Remove all admin-root authorization prompts from OSX

http://www.petitiononline.com/31337OSX/petition.html -KF

Re: [Full-disclosure] iDefense Q-1 2007 Challenge

No offense to iDefense as I have used their services in the past... but MY Q1 2007 Challenge to YOU is to start offering your researchers more money in general! I've sold remotely exploitable bugs in random 3rd party products for more $$ than you are offering for these Vista items (see the

DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS

I've been subject to a few DoS attacks as of late so these did not quite make it out. Enjoy the typos as usual. =P -KF DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS' Author: Kevin Finisterre Vendor(s): http://www.apple.com Product: '= OSX 10.4 (?)' References:

DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability'

DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' Author: Kevin Finisterre Vendor(s): http://www.apple.com Product: 'iLife 06 (?)' References: http://www.digitalmunition.com/DMA[2007-0104a].txt http://www.apple.com/ilife/iphoto/features/photocasting.html

Welcome to Pwndertino...

Just in case you are drunk / hungover / out of town or whatever... this is a friendly reminder that MOAB has begun. http://projects.info-pull.com/moab/index.html -KF

Kerio WebSTAR local privilege escalation

DMA[2006-1115a] - 'Kerio WebSTAR local privilege escalation' Author: Kevin Finisterre Vendor(s): http://www.kerio.com/webstar_home.html Product: 'Kerio WebSTAR = 5.4.2 (?)' References: http://www.digitalmunition.com/DMA[2006-1115a].txt Description: Kerio WebSTAR is an easy-to-use web server

[Fwd: DMA[2006-1031a] - 'Intego VirusBarrier X4 definition bypass exploit']

I think the list spam trap ate this message a few weeks ago. ---BeginMessage--- This was supposed to go out on Halloween but it didn't... but either way all you Mac users can get scared or something. OOGA BOOGA! pwntego.tar.gz Description: GNU Zip compressed data DMA[2006-1031a] - 'Intego

[Fwd: OpenBase SQL multiple vulnerabilities Part Deux]

I think the list spam trap ate this message a few weeks ago. ---BeginMessage--- #!/usr/bin/perl # # http://www.digitalmunition.com # written by kf (kf_lists[at]digitalmunition[dot]com) # # = ftp://www.openbase.com/pub/OpenBase_10.0 (vulnerable) ? # # This is some fairly blatant and retarded

hack.lu Bluetooth demo

As requested by several of the folks that went to hack.lu - 2006 I have posted the code for the 'GenerationTwo' InqTana variant at http://www.digitalmunition.com/hacklu.html For those that missed it Thierry Zoller of nruns demonstrated a remote exploitation of CVE-2005-1333 as a means to

DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow'

DMA[2006-0801a] - 'Apple OSX fetchmail buffer overflow' Author: Kevin Finisterre Vendor: http://www.apple.com/ Product: 'Mac OSX =10.4.7' References: http://www.digitalmunition.com/DMA[2006-0801a].txt http://www.digitalmunition.com/getpwnedmail-x86.pl

DMA[2006-0628a] - 'Apple OSX launchd unformatted syslog() vulnerability'

You couldn't be more wrong if you called it a Canadian Goose! -KF #!/usr/bin/perl # http://www.digitalmunition.com/FailureToLaunch.pl # Code by Kevin Finisterre kf_lists[at]digitalmunition[dot]com # # This is a practical application of Non Executable Stack Lovin -