On Mon, 08 Aug 2005 23:01:37 PDT, Robert Kim Wireless Internet Advisor said:
> hi guys. need some UI and Functionality opinions here...
**RING** **RING** It's the clue-phone ringing...This is a security list,
not a UI/Functionality list...
> ... we're starting a new bulletin board for folks who
Let me just define "responsible disclosure" first of all, so as to
dissociate myself from the lunatic lawyers of certain corporations
(Cisco, HP, ISS, et al) who define "responsible disclosure" as
"non-disclosure". The generally accepted definition of responsible
disclosure is simply allowing
hi guys. need some UI and Functionality opinions here...
... we're starting a new bulletin board for folks who want to pool up and get group airfare rates. what we need is input on how we could make the site simpler. or just clearer...
The idea: If you post your ideal dream vacation online, Other
Title: Re: [Full-disclosure] "responsible disclosure" explanation
I must first state that the
following post in no way reflects on the views of my company and are In no way
that of my employers.They are all my own.
However i do take issue with a few of the
statements you have posted belo
"responsible disclosure" causes serious harm to people. It is no
different than being an accessory to the intentional destruction of
innocent lives.
Anyone who believes that "responsible disclosure" is a good thing needs
to volunteer their time to teach law enforcement, judges, prosecutors,
a
Good job, Internal Revenue, New Zealand!
Keep all that awareness and truth out -- it might hurt you.
Original Message
Subject:GWAVA Sender Notification (Content filter)
Date: Tue, 9 Aug 2005 15:52:06 +1200
From: <[EMAIL PROTECTED]>
To: undisclosed-recipients: ;
>There IS NO *perfect* security.
>If you have a customer that is asking for "perfect security", tell them it
can't be done.
I beg to differ. If you have a customer that's asking for Perfect Security
then read the OSSTMM. (Better yet, send them to my company.) ;-)
If you don't believe me then c
[Full-Disclosure] Mailing List Charter
John Cartwright <[EMAIL PROTECTED]>
- Introduction & Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with secur
Buffer Overflow in MySQL User Defined Functions
Risk level: LOW
Credits: This vulnerability was discovered and researched by Reid
Borsuk of Application Security Inc.
How can this even be marked as low risk? If you're loading a library into
mysql's address space then you're already executing "ar
At 21:15 08/08/2005, Paul Melson wrote:
vxUtil from Cambridge (http://www.cam.com/vxutil_pers.html) includes a
decent TCP connect() scanner, among other useful utilities.
TigerSuite (commercial) also exists, but works over HTML and seems to be
very poor :-(
I installed the Retina WiFi Scanner
can results
> File: DUMPED.php
> Date: 08/08/2005 20:39:56 (CET)
>
> AntiVir 6.31.1.0/20050808 found [BDS/SdBot.Gen.Plus]
> Avast 4.6.695.0/20050808 found nothing
> AVG 718/20050807found nothing
> Avira 6.31.1.0/20050808 found [BDS/SdBot.Gen.Pl
The closest approximation of "100% network security" comes
in the form of a pair of wire-cutters...
- ferg
p.s. Network security is an architecture, and most importantly,
it is a frame of mind...
-- "Charles Heselton" <[EMAIL PROTECTED]> wrote:
Although Daniel's comments may be tongue-in-chee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Although Daniel's comments may be tongue-in-cheek, there is some
truth. Here are a few ideas that have become more or less mantras
for me, personally
There IS NO *perfect* security.
Defense in depth.
The larger your network is, the less effec
> http://www.pokersverige.se/IMAGE0004.php
.exe file of some kind using only the headers will
have to download it and test in some vmware machine to
debug it - anyone volunteer for that task ?
begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )[EMAIL PROTECTED]@,"&@4`,( &"2J&2(;W#0$'
M`0``H(
> No that wouldn't happen. You'd need to spell it correctly. ;-}
And this has been used by some malious site some time in the recent past
Something along the lines of [somedomain].com.net and when .com went offline
Everyone was directed to .com.net and got infected with spyware so it
better to
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of C0BR4
> Sent: Monday, August 08, 2005 11:05 AM
> To: [EMAIL PROTECTED]
> Subject: [Full-disclosure] perfect security architecture (network)
> How should we deal with these attacks? People talk about
>
Title: Recall: Arcor Customer P/W SAP App
Once an arrow is
fired it cannot be called back just like a words that come out of the mouth
cannot be called back
- Some
wise man
Sorry
chap but not everyone uses exchange out there from where you can recall this
email but you did manage
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Improper Filtering of Directory Traversal Characters in MySQL User
Defined Functions
AppSecInc Team SHATTER Security Advisory MYSQL05-V0001
http://www.appsecinc.com/resources/alerts/mysql/2005-001.html
August 08, 2005
Risk level: LOW
Credits: This
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple Issues with MySQL User Defined Functions
AppSecInc Team SHATTER Security Advisory MYSQL05-V0003
http://www.appsecinc.com/resources/alerts/mysql/2005-003.html
August 08, 2005
Risk level: LOW
Credits: This vulnerability was discovered and re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Buffer Overflow in MySQL User Defined Functions
AppSecInc Team SHATTER Security Advisory MYSQL05-V0002
http://www.appsecinc.com/resources/alerts/mysql/2005-002.html
August 08, 2005
Risk level: LOW
Credits: This vulnerability was discovered and rese
===
Ubuntu Security Notice USN-162-1August 08, 2005
ekg vulnerabilities
CAN-2005-1850, CAN-2005-1851, CAN-2005-1852, CAN-2005-1916,
CAN-2005-2369, CAN-2005-2370, CAN-2005-2448
===
On Mon, 8 Aug 2005, Ahmad N wrote:
> I was trying to gain a reverse shell to a website the other day using a
> buffer overflow exploit, unfortunaetly it seems like they have some kind
> of buffer overflow exploit protection coming from and IDS or IPS so is
> there a way to find out what exactly i
Georgi Guninski wrote:
On Mon, Aug 08, 2005 at 12:58:06PM +0200, Florian Weimer wrote:
Georgi Guninski wrote:
the term "responsible disclosure" is a corporate instrument for
trying to shut people up.
No, it's an attempt to create a market for vulnerabilities and
exploits, trying to mimic the u
On Mon, 2005-08-08 at 13:40 +0400, Ahmad N wrote:
> I was trying to gain a reverse shell to a website the other day using
> a buffer overflow exploit, unfortunaetly it seems like they have some
> kind of
> buffer overflow exploit protection coming from and IDS or IPS
Or they just have the web se
MS Windows XP supports High Order ASCII from the keyboard with an ALT
+ Numpad key combination (from 0128 - 0255) and in other MS Apps
(Word, etc) you can also use the same to produce UNICODE characters
(supported characters between 0-65535 for the character set under
consideration).
Programa
Hi,
> It is an MS-EXE executable program. Anti virus doesn't find
> it because it is not an virus. Spybot for the same reason.
> To block these you need an smtp policy that does not allow
> executable attachments to incoming emails.
As a matter of fact this is a new sdbot variant.
It does
On 8/8/05, Armando Rogerio Brandão Guimaraes Junior
<[EMAIL PROTECTED]> wrote:
> Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
> AntiVirus and SpyBot doesn´t detect!!!
>
> Armando Guimarães Jr
Installs a bot. Looks up lists2.dc21business.com, connects to an IRC
server
vxUtil from Cambridge (http://www.cam.com/vxutil_pers.html) includes a
decent TCP connect() scanner, among other useful utilities.
PaulM
-Original Message-
Subject: [Full-disclosure] Port scanner for Windows CE
Does anyone happen to know of a decent port scanner for Windows CE? I'm on
a
08/08/2005 20:39:56 (CET)
>
> AntiVir 6.31.1.0/20050808 found [BDS/SdBot.Gen.Plus]
> Avast 4.6.695.0/20050808 found nothing
> AVG 718/20050807found nothing
> Avira 6.31.1.0/20050808 found [BDS/SdBot.Gen.Plus]
> BitDefender 7.0/20050808
ormation?
Scan results
File: DUMPED.php
Date: 08/08/2005 20:39:56 (CET)
AntiVir 6.31.1.0/20050808 found [BDS/SdBot.Gen.Plus]
Avast 4.6.695.0/20050808 found nothing
AVG 718/20050807found nothing
Avira 6.31.1.0/20050808 found [BDS/SdBot.Gen.Plus]
BitDefender
Quoting Armando Rogerio Brandão Guimaraes Junior <[EMAIL PROTECTED]>:
Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
AntiVirus and SpyBot doesn´t detect!!!
Armando Guimarães Jr
It is an MS-EXE executable program. Anti virus doesn't find it because
it is not an viru
Does anyone happen to know of a decent port scanner for Windows CE? I'm on a
job where the only way we can see the infrastructure we're testing is from a
Windows CE device.
In fact, whilst I'm here are there any other tools that might be useful.
