(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( _ ) Y Y \
/__ /\___|__ / \___ /|__|_| /
\/\/.-. \/\/:wq
You should not enable unsafe activex, in order to get Windows Update
to work, however.
http://*.windowsupdate.com , http://download.microsoft.com,
http://windowsupdate.microsoft.com , https://download.microsoft.com, and
http://*.windowsupdate.com should all be enabled in trusted sites zone.
This
software and HL cheaters, btw.]
Drew
Research Engineer
eEye Digital Security
-Original Message-
From: Oliver Lavery [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 3:23 PM
To: 'Drew Copley'; [EMAIL PROTECTED]
Subject: RE: Bypassing Personal Firewalls
(Sidenote: a number of previous apps used to test PFWs or Application
Firewalls --
http
-Original Message-
From: Rothe, Greg (G.A.) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 27, 2002 10:00 AM
To: 'Paul Starzetz'; Andrey Kolishak; [EMAIL PROTECTED]
Subject: RE: White paper: Exploiting the Win32 API.
All of this brings up a couple of questions for me:
1.
.
-Original Message-
From: Drew [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 06, 2002 7:31 PM
To: 'Mark Litchfield'; 'Jelmer'; '[EMAIL PROTECTED]'
Subject: RE: Winhelp32 Remote Buffer Overrun
Running this on my local file fuzzer, Litchfield's begins to
hit exceptions at
200 increments
Running this on my local file fuzzer, Litchfield's begins to hit
exceptions at
200 increments. (At a blank value it gives a memory error).
At 216 increments (and at least for awhile, above) it overwrites EIP
with
41414141. (Windows 2000 Service Pack 2).
Testing Jelmer's as it was written
lives on. How do you feel about that?
--
^Drew
http://guh.nu
--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518 5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--
Problem:
Users of Redhat 7 may have their umask set insecurely while acting as root.
Severity:
Medium/Low
Description:
The Redhat useradd script creates a group for the new user with the same
name as the username by default. When the user logs in, any shell that uses
/etc/profile will
for the announcements.
9. My Company installs the fixed version that was "available" before we got
hacked.
10. In the tradition of the good old USA we start a class action law suit
and sue the pants off of the BMF, Members, and the ISC.
Drew.
One - just ONE - of the features suggested - only
together from
freeware
assembly scripts and etc.
Fix: Don't accept communication with people you don't
know.
Test your software yourself for bugs, especially under
Windows
where incidents are not likely to quickly end up in
CERT or
similiar places.
D
11 matches
Mail list logo