RE: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
Hi Rohit, Do you know if series 60 OS is the only affected OS ? Allan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, January 24, 2005 6:01 AM To: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com Subject: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Hi, I forwarded this bug to Nokia security group, they believe it is a feature and not a bug. Whats your opinion? 1. By default, executable files cannot be transferred (many mobile game companies probably earn their bread because games are not transferrable from one phone to the next). But if you rename the file (install file) to any extension such as jpg or an unknown extension, it can be transferred! So if i need to transfer a virus, all i need to do is rename the file to some jpg extension and and transfer it! 2. When series 60 OS receives such a file, it executes it immediately. For example, in case a MMS message comes with a picture or an installer attachment, Nokia would immediately start running the attachment. This is a major design flaw. Imagine a virus, renamed as a .jpg (mobile wall paper) is downloaded by users on p2p networks or from a website or can come from a friend. Virus installs itself and than shows a jpg file, so user does not suspect anything, while he is now infected. This is than sent to everyone in the address book, who again just see the wall paper after a prompt, while the virus has installed itself. The first problem can be used to exchange mobile games and ring tones for free. When you try to transfer the same without renaming, the OS does not allow transferring them. Thanks Rohit Dube New Delhi. Nokia response to both the problems follows: Hi Rohit, Sorry for the delay answering back to you. About your findings, the first one with sending files after changing the extension is a known limitation of the current implementation. We also implement OMA DRM 2 which will work as expected in such situations. The second one is also know feature, the file type is not determinated from the extension but from the content of the file. So a sis package renamed to an jpeg file still looks from the inside as a sis package and so the user is prompted for installation. Thank you again for your report. tatu -Original Message- From: ext [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 18, 2005 04:17 To: Mannisto Tatu (Nokia-TP-PST/Tampere); Ahlberg Janne (Nokia-M/Tampere) Subject: RE: series 60 os auto executes files Hi Tatu, Janne, Any information on this vulnerability? Can you please confirm your findings and send me an update on when should I/we disclose it? Thanks Rohit ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html === De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen in deze email of attachments te voorkomen, dient u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor computervirussen die veroorzaakt zijn door deze email. The information contained in this message may be confidential and is intended to be only for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Although Orange has taken steps to ensure that this email and attachments are free from any virus, you do need to verify the possibility of their existence as Orange can take no responsibility for any computer virus which might be transferred by way of this email. === ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Finnish perlament !?!?!
Title: Message Ok Ok, we got the message ... Mr Jansson has sent the information about your insecure environment to a lot of places ... Personally I only received HIS email 1 time and YOURS about 5 times (I havn't checked my other lists yet). So stop sending your threat email immediatelly or I will sue you for spamming. Allan===De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen in deze email of attachments te voorkomen, dient u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor computervirussen die veroorzaakt zijn door deze email.The information contained in this message may be confidential and is intended to be only for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Although Orange has taken steps to ensure that this email and attachments are free from any virus, you do need to verify the possibility of their existence as Orange can take no responsibility for any computer virus which might be transferred by way of this email.=== ---BeginMessage--- Title: [Full-Disclosure] ICT Security in the Finnish Parliament Mr. Jansson has expressed his false claims about the ICT security issues of the Finnish Parliament. Mr. Jansson has expressed his lies now so many times, for instance http://lists.netsys. com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a charge against him in court. We like to underline again that Mr. Jansson's claims are false and incomprehensibly stupid. Head of ICT Office Olli Mustajärvi The Finnish Parliament Head of IT Office FIN- 00102 Helsinki Finland Email:[EMAIL PROTECTED] WWW: www.eduskunta.fi ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ---End Message--- ---BeginMessage--- Title: [Full-Disclosure] Insecurity in Finnish parlament (computers) Mr. Jansson has expressed his false claims about the ICT security issues of the Finnish Parliament. Mr. Jansson has expressed his lies now so many times, for instance http://lists.netsys. com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a charge against him in court. We like to underline again that Mr. Jansson's claims are false and incomprehensibly stupid. Head of ICT Office Olli Mustajärvi The Finnish Parliament Head of IT Office FIN- 00102 Helsinki Finland Email:[EMAIL PROTECTED] WWW: www.eduskunta.fi ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ---End Message--- ---BeginMessage--- Title: [Full-Disclosure] Insecurity in Finnish parlament (computers) Mr. Jansson has expressed his false claims about the ICT security issues of the Finnish Parliament. Mr. Jansson has expressed his lies now so many times, for instance http://lists.netsys. com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a charge against him in court. We like to underline again that Mr. Jansson's claims are false and incomprehensibly stupid. Head of ICT Office Olli Mustajärvi The Finnish Parliament Head of IT Office FIN- 00102 Helsinki Finland Email:[EMAIL PROTECTED] WWW: www.eduskunta.fi ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ---End Message--- ---BeginMessage--- Title: [Full-Disclosure] Insecurity in Finnish parlament (computers) Mr. Jansson has expressed his false claims about the ICT security issues of the Finnish Parliament. Mr. Jansson has expressed his lies now so many times, for instance http://lists.netsys. com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a charge against him in court. We like to underline again that Mr. Jansson's claims are false and incomprehensibly stupid. Head of ICT Office Olli Mustajärvi The Finnish Parliament Head of IT Office FIN- 00102 Helsinki Finland Email:[EMAIL PROTECTED] WWW: www.eduskunta.fi ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ---End Message--- ---BeginMessage--- Title: [Full-Disclosure] Insecurity in Finnish parlament (computers) Mr. Jansson has expressed his false claims about the ICT security issues of the Finnish Parliament. Mr. Jansson has expressed his lies now so many times, for instance http://lists.netsys.
