RE: [Full-disclosure] password vaults-

Sorry for the very noob question, but I'm having very hard times finding such products. What are you going to use that product for. Give us a idea of the end users and how they are going to use this Your details right now are bit on the less side. For what I make out of your post are your

[Full-disclosure] [SECURITY] [DSA 864-1] New Ruby 1.8 packages fix safety bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 864-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 13th, 2005

Re: [Full-disclosure] Microsoft EFS

Look this (small guide to crack, not overwrite, cached domain password) http://antionline.com/printthread.php?threadid=266698pagenumber=1 El Miércoles, 12 de Octubre de 2005 13:19, Fco. Jose Garrido Matamoros escribió: Sorry for my english! I don't understand nounce password. You can try to

[Full-disclosure] Microsoft Outlook Web Access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello there, I've been messing around with Microsoft Outlook Web Access (SP1) trying to test and see what I can do. I found several vulnerabilities on google/securityfocus related to this particular version but non of them seem to work. I went to

[Full-disclosure] [SECURITY] [DSA 865-1] New hylafax packages fix insecure temporary files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 865-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 13th, 2005

Re: [Full-disclosure] WRT54G directory trasversial vulnerability

Dear Shell, S I just found a vulnerability in Linksys WRT54G routers. Could not reproduce, asks for BASIC authentification. -- Thierry Zoller mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] WRT54G directory trasversial vulnerability

Dear Shell, S http://192.168.1.1/apply.cgi?action=../ S It loads the page after action S http://192.168.1.1/apply.cgi?action=../ returns the setup page S http://192.168.1.1/apply.cgi?action=../blah returns that the file does not exist Could be reproduced while being autheticated. -- Mit

[Full-disclosure] On the linux kernel and stack randomization

When did the mainline linux kernel implement these changes? I cannot find ANY discussion on these changes on the LKML? If someone can point me in the right direction for a discussion on this it would be helpful thanks. in =2.6.12 # sysctl kernel.randomize_va_space # cat /proc/self/maps

[Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service

Kerio Technologies Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local denial of service by Piotr Bania [EMAIL PROTECTED] http://pb.specialised.info Original location:

RE: [Full-disclosure] NEW USA FFIES Guidance

Did you read the full notice? This link was at the bottom: http://www.ffiec.gov/pdf/authentication_guidance.pdf in which the FFIEC defines several ways to authenticate end users, but as Lyal Collins pointed out it is all based on your company own risk assessment. For those that fall under US

RE: [Full-disclosure] password vaults-

Are you talking about something like a password reset for the brilliant end user, because somehow their password mysteriously doesn't work anymore? There are several vendors (Google something like automated helpdesk password reset) that offer this type of technology, but they will not show the

Re: [Full-disclosure] password vaults-

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Someone else suggests that this may just be a troll...but I'll answer it anyway: Google is your friend, David. Try googling for password storage and weed through the 186,000 hits until you find the product you need. Cheers On Wed, 12 Oct 2005

[Full-disclosure] [USN-203-1] Abiword vulnerabilities

=== Ubuntu Security Notice USN-203-1 October 13, 2005 abiword vulnerabilities CAN-2005-2972 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty

RE: [Full-disclosure] Microsoft Outlook Web Access

Hi Petko, BIF:9409 has a solution: http://www.securityfocus.com/bid/9409/solution Anyway, I recommend you to use MBSA (Microsoft Baseline Security Analyzer) once a week, to check issues; or Retina as well. Also, there's a tool called Microsoft Exchange Best Practices Analyzer tool that may help

[Full-disclosure] iDEFENSE Security Advisory 10.13.05: Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability

Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability iDEFENSE Security Advisory 10.13.05 www.idefense.com/application/poi/display?id=321type=vulnerabilities October 13, 2005 I. BACKGROUND XMail is an Internet and intranet mail server. XMail sources compile under GNU/Linux,

[Full-disclosure] iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability

Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability iDEFENSE Security Advisory 10.13.05 www.idefense.com/application/poi/display?id=322type=vulnerabilities October 13, 2005 I. BACKGROUND GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the

[Full-disclosure] Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow

== Secunia Research 13/10/2005 - AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow - == Table of Contents Affected

[Full-disclosure] Redmond Report: Yahoo for IM

1) Redmond Report Weekly By Doug Barney Editor in Chief, Redmond magazine YAHOO FOR IM I love and hate IM. I love quick little tactical conversations and decisions that can be made

[Full-disclosure] MDKSA-2005:183 - Updated wget packages fix NTLM authentication vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Update Advisory ___ Package name: wget Advisory ID: