Apache 2.0 doesn't. When I use IE 7 web browser, Apache 2.0 also accept this kind of request. 2006/3/15, gboyce [EMAIL PROTECTED]: On Tue, 14 Mar 2006, Chris Umphress wrote: On 3/14/06, gboyce [EMAIL PROTECTED] wrote: I tried this trick against my personal Apache 2 webserver, and got a 400 bad request as well.The apache log is showing Client sent malformed Host header. It looks like Apache is getting the decimal host header, and doesn't understand what to do with it.Oddly, the host mentioned in the initial e-mail is also Apache, but it's Apache 1.3. Is your Apache on windows server 1.x or 2.x? I'll jump in and say that mine works works this way (If you want to verify, it is http://1136002182/). I am using Apache 1.3 and have several virtual hosts set up. Since Apache returns the first virtual host if it doesn't match the names of any of the other virtual hosts. That could be the determining factor for why some work and others don't. I have virtual hosts setup as well, and this behavior doesn't work for me. I tested a few different servers, and what I've found is that Apache 1.3 accepts hosts defined in this manner.Apache 2.0 fails with a 400 error. Greg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
I think you try to remove the slash at the end... What about the logs ? Alice Bryson a écrit : BTW, this kind of ip address would not always work. i try to use http://2887060730/ to access an internal web server http://172.21.12.250, but failed. It said 400 bad request. I use Windows XP IE 6, web server is Apache on Windows 2003, does anyone know why? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] strange domain name in phishing email
IE5 was the last version of IE to support that kind on octal URL. In IE6 it has been deprecated. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Julien GROSJEAN - Proxiad Sent: 14 March 2006 08:45 To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] strange domain name in phishing email I think you try to remove the slash at the end... What about the logs ? Alice Bryson a écrit : BTW, this kind of ip address would not always work. i try to use http://2887060730/ to access an internal web server http://172.21.12.250, but failed. It said 400 bad request. I use Windows XP IE 6, web server is Apache on Windows 2003, does anyone know why? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Octal with eights in it?? As mentioned, it works works fine with IE6 if you remove the final / No. it was decimal. FWIW, here's a quickie way to convert between the 3 (hex,decimal,dottedquad) -- all of which work in URLs. Also .. the security zone bypass trick I mentioned earlier is accomplished by doing \\(decimalIP) in a link within HTML. IE used to treat that as trusted sites and would automatically submit credentials if requested by the remote side. Cheers, Michael Holstein CISSP GCIA Cleveland State University --snip-- #!/usr/bin/perl # Perl script to convert between numeric and dotted quad IPs. # credit to Paul Gregg for this (found on Google somewhere) while (STDIN) { chomp; $input = $_; if (/\./) { ($a, $b, $c, $d) = split(/\./); $decimal = $d + ($c * 256) + ($b * 256**2) + ($a * 256**3); } else { $decimal = $_; $d = $_ % 256; $_ -= $d; $_ /= 256; $c = $_ % 256; $_ -= $c; $_ /= 256; $b = $_ % 256; $_ -= $b; $_ /= 256; $a = $_; } if ( ($a255) || ($b255) || ($c255) || ($d255) ) { print $0: Invalid input: $input\n; } else { printf (Address: %d.%d.%d.%d is %u (Hex:%02x%02x%02x%02x)\n, $a,$b,$c,$d, $decimal,$a,$b,$c,$d); } } ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
hi there It is very strange thing. I have done the following tries. trying result http://172.21.12.250success http://2887060730 failed http://2887060730/ failed telent 2887060730 80 failed ping 2887060730success http://1406379699(phishing web site mentioned by Jianqiang Xin ) success http://1406379699/(phishing web site mentioned by Jianqiang Xin ) success Could anyone give me some idea? Thanks. 2006/3/14, Michael Holstein [EMAIL PROTECTED]: Octal with eights in it?? As mentioned, it works works fine with IE6 if you remove the final / No. it was decimal. FWIW, here's a quickie way to convert between the 3 (hex,decimal,dottedquad) -- all of which work in URLs. Also .. the security zone bypass trick I mentioned earlier is accomplished by doing \\(decimalIP) in a link within HTML. IE used to treat that as trusted sites and would automatically submit credentials if requested by the remote side. Cheers, Michael Holstein CISSP GCIA Cleveland State University --snip-- #!/usr/bin/perl # Perl script to convert between numeric and dotted quad IPs. # credit to Paul Gregg for this (found on Google somewhere) while (STDIN) { chomp; $input = $_; if (/\./) { ($a, $b, $c, $d) = split(/\./); $decimal = $d + ($c * 256) + ($b * 256**2) + ($a * 256**3); } else { $decimal = $_; $d = $_ % 256; $_ -= $d; $_ /= 256; $c = $_ % 256; $_ -= $c; $_ /= 256; $b = $_ % 256; $_ -= $b; $_ /= 256; $a = $_; } if ( ($a255) || ($b255) || ($c255) || ($d255) ) { print $0: Invalid input: $input\n; } else { printf (Address: %d.%d.%d.%d is %u (Hex:%02x%02x%02x%02x)\n, $a,$b,$c,$d, $decimal,$a,$b,$c,$d); } } ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