We're hitting a proxy, so maybe some kind of in
Somebody know what fuck is this? http://www.pokersverige.se/IMAGE0004.php
AntiVirus and SpyBot doesn´t detect!!!
Armando Guimarães Jr
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and spons
Good Lord C0br4,
Did your new client give you a shopping list or what?
Use the force C0br4! The force (of the right forum) will protect you!
--
Dan Renner
Los Angeles Computerhelp
http://losangelescomputerhelp.com
On Mon, 2005-08-08 at 12:00 +0100,
[EMAIL PROTECTED] wrote:
> Date: Mon, 8 Aug
Le vendredi 05 août 2005 à 22:50 +0200, Michal Zalewski a écrit :
> What I proposed (and I'm sure I'm not innovative here) went along the
> lines of hooking up and intercepting the mouse click button, and then,
> at the exact moment of mouse click, capturing the position of the
> mouse pointer, an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 06 Aug 2005 13:40:40 -0700 root
<[EMAIL PROTECTED]> wrote:
>Aditya Deshmukh wrote:
>
>>The only most secure protection is a one time password with a
>challenge /
>>response scheme. Most of the banks in europe already do this.
>>
>>They give o
i am newbie to ECC, kindly let me know if ECC keys are supported by IE/FireFox or not.
regards,
raj.
Start your day with Yahoo! - make it your home page ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Monday, August 08, 2005 11:02 PM
Subject: [Full-disclosure] Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:
Re:[Full-dicklosure] Weird URL
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Oh, oh, me, me,
>
> If you type an addres
I was trying to gain a reverse shell to a website the other day using
a buffer overflow exploit, unfortunaetly it seems like they have some
For legitimate (as it legal) security research, no doubt? :)
is there a way to find out what exactly is running, an IDS or IPS,
and accordingly is there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oh, oh, me, me,
If you type an address in IE like, "www.yourdumb." IE will
magically append .com, .net, .gov, .etc... I just know this
redirection could be used by dumb people for something?
>bipin Gautam wrote: <[EMAIL PROTECTED]>
>similar is
Quoting Stephen McColl <[EMAIL PROTECTED]>:
Stephen McColl would like to recall the message, "Arcor Customer P/W
SAP App".
Hmm, yes. I can see why. Oh well, nothing to be done now except dust
off the old CV.
tc
This mess
On Mon, Aug 08, 2005 at 12:58:06PM +0200, Florian Weimer wrote:
> * Georgi Guninski:
>
> > the term "responsible disclosure" is a corporate instrument for
> > trying to shut people up.
>
> No, it's an attempt to create a market for vulnerabilities and
> exploits, trying to mimic the underground's
* Georgi Guninski:
> the term "responsible disclosure" is a corporate instrument for
> trying to shut people up.
No, it's an attempt to create a market for vulnerabilities and
exploits, trying to mimic the underground's success.
(But I'm often told that the underground is much better at informat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hardened PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: Remote code execution in SysCP
Release Date: 2005/08/09
Last Modified: 2005/08/08
Autho
Hey guys,
Have couple of questions need answers plz...
There are three attacks that jeopardize Information security.
--
- secure Network -
--
- secure Host -
--
hello everyone,
I was trying to gain a reverse shell to a website the other day using
a buffer overflow exploit, unfortunaetly it seems like they have some kind of
buffer overflow exploit protection coming from and IDS or IPS so is there a way
to find out what exactly is running, an IDS or IPS,
On Mon, 8 Aug 2005 10:55:48 +0200
"Stephen McColl" <[EMAIL PROTECTED]> wrote:
> Stephen McColl would like to recall the message, "Arcor Customer P/W
> SAP App".
...which tells us that he is using MS Exchange, which server
(mail.ep-europost.de [212.59.33.50] btw.) - and that he has not
understood S
Title: Recall: Arcor Customer P/W SAP App
Stephen McColl would like to recall the message, "Arcor Customer P/W SAP App".
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored b
Looks like Arcor are having difficulties in updating the
Password System:
https://www.webbill.arcor.de/wsnavigator/enterwsdl.html
This seems to be the admin gui for administering
the SAP Application Arcor are using for customers.
Was able to add new accounts, but can’
get full privile
Hello, Everyone:
Sorry for my poor English.
The icc_ex.c for MS05_036 from
http://www.frsirt.com/exploits/20050721.icc_ex.c.php is compiled
successfully,but the snooq.jpg cannot work.IE olly shows an empty
pictrue, NO exception(of cource NO notepad)! Test under win2000 sp4
(English) + IE5.0, icm32
50 matches
Mail list logo