RE: [Full-Disclosure] Google homepage Italiano logo
FYI : I have had spyware that changed google search results to include 'webcrawler.com' results in the first 5 links or so. So I would search for somethng, but the spyware would insert a piece of html at the top of the page, it would look like google results but they would ALL (all 5 of them) link to webcrawler (or something similar to that name, it's been a while so I'm not 100% sure). Allan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Rutledge Sent: Tuesday, November 23, 2004 5:43 PM To: pingywon MCSE Cc: [EMAIL PROTECTED] Netsys. Com Subject: Re: [Full-Disclosure] Google homepage Italiano logo Thanks to you all for the response. The problem seemed to resolve itself. For some reason, I was seeing the Italiano Google logo for the past week. As to why this question was salient to FD, I was curious to find if this was a possible attack against Google or just something on my side. I had figured if something malicious was being done to Google, this would be the place to verify that. Thanks, -Michael PS - if pingywon is the first to open the flame gates, then let the flames roll. I'll expect to see about 75 posts discussing the validity of posting my question here. :) On Tue, 23 Nov 2004 11:27:32 -0500, pingywon MCSE [EMAIL PROTECTED] wrote: And people wanna bust my balls for replying to a certification post on here ~pingywon MCSE http://www.pingywon.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Rutledge Sent: Tuesday, November 23, 2004 10:00 To: [EMAIL PROTECTED] Netsys. Com Subject: [Full-Disclosure] Google homepage Italiano logo Does anyone see Google's Italiano logo when you visit Google's homepage? Has anyone heard of someone getting into Google's images and switching them around? NOTE: If no one else sees the Italiano image then my image cache could be fubar. If this is the case, please disregard this email! Thanks, -Michael ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html === De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen in deze email of attachments te voorkomen, dient u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor computervirussen die veroorzaakt zijn door deze email. The information contained in this message may be confidential and is intended to be only for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Although Orange has taken steps to ensure that this email and attachments are free from any virus, you do need to verify the possibility of their existence as Orange can take no responsibility for any computer virus which might be transferred by way of this email. === ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] previledge password in cisco routers
And may I add that your other posts look more or less the same I'm putting my money on you being a skiddie :) l8r -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Rutledge Sent: Wednesday, November 24, 2004 2:42 PM To: [EMAIL PROTECTED] Cc: john morris Subject: Re: [Full-Disclosure] previledge password in cisco routers The amount of help you receive on this mailing list is going to depend greatly on one question: Do you own the box? (or the router as it is in your case). As it stands, and I mean this in the best way possible, you look like a script kiddie looking to get some leetness by doing something easy. The suggestions you get on FD are not going to be as helpful to you if you are trying to hack someone else's hardware. That said, I happily look forward to the flames you are about to get for asking how to hack someone's router. This will be an entertaining Wednesday after all. :) -Michael On Wed, 24 Nov 2004 04:28:18 -0800 (PST), Paulo Pereira [EMAIL PROTECTED] wrote: John, if you have an old config you may decode it with some available tools in the web. A google search for cisco password recovery may help you. If you use TACACS change it there... or force the TACACS to disappear to use the local one... it really depends on the configs you have in the box. Regards, Paulo Pereira quote who=john morris Ooops.. i reframe my question. Is there a way to get the enable password remotely . Brute force is not my option (FROM LINKS TO LINKS WE ARE ALL LINKED) cheers. morris ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html === De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen in deze email of attachments te voorkomen, dient u ook zelf na te gaan of virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor computervirussen die veroorzaakt zijn door deze email. The information contained in this message may be confidential and is intended to be only for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Although Orange has taken steps to ensure that this email and attachments are free from any virus, you do need to verify the possibility of their existence as Orange can take no responsibility for any computer virus which might be transferred by way of this email. === ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html