No
> double-clicking and you couldn't launch an executable this way. Better?
>
> Cheers,
> Mitja
>
> On Jul 8, 2011, at 9:10 PM, Dan Kaminsky wrote:
>
>> And here's where your exploit stops being one:
>>
>> ===
>> Suppose the current version of
ll be happy to explain it to you further if need be.
>
> Thanks,
> Mitja
>
>
>> -Original Message-
>> From: Thor (Hammer of God) [mailto:t...@hammerofgod.com]
>> Sent: Thursday, June 02, 2011 6:00 PM
>> To: secur...@acrossecurity.com; 'Dan Kaminsk
Does this run code without prompting, on a reasonably default configuration?
On Thu, Jun 2, 2011 at 7:52 AM, ACROS Security Lists wrote:
>
> We published a remote/local proof of concept for the COM Server-Based Binary
> Planting
> exploit presented at the Hack in the Box conference in Amsterdam.
Sent from my iPhone
On Oct 20, 2010, at 8:58 AM, Michal Zalewski wrote:
>> Security-Assessment.com follows responsible disclosure
>> and promptly contacted Oracle after discovering
>> the issue. Oracle was contacted on August 1,
>> 2010.
>
> My understanding is that Stefano Di Paola of Minded
cific case,
prevent the creation of symlinks where the target is out of the SMB
share's range. (Still allow navigation to such symlinks if one exists,
though.)
On Feb 6, 2010, at 8:21 AM, "Stefan Kanthak"
wrote:
Dan Kaminsky wrote:
[...]
(On a side note, you're not
On Feb 6, 2010, at 5:26 PM, "Stefan Kanthak"
wrote:
Dan Kaminsky wrote on February 06, 2010 6:43 PM:
You need admin rights to create junctions.
OUCH!
No, creating junctions (as well as the Vista introduced symlinks)
DOESN'T need admin rights!
[snip]
Really?
Eric Rescorla wrote:
At Fri, 8 Aug 2008 17:31:15 +0100,
Dave Korn wrote:
Eric Rescorla wrote on 08 August 2008 16:06:
At Fri, 8 Aug 2008 11:50:59 +0100,
Ben Laurie wrote:
However, since the CRLs will almost certainly not be checked, this
means the site will still be vulnerabl
thout modulating a single byte of TCP/Layer
4, and thus delivers fully valid (if occasionally redundant) segments at
Layer 4 -- segments generated by another process entirely.
===
Enjoy!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
rves immediate servicing. They expected
the cryptography to fail; it was an implicit assumption that an explicit
security-critical demand would be serviced automatically. The assumption
was incorrect, and now a reasonably major hole exists.
Yours Truly,
Dan Kaminsky, CISSP
http://www.doxpara.com
uot;true name" filter along the lines of *@*.TLD? I think that's
pretty much what the user is interpreting as a differentiator between real
names and email addresses.
Yours Truly,
Dan Kaminsky, CISSP
Cisco Systems, Inc.
http://www.doxpara.com
the bug attacks user
perceptions rather than simply broken code.)
Due to the severity of this issue(yes, someone might eventually hysterically
report "NEW ATTACK LETS ME READ YOUR EMAIL BEFORE YOU EVEN GET IT"), I do
think it'd be appropriate for an update in a reasonable timeframe,
he "user consent" model I talked about earlier), it's
definitely a good idea from a network monitoring standpoint.
Has anybody written a well-done guide to what exactly defines something
as Spyware? It's difficult for an auditing firm to audit that which is
undefined.
Yours Truly,
Dan Kaminsky, CISSP
http://www.doxpara.com
informed consent includes a
discussion of the following elements:
* the nature of the decision/procedure
* reasonable alternatives to the proposed intervention
* the relevant risks, benefits, and uncertainties related to each
alternative
* assessment of patient understanding
* the acceptance of the interv
is actually only two thirds its apparent
strength, which numerically makes it less trustworthy than (say) 128 bit
RC4. In the great pantheon of marketing hacks, calling 3DES 128 bit
absolutely *pales* in comparison.
Yours Truly,
Dan Kaminsky, CISSP
Cisco Systems, Inc.
http://www.doxpara.com
y curious how EFS does key selection--on a per file
basis? Per block? Is there salting? File system crypto is moderately
difficult, due to issues like crash resistance, appending data to arbitrary
points within a file, etc. This buglet happened due to an allowance made
for crash resistance--it'd be interesting to see whether anything else was
exposed due to specific allowances made for this functional domain.
Yours Truly,
Dan Kaminsky
Cisco Systems, Inc.
http://www.doxpara.com
it's an issue and they're likely to address it.
Simply recommending a given pattern of behavior is irrelevant. Nobody
should be faulted, not even slightly, for passing over the recommendations
given that they were given without reasons that Rickard made clear.
Yours Truly,
Dan Kaminsky
Cisco Systems, Inc.
http://www.doxpara.com
lysis is correct--something
that should be independently verified--EFS offers attackers a rich array of
simple attacks that do not require discovery of the key material. You can
draw your own conclusions from that.
Yours Truly,
Dan Kaminsky
Cisco Systems, Inc.
http://www.doxpara.com
stupidity
but just plain old lack of knowledge. We can, and should, do something to
fix that.
Yours Truly,
Dan Kaminsky
t you're not vulnerable to a security hole, make sure you
emphasize why *you particularly* are not vulnerable and not that the hole
doesn't exist. That may mean saying "We patched it" or "We run a newer
version of Redhat" or whatever, but don't ever appear like you're denying
the existence of the bug itself, unless you can do so with the same
technical rigor that the bug was announced with in the first place.
Also don't ever, *ever* assume email to a customer will remain private.
Never trust the client ;-)
I speak for myself.
Yours Truly,
Dan Kaminsky
so makes life easier for those
of us behind firewalls.
I speak for myself, not my company.
Yours Truly,
Dan Kaminsky
Cisco Systems, Network Supported Accounts
http://www.doxpara.com
20 matches
Mail list logo