While the list of IP address ranges is interesting, there's no evidence
provided that Microsoft OSes allow 'backdooring,' are the researchers
planning on providing any?
-Original Message-
From: Juha-Matti Laurio [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 01, 2007 2:16 PM
To: bugtr
> Let's not over-hype this-- while "Apple's day" has been coming, saying
that users will be "hit hard" on something the user has to
> manually download, manually execute, and explicitly grant
administrative privileges to is *way* over the top.
The future of malware is going to be largely through
I don't understand why this is being brushed off as not a big deal by so
many.
No, it's not a worm, it's not a virus, it's not self-replicating. It's
actually a pretty simple little trojan.
But this is a bit groundbreaking -- this is the first time we've seen
the professional, profit-motivate
> For whoever didn't hear, there is a Macintosh trojan in-the-wild being
> dropped, infecting mac users.
> Yes, it is being done by a regular online gang--itw--it is not yet
> another
> proof of concept. The same gang infects Windows machines as well, just
> that now they also target macs.
>
> htt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:204
http://www.mandriva.com/security/
___
Let's see now, user must:
1) Navigate to porn site
2) Download Trojan
3) Either open file or have set 'Open Safe Files...'
4) Must allow install by typing admin password
Oh yeah, this will clearly hit Mac users hard, not. I don't see this as a big
deal, more as Darwin in action (if you will not
> It _is_ a 16 bit ID space, and that is not fixable inside the strict
> DNS protocol, but that still leaves us room to do the best job with
> what we have, rather than do nothing at all. Some people appear to be
> on the edge of arguing that we do nothing.
I have to agree with Theo on this.
> Given the extremely small amount of space for randomization (16-bit
> query ID's) does a cryptographically strong PRNG really make
> difference?
For a couple of decades the original algorithm was simply id++. Yes,
it makes a difference to use a slightly more sophisticated and
essentially "resou
Given the extremely small amount of space for randomization (16-bit query ID's)
does a cryptographically strong PRNG really make difference? Aside from
stopping an easy prediction, doesn't it just generate a little extra work for a
determined malicious individual?
Seems to be a moot point to m
Had "Skein" posted to this group (bugtraq) asking for contact
information he would have received a response. His posting here is
inaccurate and speculative.
DESCRIPTION:
The 3rd party module formlib.pl contained an error in handling/printing
of unsanitized Input data, which could lead to a malic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:203
http://www.mandriva.com/security/
___
PR07-29: Two XSS on Blue Coat ProxySG Management Console
Vulnerability found: 23 July 2007
Vendor informed: 20 August 2007
Vulnerability fixed: 29 October 2007
Advisory publicly released: 1 November 2007
Severity: Medium
Description:
Blue Coat SG400 is vulnerable to a couple of XSS h
A widely known Web site Cryptome has released information about backdooring
Microsoft Windows machines today.
According to the post National Security Agency has access both stand-alone
systems and networks running Microsoft products.
The post states the following:
"This includes wireless wiret
Raymond Pete wrote:
> Had "Skein" posted to this group (bugtraq) asking for contact
> information he would have received a response. His posting here is
> inaccurate and speculative.
speculative? why?
>
> DESCRIPTION:
>
> The 3rd party module formlib.pl contained an error in handling/printing
On 10/31/07, Shane Kerr <[EMAIL PROTECTED]> wrote:
>
> There seem to be two ideas you are presenting here, both intended to imply
> that
> the developers at ISC are technically incompetent:
>
> 1. Using a pseudo-random number generator should be called "crypto".
>
No, but a pseudo random number g
SEC Consult Security Advisory < 20071101-0 >
=
title: Multiple vulnerabilities in SonicWALL SSL-VPN
Client
* Deletion of arbitrary files on the
Hi there, I'd like to announce as delivery for Owasp Spring of Code
2007 project, the 0.50 release of Orizon.
Orizon is a source code review engine, built with the aim to give
developers something usable to build code review tools.
Orizon is independent from the language used to write the sources
For whoever didn't hear, there is a Macintosh trojan in-the-wild being
dropped, infecting mac users.
Yes, it is being done by a regular online gang--itw--it is not yet another
proof of concept. The same gang infects Windows machines as well, just
that now they also target macs.
http://sunbeltb
ZDI-07-064: Novell Client Trust Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-064.html
October 25, 2007
-- CVE ID:
CVE-2007-5767
-- Affected Vendor:
Novell
-- Affected Products:
BorderManager 3.8
-- Vulnerability Details:
This vulnerability allows remote attacke
ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-063.html
October 25, 2007
-- CVE ID:
CVE-2007-2264
-- Affected Vendor:
RealNetworks RealPlayer version 10.5
-- Affected Products:
RealPlayer 6.x
-- TippingPoint(T
ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-062.html
October 25, 2007
-- CVE ID:
CVE-2007-4599
-- Affected Vendor:
RealNetworks
-- Affected Products:
RealNetworks RealPlayer version 10.5
-- TippingPoint(TM) IP
ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
October 25, 2007
-- CVE ID:
CVE-2007-2263
-- Affected Vendor:
RealNetworks
-- Affected Products:
RealNetworks RealPlayer version 10.5
-- TippingPo
window.onload = function() {
var url = "http://[URL]/blocks_edit_do.php";;
var bid = [block id];
var topic = [name block];
var content = [cookie stealer];
var param = {
id: bid,
block_topic: topic,
ZDI-07-060: HP OpenView Radia Integration Server File System Exposure
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-060.html
October 23, 2007
-- CVE ID:
CVE-2007-5413
-- Affected Vendor:
Hewlett-Packard
-- Affected Products:
HP OpenView Radia Integration Server
-- TippingPoi
ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-07-059.html
October 23, 2007
-- CVE ID:
-- Affected Vendor:
Verity
-- Affected Products:
KeyView SDK
-- Vulnerability Details:
Several vulnerabilities exist in the popul
Dear Shane,
I have no deep insight into the development of bind8/9, nor do I follow
their security track record close enough to judge any of your points
regarding its security.
I beg to differ on a point of terminology though.
On Wed, Oct 31, 2007 at 02:44:35PM +0100, Shane Kerr wrote:
>
> My o
Call for papers: Second International Workshop on Secure Software Engineering
In conjunction with ARES 2008
Barcelona, Catalonia, March 4th-7th 2008
Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented
---
__ __ __
/_ | |__\_ \ _/ |_ /_ |/ |_
| |/\| | _(__ <_/ ___\ __\ __ | \ __\
| | | \ | |/ \ \___| |
ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-058.html
October 16, 2007
-- CVE ID:
CVE-2007-5766
-- Affected Vendor:
Oracle
-- Affected Products:
E-Business Suite 11
E-Business Suite 12
-- TippingPoint(TM) IPS Customer Protect
29 matches
Mail list logo