lnerability, and that user-installed extensions are not
subject to company software update procedures.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
ll haven't learned your lesson from being banned from
the postfix-users mailing list.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
On 2011-02-08 sam.vaug...@gmail.com wrote:
> Does this issue still exist ?
Depends on the configuration. Unless configured to require network level
authentication, RDP is still prone to MitM attacks AFAIK.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period
network. In which case your point about
the domain admin being "bigger" from the domain perspective is true, but
is also completely moot, as a local admin could only impersonate another
account with local admin privileges. Which he can do anyway.
Regards
Ansgar Wiechers
--
"All
ers file be configured
> to allow the attacker to run sudoedit.
Perhaps I'm missing something, but how is this a security flaw? A user
who is allowed to run "sudoedit" can edit /etc/sudoers, and thus allow
himself to run any command anyway.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
is security service as disabled. When "exploiting" this
> "vector" (administrative privileges are assumed
Anything starting with "a user with administrative privileges can ..."
is neither a vulnerability nor a design flaw. Administrators can by
design do anyth
n't see any reason at all to switch to UAC.
You cannot protect a system from its administrator without demoting him
from being administrator. Period. And if you are going to demote him:
who is going to fix your system when things go wrong?
Regards
Ansgar Wiechers
--
"If a software dev
e there isn't any
kind of vulnerability or security flaw.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
On 2009-10-24 Derek Martin wrote:
> 1. It circumvents the fact that to write to a file, you MUST be able
> to write to its directory, so that the file attributes can be updated.
Wrong, because the file's attributes aren't stored in the directory, but
in the respective inode.
nabled by default on any XP.
[1]
http://www.stefan-kuhr.de/cms/index.php?option=com_content&view=article&id=62&Itemid=73
Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html
. And autorun on all
drives.
Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html
SRG> Bug: XSS/Response Splitting
>
> DSRG> Solution: Use Firewall
>
> Just wonder: how can firewall to protect against XSS/response splitting?
You don't give the bad guys access to your UPS's web interface?
Regards
Ansgar Wiechers
--
"The M
net
[EMAIL PROTECTED]:~ $ host mail.planetcobalt.net
mail.planetcobalt.net A 217.10.9.49
[EMAIL PROTECTED]:~ $ _
You can have multiple names resolving to the same IP address, but just
one PTR record mapping that address back to a name.
Regards
Ansgar Wiechers
--
"All vulnerabilities de
13 matches
Mail list logo
