Re: [Full-Disclosure] Administrivia: Fool Disclosure
Frank Knobbe wrote: Which leads to the question, which is a safe graphics file format? BMP perhaps? No: http://lists.netsys.com/pipermail/full-disclosure/2004-September/026187.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
all your graphic files are belong to us. -KF [EMAIL PROTECTED] wrote: Frank Knobbe wrote: Which leads to the question, which is a safe graphics file format? BMP perhaps? No: http://lists.netsys.com/pipermail/full-disclosure/2004-September/026187.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
On Mon, 15 Nov 2004 13:46:37 CST, Frank Knobbe said: Which leads to the question, which is a safe graphics file format? BMP perhaps? Nope - the incredible compression of .BMP files allows its use to DoS the mail server. :) pgpbsc2Iv5LYR.pgp Description: PGP signature
Re: [Full-Disclosure] Administrivia: Fool Disclosure
On 14 Nov 2004, at 09:19, Michael Rutledge wrote: On Fri, 12 Nov 2004 17:50:14 -0500 (EST), Len Rose [EMAIL PROTECTED] wrote: I've been wanting to share this with people for a long time, as things wind down for me, I've (finally) decided to release this. http://www.netsys.com/images/fool-disclosure-logo.jpg Anyone check this image for GDI+ exploit? lol Heh! Good point. It's clean. Here's a PNG version, if you're still feeling paranoid. http://tinypic.com/lzj1j PGP.sig Description: This is a digitally signed message part
RE: [Full-Disclosure] Administrivia: Fool Disclosure
it's clean :-) -Original Message- From: Michael Rutledge [mailto:[EMAIL PROTECTED] Sent: Sunday, November 14, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Administrivia: Fool Disclosure Anyone check this image for GDI+ exploit? lol -Michael On Fri, 12 Nov 2004 17:50:14 -0500 (EST), Len Rose [EMAIL PROTECTED] wrote: I've been wanting to share this with people for a long time, as things wind down for me, I've (finally) decided to release this. http://www.netsys.com/images/fool-disclosure-logo.jpg ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Why should we feel any better... What about the libpng exploit... :) /gerry Andrew Farmer wrote: | On 14 Nov 2004, at 09:19, Michael Rutledge wrote: | | On Fri, 12 Nov 2004 17:50:14 -0500 (EST), Len Rose [EMAIL PROTECTED] | wrote: | | I've been wanting to share this with people for a long time, | as things wind down for me, I've (finally) decided to release this. | | http://www.netsys.com/images/fool-disclosure-logo.jpg | | | Anyone check this image for GDI+ exploit? lol | | | Heh! Good point. | | It's clean. Here's a PNG version, if you're still feeling paranoid. | | http://tinypic.com/lzj1j | - -- +--+ | Gerry Eisenhaur | || | Cisco Security Agent ||| ||| | | Boxborough, Massachusetts.|. .|. | | PGP Key: 0xC13E8AFC .:|:.:|:. | | 978-936-0465 C i s c o S y s t e m s | +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBmPeFRY7FIcE+ivwRAnXHAJsE3YC0nmR+L/vGq03p1pX0afXgaACg5dCz jnFMTW2ILvSFY9SGl2HyKc0= =UEtt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
can you convert it to plaintext for us please? I think that would work nicely no plain text vulns that I can think of... - Original Message - From: Gerry Eisenhaur [EMAIL PROTECTED] To: Andrew Farmer [EMAIL PROTECTED] Cc: Michael Rutledge [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, November 15, 2004 1:37 PM Subject: Re: [Full-Disclosure] Administrivia: Fool Disclosure -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Why should we feel any better... What about the libpng exploit... :) /gerry Andrew Farmer wrote: | On 14 Nov 2004, at 09:19, Michael Rutledge wrote: | | On Fri, 12 Nov 2004 17:50:14 -0500 (EST), Len Rose [EMAIL PROTECTED] | wrote: | | I've been wanting to share this with people for a long time, | as things wind down for me, I've (finally) decided to release this. | | http://www.netsys.com/images/fool-disclosure-logo.jpg | | | Anyone check this image for GDI+ exploit? lol | | | Heh! Good point. | | It's clean. Here's a PNG version, if you're still feeling paranoid. | | http://tinypic.com/lzj1j | - -- +--+ | Gerry Eisenhaur | || | Cisco Security Agent ||| ||| | | Boxborough, Massachusetts.|. .|. | | PGP Key: 0xC13E8AFC .:|:.:|:. | | 978-936-0465 C i s c o S y s t e m s | +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBmPeFRY7FIcE+ivwRAnXHAJsE3YC0nmR+L/vGq03p1pX0afXgaACg5dCz jnFMTW2ILvSFY9SGl2HyKc0= =UEtt -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
On Mon, 2004-11-15 at 11:46, Andrew Farmer wrote: It's clean. Here's a PNG version, if you're still feeling paranoid. Is *that* clean of the last PNG overflow exploit? (Aug 10, 2004) Which leads to the question, which is a safe graphics file format? BMP perhaps? Cheers, Frank signature.asc Description: This is a digitally signed message part
RE: [Full-Disclosure] Administrivia: Fool Disclosure
I'm going to take a moment here to feel sorry for Windows users who even have to be worried about looking at an image. Ron Bowes -Original Message- From: Andrew Farmer [mailto:[EMAIL PROTECTED] Sent: Monday, November 15, 2004 11:46 AM To: Michael Rutledge Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Administrivia: Fool Disclosure On 14 Nov 2004, at 09:19, Michael Rutledge wrote: On Fri, 12 Nov 2004 17:50:14 -0500 (EST), Len Rose [EMAIL PROTECTED] wrote: I've been wanting to share this with people for a long time, as things wind down for me, I've (finally) decided to release this. http://www.netsys.com/images/fool-disclosure-logo.jpg Anyone check this image for GDI+ exploit? lol Heh! Good point. It's clean. Here's a PNG version, if you're still feeling paranoid. http://tinypic.com/lzj1j ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Administrivia: Fool Disclosure
Anyone check this image for GDI+ exploit? lol -Michael On Fri, 12 Nov 2004 17:50:14 -0500 (EST), Len Rose [EMAIL PROTECTED] wrote: I've been wanting to share this with people for a long time, as things wind down for me, I've (finally) decided to release this. http://www.netsys.com/images/fool-disclosure-logo.jpg ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Administrivia: Fool Disclosure
I've been wanting to share this with people for a long time, as things wind down for me, I've (finally) decided to release this. http://www.netsys.com/images/fool-disclosure-logo.jpg ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
