-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:008
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:009
http://www.mandriva.com/security/
AthCon IT Security Conference - http://www.athcon.org
Call for Papers and Workshops
http://www.athcon.org/cfp
From 3rd - 4th June AthCon, the first highly technical information
security conference in Greece will take place in Athens at the
Jockey's Country Club
Here's a mitigation for the CVE-2010-0249 IE createEventObject
srcElement zero-day. Quite simply, it just disables the
createEventObject method by mangling its name in memory. If anyone
knows an important web application that uses createEventObject,
*please* respond to the mailing list.
Use
Hello all,
Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav
On Fri, Jan 15, 2010 at 17:12, Adam Baldwin
adam_bald...@ngenuity-is.com wrote:
The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
such as Sprint and Verizon)
I've used Tim's block sets for awhile in my own FOAD rule, but I ended up
having to adjust the policy because of the toolsets I provide to the folks that
are trying to do a good day's work in those same locations.
Yes; there are plenty of good folks, computers and networks in China and other
Hi,
We've published a paper about using 1 or 4 byte write-what-where
condition to convert a custom Data-Segment Descriptor entry in LDT of
a process into a Call-Gate (with DPL set to 3 and RPL to 0).
The paper also contains information about a possible LDT redirecting
into user-land memory.
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:010
http://www.mandriva.com/security/
Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer.
* Fuzzes CSS, DOM, HTML, JavaScript and XML
* Attended and Unattended Fuzzing Modes
* 7th Generation Fuzzing Oracle
* Random Data Generator
* Mutation Fuzzing Engine
Browser Fuzzer 3 is designed as a hybrid framework/standalone
===
Ubuntu Security Notice USN-886-1 January 18, 2010
pidgin vulnerabilities
CVE-2008-2955, CVE-2009-1376, CVE-2009-2703, CVE-2009-3026,
CVE-2009-3083, CVE-2009-3085, CVE-2009-3615, CVE-2010-0013
On 1/16/10 8:13 AM, A. Ramos wrote:
Hello all,
Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav
If you have the Sprint MiFi with the latest firmware rev (AP 11.47.17
Router 018.0101) The correct path is
/config.xml.savefile
-Adam
===
Ubuntu Security Notice USN-885-1 January 18, 2010
libthai vulnerability
CVE-2009-4012
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu
Product:
AOL 9.5
Vulnerability:
ActiveX - Heap Overflow
Discussion:
Vulnerability is in Activex Control (CDDBControl.dll)
Sending a string to BindToFile() , triggering the vulnerability.
Successful exploits allow remote attackers to execute arbitrary code.
Debugger Results:
(fd0.1274):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:011
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:012
http://www.mandriva.com/security/
Last month we announced a technology event called Campus Party EU
(http://www.campus-party.eu/home-en.html), which will take place
between 14 and 18 April 2010 in Madrid (Spain). We distributed a Call
For Participants, in which the chosen participants would attend
different talks given by great
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:013
http://www.mandriva.com/security/
I could only imagine. The other problem is that many people seem to think
I'm saying something against
the Chinese *people* themselves, based on the f* you round-eye* messages
I've received (and they call
ME racist). They don't seem to get the clear distinction (to me) between the
Previous advisory was sent out with the wrong USN number.
Here is the corrected version.
===
Ubuntu Security Notice USN-887-1 January 18, 2010
libthai vulnerability
CVE-2009-4012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:014
http://www.mandriva.com/security/
###
# 0day vulnerability Sogou input method to obtain system privileges
###
Vulnerability:
Do not intend to found a very serious vulnerability, and the year 3389
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF
Application: Zenoss 2.3.3
Vendor: Zenoss
Vendor website: http://www.zenoss.com
Author: Adam Baldwin (adam_bald...@ngenuity-is.com)
I. BACKGROUND
Zenoss is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-1972-1 secur...@debian.org
http://www.debian.org/security/ Stefan Fritsch
January 17, 2010
###
# QvodPlayer ColorFilter Codec ActiveX Remote Exec
# Download : http://www.qvod.com
###
# Vulnerability:
# object id=TestObj
Hello All,
SMobile’s Global Threat Center (GTC) has released a research study on proof of
concept malicious applications for BlackBerry platform. This research exposes
the weakened security posture of BlackBerry device that operate under the
BlackBerry Internet Service environment. The proof
On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
[...] The other problem is that many people seem to think I'm saying
something against the Chinese *people* themselves
Unfortunately, such a security measure can be read that way, too.
The solution of blocking China, however, is one which
AP Report says it was a 'routing problem'? any idea what they are
talking about, do THEY know what they are talking about?
Did ATT mix up the destination ip addresses? did facebook NOT CHECK IP
ADDRESS AND COOKIES and disable the session when the ip changed?
27 matches
Mail list logo