hi there It is very strange thing. I have done the following tries. trying result http://172.21.12.250success http://2887060730 failed http://2887060730/ failed telent 2887060730 80 failed ping 2887060730success http://1406379699(phishing web site mentioned by Jianqiang Xin ) success http://1406379699/(phishing web site mentioned by Jianqiang Xin ) success Could anyone give me some idea? Thanks. 2006/3/14, Michael Holstein [EMAIL PROTECTED]: Octal with eights in it?? As mentioned, it works works fine with IE6 if you remove the final / No. it was decimal. FWIW, here's a quickie way to convert between the 3 (hex,decimal,dottedquad) -- all of which work in URLs. Also .. the security zone bypass trick I mentioned earlier is accomplished by doing \\(decimalIP) in a link within HTML. IE used to treat that as trusted sites and would automatically submit credentials if requested by the remote side. Cheers, Michael Holstein CISSP GCIA Cleveland State University --snip-- #!/usr/bin/perl # Perl script to convert between numeric and dotted quad IPs. # credit to Paul Gregg for this (found on Google somewhere) while (STDIN) { chomp; $input = $_; if (/\./) { ($a, $b, $c, $d) = split(/\./); $decimal = $d + ($c * 256) + ($b * 256**2) + ($a * 256**3); } else { $decimal = $_; $d = $_ % 256; $_ -= $d; $_ /= 256; $c = $_ % 256; $_ -= $c; $_ /= 256; $b = $_ % 256; $_ -= $b; $_ /= 256; $a = $_; } if ( ($a255) || ($b255) || ($c255) || ($d255) ) { print $0: Invalid input: $input\n; } else { printf (Address: %d.%d.%d.%d is %u (Hex:%02x%02x%02x%02x)\n, $a,$b,$c,$d, $decimal,$a,$b,$c,$d); } } ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
On 3/14/06, gboyce [EMAIL PROTECTED] wrote: I tried this trick against my personal Apache 2 webserver, and got a 400 bad request as well. The apache log is showing Client sent malformed Host header. It looks like Apache is getting the decimal host header, and doesn't understand what to do with it. Oddly, the host mentioned in the initial e-mail is also Apache, but it's Apache 1.3. Is your Apache on windows server 1.x or 2.x? I'll jump in and say that mine works works this way (If you want to verify, it is http://1136002182/). I am using Apache 1.3 and have several virtual hosts set up. Since Apache returns the first virtual host if it doesn't match the names of any of the other virtual hosts. That could be the determining factor for why some work and others don't. -- Chris Umphress http://daga.dyndns.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Yes, this is only a way of expressing an IP address. Try the following C code, you would find out the answer. #include stdio.h #include sys/socket.h #include netinet/in.h #include arpa/inet.h int main() { printf(%lu\n, htonl(inet_addr(83.211.166.179))); return 0; } it prints out 1406379699. 2006/3/11, Brian Dessent [EMAIL PROTECTED]: Jianqiang Xin wrote: I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm This is a very old technique. Most people think that dotted-quad decimal is the only way to express an IP address but they can in fact be written in a variety of formats - octal, hexadecimal, and/or combined as a single 32 bit word. Read http://www.pc-help.org/obscure.htm for more. Brian ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
BTW, this kind of ip address would not always work. i try to use http://2887060730/ to access an internal web server http://172.21.12.250, but failed. It said 400 bad request. I use Windows XP IE 6, web server is Apache on Windows 2003, does anyone know why? 2006/3/11, Jianqiang Xin [EMAIL PROTECTED]: hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name:ip-166-179.sn2.eutelia.it Address: 83.211.166.179 I do not understand why 1406379699 equal to ip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] strange domain name in phishing email
hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name: ip-166-179.sn2.eutelia.it Address: 83.211.166.179 I do not understand why 1406379699 equal to ip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 google is cool http://www.alexcarlock.com/ip.asp Jianqiang Xin wrote: hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name:ip-166-179.sn2.eutelia.it http://ip-166-179.sn2.eutelia.it Address: 83.211.166.179 http://83.211.166.179 I do not understand why 1406379699 equal to ip-166-179.sn2.eutelia.it http://ip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __ NOD32 1.1438 (20060310) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEEqCWFJS99fNfR+YRAtKmAKCnpts+WgH6xXo/6FY1Ic3KjkDa+gCfaYaa HBpMyL+whXgLoHo/tg//MD0= =mlVo -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Jianqiang Xin wrote: I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htm This is a very old technique. Most people think that dotted-quad decimal is the only way to express an IP address but they can in fact be written in a variety of formats - octal, hexadecimal, and/or combined as a single 32 bit word. Read http://www.pc-help.org/obscure.htm for more. Brian ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
Could it be a 301 permanent redirect? Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 04:57 AM 3/11/2006, Jianqiang Xin wrote: hi, I received several phishing emails. One interesting thing is the link to phishing website has the link: http://1406379699/dbweb/ws/ebay/index.htmhttp://1406379699/dbweb/ws/ebay/index.htm If you click it, it goes to a fake ebay server. The DNS result shows: 1406379699 Server: Address: Name:http://ip-166-179.sn2.eutelia.itip-166-179.sn2.eutelia.it Address: http://83.211.166.17983.211.166.179 I do not understand why 1406379699 equal to http://ip-166-179.sn2.eutelia.itip-166-179.sn2.eutelia.it? Thanks for your help. yours, jqxin2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/